Postfix虚拟主机与LDAP后端和Dovecot作为IMAP / POP3服务器在Ubuntu仿生海狸18.04 LTS
本文将介绍如何使用LDAP后端设置和配置虚拟邮件托管。
我们将在本文中使用的软件: Postfix (MTA), Dovecot (IMAP / POP3), Gnarwl (假期), OpenLDAP (LDAP)和vMailpanel作为管理界面。
可选的是 proftpd的 FTP, Roundcube (webmail)和MariaDB (Roundcube的SQL后端)。
这对我有用,但我不能保证这个设置对你有用,所以这个方法没有任何保证。
假设
如果您的安装与此不同,此操作方法假定以下配置,则将以下条目替换为您的实际配置。
邮件传递(邮箱)路径:
/home/vmail/
用户 vmail
:
UID:1000, GID:1000
用户 Postfix
:
UID: 108, GID:108
OpenLDAP base dn:
dc=example,dc=tld
OpenLDAP管理员帐户:
cn=admin,dc=example,dc=tld
vMailpanel搜索dn:
o=hosting,dc=example,dc=tld
o = hosting,dc = example,dc = tld树的只读帐户:
cn=vmail,o=hosting,dc=example,dc=tld
您在本指南中使用root作为用户。
如果您想要o = maildomains或ou = domains,请确保将o = hosting替换为您想要的内容,尤其是在acl.ldif中。 这个acl文件是严格的,如果它不完全正确,phamm将无法正常工作。 如果你想要一个与phamm不同的只读用户而不是用cn = wat替换cn = phamm-你到底如何去处理。
本指南还假设您已根据需要安装和配置了Ubuntu服务器,有很多很好的指南 例如:
完美的服务器 - Ubuntu 18.04(Bionic Beaver)与Apache,PHP,MySQL,PureFTPD,BIND,Postfix,Dovecot和ISPConfig 3.1
您可以在安装和配置Apache2后停止。
第1步:下载vMailpanel
下载vMailpanel包:
cd /usr/share
获取最新版本的vMailpanel:
git clone https://git.com/wolmfan68/vMailpanel
好的,现在我们可以开始了。
第2步:安装和配置OpenLDAP
安装OpenLDAP和ldap-utils:
apt -y install slapd ldap-utils php-ldap
重新配置slapd以确保它反映您想要的设置
dpkg-reconfigure slapd
你将不得不回答一些问题:
Omit OpenLDAP server configuration? No
DNS domain name: example.tld ==>put your domain name here
Organization name: example.tld ==> put your organization here
Administrator password: secret ==> put your password
Confirm password: secret
Database backend to use: MDB
Do you want the database to be removed when slapd is purged? Yes
Move old database? Yes
转到/ etc / ldap / schema目录:
cd /etc/ldap/schema
将phamm.schema和perversia.net.schema从phamm包复制到schema目录:
cp /usr/share/vMailbox/schema/* /etc/ldap/schema.
现在我们将模式添加到openldap。
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/phamm.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ISPEnv2.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/amavis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/pureftpd.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/perversia.net.ldif
现在我们创建o = hosting条目和vmail帐户。
根据您的需要修改以下文本,并为vmail帐户生成密码。 此文件中当前的哈希将密码设置为只读
要为vmail帐户创建哈希,请发出以下命令:
slappasswd -h {MD5}
输入所需密码两次,然后将结果复制到下面的文本中。
nano base.ldif
base.ldif的内容
dn: o=hosting,dc=example,dc=tld
objectClass: organization
objectClass: top
o: hosting description: Hosting Organization
# Read only account
dn: cn=vmail,o=hosting,dc=example,dc=tld
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: vmail
userPassword: {MD5}M267sheb6qc0Ck8WIPOvQA==
description: Read only account
使用以下命令将基本dn加载到数据库中:
ldapmodify -a -D cn=admin,dc=example,dc=tld -W -f base.ldif
现在我们需要修改acl,以便为每种用户类型提供正确的访问权限。
ldapmodify -Y EXTERNAL -H ldapi:/// -f acl-remove.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f acl-new.ldif
您可以使用以下命令检查新的acl:
slapcat -n 0
这样就完成了OpenLDAP配置。
第3步:安装并配置Postfix
在此之前,我们需要拥有 vmail
用户及其主目录。
创建 vmail
用户和组:
useradd vmail
默认情况下,该组 vmail
也被创造了。
检查 / etc / passwd文件
对于实际的uid和组号。
接下来,创建 vmail
目录并设置所有权 vmail
用户和组。
mkdir /home/vmail
mkdir /home/vmail/domains
chown -R vmail:vmail /home/vmail
运行以下命令以安装Postfix和其他所需的应用程序:
apt install postfix postfix-ldap
你会被问到两个问题。 答案如下:
一般邮件配置类型:
< - 独自站立
系统邮件名称:
< - mail.example.tld
我们不安装sasl,因为我们将使用Dovecot LDA并交付。
现在我们为TLS创建证书:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
注意:您可以将examples / postfix下的所有文件复制到etc / postfix目录中并进行相应的更改。 出于完整性原因,我将在下面给出完整的设置。
现在我们将配置postfix:
cd /etc/postfix
mv /etc/postfix/main.cf /etc/postfix/main.cf.bck
nano /etc/postfix/main.cf
并将以下内容粘贴到其中。 请注意,此配置允许由经过身份验证的用户发送(中继)邮件,并且还可以将本地邮件(例如root,postmaster,...)发送到相应的别名(如果已配置)。
smtpd_banner = $ myhostname ESMTP $ mail_name
biff =没有
#appending .domain是MUA的工作。
append_dot_mydomain =没有
#取消注释下一行以生成“延迟邮件”警告
delay_warning_time = 4h
#TLS参数
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls =是的
smtpd_tls_session_cache_database = btree:$ {queue_directory} / smtpd_scache
smtp_tls_session_cache_database = btree:$ {queue_directory} / smtp_scache
myhostname = mail.example.tld
alias_maps = hash:/ etc / aliases,
alias_database = hash:/ etc / aliases
myorigin = localhost
relayhost =
mynetworks = 127.0.0.0/8
dovecot_destination_recipient_limit = 1
mailbox_command = / usr / lib / deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces =全部
inet_protocols =全部
#smtp_bind_address =您的IP地址(可选)==>取消标记并更改您的设置的IP地址。
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable =是的
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private / auth
broken_sasl_auth_clients =是的
smtpd_tls_auth_only =没有
smtp_use_tls =是的
smtp_tls_note_starttls_offer =是的
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header =是
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/ dev / urandom
home_mailbox = Maildir /
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_unknown_sender_domain
reject_rbl_client list.dsbl.org
reject_rbl_client cbl.abuseat.org
reject_rhsbl_sender dsn.fc-ignorant.org
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
许可证
smtpd_helo_required =是
#transport_maps
maildrop_destination_concurrency_limit = 2
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/ etc / postfix / transport,ldap:/etc/postfix/ldap-transport.cf
mydestination = $ transport_maps,localhost,localhost.localdomain,$ myhostname,localhost。$ mydomain,$ mydomain
virtual_alias_maps =
LDAP:/etc/postfix/ldap-aliases.cf,
LDAP:/etc/postfix/ldap-virtualforward.cf,
LDAP:/etc/postfix/ldap-accountsmap.cf
#虚拟账户进行交付
virtual_mailbox_base = / home / vmail
virtual_mailbox_maps =
LDAP:/etc/postfix/ldap-accounts.cf
virtual_minimum_uid = 1000 ==>将其更改为用户vmail的实际uid
virtual_uid_maps = static:1000 ==>将其更改为用户vmail的实际uid
virtual_gid_maps = static:1000 ==>将其更改为用户vmail的实际uid
local_recipient_maps = $ alias_maps
recipient_bcc_maps = ldap:/etc/postfix/ldap-vacation.cf
nano /etc/postfix/master.cf
并将以下内容粘贴到其中(添加结尾):
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
gnarwl unix - n n - - pipe
flags=F user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}
现在我们需要编写不同的ldap-xxx.cf文件
nano ldap-accounts.cf
并将以下内容粘贴到其中:
server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readmonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAccount)(mail =%s))(forwardActive = FALSE)(accountActive = TRUE)(delete = FALSE))
result_attribute = mailbox
nano ldap-accounstmap.cf
并将以下内容粘贴到其中:
server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAccount)(mail =%s))(forwardActive = FALSE)(accountActive = TRUE)(delete = FALSE))
result_attribute = mail
nano ldap-aliases.cf
并将以下内容粘贴到其中:
server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAlias)(mail =%s))(accountActive = TRUE))
result_attribute = maildrop
nano ldap-transport.cf
并将以下内容粘贴到其中:
server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(vd =%s)(objectClass = VirtualDomain))(accountActive = TRUE)(delete = FALSE))
result_attribute = postfixTransport
nano ldap-vacation.cf
并将以下内容粘贴到其中:
server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAccount)(mail =%s))(vacationActive = TRUE)(forwardActive = FALSE)(accountActive = TRUE)(delete = FALSE))
result_attribute = mailAutoreply
nano ldap-virtualforward.cf
并将以下内容粘贴到其中:
server_host = localhost
server_port = 389
版本= 3
bind = yes
start_tls =不
bind_dn = cn = vmail,o = hosting,dc = example,dc = tld
bind_pw = readonly
search_base = o = hosting,dc = example,dc = tld
scope = sub
query_filter =(&(&(objectClass = VirtualMailAccount)(mail =%s))(vacationActive = FALSE)(forwardActive = TRUE)(accountActive = TRUE)(delete = FALSE))
result_attribute = maildrop
这结束了Postfix设置。
第4步:安装并配置Dovecot
apt install dovecot-imapd dovecot-pop3d dovecot-ldap
这将安装dovecot和所有必需的文件,并为IMAP和POP3创建标准SSL证书。
首先,我们改为dovecot目录。
注意:您可以将examples / dovecot下的所有文件复制到etc / dovecot目录中并进行相应的更改。 出于完整性原因,我将在下面给出完整的设置。
cd /etc/dovecot
现在我们配置不同的dovecot配置文件。
nano dovecot-ldap.conf.ext
并进行以下更改:
hosts = localhost:389
ldap_version = 3
auth_bind =是的
dn = cn = vmail,o = hosting,dc = example,dc = tld
dnpass = readonly
base = o = hosting,dc = hosting,dc = tld
范围=子树
deref =从不
user_attrs = quota = quota = maildir:storage
user_attrs = quota = quota = maildir:storage =%$ B
user_filter =(&(objectClass = VirtualMailAccount)(accountActive = TRUE)(mail =%u))
pass_attrs = mail,userPassword
pass_filter =(&(objectClass = VirtualMailAccount)(accountActive = TRUE)(mail =%u))
default_pass_scheme = MD5
cd conf.d
vi 10-auth.conf
并改变部分 密码和用户数据库
对此:
#!include auth-deny.conf.ext
#!include auth-master.conf.ext
#!include auth-system.conf.ext
#!include auth-sql.conf.ext
!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext
vi 10-mail.conf
并进行以下更改:
mail_location = maildir:/ home / vmail /%d /%u
mail_uid = 1000 ==>更改为实际的vmail uid值
mail_gid = 1000 ==>将其更改为实际的vmail gid值
first_valid_uid = 1000 ==>更改为实际的vmail uid值
first_valid_gid = 1000
==>将其更改为实际的vmail gid值
vi 10-master.conf
并进行以下更改:
unix_listener auth-userdb {
mode = 0666
user = vmail
group = vmail
}
#Postfix smtp-auth
unix_listener / var / spool / postfix / private / auth {
mode = 0666
}
vi 15-lda.conf
并进行以下更改:
postmaster_address =
postmaster@example.tld
lda_mailbox_autocreate =是的
这就是Dovecot配置的结论。
第5步:安装并配置gnarwl
我们安装gnarwl:
apt install gnarwl
现在让我们配置gnarwl。
首先,我们将备份原始配置文件并将其替换为新配置文件。
mv /etc/gnarwl.conf /etc/gnarwl.conf.bck
现在我们创建新的conf文件:
vi /etc/gnarwl.conf
并插入以下内容:
map_sender $sender map_receiver $recepient map_subject $subject map_field $begin vacationStart map_field $end vacationEnd map_field $fullname cn map_field $deputy vacationForward map_field $reply mail server localhost port 389 scope sub login cn=vmail,o=hosting,dc=example,dc=tld password readonly protocol 0 base dc=example,dc=tld queryfilter (&(mailAutoreply=$recepient)(vacationActive=TRUE)) result vacationInfo blockfiles /var/lib/gnarwl/block/ umask 0644 blockexpire 48 mta /usr/sbin/sendmail -F $recepient -t $sender maxreceivers 64 maxheader 512 charset ISO8859-1 badheaders /var/lib/gnarwl/badheaders.db blacklist /var/lib/gnarwl/blacklist.db forceheader /var/lib/gnarwl/header.txt forcefooter /var/lib/gnarwl/footer.txt recvheader To Cc loglevel 3
使gnarwl目录对vmail用户可读
chown -R vmail:vmail /var/lib/gnarwl/
接下来,我们需要将gnarwl传输添加到postfix
vi /etc/postfix/transport
插入以下内容:
.autoreply gnarwl:
现在我们需要创建transport.db
postmap /etc/postfix/transport
这结束了gnarwl配置。
第6步:安装并配置vMailpanel
由于我们之前下载过vMailpanel,我们可以直接从vMailpanel接口的配置开始。
chown -R www-data:www-data /usr/share/phamm
cd /usr/share/vMailpanel
现在我们将配置phamm用于实际使用。
cp config.inc.example.php config.inc.php
nano config.inc.php
更改ldap连接参数以适合您的实际配置。
// *============================* // *=== LDAP Server Settings ===* // *============================* // The server address (IP or FQDN) define ('LDAP_HOST_NAME','127.0.0.1'); // The protocol version [2,3] define ('LDAP_PROTOCOL_VERSION','3'); // The server port define ('LDAP_PORT','389'); // The container define ('SUFFIX','dc=example,dc=tld'); // The admin bind dn (could be rootdn) define ('BINDDN','cn=admin,dc=example,dc=tld'); // The Phamm container define ('LDAP_BASE','o=hosting,dc=example,dc=tld');
并改变
// Welcome message define ('SEND_WELCOME',1); $welcome_msg = '../welcome_message.txt'; $welcome_subject = 'Welcome!'; # $welcome_sender = 'postmaster@localhost'; $welcome_bcc = 'postmaster@example.tld';
这会向您的邮局主管帐户发送欢迎邮件和密件抄送。
通过删除插件部分中的//启用fpt和person插件。 如果需要,您还可以启用davical和/或jabber插件,安装这些插件所需的架构。
在config.inc.php中,您将找到:
define ('DELETE_ACCOUNT_IMMEDIATELY', false);
如果将此项设置为true,则帐户或域删除会立即生效。 但是,不删除物理邮箱(或域目录)。 要删除物理邮箱,我们应该使用cleaner.sh脚本。 这将在下面描述。
你可以编辑 插件/ mail.xml
要更改SMTP和配额的默认值,请根据需要进行修改。 默认设置为1GB配额。
你可以编辑 插件/ ftp.xml
要更改默认ftp(基本)目录和配额的默认值,请根据需要进行修改。
不要忘记为postmaster,webmaster创建别名和/或邮箱,因为官方和ISP使用它们来发送邮件,以防万一......没有这些地址可能导致被列入黑名单。
默认情况下,会创建默认为[email protected]的别名[email protected]和[email protected] 。
现在更干净的脚本:
cp tools/cleaner.sh /home/vmail/cleaner.sh
在cleaner.sh中更改以下内容
BINDDN="cn=admin,dc=example,dc=tld"
BINDPW="password"
LDAP_BASE="o=hosting,dc=example,dc=tld"
反映您的安装
nano /home/vmail/cleaner.sh
crontab -e
插入以下内容:
*/10 * * * * /home/vmail/cleaner.sh
这将每10分钟运行一个更干净的脚本。 随意改变时机。
现在我们将向Apache添加vMailpanel
nano /etc/apache2/conf-enabled/000-default.conf
并在<VirtualHost> </ VirtualHost>条目之间添加以下内容:
Alias /vmailpanel /usr/share/vMailpanel/public
vMailpanel配置到此结束。
第7步:安装和配置Roundcube webmail
首先,我们创建一个名为的数据库 圆形立方体
:
mysqladmin -u root -p create roundcube
接下来,我们转到MySQL shell:
mysql -u root -p
在MySQL shell上,我们创建了用户 roundcube
用密码 roundcube_password
(替换为您选择的密码)谁拥有 SELECT,INSERT,UPDATE,DELETE
特权 roundcube
数据库。 Postfix和Courier将使用此用户连接到 roundcube
数据库:
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY 'roundcube_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost.localdomain' IDENTIFIED BY 'roundcube_password';
FLUSH PRIVILEGES;
现在我们下载并安装Roundcube:
cd/usr/src
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6.tar.gz
tar xvzf roundcubemail-1.3.6.tar.gz
mv roundcubemail-1.3.6 /var/www/roundcube
chown -R www-data:www-data /var/www/roundcube
cd /var/www/roundcube
始终检查Roundcube的最新版本并下载该版本并将上述命令修改为您下载的Roundcube版本。
https://roundcube.net/download/
现在我们将sql表加载到我们之前创建的数据库中:
mysql -u roundcube -p roundcube < SQL/mysql.initial.sql
现在我们编辑Roundcube配置:
cp config/config.inc.php.sample config/config.inc.php
设置数据库配置:
nano config/config.inc.php
将以下行更改为数据库配置:
$rcmail_config['db_dsnw'] = 'mysql://roundcube:roundcube_password@localhost/roundcube';
并改变以下内容
从:
// List of active plugins (in plugins/ directory) $config['plugins'] = array(
'archive',
'zipdownload',
至:
// List of active plugins (in plugins/ directory) $config['plugins'] = array(
'archive',
'zipdownload',
'password',
'vacation',
更改:
chars.$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';
至:
chars.$rcmail_config['des_key'] = 'your-own-24-digitkeystring';
更改:
$rcmail_config['default_host'] = '';
至:
$rcmail_config['default_host'] = 'localhost';
更改:
$rcmail_config['smtp_server'] = '';
至
$rcmail_config['smtp_server'] = 'localhost';
密码插件的配置:
cp plugins/password/config.inc.php.dist plugins/password/config.inc.php
编辑配置:
nano plugins/password/config.inc.php
更改以下条目
从:
$rcmail_config['password_driver'] = 'sql';
至:
$rcmail_config['password_driver'] = 'ldap';
从:
// LDAP Driver options // ------------------- // LDAP server name to connect to. // You can provide one or several hosts in an array in which case the hosts are tried from left to right. // Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com'); // Default: 'localhost' $rcmail_config['password_ldap_host'] = 'localhost'; // LDAP server port to connect to // Default: '389' $rcmail_config['password_ldap_port'] = '389'; // TLS is started after connecting // Using TLS for password modification is recommanded. // Default: false $rcmail_config['password_ldap_starttls'] = false; // LDAP version // Default: '3' $rcmail_config['password_ldap_version'] = '3'; // LDAP base name (root directory) // Exemple: 'dc=exemple,dc=com' $rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com'; // LDAP connection method // There is two connection method for changing a user's LDAP password. // 'user': use user credential (recommanded, require password_confirm_current=true) // 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW) // Default: 'user' $rcmail_config['password_ldap_method'] = 'user'; // LDAP Admin DN // Used only in admin connection mode // Default: null $rcmail_config['password_ldap_adminDN'] = null; // LDAP Admin Password // Used only in admin connection mode // Default: null $rcmail_config['password_ldap_adminPW'] = null; // LDAP user DN mask // The user's DN is mandatory and as we only have his login, // we need to re-create his DN using a mask // '%login' will be replaced by the current roundcube user's login // '%name' will be replaced by the current roundcube user's name part // '%domain' will be replaced by the current roundcube user's domain part // Exemple: 'uid=%login,ou=people,dc=exemple,dc=com' $rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com'; // LDAP password hash type // Standard LDAP encryption type which must be one of: crypt, // ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. // Please note that most encodage types require external libraries // to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info. // Default: 'crypt' $rcmail_config['password_ldap_encodage'] = 'crypt'; // LDAP password attribute // Name of the ldap's attribute used for storing user password // Default: 'userPassword' $rcmail_config['password_ldap_pwattr'] = 'userPassword'; // LDAP password force replace // Force LDAP replace in cases where ACL allows only replace not read // See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace // Default: true $rcmail_config['password_ldap_force_replace'] = true;
至:
$rcmail_config['password_ldap_host'] = 'localhost'; $rcmail_config['password_ldap_port'] = '389'; $rcmail_config['password_ldap_starttls'] = false; $rcmail_config['password_ldap_version'] = '3'; $rcmail_config['password_ldap_basedn'] = 'o=hosting,dc=example,dc=tld'; $rcmail_config['password_ldap_method'] = 'user'; $rcmail_config['password_ldap_adminDN'] = null; $rcmail_config['password_ldap_adminPW'] = null; $rcmail_config['password_ldap_userDN_mask'] = 'mail=%login,vd=%domain,o=hosting,dc=example,dc=tld'; $rcmail_config['password_ldap_encodage'] = 'md5'; $rcmail_config['password_ldap_pwattr'] = 'userPassword'; $rcmail_config['password_ldap_force_replace'] = true;
现在我们要下载并安装度假插件:
cd /usr/src
wget https://github.com/bhuisgen/rc-vacation/archive/master.zip
unzip rc-vacation-master.zip
mv rc-vacation /var/www/roundcube/plugins/vacation
cd /var/www/roundcube/plugins/vacation
现在我们编辑配置并进行更改:
nano plugins/vacation/config.inc.php
更改:
$rcmail_config['vacation_gui_vacationsubject'] = TRUE;
至:
$rcmail_config['vacation_gui_vacationsubject'] = FALSE;
更改:
$rcmail_config['vacation_driver'] = 'sql';
至:
$rcmail_config['vacation_driver'] = 'ldap';
更改:
// Base DN $rcmail_config['vacation_ldap_base'] = 'dc=ldap,dc=my,dc=domain'; // Bind DN $rcmail_config['vacation_ldap_binddn'] = 'cn=user,dc=ldap,dc=my,dc=domain'; // Bind password $rcmail_config['vacation_ldap_bindpw'] = 'pa$$w0rd';
至:
// Base DN $rcmail_config['vacation_ldap_base'] = 'o=hosting,dc=example,dc=tld'; // Bind DN $rcmail_config['vacation_ldap_binddn'] = 'cn=admin,dc=example,dc=tld'; // Bind password $rcmail_config['vacation_ldap_bindpw'] = 'yourpassword';
更改:
// Search filter to read data $rcmail_config['vacation_ldap_search_filter'] = '(objectClass=mailAccount)'; // Search attributes to read data $rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo'); // array of DN to use for modify operations required to write data. $rcmail_config['vacation_ldap_modify_dns'] = array ( 'cn=%email_local,ou=Mailboxes,dc=%email_domain,ou=MailServer,dc=ldap,dc=my,dc=domain' );
至:
// Search base to read data $rcmail_config['vacation_ldap_search_base'] = 'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld'; // Search filter to read data $rcmail_config['vacation_ldap_search_filter'] = '(objectClass=VirtualMailAccount)'; // Search attributes to read data $rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo'); // array of DN to use for modify operations required to write data. $rcmail_config['vacation_ldap_modify_dns'] = array ( 'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld' );
我们必须在Apche2服务器配置中更改文档根目录,以便可以访问Roundcube。
nano /etc/apache2/sites-enabled/000-default.conf
并改为:
DocumentRoot /var/www/html
至:
DocumentRoot /var/www/
以下是Roundcube的配置。
第8步:安装和配置proftpd
首先,我们将安装proftpd及其要求:
apt install proftpd proftpd-mod-ldap
根据您的负载,您可以决定独立和inet.d.
注意:您可以将配置文件从examples / proftpd复制到/ etc / proftpd,但为了清楚起见,我将概述所有配置步骤。
编辑 /etc/proftpd/proftpd.conf
:
nano /etc/proftpd/proftpd.conf
并改为:
# Use this to jail all users in their homes # DefaultRoot ~
至:
# Use this to jail all users in their homes DefaultRoot
并改为:
#RequireValidShell off
至:
RequireValidShell off
并改变:
# Alternative authentication frameworks
#
# Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
至:
# Alternative authentication frameworks
#
Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
~
现在编辑 /etc/proftpd/modules.conf
:
nano /etc/proftpd/modules.conf
并改为:
# Install proftpd-mod-ldap to use this #LoadModule mod_ldap.c
至:
# Install proftpd-mod-ldap to use this LoadModule mod_ldap.c
来自:
# Install proftpd-mod-ldap to use this # LoadModule mod_quotatab_ldap.c
至:
# Install proftpd-mod-ldap to use this LoadModule mod_quotatab_ldap.c
没有编辑 /etc/proftpd/ldap.conf
并设置以下内容:
<IfModule mod_ldap.c>
#
#LDAPServer ldap://ldap.example.com
#LDAPBindDN "cn=admin,dc=example,dc=com" "admin_password"
#LDAPUsers dc=users,dc=example,dc=com (uid=%u) (uidNumber=%u)
#LDAPUseTLS on
#
#
#LDAPServer ldaps://ldap.example.com
#LDAPBindDN "cn=admin,dc=example,dc=com" "admin_password"
#LDAPUsers dc=users,dc=example,dc=com (uid=%u) (uidNumber=%u)
#
LDAPServer ldap://127.0.0.1/??sub
LDAPBindDN "cn=vmail,o=hosting,dc=example,dc=tld "readonly"
LDAPUsers "o=hosting,dc=example,dc=tld" "(&(uid=%v)(objectclass=posixAccount))"
LDAPDefaultGID 33
LDAPDefaultUID 33
LDAPForceDefaultGID True
LDAPForceDefaultUID True
</IfModule>
以下命令将默认用户设置为适合我的www-data,您可以更改这些值以适合您的设置,或者将它们保留为使用登录uid / gid。
LDAPDefaultGID 33
LDAPDefaultUID 33
LDAPForceDefaultGID True
LDAPForceDefaultUID True
33是我的测试设置的uid / gid,它可能与您的设置不同。
proftpd安装到此结束。
第9步:将所有内容整合在一起
发出以下命令以重新启动所有服务:
service slapd restart
service postfix restart
service dovecot restart
service proftpd restart
service apache2 restart
现在你可以去phamm并开始添加邮件域和用户。
请享用。
注意:通知我有任何错误或问题如何,所以我可以改进和修改这个如何。
在论坛中使用此主题:
我订阅了这个帖子,所以我会在这个帖子中收到新帖子的通知。