Натолкните на путь истинный, имеем домен W2K3 с учетками юзеров в которых в поле e-mail прописан адрес. Имеем CentOS release 5.4 (Final), Postfix-2.3.3, dovecot-1.0.7
Постфикс настроил, при получении письма он ищет в AD учетку в которой поле e-mail совпадает с адресом письма, если находит, создается ящик и туда кладется. Помогите настроить dovecot на IMAP и POP.
Вот конфиг postfix
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = eqvator.net
myhostname = mail.eqvator.local
mynetworks = 127.0.0.0/8, 192.168.100.0/24, 192.168.103/24, 192.168.105.0/24, 192.168.110.0/24, 192.168.120.0/24
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = eqvator.net
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/pki/CA/private/rootCA.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ldap:/etc/postfix/ldap/ldap-groups.cf
virtual_gid_maps = static:800
virtual_mailbox_base = /home/vmail/
virtual_mailbox_domains = $mydomain
virtual_mailbox_maps = ldap:/etc/postfix/ldap/ldap-users.cf
virtual_transport = virtual
virtual_uid_maps = static:800# cat /etc/postfix/ldap/ldap-groups.cf
server_host = ldap://s-proxy.eqvator.local ldap://srv.eqvator.local
search_base = dc=eqvator,dc=local
version = 3
query_filter = (&(objectclass=group)(mail=%s))
leaf_result_attribute = mail
result_attribute = mail
special_result_attribute = member
bind = yes
bind_dn = CN=user_connect,CN=Users,DC=eqvator,DC=local# cat /etc/postfix/ldap/ldap-users.cf
server_host = ldap://s-proxy.eqvator.local ldap://srv.eqvator.local
search_base = dc=eqvator, dc=local
version = 3
query_filter = (&(&(objectclass=user)(|(postOfficeBox=%s)(mail=%s)))(!(userAccountControl=66050)))
result_attribute = sAMAccountName
result_format = %s/Maildir/
bind = yes
bind_dn = CN=user_connect,CN=Users,DC=eqvator,DC=local
bind_pw = userPWDТут как бы все работает, а вот dovecot никак завести немогу
# 1.0.7: /etc/dovecot.conf
protocols: imap pop3
listen(default): *:143
listen(imap): *:143
listen(pop3): *:110
ssl_listen(default): *:943
ssl_listen(imap): *:943
ssl_listen(pop3): *:995
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
mail_debug: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: ldap
args: /etc/dovecot-ldap.cf
userdb:
driver: ldap
args: /etc/dovecot-ldap.cf
socket:
type: listen
client:
path: /var/run/dovecot/auth-client
mode: 432
master:
path: /var/run/dovecot/auth-master
mode: 384
# cat /etc/dovecot-ldap.cf
hosts = s-proxy.eqvator.local srv.eqvator.local
dn = user_connect
dnpass = userPWD
ldap_version = 3
base = dc=eqvator, dc=local
deref = searching
scope = subtree
pass_attrs = uid=user,userPassword=password, \
homeDirectory=home,uidNumber=uid,gidNumber=gid
Забыл сказать, при таком запуске довекота, он запускается и умирает сразу....
Дошел вот до чего
# 1.0.7: /etc/dovecot.conf
protocols: imap pop3
listen(default): *:143
listen(imap): *:143
listen(pop3): *:110
ssl_listen(default): *:943
ssl_listen(imap): *:943
ssl_listen(pop3): *:995
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_access_groups: vmail
mail_location: maildir:/home/vmail/%u/
mail_debug: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
username_format: %Lu
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: ldap
args: /etc/dovecot-ldap.cf
userdb:
driver: static
args: uid=800 gid=800 home=/home/vmail/%u
socket:
type: listen
client:
path: /var/run/dovecot/auth-client
mode: 432
master:
path: /var/run/dovecot/auth-master
mode: 384# cat dovecot-ldap.cf
hosts = s-proxy.eqvator.local srv.eqvator.local
ldap_version = 3
base = dc=eqvator, dc=local
deref = searching
scope = subtree
auth_bind = yes
auth_bind_userdn = eqvator\fedora_connect
pass_filter = (&(objectClass=user)(uid=%u))Проверка
# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user test
+OK
pass testpwd
-ERR Authentication failed.В логе вот что
Apr 20 02:25:58 mail dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=AHc2Fkb4NgwDI1U2MD=
Apr 20 02:25:58 mail dovecot: auth(default): ldap(test,127.0.0.1): bind: dn=eqvator\fedora_connect
Apr 20 02:25:58 mail dovecot: auth(default): ldap(sysadm,127.0.0.1): invalid credentials
Apr 20 02:25:58 mail dovecot: auth(default): client out: FAIL 1 user=test
Apr 20 02:26:03 mail dovecot: pop3-login: Aborted login: user=<test>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
>[оверквотинг удален]
>В логе вот что
>Apr 20 02:25:58 mail dovecot: auth(default): client in: AUTH
>1 PLAIN service=POP3
> secured lip=127.0.0.1 rip=127.0.0.1 resp=AHc2Fkb4NgwDI1U2MD=
>
>Apr 20 02:25:58 mail dovecot: auth(default): ldap(test,127.0.0.1): bind: dn=eqvator\fedora_connect
>Apr 20 02:25:58 mail dovecot: auth(default): ldap(sysadm,127.0.0.1): invalid credentials
>Apr 20 02:25:58 mail dovecot: auth(default): client out: FAIL 1
> user=test
>Apr 20 02:26:03 mail dovecot: pop3-login: Aborted login: user=<test>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, securedПопробуй такой конфиг
hosts = 10.10.10.2:389
dn = ldapquery@blablabla.uadnpass = Bigsecret
auth_bind = yes
auth_bind_userdn = %u@blablabla.ua
# LDAP protocol version to use. Likely 2 or 3.
ldap_version = 3# LDAP base. %variables can be used here.
base = DC=blablabla,DC=ua
# Search scope: base, onelevel, subtree
scope = subtree
Вроде как все заработало, остались мелкие штрихи, а именно нужно что бы юзеры у которых поле Эл.адрес пустое, при коннекте к довекоту ходили лесом. Вот dovecot-ldap.cfhosts = s-proxy.eqvator.local srv.eqvator.local
ldap_version = 3
base = dc=eqvator, dc=local
deref = searching
scope = subtree
user_filter = (&(objectClass=user)(sAMAccountName=%n)(memberOf=CN=mail,CN=Users,DC=eqvator,DC=local)
user_attrs = sAMAccountName=home=/home/vmail/%$
pass_filter = (&(objectClass=user)(uid=%u))
auth_bind = no
auth_bind_userdn = eqvator\%uтут я уже пробовал что если user не входит в группу mail - запрет на доступ к довекоту. Не работает. Помогите...