To handle email, the system uses a combination of Postfix, Courier-IMAP
and Squirrelmail. Additionally, the system integrates Amavis and Spamassassin
for virus and spam filtering. SSL/TLS transport and SASL for
authenticated relaying are also supported.
Mailman or Sympa can be installed as listserver.
Most settings for these services are stored in LDAP. The mail service daemons
all use the vmail user to read from LDAP. They need almost full read access
but no write access to handle authentication, read user specific email
settings and locate user mail-directories.
apt-get install postfix postfix-ldap |
| make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" AUXLIBS="-L/usr/local/lib -lldap -L/usr/local/lib -llber" |
Postfix is configured to deliver email for hosted users to the virtual delivery agent and email for local users to the local delivery agent. Mail to the rest of the world is handled via smtp. This is to keep system accounts like root and daemon accounts sending error messages seperate from user mailboxes.
Our default location to store email is $HOME/Maildir. For virtual
users, this will be /hosting/domain.name/home/username/Maildir.
The $HOME/Maildir is also the Courier default so sticking to that makes configuration easier.
User mailboxes are owned by the users themselves and are generated
automatically. It is essential that the home directory of the user exists
though.
Aliases are seperated into local aliases (from file) which cannot be
manipulated by hosted users and are only stored locally, and virtual aliases,
which are stored in LDAP.
TODO: story about different types of aliases in LDAP!
Postfix can either rely on the misc schema, the jamm.schema or the qmail.schema for interoperability with LDAP. The current configuration uses the misc schema with the possibility of including the qmail.schema later in case we need it (it is loaded into slapd in any case). The postfix configuration allows for the lookup of several key map entries in ldap. Each lookup map has to be given independent definitions. Important when creating one of those is to make sure that the attribute filters are set correctly so the queries result in the correct attribute values. The attributes used by Postfix are now all contained in the authldap.schema and the misc.schema (qmail.schema optional)
All virtual-user data is stored and manipulated in LDAP. Postfix uses the following attributes:
mail The email address email for this user gets forwarded to. If it is delivered to the local user, this contains the uid@domain value. maildrop Local email addresses this virtual users accepts mail for. mailbox Location of the users mailbox for local delivery. The format if this value is: domain/home/username/Maildir/ -> Note that /hosting/ is omitted. -> Note the trailing slash at the end |
Postfix is a very feature-rich MTA. Going into all the configuration
possibilities for Postfix goes beyond the scope of this document. If you
never used Postfix before or have specific questions, the Postfix documentation pages might be a
good place to start
We will include all directives here which are essential for DISC to run, not
an in-depth Postfix configuration manual. It is also highly recommended to
study the README_FILES directory and the examples directory in the Postfix
source tree
Our configuration example is based on the Debian main.cf file as it comes with Debian Sarge at the time of writing. Your version might be a bit different. We will go through a standard Postfix main.cf file from top to bottom.
Set your hostname to a hostname that resolves to your ip, but is NOT going to be used as a virtual host!
myhostname: xtra.myhostname.org |
set mydestination:
mydestination = $myhostname, localhost.localdomain, localhost.localdomain, localhost |
read aliases from ldap:
alias_maps = hash:/etc/aliases,ldap:aliases alias_database = hash:/etc/aliases |
use Maildir format as default
home_mailbox = Maildir/ |
local mail delivery should still work
local_transport = local local_recipient_maps = unix:passwd.byname unknown_local_recipient_reject_code = 550 forward_path = $home/.forward |
TODO: What is the difference between: local_recipient_maps = unix:passwd.byname and local_recipient_maps = unix:passwd.byname hash:/etc/aliases
read virtual hosts (local delivery) relays from ldap:
relay_domains = /etc/postfix/relay_domains |
touch /etc/postfix/relay_domains |
Now we define the virtual delivery to ldap:
virtual_transport = virtual virtual_mailbox_domains = ldap:domains virtual_alias_maps = ldap:aliases virtual_uid_maps = ldap:accounts virtual_gid_maps = ldap:accounts virtual_mailbox_base = /hosting virtual_mailbox_maps = ldap:mailbox virtual_minimum_uid = 2000 |
For each of the above, we have to set the ldap connection:
aliases_server_host = 127.0.0.1 aliases_search_base = dc=dot aliases_scope = sub aliases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias)) aliases_result_attribute = maildrop aliases_bind = yes aliases_bind_dn = uid=vmail,ou=system-users,dc=dot aliases_bind_pw = xxxxxxx accounts_server_host = 127.0.0.1 accounts_search_base = dc=dot accounts_scope = sub accounts_query_filter = (&(maildrop=%s)(objectClass=CourierMailAccount)) accounts_result_attribute = uidNumber gidnumber accounts_bind = yes accounts_bind_dn = uid=vmail,ou=system-users,dc=dot accounts_bind_pw = xxxxxxx mailbox_server_host = 127.0.0.1 mailbox_search_base = dc=dot mailbox_scope = sub mailbox_query_filter = (&(maildrop=%s)(objectClass=CourierMailAccount)) mailbox_result_attribute = mailbox mailbox_bind = yes mailbox_bind_dn = uid=vmail,ou=system-users,dc=dot mailbox_bind_pw = xxxxxxx domains_server_host = 127.0.0.1 domains_search_base = dc=dot domains_scope = sub domains_query_filter = (&(objectClass=domainRelatedObject)(associatedDomain=%s)) domains_result_attribute = associatedDomain domains_bind = yes domains_bind_dn = uid=vmail,ou=system-users,dc=dot domains_bind_pw = xxxxxxx |
This concludes the minimal postfix configuration. The rest is optional, but probably just as necessary. Before you install the rest, test the following: