old blog,

Email server with Postfix, Dovecot, and LDAP

Izhar Firdaus Izhar Firdaus Follow Support Oct 03, 2011 · 1 min read
Email server with Postfix, Dovecot, and LDAP
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
I think I'll skip the introduction as this is mainly a note for myself

The LDAP Setup

I'm not going to cover how to setup LDAP. The setup that I'm using for this system is organized where all users are under an Organizational Unit called 'people' (ou=people,dc=organization,dc=org) with this schema:

dn: uid=user,ou=people,dc=organization,dc=org
objectClass: posixAccount
objectClass: inetOrgPerson
uid: user
homeDirectory: /home/user
userPassword: <passwordhash>

Configuring Dovecot

Add these into dovecot.conf

mail_uid = 5000
mail_gid = 5000

auth default {
mechanisms = plain
passdb ldap {
args = /etc/dovecot-ldap.pass
userdb ldap {
args = /etc/dovecot-ldap.user

# for postfix to authenticate against
socket listen {
client {
# Assuming the default Postfix $queue_directory setting
path = /var/spool/postfix/private/auth
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix


hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
dn = uid=manager,dc=organization,dc=org
dnpass = password


hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
user_attrs = homeDirectory=home
dn = uid=manager,dc=organization,dc=org
dnpass = password

Configuring Postfix

Add these into your main.cf

accounts_server_host = host.of.ldap.server
accounts_search_base = ou=people,dc=organization,dc=org
accounts_query_filter = (&(objectClass=inetOrgPerson)(mail=%s))
accounts_result_attribute = homeDirectory
accounts_result_format = %s/Mailbox
accounts_scope = sub
accounts_cache = yes
accounts_bind = yes
accounts_bind_dn = uid=manager,dc=organization,dc=org
accounts_bind_pw = password
accounts_version = 3

virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:accounts
virtual_mailbox_domains = organization.org

smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth

Make sure domains under virtual_mailbox_domains is not listed under mydestinations.

Thats it I think, not sure if I missed anyting.
Written by Izhar Firdaus Follow Support
I'm a system architect, data engineer and developer advocate with passion in Free / Open Source software, entrepreneurship, community building, education and martial art. I take enjoyment in bridging and bringing together different FOSS technologies to help businesses and organizations utilize IT infrastructure to aid and optimize their business and organizational process.

Radiate: A simple push server for SocketIO (alpha)

Based on my previous post on WebSocket server using Tornado, I've hacked the code more to be a SocketIO server instead of just WebSoc...

In old blog, Oct 03, 2011

« Previous Post

A simple demo application using collective.trajectory

Last week I wrote about a Plone library called collective.trajectory which allows you to do url routing on Plone content type. Back t...

In old blog, Oct 04, 2011

Next Post »