https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Postfix%2FDovecot_mit_LDAP 2026-06-29T12:50:09Z Versionsgeschichte dieser Seite in Xinux Wiki MediaWiki 1.35.1 https://wiki.ixheim.de/index.php?title=Postfix/Dovecot_mit_LDAP&diff=57021&oldid=prev 2024-10-05T13:35:59Z

<p><span dir="auto"><span class="autocomment">/etc/postfix/main.cf</span></span></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="de"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 5. Oktober 2024, 13:35 Uhr</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l85" >Zeile 85:</td> <td colspan="2" class="diff-lineno">Zeile 85:</td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  ''' # LMTP-Zustellung an Dovecot'''</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  ''' # LMTP-Zustellung an Dovecot'''</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  ''' virtual_transport = lmtp:unix:private/dovecot-lmtp'''</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  ''' virtual_transport = lmtp:unix:private/dovecot-lmtp'''</div></td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==/etc/postfix/master.cf==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==/etc/postfix/master.cf==</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>;Dies hier anfügen</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>;Dies hier anfügen</div></td></tr> </table>

Thomas.will https://wiki.ixheim.de/index.php?title=Postfix/Dovecot_mit_LDAP&diff=57003&oldid=prev 2024-10-05T11:26:54Z

<p><span dir="auto"><span class="autocomment">Wir besorgen uns ein öffentliches Zertifikat</span></span></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="de"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 5. Oktober 2024, 11:26 Uhr</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l29" >Zeile 29:</td> <td colspan="2" class="diff-lineno">Zeile 29:</td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  Internetsite</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  Internetsite</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  Systemname: mail.lab34.linuggs.de</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>  Systemname: mail.lab34.linuggs.de</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">=Wir besorgen uns ein öffentliches Zertifikat=</del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">*wget https://xinux.de/downloads/linuggs.de/lab34.linuggs.de.tgz</del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">*tar -xvzf lab34.linuggs.de.tgz </del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">*mv fullchain.pem star.lab34.linuggs.de.crt</del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">*mv privkey.pem star.lab34.linuggs.de.key</del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">*sudo cp star.lab34.linuggs.de.crt /etc/ssl/certs/</del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">*sudo cp star.lab34.linuggs.de.key /etc/ssl/private/</del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">*sudo chmod 600 /etc/ssl/private/star.lab34.linuggs.de.key</del></div></td><td colspan="2"> </td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=Postfix Konfiguration=</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=Postfix Konfiguration=</div></td></tr> </table>

Thomas.will https://wiki.ixheim.de/index.php?title=Postfix/Dovecot_mit_LDAP&diff=57001&oldid=prev 2024-10-05T11:24:15Z

<p>Die Seite wurde neu angelegt: „ =Erstes Ziel Ldap Anbindung verschlüsselt= *apt install ldap-utils ;lab34-ca.cer auf den Mailserver kopieren ;Zertifikat einbauen unter Linux *cp lab34-ca.ce…“</p> <p><b>Neue Seite</b></p><div><br /> =Erstes Ziel Ldap Anbindung verschlüsselt=<br /> *apt install ldap-utils<br /> ;lab34-ca.cer auf den Mailserver kopieren<br /> ;Zertifikat einbauen unter Linux<br /> *cp lab34-ca.cer /usr/local/share/ca-certificates/lab34-ca.crt<br /> *sudo update-ca-certificates<br /> ;Test ob das Zertifikat, mit eingebauten root-ca zieht<br /> *openssl s_client -port 636 -host win2022.lab34.linuggs.de<br /> ;/etc/ldap/ldap.conf anpassen<br /> BASE dc=lab34,dc=linuggs,dc=de<br /> URI ldaps://win2022.lab34.linuggs.de<br /> LDAPDEBUG 1<br /> TLS_CACERT /etc/ssl/certs/ca-certificates.crt<br /> =Wir legen auf dem DC einen MailService Nutzer an=<br /> [[Datei:Mail-lab-1.png]]<br /> =Test=<br /> *ldapsearch -LLL -x -H ldaps://win2022.lab34.linuggs.de -D &quot;cn=mailservice,cn=users,dc=lab34,dc=linuggs,dc=de&quot; -w '12345-Xinux' -b DC=lab34,DC=linuggs,DC=de<br /> [[Datei:Mailuser-ad-1.png]]<br /> <br /> [[Datei:Mailuser-ad-2.png]]<br /> <br /> =Gruppe Mailuser in der AD anlegen=<br /> *User die Mails erhalten sollen hinzufügen<br /> <br /> =Installation des Mailserverkomponenten=<br /> *apt install postfix dovecot-core dovecot-imapd libsasl2-modules postfix-ldap dovecot-ldap dovecot-lmtpd<br /> ;Wir wählen<br /> Internetsite<br /> Systemname: mail.lab34.linuggs.de<br /> <br /> =Wir besorgen uns ein öffentliches Zertifikat=<br /> *wget https://xinux.de/downloads/linuggs.de/lab34.linuggs.de.tgz<br /> *tar -xvzf lab34.linuggs.de.tgz <br /> *mv fullchain.pem star.lab34.linuggs.de.crt<br /> *mv privkey.pem star.lab34.linuggs.de.key<br /> *sudo cp star.lab34.linuggs.de.crt /etc/ssl/certs/<br /> *sudo cp star.lab34.linuggs.de.key /etc/ssl/private/<br /> *sudo chmod 600 /etc/ssl/private/star.lab34.linuggs.de.key<br /> <br /> =Postfix Konfiguration=<br /> ==ldapuser ziehen wir von der ADS==<br /> *vi /etc/postfix/ldap-users.cf<br /> &lt;pre&gt;<br /> hosts = win2022.lab34.linuggs.de<br /> dn = cn=mailservice,cn=users,dc=lab34,dc=linuggs,dc=de<br /> dnpass = 12345-Xinux<br /> base = dc=lab34,dc=linuggs,dc=de<br /> user_filter = (&amp;(objectClass=user)(sAMAccountName=%u)(memberOf=CN=mailuser,CN=Users,DC=lab34,DC=linuggs,DC=de))<br /> pass_filter = (&amp;(objectClass=user)(sAMAccountName=%u)(memberOf=CN=mailuser,CN=Users,DC=lab34,DC=linuggs,DC=de))<br /> default_pass_scheme = SSHA<br /> tls = yes<br /> tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt<br /> &lt;/pre&gt;<br /> <br /> ==/etc/postfix/main.cf==<br /> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)<br /> biff = no<br /> append_dot_mydomain = no<br /> readme_directory = no<br /> compatibility_level = 3.6<br /> '''smtpd_tls_cert_file=/etc/ssl/certs/star.lab34.linuggs.de.crt'''<br /> '''smtpd_tls_key_file=/etc/ssl/private/star.lab34.linuggs.de.key'''<br /> '''smtpd_tls_security_level=may'''<br /> '''smtp_tls_security_level=may'''<br /> '''smtpd_tls_loglevel = 1'''<br /> '''smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'''<br /> '''smtp_tls_CApath=/etc/ssl/certs'''<br /> '''smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache'''<br /> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination<br /> myhostname = mail.lab34.linuggs.de<br /> alias_maps = hash:/etc/aliases<br /> alias_database = hash:/etc/aliases<br /> myorigin = /etc/mailname<br /> mydestination = $myhostname, mail.lab34.linuggs.de, mail, localhost.localdomain, localhost<br /> relayhost =<br /> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128<br /> mailbox_size_limit = 0<br /> recipient_delimiter = +<br /> inet_interfaces = all<br /> inet_protocols = all<br /> ''' # LDAP-basierte Benutzerüberprüfung'''<br /> ''' virtual_mailbox_domains = lab34.linuggs.de'''<br /> ''' virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf'''<br /> <br /> ''' # Dovecot-Authentifizierung'''<br /> ''' smtpd_sasl_type = dovecot'''<br /> ''' smtpd_sasl_path = private/auth'''<br /> ''' smtpd_sasl_auth_enable = yes'''<br /> ''' smtpd_sasl_security_options = noanonymous'''<br /> ''' smtpd_sasl_local_domain = $myhostname'''<br /> ''' broken_sasl_auth_clients = yes'''<br /> <br /> ''' # LMTP-Zustellung an Dovecot'''<br /> ''' virtual_transport = lmtp:unix:private/dovecot-lmtp'''<br /> ==/etc/postfix/master.cf==<br /> ;Dies hier anfügen<br /> smtps inet n - y - - smtpd<br /> -o smtpd_tls_wrappermode=yes<br /> -o smtpd_sasl_auth_enable=yes<br /> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject<br /> -o smtpd_tls_security_level=encrypt<br /> -o smtpd_tls_cert_file=/etc/ssl/certs/star.lab34.linuggs.de.crt<br /> -o smtpd_tls_key_file=/etc/ssl/private/star.lab34.linuggs.de.key<br /> -o smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt<br /> <br /> ==Check Check==<br /> postfix check<br /> <br /> ==Postfix restart und Tests==<br /> *systemctl restart postix<br /> ;Geht TLS?<br /> *openssl s_client -connect mail.lab34.linuggs.de:465<br /> ;Sind die User da?<br /> *postmap -q &quot;thomas&quot; ldap:/etc/postfix/ldap-users.cf<br /> thomas@lab34.linuggs.de<br /> *postmap -q &quot;rudi&quot; ldap:/etc/postfix/ldap-users.cf<br /> rudi@lab34.linuggs.de<br /> <br /> =Konfiguration von Dovecot für IMAPS mit LDAP-Anbindung=<br /> ==Dovecot SSL-Konfiguration==<br /> *Öffne die Datei 10-ssl.conf:<br /> *vi /etc/dovecot/conf.d/10-ssl.conf<br /> *Füge die Zertifikate ein:<br /> ssl = yes<br /> ssl_cert = &lt;/etc/ssl/certs/star.lab34.linuggs.de.crt<br /> ssl_key = &lt;/etc/ssl/private/star.lab34.linuggs.de.key<br /> ssl_min_protocol = TLSv1.2<br /> ssl_cipher_list = HIGH:!aNULL:!MD5<br /> <br /> ==Dovecot Mail-Protokolle konfigurieren==<br /> *Öffne die Datei 10-master.conf:<br /> *vi /etc/dovecot/conf.d/10-master.conf<br /> *Suche den Abschnitt service imap-login und passe ihn an:<br /> service imap-login {<br /> inet_listener imap {<br /> port = 143<br /> }<br /> inet_listener imaps {<br /> port = 993<br /> ssl = yes<br /> }<br /> }<br /> <br /> ==Konfiguration des Mailstandortes==<br /> *Öffne die Datei 10-mail.conf:<br /> *vi /etc/dovecot/conf.d/10-mail.conf<br /> *Füge den folgenden Mailstandort ein:<br /> mail_location = maildir:/var/mail/vhosts/%d/%n<br /> mail_home = /var/mail/vhosts/%d/%n<br /> mail_privileged_group = mail<br /> <br /> ==LDAP-Verknüpfung in Dovecot einrichten==<br /> *Öffne die Datei dovecot-ldap.conf.ext:<br /> *vi /etc/dovecot/dovecot-ldap.conf.ext<br /> *Füge die LDAP-Konfiguration hinzu:<br /> hosts = ldaps://win2022.lab34.linuggs.de<br /> dn = cn=mailservice,cn=users,dc=lab34,dc=linuggs,dc=de<br /> dnpass = 12345-Xinux<br /> base = dc=lab34,dc=linuggs,dc=de<br /> user_filter = (&amp;(objectClass=user)(sAMAccountName=%u)(memberOf=CN=mailuser,CN=Users,DC=lab34,DC=linuggs,DC=de))<br /> pass_filter = (&amp;(objectClass=user)(sAMAccountName=%u)(memberOf=CN=mailuser,CN=Users,DC=lab34,DC=linuggs,DC=de))<br /> default_pass_scheme = SSHA<br /> <br /> ==Dovecot für die Verwendung von LDAP konfigurieren==<br /> *Öffne die Datei 10-auth.conf:<br /> *vi /etc/dovecot/conf.d/10-auth.conf<br /> *Aktiviere LDAP-Authentifizierung:<br /> '''!include auth-ldap.conf.ext'''<br /> <br /> ==Benutzer- und Passwortdatenbank auf LDAP setzen==<br /> *Öffne die Datei auth-ldap.conf.ext:<br /> *vi /etc/dovecot/conf.d/auth-ldap.conf.ext<br /> *Konfiguriere die LDAP-Backend-Nutzung:<br /> passdb {<br /> driver = ldap<br /> args = /etc/dovecot/dovecot-ldap.conf.ext<br /> }<br /> <br /> userdb {<br /> driver = ldap<br /> args = /etc/dovecot/dovecot-ldap.conf.ext<br /> }<br /> <br /> ==Dovecot neu starten==<br /> *Starte Dovecot neu, um die Änderungen zu übernehmen:<br /> sudo systemctl restart dovecot<br /> <br /> ==Testen==<br /> *Überprüfe, ob die Benutzer nun über IMAPS authentifiziert werden können:<br /> openssl s_client -connect mail.lab34.linuggs.de:993 -crlf</div>

Thomas.will