ubnt ldap psfx.pdf
TRANSCRIPT
-
8/14/2019 ubnt ldap psfx.pdf
1/5
Sommaire
Introduction1.Installation
SASL1.General2.IMAP3.LDA4.Plugins5.
2.
Postfix3.Testing4.
PartnersSupportCommunityUbuntu.com
Login to edit
Search
Postfix/DovecotLDAP
Introduction
Dovecot is an open source IMAP and POP3 server forLinux/UNIX-like systems, written with security primarily inmind. Dovecot is an excellent choice for both small and largeinstallations. It's fast, simple to set up, requires no specialadministration and it uses very little memory.
Installation
This guide will help you set up a complete email server using
Postfix as MTA, OpenLDAP as a back-end for users, and Dovecot for SASL authentication, LDA andIMAP server.
This guide assumes you already have installed Postfix and OpenLDAP (on localhost) (with it's directorystructure and users). If not, you won't find explications here on how to get those (please search this wiki onhow to set up Postfix and LDAP). This guide explains in details how to integrate all the above services withDovecot in order to get the multi user mail server.
To continue, please use your favorite package manager and install dovecot .
sudo apt-get install dovecot
SASL
First let's us set-up SASL authentication. Check out PostfixDovecotSASL page to get it done. Next, to useDovecot for delivery (LDA), we'll have to add the following to the dovecot.conf
socket listen { master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. path = /var/run/dovecot/auth-master
x/DovecotLDAP - Community Ubuntu Documentation https://help.ubuntu.com/community/Post x/Dovecot
5 19/10/2013 22:
-
8/14/2019 ubnt ldap psfx.pdf
2/5
mode = 0660 # Default user/group is the one who started dovecot-auth (root) user = mail group = mail } client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/spool/postfix/private/auth
mode = 0660 user = postfix group = postfix } }
General
To enable imap ( you can also enable imaps, just add ssl_cert_file , ssl_key_file andssl_ca_file values to dovecot.conf ), add the following:
# Here you can add imapsprotocols = imap# Allow postfix to access login processlogin_user = postfix# Add a login greetinglogin_greeting = Dovecot IMAP server!
Our user's home folder will be taken from LDAP, so we should consider this when setting up the maillocation for users:
# I found it's the best to go this way, in order to preserve a logical directory structuremail_location = maildir:~/Maildir
Considering the homefolder path and the LDAP base, don't forget to give the right permission to the folderwhere user's home folder will be created. If LDAP users are in group users then
sudo chgrp users /homesudo chmod 775 /home
should solve the permissions problem.
I advise you add
mail_full_filesystem_access = no
to the dovecot.conf in order to maintain the security level of you system.
For security you should also know the minimum uid and gid of the LDAP users, that value should be usedat
first_valid_uid = 2000last_valid_uid = 0first_valid_gid = 2000last_valid_gid = 0
Also due to performance issues, it is recommended to set up
maildir_copy_with_hardlinks = no
Because LDAP users may not be written in a standard way, I recommend you using
x/DovecotLDAP - Community Ubuntu Documentation https://help.ubuntu.com/community/Post x/Dovecot
5 19/10/2013 22:
-
8/14/2019 ubnt ldap psfx.pdf
3/5
auth_username_format = %Lu
this will convert to lowercase usernames.
If you decided to use imaps and your certificates are self signed, consider using this
ssl_require_client_cert = no
IMAP
At IMAP settings (protocol imap) add the right imap and imap-login
login_executable = /usr/lib/dovecot/imap-loginmail_executable = /usr/lib/dovecot/imap
You might consider using several plugins like quota for example, then add those at
mail_plugins = quota imap_quota
And finally I advise you to enable dovecot's workarounds in order to make it perfectly compatible to mostof the IMAP clients
imap_client_workarounds = outlook-idle delay-newmail netscape-eoh tb-extra-mailbox-sep
LDA
At LDA specific settings (protocol lda) add the basics ( I included quota cause I included it in IMAPsettings )
postmaster_address = [email protected]_plugins = quotasendmail_path = /usr/lib/sendmail
Check SASL in order to use this
auth_socket_path = /var/run/dovecot/auth-master
And finally, I recommend you setting up the logs, at least until your system will not be 100% working. Thislogs helped me a lot!
log_path = /var/log/dovecot-deliver.loginfo_log_path = /var/log/dovecot-deliver.log
Plugins
In order to use plugins settings (our case quotas), add this
plugin { quota = maildir quota_rule = *:storage=50M quota_rule2 = Trash:storage=10%% quota_rule3 = Spam:storage=20%%}
Postfix
x/DovecotLDAP - Community Ubuntu Documentation https://help.ubuntu.com/community/Post x/Dovecot
5 19/10/2013 22:
-
8/14/2019 ubnt ldap psfx.pdf
4/5
-
8/14/2019 ubnt ldap psfx.pdf
5/5
Now, in order to be able to deliver mails for different uids, we have to set up sticky bit to the deliveryexecutable. Something like
chmod u+s /usr/lib/dovecot/deliver
Should be enough! This should be all.
Testing
Was done on a vanilla installation of Ubuntu 8.04.2
Postfix/DovecotLDAP (dernire dition le 2009-03-29 20:25:30 par https://login.launchpad.net /+id/HDnmz4T @ c7.campus.utcluj.ro[193.226.6.226]:sushkov)
x/DovecotLDAP - Community Ubuntu Documentation https://help.ubuntu.com/community/Post x/Dovecot