Добавим учетные записи для работы с виртуальными почтовыми ящиками

groupadd -g 500 vmail
useradd -g vmail -u 500 vmail
mkdir /var/vmail
chown vmail.vmail /var/vmail

Устанавливаем postfix

apt-get update
apt-get install postfix postfix-ldap

Запустить конфигуратор дебиана

dpkg-reconfigure postfix

При установке пакетов отвечаем на вопросы конфигуратора

Добавляем в основной файл конфигурации /etc/postfix/main.cf

# basic protection
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
smtpd_helo_restrictions =
        permit_mynetworks
        reject_invalid_helo_hostname
        reject_non_fqdn_helo_hostname
        reject_unknown_hostname

smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination

virtual_mailbox_domains = drivesource.ru
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_mailbox_maps = ldap:/etc/postfix/ldap-aliases.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Запишем в файл /etc/postfix/ldap-aliases.cf следующую конфигурацию

server_host = localhost
search_base = ou=Users,dc=drivesource, dc=ru
query_filter = uid=%u
result_attribute = uid

В конфигурацию транспорта /etc/postfix/master.cf

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}

Устанавливаем dovecot

apt-get update
apt-get install dovecot-common dovecot-imapd

Отредактируем основной файл конфигурации /etc/dovecot/dovecot.conf

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
disable_plaintext_auth = no
 
mail_location = maildir:/var/vmail/%u
 
# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names. <doc/wiki/UserIds>
mail_uid = 500
mail_gid = 500
 
 
 
protocol lda {
  sendmail_path = /usr/lib/sendmail
  auth_socket_path = /var/run/dovecot/auth-master
}
 
# заблокировать системные учетные записи
#passdb pam {
#}
 
passdb ldap {
  args = /etc/dovecot/dovecot-ldap.conf
}
 
# заблокировать системные учетные записи
#userdb passwd {
#}
 
userdb ldap {
  args = /etc/dovecot/dovecot-ldap.conf
}
 
## dovecot-lda specific settings
##
socket listen {
  master {
    path = /var/run/dovecot/auth-master
    mode = 0600
    user = vmail # User running Dovecot LDA
    group = vmail # Or alternatively mode 0660 + LDA user in this group
  }
  client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      #path = /var/run/dovecot/auth-client
      #mode = 0660
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
 
}

Отредактируем файл /etc/dovecot/dovecot-ldap.conf для авторизации пользователей ldap

hosts = localhost
auth_bind = yes
auth_bind_userdn = uid=%u,ou=Users,dc=drivesource,dc=ru
ldap_version = 3
base = ou=Users, dc=drivesource, dc=ru
 
# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
#   uid - System UID
#   gid - System GID
#   home - Home directory
#   mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/UserDatabase/ExtraFields
user_attrs =
 
# Filter for user lookup. Some variables can be used (see
# http://wiki.dovecot.org/Variables for full list):
#   %u - username
#   %n - user part in user@domain, same as %u if there's no domain
#   %d - domain part in user@domain, empty if user there's no domain
user_filter = (&(objectClass=posixAccount)(uid=%u))
 
# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 500
#user_global_gid = 500