Email server with Postfix, Dovecot, and LDAP

-
I think I'll skip the introduction as this is mainly a note for myself

The LDAP Setup

I'm not going to cover how to setup LDAP. The setup that I'm using for this system is organized where all users are under an Organizational Unit called 'people' (ou=people,dc=organization,dc=org) with this schema:

dn: uid=user,ou=people,dc=organization,dc=org
objectClass: posixAccount
objectClass: inetOrgPerson
uid: user
homeDirectory: /home/user
userPassword: <passwordhash>


Configuring Dovecot

Add these into dovecot.conf 

mail_uid = 5000
mail_gid = 5000

auth default {
  mechanisms = plain
  passdb ldap {
          args = /etc/dovecot-ldap.pass
  }
  userdb ldap {
          args = /etc/dovecot-ldap.user
  }

  # for postfix to authenticate against
  socket listen {
        client {
          # Assuming the default Postfix $queue_directory setting
          path = /var/spool/postfix/private/auth
          mode = 0660
          # Assuming the default Postfix user and group
          user = postfix
          group = postfix
  }
}

dovecot-ldap.pass

hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
dn = uid=manager,dc=organization,dc=org
dnpass = password

dovecot-ldap.user

hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
user_attrs = homeDirectory=home
dn = uid=manager,dc=organization,dc=org
dnpass = password


Configuring Postfix

Add these into your main.cf

accounts_server_host = host.of.ldap.server
accounts_search_base = ou=people,dc=organization,dc=org
accounts_query_filter = (&(objectClass=inetOrgPerson)(mail=%s))
accounts_result_attribute = homeDirectory
accounts_result_format  =  %s/Mailbox
accounts_scope = sub
accounts_cache = yes
accounts_bind = yes
accounts_bind_dn = uid=manager,dc=organization,dc=org
accounts_bind_pw = password
accounts_version = 3

virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:accounts
virtual_mailbox_domains = organization.org

smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth

Make sure domains under virtual_mailbox_domains is not listed under mydestinations.

Thats it I think, not sure if I missed anyting.

Comments

Post a Comment

Popular posts from this blog

Announcing PlatoCDP, a Plone distribution for enterprises.

-
Image
Announcing the first release of PlatoCDP Plone distribution . A Plone distribution with the goal of attempting to build a more supportable, enterprise-ready, document management and content management  solution for government and enterprises. The ideal aim is to develop improvements on the distribution so that it will be a viable alternative to Sharepoint. So what is it exactly? An enterprise Plone distribution - that is, an integrated product which includes Plone, selected Plone add-ons, 3rd party softwares and integration/automation improvements to deliver an enterprise ready product for customers. Is it a rebrand of Plone? - It is an enterprise distribution product. PlatoCDP to Plone is like RHEL to Fedora. It is not a mere rebrand. PlatoCDP includes core Plone, additional components from the collective and its own improvements. We engage on packaging, certification and development activities to make the whole stack supportable for enterprises. These components
Read more

Adding simple popup to Plone frontpage

-
Here is a little guide for those who want to add a simple popup to the Plone frontpage for some purpose (eg: announcements, advertisements, etc). Create a basic html file containing the content you want to appear in the popup. Upload it into $PLONE_SITE/portal_skins/custom (as Page Template) and for the sake of this example, name it popup.html Afterward, create a Javascript file with your Pop-Up loader script. For example , this script: function popup(mylink, windowname) { if (! window.focus)return true; var href; if (typeof(mylink) == 'string') href=mylink; else href=mylink.href; window.open(href, windowname, 'width=220,height=400,scrollbars=no'); return false; }; popup('popup.html', 'My Popup'); Also upload this file into $PLONE_SITE/portal_skins/custom (as Page Template too). For this example, name it as popup.js Afterward, in $PLONE_SITE/portal_javascripts , add popup.js as a new s
Read more

An Open Letter for the Rector of PETRONAS University of Technology

-
DISCLAIMER: THIS OPEN LETTER IS MY OWN OPINION, FROM MY OWN POINT OF VIEW OF LOOKING AT THE CURRENT STATE OF AFFAIRS IN UTP. IT DOES NOT REPRESENT UTP STUDENTS AS A WHOLE, NEITHER IT TRIES TO REPRESENT THEM. SOME MIGHT NOT AGREE, SOME MIGHT, BUT I BELIEVE THOSE WHO LIVED DURING THE TRADITIONAL LEGACY OF UTPCHAT AND THOSE WHO ARE INVOLVED IN THE COMMUNITY ONCE SURROUNDING UTPCHAT AND GRAPEVINE WOULD AGREE TO SOME, IF NOT ALL, OF MY POINTS BELOW. Dear Datuk Dr Zainal Abidin Haji Kasim, I am Mohd Izhar Firdaus Ismail (ID 7857), an ICT student in UTP from batch Jan2005, and also one of the active UTPchat IRCOperators. I am writing this because I feel like UTP action of forcing UTPchat to it knees several semesters ago is giving a bad impact on community life in UTP. A bad impact which caused UTP to waste the potential of the (so-called) 'cream de la cream' which UTP have grabbed early after their SPM examination. UTPchat IRC Network, existed originally around more than 10 years
Read more