LDAP Prostix / Cyrus IMAP
Aus MHC-Wiki
Postfix
Setup mit:
- Amavis
- Spamassasin
- Postgrey
master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 nqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m "${extension}" ${user}
# Cyrus 2.1.5 (Amos Gouaux)
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
# only used by postfix-tls
#tlsmgr fifo - - n 300 1 tlsmgr
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
smtp-amavis unix - - n - 2 lmtp
-o smtp_data_done_timeout=1200
# -o disable_dns_lookups=yes
#
# (the '-o disable_dns_lookups=yes' is no longer needed since Postfix 2.0)
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
main.cf
# see /usr/share/postfix/main.cf.dist for a commented, fuller
# version of this file.
# Do not change these directory settings - they are critical to Postfix
# operation.
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
setgid_group = postdrop
# appending .domain is the MUA's job.
append_dot_mydomain = no
smtpd_banner = mail0.mhcsoftware.de ESMTP
biff = no
# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h
smtp_helo_name = mail0.mhcsoftware.de
myhostname = server.bv
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server.bv, server, localhost, mhcsoftware.de
relayhost =
mynetworks = 127.0.0.0/8, 192.168.100.0/24
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = mhcsoftware.de
# mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
#virtual_maps = hash:/etc/postfix/virtual_domain, hash:/etc/postfix/virtual_user
# transport_maps = hash:$config_directory/transport
#SMTP Auth
#smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#smtp_sasl_security_options = noanonymous
#relayhost = mail.mhcsoftware.de
#SMTP mit SASL-Authentification verwenden
# smtp_sasl_auth_enable = yes
#Die Paßwörter stehen in der Datei /etc/postfix/smtp_auth
#smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
#Zusatz-Optionen: Keine anonyme-Anmeldung verwenden
#smtp_sasl_security_options =
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
# Der Pfad zum lmtp Socket des Imapd. Wenn der User unter dem postfix
# läuft hierauf nicht zugreifen kann, geht erst mal gar nichts!
mailbox_command = /usr/lib/cyrus/bin/deliver
#content_filter = vscan:[127.0.0.1]:10025
#content_filter = vscan:
content_filter = smtp-amavis:[127.0.0.1]:10024
# SPAM spezifisch
disable_vrfy_command = yes
smtpd_error_sleep_time = 60
smtpd_soft_error_limit = 60
smtpd_hard_error_limit = 10
default_process_limit = 3
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_client_restrictions =
reject_rbl_client relays.ordb.org
reject_rbl_client nixspam.xx
reject_rbl_client blackholes.mail-abuse.org
reject_rbl_client dialups.mail-abuse.org
reject_rbl_client relays.mail-abuse.org
smtpd_recipient_restrictions =
permit_mynetworks
warn_if_reject reject_unknown_client
warn_if_reject reject_unknown_hostname
reject_non_fqdn_hostname
reject_invalid_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unauth_destination
check_policy_service inet:127.0.0.1:60000
# check_recipient_access hash:/etc/postfix/access
# check_sender_access hash:/etc/postfix/access
# check_client_access hash:/etc/postfix/access
# SASL authenticated SMTPD
#smtpd_sasl_auth_enable = yes
#broken_sasl_auth_clients = yes
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
#smtpd_etrn_restrictions = permit_mynetworks, reject
# Virtual users
virtual_maps = hash:/etc/postfix/virtual
virtual_alias_maps = ldap:vlocal, ldap:vforward
# Delivery for Local, Local/Forward and Alias
vlocal_server_host = localhost
vlocal_search_base = dc=mhcsoftware,dc=de
vlocal_query_filter = (&(objectClass=gosaMailAccount)(gosaMailDeliveryMode=[*L*])(|(mail=%s)(gosaMailAlternateAddress=%s)))
vlocal_result_attribute = uid,gosaMailForwardingAddress,memberUid
# Delivery when Forward only
vforward_server_host = localhost
vforward_search_base = dc=mhcsoftware,dc=de
vforward_query_filter = (&(objectClass=gosaMailAccount)(!(gosaMailDeliveryMode=[*L*]))(|(mail=%s)(gosaMailAlternateAddress=%s)))
vforward_result_attribute = gosaMailForwardingAddress
Cyrus IMAP
/etc/saslauthd.conf
ldap_servers: ldap://localhost/ ldap_search_base: dc=mhcsoftware,dc=de
/etc/default/saslauthd
# This needs to be uncommented before saslauthd will be run automatically START=yes # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="ldap"
/etc/srvtab
pwcheck_method: saslauthd
Ich musste, um Sieve auf Debian Sarge zum Laufen zu bringen, den Cyrus Source 2.2.1 holen und compilieren und dann timesieved kopieren. An sonsten war es nicht möglich, gegen den timesieved zu authentisieren. Dies ist wohl ein Bug im Sarge Package.
