Aktuelle Version vom 5. Oktober 2024, 17:33 Uhr

Ziel

Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern in Active Directory.

Aufgabe

Postfix und Dovecot sollen so konfiguriert werden, dass sie die Benutzer aus Active Directory authentifizieren.
Mailverzeichnis: /var/mail/<Benutzername>
IMAPS-Zugriff (Port 993) und SMTP mit SSL (Port 465)
Authentifizierung: Vollständige E-Mail-Adresse (z.B. rudi@lab34.linuggs.de) oder Benutzername (z.B. rudi)

Vorbereitung

Erstellen eines Benutzers in Active Directory:

samba-tool user create -W Users mailservice
samba-tool user setexpiry mailservice --noexpiry

Postfix-Konfiguration

Installation des Pakets postfix-ldap
Anpassen der folgenden Dateien unter /etc/postfix:

main.cf

   mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
   inet_protocols = ipv4
   virtual_mailbox_base = /var/mail
   virtual_mailbox_domains = lab34.linuggs.de
   virtual_mailbox_maps = ldap:/etc/postfix/ad_local_recipients.cf
   virtual_alias_maps = ldap:/etc/postfix/ad_mail_groups.cf
   virtual_transport = dovecot
   local_transport = virtual
   local_recipient_maps = $virtual_mailbox_maps
   smtpd_use_tls = yes
   smtpd_tls_security_level = encrypt
   smtpd_sasl_auth_enable = yes
   smtpd_sasl_local_domain = lab34.linuggs.de
   smtpd_sasl_path = private/auth
   smtpd_sasl_type = dovecot
   smtpd_sender_login_maps = ldap:/etc/postfix/ad_sender_login.cf
   smtpd_tls_auth_only = yes
   smtpd_tls_cert_file = /var/lib/ssl/certs/dovecot.cert
   smtpd_tls_key_file = /var/lib/ssl/private/dovecot.key
   smtpd_tls_CAfile = /var/lib/ssl/certs/dovecot.pem
   smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject
   smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
   default_destination_recipient_limit = 1

Hinweis: Die Datei /etc/postfix/mydestination muss leer sein.

master.cf

   dovecot unix - n n - - pipe
     flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
   smtps inet n - n - - smtpd
     -o smtpd_tls_wrappermode=yes
     -o smtpd_sasl_auth_enable=yes
     -o smtpd_client_restrictions=permit_sasl_authenticated,reject

ad_local_recipients.cf

   version = 3
   server_host = lab34.linuggs.de:389
   search_base = dc=lab34,dc=linuggs,dc=de
   scope = sub
   query_filter = (&(|(mail=%s)(otherMailbox=%u@%d))(sAMAccountType=805306368))
   result_filter = %s
   result_attribute = mail
   special_result_attribute = member
   bind = yes
   bind_dn = cn=mailservice,cn=users,dc=lab34,dc=linuggs,dc=de
   bind_pw = 12345-Xinux

ad_mail_groups.cf

   version = 3
   server_host = lab34.linuggs.de:389
   search_base = dc=lab34,dc=linuggs,dc=de
   timeout = 3
   scope = sub
   query_filter = (&(mail=%s)(sAMAccountType=268435456))
   result_filter = %s
   leaf_result_attribute = mail
   special_result_attribute = member
   bind = yes
   bind_dn = cn=mailservice,cn=users,dc=lab34,dc=linuggs,dc=de
   bind_pw = 12345-Xinux

ad_sender_login.cf

   version = 3
   server_host = lab34.linuggs.de:389
   search_base = dc=lab34,dc=linuggs,dc=de
   scope = sub
   query_filter = (&(objectClass=user)(|(sAMAccountName=%s)(mail=%s)))
   result_attribute = mail
   bind = yes
   bind_dn = cn=mailservice,cn=users,dc=lab34,dc=de
   bind_pw = 12345-Xinux

Testen der Postfix-Konfiguration

postconf >/dev/null
postmap -q rudi@lab34.linuggs.de ldap:/etc/postfix/ad_local_recipients.cf
postmap -q rudi@lab34.linuggs.de ldap:/etc/postfix/ad_sender_login.cf

Neustart des Postfix-Dienstes

service postfix restart

Dovecot-Konfiguration

Installation des Pakets dovecot-lmtpd
Anpassen der folgenden Dateien unter /etc/dovecot:

dovecot-ldap.conf.ext

   hosts = lab34.linuggs.de:389
   ldap_version = 3
   auth_bind = yes
   dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
   dnpass = 12345-Xinux
   base = cn=Users,dc=lab34,dc=linuggs,dc=de
   scope = subtree
   deref = never

   user_filter = (&(objectClass=user)(|(mail=%Lu)(sAMAccountName=%Lu)))
   user_attrs = =uid=8,gid=12,mail=user
   pass_filter = (&(objectClass=user)(|(mail=%Lu)(sAMAccountName=%Lu)))
   pass_attrs = mail=user

10-auth.conf

   auth_mechanisms = plain login
   !include auth-ldap.conf.ext

10-master.conf

   service auth {
     unix_listener /var/spool/postfix/private/auth {
       mode = 0660
       user = postfix
       group = postfix
     }
   }

10-mail.conf

   mail_location = mbox:/var/mail/%n
   mail_uid = mail
   mail_gid = mail

15-lda.conf

   protocol lda {
     hostname = lab34.linuggs.de
     postmaster_address = administrator@lab34.linuggs.de
   }

Neustart des Dovecot-Dienstes

service dovecot restart

@@ Zeile 1: / Zeile 1: @@
-ActiveDirectory/PostfixDovecot
+=Ziel=
+* Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern in Active Directory.
-*Ziel:* Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern in Active Directory.
+=Aufgabe=
-Inhaltsverzeichnis
-* Aufgabe
-* Vorbereitung
-* Postfix-Konfiguration
-* Dovecot-Konfiguration
-* Sicherheit
-* Debugging
-Aufgabe
 * Postfix und Dovecot sollen so konfiguriert werden, dass sie die Benutzer aus Active Directory authentifizieren.
 * Mailverzeichnis: /var/mail/<Benutzername>
@@ Zeile 17: / Zeile 8: @@
 * Authentifizierung: Vollständige E-Mail-Adresse (z.B. rudi@lab34.linuggs.de) oder Benutzername (z.B. rudi)
-Vorbereitung
+=Vorbereitung=
-* Erstellen eines Benutzers in Active Directory:
+Erstellen eines Benutzers in Active Directory:
-  * .samba-tool user create -W Users vmail
+* samba-tool user create -W Users mailservice
-  * .samba-tool user setexpiry vmail --noexpiry
+* samba-tool user setexpiry mailservice --noexpiry
-Postfix-Konfiguration
+=Postfix-Konfiguration=
 * Installation des Pakets postfix-ldap
 * Anpassen der folgenden Dateien unter /etc/postfix:
-  main.cf
+=main.cf=
      mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
      inet_protocols = ipv4
@@ Zeile 50: / Zeile 41: @@
      smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
      default_destination_recipient_limit = 1
+:Hinweis: Die Datei /etc/postfix/mydestination muss leer sein.
-    * Hinweis: Die Datei /etc/postfix/mydestination muss leer sein.
+=master.cf=
-  master.cf
      dovecot unix - n n - - pipe
        flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
@@ Zeile 61: / Zeile 51: @@
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-  ad_local_recipients.cf
+=ad_local_recipients.cf=
      version = 3
      server_host = lab34.linuggs.de:389
@@ Zeile 71: / Zeile 61: @@
      special_result_attribute = member
      bind = yes
-     bind_dn = cn=vmail,cn=users,dc=lab34,dc=linuggs,dc=de
+     bind_dn = cn=mailservice,cn=users,dc=lab34,dc=linuggs,dc=de
-     bind_pw = Pa$$word
+     bind_pw = 12345-Xinux
-  ad_mail_groups.cf
+=ad_mail_groups.cf=
      version = 3
      server_host = lab34.linuggs.de:389
@@ Zeile 85: / Zeile 75: @@
      special_result_attribute = member
      bind = yes
-     bind_dn = cn=vmail,cn=users,dc=lab34,dc=linuggs,dc=de
+     bind_dn = cn=mailservice,cn=users,dc=lab34,dc=linuggs,dc=de
-     bind_pw = Pa$$word
+     bind_pw = 12345-Xinux
-  ad_sender_login.cf
+=ad_sender_login.cf=
      version = 3
      server_host = lab34.linuggs.de:389
@@ Zeile 96: / Zeile 86: @@
      result_attribute = mail
      bind = yes
-     bind_dn = cn=vmail,cn=users,dc=lab34,dc=de
+     bind_dn = cn=mailservice,cn=users,dc=lab34,dc=de
-     bind_pw = Pa$$word
+     bind_pw = 12345-Xinux
+=Testen der Postfix-Konfiguration=
+* postconf >/dev/null
+* postmap -q rudi@lab34.linuggs.de ldap:/etc/postfix/ad_local_recipients.cf
+* postmap -q rudi@lab34.linuggs.de ldap:/etc/postfix/ad_sender_login.cf
+=Neustart des Postfix-Dienstes=
+* service postfix restart
+=Dovecot-Konfiguration=
+* Installation des Pakets dovecot-lmtpd
+* Anpassen der folgenden Dateien unter /etc/dovecot:
+=dovecot-ldap.conf.ext=
+    hosts = lab34.linuggs.de:389
+    ldap_version = 3
+    auth_bind = yes
+    dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
+    dnpass = 12345-Xinux
+    base = cn=Users,dc=lab34,dc=linuggs,dc=de
+    scope = subtree
+    deref = never
+    user_filter = (&(objectClass=user)(|(mail=%Lu)(sAMAccountName=%Lu)))
+    user_attrs = =uid=8,gid=12,mail=user
+    pass_filter = (&(objectClass=user)(|(mail=%Lu)(sAMAccountName=%Lu)))
+    pass_attrs = mail=user
+=10-auth.conf=
+    auth_mechanisms = plain login
+    !include auth-ldap.conf.ext
+=10-master.conf=
+    service auth {
+      unix_listener /var/spool/postfix/private/auth {
+        mode = 0660
+        user = postfix
+        group = postfix
+      }
+    }
+=10-mail.conf=
+    mail_location = mbox:/var/mail/%n
+    mail_uid = mail
+    mail_gid = mail
-* Testen der Postfix-Konfiguration:
+=15-lda.conf=
-  * .postconf >/dev/null
+    protocol lda {
-  * .postmap -q rudi@lab34.linuggs.de ldap:/etc/postfix/ad_local_recipients.cf
+      hostname = lab34.linuggs.de
-  * .postmap -q rudi@lab34.linuggs.de ldap:/etc/postfix/ad_sender_login.cf
+      postmaster_address = administrator@lab34.linuggs.de
+    }
-* Neustart des Postfix-Dienstes:
+=Neustart des Dovecot-Dienstes=
-  * .service postfix restart
+* service dovecot restart

Postfix/Dovecot/ADS: Unterschied zwischen den Versionen

Aktuelle Version vom 5. Oktober 2024, 17:33 Uhr

Inhaltsverzeichnis

Ziel

Aufgabe

Vorbereitung

Postfix-Konfiguration

main.cf

master.cf

ad_local_recipients.cf

ad_mail_groups.cf

ad_sender_login.cf

Testen der Postfix-Konfiguration

Neustart des Postfix-Dienstes

Dovecot-Konfiguration

dovecot-ldap.conf.ext

10-auth.conf

10-master.conf

10-mail.conf

15-lda.conf

Neustart des Dovecot-Dienstes

Navigationsmenü

Suche