Skip to main content

Email server with Postfix, Dovecot, and LDAP

I think I'll skip the introduction as this is mainly a note for myself

The LDAP Setup

I'm not going to cover how to setup LDAP. The setup that I'm using for this system is organized where all users are under an Organizational Unit called 'people' (ou=people,dc=organization,dc=org) with this schema:

dn: uid=user,ou=people,dc=organization,dc=org
objectClass: posixAccount
objectClass: inetOrgPerson
uid: user
homeDirectory: /home/user
userPassword: <passwordhash>


Configuring Dovecot

Add these into dovecot.conf 

mail_uid = 5000
mail_gid = 5000

auth default {
  mechanisms = plain
  passdb ldap {
          args = /etc/dovecot-ldap.pass
  }
  userdb ldap {
          args = /etc/dovecot-ldap.user
  }

  # for postfix to authenticate against
  socket listen {
        client {
          # Assuming the default Postfix $queue_directory setting
          path = /var/spool/postfix/private/auth
          mode = 0660
          # Assuming the default Postfix user and group
          user = postfix
          group = postfix
  }
}

dovecot-ldap.pass

hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
dn = uid=manager,dc=organization,dc=org
dnpass = password

dovecot-ldap.user

hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
user_attrs = homeDirectory=home
dn = uid=manager,dc=organization,dc=org
dnpass = password


Configuring Postfix

Add these into your main.cf

accounts_server_host = host.of.ldap.server
accounts_search_base = ou=people,dc=organization,dc=org
accounts_query_filter = (&(objectClass=inetOrgPerson)(mail=%s))
accounts_result_attribute = homeDirectory
accounts_result_format  =  %s/Mailbox
accounts_scope = sub
accounts_cache = yes
accounts_bind = yes
accounts_bind_dn = uid=manager,dc=organization,dc=org
accounts_bind_pw = password
accounts_version = 3

virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:accounts
virtual_mailbox_domains = organization.org

smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth

Make sure domains under virtual_mailbox_domains is not listed under mydestinations.

Thats it I think, not sure if I missed anyting.
Labels:
Post a Comment

Popular posts from this blog

Consolidated community site infrastructure on Plone

In Inigo, we believe in helping out local FOSS communities and help them grow. We help out in community events where we can, present FOSS talks, and provide some platforms for local communities to grow. One of such platform is our consolidated community site infrastructure on Plone.

The system/infra and its components was originally developed for the Fedora Malaysia website, while keeping in mind to keep it generic enough so that other communities could use the same components for their own community sites. The infra is already at a usable state, and we can add new sites easily with just a few clicks.

Features in this consolidated infra are:
Document/Content management (Plone built-in)Calendar system (powered by solgema.fullcalendar addon)Conference/BarCamp system (powered by collective.conference addon, which was developed for FUDCon Kuala Lumpur 2012)Blog (powered by Products.Scrawl)Simple yet powerful theming engine (powered by plone.app.theming/ Diazo) - Check out Diazo, you'l…
Read more

HOWTO: Mirroring Yum repositories using Yum-Utils

As promised before in one of my previous post, a Howto on how to mirror and manage yum repositories using some of the utilities in yum-utils.

The first step is, well, of course, is to get yum-utils from fedora repository
yum install yum-utils

Reposync
Reposync is a utility for mirroring and synchronizing local copy of a yum/rpmmetadata repository.

This utility is very useful if you wanted to make a yum repository mirror. Before this, I used "wget -R -np -N" but this method is a little bit tedious and it doesnt work with repos that didn't use directory listing. Plus, it also download together additional site stuff that I don't need/want and it doesn't verify checksum of the downloaded packages.

Mirroring a repo using this utility is easy, just execute this command
reposync -r <repoid> -a <arch> -n
and the repo will be mirrored in a folder with the same name of the repoid in the directory you executed the command. Eg: you executed the command in /mnt/storage/mi…
Read more

Tee'ing Python subprocess.Popen output

A little hack for python coders out there who wanted to have a functionality similar to the unix's tee command for redirecting output to multiple places.


import sys
from subprocess import Popen,PIPE
p = Popen(['put','command','and','arguments','here'],stdout=PIPE)

while True:
o = p.stdout.readline()
if o == '' and p.poll() != None: break
# the 'o' variable stores a line from the command's stdout
# do anything u wish with the 'o' variable here
# this loop will break once theres a blank output
# from stdout and the subprocess have ended
Read more