Postfix+Ldap+Courrier - réseaux et sécurité - Linux et OS Alternatifs
MarshPosté le 26-04-2006 à 12:38:41
Bonjour à tous,
je dois mettre en place un serveur de messagerie pour un lycée. J'ai donc attaqué la mise en place de celui ci depuis 2 - 3 semaines et j'avoue que c'est pas évident. Donc je tourne sur la dernière sarge, j'ai installé Postfix, OpenLdap, Courrier et companie.
Après avoir passé de longues heures à chercher comment faire, j'arrive à envoyer des mails à des utilisateurs de mon annuaire, le seul problème c'est que je ne sais pas comment faire pour faire correspondre ces utilisateurs virtuels à des comptes unix pouvant se connecter sur n'importe quelle machine du réseau. Donc si quelqu'un a quelques minutes à perdre pour m'expliquer le principe je suis preneur. Je vous met également mes fichiers de config pour que vous me disiez si quelque chose vous parrait pas normal.
#la directive suivante correspond à la liste des domaines pris en charge. virtual_mailbox_domains = sult2.fr # le répertoire /home/vmail stockera les boites mail des utilisateurs virtual_mailbox_base = /home/vmail #la directive suivante correspond à la liste des utilisateurs déclarés. virtual_mailbox_maps = ldapetc/postfix/ldap-accounts.cf virtual_minimum_uid = 100 virtual_gid_maps = static:5000 virtual_uid_maps = static:5000 #la directive suivante correspond à la liste des alias (redirections). virtual_alias_maps = ldapetc/postfix/ldap-aliases.cf unknown_local_recipient_reject_code = 450
# This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options.
####################################################################### # Global Directives:
# Features to permit #allow bind_v2
# Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/authldap.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/qmail.schema include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on
# Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values loglevel 0
# Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb checkpoint 512 30
####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other>
####################################################################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database bdb
# The base of your directory in database #1 suffix "dc=sult2,dc=fr" rootdn "cn=admin,dc=sult2,dc=fr"
# Where the database file are physically stored for database #1 directory "/var/lib/ldap"
# Indexing options for database #1 index objectClass eq
# Save the time that the entry gets modified, for database #1 lastmod on
# Where to store the replica logs for database #1 # replogfile /var/lib/ldap/replog
# The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword by dn="cn=admin,dc=sult2,dc=fr" write by anonymous auth by self write by * none
# Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read
# The admin dn has full write access, everyone else # can read everything. access to * by dn="cn=admin,dc=sult2,dc=fr" write by * read
--------------------------------------------------------------------------------------------------------------------------------------------- # un exemple de log quand jenvoie un mail
Marsh Posté le 26-04-2006 à 12:38:41
Bonjour à tous,
je dois mettre en place un serveur de messagerie pour un lycée. J'ai donc attaqué la mise en place de celui ci depuis 2 - 3 semaines et j'avoue que c'est pas évident. Donc je tourne sur la dernière sarge, j'ai installé Postfix, OpenLdap, Courrier et companie.
Après avoir passé de longues heures à chercher comment faire, j'arrive à envoyer des mails à des utilisateurs de mon annuaire, le seul problème c'est que je ne sais pas comment faire pour faire correspondre ces utilisateurs virtuels à des comptes unix pouvant se connecter sur n'importe quelle machine du réseau. Donc si quelqu'un a quelques minutes à perdre pour m'expliquer le principe je suis preneur. Je vous met également mes fichiers de config pour que vous me disiez si quelque chose vous parrait pas normal.
MErci d'avance
------------------------------------------------------------------------------------------------------------------------------------------------
# main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myhostname = portable-ludo.sult2.fr
mydomain = sult2.fr
masquerade_domains = sult2.fr
mydestination = $myhostname, localhost, localhost.$mydomain,
myorigin = $mydomain
relayhost =
home_mailbox = Maildir/
relay_domain = sult2.fr
default_transport = smtp
setgid_group = postdrop
mail_owner = postfix
mailbox_size_limit = 0
mail_spool_directory = /var/spool/mail
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
delay_warning_time = 4h
recipient_delimiter = +
inet_interfaces = all
mynetworks = 127.0.0.0/8 172.16.1.0/16
mailbox_command = /usr/bin/procmail
#la directive suivante correspond à la liste des domaines pris en charge.
virtual_mailbox_domains = sult2.fr
# le répertoire /home/vmail stockera les boites mail des utilisateurs
virtual_mailbox_base = /home/vmail
#la directive suivante correspond à la liste des utilisateurs déclarés.
virtual_mailbox_maps = ldapetc/postfix/ldap-accounts.cf
virtual_minimum_uid = 100
virtual_gid_maps = static:5000
virtual_uid_maps = static:5000
#la directive suivante correspond à la liste des alias (redirections).
virtual_alias_maps = ldapetc/postfix/ldap-aliases.cf
unknown_local_recipient_reject_code = 450
-------------------------------------------------------------------------------------------------------------------------------------------------
# ldap-accounts.cf
server_host = localhost
server_port = 389
search_base = dc=sult2, dc=fr
query_filter = (mail=%s)
result_filter = %s/Maildir/
result_attribute = uid
bind = yes
bind_dn = cn=admin, dc=sult2, dc=fr
bind_pw = xxxxx
version = 3
--------------------------------------------------------------------------------------------------------------------------------------------------
# slapd.conf
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/authldap.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/qmail.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 0
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "dc=sult2,dc=fr"
rootdn "cn=admin,dc=sult2,dc=fr"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# Indexing options for database #1
index objectClass eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by dn="cn=admin,dc=sult2,dc=fr" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=sult2,dc=fr" write
by * read
---------------------------------------------------------------------------------------------------------------------------------------------
# un exemple de log quand jenvoie un mail
Apr 28 14:44:17 portable-ludo postfix/pickup[3697]: CC1D0CF521: uid=1000 from=<ludovic>
Apr 28 14:44:17 portable-ludo postfix/cleanup[3993]: CC1D0CF521: message-id=<20060428124417.CC1D0CF521@portable-ludo.sult2.fr>
Apr 28 14:44:18 portable-ludo postfix/qmgr[3042]: CC1D0CF521: from=<ludovic@sult2.fr>, size=315, nrcpt=1 (queue active)
Apr 28 14:44:18 portable-ludo postfix/virtual[3995]: CC1D0CF521: to=<pierre@sult2.fr>, orig_to=<pierre>, relay=virtual, delay=1, status=sent (delivered to maildir)
Apr 28 14:44:18 portable-ludo postfix/qmgr[3042]: CC1D0CF521: removed
Le destinataire est un user définit dans l'annuaire avec lequel je veux faire correspondre un compte unix.
Voila
En espérant quelques tuyaux