Хочу настроить данную связку, но пока ничего не получается:
локальный домен у меня имеет вид: domain
домен во внешнем мире: domain.ru
на этом почтовике ещё немного посторонних юзверей сидят, которые у меня в MySQL
вот собственно конфиг:
Код: Выделить всё
hide mysql_servers = localhost/postfix/Exim/password
primary_hostname = www.domain.ru
MS_EXCHANGE_DOMAIN = domain
ldap_default_servers = <; 192.168.10.15:3268
LDAP_AD_BINDDN = user
LDAP_AD_PASS = password
LDAP_AD_BASE_DN = DC=domain
LDAP_AD_MAIL_RCPT = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN?mail?sub?\
(&(|(objectClass=user)(objectClass=publicFolder)(objectClass=group))\
(|(proxyAddresses=${quote_ldap:${local_part}@MS_EXCHANGE_DOMAIN})\
(proxyAddresses=smtp:${quote_ldap:${local_part}@MS_EXCHANGE_DOMAIN}))\
(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
domainlist local_domains = domain.ru
domainlist relay_to_domains = domain.ru
hostlist relay_from_hosts = localhost:127.0.0.0/8
acl_smtp_connect = acl_check_connect
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_data
spamd_address = 127.0.0.1 783
qualify_domain = domain.ru
exim_user = mailnull
exim_group = mail
never_users = root
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 30m
timeout_frozen_after = 7d
freeze_tell = postmaster@domain.ru
#helo_accept_junk_hosts = 192.168.1.0/24
auto_thaw = 1h
smtp_banner = "$primary_hostname, ESMTP"
message_size_limit = 10M
helo_allow_chars = _
smtp_enforce_sync = true
log_selector = \
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
# ACL
begin acl
acl_check_connect:
accept hosts = 127.0.0.1
control = no_enforce_sync
accept
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny message = "HELO/EHLO must be by SMTP RFC!"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
accept authenticated = *
deny message = "Not insert your IP in HELO!"
hosts = *:!+relay_from_hosts
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "It's my IP! Go home!"
deny condition = ${if match{$sender_helo_name}\
{\N^\d+$\N}{yes}{no}}
hosts = !127.0.0.1:!localhost:*
message = "In HELO can't be only numbers!"
deny message = "host in blacklist - $dnslist_domain \n $dnslist_text"
dnslists = cbl.abuseat.org : \
warn
set acl_m0 = 20s
warn
hosts = +relay_from_hosts
set acl_m0 = 0s
warn
logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
delay = $acl_m0
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_to_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
deny message = relay not permitted
acl_check_mime:
warn decode = default
deny message = Blacklisted file extension detected ($mime_filename)
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs|\.cpl)$\N} \
{1}{0}}
deny message = Sorry, noone speaks chinese here
condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
accept
acl_check_data:
#deny message = Virus found ($malware_name)
# malware = *
deny message = This message was classified as SPAM
condition = ${if < {$message_size}{20K}}
spam = nobody
warn message = X-Spam-Score: $spam_score ($spam_bar)
hosts = !+relay_from_hosts
spam = nobody:true
warn message = X-Spam-Report: $spam_report
hosts = !+relay_from_hosts
spam = nobody:true
warn message = Subject: ***SPAM*** $h_Subject:
hosts = !+relay_from_hosts
spam = nobody
deny message = This message scored $spam_score spam points.
hosts = !+relay_from_hosts
spam = nobody:true
condition = ${if >{$spam_score_int}{120}{1}{0}}
accept
# ROUTERS
begin routers
conversion_router:
driver = redirect
data = ${lookup ldap {LDAP_AD_MAIL_RCPT}}
user = mailnull
group = mail
domains = +relay_to_domains
exchange_router:
driver = "manualroute"
domains = MS_EXCHANGE_DOMAIN
transport = remote_smtp
route_list = * 192.168.10.15
no_more
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT goto FROM alias WHERE address='${local_part}@${domain}'}}
mysqluser:
driver = accept
condition = ${if eq{} {${lookup mysql{SELECT maildir FROM mailbox WHERE username='${local_part}@${domain}'}}}{no}{yes}}
transport = mysql_delivery
# TRANSPORT
begin transports
remote_smtp:
driver = smtp
mysql_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = ${lookup mysql{SELECT CONCAT("/var/mail/exim/", maildir) FROM mailbox WHERE username='${local_part}@${domain}'}}
directory_mode = 770
envelope_to_add
maildir_use_size_file
group = mail
maildir_format
maildir_tag = ,S=$message_size
message_prefix = ""
message_suffix = ""
mode = 0600
quota = ${lookup mysql{SELECT quota FROM mailbox WHERE username='${local_part}@${domain}'}{${value}M}}
quota_warn_message = "\
To: $local_part@$domain\n\
From: postmaster@$domain\n\
Subject: Your maildir is going full\n\
This message is automaticaly gnerated by your mail server.\n\
This means, that your mailbox is 80% full. If you would \n\
override this limit new mail would not be delivered to you!\n\n\
Please, clean your mailbox."
quota_warn_threshold = 80%
return_path_add
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
driver = pipe
return_output
address_reply:
driver = autoreply
# RETRY
begin retry
# Address or Domain Error Retries
* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
# REWRITE
begin rewrite
# AUTH
#begin authenticators
#auth_plain:
# driver = plaintext
# public_name = PLAIN
# server_condition = ${lookup mysql{SELECT password FROM mailbox WHERE username='${local_part}@${domain}'}{yes}{no}}
# server_prompts = :
# server_set_id = $2
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT username FROM mailbox \
WHERE username = '${quote_mysql:${local_part:$2}}@${quote_mysql:${domain:$2}}' \
AND domain = '${quote_mysql:${domain:$2}}' \
AND password = '${quote_mysql:$3}'}{yes}{no}}
server_prompts = :
server_set_id = $2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${lookup mysql{SELECT username FROM mailbox \
WHERE username = '${quote_mysql:${local_part:$1}}@${quote_mysql:${domain:$1}}' \
AND domain = '${quote_mysql:${domain:$1}}' \
AND password = '${quote_mysql:$2}'}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $1
auth_cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT password FROM mailbox \
WHERE username = '${quote_mysql:${local_part:$2}}@${quote_mysql:${domain:$2}}' \
AND domain = '${quote_mysql:${domain:$1}}'}{$value}fail}
server_set_id = $1
В логе:
Код: Выделить всё
2008-07-04 13:05:04 1KEhE0-0004M4-M0 == test@domain.ru R=conversion_router defer (-1): failed to expand "${lookup ldap {user=user pass=xxxxxx ldap:///DC=domain?mail?sub?(&(|(objectClass=user)(objectClass=publicFolder)(objectClass=group))(|(proxyAddresses=${quote_ldap:${local_part}@domain})(proxyAddresses=smtp:${quote_ldap:${local_part}@domain}))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))}}": lookup of "user=test pass=Sz2vBu ldap:///DC=domain?mail?sub?(&(|(objectClass=user)(objectClass=publicFolder)(objectClass=group))(|(proxyAddresses=user0%40domain)(proxyAddresses=smtp:user%40domain))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" gave DEFER: failed to bind the LDAP connection to server 192.168.10.15:3268 - LDAP error 49: Invalid credentials
отправляю с
test@domain.ru на
user@domain.ru,
test@domain.ru в MYSQL,
user@domain.ru алиас с user@domain в Exchange
Я вообще слабо понимаю в LDAP и MS Exchange, народ может кто подскажет минимальный конфиг для проверки пользователей в AD и пересылке на Exchange сервер. Например что за "userAccountControl:1.2.840.113556.1.4.803:=2" я вообще без понятия и для чего его lissyara включил.
