![]() ![]() ĭescription=Bind /etc/ldap/tls/CA.pem to /var/spool/postfix/etc/ldap/tls/CA.pem Create /etc/systemd/system/ with following content. This can be achieved with a systemd mount unit. To counter this problem, create /var/spool/postfix/etc/ldap/tls/ and either copy /etc/ldap/tls/CA.pem to this directory, or create a bind mount to make the CA certificate available in both mkdir -p touch mount -bind /etc/ldap/tls/CA.pem /var/spool/postfix/etc/ldap/tls/CA.pemīe aware that this won't persist through reboots, so make sure to bind the directory before postfix is started. Since the files contain credentials for binding to the directory make sure to set proper file chown postfix:postfix chmod 400 /etc/postfix/ldap/*Īnother problem to solve is that postfix will run in a chrooted environment ( /var/spool/postfix) and will not be conscious about the CA certificate /etc/ldap/tls/CA.pem needed to validate the server's certificate. If lookups don't work as expected, set debuglevel = -1 in the map definition and review the output when running postmap. ![]() , postmap -q postmap -q postmap -q ldap:/etc/postfix/ldap/smtpd_sender_login ![]() Here is some sample output for the user created for postmap -q ldap:/etc/postfix/ldap/virtual_alias_domains You can test the mapping with the postmap command. Result_attribute = uidNumber smtpd_sender_login_maps query_filter = (|(mailacceptinggeneralid=%s)(maildrop=%s)) Result_format = %s/mailbox/ virtual_uid_maps query_filter = maildrop=%s Result_attribute = maildrop virtual_mailbox_maps query_filter = maildrop=%s Result_format = %d virtual_alias_maps query_filter = mailacceptinggeneralid=%s Virtual_alias_domains query_filter = mailacceptinggeneralid This needs to be included into all files in /etc/postfix/ldap listed next. This will connect to the LDAP directory using TLS and check the validity of the certificate provided by the peer. The connection information for your LDAP directory is common to all maps and can be copied to the top of all of them.īind_dn = cn=mailAccountReader,ou=Manager,dc=example,dc=com Since the files in this directory will contain your LDAP credentials, set its owner to postfix:postfix and its mode to 0100. ![]() Make sure that anonymous LDAP accounts are allowed to authenticate against their userPassword, since this mechanism will be used by Dovecot to authenticate clients.ĭomain part of an address if this is a hosted domain, nothing otherwiseĪddress in form in form in form to mail directoryĪddress in from UID to be used for mail directoryĪddress in form username allowed to use this sender addressĬreate a directory /etc/postfix/ldap to keep all map definitions in one place. To dn.subtree="ou=Mail,dc=example,dc=com"īy dn.base="cn=mailAccountReader,ou=Manager,dc=example,dc=com" read Userpassword: GY6RPlSGKI7SPKnnT7i/ktb/3JGmCHLT Make sure not to use any UID or GID used by another user or process.ĭn: uid=mail000,ou=Mail,dc=example,dc=com To create a hashed password, use slappasswd. ou=Mail,dc=example,dc=com.Ĭreate a mail account that can be used for testing purposes when configuring postfix and dovecot. To keep mail users seperate from others and allow privilege seperation in your directory, you might want to store them within an organizationalUnit e.g. SQUIRRELMAIL AUTHENTICATED USER INSTALLTo install the postfixUser scheme, download the LDIF to your LDAP host and add it to wget -O postfix.ldif ldapadd -ZZ -x -W -D cn=admin,cn=config -H ldap:// -f postfix.ldif Maildrop to set one or more final destinations for mail sent to the given aliases ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |