nano /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.10 debian.sergio.com debian
4. Para que samba sea capaz de mapear los ficheros ACL (lista de
control de acceso) entre el servidor Linux y los clientes Windows, es
necesario añadir acl en el archivo de configuración.
nano /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/sda1 / ext3 defaults,acl,errors=remount-ro 0 1
/dev/sda5 none swap sw 0 0
/dev/hdc /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
nano /etc/sources.list
#
# deb cdrom:[Debian GNU/Linux 4.0 r1 _Etch_ - Official i386 CD Binary-1 20070819-11:52]/ etch contrib $
#deb cdrom:[Debian GNU/Linux 4.0 r1 _Etch_ - Official i386 CD Binary-1 20070819-11:52]/ etch contrib m$
# Line commented out by installer because it failed to verify:
deb http://security.debian.org/ etch/updates main contrib
# Line commented out by installer because it failed to verify:
deb-src http://security.debian.org/ etch/updates main contrib
#deb http://10.3.64.195:81/debian sarge main contrib non-free
9. Configuración
Durante la instalación de los nuevos paquetes nos pedirá una serie de
preguntas - respuestas de la siguiente manera.
LDAP
Introduzca la contraseña para el administrador de LDAP y confirmarla.
(Contraseña)
Samba
Introduzca un nombre para tu dominio.
(sergio.com)
Seleccionamos "No" cuando nos pregunte si el smb.conf debe ser modificado
para utilizar WINS configuración de DHCP.
Postfix
Seleccionamos "Internet Site" como tipo general de configuración.
Intro "server1.dominio.com" como nombre de correo.
Libnss-LDAP
Intro "127.0.0.1 " como servidor LDAP URI.
Intro "dc = dominio, dc = com" como nombre para la búsqueda de base.
Seleccionamos la versión LDAP. (3)
Intro "cn = admin, dc = sergio, dc = com" como LDAP cuenta de root.
Introducimos la contraseña para el administrador de LDAP. (Contraseña)
Libpam-LDAP
Seleccionamos "Sí" cuando nos pregunte sí local root debe ser la base de
datos de administrador.
Seleccionamos "No" cuando nos pregunte si la base de datos LDAP requiere
inicio de sesión.
Intro "cn=admin, dc=sergio, dc=com" como LDAP cuenta de root.
Introducimos la contraseña para el administrador de LDAP. (Contraseña)
10. Configuración de LDAP schema files
OpenLDAP
Se trata de una implementación libre del protocolo que soporta múltiples
esquemas por lo que puede utilizarse para conectarse a cualquier otro LDAP
En primer lugar copiamos los archivos del esquema MMC, correo, Samba,
impresora, DNS y DHCP en el esquema del directorio LDAP.
cp /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/
cp /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/
nano /etc/ldap/slapd.conf
Incluir el esquema de archivos después de (inetorgperson schema).
include /etc/ldap/schema/mmc.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/printer.schema
include /etc/ldap/schema/mail.schema
include /etc/ldap/schema/dnszone.schema
include /etc/ldap/schema/dhcp.schema
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index zoneName,relativeDomainName eq
index dhcpHWAddress,dhcpClassData eq
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
schemacheck on
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.
# Save the time that the entry gets modified, for database #1
lastmod on
#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
nano /etc/ldap/ldap.conf
Y añadimos las siguientes líneas
host 127.0.0.1
base dc=sergio,dc=com
cp /usr/share/doc/python-mmc-base/contrib/samba/smb.conf /etc/samba/
nano /etc/samba/smb.conf
Establecer los siguientes valores en la sección global
workgroup = SERGIO
netbiosname = PDC-SRV-SERGIO
ldap admin dn = cn=admin,dc=sergio,dc=com
ldap suffix = dc=sergio,dc=com
logon path = \\%N\profiles\%U
path = /home/samba/archives
global]
workgroup = SERGIO
netbiosname = PDC-SRV-SERGIO
preferred master = yes
os level = 65
wins support = yes
enable privileges = yes
timeserver = yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
log level = 3
null passwords = yes
security = user
# unix charset = ISO8859-1
name resolve order = bcast host
domain logons = yes
domain master = yes
printing = cups
printcap name = cups
logon path = \\%N\profiles\%U
logon script = logon.bat
logon drive = H:
map acl inherit = yes
nt acl support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
[homes]
comment = Home directories
browseable = no
writeable = yes
create mask = 0700
directory mask = 0700
hide files = /Maildir/
[public]
comment = Public share
path = /home/samba/shares/public
browseable = yes
public = yes
writeable = yes
[archives]
comment = Backup share
path = /home/samba/archives
browseable = yes
public = no
writeable = no
[printers]
comment = Printers
path = /tmp
browseable = no
public = yes
guest ok = yes
writeable = no
printable = yes
[print$]
comment = Drivers
path = /var/lib/samba/printers
browseable = yes
guest ok = yes
read only = yes
write list = Administrator,root,@lpadmin
[netlogon]
path = /home/samba/netlogon
public = no
writeable = no
browseable = no
[profiles]
path = /home/samba/profiles
writeable = yes
create mask = 0700
directory mask = 0700
browseable = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
[partage]
comment = aucun
path = /home/samba/partage
browseable = yes
public = no
writeable = yes
smbpasswd -w contraseña
nano /etc/smbldap-tools/smbldap_bind.conf
El contenido debe ser similar a este
slaveDN="cn=admin,dc=sergio,dc=com"
slavePw="contraseña"
masterDN="cn=admin,dc=sergio,dc=com"
masterPw="contraseña"
nano /etc/smbldap-tools/smbldap.conf
El contenido debe ser similar a este (Sustituimos el sid por el nuestro)
SID="S-1-5-21-3647057178-929924568-909873380"
sambaDomain="SERGIO"
ldapTLS="0"
suffix="dc=sergio,dc=com"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=SERGIO,${suffix}"
scope="sub"
hash_encrypt="SSHA"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\PDC-SRV-SERGIO\%U"
userProfile="\\PDC-SRV-SERGIO\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="sergio.com"
smbpasswd="/usr/bin/smbpasswd"
20. Configuración del NSS LDAP (El NNS permite autenticar usuarios vía
LDAP).
Editamos el nsswitch
nano /etc/nsswitch.conf
El contenido debe ser parecido a este.
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
mkdir -p /home/samba/shares/public/
mkdir /home/samba/netlogon/
mkdir /home/samba/profiles/
mkdir /home/samba/partage/
mkdir /home/samba/archives/
nano /etc/pam.d/common-account
El contenido debe ser igual al siguiente.
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
account required pam_unix.so
account sufficient pam_ldap.so
En el archivo
nano /etc/pam.d/common-auth
El contenido debe ser igual al siguiente
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth sufficient pam_unix.so nullok_secure
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
En el archivo
nano /etc/pam.d/common-password
El contenido debe ser igual al siguiente
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
#used to change user passwords. The default is pam_unix
# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# (Add `md5' after the module name to enable MD5 passwords)
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the "min" and "max" options enforce the length of the
# new password.
password sufficient pam_unix.so nullok obscure min=4 max=8 md5
password sufficient pam_ldap.so use_first_pass use_authtok
password required pam_deny.so
# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
#
# password required pam_cracklib.so retry=3 minlen=6 difok=3
# password required pam_unix.so use_authtok nullok md5
En el archivo
nano /etc/pam.d/common-session
El contenido debe ser igual al siguiente
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive). The default is pam_unix.
#
session required pam_unix.so
session optional pam_ldap.so
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
string_mask = nombstr
x509_extensions = server_cert
[ req_distinguished_name ]
countryName = DE
stateOrProvinceName = Niedersachsen
localityName = Lueneburg
organizationName = Projektfarm GmbH
organizationalUnitName = IT
commonName = debian.sergio.com
emailAddress = postmaster@sergio.com
[ server_cert ]
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
nsCertType = server
nsComment = "mailserver"
Y ajustar los derechos de la clave con el fin de que sólo el root tenga
permisos para leerlo.
chmod 600 /etc/ssl/private/mail.key
Ejecutamos
mkdir -p /var/spool/postfix/var/run/saslauthd/
nano /etc/default/saslauthd
Debe tener un aspecto como este.
#
# Settings for saslauthd daemon
#
El archivo de configuración
nano /etc/saslauthd.conf
Debe tener un aspecto como este.
ldap_servers: ldap://127.0.0.1
ldap_search_base: ou=Users,dc=dominio,dc=com
ldap_filter: (&(objectClass=mailAccount)(mail=%u@%r)(mailenable=OK))
El archivo de configuración
nano /etc/postfix/sasl/smtpd.conf
debe lucir asi
pwcheck_method: saslauthd
mech_list: plain login
Y reiniciamos SASL
/etc/init.d/saslauthd restart
25. Configuracion del POSTFIX
cp /usr/share/doc/python-mmc-base/contrib/postfix/no-virtual-domain/* /etc/postfix/
myhostname = debian.sergio.com
mydomain = sergio.com
alias_maps = ldap:/etc/postfix/ldap-aliases.cf, hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.dominio.com,dominio.com,localhost.localdomain,localhost
mail_destination_recipient_limit = 1
mailbox_command = /usr/lib/dovecot/deliver -d "$USER"@"$DOMAIN"
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
# Use Maildir
home_mailbox = Maildir/
# Basics Restrictions
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
# SSL/TLS
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
# Amavis
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
nano /etc/postfix/ldap-aliases.cf
server_host = 127.0.0.1
search_base = ou=Users,dc=sergio,dc=com
query_filter = (&(objectClass=mailAccount)(mailalias=%s)(mailenable=OK))
result_attribute = maildrop
version = 3
Vamos al archivo
nano /etc/postfix/master.cf
Des comentamos las siguientes líneas
-o smtpd_enforce_tls=yes
-o smtpd _sasl_auth_enable=yes
# SMTPS
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# Dovecot
dovecot unix - n n - - pipe
flags=DRhu user=dovecot:mail argv=/usr/lib/dovecot/deliver -d $recipient
# Mail to Amavis
amavis unix - - - - 10 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
Reiniciamos el postfix
/etc/init.d/postfix restart
Configuracion principal
Ejecutamos:
echo " " > /etc/dovecot/dovecot.conf para limpiar este archivo
# IMAP configuration
protocol imap {
mail_plugins = quota imap_quota
}
# POP3 configuration
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
mail_plugins = quota
}
# LDA configuration
protocol lda {
postmaster_address = postmaster
auth_socket_path = /var/run/dovecot/auth-master
mail_plugins = quota
}
# LDAP authentication
auth default {
mechanisms = plain login
passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
userdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = dovecot
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
Ejecutamos
echo "" > /etc/dovecot/dovecot-ldap.conf para limpiar este archivo
Vamos al archivo
nano /etc/amavis/conf.d/15-content_filter_mode,
Debe tener un aspecto como este
use strict;
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1;
Ahora vamos a
nano /etc/amavis/conf.d/50-user
Debe tener un aspecto como este
use strict;
$pax='pax';
1;
Ejecutamos:
adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
32. Spamassassin
En este paso tendremos que habilitar plugins adicionales para aumentar
la detención de spam.
# dcc
use_dcc 1
dcc_path /usr/bin/dccproc
#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::SpamCop
loadplugin Mail::SpamAssassin::Plugin::AWL
loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::SpamCop
loadplugin Mail::SpamAssassin::Plugin::AWL
loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
PIDFILE="/var/run/spamd.pid"
#NICE="--nicelevel 15"
CRON=0
Ejecutamos el comando
cp /usr/share/doc/python-mmc-base/contrib/bind/named.conf /etc/bind/
Luego cambiamos el punto de partida slapd que comienza antes del BIND.
cp /usr/share/doc/python-mmc-base/contrib/dhcpd/dhcpd.conf /etc/dhcp3/
mkdir /etc/apache2/ssl/
openssl req -new -x509 -keyout /etc/apache2/ssl/server.key -out
/etc/apache2/ssl/server.crt -days 365 –nodes
36. MMC
Crearemos dos host virtuales - uno para las conexiones http y otro para
las conexiones https.
http vhost
Vamos a nano
/etc/apache2/sites-available/http
Y Agregamos la siguiente configuracion
<VirtualHost 192.168.0.10:80>
ServerName debian.sergio.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
https vhost
Vamos a
nano /etc/apache2/sites-available/https
Agregamos la siguiente configuracion
NameVirtualHost 192.168.0.10:443
<VirtualHost 192.168.0.10:443>
ServerName debian.sergio.com
ServerAdmin Administrator@sergio.com
DocumentRoot /usr/share/mmc/
SSLEngine on
SSLCertificateKeyFile ssl/server.key
SSLCertificateFile ssl/server.crt
SSLProtocol all
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
<Directory /usr/share/mmc/>
AllowOverride None
Order allow,deny
Allow from 192.168.0.0/24
php_flag short_open_tag on
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
</Directory>
ErrorLog /var/log/apache2/mmc_error.log
CustomLog /var/log/apache2/mmc_access.log combined
LogLevel warn
</VirtualHost>
nano /etc/apache2/ports.conf
Agregamos la siguiente linea:
Listen 443
a2ensite http
a2ensite https
El módulo de reescritura
a2enmod rewrite
Y el módulo de ssl
a2enmod ssl
Ahora reiniciamos apache
/etc/init.d/apache2 restart
[main]
disable = 0
[dhcp]
dn = ou=DHCP,dc=sergio,dc=com
pidfile = /var/run/dhcpd.pid
init = /etc/init.d/dhcp3-server
logfile = /var/log/daemon.log
leases = /var/lib/dhcp3/dhcpd.leases
[dns]
dn = ou=DNS,dc=sergio,dc=com
pidfile = /var/run/bind/run/named.pid
init = /etc/init.d/bind9
logfile = /var/log/daemon.log
bindroot = /etc/bind/
binduser = bind
# dnsreader = DNS Reader
# dnsreaderpassword = DNSReaderPassword
Configuracion del plugin mmc mail (Permite por medio de la MMC añadir/
eliminar atributos de administración de entrega de correo a los usuarios
y grupos, correos electrónicos y dominios virtuales)
[main]
disable = 0
# Enable virtual domain support
vDomainSupport = 0
# If vdomain enabled, OU where the domain are stored
vDomainDN = ou=mailDomains, dc=sergio, dc=com
[userDefault]
# For Postfix delivery
# mailbox = %homeDirectory%/Maildir/
# For Dovecot delivery
mailbox = maildir:%homeDirectory%/Maildir/
# Default quota (200 MBytes) set for user
mailuserquota = 204800
[main]
disable = 0
# Computers Locations
baseComputersDN = ou=Computers, dc=sergio, dc=com
sambaConfFile = /etc/samba/smb.conf
sambaInitScript = /etc/init.d/samba
sambaClamavSo = /usr/lib/samba/vfs/vscan-clamav.so
# Default SAMBA shares location
defaultSharesPath = /home/samba
# You can specify authorized paths for share creation
# Default value is the defaultSharesPath value
# authorizedSharePaths = /shares, /opt, /srv
39. Arranque inicial del agente mmc (Este se comunica con el MMC Web
para la gestión de servicios, recursos y directorios LDAP).
/etc/init.d/mmc-agent start
/etc/init.d/bind9 restart
40. mmc Web interface (Esta interfaz permite administrar vía Web los
módulos del MDS).
43. Ahora instalaremos unos paquetes para poder ver el entorno grafico
del squirrelmail.
El archivo de configuración
Squirrelmail-configure
Para poder acceder a la interfaz squirrelmail es necesario crear un enlace entre
el archivo apache.conf del squirellmail y el archivo
/etc/apache2/conf.d/apache.conf, de este modo cuando tratemos de ingresar a
nuestro correo por medio del navegador Web, el apache2 cargara la
aplicación del squirrelmail.
Usuarios virtuales.
Es una cuenta adicional o un alias de un usuario real perteneciente a un
dominio, con el fin de que cuando se solicite esta cuenta adicional (correo
electrónico) esta sea redirigida al buzón del usuario real, de este modo el
usuario real se podrá solicitar ya sea por su nombre o por su alias (usuario
virtual).
Vamos a:
nano /usr/share/doc/python-mmc-base/contrib/postfix/with-virtual-domains/main.cf
El archivo /etc/postfix/main.cf
debe quedar de la siguiente manera
# Use Maildir
home_mailbox = Maildir/
# Basics Restrictions
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
# SSL/TLS
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
#smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
#smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
# Amavis
#content_filter = amavis:[127.0.0.1]:10024
#receive_override_options = no_address_mappings
y ejecutamos
ls -l
y nos muestra los archivos de configuracion, que vamos a copiar a la ruta
/etc/postfix
cp ldap-accounts.c /etc/postfix/
cp ldap-aliases.cf /etc/postfix/
cp ldap-domains.cf /etc/postfix/
cp ldap-gid.cf /etc/postfix/
cp ldap-maildrop.cf /etc/postfix/
cp ldap-transport.cf /etc/postfix/
cp ldap-uid.cf /etc/postfix/
nano ldap-accounts.cf
debe tener un aspecto similar a este.
server_host = 127.0.0.1
server_port = 389
search_base = ou=Users,dc=sergio,dc=com
query_filter = (&(objectClass=mailAccount)(mailenable=OK)(mail=%s))
result_attribute = mailbox
version = 3
expansion_limit = 1
nano ldap-aliases.cf
debe tener un aspecto similar a este.
server_host = 127.0.0.1
search_base = ou=Users,dc=sergio,dc=com
query_filter = (&(objectClass=mailAccount)(mailalias=%s)(mailenable=OK))
result_attribute = mail
version = 3
nano ldap-domains.cf
debe tener un aspecto similar a este.
server_host = 127.0.0.1
server_port = 389
search_base = ou=mailDomains,dc=sergio,dc=com
query_filter = (&(objectClass=mailDomain)(virtualdomain=%s))
result_attribute = virtualdomain
version = 3
nano ldap-gid.cf
debe tener un aspecto similar a este.
server_host = 127.0.0.1
server_port = 389
search_base = ou=Users,dc=sergio,dc=com
query_filter = (&(objectClass=mailAccount)(mail=%s)(mailenable=OK))
result_attribute = gidNumber
version = 3
expansion_limit = 1
nano ldap-maildrop.cf
debe tener un aspecto similar a este.
server_host = 127.0.0.1
server_port = 389
search_base = ou=Users,dc=sergio,dc=com
query_filter = (&(objectClass=mailAccount)(mailenable=OK)(mail=%s))
result_attribute = maildrop
version = 3
nano ldap-transport.cf
debe tener un aspecto similar a este.
server_host = 127.0.0.1
server_port = 389
search_base = ou=Users,dc=sergio,dc=com
query_filter = (&(objectClass=mailAccount)(mailenable=OK)(mail=%s))
result_attribute = mailhost
result_format = smtp:[%s]
version = 3
nano ldap-uid.cf
debe tener un aspecto similar a este.
server_host = 127.0.0.1
server_port = 389
search_base = ou=Users,dc=sergio,dc=com
query_filter = (&(objectClass=mailAccount)(mail=%s)(mailenable=OK))
result_attribute = uidNumber
version = 3
expansion_limit = 1
Ahora vamos a
nano /etc/mmc/plugins/mail.ini
y hacemos unas modificaciones y el archivo debe ser parecido a este.
[main]
disable = 0
# Enable virtual domain support
vDomainSupport = 1
# If vdomain enabled, OU where the domain are stored
vDomainDN = ou=mailDomains, dc=sergio, dc=com
[userDefault]
# For Postfix delivery
mailbox = %homeDirectory%/Maildir/
# For Dovecot delivery
mailbox = maildir:%homeDirectory%/Maildir/
# Default quota (200 MBytes) set for user
mailuserquota = 204800
reiniciamos el MMC-AGENT
/etc/init.d/mmc-agent restart