There is a new version of this tutorial available for Ubuntu 18.04 (Bionic Beaver).

Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Trusty Tahr 14.04 - Page 3

Step 3: Install And Configure Postfix

Before this we need to have the vmail user and its home directory.

Create the vmail user and group:

useradd vmail

By default the group vmail is created, too.

Check /etc/passwd for the actual uid and group number.

Next create the vmail directory and set ownership to the vmail user and group.

mkdir /home/vmail
mkdir /home/vmail/domains
chown -R vmail:vmail /home/vmail

Run the following command to install Postfix and other required applications:

apt install postfix postfix-ldap

You will be asked two questions. Answer as follows:

General type of mail configuration: <--Stand alone
System mail name: <-- mail.example.tld

We do not install sasl since we will use the Dovecot LDA and deliver.

Now we create the certificates for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Now we will configure postfix:

cd /etc/postfix 
mv /etc/postfix/main.cf /etc/postfix/main.cf.bck
vi /etc/postfix/main.cf

And paste the following into it. Please not that this config allows the sending (relaying) of mails by authenticated users, and also the sending of local mails (like for example to root, postmaster, ...) to the respective aliases if they are configured.

smtpd_banner = $myhostname ESMTP $mail_name
biff = no
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
 
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
 
myhostname = mail.example.tld
alias_maps = hash:/etc/aliases,
alias_database = hash:/etc/aliases
myorigin = localhost
relayhost =
mynetworks = 127.0.0.0/8
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/lib/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
#smtp_bind_address = your ip address (optional) ==>unmark and change the ip address for your setup.
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no

smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

home_mailbox = Maildir/
 
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_invalid_hostname
    reject_non_fqdn_hostname
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unauth_destination
    reject_unauth_pipelining
    reject_invalid_hostname
    reject_unknown_sender_domain
    reject_rbl_client list.dsbl.org
    reject_rbl_client cbl.abuseat.org
    reject_rhsbl_sender dsn.fc-ignorant.org

smtpd_data_restrictions =
    reject_unauth_pipelining,
    reject_multi_recipient_bounce,
    permit

smtpd_helo_required = yes
 
# transport_maps
maildrop_destination_concurrency_limit = 2
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport, ldap:/etc/postfix/ldap-transport.cf
mydestination = $transport_maps, localhost, localhost.localdomain, $myhostname, localhost.$mydomain, $mydomain

virtual_alias_maps =
    ldap:/etc/postfix/ldap-aliases.cf,
    ldap:/etc/postfix/ldap-virtualforward.cf,
    ldap:/etc/postfix/ldap-accountsmap.cf
 
# virtual accounts for delivery
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps =
    ldap:/etc/postfix/ldap-accounts.cf
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
 
local_recipient_maps = $alias_maps

recipient_bcc_maps = ldap:/etc/postfix/ldap-vacation.cf

vi /etc/postfix/master.cf

And paste the following into it (add the end):

dovecot   unix  -       n       n       -       -       pipe
         flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
gnarwl    unix  -       n       n       -       -       pipe
         flags=F  user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

 Now we need to write the different ldap-xxx.cf files

vi ldap-accounts.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=phamm,o=hosting,dc=example,dc=tld
bind_pw = readmonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailbox

vi ldap-accounstmap.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=phamm,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mail

vi ldap-aliases.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=phamm,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
result_attribute = maildrop

vi ldap-transport.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=phamm,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE)(delete=FALSE))
result_attribute = postfixTransport

vi ldap-vacation.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=phamm,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailAutoreply

vi ldap-virtualforward.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=phamm,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
result_attribute = maildrop

This concludes the postfix setup.

Share this page:

0 Comment(s)