Postfix虚拟主机与LDAP后端和Dovecot作为IMAP / POP3服务器在Ubuntu仿生海狸18.04 LTS

Postfix虚拟主机与LDAP后端和Dovecot作为IMAP / POP3服务器在Ubuntu仿生海狸18.04 LTS

本文将介绍如何使用LDAP后端设置和配置虚拟邮件托管。

我们将在本文中使用的软件: Postfix (MTA), Dovecot (IMAP / POP3),   Gnarwl (假期), OpenLDAP (LDAP)和vMailpanel作为管理界面。

可选的是   proftpd的 FTP, Roundcube (webmail)和MariaDB (Roundcube的SQL后端)。

这对我有用,但我不能保证这个设置对你有用,所以这个方法没有任何保证。

假设

如果您的安装与此不同,此操​​作方法假定以下配置,则将以下条目替换为您的实际配置。

邮件传递(邮箱)路径:

/home/vmail/

用户   vmail

UID:1000, GID:1000

用户   Postfix

UID: 108, GID:108

OpenLDAP base dn:

dc=example,dc=tld

OpenLDAP管理员帐户:

cn=admin,dc=example,dc=tld

vMailpanel搜索dn:

o=hosting,dc=example,dc=tld

o = hosting,dc = example,dc = tld树的只读帐户:

cn=vmail,o=hosting,dc=example,dc=tld

您在本指南中使用root作为用户。

如果您想要o = maildomains或ou = domains,请确保将o = hosting替换为您想要的内容,尤其是在acl.ldif中。 这个acl文件是严格的,如果它不完全正确,phamm将无法正常工作。 如果你想要一个与phamm不同的只读用户而不是用cn = wat替换cn = phamm-你到底如何去处理。

本指南还假设您已根据需要安装和配置了Ubuntu服务器,有很多很好的指南     例如:

完美的服务器 - Ubuntu 18.04(Bionic Beaver)与Apache,PHP,MySQL,PureFTPD,BIND,Postfix,Dovecot和ISPConfig 3.1

您可以在安装和配置Apache2后停止。

第1步:下载vMailpanel

下载vMailpanel包:

cd /usr/share

获取最新版本的vMailpanel:

git clone https://git.com/wolmfan68/vMailpanel

好的,现在我们可以开始了。

第2步:安装和配置OpenLDAP

安装OpenLDAP和ldap-utils:

apt -y install slapd ldap-utils php-ldap

重新配置slapd以确保它反映您想要的设置

dpkg-reconfigure slapd

你将不得不回答一些问题:

Omit OpenLDAP server configuration? No
 DNS domain name: example.tld ==>put your domain name here
Organization name: example.tld ==> put your organization here
 Administrator password: secret ==> put your password
 Confirm password: secret 
Database backend to use: MDB
 Do you want the database to be removed when slapd is purged? Yes
 Move old database? Yes

转到/ etc / ldap / schema目录:

cd /etc/ldap/schema

将phamm.schema和perversia.net.schema从phamm包复制到schema目录:

cp /usr/share/vMailbox/schema/* /etc/ldap/schema.

现在我们将模式添加到openldap。

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/phamm.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ISPEnv2.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/amavis.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/pureftpd.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/perversia.net.ldif

现在我们创建o = hosting条目和vmail帐户。

根据您的需要修改以下文本,并为vmail帐户生成密码。 此文件中当前的哈希将密码设置为只读

要为vmail帐户创建哈希,请发出以下命令:

slappasswd -h {MD5}

输入所需密码两次,然后将结果复制到下面的文本中。

nano base.ldif

base.ldif的内容

dn: o=hosting,dc=example,dc=tld
objectClass: organization
objectClass: top
o: hosting description: Hosting Organization
# Read only account
dn: cn=vmail,o=hosting,dc=example,dc=tld
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: vmail
userPassword: {MD5}M267sheb6qc0Ck8WIPOvQA==
description: Read only account

使用以下命令将基本dn加载到数据库中:

ldapmodify -a -D cn=admin,dc=example,dc=tld -W -f base.ldif

现在我们需要修改acl,以便为每种用户类型提供正确的访问权限。

ldapmodify -Y EXTERNAL -H ldapi:/// -f acl-remove.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f acl-new.ldif

您可以使用以下命令检查新的acl:

slapcat -n 0

这样就完成了OpenLDAP配置。

第3步:安装并配置Postfix

在此之前,我们需要拥有   vmail   用户及其主目录。

创建   vmail   用户和组:

useradd vmail

默认情况下,该组   vmail   也被创造了。

检查   / etc / passwd文件   对于实际的uid和组号。

接下来,创建   vmail   目录并设置所有权   vmail   用户和组。

mkdir /home/vmail
mkdir /home/vmail/domains 
chown -R vmail:vmail /home/vmail

运行以下命令以安装Postfix和其他所需的应用程序:

apt install postfix postfix-ldap

你会被问到两个问题。 答案如下:

一般邮件配置类型:   < - 独自站立
系统邮件名称:   < - mail.example.tld

我们不安装sasl,因为我们将使用Dovecot LDA并交付。

现在我们为TLS创建证书:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

注意:您可以将examples / postfix下的所有文件复制到etc / postfix目录中并进行相应的更改。 出于完整性原因,我将在下面给出完整的设置。

现在我们将配置postfix:

cd /etc/postfix 
mv /etc/postfix/main.cf /etc/postfix/main.cf.bck
nano /etc/postfix/main.cf

并将以下内容粘贴到其中。 请注意,此配置允许由经过身份验证的用户发送(中继)邮件,并且还可以将本地邮件(例如root,postmaster,...)发送到相应的别名(如果已配置)。

smtpd_banner = $ myhostname ESMTP $ mail_name
biff =没有

#appending .domain是MUA的工作。
append_dot_mydomain =没有

#取消注释下一行以生成“延迟邮件”警告
delay_warning_time = 4h

#TLS参数
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls =是的
smtpd_tls_session_cache_database = btree:$ {queue_directory} / smtpd_scache
smtp_tls_session_cache_database = btree:$ {queue_directory} / smtp_scache

myhostname = mail.example.tld
alias_maps = hash:/ etc / aliases,
alias_database = hash:/ etc / aliases
myorigin = localhost
relayhost =  
mynetworks = 127.0.0.0/8
dovecot_destination_recipient_limit = 1
mailbox_command = / usr / lib / deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces =全部
inet_protocols =全部
#smtp_bind_address =您的IP地址(可选)==>取消标记并更改您的设置的IP地址。
smtpd_sasl_local_domain =  
smtpd_sasl_auth_enable =是的
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private / auth
broken_sasl_auth_clients =是的
smtpd_tls_auth_only =没有

smtp_use_tls =是的
smtp_tls_note_starttls_offer =是的
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header =是
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/ dev / urandom

home_mailbox = Maildir /

smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_unknown_sender_domain
reject_rbl_client list.dsbl.org
reject_rbl_client cbl.abuseat.org
reject_rhsbl_sender dsn.fc-ignorant.org

smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
许可证

smtpd_helo_required =是

#transport_maps
maildrop_destination_concurrency_limit = 2  
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1  
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/ etc / postfix / transport,ldap:/etc/postfix/ldap-transport.cf
mydestination = $ transport_maps,localhost,localhost.localdomain,$ myhostname,localhost。$ mydomain,$ mydomain

virtual_alias_maps =  
LDAP:/etc/postfix/ldap-aliases.cf,
LDAP:/etc/postfix/ldap-virtualforward.cf,
LDAP:/etc/postfix/ldap-accountsmap.cf

#虚拟账户进行交付
virtual_mailbox_base = / home / vmail
virtual_mailbox_maps =
LDAP:/etc/postfix/ldap-accounts.cf
virtual_minimum_uid = 1000 ==>将其更改为用户vmail的实际uid
virtual_uid_maps = static:1000 ==>将其更改为用户vmail的实际uid
virtual_gid_maps = static:1000 ==>将其更改为用户vmail的实际uid

local_recipient_maps = $ alias_maps

recipient_bcc_maps = ldap:/etc/postfix/ldap-vacation.cf

nano /etc/postfix/master.cf

并将以下内容粘贴到其中(添加结尾):

dovecot   unix  -       n       n       -       -       pipe
         flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
gnarwl    unix  -       n       n       -       -       pipe
         flags=F  user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

现在我们需要编写不同的ldap-xxx.cf文件

nano ldap-accounts.cf

并将以下内容粘贴到其中:

server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readmonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAccount)(mail =%s))(forwardActive = FALSE)(accountActive = TRUE)(delete = FALSE))
result_attribute = mailbox  

nano ldap-accounstmap.cf

并将以下内容粘贴到其中:

server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAccount)(mail =%s))(forwardActive = FALSE)(accountActive = TRUE)(delete = FALSE))
result_attribute = mail  

nano ldap-aliases.cf

并将以下内容粘贴到其中:

server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAlias)(mail =%s))(accountActive = TRUE))
result_attribute = maildrop  

nano ldap-transport.cf

并将以下内容粘贴到其中:

server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(vd =%s)(objectClass = VirtualDomain))(accountActive = TRUE)(delete = FALSE))  
result_attribute = postfixTransport  

nano ldap-vacation.cf

并将以下内容粘贴到其中:

server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAccount)(mail =%s))(vacationActive = TRUE)(forwardActive = FALSE)(accountActive = TRUE)(delete = FALSE))
result_attribute = mailAutoreply  

nano ldap-virtualforward.cf

并将以下内容粘贴到其中:

server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAccount)(mail =%s))(vacationActive = FALSE)(forwardActive = TRUE)(accountActive = TRUE)(delete = FALSE))
result_attribute = maildrop

这结束了Postfix设置。  

第4步:安装并配置Dovecot

apt install dovecot-imapd dovecot-pop3d dovecot-ldap

这将安装dovecot和所有必需的文件,并为IMAP和POP3创建标准SSL证书。

首先,我们改为dovecot目录。

注意:您可以将examples / dovecot下的所有文件复制到etc / dovecot目录中并进行相应的更改。 出于完整性原因,我将在下面给出完整的设置。

 cd /etc/dovecot

现在我们配置不同的dovecot配置文件。

nano dovecot-ldap.conf.ext

并进行以下更改:

hosts = localhost:389
ldap_version = 3
auth_bind =是的
dn = cn = vmail,o = hosting,dc = example,dc = tld
dnpass = readonly
base = o = hosting,dc = hosting,dc = tld
范围=子树
deref =从不

user_attrs = quota = quota = maildir:storage
user_attrs = quota = quota = maildir:storage =%$ B
user_filter =(&(objectClass = VirtualMailAccount)(accountActive = TRUE)(mail =%u))
pass_attrs = mail,userPassword
pass_filter =(&(objectClass = VirtualMailAccount)(accountActive = TRUE)(mail =%u))
default_pass_scheme = MD5

cd conf.d
vi 10-auth.conf

并改变部分   密码和用户数据库   对此:

#!include auth-deny.conf.ext
#!include auth-master.conf.ext

#!include auth-system.conf.ext
#!include auth-sql.conf.ext
!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

vi 10-mail.conf 

并进行以下更改:

mail_location = maildir:/ home / vmail /%d /%u

mail_uid = 1000 ==>更改为实际的vmail uid值

mail_gid = 1000 ==>将其更改为实际的vmail gid值

first_valid_uid = 1000 ==>更改为实际的vmail uid值

first_valid_gid = 1000 ==>将其更改为实际的vmail gid值

vi 10-master.conf 

并进行以下更改:

unix_listener auth-userdb {
mode = 0666
user = vmail
group = vmail
}

#Postfix smtp-auth
unix_listener / var / spool / postfix / private / auth {
mode = 0666
}

 vi 15-lda.conf

并进行以下更改:  

postmaster_address =   postmaster@example.tld

lda_mailbox_autocreate =是的

这就是Dovecot配置的结论。

第5步:安装并配置gnarwl

我们安装gnarwl:

apt install gnarwl

现在让我们配置gnarwl。

首先,我们将备份原始配置文件并将其替换为新配置文件。

mv /etc/gnarwl.conf /etc/gnarwl.conf.bck

现在我们创建新的conf文件:

vi /etc/gnarwl.conf

并插入以下内容:

map_sender $sender
map_receiver $recepient
map_subject $subject
map_field $begin vacationStart
map_field $end vacationEnd
map_field $fullname cn
map_field $deputy vacationForward
map_field $reply mail
server localhost
port 389
scope sub
login cn=vmail,o=hosting,dc=example,dc=tld
password readonly
protocol 0
base dc=example,dc=tld
queryfilter (&(mailAutoreply=$recepient)(vacationActive=TRUE))
result vacationInfo
blockfiles /var/lib/gnarwl/block/
umask 0644
blockexpire 48
mta /usr/sbin/sendmail -F $recepient -t $sender
maxreceivers 64
maxheader 512
charset ISO8859-1
badheaders /var/lib/gnarwl/badheaders.db
blacklist /var/lib/gnarwl/blacklist.db
forceheader /var/lib/gnarwl/header.txt
forcefooter /var/lib/gnarwl/footer.txt
recvheader To Cc
loglevel 3

使gnarwl目录对vmail用户可读

chown -R vmail:vmail /var/lib/gnarwl/

接下来,我们需要将gnarwl传输添加到postfix

vi /etc/postfix/transport

插入以下内容:

.autoreply      gnarwl:

现在我们需要创建transport.db

postmap /etc/postfix/transport

这结束了gnarwl配置。  

第6步:安装并配置vMailpanel

由于我们之前下载过vMailpanel,我们可以直接从vMailpanel接口的配置开始。

chown -R www-data:www-data /usr/share/phamm
cd /usr/share/vMailpanel

现在我们将配置phamm用于实际使用。

cp config.inc.example.php config.inc.php
nano config.inc.php

更改ldap连接参数以适合您的实际配置。

// *============================*
// *=== LDAP Server Settings ===*
// *============================*

// The server address (IP or FQDN)
define ('LDAP_HOST_NAME','127.0.0.1');

// The protocol version [2,3]
define ('LDAP_PROTOCOL_VERSION','3');

// The server port
define ('LDAP_PORT','389');

// The container
define ('SUFFIX','dc=example,dc=tld');

// The admin bind dn (could be rootdn)
define ('BINDDN','cn=admin,dc=example,dc=tld');

// The Phamm container
define ('LDAP_BASE','o=hosting,dc=example,dc=tld');

并改变

// Welcome message
define ('SEND_WELCOME',1);
$welcome_msg = '../welcome_message.txt';
$welcome_subject = 'Welcome!';
# $welcome_sender = 'postmaster@localhost';
$welcome_bcc = 'postmaster@example.tld';

这会向您的邮局主管帐户发送欢迎邮件和密件抄送。

通过删除插件部分中的//启用fpt和person插件。 如果需要,您还可以启用davical和/或jabber插件,安装这些插件所需的架构。

在config.inc.php中,您将找到:

define ('DELETE_ACCOUNT_IMMEDIATELY', false);

如果将此项设置为true,则帐户或域删除会立即生效。 但是,不删除物理邮箱(或域目录)。 要删除物理邮箱,我们应该使用cleaner.sh脚本。 这将在下面描述。

你可以编辑   插件/ mail.xml   要更改SMTP和配额的默认值,请根据需要进行修改。 默认设置为1GB配额。

你可以编辑   插件/ ftp.xml   要更改默认ftp(基本)目录和配额的默认值,请根据需要进行修改。

不要忘记为postmaster,webmaster创建别名和/或邮箱,因为官方和ISP使用它们来发送邮件,以防万一......没有这些地址可能导致被列入黑名单。

默认情况下,会创建默认为[email protected]的别名[email protected][email protected]

现在更干净的脚本:

cp tools/cleaner.sh /home/vmail/cleaner.sh

在cleaner.sh中更改以下内容

BINDDN="cn=admin,dc=example,dc=tld"
BINDPW="password"
LDAP_BASE="o=hosting,dc=example,dc=tld"

反映您的安装

nano /home/vmail/cleaner.sh
crontab -e

插入以下内容:

*/10 * * * * /home/vmail/cleaner.sh

这将每10分钟运行一个更干净的脚本。 随意改变时机。

现在我们将向Apache添加vMailpanel

nano /etc/apache2/conf-enabled/000-default.conf

并在<VirtualHost> </ VirtualHost>条目之间添加以下内容:

Alias /vmailpanel /usr/share/vMailpanel/public

vMailpanel配置到此结束。

第7步:安装和配置Roundcube webmail

首先,我们创建一个名为的数据库   圆形立方体

mysqladmin -u root -p create roundcube

接下来,我们转到MySQL shell:

mysql -u root -p

在MySQL shell上,我们创建了用户   roundcube   用密码   roundcube_password   (替换为您选择的密码)谁拥有   SELECT,INSERT,UPDATE,DELETE   特权   roundcube   数据库。 Postfix和Courier将使用此用户连接到   roundcube   数据库:

GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY 'roundcube_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost.localdomain' IDENTIFIED BY 'roundcube_password';
FLUSH PRIVILEGES;

现在我们下载并安装Roundcube:

cd/usr/src 
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6.tar.gz
tar xvzf roundcubemail-1.3.6.tar.gz
mv roundcubemail-1.3.6 /var/www/roundcube
chown -R www-data:www-data /var/www/roundcube
cd /var/www/roundcube

始终检查Roundcube的最新版本并下载该版本并将上述命令修改为您下载的Roundcube版本。

https://roundcube.net/download/

现在我们将sql表加载到我们之前创建的数据库中:

mysql -u roundcube -p roundcube <  SQL/mysql.initial.sql

现在我们编辑Roundcube配置:

cp config/config.inc.php.sample config/config.inc.php

设置数据库配置:

nano config/config.inc.php

将以下行更改为数据库配置:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:roundcube_password@localhost/roundcube';

并改变以下内容

从:

// List of active plugins (in plugins/ directory)
$config['plugins'] = array(
    'archive', 
    'zipdownload',

至:

// List of active plugins (in plugins/ directory)
$config['plugins'] = array(
    'archive', 
    'zipdownload',
    'password',
    'vacation', 

更改:

chars.$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';

至:

chars.$rcmail_config['des_key'] = 'your-own-24-digitkeystring';

更改:

$rcmail_config['default_host'] = '';

至:

$rcmail_config['default_host'] = 'localhost'; 

更改:

$rcmail_config['smtp_server'] = ''; 

$rcmail_config['smtp_server'] = 'localhost'; 

密码插件的配置:

cp plugins/password/config.inc.php.dist plugins/password/config.inc.php

编辑配置:

nano plugins/password/config.inc.php

更改以下条目

从:

$rcmail_config['password_driver'] = 'sql';

至:

$rcmail_config['password_driver'] = 'ldap'; 

从:

// LDAP Driver options
// -------------------
// LDAP server name to connect to.
// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
// Default: 'localhost'
$rcmail_config['password_ldap_host'] = 'localhost';

// LDAP server port to connect to
// Default: '389'
$rcmail_config['password_ldap_port'] = '389';

// TLS is started after connecting
// Using TLS for password modification is recommanded.
// Default: false
$rcmail_config['password_ldap_starttls'] = false;

// LDAP version
// Default: '3'
$rcmail_config['password_ldap_version'] = '3';

// LDAP base name (root directory)
// Exemple: 'dc=exemple,dc=com'
$rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com';

// LDAP connection method
// There is two connection method for changing a user's LDAP password.
// 'user': use user credential (recommanded, require password_confirm_current=true)
// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
// Default: 'user'
$rcmail_config['password_ldap_method'] = 'user';

// LDAP Admin DN
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminDN'] = null;

// LDAP Admin Password
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminPW'] = null;

// LDAP user DN mask
// The user's DN is mandatory and as we only have his login,
// we need to re-create his DN using a mask
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
$rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';

// LDAP password hash type
// Standard LDAP encryption type which must be one of: crypt,
// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
// Please note that most encodage types require external libraries
// to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info.
// Default: 'crypt'
$rcmail_config['password_ldap_encodage'] = 'crypt';

// LDAP password attribute
// Name of the ldap's attribute used for storing user password
// Default: 'userPassword'
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

// LDAP password force replace
// Force LDAP replace in cases where ACL allows only replace not read
// See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace
// Default: true
$rcmail_config['password_ldap_force_replace'] = true;

至:

$rcmail_config['password_ldap_host'] = 'localhost';
$rcmail_config['password_ldap_port'] = '389';
$rcmail_config['password_ldap_starttls'] = false;
$rcmail_config['password_ldap_version'] = '3';
$rcmail_config['password_ldap_basedn'] = 'o=hosting,dc=example,dc=tld';

$rcmail_config['password_ldap_method'] = 'user';
$rcmail_config['password_ldap_adminDN'] = null;
$rcmail_config['password_ldap_adminPW'] = null;

$rcmail_config['password_ldap_userDN_mask'] = 'mail=%login,vd=%domain,o=hosting,dc=example,dc=tld';

$rcmail_config['password_ldap_encodage'] = 'md5';
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

$rcmail_config['password_ldap_force_replace'] = true;

现在我们要下载并安装度假插件:

cd /usr/src
wget https://github.com/bhuisgen/rc-vacation/archive/master.zip
unzip rc-vacation-master.zip
mv rc-vacation /var/www/roundcube/plugins/vacation
cd /var/www/roundcube/plugins/vacation

现在我们编辑配置并进行更改:

nano plugins/vacation/config.inc.php

更改:

$rcmail_config['vacation_gui_vacationsubject'] = TRUE;

至:

$rcmail_config['vacation_gui_vacationsubject'] = FALSE;

更改:

$rcmail_config['vacation_driver'] = 'sql'; 

至:

$rcmail_config['vacation_driver'] = 'ldap';

更改:

// Base DN
$rcmail_config['vacation_ldap_base'] = 'dc=ldap,dc=my,dc=domain';

// Bind DN
$rcmail_config['vacation_ldap_binddn'] =
'cn=user,dc=ldap,dc=my,dc=domain';

// Bind password
$rcmail_config['vacation_ldap_bindpw'] = 'pa$$w0rd';

至:

// Base DN
$rcmail_config['vacation_ldap_base'] = 'o=hosting,dc=example,dc=tld';

// Bind DN
$rcmail_config['vacation_ldap_binddn'] = 'cn=admin,dc=example,dc=tld';

// Bind password
$rcmail_config['vacation_ldap_bindpw'] = 'yourpassword';

更改:

// Search filter to read data
$rcmail_config['vacation_ldap_search_filter'] = '(objectClass=mailAccount)';

// Search attributes to read data
$rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo');

// array of DN to use for modify operations required to write data.
$rcmail_config['vacation_ldap_modify_dns'] = array (
'cn=%email_local,ou=Mailboxes,dc=%email_domain,ou=MailServer,dc=ldap,dc=my,dc=domain'
);

至:

// Search base to read data
$rcmail_config['vacation_ldap_search_base'] =
'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld';

// Search filter to read data
$rcmail_config['vacation_ldap_search_filter'] = '(objectClass=VirtualMailAccount)';

// Search attributes to read data
$rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo');

// array of DN to use for modify operations required to write data.
$rcmail_config['vacation_ldap_modify_dns'] = array (
'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld'
);

我们必须在Apche2服务器配置中更改文档根目录,以便可以访问Roundcube。

nano /etc/apache2/sites-enabled/000-default.conf

并改为:

DocumentRoot /var/www/html

至:

DocumentRoot /var/www/

以下是Roundcube的配置。

第8步:安装和配置proftpd

首先,我们将安装proftpd及其要求:

apt install proftpd proftpd-mod-ldap

根据您的负载,您可以决定独立和inet.d.

注意:您可以将配置文件从examples / proftpd复制到/ etc / proftpd,但为了清楚起见,我将概述所有配置步骤。

编辑   /etc/proftpd/proftpd.conf

nano /etc/proftpd/proftpd.conf

并改为:

# Use this to jail all users in their homes
# DefaultRoot                   ~

至:

# Use this to jail all users in their homes
DefaultRoot      

并改为:

#RequireValidShell               off

至:

RequireValidShell               off

并改变:

# Alternative authentication frameworks
#
# Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

至:

# Alternative authentication frameworks
#
Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
             ~

现在编辑   /etc/proftpd/modules.conf

nano /etc/proftpd/modules.conf 

并改为:

# Install proftpd-mod-ldap to use this
#LoadModule mod_ldap.c

至:

# Install proftpd-mod-ldap to use this
LoadModule mod_ldap.c

来自:

# Install proftpd-mod-ldap to use this
# LoadModule mod_quotatab_ldap.c

至:

# Install proftpd-mod-ldap to use this
LoadModule mod_quotatab_ldap.c 

没有编辑   /etc/proftpd/ldap.conf   并设置以下内容:

<IfModule mod_ldap.c>
#
#LDAPServer ldap://ldap.example.com
#LDAPBindDN "cn=admin,dc=example,dc=com" "admin_password"
#LDAPUsers dc=users,dc=example,dc=com (uid=%u) (uidNumber=%u)
#LDAPUseTLS on
#
#
#LDAPServer ldaps://ldap.example.com
#LDAPBindDN "cn=admin,dc=example,dc=com" "admin_password"
#LDAPUsers dc=users,dc=example,dc=com (uid=%u) (uidNumber=%u)
#
LDAPServer ldap://127.0.0.1/??sub
LDAPBindDN "cn=vmail,o=hosting,dc=example,dc=tld "readonly"
LDAPUsers "o=hosting,dc=example,dc=tld" "(&(uid=%v)(objectclass=posixAccount))"
LDAPDefaultGID 33
LDAPDefaultUID 33
LDAPForceDefaultGID True
LDAPForceDefaultUID True

</IfModule>

以下命令将默认用户设置为适合我的www-data,您可以更改这些值以适合您的设置,或者将它们保留为使用登录uid / gid。

LDAPDefaultGID                  33
LDAPDefaultUID 33
LDAPForceDefaultGID True
LDAPForceDefaultUID True

33是我的测试设置的uid / gid,它可能与您的设置不同。  

proftpd安装到此结束。

第9步:将所有内容整合在一起

发出以下命令以重新启动所有服务:

service slapd restart 
service postfix restart
service dovecot restart
service proftpd restart
service apache2 restart

现在你可以去phamm并开始添加邮件域和用户。

请享用。

注意:通知我有任何错误或问题如何,所以我可以改进和修改这个如何。  

在论坛中使用此主题:

https://www.youcl.com/community/threads/postfix-virtual-hosting-with-ldap-backend-and-with-dovecot-as-imap-pop3-server-on-ubuntu-bionic-beav.79408/

我订阅了这个帖子,所以我会在这个帖子中收到新帖子的通知。

赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏