My internal mail server is Kolab. Right now I work on getting all the communication encrypted with TLS. I'll describe what I did. I hope to get an encrypted kolab setup that can be a tenplate for new installations and is easy to use like https://bettercrypto.org.
Kolab uses the 389-directory server. Here
you'll find the documentation to enable TLS. My installation is on a single node, and I use the name
I'm using a local CA, the certificate is stored in