{"id":233,"date":"2007-03-08T17:28:57","date_gmt":"2007-03-08T16:28:57","guid":{"rendered":"http:\/\/tom.scholten.nu\/weblog\/?page_id=233"},"modified":"2008-04-01T20:59:20","modified_gmt":"2008-04-01T19:59:20","slug":"postfix-ldap-howto-v20-part-two","status":"publish","type":"page","link":"https:\/\/tom.scholten.nu\/weblog\/archief\/postfix-ldap-howto-2\/postfix-ldap-howto-v20-part-two","title":{"rendered":"Postfix LDAP Howto v2.0 part two"},"content":{"rendered":"<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.<\/a><\/p>\n<p><a href=\"http:\/\/tom.scholten.nu\/weblog\/?page_id=232\">.This howto is outdated and kept here for historical purposes, please proceed to the newer version by following this link.<\/a><\/p>\n<p>.<\/p>\n<p>.<\/p>\n<p>.<\/p>\n<p>.<\/p>\n<p>.<\/p>\n<p>.<\/p>\n<p>[lang_en]<\/p>\n<h2>ClamAV, virusscanner<\/h2>\n<p>ClamAV uses \/usr\/local\/etc\/clamav.conf for configuration, the only changes made were<\/p>\n<ul>\n<li> changed localsocket to \/var\/amavis\/clamd<\/li>\n<li> changed user to vscan<\/li>\n<\/ul>\n<hr \/>\n<h2>OpenLDAP scripts<\/h2>\n<p>Using the script provide below we can add users, according to the domain setup shown below using the following commands example<\/p>\n<ul>\n<li> .\/ldapadduser.pl vivian example.org &#8220;Secret123&#8221; mailbox | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<li> .\/ldapadduser.pl alexander example.org &#8220;Dog=Cr@zy&#8221; mailbox | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<li> .\/ldapadduser.pl roland_dg example.org &#8220;a1zihw&#8221; mailbox | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<li> .\/ldapadduser.pl postmaster example.org alexander@example.org,vivian@example.org alias | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<li> .\/ldapadduser.pl webmaster example.org john@webbuilders.com alias | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<li> .\/ldapadduser.pl &#8220;*&#8221; example.org vivian@example.org alias | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<\/ul>\n<p>somenudomain.nu<\/p>\n<ul>\n<li> .\/ldapadduser.pl ian somenudomain.nu &#8220;vivian&#8221; mailbox | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<li> .\/ldapadduser.pl postmaster somenudomain.nu alexander@example.org alias | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<li> .\/ldapadduser.pl webmaster somenudomain.nu &#8220;w3bs1t3&#8221; mailbox | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<\/ul>\n<p>someoldaccount.demon.org<\/p>\n<ul>\n<li> .\/ldapadduser.pl &#8220;*&#8221; someoldaccount.demon.org @somenudomain.nu alias | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<\/ul>\n<p>domain3.org<\/p>\n<ul>\n<li> .\/ldapadduser.pl postmaster domain3.org alexander@example.org alias | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<li> .\/ldapadduser.pl webmaster domain3.org alexander@example.org alias | ldapadd -x -D &#8216;cn=Manager,dc=example,dc=org&#8217; -w secret<\/li>\n<\/ul>\n<p>And so, we should have created a tree looking like this, with vivian@example.org receiving all &#8216;non-existing-mailbox&#8217; mail from example.org and all mail from &#8216;someoldaccount.demon.org&#8217; delivered to somenudomain.nu (so you can email ian@someoldaccount.demon.org and still reach ian, whom (ofcourse) should have procmail or so set up to warn people about his changed domain name, but that&#8217;s outside the scope of this document). Also mind that postmaster@example.org is delivered to BOTH alexander AND vivian. The add-script just makes to &#8216;maildrop&#8217;s in the LDAP tree!<\/p>\n<hr \/>\n<h2>Configure postfix<\/h2>\n<p>Changes to postfix&#8217; main.cf, also change other settings to customize you&#8217;re requirements. Setting &#8216;soft_bounce=yes&#8217; for testing purposes while starting out using you&#8217;re new mailserver would be a wise decision!<\/p>\n<pre># Transports\r\n\r\ntransport_server_host = localhost\r\n\r\ntransport_search_base = dc=mail,dc=example,dc=org\r\n\r\ntransport_query_filter = (&amp;(dc=%s)(objectClass=mailDomain)(accountActive=TRUE)(delete=FALSE))\r\n\r\ntransport_result_attribute = postfixTransport\r\n\r\n#transport_cache = yes\r\n\r\ntransport_bind = no\r\n\r\ntransport_scope = one\r\n\r\n# Aliases\r\n\r\naliases_server_host = localhost\r\n\r\naliases_search_base = dc=mail,dc=example,dc=org\r\n\r\naliases_query_filter = (&amp;(objectClass=mailAlias)(mail=%s)(accountActive=TRUE))\r\n\r\naliases_result_attribute = maildrop\r\n\r\naliases_bind = no\r\n\r\n#aliases_cache = yes\r\n\r\n# Accounts\r\n\r\naccounts_server_host = localhost\r\n\r\naccounts_search_base = dc=mail,dc=example,dc=org\r\n\r\naccounts_query_filter = (&amp;(objectClass=mailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE))\r\n\r\naccounts_result_attribute = mailbox\r\n\r\naccounts_bind = no\r\n\r\n#accounts_cache = yes\r\n\r\naccountsmap_server_host = localhost\r\n\r\naccountsmap_search_base = dc=mail,dc=example,dc=org\r\n\r\naccountsmap_query_filter = (&amp;(objectClass=mailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE))\r\n\r\naccountsmap_result_attribute = mail\r\n\r\naccountsmap_bind = no\r\n\r\n#accountsmap_cache = yes\r\n\r\n# Transport map\r\n\r\ntransport_maps = ldap:transport\r\n\r\nmydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain, $transport_maps\r\n\r\n# Virtual maps\r\n\r\nvirtual_maps = ldap:aliases, ldap:accountsmap\r\n\r\n# Virtual accounts\r\n\r\nvirtual_mailbox_base = \/usr\/virtual\r\n\r\nvirtual_mailbox_maps = ldap:accounts\r\n\r\nvirtual_minimum_uid = 2000\r\n\r\nvirtual_uid_maps = static:2000\r\n\r\nvirtual_gid_maps = static:2000\r\n\r\n# Local accounts\r\n\r\nlocal_alias_maps = hash:\/etc\/aliases\r\n\r\nlocal_recipient_maps = $local_alias_maps unix:passwd.byname\r\n\r\n# local_transport should set to \"virtual\" to deliver mail to local VirtualAccount\r\n\r\n# 's $HOME direcotry . or not set here, mail delivery would be failure\r\n\r\nlocal_transport = virtual\r\n\r\nlocal_recipient_maps = $alias_maps unix:passwd.byname $virtual_mailbox_maps\r\n\r\n# AMAVIS\r\n\r\ncontent_filter = smtp-amavis:[127.0.0.1]:10024<\/pre>\n<p>Changes to postfix&#8217; master.cf (optionally replace the &#8216;y&#8217; with &#8216;n&#8217; depending on you&#8217;re chroot wishes). Make sure &#8216;virtual&#8217; and &#8216;maildrop&#8217; also exist in master.cf<\/p>\n<pre>smtp-amavis unix -      -       y     -       2  smtp\r\n\r\n-o smtp_data_done_timeout=1200\r\n\r\n-o smtp_send_xforward_command=yes\r\n\r\n-o disable_dns_lookups=yes\r\n\r\n127.0.0.1:10025 inet n  -       y     -       -  smtpd\r\n\r\n-o content_filter=\r\n\r\n-o local_recipient_maps=\r\n\r\n-o relay_recipient_maps=\r\n\r\n-o smtpd_restriction_classes=\r\n\r\n-o smtpd_client_restrictions=\r\n\r\n-o smtpd_helo_restrictions=\r\n\r\n-o smtpd_sender_restrictions=\r\n\r\n-o smtpd_recipient_restrictions=permit_mynetworks,reject\r\n\r\n-o mynetworks=127.0.0.0\/8\r\n\r\n-o strict_rfc821_envelopes=yes\r\n\r\n-o smtpd_error_sleep_time=0\r\n\r\n-o smtpd_soft_error_limit=1001\r\n\r\n-o smtpd_hard_error_limit=1000<\/pre>\n<hr \/>\n<h2>Starting you&#8217;re mailserver<\/h2>\n<p>Next again edit \/etc\/rc.conf to disable sendmail and enable postfix Insert<\/p>\n<ul>\n<li> sendmail_enable=&#8221;NONE&#8221;<\/li>\n<\/ul>\n<p>Comment out\/remove<\/p>\n<ul>\n<li> sendmail_enable=&#8221;YES&#8221;<\/li>\n<li> sendmail_flags=&#8221;-bd&#8221;<\/li>\n<li> sendmail_pidfile=&#8221;\/var\/spool\/postfix\/pid\/master.pid&#8221;<\/li>\n<li> sendmail_outbound_enable=&#8221;NO&#8221;<\/li>\n<li> sendmail_submit_enable=&#8221;NO&#8221;<\/li>\n<li> sendmail_msp_queue_enable=&#8221;NO&#8221;<\/li>\n<\/ul>\n<p>Now would be a great time to start postfix, but before you do touch \/var\/log\/maillog and open a second terminal, screen or whatever and do a tail -f \/var\/log\/maillog there (as well as maybe a tail on \/var\/log\/messages) to see what&#8217;s going on. Now you&#8217;re ready to start postfix simply by typing postfix start<\/p>\n<hr \/>\n<h2>Verify mail sending and receiving<\/h2>\n<p>Verify that you can send mail by sending yourself mail. If using an address@example.org which is an alias (pointing outside one of the domains for wich your new postfix server receives mail) please check you&#8217;re headers and confirm their ok. If receiving on a mailbox address (at your new postfix server), look in \/usr\/virtual and confirm you have a new directory named example.org (depending on the recipient). Below that directory your mailbox name (as a directory) should emerge, containing various maildir files. Besides checking that your mail was received also check the headers!<\/p>\n<p>Note that users of a mailbox should have received at least one email to have their directory (and maildir files) in place When you create a new mailbox (not alias), you should send the new user a &#8216;welcome&#8217; mail of some kind to let postfix create their &#8216;homedirectory&#8217; in \/usr\/virtual. When omitted the user will receive an error when checking mail (either via imap\/pop or when using webmail)<\/p>\n<hr \/>\n<h2>Documents and resources used<\/h2>\n<p>Besides RTFM on various packages used to install a number of special resources will be named below the packages linklist; (in no particular order)<\/p>\n<ul>\n<li> Postfix, MTA used<\/li>\n<li> Spam tagging software<\/li>\n<li> LDAP software<\/li>\n<li> Webmail software<\/li>\n<li> Mailinglist software (when done, you could add mailinglists, not captured in this document)<\/li>\n<li> ClamAV Antivirus software<\/li>\n<li> Short for [A] [MA]il [VI]rus [S]canner<\/li>\n<li> Apache webserver for webmail and admin (php) interface<\/li>\n<li> The admin interface was build using php<\/li>\n<\/ul>\n<p>Most usefull to produce this document was :http:\/\/janus.errornet.de\/ with his pdf and schema ((mirrored here) pdf and schema)<\/p>\n<hr \/>\n<h2>Others resources used<\/h2>\n<ul>\n<li> http:\/\/jamm.sourceforge.net everything else seems to be based upon this<\/li>\n<li> http:\/\/www.vriesman.tk detailed enough for me<\/li>\n<\/ul>\n<hr \/>\n<p><a href=\"http:\/\/tom.scholten.nu\">Tom Scholten<\/a> is Unix specialist with <a href=\"http:\/\/snow.nl\">Snow B.V.<\/a>, a Dutch Technical Consultancy Company supplying specialists in the field of Networking and Unix<br \/>\n\u00c2\u00a0<\/p>\n<p>\u00c2\u00a0<\/p>\n<p>\u00c2\u00a0<\/p>\n<hr \/>\n<p>[\/lang_en]<\/p>\n<p>\u00c2\u00a0<\/p>\n<p>\u00c2\u00a0<\/p>\n<p>\u00c2\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>. . . . . . . . . . .This howto is outdated and kept here for historical purposes, please proceed to the newer<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":215,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-233","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/tom.scholten.nu\/weblog\/wp-json\/wp\/v2\/pages\/233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tom.scholten.nu\/weblog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/tom.scholten.nu\/weblog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/tom.scholten.nu\/weblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tom.scholten.nu\/weblog\/wp-json\/wp\/v2\/comments?post=233"}],"version-history":[{"count":0,"href":"https:\/\/tom.scholten.nu\/weblog\/wp-json\/wp\/v2\/pages\/233\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/tom.scholten.nu\/weblog\/wp-json\/wp\/v2\/pages\/215"}],"wp:attachment":[{"href":"https:\/\/tom.scholten.nu\/weblog\/wp-json\/wp\/v2\/media?parent=233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}