Apparently some packages are signed with the wrong/new key.
rpm -qp /var/cache/yum/x86_64/7/Kolab_16/packages/roundcubemail-plugin-kolab_files-assets-3.3.6-2.3.el7.kolab_16.noarch.rpm
Warnung: /var/cache/yum/x86_64/7/Kolab_16/packages/roundcubemail-plugin-kolab_files-assets-3.3.6-2.3.el7.kolab_16.noarch.rpm: Header V3 RSA/SHA1 Signature, Schlüssel-ID 0038d0db: NOKEY
rpm -K --verbose /var/cache/yum/x86_64/7/Kolab_16/packages/libkolabxml-1.2-6.4.el7.kolab_16.x86_64.rpm
/var/cache/yum/x86_64/7/Kolab_16/packages/libkolabxml-1.2-6.4.el7.kolab_16.x86_64.rpm:
Header V3 RSA/SHA1 Signature, Schlüssel-ID 0038d0db: NOKEY SHA1-Kurzfassung des Headers: OK (f14a5f1689cb333a3c5c416ab38a879dfc92c919) V3 RSA/SHA1 Signature, Schlüssel-ID 0038d0db: NOKEY MD5-Kurzfassung: OK (40553cc4a20d1e18132dc69ca7baeff9)
The older packages are signed with a different key.
kolab-16.0.1-12.1.el7.kolab_16.x86_64.rpm:
Header V3 RSA/SHA1 Signature, Schlüssel-ID 446d5a45: OK SHA1-Kurzfassung des Headers: OK (944a40103a859924923077b5115d46c709b49480) V3 RSA/SHA1 Signature, Schlüssel-ID 446d5a45: OK MD5-Kurzfassung: OK (2750ec596d65edb31583162b62d29fdc)