From b86a5772aabb5ecf9c3244ef008955391aa27192 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 19 Aug 2012 21:10:06 +0200 Subject: Catch-all aliases. --- fripost-docs.org | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/fripost-docs.org b/fripost-docs.org index 21d7154..c6e928a 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -156,6 +156,9 @@ sudo aptitude install logcheck syslog-summary ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: file /var/cache/ddclient/ddclient.cache, line [0-9]+: Invalid Value for keyword 'ip' = ''$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: updating [._[:alnum:]-]+: nochg: No update required; unnecessary attempts to change to the current address are considered abusive$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]{7,15} interface [.0-9]{7,15} -> [.0-9]{7,15}$ +# | There is no way to get rid of the warning `Fixed query_filter [...] is probably useless'. +# It is harmless in our case, since the search base is precise enough. +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtpd|cleanup|trivial-rewrite|postmap)\[[0-9]+\]: warning: dict_ldap_open: /etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf: Fixed query_filter \(\&\(ObjectClass=virtualAliases\)\(mailLocalAddress=\)\(isActive=TRUE\)\) is probably useless$ ** Configuring aptitude and friends @@ -621,7 +624,7 @@ mysql -u root -p *** Configuring the LDAP server On Debian Squeeze, OpenLDAP's configuration no longer uses `/etc/ldap/slapd.conf' -(by default, but may completely igore it in the future), but the +(by default, but may completely ignore it in the future), but the `/etc/ldap/slapd.d' directory instead. Unfortunately most of the online tutorials are describing methods using `/etc/ldap/slapd.conf'. @@ -1342,9 +1345,28 @@ Test it: query_filter = (&(ObjectClass=virtualAliases)(mailLocalAddress=%u)(isActive=TRUE)) result_attribute = mailTarget +:: /etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf + + #server_host = ldapi://%2Fvar%2Frun%2Fldapi/ + server_host = ldap://127.0.0.1:389/ + version = 3 + search_base = dc=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org + scope = one + bind = yes + bind_dn = cn=SMTP,ou=services,o=mailHosting,dc=fripost,dc=org + bind_pw = xxxxxx + query_filter = (&(ObjectClass=virtualAliases)(mailLocalAddress=)(isActive=TRUE)) + result_attribute = mailTarget + Test it: - postmap -q user-alias@fripost.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf - postmap -q user@example.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf + postmap -q user-alias@fripost.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf ldap:/etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf + postmap -q user@example.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf ldap:/etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf + postmap -q fake@example.org ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf ldap:/etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf + +Note: There is no way to get rid of the warning `Fixed query_filter +[...] is probably useless'. It is harmless in our case, since the +search base is precise enough. However, we add a logcheck exception not +to be flooded. **** Test delivery @@ -1497,7 +1519,7 @@ We will offer a SMTP relay for authenticated users (via SASL). **** Install packages -sudo apt-get install sasl2-bin libsasl2-modules-ldap +sudo apt-get install sasl2-bin libsasl2-modules (Scrictly speaking sasl2-bin is not necessary, but it offers some programs to test our installation.) @@ -1580,7 +1602,7 @@ is enough actually.) **** Test it -[Note: if you test it from localhost, you have to uset smtpd_sasl_exceptions_networks +[Note: if you test it from localhost, you have to set smtpd_sasl_exceptions_networks first.] First, we ensured that encrypted conections are required. @@ -1856,6 +1878,9 @@ In the rest of this section, we assume there is a tunnel from the master LDAP server to the machine that hosts the webmail (i.e., ldap://127.0.0.1:3890 on this machine actually speaks to the master). +It is important to bind to localhost only, since with simple binds +passwords are sent clear over the network. + :: /etc/roundcube/plugins/password/config.inc.php $rcmail_config['password_driver'] = 'ldap_simple'; @@ -2109,6 +2134,6 @@ connection." We have written some tools to make administration tasks easier. They can be found at: - git clone git://github.com/skangas/fripost-tools.git + git clone http://git.fripost.org/pub/fripost-tools.git -- cgit v1.2.3