There is a new version of this tutorial available for Ubuntu 18.04 (Bionic Beaver).

Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Intrepid Ibex Server 8.10 - Page 3

Step 4: Install And Configure Postfix

Before this we need to have the vmail user and its home directory.

Create the vmail user and group:

useradd vmail

By default the group vmail is created, too.

Check /etc/passwd for the actual uid and group number.

Next create the vmail directory and set ownership to the vmail user and group.

mkdir /home/vmail
mkdir /home/vmail/domains
chown -R vmail:vmail /home/vmail

Run the following command to install Postfix and other required applications:

apt-get install postfix postfix-ldap postfix-pcre

You will be asked two questions. Answer as follows:

General type of mail configuration: <--Stand alone
System mail name: <-- mail.example.tld

Now we create the certificates for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Now we will configure postfix:

mv /etc/postfix/main.cf /etc/postfix/main.cf.bck
vi /etc/postfix/main.cf

And paste the following into it. Please not that this config allows the sending (relaying) of mails by authenticated users, and also the sending of local mails (like for example to root, postmaster, ...) to the respective aliases if they are configured.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version 
 
 
# Debian specific:  Specifying a file name will cause the first 
# line of that file to be used as the name.  The Debian default 
# is /etc/mailname. 
 
smtpd_banner = $myhostname ESMTP $mail_name 
biff = no 
 
# appending .domain is the MUA's job. 
append_dot_mydomain = no 
 
# Uncomment the next line to generate "delayed mail" warnings 
delay_warning_time = 4h 
 
# TLS parameters 
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt 
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key 
smtpd_use_tls = yes 
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache 
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache 
 
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for 
# information on enabling SSL in the smtp client. 
 
myhostname = mail.example.tld # ==> change this for your setup.
alias_maps = hash:/etc/aliases 
alias_database = hash:/etc/aliases 
myorigin = localhost 
relayhost =  
mynetworks = 127.0.0.0/8 
dovecot_destination_recipient_limit = 1 
mailbox_command =  
mailbox_size_limit = 0 
recipient_delimiter = + 
inet_interfaces = all 
inet_protocols = all 
#smtp_bind_address = your ip address (optional) ==>unmark and change the ip address for your setup.
smtpd_sasl_local_domain =  
smtpd_sasl_auth_enable = yes 
smtpd_sasl_security_options = noanonymous 
smtpd_sasl_type = dovecot 
smtpd_sasl_path = private/auth 
broken_sasl_auth_clients = yes 
smtpd_tls_auth_only = no 
smtp_use_tls = yes 
smtp_tls_note_starttls_offer = yes 
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem 
smtpd_tls_loglevel = 1 
smtpd_tls_received_header = yes 
smtpd_tls_session_cache_timeout = 3600s 
tls_random_source = dev:/dev/urandom 
home_mailbox = Maildir/ 
 
smtpd_recipient_restrictions = 
    permit_mynetworks 
    permit_sasl_authenticated 
    reject_invalid_hostname 
    reject_non_fqdn_hostname 
    reject_non_fqdn_sender 
    reject_non_fqdn_recipient 
    reject_unauth_destination 
    reject_unauth_pipelining 
    reject_invalid_hostname 
    reject_unknown_sender_domain 
    reject_rbl_client zen.spamhaus.org 
    reject_rbl_client list.dsbl.org 
    reject_rbl_client cbl.abuseat.org 
    reject_rbl_client sbl.spamhaus.org 
    reject_rbl_client pbl.spamhaus.org 
    reject_rhsbl_sender dsn.fc-ignorant.org 
smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit 
smtpd_helo_required = yes 
 
ldap_bind_dn = cn=admin,dc=example,dc=tld
ldap_bind_pw = your openldap password
ldap_search_base = o=hosting,dc=example,dc=tld 
ldap_domain = dc=example,dc=tld
ldap_server_host = localhost 
ldap_server_port = 389 
ldap_version = 3 
 
# transports 
transport_server_host = $ldap_server_host 
transport_search_base = $ldap_search_base 
transport_query_filter = (&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE)(delete=FALSE))  
transport_result_attribute = postfixTransport 
transport_cache = no 
transport_bind = yes 
transport_scope = one 
transport_bind_dn = $ldap_bind_dn 
transport_bind_pw = $ldap_bind_pw 
transport_version = $ldap_version 
 
# aliases 
aliases_server_host = $ldap_server_host 
aliases_search_base = $ldap_search_base 
aliases_query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE)) 
aliases_result_attribute = maildrop 
aliases_bind = yes 
aliases_cache = no 
aliases_bind_dn = $ldap_bind_dn 
aliases_bind_pw = $ldap_bind_pw 
aliases_version = $ldap_version 
 
# VirtualForward 
virtualforward_server_host = $ldap_server_host 
virtualforward_search_base = $ldap_search_base 
virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE)) 
virtualforward_result_attribute = maildrop 
virtualforward_bind = yes 
virtualforward_cache = no 
virtualforward_bind_dn = $ldap_bind_dn 
virtualforward_bind_pw = $ldap_bind_pw 
virtualforward_version = $ldap_version 
 
# Accounts 
accounts_server_host = $ldap_server_host 
accounts_search_base = $ldap_search_base 
accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE)) 
accounts_result_attribute = mailbox 
accounts_cache = no 
accounts_bind = yes 
accounts_bind_dn = $ldap_bind_dn 
accounts_bind_pw = $ldap_bind_pw 
accounts_version = $ldap_version 
 
accountsmap_server_host = $ldap_server_host 
accountsmap_search_base = $ldap_search_base 
accountsmap_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE)) 
accountsmap_result_attribute = mail 
accountsmap_cache = no 
accountsmap_bind = yes 
accountsmap_bind_dn = $ldap_bind_dn 
accountsmap_bind_pw = $ldap_bind_pw 
accountsmap_version = $ldap_version 
 
# virtual quota 
quota_server_host = $ldap_server_host 
quota_search_base = $ldap_search_base 
quota_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE)(delete=FALSE)) 
quota_result_attribute = quota 
quota_cache = no 
quota_bind = yes 
quota_bind_dn = $ldap_bind_dn 
quota_bind_pw = $ldap_bind_pw 
quota_version = $ldap_version 
 
# Mail to reply for gnarwl and mail to forward during vacation 
recipient_bcc_maps = ldap:vfm 
vfm_server_host = $ldap_server_host 
vfm_search_base = $ldap_search_base 
vfm_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE)) 
vfm_result_attribute = mailAutoreply 
vfm_cache = no 
vfm_bind = yes 
vfm_bind_dn = $ldap_bind_dn 
vfm_bind_pw = $ldap_bind_pw 
vfm_version = $ldap_version 
 
# transport_maps 
maildrop_destination_concurrency_limit = 2  
maildrop_destination_recipient_limit = 1 
gnarwl_destination_concurrency_limit = 1  
gnarwl_destination_recipient_limit = 1 
transport_maps = hash:/etc/postfix/transport, ldap:transport 
mydestination = $transport_maps, localhost, localhost.localdomain, $myhostname, localhost.$mydomain, $mydomain 
#virtual_alias_maps = hash:/etc/postfix/virtual, ldap:virtualforward, ldap:aliases, ldap:accountsmap 
virtual_alias_maps = ldap:virtualforward, ldap:aliases, ldap:accountsmap 
 
# virtual accounts for delivery 
virtual_mailbox_base = /home/vmail 
virtual_mailbox_maps = ldap:accounts 
virtual_minimum_uid = 1000  
virtual_uid_maps = static:1000 
virtual_gid_maps = static:1000 
 
$virtual_mailbox_maps 
local_recipient_maps = $alias_maps
vi /etc/postfix/master.cf

And paste the following into it (add the end):

dovecot   unix  -       n       n       -       -       pipe
         flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient)
gnarwl    unix  -       n       n       -       -       pipe
         flags=F  user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

This concludes the Postfix configuration.

Share this page:

1 Comment(s)