Recientemente instale un server
con dovecot y postfix autenticando con ldap.
Anteriormente instalaba el paquete saslauthd.
Pero ahora autentico postfix a traves
de dovecot que es mas sencillo.
Esta es la configuración:
/etc/dovecot/dovecot.conf
protocols = imap imaps pop3 pop3s
disable_plaintext_auth = no
log_path = /var/log/dovecot/dovecot.log
info_log_path = /var/log/dovecot/dovecot-info.log
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_user = dovecot
mail_location = maildir:~/Maildir
mail_privileged_group = mail
protocol imap {
mail_executable = /etc/dovecot/imap
}
protocol pop3 {
mail_executable = /etc/dovecot/pop3
pop3_uidl_format = %08Xu%08Xv
}
auth default {
mechanisms = plain login
passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
userdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
/etc/dovecot/dovecot-ldap.conf
hosts = localhost
dn = cn=services,dc=hlg,dc=rimed,dc=cu
dnpass = password
ldap_version = 3
base = ou=usuarios,dc=hlg,dc=rimed,dc=cu
deref = never
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%u)(mailstatus=on))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u)(mailstatus=on))
default_pass_scheme = md5
y esto en el postfix
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
delay_warning_time = 4h
bounce_queue_lifetime = 7d
maximal_queue_lifetime = 7d
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = correo.hlg.rimed.cu
mydomain = hlg.rimed.cu
myorigin = hlg.rimed.cu
alias_maps = hash:/etc/postfix/filters/aliases
alias_database = hash:/etc/postfix/filters/aliases
mydestination = hlg.rimed.cu
relayhost = 192.168.159.22
mynetworks = 127.0.0.0/8 192.168.159.22
message_size_limit = 1048576
mailbox_size_limit = 1048576
virtual_mailbox_limit = 1048576
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
disable_dns_lookups = yes
home_mailbox = Maildir/
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10
smtp_sasl_auth_enable = no
smtpd_helo_required = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
virtual_maps = $alias_maps, ldap:/etc/postfix/ldap/list.cf,
ldap:/etc/postfix/ldap/mail.cf, hash:/etc/postfix/filters/virtual
local_recipient_maps = $virtual_maps
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject
smtpd_sender_login_maps = ldap:/etc/postfix/ldap/owner.cf
smtpd_sender_restrictions =
reject_sender_login_mismatch,
check_sender_access ldap:/etc/postfix/ldap/access-out.cf,
permit_sasl_authenticated,
permit_mynetworks,
reject
smtpd_recipient_restrictions =
check_recipient_access ldap:/etc/postfix/ldap/access-in.cf,
permit_sasl_authenticated,
permit_auth_destination,
permit_mynetworks,
reject_unknown_client,
reject_unauth_destination,
reject
smtpd_restriction_classes =
limitado-in,
limitado-out,
localgrp-in,
localgrp-out,
nacional-in,
nacional-out,
especial-in,
especial-out,
internac-in,
internac-out
limitado-in =
check_sender_access regexp:/etc/postfix/filters/limitado,
reject
limitado-out =
check_recipient_access regexp:/etc/postfix/filters/limitado,
reject
localgrp-in =
check_sender_access regexp:/etc/postfix/filters/localgrp,
reject
localgrp-out =
check_recipient_access regexp:/etc/postfix/filters/localgrp,
reject
nacional-in =
check_sender_access regexp:/etc/postfix/filters/nacional,
reject
nacional-out =
check_recipient_access regexp:/etc/postfix/filters/nacional,
reject
especial-in =
check_sender_access regexp:/etc/postfix/filters/especial,
reject
especial-out =
check_recipient_access regexp:/etc/postfix/filters/especial,
reject
internac-in =
check_sender_access regexp:/etc/postfix/filters/internac,
reject
internac-out =
check_recipient_access regexp:/etc/postfix/filters/internac,
reject
--
“En la tierra hacen falta personas que trabajen más
y critiquen menos, que construyan más y destruyan menos,
que prometan menos y resuelvan más, que esperen recibir
menos y dar más, que digan mejor ahora que mañana”.
Che
_______________________________________________
Cancelar suscripción
https://listas.softwarelibre.cu/mailman/listinfo/linux-l
Buscar en el archivo
http://listas.softwarelibre.cu/buscar/linux-l
