users:werner:mailserver
no way to compare when less than two revisions
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
— | users:werner:mailserver [2006-02-06 1750] (aktuell) – angelegt - Externe Bearbeitung 127.0.0.1 | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Setting up postfix+ldap+courier+squirrelmail ====== | ||
+ | ===== Preparations ===== | ||
+ | |||
+ | First of all, my believe that to successfully manage a system, you must use rpm to distribute software - compiling and installing from source may work at the beginning, and in small scale, but you quickly get bogged down and the system becomes unmanageable. | ||
+ | |||
+ | At this document i will guide you how to install postfix+ldap+courier+squirrelmail on a RedHat 7.3 system. I will provide additional detaild for doing the same on RH 9, since the sasl configuration will be different due to version used in each distro. And TRUST ME, if you are using 7.3 distro, DO NOT try to include your own, updated openldap or sasl packages - this will give you such a headache, that after 2 days of work you will say that it is not worth it - these libs are deeply embedded into redhat' | ||
+ | |||
+ | To build my postfix package, i get the src.rpm from http:// | ||
+ | <code bash> | ||
+ | export POSTFIX_LDAP=1 | ||
+ | export POSTFIX_SASL=1 | ||
+ | export POSTFIX_TLS=1 | ||
+ | export POSTFIX_PCRE=1 | ||
+ | </ | ||
+ | then run '' | ||
+ | you also need to install //libtool// and //gcc-c++// before building the package ('' | ||
+ | |||
+ | To build my CourierImap packages, get the tar.gz from http:// | ||
+ | |||
+ | All these packages are available here : TODO !!! FIXME | ||
+ | |||
+ | ===== Installation ===== | ||
+ | |||
+ | Now, install the // | ||
+ | |||
+ | ==== OpenLDAP ==== | ||
+ | |||
+ | Your server configuration starts with setting up your LDAP server with initial schema. Copy the authldap.schema and qmail.schema files to / | ||
+ | <code bash> | ||
+ | # Postfix / Qmail | ||
+ | include | ||
+ | # courier IMAP | ||
+ | include | ||
+ | |||
+ | # default permissions on the database | ||
+ | access to dn="" | ||
+ | access to * | ||
+ | by self write | ||
+ | by users read | ||
+ | by anonymous read | ||
+ | |||
+ | access to attr=userpassword, | ||
+ | by self write | ||
+ | by anonymous auth | ||
+ | by * none | ||
+ | |||
+ | # You may want to enable debuggind while setting up the server. | ||
+ | # The messages are .info level, so change the default syslog settings to see them | ||
+ | # loglevel 4 | ||
+ | |||
+ | suffix | ||
+ | rootdn | ||
+ | rootpw | ||
+ | |||
+ | index cn eq | ||
+ | #faster mail queries I hope | ||
+ | index mail eq | ||
+ | index givenname eq | ||
+ | index uid eq | ||
+ | #address book lookups | ||
+ | index sn eq | ||
+ | # | ||
+ | index objectClass eq | ||
+ | </ | ||
+ | |||
+ | Start the ldap server. | ||
+ | |||
+ | Create an initial schema ldif file, '' | ||
+ | <code bash> | ||
+ | # example, com | ||
+ | dn: dc=example, dc=com | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | o: my company | ||
+ | description: | ||
+ | |||
+ | # mailaccounts, | ||
+ | dn: ou=mailaccounts, | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | ou: mailaccounts | ||
+ | description: | ||
+ | </ | ||
+ | Add it's contents to the server : | ||
+ | <code bash> | ||
+ | ldapadd -D " | ||
+ | </ | ||
+ | the output should be : | ||
+ | <code bash> | ||
+ | adding new entry " | ||
+ | |||
+ | adding new entry " | ||
+ | </ | ||
+ | Create a user template file, '' | ||
+ | <code bash> | ||
+ | dn: uid=UID, | ||
+ | uid: UID | ||
+ | cn: UID | ||
+ | uidNumber: 1001 | ||
+ | gidNumber: 1001 | ||
+ | mail: UID@example.com | ||
+ | mailHost: mail.example.com | ||
+ | homeDirectory: | ||
+ | mailMessageStore: | ||
+ | mailbox: UID/ | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | accountStatus: | ||
+ | </ | ||
+ | Create preprocessing script for user creation, process_user : | ||
+ | <code perl> | ||
+ | # | ||
+ | ($userid)=@ARGV; | ||
+ | while ($line=< | ||
+ | chmod +x process_user | ||
+ | </ | ||
+ | this script will read input from STDIN, and replace UID with the first parameter given to it. | ||
+ | |||
+ | Let's add a test user: | ||
+ | <code bash> | ||
+ | cat user_template.ldif | ||
+ | </ | ||
+ | the output should be : | ||
+ | <code bash> | ||
+ | adding new entry " | ||
+ | </ | ||
+ | Set the password for the user: | ||
+ | <code bash> | ||
+ | ldappasswd -D " | ||
+ | </ | ||
+ | The output should be : | ||
+ | <code bash> | ||
+ | Result: Success (0) | ||
+ | </ | ||
+ | Now, install postfix and courier rpms you have compiled : | ||
+ | |||
+ | ==== Postfix ==== | ||
+ | |||
+ | '' | ||
+ | |||
+ | Let's see if the default config we got is different from postfix default : | ||
+ | <code ini> | ||
+ | # postconf | ||
+ | alias_database = hash:/ | ||
+ | alias_maps = hash:/ | ||
+ | command_directory = /usr/sbin | ||
+ | config_directory = / | ||
+ | daemon_directory = / | ||
+ | debug_peer_level = 2 | ||
+ | mail_owner = postfix | ||
+ | mailq_path = / | ||
+ | manpage_directory = / | ||
+ | newaliases_path = / | ||
+ | queue_directory = / | ||
+ | readme_directory = / | ||
+ | sample_directory = / | ||
+ | sendmail_path = / | ||
+ | setgid_group = postdrop | ||
+ | unknown_local_recipient_reject_code = 450 | ||
+ | </ | ||
+ | we see that some stuff is customised to redhat' | ||
+ | |||
+ | Now, we are going to configure postfix to deliver to virtual mailboxes using ldap. The delivery will be done to maildirs, under the user vmail. | ||
+ | |||
+ | Create user vmail: | ||
+ | <code bash> | ||
+ | useradd vmail -d / | ||
+ | </ | ||
+ | Create the store directory, and the domain directory : | ||
+ | <code bash> | ||
+ | mkdir / | ||
+ | chown vmail:vmail / | ||
+ | </ | ||
+ | set postfix to deliver under user vmail, and set it to query ldap for local deliveries | ||
+ | <code bash> | ||
+ | postconf -e myhostname=mail.example.com mydomain=example.com default_privs=vmail | ||
+ | </ | ||
+ | add by hand to ''/ | ||
+ | <code ini> | ||
+ | virtual_mailbox_base = / | ||
+ | virtual_mailbox_maps = ldap: | ||
+ | virtual_gid_maps = static:< | ||
+ | virtual_uid_maps = static:< | ||
+ | virtual_minimum_uid = 500 | ||
+ | virtual_mailbox_domains = example.com | ||
+ | virtual_result_attribute = mailbox | ||
+ | virtual_maildir_extended = yes | ||
+ | |||
+ | ldapsource_timeout = 10 | ||
+ | ldapsource_server_host = localhost | ||
+ | ldapsource_search_base = ou=mailaccounts, | ||
+ | ldapsource_server_port = 389 | ||
+ | ldapsource_domain = example.com | ||
+ | ldapsource_query_filter = (& | ||
+ | ldapsource_result_attribute = mailbox | ||
+ | ldapsource_bind = no | ||
+ | </ | ||
+ | Start postfix, and try to send an email to the '' | ||
+ | <code bash> | ||
+ | echo test | sendmail test@example.com | ||
+ | </ | ||
+ | check the ''/ | ||
+ | |||
+ | If you get ldap-related errors, set loglevel to 4 in ''/ | ||
+ | <code bash> | ||
+ | # | ||
+ | *.*; | ||
+ | </ | ||
+ | and restart syslog, and look at ''/ | ||
+ | |||
+ | ==== Courier-IMAP ==== | ||
+ | |||
+ | Let's configure courier for pop3 and imap access now : | ||
+ | |||
+ | Install the '' | ||
+ | |||
+ | edit ''/ | ||
+ | <code ini> | ||
+ | authmodulelist=" | ||
+ | </ | ||
+ | enter this to ''/ | ||
+ | <code bash> | ||
+ | LDAP_SERVER | ||
+ | LDAP_PORT | ||
+ | LDAP_BASEDN | ||
+ | LDAP_AUTHBIND | ||
+ | LDAP_TIMEOUT | ||
+ | LDAP_MAIL | ||
+ | LDAP_DOMAIN | ||
+ | LDAP_GLOB_GID | ||
+ | LDAP_GLOB_UID | ||
+ | LDAP_HOMEDIR | ||
+ | LDAP_MAILDIR | ||
+ | LDAP_FULLNAME | ||
+ | LDAP_DEREF | ||
+ | LDAP_TLS | ||
+ | </ | ||
+ | start courier, and telnet to port 110. type "user test", "pass testpass" | ||
+ | |||
+ | === Setting up SMTP authentication: | ||
+ | |||
+ | Because on redhat 7.3 the '' | ||
+ | <code bash> | ||
+ | vi / | ||
+ | </ | ||
+ | on the line of | ||
+ | <code bash> | ||
+ | smtp inet | ||
+ | </ | ||
+ | set chroot to " | ||
+ | |||
+ | activate sasl authentication for postfix in ''/ | ||
+ | <code ini> | ||
+ | smtpd_sasl_auth_enable = yes | ||
+ | smtpd_sasl_security_options = noanonymous | ||
+ | </ | ||
+ | the default relaying blocking is: | ||
+ | <code ini> | ||
+ | smtpd_recipient_restrictions = permit_mynetworks, | ||
+ | </ | ||
+ | this will only allow users from mynetworks to send mail outside the domains postfix is aware of. my config is as follows : | ||
+ | <code ini> | ||
+ | smtpd_recipient_restrictions = permit_sasl_authenticated, | ||
+ | | ||
+ | </ | ||
+ | I permit also sasl authenticated users. I also protect my mailinglist accounts inside my mail server (for example, all@example.com), | ||
+ | <code bash> | ||
+ | all@example.com | ||
+ | another_address@example.com | ||
+ | </ | ||
+ | If you do not need this functionality, | ||
+ | |||
+ | === let's configure sasl === | ||
+ | |||
+ | Now, let's configure sasl, so it would do the authentication: | ||
+ | |||
+ | configure your ''/ | ||
+ | <code bash> | ||
+ | host 127.0.0.1 | ||
+ | base dc=example, | ||
+ | </ | ||
+ | create a file ''/ | ||
+ | <code bash> | ||
+ | pwcheck_method: | ||
+ | </ | ||
+ | create a file ''/ | ||
+ | <code bash> | ||
+ | #%PAM-1.0 | ||
+ | auth | ||
+ | account | ||
+ | </ | ||
+ | |||
+ | ===== Miscellaneous ===== | ||
+ | |||
+ | to delete an account, use | ||
+ | <code bash> | ||
+ | ldapdelete -D " | ||
+ | </ |
users/werner/mailserver.txt · Zuletzt geändert: 2006-02-06 1750 von 127.0.0.1