Postfix/Dovecot/ADS Simple: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 1: Zeile 1:
=Ziel=
+
=Ziel=  
 
* Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern aus Active Directory und Speicherung der Mails unter /var/spool/mail.
 
* Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern aus Active Directory und Speicherung der Mails unter /var/spool/mail.
  
Zeile 14: Zeile 14:
 
* Installation des Pakets postfix-ldap:
 
* Installation des Pakets postfix-ldap:
 
   * apt-get install postfix postfix-ldap
 
   * apt-get install postfix postfix-ldap
 
 
* Anpassen der folgenden Dateien unter /etc/postfix:
 
* Anpassen der folgenden Dateien unter /etc/postfix:
  
=main.cf=
 
 
<pre>
 
<pre>
 +
main.cf
 
inet_protocols = ipv4
 
inet_protocols = ipv4
 
virtual_mailbox_base = /var/spool/mail
 
virtual_mailbox_base = /var/spool/mail
Zeile 34: Zeile 33:
 
</pre>
 
</pre>
  
=master.cf=
+
<pre>
    dovecot unix - n n - - pipe
+
master.cf
      flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
+
dovecot unix - n n - - pipe
    smtps inet n - n - - smtpd
+
  flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
      -o smtpd_tls_wrappermode=yes
+
smtps inet n - n - - smtpd
      -o smtpd_sasl_auth_enable=yes
+
  -o smtpd_tls_wrappermode=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+
  -o smtpd_sasl_auth_enable=yes
 +
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 +
</pre>
  
=ad_local_recipients.cf=
 
 
<pre>
 
<pre>
 +
ad_local_recipients.cf
 
version = 3
 
version = 3
 
server_host = lab34.linuggs.de:389
 
server_host = lab34.linuggs.de:389
Zeile 66: Zeile 67:
 
* Installation des Pakets dovecot-lmtpd:
 
* Installation des Pakets dovecot-lmtpd:
 
   * apt-get install dovecot-core dovecot-imapd dovecot-ldap dovecot-lmtpd
 
   * apt-get install dovecot-core dovecot-imapd dovecot-ldap dovecot-lmtpd
 
 
* Anpassen der folgenden Dateien unter /etc/dovecot:
 
* Anpassen der folgenden Dateien unter /etc/dovecot:
  
=dovecot-ldap.conf.ext=
+
<pre>
    hosts = lab34.linuggs.de:389
+
dovecot-ldap.conf.ext
    ldap_version = 3
+
hosts = lab34.linuggs.de:389
    auth_bind = yes
+
ldap_version = 3
    dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
+
auth_bind = yes
    dnpass = 12345-Xinux
+
dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
    base = cn=Users,dc=lab34,dc=linuggs,dc=de
+
dnpass = 12345-Xinux
    scope = subtree
+
base = cn=Users,dc=lab34,dc=linuggs,dc=de
    user_filter = (sAMAccountName=%u)
+
scope = subtree
    user_attrs = =uid=mail,gid=mail
+
user_filter = (sAMAccountName=%u)
    pass_filter = (sAMAccountName=%u)
+
user_attrs = =uid=mail,gid=mail
    pass_attrs = sAMAccountName=user
+
pass_filter = (sAMAccountName=%u)
 +
pass_attrs = sAMAccountName=user
 +
</pre>
  
=10-auth.conf=
+
<pre>
    auth_mechanisms = plain login
+
10-auth.conf
    !include auth-ldap.conf.ext
+
auth_mechanisms = plain login
 +
!include auth-ldap.conf.ext
 +
</pre>
  
=10-mail.conf=
+
<pre>
    mail_location = mbox:/var/spool/mail/%u
+
10-mail.conf
    mail_uid = mail
+
mail_location = mbox:/var/spool/mail/%u
    mail_gid = mail
+
mail_uid = mail
 +
mail_gid = mail
 +
</pre>
  
=10-master.conf=
+
<pre>
    service auth {
+
10-master.conf
      unix_listener /var/spool/postfix/private/auth {
+
service auth {
        mode = 0660
+
  unix_listener /var/spool/postfix/private/auth {
        user = postfix
+
    mode = 0660
        group = postfix
+
    user = postfix
      }
+
    group = postfix
    }
+
  }
 +
}
 +
</pre>
  
=15-lda.conf=
+
<pre>
    protocol lda {
+
15-lda.conf
      postmaster_address = postmaster@lab34.linuggs.de
+
protocol lda {
    }
+
  postmaster_address = postmaster@lab34.linuggs.de
 +
}
 +
</pre>
  
 
=Neustart des Dovecot-Dienstes=
 
=Neustart des Dovecot-Dienstes=
 
* service dovecot restart
 
* service dovecot restart

Version vom 6. Oktober 2024, 06:05 Uhr

Ziel

  • Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern aus Active Directory und Speicherung der Mails unter /var/spool/mail.

Aufgabe

  • Postfix und Dovecot sollen nur Benutzer aus der Domäne `lab34.linuggs.de` authentifizieren und die Mails unter /var/spool/mail ablegen.
  • IMAPS-Zugriff (Port 993) und SMTPS (Port 465).

Vorbereitung

  • Erstellen eines Service-Benutzers in Active Directory:
 * samba-tool user create -W Users mailservice
 * samba-tool user setexpiry mailservice --noexpiry

Postfix-Konfiguration

  • Installation des Pakets postfix-ldap:
 * apt-get install postfix postfix-ldap
  • Anpassen der folgenden Dateien unter /etc/postfix:
main.cf
inet_protocols = ipv4
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_domains = lab34.linuggs.de
virtual_mailbox_maps = ldap:/etc/postfix/ad_local_recipients.cf
local_transport = virtual
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = lab34.linuggs.de
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
#smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
#smtpd_tls_security_level = encrypt
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject

master.cf
dovecot unix - n n - - pipe
  flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
smtps inet n - n - - smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

ad_local_recipients.cf
version = 3
server_host = lab34.linuggs.de:389
search_base = dc=lab34,dc=linuggs,dc=de
scope = sub
query_filter = (sAMAccountName=%s)
result_filter = %s@lab34.linuggs.de
result_attribute = sAMAccountName
bind = yes
bind_dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
bind_pw = 12345-Xinux

Testen der Postfix-Konfiguration

  • postconf >/dev/null
  • postmap -q rudi ldap:/etc/postfix/ad_local_recipients.cf

Neustart des Postfix-Dienstes

  • service postfix restart

Dovecot-Konfiguration

  • Installation des Pakets dovecot-lmtpd:
 * apt-get install dovecot-core dovecot-imapd dovecot-ldap dovecot-lmtpd
  • Anpassen der folgenden Dateien unter /etc/dovecot:
dovecot-ldap.conf.ext
hosts = lab34.linuggs.de:389
ldap_version = 3
auth_bind = yes
dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
dnpass = 12345-Xinux
base = cn=Users,dc=lab34,dc=linuggs,dc=de
scope = subtree
user_filter = (sAMAccountName=%u)
user_attrs = =uid=mail,gid=mail
pass_filter = (sAMAccountName=%u)
pass_attrs = sAMAccountName=user

10-auth.conf
auth_mechanisms = plain login
!include auth-ldap.conf.ext

10-mail.conf
mail_location = mbox:/var/spool/mail/%u
mail_uid = mail
mail_gid = mail

10-master.conf
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

15-lda.conf
protocol lda {
  postmaster_address = postmaster@lab34.linuggs.de
}

Neustart des Dovecot-Dienstes

  • service dovecot restart
Abgerufen von „http://wiki.ixheim.de/index.php?title=Postfix/Dovecot/ADS_Simple&oldid=57043