Advertisement

07.22.2008 at 03:38PM PDT, ID: 23586862
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.0

Help needed with Postfix with Dovecot setup (virtual domains/users, LDAP, Dovecot as LDA/SASL AUTH)

Asked by vwal in Email Servers, Lightweight Directory Access Protocol (LDAP), Simple Mail Transfer Protocol (SMTP)

Tags: , , ,

I'm setting up a mail system on FreeBSD 7.0 using Postfix 2.5.1, Dovecot 1.1.1, and OpenLDAP 2.3. I've been running qmail for last six years, and thus am new to Postfix/Dovecot world. Although it's wonderful to see how much more streamlined things have become (as compared to the very patched, aging qmail), the sheer number of variables in the new setup is causing me trouble.

The goals for this system are:

- Postfix 2.5.1 as the MTA
- Dovecot 1.1.1 as the LDA for both for the local and virtual accounts (though the few existing local accounts - mainly root - will be fowarded to one of the virtual accounts)
- Dovecot 1.1.1 as the SASL AUTH source
- OpenLDAP as the store for the virtual account login info (I'll be likely using Phamm to manage LDAP)
- TSL should be enabled (but not required) for external connections. The required certs have been generated.

The system will handle couple of dozen virtual domains where many of the accounts are forward accounts (mail is forwarded elsewhere). Mail destined for the local system accounts (such as the root or the postmaster) should be received but forwarded to an account in one of the virtual domains.

Below is what I've got so far as far as the configuration goes. I realize this is not yet complete. LDAP integration, for one, is missing altogether as it is a new area for me and I haven't had the chance to read up on it yet extensively (or rather, sufficiently).

I'm asking for help to point out possible errors (functionality/security) in the configuration, and to complete the setup (including the LDAP integration). There are a lot of resources on the web on these, but many conflict having been written for varying versions, varying configurations, and on varying platforms.

I don't mind doing lots of tweaking/debugging/"RTFM", but the process will be much easier and less time consuming if someone who is more familiar with Postfix/Dovecot/LDAP setup would assist with this initial setup.

Thanks for any insights and advice!

Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:

## DOVECOT CONFIGURATION FILE
 
base_dir = /var/run/dovecot/
login_dir = /var/run/dovecot/login
mail_location = maildir:/home/vmail/%d/%n/Maildir
 
protocols = imap imaps pop3 pop3s
login_user = dovecot
 
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
 
first_valid_uid = 500 
first_valid_gid = 0
mail_uid = vmail
mail_gid = vmail
 
ssl_disable = no
ssl_listen = *
ssl_cert_file = /etc/ssl/certs/dovecot-inertia.crt
ssl_key_file = /etc/ssl/certs/dovecot-inertia.pem
ssl_cipher_list = ALL:!LOW:!SSLv2
verbose_ssl = no
 
log_path = /var/log/dovecot-error.log
info_log_path = /var/log/dovecot-info.log
log_timestamp = "%F %H:%M:%S "
 
maildir_copy_with_hardlinks = yes
verbose_proctitle = yes
 
protocol imap {
}
  
protocol pop3 {
	pop3_uidl_format = %08Xu%08Xv
	pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
 
protocol lda {
	postmaster_address = postmaster@inertia.mydomain.com
	auth_socket_path = /var/run/dovecot/auth-master
	log_path = /var/log/dovecot-deliver.log
	info_log_path = /var/log/dovecot-deliver.log
}
 
auth default {
	mechanisms = plain login
	socket listen {
		master {
	        path = /var/run/dovecot/auth-master
    	    mode = 0600
        	user = vmail # User runing deliver
        	group = vmail
        }
		client {
			path = /var/spool/postfix/private/auth
			mode = 0660
			user = postfix
			group = postfix
		}
	}
	passdb pam {
	}
	userdb passwd {
		args = mail=maildir:/home/%u/Maildir
	}
	userdb static {
		args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir 
	}	
	user = root
}
 
dict {
}
 
plugin {
}
 
-----------------------------
 
## MAIN.CF
 
debug_peer_level = 9  # normally set to 2
debug_peer_list = 127.0.0.1
 
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
 
mail_owner = postfix
myhostname = inertia.mydomain.com
mydomain = inertia.mydomain.com 
myorigin = $myhostname
 
mydestination = $myhostname
	localhost.$mydomain
	localhost
 
mynetworks_style = host
mynetworks = 192.168.1.0/24  #currently behind a firewall
relay_domains = $mydestination
 
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
 
home_mailbox = Maildir/
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/local/libexec/dovecot/deliver
mailbox_transport = dovecot
virtual_transport = dovecot
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = someotherdomain.com  
#virtual_mailbox_maps = hash:/etc/postfix/virtual # do I actually need this with Dovecot as  the LDA?
 
smtpd_recipient_restrictions = 
	reject_non_fqdn_recipient
	reject_non_fqdn_sender
	reject_unknown_sender_domain
	reject_unknown_recipient_domain
	permit_mynetworks
	permit_sasl_authenticated
	reject_non_fqdn_hostname 
	reject_invalid_hostname
	reject_unauth_destination 
 
smtpd_data_restrictions = 
	reject_multi_recipient_bounce
	reject_unauth_pipelining
 
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
readme_directory = /usr/local/etc/postfix/README_FILES
 
-----------------------------
## MASTER.CF
#Postfix master.cf is the default file with the following changes (only the changes from the file are included below):
 
#enable alternative SMTPD ports as 25 is often blocked by ISPs
465       inet  n       -       n       -       -       smtpd
587       inet  n       -       n       -       -       smtpd
 
#tlsmgr is commented out:
#tlsmgr    unix  -       -       n       1000?   1       tlsmgr 
 
#Dovecot LDA
dovecot    unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
 
Keywords: Help needed with Postfix with Dovecot…
Title
1 Postfix or exim?
2 Ifolder and LDAP Issues NW65
3 Requiring LDAP to use TLS.
4 LDAP query
5 LDAP addresses Book with postfix
6 LDAP on FREEBSD
 
Loading Advertisement...
 
[+][-]07.24.2008 at 04:12AM PDT, ID: 22077785

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Email Servers, Lightweight Directory Access Protocol (LDAP), Simple Mail Transfer Protocol (SMTP)
Tags: Postfix, Dovecot, 2.5.1, 1.1.1, Dovecot for IMAP, POP, SASL AUTH, LDA, Postfix 2.5.1, Dovecot 1.1.1, FreeBSD 7.0
Sign Up Now!
Solution Provided By: bevhost
Participating Experts: 1
Solution Grade: A
 
 
[+][-]07.24.2008 at 04:12AM PDT, ID: 22077790

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08.15.2008 at 10:31AM PDT, ID: 22240093

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
[+][-]08.22.2008 at 04:14PM PDT, ID: 22294843

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628