In the following article, Linuxbasiccommad will guide you how to set up the system fully featured mail server, secure, scalable and replace a number of other functions if necessary. This model provides hosting services for virtual mailbox with many different formats, filtering and quota server - side, domain alias, alias address, forwarding address and the catchall address. Transition are secure protocol SMTP-AUTH and STARTTLS. The email received will be strictly controlled by the virus filter, spam, malware and quickly remove the SPF and DNSBL policy.
And the whole process will be undergoing three main server:
- An MX server, here will concentrate all the security features (faramir.middle.earth)
- A transition SMTP protocol, allowing users to send emails to the outside (ectelion.middle.earth)
- Mailstore a server used to store all data of the mailbox (denetor.middle.earth)
Of course, you can assign more custom MX record to use DNS MX domains, forwarding services using DNS round-robin, archiving, email forwarding and division ... will be fully addressed in the article.
All operations were performed on systems that use Debian server operating system.
Set up LDAP
The entire information of the user are stored in the LDAP directory. And this is how we installed on the server making the transition task. The system requires the following packages needed:
sudo apt-get install slapd ldap-utils
Here, we will use the following LDAP parameters:
- ldapBase: dc=middle,dc=earth
- adminDn: cn=admin,dc=middle,dc=earth
- adminPwd: thirdAge
Besides, we need to use LDAP schema is available. Most of the properties and subject to the standard, noting that much of the standard attributes user should pay attention to avoid duplication event occurred.
Transplantation in openldap schema is available in the / etc / ldap / schema / mailMEO.schema
attributetype ( 2.16.840.1.113730.3.1.13
NAME 'mailLocalAddress'
DESC 'RFC822 email address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 2.16.840.1.113730.3.1.16
NAME 'mailQuota'
DESC 'Maiximal amount of disk space for a mailbox in kilobytes'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113730.3.1.18
NAME 'mailHost'
DESC 'FQDN of the SMTP/MTA of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributetype ( 2.16.840.1.113730.3.1.22
NAME 'mailCopyAddress'
DESC 'RFC822 email shadow copy address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 2.16.840.1.113730.3.1.47
NAME 'mailRoutingAddress'
DESC 'RFC822 routing address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 2.16.840.1.113730.3.1.49
NAME 'spamassassinUserPrefs'
DESC 'SpamAssassin user preferences'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
objectclass ( 2.16.840.1.113730.3.2.147
NAME 'inetLocalMailRecipient'
DESC 'Internet local mail recipient'
SUP top AUXILIARY
MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress $ mailCopyAddress $ mailQuota $ spamassassinUserPrefs ) )
objectclass ( 2.16.840.1.113730.3.2.148
NAME 'inetMailForwarder'
DESC 'Internet mail Forward Address'
SUP top AUXILIARY
MAY ( mailHost $ mailRoutingAddress ) )
Confiure file /etc/ldap/slapd.conf:
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/mailMEO.schema
Check line:
suffix "dc=middle,dc=earth"
Then, add the ACLs assigned to the daemon should use to transfer data to LDAP. Readonly attribute to initialize access to userPassword for devecot
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=middle,dc=earth" write
by dn="uid=dovecot,dc=middle,dc=earth" read
by anonymous auth
by self write
by * none
Confiure exim and dovecot with too
access to *
by dn="cn=admin,dc=middle,dc=earth" write
by dn="uid=dovecot,dc=middle,dc=earth" read
by dn="uid=exim,dc=middle,dc=earth" read
by * read
by anonymous none
ACL final parameters assume the responsibility for preventing the ability to read data from anonymous accounts, but allowed to edit the account is confirmed. Slapd restart to apply the changes
sudo /etc/init.d/slapd restart
After that, we must create a user account with the previous ACL. To do this, we must use user.ldif file follows:
dn: uid=exim,dc=middle,dc=earth
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: exim
userPassword:: e01ENX1hOElTeXAwV2hnVzFSVnhHd0hCNDF3PT0=
dn: uid=dovecot,dc=middle,dc=earth
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: dovecot
userPassword:: e01ENX1yZGp2Q1lPNmtDRm1scXAyVWQwa0xBPT0=
This account will have a user / pass is: dovecot / dovecotpopper and exim4 / eximmta
To provide information and data to the root directory, use the following command:
ldapadd -x -D cn=admin,dc=middle,dc=earth -W < users.ldif
Below is a sample ldif file containing the data:
dn: ou=domains,dc=middle,dc=earth
objectClass: organizationalUnit
objectClass: top
ou: domains
dn: dc=middle.earth,ou=domains,dc=middle,dc=earth
dc: middle.earth
objectClass: dNSDomain
objectClass: top
objectClass: inetLocalMailRecipient
objectClass: domainRelatedObject
objectClass: posixAccount
mailLocalAddress: catchall@middle.earth
cn: catchall
gidNumber: 8
homeDirectory: /var/mail/middle.earth/c/catchall
uid: catchall
uidNumber: 8
userPassword:: e01ENX1EV3RteGErOFROanJKNUFXZWt1Z0tBPT0=
mailQuota: 102400
mailHost: denetor.middle.earth
associatedDomain: middle.earth
associatedDomain: lotr.middle.earth
dn: uid=sam,dc=middle.earth,ou=domains,dc=middle,dc=earth
cn: sam
displayName: Sam Gamji
gidNumber: 8
homeDirectory: /var/mail/middle.earth/s/sam
mail: sam@middle.earth
mailHost: 172.16.16.23
mailQuota: 102400
objectClass: inetLocalMailRecipient
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
sn: Gamji
uidNumber: 8
uid: sam
userPassword:: e01ENX1NeVV5M1BxaHkvWWVLaVpyMXlOaExBPT0=
mailLocalAddress: sam@middle.earth
mailLocalAddress: gamji@middle.earth
mailLocalAddress: shire@middle.earth
dn: uid=frodo,dc=middle.earth,ou=domains,dc=middle,dc=earth
cn: frodo
displayName: Frodo Baggins
gidNumber: 8
givenName: Frodo
homeDirectory: /var/mail/middle.earth/f/frodo
mail: frodo@middle.earth
mailHost: 172.16.16.23
mailQuota: 102400
objectClass: inetLocalMailRecipient
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
sn: Baggins
uidNumber: 8
uid: frodo
userPassword:: e01ENX04UGlDRHVnWEdCMmNhRktnbDljTmpRPT0=
mailLocalAddress: frodo@middle.earth
mailLocalAddress: baggins@middle.earth
mailLocalAddress: shire@middle.earth
dn: uid=gmail,dc=middle.earth,ou=domains,dc=middle,dc=earth
cn: gmail
mail: alxgomz@gmail.com
mailHost: 172.16.16.23
mailRoutingAddress: alxgomz@gmail.com
objectClass: inetMailForwarder
objectClass: inetOrgPerson
objectClass: top
sn: alias to Gmail address
uid: gmail
skip to main |
skip to sidebar
Linux basic command - Give you the basics and advanced on linux. Including the operating system, commands and software packages for linux.
RSS Feed (xml)
No comments:
Post a Comment