Difference between revisions of "Mailutils:HOWTO:Sendmail MU LDAP"

From Mailutils
Jump to navigationJump to search
Line 46: Line 46:
  
 
=== sendmail.mc ===
 
=== sendmail.mc ===
 +
<pre>
 +
dnl * Sendmail configuration
 +
divert(-1)
 +
OSTYPE(freebsd6)
 +
dnl * To eliminate 8->7 bit base64 enconding
 +
define(`SMTP_MAILER_FLAGS',`8')
 +
dnl * Do not reveal my version number
 +
define(`confRECEIVED_HEADER',`$?sfrom $s $.$?_($?s$|from $.$_) $.
 +
        by $j$?r with $r$. id $i$?u
 +
        for $u$.; $b')
 +
dnl * Also, disable VRFY,EXPN
 +
define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,noetrn,needmailhelo')
 +
 +
dnl * do STARTTLS
 +
define(`confCACERT_PATH', `/etc/mail/certs')dnl
 +
define(`confCACERT', `/etc/mail/certs/sendmail.pem')dnl
 +
define(`localCERT', `/etc/mail/certs/sendmail.pem')dnl
 +
define(`confSERVER_CERT', `localCERT')dnl
 +
define(`confSERVER_KEY',  `localCERT')dnl
 +
define(`confCLIENT_CERT', `localCERT')dnl
 +
define(`confCLIENT_KEY',  `localCERT')dnl
 +
 +
dnl * do SMTPAUTH
 +
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
 +
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
 +
 +
dnl * look for AuthOptions @ op.ps
 +
define(`confAUTH_OPTIONS', `A p y')dnl
 +
 +
 +
define(`confSAVE_FROM_LINES', `True')dnl
 +
define(`HELP_FILE',`none')dnl
 +
define(`confDELIVERY_MODE', `background')dnl
 +
 +
dnl * define(`confMAX_MESSAGE_SIZE',`31457280')
 +
define(`confERROR_MESSAGE',`/etc/mail/error-header')dnl
 +
define(`confREJECT_MSG',`550 Access denied. For our users call IT dpt 911')dnl
 +
define(`confRELAY_MSG', `550 Relaying denied. For our users call IT dpt 911')dnl
 +
 +
dnl define(`confSMTP_LOGIN_MSG',`$j server; $b')
 +
define(`confSMTP_LOGIN_MSG',`$j server ready.\nWelcome to us.\nSending UBE is forbidden.\nViolators will be severely prosecuted.')
 +
 +
dnl * DAEMON_OPTIONS(`Name=MTA,Addr=0.0.0.0')
 +
DAEMON_OPTIONS(`Name=MTA,Addr=X.X.X.X')
 +
DAEMON_OPTIONS(`Name=MTA-local0,Addr=127.0.0.1')
 +
DAEMON_OPTIONS(`Name=MTA-local3,Addr=Y.Y.Y.Y')
 +
DAEMON_OPTIONS(`Family=inet,Name=MTA-SSL,Port=465,M=abs')
 +
 +
# Maps
 +
define(`confLDAP_DEFAULT_SPEC', `-H ldaps://ldap.foo.bar -b ou=foo.bar,ou=Sendmail,dc=foo,dc=bar -w3 -d uid=bind@mail.foo,ou=people,dc=foo,dc=bar -P /etc/mail/ldappass')dnl
 +
define(`confLDAP_CLUSTER', `fo01')
 +
 +
LOCAL_CONFIG
 +
Klocal_alias hash -T<TMPF> -o /etc/mail/aliases
 +
Kldap_alias ldap -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAAliasGrouping=aliases)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAKey=%0)) -v sendmailMTAAliasValue
 +
define(`ALIAS_FILE',`sequence: local_alias ldap_alias')
 +
 +
FEATURE(`access_db', `LDAP')
 +
FEATURE(`mailertable', `LDAP')
 +
 +
FEATURE(use_cw_file)
 +
FEATURE(use_ct_file)
 +
FEATURE(redirect)
 +
FEATURE(always_add_domain)
 +
FEATURE(blacklist_recipients)
 +
FEATURE(relay_entire_domain)
 +
 +
# Milter
 +
define(`confMILTER_LOG_LEVEL',4)
 +
INPUT_MAIL_FILTER(`mailfrom', `S=unix:/var/run/mailfromd/mailfromd.sock, F=T, T=S:120s;R:360s')
 +
 +
# Mailers
 +
MAILER_DEFINITIONS
 +
Mlocal-ldap,    P=/usr/local/sbin/maidag, F=lsDFMA5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
 +
                T=DNS/RFC822/X-Unix,
 +
                A=maidag $u@$h
 +
 +
MAILER(smtp)
 +
</pre>
  
 
=== mailertable ===
 
=== mailertable ===

Revision as of 13:45, 29 August 2013

Task

  • to get users database in accessible via LDAP
  • to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail

LDAP

slapd.conf

LDIF

sendmail

we'll build sendmail with STARTTLS, SMTPAUTH, LDAP and db44 support

build config

site.config.m4

##
# general
APPENDDEF(`confINCDIRS', `-I/usr/local/include -I/usr/local/include/db44')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib -L/usr/local/lib/db44')

## DB44
#APPENDDEF(`confENVDEF', `-I/usr/local/include -I/usr/local/include/db44')
#APPENDDEF(`conf_sendmail_LIBS', `-L/usr/local/lib -L/usr/local/lib/db44')

# SASL2 (smtp authentication)
APPENDDEF(`confENVDEF', `-DSASL=2')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')

# LDAP
APPENDDEF(`confMAPDEF', `-DLDAPMAP')
APPENDDEF(`confLIBS', `-lldap -llber')

# STARTTLS (smtp + tls/ssl)
APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -D_FFR_TLS_1')
APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')

# rest
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER -DSOCKETMAP -DMAP_REGEX -DNEWDB')

sendmail.mc

dnl * Sendmail configuration
divert(-1)
OSTYPE(freebsd6)
dnl * To eliminate 8->7 bit base64 enconding
define(`SMTP_MAILER_FLAGS',`8')
dnl * Do not reveal my version number
define(`confRECEIVED_HEADER',`$?sfrom $s $.$?_($?s$|from $.$_) $.
        by $j$?r with $r$. id $i$?u
        for $u$.; $b')
dnl * Also, disable VRFY,EXPN
define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,noetrn,needmailhelo')

dnl * do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/sendmail.pem')dnl
define(`localCERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_CERT', `localCERT')dnl
define(`confSERVER_KEY',  `localCERT')dnl
define(`confCLIENT_CERT', `localCERT')dnl
define(`confCLIENT_KEY',  `localCERT')dnl

dnl * do SMTPAUTH
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

dnl * look for AuthOptions @ op.ps
define(`confAUTH_OPTIONS', `A p y')dnl


define(`confSAVE_FROM_LINES', `True')dnl
define(`HELP_FILE',`none')dnl
define(`confDELIVERY_MODE', `background')dnl

dnl * define(`confMAX_MESSAGE_SIZE',`31457280')
define(`confERROR_MESSAGE',`/etc/mail/error-header')dnl
define(`confREJECT_MSG',`550 Access denied. For our users call IT dpt 911')dnl
define(`confRELAY_MSG', `550 Relaying denied. For our users call IT dpt 911')dnl

dnl define(`confSMTP_LOGIN_MSG',`$j server; $b')
define(`confSMTP_LOGIN_MSG',`$j server ready.\nWelcome to us.\nSending UBE is forbidden.\nViolators will be severely prosecuted.')

dnl * DAEMON_OPTIONS(`Name=MTA,Addr=0.0.0.0')
DAEMON_OPTIONS(`Name=MTA,Addr=X.X.X.X')
DAEMON_OPTIONS(`Name=MTA-local0,Addr=127.0.0.1')
DAEMON_OPTIONS(`Name=MTA-local3,Addr=Y.Y.Y.Y')
DAEMON_OPTIONS(`Family=inet,Name=MTA-SSL,Port=465,M=abs')

# Maps
define(`confLDAP_DEFAULT_SPEC', `-H ldaps://ldap.foo.bar -b ou=foo.bar,ou=Sendmail,dc=foo,dc=bar -w3 -d uid=bind@mail.foo,ou=people,dc=foo,dc=bar -P /etc/mail/ldappass')dnl
define(`confLDAP_CLUSTER', `fo01')

LOCAL_CONFIG
Klocal_alias hash -T<TMPF> -o /etc/mail/aliases
Kldap_alias ldap -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAAliasGrouping=aliases)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAKey=%0)) -v sendmailMTAAliasValue
define(`ALIAS_FILE',`sequence: local_alias ldap_alias')

FEATURE(`access_db', `LDAP')
FEATURE(`mailertable', `LDAP')

FEATURE(use_cw_file)
FEATURE(use_ct_file)
FEATURE(redirect)
FEATURE(always_add_domain)
FEATURE(blacklist_recipients)
FEATURE(relay_entire_domain)

# Milter
define(`confMILTER_LOG_LEVEL',4)
INPUT_MAIL_FILTER(`mailfrom', `S=unix:/var/run/mailfromd/mailfromd.sock, F=T, T=S:120s;R:360s')

# Mailers
MAILER_DEFINITIONS
Mlocal-ldap,    P=/usr/local/sbin/maidag, F=lsDFMA5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
                T=DNS/RFC822/X-Unix,
                A=maidag $u@$h

MAILER(smtp)

mailertable

test.foo.bar    local-ldap:test.foo.bar

mu

config

mailutils.rc

pop3d

imap4d

maidag