Difference between revisions of "Mailutils:HOWTO:Sendmail MU LDAP"
From Mailutils
Jump to navigationJump to searchLine 3: | Line 3: | ||
* to get users database in accessible via LDAP | * to get users database in accessible via LDAP | ||
* to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail | * to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail | ||
+ | |||
+ | all described was deployed on FreeBSD | ||
== LDAP == | == LDAP == | ||
− | |||
− | |||
=== slapd.conf === | === slapd.conf === | ||
+ | === LDIF === | ||
+ | == sendmail == | ||
+ | building sendmail with STARTTLS, SMTPAUTH, LDAP and db44 support | ||
− | + | cyrus-sasl configured with: | |
− | == | + | <code> |
− | + | ./configure --includedir=/usr/local/include --enable-static --with-rc4=openssl --with-dblib=none --disable-anon --disable-cram --disable-digest --disable-gssapi --disable-krb4 --disable-ntlm --disable-otp --disable-plain --disable-scram --enable-ldapdb --with-ldap=/usr/local --with-openssl=yes | |
+ | </code> | ||
=== build config === | === build config === | ||
Line 130: | Line 134: | ||
test.foo.bar local-ldap:test.foo.bar | test.foo.bar local-ldap:test.foo.bar | ||
</pre> | </pre> | ||
+ | |||
+ | === Test === | ||
+ | |||
+ | sendmail -bt | ||
+ | > 3,0 blabla@foo.bar | ||
+ | |||
== mu == | == mu == | ||
Revision as of 18:34, 29 August 2013
Task
- to get users database in accessible via LDAP
- to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail
all described was deployed on FreeBSD
LDAP
slapd.conf
LDIF
sendmail
building sendmail with STARTTLS, SMTPAUTH, LDAP and db44 support
cyrus-sasl configured with:
./configure --includedir=/usr/local/include --enable-static --with-rc4=openssl --with-dblib=none --disable-anon --disable-cram --disable-digest --disable-gssapi --disable-krb4 --disable-ntlm --disable-otp --disable-plain --disable-scram --enable-ldapdb --with-ldap=/usr/local --with-openssl=yes
build config
site.config.m4
## # general APPENDDEF(`confINCDIRS', `-I/usr/local/include -I/usr/local/include/db44') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib -L/usr/local/lib/db44') ## DB44 #APPENDDEF(`confENVDEF', `-I/usr/local/include -I/usr/local/include/db44') #APPENDDEF(`conf_sendmail_LIBS', `-L/usr/local/lib -L/usr/local/lib/db44') # SASL2 (smtp authentication) APPENDDEF(`confENVDEF', `-DSASL=2') APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') # LDAP APPENDDEF(`confMAPDEF', `-DLDAPMAP') APPENDDEF(`confLIBS', `-lldap -llber') # STARTTLS (smtp + tls/ssl) APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -D_FFR_TLS_1') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto') # rest APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER -DSOCKETMAP -DMAP_REGEX -DNEWDB')
sendmail.mc
dnl * Sendmail configuration divert(-1) OSTYPE(freebsd6) dnl * To eliminate 8->7 bit base64 enconding define(`SMTP_MAILER_FLAGS',`8') dnl * Do not reveal my version number define(`confRECEIVED_HEADER',`$?sfrom $s $.$?_($?s$|from $.$_) $. by $j$?r with $r$. id $i$?u for $u$.; $b') dnl * Also, disable VRFY,EXPN define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,noetrn,needmailhelo') dnl * do STARTTLS define(`confCACERT_PATH', `/etc/mail/certs')dnl define(`confCACERT', `/etc/mail/certs/sendmail.pem')dnl define(`localCERT', `/etc/mail/certs/sendmail.pem')dnl define(`confSERVER_CERT', `localCERT')dnl define(`confSERVER_KEY', `localCERT')dnl define(`confCLIENT_CERT', `localCERT')dnl define(`confCLIENT_KEY', `localCERT')dnl dnl * do SMTPAUTH define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl dnl * look for AuthOptions @ op.ps define(`confAUTH_OPTIONS', `A p y')dnl define(`confSAVE_FROM_LINES', `True')dnl define(`HELP_FILE',`none')dnl define(`confDELIVERY_MODE', `background')dnl dnl * define(`confMAX_MESSAGE_SIZE',`31457280') define(`confERROR_MESSAGE',`/etc/mail/error-header')dnl define(`confREJECT_MSG',`550 Access denied. For our users call IT dpt 911')dnl define(`confRELAY_MSG', `550 Relaying denied. For our users call IT dpt 911')dnl dnl define(`confSMTP_LOGIN_MSG',`$j server; $b') define(`confSMTP_LOGIN_MSG',`$j server ready.\nWelcome to us.\nSending UBE is forbidden.\nViolators will be severely prosecuted.') dnl * DAEMON_OPTIONS(`Name=MTA,Addr=0.0.0.0') DAEMON_OPTIONS(`Name=MTA,Addr=X.X.X.X') DAEMON_OPTIONS(`Name=MTA-local0,Addr=127.0.0.1') DAEMON_OPTIONS(`Name=MTA-local3,Addr=Y.Y.Y.Y') DAEMON_OPTIONS(`Family=inet,Name=MTA-SSL,Port=465,M=abs') # Maps define(`confLDAP_DEFAULT_SPEC', `-H ldaps://ldap.foo.bar -b ou=foo.bar,ou=Sendmail,dc=foo,dc=bar -w3 -d uid=bind@mail.foo,ou=people,dc=foo,dc=bar -P /etc/mail/ldappass')dnl define(`confLDAP_CLUSTER', `fo01') LOCAL_CONFIG Klocal_alias hash -T<TMPF> -o /etc/mail/aliases Kldap_alias ldap -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAAliasGrouping=aliases)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAKey=%0)) -v sendmailMTAAliasValue define(`ALIAS_FILE',`sequence: local_alias ldap_alias') FEATURE(`access_db', `LDAP') FEATURE(`mailertable', `LDAP') FEATURE(use_cw_file) FEATURE(use_ct_file) FEATURE(redirect) FEATURE(always_add_domain) FEATURE(blacklist_recipients) FEATURE(relay_entire_domain) # Milter define(`confMILTER_LOG_LEVEL',4) INPUT_MAIL_FILTER(`mailfrom', `S=unix:/var/run/mailfromd/mailfromd.sock, F=T, T=S:120s;R:360s') # Mailers MAILER_DEFINITIONS Mlocal-ldap, P=/usr/local/sbin/maidag, F=lsDFMA5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=maidag $u@$h MAILER(smtp)
mailertable
test.foo.bar local-ldap:test.foo.bar
Test
sendmail -bt > 3,0 blabla@foo.bar