Difference between revisions of "Mailutils:HOWTO:Sendmail MU LDAP"
From Mailutils
Jump to navigationJump to search| Line 11: | Line 11: | ||
=== LDIF === | === LDIF === | ||
| + | |||
| + | <pre> | ||
| + | dn: uid=officeX-testuser,ou=People,dc=foo,dc=bar | ||
| + | cn: testuser@foo.bar | ||
| + | gidnumber: 12345 | ||
| + | homedirectory: /nonexistent | ||
| + | loginshell: /sbin/nologin | ||
| + | objectclass: top | ||
| + | objectclass: posixAccount | ||
| + | objectclass: inetOrgPerson | ||
| + | objectclass: organizationalPerson | ||
| + | objectclass: person | ||
| + | objectclass: inetLocalMailRecipient | ||
| + | sn: test user | ||
| + | uid: officeX-testuser | ||
| + | uidnumber: 10001 | ||
| + | userpassword: {CRYPT}$1$dtyhERYdf$dfDGGsdHJKTIKT.34345DFSF/ | ||
| + | |||
| + | dn: authorizedService=mail@foo.bar,uid=officeX-testuser,ou=People,dc=foo,dc=bar | ||
| + | associateddomain: foo.bar | ||
| + | authorizedservice: mail@foo.bar | ||
| + | cn: testuser@foo.bar | ||
| + | gidnumber: 10106 | ||
| + | homedirectory: /var/mail/IMAP_HOMES/foo.bar/testuser@foo.bar | ||
| + | loginshell: /sbin/nologin | ||
| + | mu-mailbox: maildir:/var/mail/foo.bar/testuser@foo.bar | ||
| + | objectclass: posixAccount | ||
| + | objectclass: shadowAccount | ||
| + | objectclass: inetOrgPerson | ||
| + | objectclass: authorizedServiceObject | ||
| + | objectclass: domainRelatedObject | ||
| + | objectclass: mailutilsAccount | ||
| + | sn: testuser@foo.bar | ||
| + | uid: testuser@foo.bar | ||
| + | uidnumber: 10001 | ||
| + | userpassword: {CRYPT}$1$dtyhERYdf$dfDGGsdHJKTIKT.34345DFSF/ | ||
| + | </pre> | ||
== sendmail == | == sendmail == | ||
| Line 146: | Line 183: | ||
=== mailutils.rc === | === mailutils.rc === | ||
| + | <pre> | ||
| + | mailutils.rc | ||
| + | |||
| + | ldap { | ||
| + | enable yes; | ||
| + | url "ldap://ldap.foo.bar:389/"; | ||
| + | base "ou=people,dc=ibs"; | ||
| + | binddn "uid=bind@mai.foo.bar,ou=people,dc=foo,dc=bar"; | ||
| + | passwd "*****"; | ||
| + | tls yes; | ||
| + | debug 1; | ||
| + | field-map "name=uid:passwd=userPassword:uid=uidNumber:gid=gidNumber:gecos=gecos:dir=homeDirectory:shell=loginShell:mailbox=mu-mailBox"; | ||
| + | getpwnam "(|(&(authorizedService=mail@foo.bar)(uid=${user}))(&(authorizedService=mail@foo.bar)(cn=${user}))(&(authorizedService=mail@foo.com)(cn=${user})))"; | ||
| + | getpwuid "(|(&(authorizedService=mail@foo.bar)(uid=${user}))(&(authorizedService=mail@foo.bar)(cn=${user}))(&(authorizedService=mail@foo.com)(cn=${user})))"; | ||
| + | }; | ||
| + | |||
| + | auth { | ||
| + | authorization generic:ldap:system; | ||
| + | authentication generic:ldap:system; | ||
| + | }; | ||
| + | |||
| + | mailbox { | ||
| + | mailbox-type "maildir"; | ||
| + | mailbox-pattern "maildir:/var/mail;type=index;param=2;user=${user}"; | ||
| + | }; | ||
| + | |||
| + | locking { | ||
| + | retry-count 400; | ||
| + | }; | ||
| + | |||
| + | include /usr/local/etc/mailutils; | ||
| + | </pre> | ||
| + | |||
=== pop3d === | === pop3d === | ||
Revision as of 11:20, 30 August 2013
Task
- to get users database in accessible via LDAP
- to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail
all described was deployed on FreeBSD
LDAP
slapd.conf
LDIF
dn: uid=officeX-testuser,ou=People,dc=foo,dc=bar
cn: testuser@foo.bar
gidnumber: 12345
homedirectory: /nonexistent
loginshell: /sbin/nologin
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: inetLocalMailRecipient
sn: test user
uid: officeX-testuser
uidnumber: 10001
userpassword: {CRYPT}$1$dtyhERYdf$dfDGGsdHJKTIKT.34345DFSF/
dn: authorizedService=mail@foo.bar,uid=officeX-testuser,ou=People,dc=foo,dc=bar
associateddomain: foo.bar
authorizedservice: mail@foo.bar
cn: testuser@foo.bar
gidnumber: 10106
homedirectory: /var/mail/IMAP_HOMES/foo.bar/testuser@foo.bar
loginshell: /sbin/nologin
mu-mailbox: maildir:/var/mail/foo.bar/testuser@foo.bar
objectclass: posixAccount
objectclass: shadowAccount
objectclass: inetOrgPerson
objectclass: authorizedServiceObject
objectclass: domainRelatedObject
objectclass: mailutilsAccount
sn: testuser@foo.bar
uid: testuser@foo.bar
uidnumber: 10001
userpassword: {CRYPT}$1$dtyhERYdf$dfDGGsdHJKTIKT.34345DFSF/
sendmail
building sendmail with STARTTLS, SMTPAUTH, LDAP and db44 support
cyrus-sasl configured with:
./configure --includedir=/usr/local/include --enable-static --with-rc4=openssl --with-dblib=none --disable-anon --disable-cram --disable-digest --disable-gssapi --disable-krb4 --disable-ntlm --disable-otp --disable-plain --disable-scram --enable-ldapdb --with-ldap=/usr/local --with-openssl=yes
build config
site.config.m4
## # general APPENDDEF(`confINCDIRS', `-I/usr/local/include -I/usr/local/include/db44') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib -L/usr/local/lib/db44') ## DB44 #APPENDDEF(`confENVDEF', `-I/usr/local/include -I/usr/local/include/db44') #APPENDDEF(`conf_sendmail_LIBS', `-L/usr/local/lib -L/usr/local/lib/db44') # SASL2 (smtp authentication) APPENDDEF(`confENVDEF', `-DSASL=2') APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') # LDAP APPENDDEF(`confMAPDEF', `-DLDAPMAP') APPENDDEF(`confLIBS', `-lldap -llber') # STARTTLS (smtp + tls/ssl) APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -D_FFR_TLS_1') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto') # rest APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER -DSOCKETMAP -DMAP_REGEX -DNEWDB')
sendmail.mc
dnl * Sendmail configuration
divert(-1)
OSTYPE(freebsd6)
dnl * To eliminate 8->7 bit base64 enconding
define(`SMTP_MAILER_FLAGS',`8')
dnl * Do not reveal my version number
define(`confRECEIVED_HEADER',`$?sfrom $s $.$?_($?s$|from $.$_) $.
by $j$?r with $r$. id $i$?u
for $u$.; $b')
dnl * Also, disable VRFY,EXPN
define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,noetrn,needmailhelo')
dnl * do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/sendmail.pem')dnl
define(`localCERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_CERT', `localCERT')dnl
define(`confSERVER_KEY', `localCERT')dnl
define(`confCLIENT_CERT', `localCERT')dnl
define(`confCLIENT_KEY', `localCERT')dnl
dnl * do SMTPAUTH
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
dnl * look for AuthOptions @ op.ps
define(`confAUTH_OPTIONS', `A p y')dnl
define(`confSAVE_FROM_LINES', `True')dnl
define(`HELP_FILE',`none')dnl
define(`confDELIVERY_MODE', `background')dnl
dnl * define(`confMAX_MESSAGE_SIZE',`31457280')
define(`confERROR_MESSAGE',`/etc/mail/error-header')dnl
define(`confREJECT_MSG',`550 Access denied. For our users call IT dpt 911')dnl
define(`confRELAY_MSG', `550 Relaying denied. For our users call IT dpt 911')dnl
dnl define(`confSMTP_LOGIN_MSG',`$j server; $b')
define(`confSMTP_LOGIN_MSG',`$j server ready.\nWelcome to us.\nSending UBE is forbidden.\nViolators will be severely prosecuted.')
dnl * DAEMON_OPTIONS(`Name=MTA,Addr=0.0.0.0')
DAEMON_OPTIONS(`Name=MTA,Addr=X.X.X.X')
DAEMON_OPTIONS(`Name=MTA-local0,Addr=127.0.0.1')
DAEMON_OPTIONS(`Name=MTA-local3,Addr=Y.Y.Y.Y')
DAEMON_OPTIONS(`Family=inet,Name=MTA-SSL,Port=465,M=abs')
# Maps
define(`confLDAP_DEFAULT_SPEC', `-H ldaps://ldap.foo.bar -b ou=foo.bar,ou=Sendmail,dc=foo,dc=bar -w3 -d uid=bind@mail.foo,ou=people,dc=foo,dc=bar -P /etc/mail/ldappass')dnl
define(`confLDAP_CLUSTER', `fo01')
LOCAL_CONFIG
Klocal_alias hash -T<TMPF> -o /etc/mail/aliases
Kldap_alias ldap -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAAliasGrouping=aliases)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAKey=%0)) -v sendmailMTAAliasValue
define(`ALIAS_FILE',`sequence: local_alias ldap_alias')
FEATURE(`access_db', `LDAP')
FEATURE(`mailertable', `LDAP')
FEATURE(use_cw_file)
FEATURE(use_ct_file)
FEATURE(redirect)
FEATURE(always_add_domain)
FEATURE(blacklist_recipients)
FEATURE(relay_entire_domain)
# Milter
define(`confMILTER_LOG_LEVEL',4)
INPUT_MAIL_FILTER(`mailfrom', `S=unix:/var/run/mailfromd/mailfromd.sock, F=T, T=S:120s;R:360s')
# Mailers
MAILER_DEFINITIONS
Mlocal-ldap, P=/usr/local/sbin/maidag, F=lsDFMA5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=maidag $u@$h
MAILER(smtp)
mailertable
test.foo.bar local-ldap:test.foo.bar
Test
sendmail -bt > 3,0 blabla@foo.bar
mu
config
mailutils.rc
mailutils.rc
ldap {
enable yes;
url "ldap://ldap.foo.bar:389/";
base "ou=people,dc=ibs";
binddn "uid=bind@mai.foo.bar,ou=people,dc=foo,dc=bar";
passwd "*****";
tls yes;
debug 1;
field-map "name=uid:passwd=userPassword:uid=uidNumber:gid=gidNumber:gecos=gecos:dir=homeDirectory:shell=loginShell:mailbox=mu-mailBox";
getpwnam "(|(&(authorizedService=mail@foo.bar)(uid=${user}))(&(authorizedService=mail@foo.bar)(cn=${user}))(&(authorizedService=mail@foo.com)(cn=${user})))";
getpwuid "(|(&(authorizedService=mail@foo.bar)(uid=${user}))(&(authorizedService=mail@foo.bar)(cn=${user}))(&(authorizedService=mail@foo.com)(cn=${user})))";
};
auth {
authorization generic:ldap:system;
authentication generic:ldap:system;
};
mailbox {
mailbox-type "maildir";
mailbox-pattern "maildir:/var/mail;type=index;param=2;user=${user}";
};
locking {
retry-count 400;
};
include /usr/local/etc/mailutils;
