Email server with Postfix, Dovecot, and LDAP

-
I think I'll skip the introduction as this is mainly a note for myself

The LDAP Setup

I'm not going to cover how to setup LDAP. The setup that I'm using for this system is organized where all users are under an Organizational Unit called 'people' (ou=people,dc=organization,dc=org) with this schema:

dn: uid=user,ou=people,dc=organization,dc=org
objectClass: posixAccount
objectClass: inetOrgPerson
uid: user
homeDirectory: /home/user
userPassword: <passwordhash>


Configuring Dovecot

Add these into dovecot.conf 

mail_uid = 5000
mail_gid = 5000

auth default {
  mechanisms = plain
  passdb ldap {
          args = /etc/dovecot-ldap.pass
  }
  userdb ldap {
          args = /etc/dovecot-ldap.user
  }

  # for postfix to authenticate against
  socket listen {
        client {
          # Assuming the default Postfix $queue_directory setting
          path = /var/spool/postfix/private/auth
          mode = 0660
          # Assuming the default Postfix user and group
          user = postfix
          group = postfix
  }
}

dovecot-ldap.pass

hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
dn = uid=manager,dc=organization,dc=org
dnpass = password

dovecot-ldap.user

hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
user_attrs = homeDirectory=home
dn = uid=manager,dc=organization,dc=org
dnpass = password


Configuring Postfix

Add these into your main.cf

accounts_server_host = host.of.ldap.server
accounts_search_base = ou=people,dc=organization,dc=org
accounts_query_filter = (&(objectClass=inetOrgPerson)(mail=%s))
accounts_result_attribute = homeDirectory
accounts_result_format  =  %s/Mailbox
accounts_scope = sub
accounts_cache = yes
accounts_bind = yes
accounts_bind_dn = uid=manager,dc=organization,dc=org
accounts_bind_pw = password
accounts_version = 3

virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:accounts
virtual_mailbox_domains = organization.org

smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth

Make sure domains under virtual_mailbox_domains is not listed under mydestinations.

Thats it I think, not sure if I missed anyting.

Comments

Post a Comment

Popular posts from this blog

Tee'ing Python subprocess.Popen output

-
A little hack for python coders out there who wanted to have a functionality similar to the unix's tee command for redirecting output to multiple places.


import sys
from subprocess import Popen,PIPE
p = Popen(['put','command','and','arguments','here'],stdout=PIPE)

while True:
o = p.stdout.readline()
if o == '' and p.poll() != None: break
# the 'o' variable stores a line from the command's stdout
# do anything u wish with the 'o' variable here
# this loop will break once theres a blank output
# from stdout and the subprocess have ended
Read more

Announcing PlatoCDP, a Plone distribution for enterprises.

-
Image
Announcing the first release of PlatoCDP Plone distribution. A Plone distribution with the goal of attempting to build a more supportable, enterprise-ready, document management and content management  solution for government and enterprises. The ideal aim is to develop improvements on the distribution so that it will be a viable alternative to Sharepoint.
So what is it exactly?
An enterprise Plone distribution - that is, an integrated product which includes Plone, selected Plone add-ons, 3rd party softwares and integration/automation improvements to deliver an enterprise ready product for customers.Is it a rebrand of Plone? - It is an enterprise distribution product. PlatoCDP to Plone is like RHEL to Fedora. It is not a mere rebrand. PlatoCDP includes core Plone, additional components from the collective and its own improvements. We engage on packaging, certification and development activities to make the whole stack supportable for enterprises. These components of the dist…
Read more

Consolidated community site infrastructure on Plone

-
In Inigo, we believe in helping out local FOSS communities and help them grow. We help out in community events where we can, present FOSS talks, and provide some platforms for local communities to grow. One of such platform is our consolidated community site infrastructure on Plone.

The system/infra and its components was originally developed for the Fedora Malaysia website, while keeping in mind to keep it generic enough so that other communities could use the same components for their own community sites. The infra is already at a usable state, and we can add new sites easily with just a few clicks.

Features in this consolidated infra are:
Document/Content management (Plone built-in)Calendar system (powered by solgema.fullcalendar addon)Conference/BarCamp system (powered by collective.conference addon, which was developed for FUDCon Kuala Lumpur 2012)Blog (powered by Products.Scrawl)Simple yet powerful theming engine (powered by plone.app.theming/ Diazo) - Check out Diazo, you'l…
Read more