{"id":14,"date":"2006-03-15T15:40:52","date_gmt":"2006-03-15T14:40:52","guid":{"rendered":"http:\/\/new.tom.scholten.nu\/weblog\/?page_id=14"},"modified":"2008-04-01T20:58:25","modified_gmt":"2008-04-01T19:58:25","slug":"postfix-ldap-howto","status":"publish","type":"page","link":"https:\/\/tom.scholten.nu\/weblog\/archief\/postfix-ldap-howto-2\/postfix-ldap-howto","title":{"rendered":"Postfix LDAP Howto"},"content":{"rendered":"

.<\/a><\/p>\n

.<\/a><\/p>\n

.<\/a><\/p>\n

.<\/a><\/p>\n

.<\/a><\/p>\n

.<\/a><\/p>\n

.<\/a><\/p>\n

.<\/a><\/p>\n

.<\/a><\/p>\n

.<\/a><\/p>\n

.This howto is outdated and kept here for historical purposes, please proceed to the newer version by following this link.<\/a><\/p>\n

.<\/p>\n

.<\/p>\n

.<\/p>\n

.<\/p>\n

.<\/p>\n

.<\/p>\n

\n

\u00c2\u00a0<\/p>\n

\u00c2\u00a0<\/p>\n\n\n\n
\u00c2\u00a0\u00c2\u00a0<\/p>\n

Full-fledged Postfix using LDAP HOWTO<\/h1>\n

Postfix, LDAP, IMAP, WebMail, Virus- and spamscanning\/checking mail system<\/h5>\n
by Tom Scholten and author of likewise documents<\/h6>\n

Special thanks to Richard from UnixGuru.nl<\/sub><\/p>\n

\u00c2\u00a0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00c2\u00a0<\/p>\n

\u00c2\u00a0<\/p>\n

\n

The document provides a description or howto if you will to build a unix-based postfix mailserver capable of multiple virtual domains and users based upon LDAP. There are other documents describing how to implement Postfix and LDAP, and this howto is based upon them, but is written as a 'from-scratch' to 'fully-operational' manual, as i found a great tutorial on Postfix-Mysql including a nice PHP admin frontend besides the great JAMM approach which has also a nice, but in java (server pages), admin tool. Plans for now are to deliver both a perl\/cgi interface AND a PHP interface to administrate you're very own Postfix-LDAP mail system.<\/tt><\/p>\n

\u00c2\u00a0<\/p>\n

\n

This page aims at describing how i installed and configured Postfix with virtual domains, ldap and virusscanning on a FreeBSD 5.x system
\nThere is no reason why this wouldn’t work on any other UN*X system, including all flavors of linux, *bsd, hpux, tru64, solaris or aix. Maybe on SCO but i don’t like either there OS nor their attitude.
\nOfcourse no responsibility or liability blah blah blah, to be continued<\/p>\n

\u00c2\u00a0<\/p>\n

\u00c2\u00a0<\/p>\n

\n

Heads up : The proposed mailserver in this document is using amavis for content scanning, i’m working on a second version of this document using MailScanner<\/a> instead of amavis, hopefully with user-specific SpamAssassin rules in LDAP (using SA 3.x)<\/span><\/p>\n

\u00c2\u00a0<\/p>\n

\n

Installed software (on FreeBSD)<\/h4>\n

Installed packages from the portstree (in no particular order, let alone dependancy order)<\/p>\n

    \n
  • procmail (3.22)<\/li>\n
  • postfix (2.2.1)<\/li>\n
  • courier-imap (3.0.4,1)<\/li>\n
  • squirrelmail (1.4.3a)<\/li>\n
  • apache2 (2.0.50)<\/li>\n
  • php (4.3.7)<\/li>\n
  • openldap (2.0.25)<\/li>\n
  • clamav (0.74)<\/li>\n
  • amavisd-new (20030616)<\/li>\n
  • p5-SpamAssassin (2.63)<\/li>\n<\/ul>\n

    Assumptions<\/h4>\n

    Assumptions made for this howto<\/p>\n

      \n
    • The example domain name will be ‘example.org’<\/li>\n
    • The virtual users (mail)directory store will live under \/usr\/virtual<\/li>\n
    • The virtual user used is vmail (group vmail) uid\/gid are both 2001<\/li>\n
    • The scanner runs as vscan\/vscan (2002\/2002)<\/li>\n<\/ul>\n
      \n

      OpenLDAP configuration<\/h4>\n

      First edit slapd.conf<\/tt> in \/usr\/local\/etc\/openldap<\/em>, the example below does NOT have a safe password (secret), which you should create using slappasswd<\/em> from the commandline. It asks you to type you’re password twice and then prints out the string to be used. You can use another (than SSHA, the default) algorythm, man slappasswd<\/tt> for more information! Also in the example below there are NO acl’s so anyone has access to you’re information, consider RTFM on (Open)LDAP to secure you’re LDAPtree some more.<\/p>\n

      slapd.conf<\/p>\n

      include         \/usr\/local\/etc\/openldap\/schema\/core.schema\r\ninclude \/usr\/local\/etc\/openldap\/schema\/cosine.schema\r\ninclude \/usr\/local\/etc\/openldap\/schema\/nis.schema\r\ninclude \/usr\/local\/etc\/openldap\/schema\/mailserver.schema\r\n\r\n#######################################################################\r\n# ldbm database definitions\r\n#######################################################################\r\n\r\ndatabase        ldbm\r\nsuffix          \"dc=example,dc=org\"\r\n\r\nrootdn          \"cn=Manager,dc=example,dc=org\"\r\n#rootpw          secret\r\nrootpw\t\t{SSHA}FyQuk6XJK4aYcz1fh6RhbG2g\/CtvCtz3\r\n\r\n# The database directory MUST exist prior to running slapd AND\r\n# should only be accessable by the slapd\/tools. Mode 700 recommended.\r\ndirectory       \/var\/db\/openldap-data\r\n\r\n# Indices to maintain\r\nindex   objectClass     pres,eq\r\nindex   mail,cn         eq,sub\r\n\r\n# logging\r\nloglevel 256<\/pre>\n
      \n
      OpenLDAP scheme for mailserver<\/h4>\n
      Next, create the LDAPscheme to be used for our mailserver in \/usr\/local\/etc\/openldap\/schema<\/em><\/p>\n
      The used mailserver.schema<\/p>\n
      #\r\n# OID prefix: 1.3.6.1.4.1.12461\r\n#\r\n# Attributes: 1.3.6.1.4.1.12461.1.1\r\n#\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.1 NAME 'postfixTransport'\r\nDESC 'A string directing postfix which transport to use'\r\nEQUALITY caseExactIA5Match\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.26{20} SINGLE-VALUE )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.2 NAME 'accountActive'\r\nDESC 'A boolean telling whether an account is active or not'\r\nEQUALITY booleanMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.3 NAME 'lastChange'\r\nDESC 'Time in unix time of last change in entry'\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )\r\n\r\n#attributetype ( 1.3.6.1.4.1.12461.1.1.4 NAME 'jvd'\r\n#        DESC 'A virtual domain managed by Jamm'\r\n#        EQUALITY caseIgnoreIA5Match\r\n#        SUBSTR caseIgnoreIA5SubstringsMatch\r\n#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\r\n\r\n# The following attributes are borrowed from Courier's schema so that\r\n# the Jamm Schema can live on its own.\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.5 NAME 'mailbox'\r\nDESC 'The absolute path to the mailbox for a mail account in a non-default location'\r\nEQUALITY caseExactIA5Match\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.6 NAME 'quota'\r\nDESC 'A string that represents the quota on a mailbox'\r\nEQUALITY caseExactIA5Match\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.7 NAME 'clearPassword'\r\nDESC 'A separate text that stores the mail account password in clear text'\r\nEQUALITY octetStringMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128})\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.8 NAME 'maildrop'\r\nDESC 'RFC822 Mailbox - mail alias'\r\nEQUALITY caseIgnoreIA5Match\r\nSUBSTR caseIgnoreIA5SubstringsMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.9 NAME 'mailsource'\r\nDESC 'Message source'\r\nEQUALITY caseIgnoreIA5Match\r\nSUBSTR caseIgnoreIA5SubstringsMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\r\n\r\n# Back to more of Jamm specific attributes\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.10 NAME 'editAliases'\r\nDESC 'A boolean telling whether a domain manager can edit Aliases'\r\nEQUALITY booleanMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.11 NAME 'editAccounts'\r\nDESC 'A boolean telling whether a domain manager can edit Accounts'\r\nEQUALITY booleanMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.12 NAME 'editPostmasters'\r\nDESC 'A boolean telling whether a domain manager can edit Postmasters'\r\nEQUALITY booleanMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.13 NAME 'editCatchAlls'\r\nDESC 'A boolean telling whether a domain manager can edit CatchAlls'\r\nEQUALITY booleanMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\r\n\r\nattributetype ( 1.3.6.1.4.1.12461.1.1.14 NAME 'delete'\r\nDESC 'A boolean telling whether this item is marked for deletion'\r\nEQUALITY booleanMatch\r\nSYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\r\n\r\n#\r\n# Objects: 1.3.6.1.4.1.12461.1.2\r\n#\r\n\r\nobjectclass ( 1.3.6.1.4.1.12461.1.2.1 NAME 'mailAccount'\r\nSUP top STRUCTURAL\r\nDESC 'Mail account objects'\r\nMUST ( mail $ homeDirectory $ mailbox $ accountActive $ lastChange $\r\ndelete )\r\nMAY ( uidNumber $ gidNumber $ uid $ cn $ description $ quota $\r\nuserPassword $ clearPassword ) )\r\n\r\nobjectclass ( 1.3.6.1.4.1.12461.1.2.2 NAME 'mailAlias'\r\nSUP top STRUCTURAL\r\nDESC 'Mail aliasing\/forwarding entry'\r\nMUST ( name $ mail $ maildrop $ accountActive $ lastChange )\r\nMAY ( mailsource $ cn $ description $ userPassword ) )\r\n\r\nobjectclass ( 1.3.6.1.4.1.12461.1.2.3 NAME 'mailDomain'\r\nSUP domain STRUCTURAL\r\nDESC 'Virtual Domain entry to be used with postfix transport maps'\r\nMUST ( dc $ accountActive $ lastChange $ delete $ editAccounts $\r\neditPostmasters )\r\nMAY ( postfixTransport $ description  ) )\r\n#        SUP top STRUCTURAL\r\n#       MUST ( jvd $ accountActive $ lastChange $ delete $ editAccounts $\r\n\r\nobjectClass ( 1.3.6.1.4.1.12461.1.2.4 NAME 'mailPostmaster'\r\nSUP top AUXILIARY\r\nDESC 'Added to a mailAlias to create a postmaster entry'\r\nMUST roleOccupant )<\/pre>\n
      \n
      Ready, Aim, OpenLDAP<\/h4>\n
      Now start up you’re OpenLDAP server either by hand or use \/usr\/local\/etc\/rc.d\/slapd.sh start<\/em> and verify that slapd<\/tt> is running (ps ax | egrep slap[d]<\/em>). If it’s running were ready to fill …<\/p>\n
      \n
      OpenLDAP tree layout and initial ldif<\/h4>\n
      This initial ldif will create you’re domains, so if you have many, just stick to one or two at the time to test out, were creating the following tree.<\/p>\n
      \u00c2\u00a0<\/p>\n\n\n\n
       org
      \n|
      \nexample----------Manager
      \n|
      \nmail
      \n|
      \n+----------------------------------+-----------------------------+----------------------------+
      \nexample.org                        somenudomain.nu                someoldaccount.demon.org       domain3.org
      \n<\/tt><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
      \u00c2\u00a0<\/p>\n
      setup ldif file
      \nwarning! if you have openldap22 or above, you should add to the primary dc= objects the following lines (whatever is the dc declared, for the first entry below it becomes ‘example’ for the other (mail) object it becomes mail<\/p>\n
      \u00c2\u00a0<\/p>\n
      objectClass: dcObject\r\ndc: whatever<\/pre>\n
      # example\r\ndn: dc=example, dc=org\r\nobjectClass: top\r\nobjectClass: organization\r\nobjectClass: dcObject\r\no: example\r\ndc: example\r\n\r\n# MAnager\r\ndn: cn=Manager,dc=example,dc=org\r\nobjectClass: top\r\nobjectClass: organizationalRole\r\ncn: Manager\r\n\r\n# mail, example\r\ndn: dc=mail, dc=example, dc=org\r\nobjectClass: top\r\nobjectClass: organizationalunit\r\nobjectClass: dcObject\r\nou: mail\r\ndc: mail\r\n\r\n# example.org, mail, example\r\ndn: dc=example.org, dc=mail, dc=example,dc=org\r\naccountActive: TRUE\r\neditPostmasters: TRUE\r\neditAccounts: TRUE\r\nobjectClass: top\r\nobjectClass: mailDomain\r\ndc: example.org\r\ndelete: FALSE\r\nlastChange: 111\r\npostfixTransport: virtual:\r\n\r\n# somenudomain.nu, mail, example\r\ndn: dc=somenudomain.nu, dc=mail, dc=example,dc=org\r\naccountActive: TRUE\r\neditPostmasters: TRUE\r\neditAccounts: TRUE\r\nobjectClass: top\r\nobjectClass: mailDomain\r\ndc: somenudomain.nu\r\ndelete: FALSE\r\nlastChange: 111\r\npostfixTransport: virtual:\r\n\r\n# someoldaccount.demon.org, mail, example\r\ndn: dc=someoldaccount.demon.org, dc=mail, dc=example,dc=org\r\naccountActive: TRUE\r\neditPostmasters: TRUE\r\neditAccounts: TRUE\r\nobjectClass: top\r\nobjectClass: mailDomain\r\ndc: someoldaccount.demon.org\r\ndelete: FALSE\r\nlastChange: 111\r\npostfixTransport: virtual:\r\n\r\n# domain3.org, mail, example\r\ndn: dc=domain3.org, dc=mail, dc=example,dc=org\r\naccountActive: TRUE\r\neditPostmasters: TRUE\r\neditAccounts: TRUE\r\nobjectClass: top\r\nobjectClass: mailDomain\r\ndc: domain3.org\r\ndelete: FALSE\r\nlastChange: 111\r\npostfixTransport: virtual:<\/pre>\n
      cat FILENAME | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret<\/em> to add the information to your LDAP server<\/p>\n
      \n
      OpenLDAP scripts<\/h4>\n
      Using the script provide below we can add users, according to the domain setup shown below using the following commands
      \nexample<\/p>\n
        \n
      • .\/ldapadduser.pl vivian example.org \"Secret123\" mailbox | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n
      • .\/ldapadduser.pl alexander example.org \"Dog=Cr@zy\" mailbox | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n
      • .\/ldapadduser.pl roland_dg example.org \"a1zihw\" mailbox | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n
      • .\/ldapadduser.pl postmaster example.org alexander@example.org,vivian@example.org alias | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n
      • .\/ldapadduser.pl webmaster example.org john@webbuilders.com alias | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n
      • .\/ldapadduser.pl \"*\" example.org vivian@example.org alias | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n<\/ul>\n
        somenudomain.nu<\/p>\n
          \n
        • .\/ldapadduser.pl ian somenudomain.nu \"vivian\" mailbox | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n
        • .\/ldapadduser.pl postmaster somenudomain.nu alexander@example.org alias | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n
        • .\/ldapadduser.pl webmaster somenudomain.nu \"w3bs1t3\" mailbox | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n<\/ul>\n
          someoldaccount.demon.org<\/p>\n
            \n
          • .\/ldapadduser.pl \"*\" someoldaccount.demon.org @somenudomain.nu alias | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n<\/ul>\n
            domain3.org<\/p>\n
              \n
            • .\/ldapadduser.pl postmaster domain3.org alexander@example.org alias | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n
            • .\/ldapadduser.pl webmaster domain3.org alexander@example.org alias | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret<\/tt><\/li>\n<\/ul>\n
              And so, we should have created a tree looking like this, with vivian@example.org receiving all ‘non-existing-mailbox’ mail from example.org and all mail from ‘someoldaccount.demon.org’ delivered to somenudomain.nu (so you can email ian@someoldaccount.demon.org and still reach ian, whom (ofcourse) should have procmail or so set up to warn people about his changed domain name, but that’s outside the scope of this document). Also mind that postmaster@example.org is delivered to BOTH alexander AND vivian. The add-script just makes to ‘maildrop’s in the LDAP tree!<\/p>\n
              \u00c2\u00a0<\/p>\n
              \u00c2\u00a0<\/p>\n\n\n\n
               org
              \n|
              \nexample----------Manager
              \n|
              \nmail
              \n|
              \n+----------------------------------+-----------------------------+----------------------------+
              \nexample.org                        somenudomain.nu                someoldaccount.demon.org       domain3.org<\/tt>Vivian                          ian                            *@ -> somenudomain.nu           postmaster
              \nAlexander                       postmaster                                                     webmaster
              \nRoland_dG                       webmaster
              \npostmaster
              \nwebmaster
              \n*@ -> vivian@example.org
              \n<\/tt><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
              \u00c2\u00a0<\/p>\n
              perl script to generate ldif for changing\/adding users (just use ldapmodify instead of the suggested ldapadd)<\/p>\n
              \u00c2\u00a0<\/p>\n
              #!\/usr\/local\/bin\/perl\r\n# ldapadduser.pl\r\n#\r\n# AddUser-LDAP: Generate User entry for adding in LDAP\r\n# Author:       Raymond Ho\r\n# History:      Modify from genuser.pl from\r\n#               MacGyver aka Habeeb J. Dihu\r\n# 20040601\tTom Scholten, modified to do much more than just adding\r\n# Copyright (C) 2002, He Zhi Qiang Raymond.Ho\r\n\r\nuse Carp;\r\ncroak \"Usage: $0 [accountname] [example.org] [cleartext-password|foo@bar.com{,bar@foo.com,com@foo.bar}] [mailbox|alias]\r\n\r\naccountname being everything before the @ or if you would like a 'fallthrough\/wildcard' match \"*\" (don't let shell interpret the *!!!)\r\n\r\nexamples\r\nCreate new mailbox for user132@domain1.org using password MySecretPw\r\n$0 user132 domain1.org MySecretPw mailbox\r\n\r\nMap whole domain4.org to domain5.org\r\n$0 \"*\" domain4.org @domain5.org alias\r\n\r\nCreate fallthough catch for domain6.org to postmaster@domain6.org\r\n$0 \"*\" domain6.org postmaster@domain6.org alias\r\n\r\nCreate a webmaster@domain3.org alias which expands to the scriptmanager and contentmanager addresses\r\n$0 webmaster domain3.org scriptmanager@domain3.org,contentmanager@domain3.org alias\r\n\r\n\" unless $#ARGV == 3;\r\n\r\n# Random salt.\r\n$salt = join '', ('.', '\/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];\r\n\r\n# output list\r\n$dn             = \"dn: mail=$ARGV[0]@$ARGV[1],dc=$ARGV[1], dc=mail,dc=example, dc=orgn\";\r\n$change         = \"lastChange: 1n\";\r\n$obj1           = \"objectClass: topn\";\r\nif ( $ARGV[3] eq \"mailbox\" ) {\r\n$obj2           = \"objectClass: mailAccountn\";\r\n$mailbox        = \"mailbox: $ARGV[1]\/$ARGV[0]\/Maildir\/n\";\r\n$home           = \"homeDirectory: \/usr\/virtualn\";\r\n$clearpwd       = \"clearPassword: $ARGV[2]n\";\r\n$userpwd        = \"userPassword: {crypt}\".crypt($ARGV[2], $salt).\"n\";\r\n$uid            = \"uid: $ARGV[0]n\";\r\n$del            = \"delete: FALSEn\";\r\n}\r\nelsif ( $ARGV[3] eq \"alias\" ) {\r\n$obj2           = \"objectClass: mailAliasn\";\r\n@aliases        = split(\/,\/,$ARGV[2]);\r\nforeach $alias (@aliases)\r\n{\r\n$maildrop       .= \"maildrop: $aliasn\";\r\n}\r\nif ( $ARGV[0] eq \"*\" ) {\r\n$uid            = \"name: @$ARGV[1]n\";\r\n} else {\r\n$uid            = \"name: $ARGV[0]n\";\r\n}\r\n} else {\r\ncroak \"Cannot continue, choose either mailbox or aliasn\";\r\n}\r\n$at             = \"accountActive: TRUEn\";\r\n#if ( $ARGV[0] eq \"*\" ) {\r\n#        $mail           = \"mail: @$ARGV[1]n\";\r\n#} else {\r\n$mail           = \"mail: $ARGV[0]@$ARGV[1]n\";\r\n#}\r\n\r\n# output to stdin\r\nprint \"$dn$change$uid$obj1$obj2$at$del$mail$home$mailbox$maildrop$clearpwd$userpwd\";\r\n\r\nprint  \"n# pipe this throug -> | ldapadd -x -D 'cn=Manager,dc=example,dc=org' -w secret <- to insert into ldapn\";<\/pre>\n
              \n
              OpenLDAP searching<\/h4>\n
              Now let’s try to find our entries in LDAP  Search domains in the tree
              \n# ldapsearch -x -wsecret -D \"cn=Manager, dc=example, dc=org\" -s sub -b \"dc=mail,dc=example,dc=org\" \"(&(objectClass=mailDomain)(accountActive=TRUE))\" <\/tt> Search accounts in the tree
              \n# ldapsearch -x -wsecret -D \"cn=Manager, dc=example, dc=org\" -s sub -b \"dc=mail,dc=example,dc=org\" \"(&(objectClass=mailAccount)(accountActive=TRUE))\" <\/tt> Search aliases in the tree
              \n# ldapsearch -x -wsecret -D \"cn=Manager, dc=example, dc=org\" -s sub -b \"dc=mail,dc=example,dc=org\" \"(&(objectClass=mailAlias)(accountActive=TRUE))\" <\/tt><\/p>\n
              \n
              ClamAV, virusscanner<\/h4>\n
              ClamAV uses \/usr\/local\/etc\/clamav.conf<\/tt> for configuration, the only changes made were<\/p>\n