Postfix/Dovecot/ADS Simple: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (23 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| − | =Ziel= | + | =Ziel= |
* Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern aus Active Directory und Speicherung der Mails unter /var/spool/mail. | * Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern aus Active Directory und Speicherung der Mails unter /var/spool/mail. | ||
| Zeile 7: | Zeile 7: | ||
=Vorbereitung= | =Vorbereitung= | ||
| − | + | ==Erstellen eines Service-Benutzers in Active Directory== | |
| − | + | *Usermanager auf dem Domaincontroller | |
| − | |||
=Postfix-Konfiguration= | =Postfix-Konfiguration= | ||
| − | + | ==Installation des Pakets postfix-ldap== | |
| − | + | *apt-get install postfix postfix-ldap | |
| − | + | ==Anpassen der folgenden Datei: /etc/postfix/main.cf== | |
| − | |||
| − | |||
| − | |||
<pre> | <pre> | ||
| − | + | maillog_file = /var/log/mail.log | |
virtual_mailbox_base = /var/spool/mail | virtual_mailbox_base = /var/spool/mail | ||
virtual_mailbox_domains = lab34.linuggs.de | virtual_mailbox_domains = lab34.linuggs.de | ||
| Zeile 32: | Zeile 28: | ||
#smtpd_tls_security_level = encrypt | #smtpd_tls_security_level = encrypt | ||
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject | smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject | ||
| + | virtual_minimum_uid = 8 | ||
| + | virtual_uid_maps = static:8 | ||
| + | virtual_gid_maps = static:8 | ||
</pre> | </pre> | ||
| − | =master.cf= | + | ==Anpassen der folgenden Datei: /etc/postfix/master.cf== |
| − | + | <pre> | |
| − | + | master.cf | |
| − | + | dovecot unix - n n - - pipe | |
| − | + | flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d ${recipient} | |
| − | + | #smtps inet n - n - - smtpd | |
| − | + | # -o smtpd_tls_wrappermode=yes | |
| + | # -o smtpd_sasl_auth_enable=yes | ||
| + | # -o smtpd_client_restrictions=permit_sasl_authenticated,reject | ||
| + | </pre> | ||
| − | =ad_local_recipients.cf= | + | ==Erstellen der folgenden Datei: /etc/postfix/ad_local_recipients.cf== |
| − | + | <pre> | |
| − | + | version = 3 | |
| − | + | server_host = lab34.linuggs.de:389 | |
| − | + | search_base = dc=lab34,dc=linuggs,dc=de | |
| − | + | scope = sub | |
| − | + | query_filter = (userPrincipalName=%s) | |
| − | + | result_attribute = userPrincipalName | |
| − | + | bind = yes | |
| − | + | bind_dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de | |
| − | + | bind_pw = 12345-Xinux | |
| + | </pre> | ||
=Testen der Postfix-Konfiguration= | =Testen der Postfix-Konfiguration= | ||
| − | * postconf >/dev/null | + | *postconf >/dev/null |
| − | * postmap -q rudi ldap:/etc/postfix/ad_local_recipients.cf | + | *postmap -q rudi@lab34.linuggs.de ldap:/etc/postfix/ad_local_recipients.cf |
| + | rudi@lab34.linuggs.de | ||
=Neustart des Postfix-Dienstes= | =Neustart des Postfix-Dienstes= | ||
* service postfix restart | * service postfix restart | ||
| + | =Kleiner Anpassungen= | ||
| + | *mkdir /var/spool/mail/user | ||
| + | *chmod g+w /var/spool/mail/user | ||
=Dovecot-Konfiguration= | =Dovecot-Konfiguration= | ||
| − | + | ==Installation des Pakets dovecot-lmtpd== | |
| − | + | *apt-get install dovecot-core dovecot-imapd dovecot-ldap dovecot-lmtpd | |
| + | ==Anpassen der folgenden Datei unter /etc/dovecot/dovecot-ldap.conf.ext== | ||
| + | <pre> | ||
| + | hosts = lab34.linuggs.de:389 | ||
| + | ldap_version = 3 | ||
| + | auth_bind = yes | ||
| + | dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de | ||
| + | dnpass = 12345-Xinux | ||
| + | base = cn=Users,dc=lab34,dc=linuggs,dc=de | ||
| + | scope = subtree | ||
| + | user_filter = (sAMAccountName=%u) | ||
| + | user_attrs = uid=mail,gid=mail | ||
| + | pass_filter = (sAMAccountName=%u) | ||
| + | pass_attrs = sAMAccountName=user | ||
| + | </pre> | ||
| − | + | ==Anpassen der folgenden Datei unter /etc/dovecot/conf.d/10-auth.conf== | |
| + | <pre> | ||
| + | disable_plaintext_auth = no | ||
| + | auth_mechanisms = plain login | ||
| + | !include auth-ldap.conf.ext | ||
| + | !include auth-system.conf.ext | ||
| + | </pre> | ||
| − | =dovecot- | + | ==Anpassen der folgenden Datei unter /etc/dovecot/conf.d/10-mail.conf== |
| − | + | <pre> | |
| − | + | mail_location = mbox:/var/spool/mail/user/%u@lab34.linuggs.de:INBOX=/var/spool/mail/%u@lab34.linuggs.de | |
| − | + | mail_uid = mail | |
| − | + | mail_gid = mail | |
| − | + | namespace inbox { | |
| − | + | inbox = yes | |
| − | + | } | |
| − | + | mail_privileged_group = mail | |
| − | + | first_valid_uid = 8 | |
| − | + | protocol !indexer-worker { | |
| − | + | } | |
| + | </pre> | ||
| − | =10- | + | ==Anpassen der folgenden Datei unter /etc/dovecot/conf.d/10-master.conf== |
| − | + | <pre> | |
| − | + | service auth { | |
| + | unix_listener /var/spool/postfix/private/auth { | ||
| + | mode = 0660 | ||
| + | user = postfix | ||
| + | group = postfix | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
| − | = | + | ==Anpassen der folgenden Datei unter /etc/dovecot/conf.d/15-lda.conf== |
| − | + | <pre> | |
| − | + | protocol lda { | |
| − | + | postmaster_address = postmaster@lab34.linuggs.de | |
| − | + | } | |
| − | =10- | + | </pre> |
| − | + | ==Anpassen der folgenden Datei unter /etc/dovecot/10-logging.conf== | |
| − | + | log_path = /var/log/dovecot.log | |
| − | + | info_log_path = /var/log/dovecot-info.log | |
| − | + | debug_log_path = /var/log/dovecot-debug.log | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
=Neustart des Dovecot-Dienstes= | =Neustart des Dovecot-Dienstes= | ||
* service dovecot restart | * service dovecot restart | ||
Aktuelle Version vom 17. Oktober 2024, 10:10 Uhr
Ziel
- Einrichten von Postfix und Dovecot zur Authentifizierung von Benutzern aus Active Directory und Speicherung der Mails unter /var/spool/mail.
Aufgabe
- Postfix und Dovecot sollen nur Benutzer aus der Domäne `lab34.linuggs.de` authentifizieren und die Mails unter /var/spool/mail ablegen.
- IMAPS-Zugriff (Port 993) und SMTPS (Port 465).
Vorbereitung
Erstellen eines Service-Benutzers in Active Directory
- Usermanager auf dem Domaincontroller
Postfix-Konfiguration
Installation des Pakets postfix-ldap
- apt-get install postfix postfix-ldap
Anpassen der folgenden Datei: /etc/postfix/main.cf
maillog_file = /var/log/mail.log virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = lab34.linuggs.de virtual_mailbox_maps = ldap:/etc/postfix/ad_local_recipients.cf local_transport = virtual smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = lab34.linuggs.de smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot #smtpd_use_tls = yes #smtpd_tls_auth_only = yes #smtpd_tls_security_level = encrypt smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject virtual_minimum_uid = 8 virtual_uid_maps = static:8 virtual_gid_maps = static:8
Anpassen der folgenden Datei: /etc/postfix/master.cf
master.cf
dovecot unix - n n - - pipe
flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
Erstellen der folgenden Datei: /etc/postfix/ad_local_recipients.cf
version = 3 server_host = lab34.linuggs.de:389 search_base = dc=lab34,dc=linuggs,dc=de scope = sub query_filter = (userPrincipalName=%s) result_attribute = userPrincipalName bind = yes bind_dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de bind_pw = 12345-Xinux
Testen der Postfix-Konfiguration
- postconf >/dev/null
- postmap -q rudi@lab34.linuggs.de ldap:/etc/postfix/ad_local_recipients.cf
rudi@lab34.linuggs.de
Neustart des Postfix-Dienstes
- service postfix restart
Kleiner Anpassungen
- mkdir /var/spool/mail/user
- chmod g+w /var/spool/mail/user
Dovecot-Konfiguration
Installation des Pakets dovecot-lmtpd
- apt-get install dovecot-core dovecot-imapd dovecot-ldap dovecot-lmtpd
Anpassen der folgenden Datei unter /etc/dovecot/dovecot-ldap.conf.ext
hosts = lab34.linuggs.de:389 ldap_version = 3 auth_bind = yes dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de dnpass = 12345-Xinux base = cn=Users,dc=lab34,dc=linuggs,dc=de scope = subtree user_filter = (sAMAccountName=%u) user_attrs = uid=mail,gid=mail pass_filter = (sAMAccountName=%u) pass_attrs = sAMAccountName=user
Anpassen der folgenden Datei unter /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no auth_mechanisms = plain login !include auth-ldap.conf.ext !include auth-system.conf.ext
Anpassen der folgenden Datei unter /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:/var/spool/mail/user/%u@lab34.linuggs.de:INBOX=/var/spool/mail/%u@lab34.linuggs.de
mail_uid = mail
mail_gid = mail
namespace inbox {
inbox = yes
}
mail_privileged_group = mail
first_valid_uid = 8
protocol !indexer-worker {
}
Anpassen der folgenden Datei unter /etc/dovecot/conf.d/10-master.conf
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Anpassen der folgenden Datei unter /etc/dovecot/conf.d/15-lda.conf
protocol lda {
postmaster_address = postmaster@lab34.linuggs.de
}
Anpassen der folgenden Datei unter /etc/dovecot/10-logging.conf
log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log debug_log_path = /var/log/dovecot-debug.log
Neustart des Dovecot-Dienstes
- service dovecot restart