Active Directory Postfix Dovecot – Ubuntu 14.04 Trusty

Pré-requis

Installation

apt-get install postfix-ldap dovecot-ldap

groupadd virtual -g 5000
useradd -r -g virtual -G users -c "Virtual User" -u 5000 virtual
mkdir -p /home/virtual
chown -R virtual: /home/virtual/
chmod -R 770 /home/virtual

vi /etc/postfix/ldap-users.cf

server_host = AdresseIP_du_DC
search_base = dc=test,dc=lan
version = 3
search_base = dc=test,dc=lan

query_filter = (&(objectclass=person)(mail=%s))
result_attribute = samaccountname
result_format = %s/Maildir/

bind = yes
bind_dn = cn=bindaccount,ou=Techs,dc=test,dc=lan
bind_pw = P@ssw00rd

vi /etc/postfix/ldap-alias.cf


mv /etc/postfix/main.cf{,.local}
vi /etc/postfix/main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

myhostname = chronos
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = chronos
relayhost =
mynetworks = 127.0.0.0/8 192.168.1.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/

virtual_mailbox_domains = test.lan
virtual_mailbox_base = /home/virtual
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

queue_directory = /var/spool/postfix

cp /etc/postfix/master.cf{,.local}
vi /etc/postfix/master.cf

## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

## Enable SMTP on port 465 only for authenticated/SSL clients
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

  • Tester le paramétrage avec un compte du domaine :

postmap -vq toto@test.lan ldap:/etc/postfix/ldap-users.cf

mv /etc/dovecot/dovecot.conf{,.local}
vi /etc/dovecot/dovecot.conf

protocols = imap
!include_try /usr/share/dovecot/protocols.d/*.protocol
listen = *, ::
dict {
}
!include conf.d/*.conf
!include_try local.conf

mv /etc/dovecot/conf.d/10-master.conf{,.local}
vi /etc/dovecot/conf.d/10-master.conf

service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }

}

service pop3-login {
  inet_listener pop3 {
    #port = 110
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
  }
}

service lmtp {
  unix_listener lmtp {
    #mode = 0666
  }

}

service imap {
  # Most of the memory goes to mmap()ing files. You may need to increase this
  # limit if you have huge mailboxes.
  #vsz_limit = $default_vsz_limit

  # Max. number of IMAP processes (connections)
  #process_limit = 1024
}

service pop3 {
  # Max. number of POP3 processes (connections)
  #process_limit = 1024
}

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}

service auth-worker {
}

service dict {
  unix_listener dict {
  }
}

mv /etc/dovecot/dovecot-ldap.conf.ext{,.local}
vi /etc/dovecot/dovecot-ldap.conf.ext

hosts = dc1.test.lan dc2.test.lan
base = dc=test.lan
ldap_version = 3
auth_bind = yes
auth_bind_userdn = TEST%n
pass_filter = (&(objectclass=person)(mail=%u))
user_filter = (&(objectClass=person)(mail=%u))
default_pass_scheme = CRYPT

mv /etc/dovecot/conf.d/auth-ldap.conf.ext{,.local}
vi /etc/dovecot/conf.d/auth-ldap.conf.ext

passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
  driver = static
  args = uid=5000 gid=5000 home=/home/virtual/%n/Maildir
}

mv /etc/dovecot/conf.d/10-auth.conf{,.local}
vi /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain
!include auth-system.conf.ext
!include auth-ldap.conf.ext

mv /etc/dovecot/conf.d/10-mail.conf{,.local}
vi /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:/home/virtual/%n/Maildir
namespace inbox {
  inbox = yes
}

Test

  • Redémarrage des services :

for serv in postfix dovecot; do /etc/init.d/$serv restart;done
tailf /var/log/mail.log