Difference between revisions of "Mailutils:HOWTO:Sendmail MU LDAP"

From Mailutils
Jump to navigationJump to search
Line 3: Line 3:
 
* to get users database in accessible via LDAP
 
* to get users database in accessible via LDAP
 
* to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail
 
* to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail
 +
 +
all described was deployed on FreeBSD
  
 
== LDAP ==
 
== LDAP ==
 
 
  
 
=== slapd.conf ===
 
=== slapd.conf ===
  
 +
=== LDIF ===
  
 +
== sendmail ==
 +
building sendmail with STARTTLS, SMTPAUTH, LDAP and db44 support
  
=== LDIF ===
+
cyrus-sasl configured with:
  
== sendmail ==
+
<code>
we'll build sendmail with STARTTLS, SMTPAUTH, LDAP and db44 support
+
./configure --includedir=/usr/local/include --enable-static --with-rc4=openssl --with-dblib=none --disable-anon --disable-cram --disable-digest --disable-gssapi --disable-krb4 --disable-ntlm --disable-otp --disable-plain --disable-scram --enable-ldapdb --with-ldap=/usr/local --with-openssl=yes
 +
</code>
  
 
=== build config ===
 
=== build config ===
Line 130: Line 134:
 
test.foo.bar    local-ldap:test.foo.bar
 
test.foo.bar    local-ldap:test.foo.bar
 
</pre>
 
</pre>
 +
 +
=== Test ===
 +
 +
sendmail -bt
 +
> 3,0 blabla@foo.bar
 +
 
== mu ==
 
== mu ==
  

Revision as of 18:34, 29 August 2013

Task

  • to get users database in accessible via LDAP
  • to get multidomain (multi domains with separate (if needed) users for each domain) support in sendmail

all described was deployed on FreeBSD

LDAP

slapd.conf

LDIF

sendmail

building sendmail with STARTTLS, SMTPAUTH, LDAP and db44 support

cyrus-sasl configured with:

./configure --includedir=/usr/local/include --enable-static --with-rc4=openssl --with-dblib=none --disable-anon --disable-cram --disable-digest --disable-gssapi --disable-krb4 --disable-ntlm --disable-otp --disable-plain --disable-scram --enable-ldapdb --with-ldap=/usr/local --with-openssl=yes

build config

site.config.m4

##
# general
APPENDDEF(`confINCDIRS', `-I/usr/local/include -I/usr/local/include/db44')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib -L/usr/local/lib/db44')

## DB44
#APPENDDEF(`confENVDEF', `-I/usr/local/include -I/usr/local/include/db44')
#APPENDDEF(`conf_sendmail_LIBS', `-L/usr/local/lib -L/usr/local/lib/db44')

# SASL2 (smtp authentication)
APPENDDEF(`confENVDEF', `-DSASL=2')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')

# LDAP
APPENDDEF(`confMAPDEF', `-DLDAPMAP')
APPENDDEF(`confLIBS', `-lldap -llber')

# STARTTLS (smtp + tls/ssl)
APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -D_FFR_TLS_1')
APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')

# rest
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER -DSOCKETMAP -DMAP_REGEX -DNEWDB')

sendmail.mc

dnl * Sendmail configuration
divert(-1)
OSTYPE(freebsd6)
dnl * To eliminate 8->7 bit base64 enconding
define(`SMTP_MAILER_FLAGS',`8')
dnl * Do not reveal my version number
define(`confRECEIVED_HEADER',`$?sfrom $s $.$?_($?s$|from $.$_) $.
        by $j$?r with $r$. id $i$?u
        for $u$.; $b')
dnl * Also, disable VRFY,EXPN
define(`confPRIVACY_FLAGS',`authwarnings,novrfy,noexpn,noetrn,needmailhelo')

dnl * do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/sendmail.pem')dnl
define(`localCERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_CERT', `localCERT')dnl
define(`confSERVER_KEY',  `localCERT')dnl
define(`confCLIENT_CERT', `localCERT')dnl
define(`confCLIENT_KEY',  `localCERT')dnl

dnl * do SMTPAUTH
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

dnl * look for AuthOptions @ op.ps
define(`confAUTH_OPTIONS', `A p y')dnl


define(`confSAVE_FROM_LINES', `True')dnl
define(`HELP_FILE',`none')dnl
define(`confDELIVERY_MODE', `background')dnl

dnl * define(`confMAX_MESSAGE_SIZE',`31457280')
define(`confERROR_MESSAGE',`/etc/mail/error-header')dnl
define(`confREJECT_MSG',`550 Access denied. For our users call IT dpt 911')dnl
define(`confRELAY_MSG', `550 Relaying denied. For our users call IT dpt 911')dnl

dnl define(`confSMTP_LOGIN_MSG',`$j server; $b')
define(`confSMTP_LOGIN_MSG',`$j server ready.\nWelcome to us.\nSending UBE is forbidden.\nViolators will be severely prosecuted.')

dnl * DAEMON_OPTIONS(`Name=MTA,Addr=0.0.0.0')
DAEMON_OPTIONS(`Name=MTA,Addr=X.X.X.X')
DAEMON_OPTIONS(`Name=MTA-local0,Addr=127.0.0.1')
DAEMON_OPTIONS(`Name=MTA-local3,Addr=Y.Y.Y.Y')
DAEMON_OPTIONS(`Family=inet,Name=MTA-SSL,Port=465,M=abs')

# Maps
define(`confLDAP_DEFAULT_SPEC', `-H ldaps://ldap.foo.bar -b ou=foo.bar,ou=Sendmail,dc=foo,dc=bar -w3 -d uid=bind@mail.foo,ou=people,dc=foo,dc=bar -P /etc/mail/ldappass')dnl
define(`confLDAP_CLUSTER', `fo01')

LOCAL_CONFIG
Klocal_alias hash -T<TMPF> -o /etc/mail/aliases
Kldap_alias ldap -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAAliasGrouping=aliases)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAKey=%0)) -v sendmailMTAAliasValue
define(`ALIAS_FILE',`sequence: local_alias ldap_alias')

FEATURE(`access_db', `LDAP')
FEATURE(`mailertable', `LDAP')

FEATURE(use_cw_file)
FEATURE(use_ct_file)
FEATURE(redirect)
FEATURE(always_add_domain)
FEATURE(blacklist_recipients)
FEATURE(relay_entire_domain)

# Milter
define(`confMILTER_LOG_LEVEL',4)
INPUT_MAIL_FILTER(`mailfrom', `S=unix:/var/run/mailfromd/mailfromd.sock, F=T, T=S:120s;R:360s')

# Mailers
MAILER_DEFINITIONS
Mlocal-ldap,    P=/usr/local/sbin/maidag, F=lsDFMA5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
                T=DNS/RFC822/X-Unix,
                A=maidag $u@$h

MAILER(smtp)

mailertable

test.foo.bar    local-ldap:test.foo.bar

Test

sendmail -bt > 3,0 blabla@foo.bar

mu

config

mailutils.rc

pop3d

imap4d

maidag