Добавим учетные записи для работы с виртуальными почтовыми ящиками
groupadd -g 500 vmail useradd -g vmail -u 500 vmail mkdir /var/vmail chown vmail.vmail /var/vmail
Устанавливаем postfix
apt-get update apt-get install postfix postfix-ldap
Запустить конфигуратор дебиана
dpkg-reconfigure postfix
При установке пакетов отвечаем на вопросы конфигуратора
Добавляем в основной файл конфигурации /etc/postfix/main.cf
# basic protection smtpd_helo_required = yes strict_rfc821_envelopes = yes smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_hostname smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination virtual_mailbox_domains = drivesource.ru virtual_alias_maps = hash:/etc/postfix/virtual_alias virtual_mailbox_maps = ldap:/etc/postfix/ldap-aliases.cf virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # SASL authentication smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth
Запишем в файл /etc/postfix/ldap-aliases.cf следующую конфигурацию
server_host = localhost search_base = ou=Users,dc=drivesource, dc=ru query_filter = uid=%u result_attribute = uid
В конфигурацию транспорта /etc/postfix/master.cf
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}
Устанавливаем dovecot
apt-get update apt-get install dovecot-common dovecot-imapd
Отредактируем основной файл конфигурации /etc/dovecot/dovecot.conf
# Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. disable_plaintext_auth = no mail_location = maildir:/var/vmail/%u # System user and group used to access mails. If you use multiple, userdb # can override these by returning uid or gid fields. You can use either numbers # or names. <doc/wiki/UserIds> mail_uid = 500 mail_gid = 500 protocol lda { sendmail_path = /usr/lib/sendmail auth_socket_path = /var/run/dovecot/auth-master } # заблокировать системные учетные записи #passdb pam { #} passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } # заблокировать системные учетные записи #userdb passwd { #} userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } ## dovecot-lda specific settings ## socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail # User running Dovecot LDA group = vmail # Or alternatively mode 0660 + LDA user in this group } client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. #path = /var/run/dovecot/auth-client #mode = 0660 path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } }
Отредактируем файл /etc/dovecot/dovecot-ldap.conf для авторизации пользователей ldap
hosts = localhost auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=drivesource,dc=ru ldap_version = 3 base = ou=Users, dc=drivesource, dc=ru # User attributes are given in LDAP-name=dovecot-internal-name list. The # internal names are: # uid - System UID # gid - System GID # home - Home directory # mail - Mail location # # There are also other special fields which can be returned, see # http://wiki.dovecot.org/UserDatabase/ExtraFields user_attrs = # Filter for user lookup. Some variables can be used (see # http://wiki.dovecot.org/Variables for full list): # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if user there's no domain user_filter = (&(objectClass=posixAccount)(uid=%u)) # You can use same UID and GID for all user accounts if you really want to. # If the UID/GID is still found from LDAP reply, it overrides these values. #user_global_uid = 500 #user_global_gid = 500