Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Kamic Koala 9.10 - Page 2
This tutorial exists for these OS versions
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 14.04 LTS (Trusty Tahr)
- Ubuntu 9.10 (Karmic Koala)
- Ubuntu 8.10 (Intrepid Ibex)
- Ubuntu 8.04 (Hardy Heron)
On this page
Step 3: Install And Configure Postfix
Before this we need to have the vmail user and its home directory.
Create the vmail user and group:
useradd vmail
By default the group vmail is created, too.
Check /etc/passwd for the actual uid and group number.
Next create the vmail directory and set ownership to the vmail user and group.
mkdir /home/vmail
mkdir /home/vmail/domains
chown -R vmail:vmail /home/vmail
Run the following command to install Postfix and other required applications:
aptitude install postfix postfix-ldap libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin
You will be asked two questions. Answer as follows:
General type of mail configuration: <--Stand alone
System mail name: <-- mail.example.tld
Now we create the certificates for TLS:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Now we will configure postfix:
mv /etc/postfix/main.cf /etc/postfix/main.cf.bck
vi /etc/postfix/main.cf
And paste the following into it. Please not that this config allows the sending (relaying) of mails by authenticated users, and also the sending of local mails (like for example to root, postmaster, ...) to the respective aliases if they are configured.
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. smtpd_banner = $myhostname ESMTP $mail_name biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.example.tld # ==> change this for your setup. alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = localhost relayhost = mynetworks = 127.0.0.0/8 dovecot_destination_recipient_limit = 1 mailbox_command = /usr/lib/deliver mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all #smtp_bind_address = your ip address (optional) ==>unmark and change the ip address for your setup. smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom home_mailbox = Maildir/ smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_invalid_hostname reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_unknown_sender_domain reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org reject_rbl_client cbl.abuseat.org reject_rbl_client sbl.spamhaus.org reject_rbl_client pbl.spamhaus.org reject_rhsbl_sender dsn.fc-ignorant.org smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_helo_required = yes ldap_bind_dn = cn=phamm,o=hosting,dc=example,dc=tld #==> Change this to the readonly user you created if not the default ldap_bind_pw = the phamm user password ldap_search_base = o=hosting,dc=example,dc=tld ldap_domain = dc=example,dc=tld ldap_server_host = localhost ldap_server_port = 389 ldap_version = 3 # transports transport_server_host = $ldap_server_host transport_search_base = $ldap_search_base transport_query_filter = (&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE)(delete=FALSE)) transport_result_attribute = postfixTransport transport_cache = no transport_bind = yes transport_scope = one transport_bind_dn = $ldap_bind_dn transport_bind_pw = $ldap_bind_pw transport_version = $ldap_version # aliases aliases_server_host = $ldap_server_host aliases_search_base = $ldap_search_base aliases_query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE)) aliases_result_attribute = maildrop aliases_bind = yes aliases_cache = no aliases_bind_dn = $ldap_bind_dn aliases_bind_pw = $ldap_bind_pw aliases_version = $ldap_version # VirtualForward virtualforward_server_host = $ldap_server_host virtualforward_search_base = $ldap_search_base virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE)) virtualforward_result_attribute = maildrop virtualforward_bind = yes virtualforward_cache = no virtualforward_bind_dn = $ldap_bind_dn virtualforward_bind_pw = $ldap_bind_pw virtualforward_version = $ldap_version # Accounts accounts_server_host = $ldap_server_host accounts_search_base = $ldap_search_base accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE)) accounts_result_attribute = mailbox accounts_cache = no accounts_bind = yes accounts_bind_dn = $ldap_bind_dn accounts_bind_pw = $ldap_bind_pw accounts_version = $ldap_version accountsmap_server_host = $ldap_server_host accountsmap_search_base = $ldap_search_base accountsmap_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE)) accountsmap_result_attribute = mail accountsmap_cache = no accountsmap_bind = yes accountsmap_bind_dn = $ldap_bind_dn accountsmap_bind_pw = $ldap_bind_pw accountsmap_version = $ldap_version # virtual quota quota_server_host = $ldap_server_host quota_search_base = $ldap_search_base quota_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE)(delete=FALSE)) quota_result_attribute = quota quota_cache = no quota_bind = yes quota_bind_dn = $ldap_bind_dn quota_bind_pw = $ldap_bind_pw quota_version = $ldap_version # Mail to reply for gnarwl and mail to forward during vacation recipient_bcc_maps = ldap:vfm vfm_server_host = $ldap_server_host vfm_search_base = $ldap_search_base vfm_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE)) vfm_result_attribute = mailAutoreply vfm_cache = no vfm_bind = yes vfm_bind_dn = $ldap_bind_dn vfm_bind_pw = $ldap_bind_pw vfm_version = $ldap_version # transport_maps maildrop_destination_concurrency_limit = 2 maildrop_destination_recipient_limit = 1 gnarwl_destination_concurrency_limit = 1 gnarwl_destination_recipient_limit = 1 transport_maps = hash:/etc/postfix/transport, ldap:transport mydestination = $transport_maps, localhost, localhost.localdomain, $myhostname, localhost.$mydomain, $mydomain virtual_alias_maps = ldap:virtualforward, ldap:aliases, ldap:accountsmap # virtual accounts for delivery virtual_mailbox_base = /home/vmail virtual_mailbox_maps = ldap:accounts virtual_minimum_uid = 1000 #==> Change this and below to the actual uid / gid number of the vmail user. virtual_uid_maps = static:1000 virtual_gid_maps = static:1000 local_recipient_maps = $alias_maps
vi /etc/postfix/master.cf
And paste the following into it (add the end):
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} gnarwl unix - n n - - pipe flags=F user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}
This concludes the Postfix configuration.