{"id":232,"date":"2010-12-18T14:33:11","date_gmt":"2010-12-18T13:33:11","guid":{"rendered":""},"modified":"2010-12-20T17:58:33","modified_gmt":"2010-12-20T15:58:33","slug":"konfiguracja-dostarczania-poczty-w-oparciu-o-ldap","status":"publish","type":"post","link":"https:\/\/drfugazi.eu.org\/en\/konfiguracja-dostarczania-poczty-w-oparciu-o-ldap\/","title":{"rendered":"Konfiguracja dostarczania poczty w oparciu o LDAP"},"content":{"rendered":"

Ostatnio pisa\u0142em o konfiguracji uwierzytelniania u\u017cytkownik\u00f3w w katalogu LDAP aby mogli odbiera\u0107 i wysy\u0142a\u0107 poczt\u0119. Teraz czas na konfiguracj\u0119 Postfixa aby t\u0119 poczt\u0119 dostarcza\u0142 do w\u0142a\u015bciwych domen i skrzynek.<\/h3>\n

Je\u015bli kompilujecie\/instalujecie Postfixa samodzielnie, to nale\u017cy pami\u0119ta\u0107 o wkompilowaniu wsparcia dla LDAP oraz wskazaniu \u015bcie\u017cki do bibliotek LDAP. Ja p\u00f3jd\u0119 na \u0142atwizn\u0119 i zrobi\u0119 to na Ubuntu:<\/p>\n

\r\n$ sudo -i\r\n# apt-get install postfix-ldap\r\n<\/code><\/pre>\n
To do\u0142o\u017cy nam do postfixa wsparcie dla map typu ldap:<\/code><\/p>\n
Teraz mo\u017cemy zabra\u0107 si\u0119 za konfiguracj\u0119 serwera Postfix:<\/p>\n
\r\n# cd \/etc\/postfix\r\n# vi main.cf\r\n<\/code><\/pre>\n
<\/p>\n
Do main.cf<\/code> dodajemy takie wpisy (oczywi\u015bcie example.com i to co trzeba zast\u0119pujemy):<\/p>\n
\r\nldap_bind_dn = cn=admin,dc=example,dc=com\r\nldap_bind_pw = secret\r\nldap_search_base = o=hosting,dc=example,dc=com\r\nldap_domain = dc=example,dc=com\r\nldap_server_host = localhost\r\nldap_server_port = 389\r\nldap_version = 3\r\n\r\n# Accounts\r\naccounts_server_host = $ldap_server_host\r\naccounts_search_base = $ldap_search_base\r\naccounts_query_filter = (&(objectClass=mailUser)(mail=%s))\r\naccounts_result_attribute = mailMessageStore\r\naccounts_cache = no\r\naccounts_bind = yes\r\naccounts_bind_dn = $ldap_bind_dn\r\naccounts_bind_pw = $ldap_bind_pw\r\naccounts_version = $ldap_version\r\n\r\naccountsmap_server_host = $ldap_server_host\r\naccountsmap_search_base = $ldap_search_base\r\naccountsmap_query_filter = (&(objectClass=mailUser)(mail=%s))\r\naccountsmap_result_attribute = mail\r\naccountsmap_cache = no\r\naccountsmap_bind = yes\r\naccountsmap_bind_dn = $ldap_bind_dn\r\naccountsmap_bind_pw = $ldap_bind_pw\r\naccountsmap_version = $ldap_version\r\n\r\n# aliases\r\naliases_server_host = $ldap_server_host\r\naliases_search_base = $ldap_search_base\r\naliases_query_filter = (&(objectClass=mailAlias)(mail=%s))\r\naliases_result_attribute = mailForwardingAddress\r\naliases_bind = yes\r\naliases_cache = no\r\naliases_bind_dn = $ldap_bind_dn\r\naliases_bind_pw = $ldap_bind_pw\r\naliases_version = $ldap_version\r\n\r\n# transports\r\ntransport_server_host = $ldap_server_host\r\ntransport_search_base = $ldap_search_base\r\ntransport_query_filter = (&(objectClass=mailDomain)(domainName=%s))\r\ntransport_result_attribute = mtaTransport\r\ntransport_cache = no\r\ntransport_bind = yes\r\ntransport_scope = one\r\ntransport_bind_dn = $ldap_bind_dn\r\ntransport_bind_pw = $ldap_bind_pw\r\ntransport_version = $ldap_version\r\n\r\n# transport_maps\r\nmaildrop_destination_concurrency_limit = 2\r\nmaildrop_destination_recipient_limit = 1\r\ntransport_maps = ldap:transport\r\nvirtual_alias_maps = ldap:aliases, ldap:accountsmap\r\n\r\n# virtual accounts for delivery\r\nvirtual_mailbox_domains = ldap:transport\r\nvirtual_mailbox_base = \/vdhome\r\nvirtual_mailbox_maps = ldap:accounts\r\nvirtual_minimum_uid = 501\r\nvirtual_uid_maps = static:501\r\nvirtual_gid_maps = static:501\r\n\r\nlocal_recipient_maps = $alias_maps $virtual_mailbox_maps\r\n<\/code><\/pre>\n
Powy\u017csze wpisy powinny nam za\u0142atwi\u0107 dostarczanie przez postfixa poczty do skrzynek, stara\u0142em si\u0119 to maksymalnie upro\u015bci\u0107, \u017ceby nie zaciemnia\u0107 obrazu. Mo\u017ce w dalszym etapie spr\u00f3buj\u0119 t\u0119 konfiguracj\u0119 doszlifowa\u0107, tak aby sprawdza\u0107 status kont (aktywne\/nieaktywne) i troch\u0119 poprawi\u0107 bezpiecze\u0144stwo, bo nie ma potrzeby aby cn=admin przegl\u0105da\u0142 katalog.<\/p>\n
Mo\u017cna zrestartowa\u0107 postfixa i trzeba spojrze\u0107 w logi czy nie wyplu\u0142 jakich\u015b b\u0142\u0119d\u00f3w. Je\u015bli wystartowa\u0142, to na chwil\u0119 go zostawimy i zajmiemy si\u0119 konfiguracj\u0105 poczty w katalogu LDAP. Mo\u017cecie skorzysta\u0107 z tego co wcze\u015bniej opisa\u0142em tutaj: konfiguracja uwierzytelniania poczty w LDAP<\/a>, ale ja dodam tutaj now\u0105 domen\u0119 virtdomain.com<\/b>, u\u017cytkownika jsmith<\/b> i alias postmaster<\/b>, kt\u00f3ry b\u0119dzie wskazywa\u0142 na jsmith. Mo\u017cna to wyklika\u0107 w phpLDAPadmin lub innym narz\u0119dziu, mo\u017cna te\u017c oczywi\u015bcie wci\u0105gn\u0105\u0107 ldifa, takiego jak ten:<\/p>\n
\r\ndn: domainName=virtdomain.com,o=hosting,dc=example,dc=com\r\ndomainname: virtdomain.com\r\nmtatransport: virtual\r\nobjectclass: mailDomain\r\nobjectclass: top\r\n\r\ndn: uid=jsmith,domainName=virtdomain.com,o=hosting,dc=example,dc=com\r\ncn: John Smith\r\ngivenname: John\r\nhomedirectory: \/vdhome\/virtdomain.com\/jsmith\r\nmail: jsmith@virtdomain.com\r\nmailmessagestore: virtdomain.com\/jsmith\/Maildir\/\r\nobjectclass: inetOrgPerson\r\nobjectclass: top\r\nobjectclass: mailUser\r\nsn: Smith\r\nuid: jsmith\r\nuserpassword: {MD5}XD9034sf8w83sfoXXg==\r\n\r\ndn: mail=postmaster@virtdomain.com,domainName=virtdomain.com,o=hosting,dc=example,\r\n dc=com\r\ncn: Postmaster\r\nmail: postmaster@virtdomain.com\r\nmailforwardingaddress: jsmith@virtdomain.com\r\nobjectclass: mailAlias\r\nobjectclass: top\r\n<\/code><\/pre>\n
Je\u015bli dodajecie to z phpLDAPadmina to przy dodawaniu u\u017cytkownika trzeba najpierw wybra\u0107 klas\u0119 obiektu inetOrgPerson<\/code> jako strukturaln\u0105, a p\u00f3\u017aniej do\u0142o\u017cy\u0107 klas\u0119 mailUser<\/code> i nast\u0119pnie potrzebne atrybuty. Jako RDN mo\u017cna te\u017c wybra\u0107 atrybut mail<\/code> i wtedy nie trzeba w og\u00f3le nadawa\u0107 uid<\/code>.<\/p>\n
Prosz\u0119 zwr\u00f3ci\u0107 uwag\u0119 na atrybut homeDirectory<\/code> oraz mailMessageStore<\/code>, ten ostatni jak wida\u0107 zawiera wzgl\u0119dn\u0105<\/b> \u015bcie\u017ck\u0119 do skrzynki u\u017cytkownika, pocz\u0105tek tej \u015bcie\u017cki dok\u0142adany jest przez Postfixa i bierze si\u0119 ze zmiennej virtual_mailbox_base<\/code>. Dovecot tymczasem korzysta z atrybutu homeDirectory<\/code> i do niego dokleja \/Maildir<\/code>. Nie jest to dobra sytuacja i p\u00f3\u017aniej napisz\u0119 jak to usprawni\u0107, na chwil\u0119 obecn\u0105 powinno zadzia\u0142a\u0107.<\/p>\n
Sprawd\u017amy czy postfix rozwi\u0105zuje dobrze mapy LDAPowe:<\/h3>\n
\r\n# postmap -q \"virtdomain.com\" ldap:transport\r\nvirtual\r\n# postmap -q \"postmaster@virtdomain.com\" ldap:aliases\r\njsmith@virtdomain.com\r\n# postmap -q \"jsmith@virtdomain.com\" ldap:accounts\r\nvirtdomain.com\/jsmith\/Maildir\/\r\n# postmap -q \"jsmith@virtdomain.com\" ldap:accountsmap\r\njsmith@virtdomain.com\r\n<\/code><\/pre>\n
Mniej wi\u0119cej takie powinny by\u0107 wyniki, je\u015bli nie dostajecie \u017cadnych wynik\u00f3w lub zg\u0142aszany jest b\u0142\u0105d pod\u0142\u0105czenia do LDAP, to trzeba przejrze\u0107 logi, konfiguracj\u0119 i usprawni\u0107.<\/p>\n
Je\u015bli wszystko jest dobrze, to po skonfigurowaniu konta pocztowego w kliencie poczty i wys\u0142aniu poczty do samego siebie, wiadomo\u015b\u0107 powinna zosta\u0107 dostarczona do skrzynki. Je\u015bli w logach postfixa zobaczycie taki komunikat:<\/p>\n
\r\nstatus=bounced (mail for example.com loops back to myself)\r\n<\/code><\/pre>\n
to co\u015b jest nie tak z transportem. I tutaj uwaga: jak wpiszecie to w google to znajdziecie wiele wynik\u00f3w i rozwi\u0105za\u0144 tego problemu, zwykle sugestia jest taka, aby dopisa\u0107 domen\u0119 (tu example.com) do mydestination<\/code>. Nie id\u017acie t\u0105 drog\u0105!<\/b> \ud83d\ude09 W dokumentacji Postfixa w sekcji VIRTUAL_README<\/a> Vietse napisa\u0142 dobitnie:<\/p>\n
\r\nNEVER list a virtual MAILBOX domain name as a mydestination domain!\r\nNEVER list a virtual MAILBOX domain name as a virtual ALIAS domain!\r\n<\/code><\/pre>\n
innymi s\u0142owy: jak domena jest wirtualna, to ma by\u0107 wirtualna, postfix b\u0119dzie wiedzia\u0142, \u017ce ma przyj\u0105\u0107 dla niej poczt\u0119 tylko trzeba mu wskaza\u0107 dok\u0105d j\u0105 dostarczy\u0107.<\/p>\n","protected":false},"excerpt":{"rendered":"
Ostatnio pisa\u0142em o konfiguracji uwierzytelniania u\u017cytkownik\u00f3w w katalogu LDAP aby mogli odbiera\u0107 i wysy\u0142a\u0107 poczt\u0119. Teraz czas na konfiguracj\u0119 Postfixa aby t\u0119 poczt\u0119 dostarcza\u0142 do w\u0142a\u015bciwych domen i skrzynek.<\/h3>\n
Je\u015bli kompilujecie\/instalujecie Postfixa samodzielnie, to nale\u017cy pami\u0119ta\u0107 o wkompilowaniu wsparcia dla LDAP oraz wskazaniu \u015bcie\u017cki do bibliotek LDAP. Ja p\u00f3jd\u0119 na \u0142atwizn\u0119 i zrobi\u0119 to na Ubuntu:<\/p>\n
\r\n$ sudo -i\r\n# apt-get install postfix-ldap\r\n<\/code><\/pre>\n
To do\u0142o\u017cy nam do postfixa wsparcie dla map typu ldap:<\/code><\/p>\n
Teraz mo\u017cemy zabra\u0107 si\u0119 za konfiguracj\u0119 serwera Postfix:<\/p>\n
\r\n# cd \/etc\/postfix\r\n# vi main.cf\r\n<\/code><\/pre>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[],"tags":[6,34,11],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-3K","jetpack-related-posts":[{"id":272,"url":"https:\/\/drfugazi.eu.org\/en\/mail-delivery-configuration-ldap\/","url_meta":{"origin":232,"position":0},"title":"Mail delivery configuration with LDAP","author":"drfugazi","date":"Wednesday May 25th, 2011","format":false,"excerpt":"Sorry, this entry is only available in Polish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.Ostatnim razem pisa\u0142em o uwierzytelnianiu u\u017cytkownik\u00f3w w katalogu LDAP aby umo\u017cliwia\u0107 im odbieranie i nadawanie poczty. Teraz nadszed\u0142\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":231,"url":"https:\/\/drfugazi.eu.org\/en\/konfiguracja-uwierzytelniania-poczty-w-ldap\/","url_meta":{"origin":232,"position":1},"title":"Konfiguracja uwierzytelniania poczty w LDAP","author":"drfugazi","date":"Friday December  3rd, 2010","format":false,"excerpt":"Zak\u0142adam, \u017ce Dovecot i Postfix ju\u017c dzia\u0142aj\u0105 i mo\u017cna odebra\u0107 i wys\u0142a\u0107 poczt\u0119 loguj\u0105c si\u0119 na u\u017cytkownika systemowego (patrz poprzednie wpisy). Nadszed\u0142 zatem czas na uruchomienie uwierzytelniania w naszym katalogu LDAP (patrz konfiguracja LDAP). Wykorzystanie LDAPa do uwierzytelniania u\u017cytkownik\u00f3w pozwala na elastyczne zarz\u0105dzanie hostingiem poczty i nie tylko. LDAP jest\u2026","rel":"","context":"In \"Dovecot\"","block_context":{"text":"Dovecot","link":"https:\/\/drfugazi.eu.org\/en\/tag\/dovecot\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":374,"url":"https:\/\/drfugazi.eu.org\/en\/mail-system-implementation\/","url_meta":{"origin":232,"position":2},"title":"Mail system implementation","author":"drfugazi","date":"Thursday August 16th, 2012","format":false,"excerpt":"My experience, which I gained during implementation of different systems shows, that implementation should be done in stages. Then, at each stage you can see if it works, if there are some fields to improve and then go to the next stage of implementation. Mail system implementation is not exception.\u2026","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":373,"url":"https:\/\/drfugazi.eu.org\/en\/budowa-systemu-pocztowego\/","url_meta":{"origin":232,"position":3},"title":"Building mail system","author":"drfugazi","date":"Monday August 13th, 2012","format":false,"excerpt":"This description is based on my experience, which I gained during mail system implementation on University of Silesia (Katowice\/Poland). In the first stage there was about 3 000 of users, now the system is handling about 40 k of mail users. Whole system (exluding Sophos AV) is based on Open\u2026","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":692,"url":"https:\/\/drfugazi.eu.org\/en\/solaris-ldap-autofs-client-configuration\/","url_meta":{"origin":232,"position":4},"title":"Solaris LDAP autofs client configuration","author":"drfugazi","date":"Thursday December 15th, 2016","format":false,"excerpt":"Last time I wrote about autofs configuration on LDAP server, now it is time to configure autofs client in Solaris. I assume that in DUAConfigProfile, objectClasses and attributes are already defined. You can check this with simply commands: If you have similar output, you can proceed with configuration in system\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":375,"url":"https:\/\/drfugazi.eu.org\/en\/postscreen-greylisting-postfix\/","url_meta":{"origin":232,"position":5},"title":"Postscreen – Greylisting in Postfix","author":"drfugazi","date":"Saturday August 18th, 2012","format":false,"excerpt":"Greylisting is well known antispam technique. It's idea is basing on fact, that spamming hosts (zombies) do not have time for re-transmission and are trying to send maximum amount of spam in shortest time period. This is achieved by connections to different mail servers and submission of message even without\u2026","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/232"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=232"}],"version-history":[{"count":0,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/232\/revisions"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}