Difference between revisions of "Mailutils:HOWTO:Sendmail MU LDAP"
From Mailutils
Jump to navigationJump to search| Line 46: | Line 46: | ||
=== sendmail.mc === | === sendmail.mc === | ||
| + | <pre> | ||
| + | dnl * Sendmail configuration | ||
| + | divert(-1) | ||
| + | OSTYPE(freebsd6) | ||
| + | dnl * To eliminate 8->7 bit base64 enconding | ||
| + | define(`SMTP_MAILER_FLAGS',`8') | ||
| + | dnl * Do not reveal my version number | ||
| + | define(`confRECEIVED_HEADER',`$?sfrom $s $.$?_($?s$|from $.$_) $. | ||
| + | by $j$?r with $r$. id $i$?u | ||
| + | for $u$.; $b') | ||
| + | dnl * Also, disable VRFY,EXPN | ||
| + | define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,noetrn,needmailhelo') | ||
| + | |||
| + | dnl * do STARTTLS | ||
| + | define(`confCACERT_PATH', `/etc/mail/certs')dnl | ||
| + | define(`confCACERT', `/etc/mail/certs/sendmail.pem')dnl | ||
| + | define(`localCERT', `/etc/mail/certs/sendmail.pem')dnl | ||
| + | define(`confSERVER_CERT', `localCERT')dnl | ||
| + | define(`confSERVER_KEY', `localCERT')dnl | ||
| + | define(`confCLIENT_CERT', `localCERT')dnl | ||
| + | define(`confCLIENT_KEY', `localCERT')dnl | ||
| + | |||
| + | dnl * do SMTPAUTH | ||
| + | define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl | ||
| + | TRUST_AUTH_MECH(`LOGIN PLAIN')dnl | ||
| + | |||
| + | dnl * look for AuthOptions @ op.ps | ||
| + | define(`confAUTH_OPTIONS', `A p y')dnl | ||
| + | |||
| + | |||
| + | define(`confSAVE_FROM_LINES', `True')dnl | ||
| + | define(`HELP_FILE',`none')dnl | ||
| + | define(`confDELIVERY_MODE', `background')dnl | ||
| + | |||
| + | dnl * define(`confMAX_MESSAGE_SIZE',`31457280') | ||
| + | define(`confERROR_MESSAGE',`/etc/mail/error-header')dnl | ||
| + | define(`confREJECT_MSG',`550 Access denied. For our users call IT dpt 911')dnl | ||
| + | define(`confRELAY_MSG', `550 Relaying denied. For our users call IT dpt 911')dnl | ||
| + | |||
| + | dnl define(`confSMTP_LOGIN_MSG',`$j server; $b') | ||
| + | define(`confSMTP_LOGIN_MSG',`$j server ready.\nWelcome to us.\nSending UBE is forbidden.\nViolators will be severely prosecuted.') | ||
| + | |||
| + | dnl * DAEMON_OPTIONS(`Name=MTA,Addr=0.0.0.0') | ||
| + | DAEMON_OPTIONS(`Name=MTA,Addr=X.X.X.X') | ||
| + | DAEMON_OPTIONS(`Name=MTA-local0,Addr=127.0.0.1') | ||
| + | DAEMON_OPTIONS(`Name=MTA-local3,Addr=Y.Y.Y.Y') | ||
| + | DAEMON_OPTIONS(`Family=inet,Name=MTA-SSL,Port=465,M=abs') | ||
| + | |||
| + | # Maps | ||
| + | define(`confLDAP_DEFAULT_SPEC', `-H ldaps://ldap.foo.bar -b ou=foo.bar,ou=Sendmail,dc=foo,dc=bar -w3 -d uid=bind@mail.foo,ou=people,dc=foo,dc=bar -P /etc/mail/ldappass')dnl | ||
| + | define(`confLDAP_CLUSTER', `fo01') | ||
| + | |||
| + | LOCAL_CONFIG | ||
| + | Klocal_alias hash -T<TMPF> -o /etc/mail/aliases | ||
| + | Kldap_alias ldap -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAAliasGrouping=aliases)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAKey=%0)) -v sendmailMTAAliasValue | ||
| + | define(`ALIAS_FILE',`sequence: local_alias ldap_alias') | ||
| + | |||
| + | FEATURE(`access_db', `LDAP') | ||
| + | FEATURE(`mailertable', `LDAP') | ||
| + | |||
| + | FEATURE(use_cw_file) | ||
| + | FEATURE(use_ct_file) | ||
| + | FEATURE(redirect) | ||
| + | FEATURE(always_add_domain) | ||
| + | FEATURE(blacklist_recipients) | ||
| + | FEATURE(relay_entire_domain) | ||
| + | |||
| + | # Milter | ||
| + | define(`confMILTER_LOG_LEVEL',4) | ||
| + | INPUT_MAIL_FILTER(`mailfrom', `S=unix:/var/run/mailfromd/mailfromd.sock, F=T, T=S:120s;R:360s') | ||
| + | |||
| + | # Mailers | ||
| + | MAILER_DEFINITIONS | ||
| + | Mlocal-ldap, P=/usr/local/sbin/maidag, F=lsDFMA5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, | ||
| + | T=DNS/RFC822/X-Unix, | ||
| + | A=maidag $u@$h | ||
| + | |||
| + | MAILER(smtp) | ||
| + | </pre> | ||
=== mailertable === | === mailertable === | ||
Revision as of 13:45, 29 August 2013
Task
- to get users database in accessible via LDAP
- to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail
LDAP
slapd.conf
LDIF
sendmail
we'll build sendmail with STARTTLS, SMTPAUTH, LDAP and db44 support
build config
site.config.m4
## # general APPENDDEF(`confINCDIRS', `-I/usr/local/include -I/usr/local/include/db44') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib -L/usr/local/lib/db44') ## DB44 #APPENDDEF(`confENVDEF', `-I/usr/local/include -I/usr/local/include/db44') #APPENDDEF(`conf_sendmail_LIBS', `-L/usr/local/lib -L/usr/local/lib/db44') # SASL2 (smtp authentication) APPENDDEF(`confENVDEF', `-DSASL=2') APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') # LDAP APPENDDEF(`confMAPDEF', `-DLDAPMAP') APPENDDEF(`confLIBS', `-lldap -llber') # STARTTLS (smtp + tls/ssl) APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -D_FFR_TLS_1') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto') # rest APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER -DSOCKETMAP -DMAP_REGEX -DNEWDB')
sendmail.mc
dnl * Sendmail configuration
divert(-1)
OSTYPE(freebsd6)
dnl * To eliminate 8->7 bit base64 enconding
define(`SMTP_MAILER_FLAGS',`8')
dnl * Do not reveal my version number
define(`confRECEIVED_HEADER',`$?sfrom $s $.$?_($?s$|from $.$_) $.
by $j$?r with $r$. id $i$?u
for $u$.; $b')
dnl * Also, disable VRFY,EXPN
define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,noetrn,needmailhelo')
dnl * do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/sendmail.pem')dnl
define(`localCERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_CERT', `localCERT')dnl
define(`confSERVER_KEY', `localCERT')dnl
define(`confCLIENT_CERT', `localCERT')dnl
define(`confCLIENT_KEY', `localCERT')dnl
dnl * do SMTPAUTH
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
dnl * look for AuthOptions @ op.ps
define(`confAUTH_OPTIONS', `A p y')dnl
define(`confSAVE_FROM_LINES', `True')dnl
define(`HELP_FILE',`none')dnl
define(`confDELIVERY_MODE', `background')dnl
dnl * define(`confMAX_MESSAGE_SIZE',`31457280')
define(`confERROR_MESSAGE',`/etc/mail/error-header')dnl
define(`confREJECT_MSG',`550 Access denied. For our users call IT dpt 911')dnl
define(`confRELAY_MSG', `550 Relaying denied. For our users call IT dpt 911')dnl
dnl define(`confSMTP_LOGIN_MSG',`$j server; $b')
define(`confSMTP_LOGIN_MSG',`$j server ready.\nWelcome to us.\nSending UBE is forbidden.\nViolators will be severely prosecuted.')
dnl * DAEMON_OPTIONS(`Name=MTA,Addr=0.0.0.0')
DAEMON_OPTIONS(`Name=MTA,Addr=X.X.X.X')
DAEMON_OPTIONS(`Name=MTA-local0,Addr=127.0.0.1')
DAEMON_OPTIONS(`Name=MTA-local3,Addr=Y.Y.Y.Y')
DAEMON_OPTIONS(`Family=inet,Name=MTA-SSL,Port=465,M=abs')
# Maps
define(`confLDAP_DEFAULT_SPEC', `-H ldaps://ldap.foo.bar -b ou=foo.bar,ou=Sendmail,dc=foo,dc=bar -w3 -d uid=bind@mail.foo,ou=people,dc=foo,dc=bar -P /etc/mail/ldappass')dnl
define(`confLDAP_CLUSTER', `fo01')
LOCAL_CONFIG
Klocal_alias hash -T<TMPF> -o /etc/mail/aliases
Kldap_alias ldap -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAAliasGrouping=aliases)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAKey=%0)) -v sendmailMTAAliasValue
define(`ALIAS_FILE',`sequence: local_alias ldap_alias')
FEATURE(`access_db', `LDAP')
FEATURE(`mailertable', `LDAP')
FEATURE(use_cw_file)
FEATURE(use_ct_file)
FEATURE(redirect)
FEATURE(always_add_domain)
FEATURE(blacklist_recipients)
FEATURE(relay_entire_domain)
# Milter
define(`confMILTER_LOG_LEVEL',4)
INPUT_MAIL_FILTER(`mailfrom', `S=unix:/var/run/mailfromd/mailfromd.sock, F=T, T=S:120s;R:360s')
# Mailers
MAILER_DEFINITIONS
Mlocal-ldap, P=/usr/local/sbin/maidag, F=lsDFMA5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=maidag $u@$h
MAILER(smtp)
mailertable
test.foo.bar local-ldap:test.foo.bar
