aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2012-08-19 21:10:06 +0200
committerGuilhem Moulin <guilhem.moulin@fripost.org>2012-08-19 21:10:06 +0200
commitb86a5772aabb5ecf9c3244ef008955391aa27192 (patch)
tree1722688f4bbb7e80695842aa4675a4dcca96ac3d
parenta15c2424185ae3cb67648b03db2819e5f7b8cca9 (diff)
Catch-all aliases.
-rw-r--r--fripost-docs.org37
1 files changed, 31 insertions, 6 deletions
diff --git a/fripost-docs.org b/fripost-docs.org
index 21d7154..c6e928a 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -156,6 +156,9 @@ sudo aptitude install logcheck syslog-summary
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: file /var/cache/ddclient/ddclient.cache, line [0-9]+: Invalid Value for keyword 'ip' = ''$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: updating [._[:alnum:]-]+: nochg: No update required; unnecessary attempts to change to the current address are considered abusive$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]{7,15} interface [.0-9]{7,15} -> [.0-9]{7,15}$
+# | There is no way to get rid of the warning `Fixed query_filter [...] is probably useless'.
+# It is harmless in our case, since the search base is precise enough.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtpd|cleanup|trivial-rewrite|postmap)\[[0-9]+\]: warning: dict_ldap_open: /etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf: Fixed query_filter \(\&\(ObjectClass=virtualAliases\)\(mailLocalAddress=\)\(isActive=TRUE\)\) is probably useless$
** Configuring aptitude and friends
@@ -621,7 +624,7 @@ mysql -u root -p
*** Configuring the LDAP server
On Debian Squeeze, OpenLDAP's configuration no longer uses `/etc/ldap/slapd.conf'
-(by default, but may completely igore it in the future), but the
+(by default, but may completely ignore it in the future), but the
`/etc/ldap/slapd.d' directory instead. Unfortunately most of the online
tutorials are describing methods using `/etc/ldap/slapd.conf'.
@@ -1342,9 +1345,28 @@ Test it:
query_filter = (&(ObjectClass=virtualAliases)(mailLocalAddress=%u)(isActive=TRUE))
result_attribute = mailTarget
+:: /etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf
+
+ #server_host = ldapi://%2Fvar%2Frun%2Fldapi/
+ server_host = ldap://127.0.0.1:389/
+ version = 3
+ search_base = dc=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+ scope = one
+ bind = yes
+ bind_dn = cn=SMTP,ou=services,o=mailHosting,dc=fripost,dc=org
+ bind_pw = xxxxxx
+ query_filter = (&(ObjectClass=virtualAliases)(mailLocalAddress=)(isActive=TRUE))
+ result_attribute = mailTarget
+
Test it:
- postmap -q user-alias@fripost.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf
- postmap -q user@example.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf
+ postmap -q user-alias@fripost.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf ldap:/etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf
+ postmap -q user@example.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf ldap:/etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf
+ postmap -q fake@example.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf ldap:/etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf
+
+Note: There is no way to get rid of the warning `Fixed query_filter
+[...] is probably useless'. It is harmless in our case, since the
+search base is precise enough. However, we add a logcheck exception not
+to be flooded.
**** Test delivery
@@ -1497,7 +1519,7 @@ We will offer a SMTP relay for authenticated users (via SASL).
**** Install packages
-sudo apt-get install sasl2-bin libsasl2-modules-ldap
+sudo apt-get install sasl2-bin libsasl2-modules
(Scrictly speaking sasl2-bin is not necessary, but it offers some programs to
test our installation.)
@@ -1580,7 +1602,7 @@ is enough actually.)
**** Test it
-[Note: if you test it from localhost, you have to uset smtpd_sasl_exceptions_networks
+[Note: if you test it from localhost, you have to set smtpd_sasl_exceptions_networks
first.]
First, we ensured that encrypted conections are required.
@@ -1856,6 +1878,9 @@ In the rest of this section, we assume there is a tunnel from the master
LDAP server to the machine that hosts the webmail (i.e., ldap://127.0.0.1:3890
on this machine actually speaks to the master).
+It is important to bind to localhost only, since with simple binds
+passwords are sent clear over the network.
+
:: /etc/roundcube/plugins/password/config.inc.php
$rcmail_config['password_driver'] = 'ldap_simple';
@@ -2109,6 +2134,6 @@ connection."
We have written some tools to make administration tasks easier. They can be
found at:
- git clone git://github.com/skangas/fripost-tools.git
+ git clone http://git.fripost.org/pub/fripost-tools.git