There is a new version of this tutorial available for Ubuntu 18.04 (Bionic Beaver).

Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Kamic Koala 9.10 - Page 2

Step 3: Install And Configure Postfix

Before this we need to have the vmail user and its home directory.

Create the vmail user and group:

useradd vmail

By default the group vmail is created, too.

Check /etc/passwd for the actual uid and group number.

Next create the vmail directory and set ownership to the vmail user and group.

mkdir /home/vmail
mkdir /home/vmail/domains
chown -R vmail:vmail /home/vmail

Run the following command to install Postfix and other required applications:

aptitude install postfix postfix-ldap libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin

You will be asked two questions. Answer as follows:

General type of mail configuration: <--Stand alone
System mail name: <-- mail.example.tld

Now we create the certificates for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Now we will configure postfix:

mv /etc/postfix/main.cf /etc/postfix/main.cf.bck
vi /etc/postfix/main.cf

And paste the following into it. Please not that this config allows the sending (relaying) of mails by authenticated users, and also the sending of local mails (like for example to root, postmaster, ...) to the respective aliases if they are configured.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
 
 
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
 
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
 
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
 
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
 
myhostname = mail.example.tld # ==> change this for your setup.
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = localhost
relayhost = 
mynetworks = 127.0.0.0/8
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/lib/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
#smtp_bind_address = your ip address (optional) ==>unmark and change the ip address for your setup.
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
 
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_invalid_hostname
    reject_non_fqdn_hostname
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unauth_destination
    reject_unauth_pipelining
    reject_invalid_hostname
    reject_unknown_sender_domain
    reject_rbl_client zen.spamhaus.org
    reject_rbl_client list.dsbl.org
    reject_rbl_client cbl.abuseat.org
    reject_rbl_client sbl.spamhaus.org
    reject_rbl_client pbl.spamhaus.org
    reject_rhsbl_sender dsn.fc-ignorant.org
smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_helo_required = yes
 
ldap_bind_dn = cn=phamm,o=hosting,dc=example,dc=tld #==> Change this to the readonly user you created if not the default
ldap_bind_pw = the phamm user password
ldap_search_base = o=hosting,dc=example,dc=tld
ldap_domain = dc=example,dc=tld
ldap_server_host = localhost
ldap_server_port = 389
ldap_version = 3
 
# transports
transport_server_host = $ldap_server_host
transport_search_base = $ldap_search_base
transport_query_filter = (&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE)(delete=FALSE)) 
transport_result_attribute = postfixTransport
transport_cache = no
transport_bind = yes
transport_scope = one
transport_bind_dn = $ldap_bind_dn
transport_bind_pw = $ldap_bind_pw
transport_version = $ldap_version
 
# aliases
aliases_server_host = $ldap_server_host
aliases_search_base = $ldap_search_base
aliases_query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
aliases_result_attribute = maildrop
aliases_bind = yes
aliases_cache = no
aliases_bind_dn = $ldap_bind_dn
aliases_bind_pw = $ldap_bind_pw
aliases_version = $ldap_version
 
# VirtualForward
virtualforward_server_host = $ldap_server_host
virtualforward_search_base = $ldap_search_base
virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
virtualforward_result_attribute = maildrop
virtualforward_bind = yes
virtualforward_cache = no
virtualforward_bind_dn = $ldap_bind_dn
virtualforward_bind_pw = $ldap_bind_pw
virtualforward_version = $ldap_version
 
# Accounts
accounts_server_host = $ldap_server_host
accounts_search_base = $ldap_search_base
accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
accounts_result_attribute = mailbox
accounts_cache = no
accounts_bind = yes
accounts_bind_dn = $ldap_bind_dn
accounts_bind_pw = $ldap_bind_pw
accounts_version = $ldap_version
 
accountsmap_server_host = $ldap_server_host
accountsmap_search_base = $ldap_search_base
accountsmap_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
accountsmap_result_attribute = mail
accountsmap_cache = no
accountsmap_bind = yes
accountsmap_bind_dn = $ldap_bind_dn
accountsmap_bind_pw = $ldap_bind_pw
accountsmap_version = $ldap_version
 
# virtual quota
quota_server_host = $ldap_server_host
quota_search_base = $ldap_search_base
quota_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE)(delete=FALSE))
quota_result_attribute = quota
quota_cache = no
quota_bind = yes
quota_bind_dn = $ldap_bind_dn
quota_bind_pw = $ldap_bind_pw
quota_version = $ldap_version
 
# Mail to reply for gnarwl and mail to forward during vacation
recipient_bcc_maps = ldap:vfm
vfm_server_host = $ldap_server_host
vfm_search_base = $ldap_search_base
vfm_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
vfm_result_attribute = mailAutoreply
vfm_cache = no
vfm_bind = yes
vfm_bind_dn = $ldap_bind_dn
vfm_bind_pw = $ldap_bind_pw
vfm_version = $ldap_version
 
# transport_maps
maildrop_destination_concurrency_limit = 2 
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1 
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport, ldap:transport
mydestination = $transport_maps, localhost, localhost.localdomain, $myhostname, localhost.$mydomain, $mydomain
virtual_alias_maps = ldap:virtualforward, ldap:aliases, ldap:accountsmap
 
# virtual accounts for delivery
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 1000  #==> Change this and below to the actual uid / gid number of the vmail user.
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
 
local_recipient_maps = $alias_maps
vi /etc/postfix/master.cf

And paste the following into it (add the end):

dovecot   unix  -       n       n       -       -       pipe
         flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
gnarwl    unix  -       n       n       -       -       pipe
         flags=F  user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

This concludes the Postfix configuration.

Share this page:

2 Comment(s)