Добавим учетные записи для работы с виртуальными почтовыми ящиками
groupadd -g 500 vmail
useradd -g vmail -u 500 vmail
mkdir /var/vmail
chown vmail.vmail /var/vmail
Устанавливаем postfix
apt-get update
apt-get install postfix postfix-ldap
Запустить конфигуратор дебиана
dpkg-reconfigure postfix
При установке пакетов отвечаем на вопросы конфигуратора
* Общий тип почтовой настройки - Интернет сайт
* Системной почтовое имя - daemon.drivesource.ru
Добавляем в основной файл конфигурации **/etc/postfix/main.cf**
# basic protection
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
smtpd_helo_restrictions =
permit_mynetworks
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_hostname
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
virtual_mailbox_domains = drivesource.ru
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_mailbox_maps = ldap:/etc/postfix/ldap-aliases.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
Запишем в файл ** /etc/postfix/ldap-aliases.cf ** следующую конфигурацию
server_host = localhost
search_base = ou=Users,dc=drivesource, dc=ru
query_filter = uid=%u
result_attribute = uid
В конфигурацию транспорта **/etc/postfix/master.cf**
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}
Устанавливаем [[http://www.dovecot.org/|dovecot]]
apt-get update
apt-get install dovecot-common dovecot-imapd
Отредактируем основной файл конфигурации **/etc/dovecot/dovecot.conf**
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
disable_plaintext_auth = no
mail_location = maildir:/var/vmail/%u
# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names.
mail_uid = 500
mail_gid = 500
protocol lda {
sendmail_path = /usr/lib/sendmail
auth_socket_path = /var/run/dovecot/auth-master
}
# заблокировать системные учетные записи
#passdb pam {
#}
passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
# заблокировать системные учетные записи
#userdb passwd {
#}
userdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
## dovecot-lda specific settings
##
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail # User running Dovecot LDA
group = vmail # Or alternatively mode 0660 + LDA user in this group
}
client {
# The client socket is generally safe to export to everyone. Typical use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
#path = /var/run/dovecot/auth-client
#mode = 0660
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
Отредактируем файл **/etc/dovecot/dovecot-ldap.conf** для авторизации пользователей ldap
hosts = localhost
auth_bind = yes
auth_bind_userdn = uid=%u,ou=Users,dc=drivesource,dc=ru
ldap_version = 3
base = ou=Users, dc=drivesource, dc=ru
# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
# uid - System UID
# gid - System GID
# home - Home directory
# mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/UserDatabase/ExtraFields
user_attrs =
# Filter for user lookup. Some variables can be used (see
# http://wiki.dovecot.org/Variables for full list):
# %u - username
# %n - user part in user@domain, same as %u if there's no domain
# %d - domain part in user@domain, empty if user there's no domain
user_filter = (&(objectClass=posixAccount)(uid=%u))
# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 500
#user_global_gid = 500