기본 설정
addgroup --gid 2000 vmail
adduser --uid 2000 --gid 2000 --disabled-login --gecos "" vmail
mkdir /etc/postfix/ldap
mkdir /var/mail/vmail
mkdir /var/mail/ws-user01
mkdir /var/mail/ws-user02
chown vmail:vmail /var/mail/*
인증서 설정
cp /usr/local/share/ca-certificates/rootca.crt /etc/ssl
# 여기서부터 int-srv
scp /etc/ssl/ws-SubCA/certs/mail.key 10.1.20.10:/etc/ssl
scp /etc/ssl/ws-SubCA/certs/mail.crt 10.1.20.10:/etc/ssl
scp /etc/ssl/ws-SubCA/cacert.pem 10.1.20.10:/etc/ssl/subca.crt
# 다시 mail
cat /etc/ssl/subca.crt /etc/ssl/rootca.crt > /etc/ssl/chain.crt
cat /etc/ssl/mail.crt /etc/ssl/chain.crt > /etc/ssl/fullchain.crt
SMTP (postfix)
vi /etc/postfix/master.cf
### vi ### 주석 제거 하면 됨
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
submissions inet n - y - - smtpd
-o syslog_name=postfix/submissions
-o smtpd_tls_wrappermode=yes
### vi ###
vi /etc/postfix/main.cf
### vi ###
smtpd_tls_cert_file=/etc/ssl/fullchain.crt
smtpd_tls_key_file=/etc/ssl/mail.key
smtpd_tls_security_level=may
# 위 3줄은 값만 바꿔주면 됨. 아래 이어지는 부분은 직접 작성
smtpd_sasl_auth_enable=yes
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
#이건 원래 있는거 수정
smtpd_relay_restrictions = permit_sasl_authenticated reject_unauth_destination
mydestination = localhost
virtual_mailbox_domains = worldskills.org
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:/etc/postfix/ldap/virtual_mailbox_maps
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/ldap/virtual_alias_maps
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
transport_maps = /etc/postfix/transport
### vi ###
vi /etc/postfix/virtual
### vi ###
[email protected] echo
### vi ###
vi /etc/postfix/transport
### vi ###
[email protected] vmail:
### vi ###
postmap /etc/postfix/virtual
postmap /etc/postfix/transport
vi /etc/postfix/ldap/virtual_alias_maps
### vi ###
server_host = 10.1.10.10
version = 3
bind_dn = cn=admin,dc=int,dc=worldskills,dc=org
bind_pw = Skill39**
search_base = ou=Employees,dc=int,dc=worldskills,dc=org
scope = sub
query_filter = (uid=%s)
result_attribute = mail
### vi ###
vi /etc/postfix/ldap/virtual_mailbox_maps
### vi ###
server_host = 10.1.10.10
version = 3
bind_dn = cn=admin,dc=int,dc=worldskills,dc=org
bind_pw = Skill39**
search_base = ou=Employees,dc=int,dc=worldskills,dc=org
scope = sub
query_filter = (uid=%s)
result_attribute = uid
result_format = /var/mail/%s/
### vi ###
systemctl restart postfix
**+ 검증**
- postmap 테스트
postmap -q ws-user01 ldap:/etc/postfix/ldap/virtual_alias_maps
[email protected]
postmap -q ws-user01 ldap:/etc/postfix/ldap/virtual_mailbox_maps
/var/mail/ws-user01/
- 송신 테스트
echo -ne "\\0ws-user01\\0Skill39**" | base64
AHdzLXVzZXIwMQBTa2lsbDM5Kio=
echo -e "ehlo mail.worldskills.org\\nAUTH PLAIN AHdzLXVzZXIwMQBTa2lsbDM5Kio=
\\nMAIL FROM:<[email protected]>\\nRCPT TO:<[email protected]>\\nDATA\\nFrom: [email protected]\\nTo: [email protected]\\nSubject: Test\\n." | openssl s_client -starttls smtp -connect mail.worldskills.org:587 -ign_eof
IMAP (Dovecot)
vi /etc/dovecot/conf.d/10-master.conf
### vi ### 주석 제거
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps{
port = 993
ssl = yes
}
...
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
}
### vi ###
vi /etc/dovecot/conf.d/10-mail.conf
### vi ###
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_location = maildir:/var/mail/%n
### vi ###
vi /etc/dovecot/conf.d/10-auth.conf
### vi ###
disable_plaintext_auth = yes
auth_username_format = %n
auth_mechanisms = plain login
!include auth-system.conf.ext
!include auth-ldap.conf.ext
### vi ###
vi /etc/dovecot/conf.d/10-ssl.conf
### vi ###
ssl = yes
ssl_cert = </etc/ssl/fullchain.crt
ssl_key = </etc/ssl/mail.key
### vi ###
vi /etc/dovecot/conf.d/auth-ldap.conf.ext
### vi ###
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
driver = static
args = uid=2000 gid=2000 home=/var/mail/%n
}
### vi ###
vi /etc/dovecot/dovecot-ldap.conf.ext
### vi ###
hosts = 10.1.10.10
auth_bind = yes
auth_bind_userdn = uid=%u,ou=Employees,dc=int,dc=worldskills,dc=org
base = ou=Employees,dc=int,dc=worldskills,dc=org
### vi ###
systemctl restart dovecot
**+ 검증
-**telnet 테스트
telnet localhost 143
a login ws-user01 Skill39**
a LIST "" "*"
a logout
- 유저 테스트
doveadm user ws-user01
doveadm user [email protected]
자동 응답 서비스
vi /etc/postfix/master.cf
### vi ###
vmail unix - n n - - pipe
flags=Rq user=vmail argv=/var/mail/vmail/autoreply.sh ${sender} ${recipient}
### vi ###
vi /var/mail/vmail/autoreply.sh
### vi ###
#!/bin/bash
SENDER="$1"
RECIPIENT="$2"
SUBJECT=$(formail -c -x Subject:)
REPLY_SUBJECT="Re: ${SUBJECT}"
/usr/sbin/sendmail -t <<EOF
To: ${SENDER}
From: ${RECIPIENT}
Subject: ${REPLY_SUBJECT}
worldskills mail service
EOF
### vi ###
chmod -x /var/mail/vmail/autoreply.sh
systemctl restart postfix