Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Bionic Beaver 18.04 LTS
This howto will describe how to set up and configure virtual mail hosting with an LDAP backend.
The software we will use in this howto: Postfix (MTA), Dovecot (IMAP / POP3), Gnarwl (vacation), OpenLDAP (LDAP) and vMailpanel as the management interface.
Optional are Proftpd FTP, Roundcube (webmail) and MariaDB (SQL backend for Roundcube).
This worked for me, but I cannot guarantee that this set up will work for you so this howto comes without any guarantee.
Assumptions
This how-to assumes the following configurations, if your installation differs from this, then replace the entries below with your actual configuration.
Mail delivery (mailboxes) path:
/home/vmail/
User vmail:
UID:1000, GID:1000
User postfix:
UID: 108, GID:108
OpenLDAP base dn:
dc=example,dc=tld
OpenLDAP admin account:
cn=admin,dc=example,dc=tld
vMailpanel search dn:
o=hosting,dc=example,dc=tld
A read only account for the o=hosting,dc=example,dc=tld tree:
cn=vmail,o=hosting,dc=example,dc=tld
You’re using root as the user during this guide.
If you want for example o=maildomains or ou=domains, please make sure to replace o=hosting with what you want, especially in the acl.ldif. This acl file is strict, phamm will not work correctly if it is not exactly as it should be. If you want a different read only user than phamm than replace cn=phamm with cn=wat-you everywhere in this how to.
This guide also assumes that you have installed and configured your Ubuntu server to your needs, there are plenty of good guides on Howtoforge for example:
You can stop after the installation and configuration of Apache2.
Step 1: Download vMailpanel
Download the vMailpanel package:
cd /usr/share
Get the latest version of vMailpanel:
git clone https://git.com/wolmfan68/vMailpanel
OK, now we can start.
Step 2: Install and configure OpenLDAP
Install OpenLDAP and ldap-utils:
apt -y install slapd ldap-utils php-ldap
Reconfigure slapd to make sure it reflects your wanted setup
dpkg-reconfigure slapd
You will have to answer some questions:
Omit OpenLDAP server configuration? No
DNS domain name: example.tld ==>put your domain name here
Organization name: example.tld ==> put your organization here
Administrator password: secret ==> put your password
Confirm password: secret
Database backend to use: MDB
Do you want the database to be removed when slapd is purged? Yes
Move old database? Yes
Change into the /etc/ldap/schema directory:
cd /etc/ldap/schema
Copy the phamm.schema and perversia.net.schema from the phamm package to the schema directory:
cp /usr/share/vMailbox/schema/* /etc/ldap/schema.
Now we add the schemas to openldap.
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/phamm.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ISPEnv2.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/amavis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/pureftpd.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/perversia.net.ldif
Now we create the o=hosting entry, and the vmail account.
Modify the text below to your needs and wants and generate a password for the vmail account. The hash currently in this file sets the password to read-only
To create the hash for the vmail account issue the following command:
slappasswd -h {MD5}
Type the wanted password twice and copy the result into the text below.
nano base.ldif
Contents of base.ldif
dn: o=hosting,dc=example,dc=tld
objectClass: organization
objectClass: top
o: hosting description: Hosting Organization
# Read only account
dn: cn=vmail,o=hosting,dc=example,dc=tld
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: vmail
userPassword: {MD5}M267sheb6qc0Ck8WIPOvQA==
description: Read only account
Load the base dn into the database with the following command:
ldapmodify -a -D cn=admin,dc=example,dc=tld -W -f base.ldif
Now we need to modify the acl’s so that the correct access is given to each user type.
ldapmodify -Y EXTERNAL -H ldapi:/// -f acl-remove.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f acl-new.ldif
You can check the new acl’s with the following command:
slapcat -n 0
This concludes the OpenLDAP configuration.
Step 3: Install And Configure Postfix
Before this, we need to have the vmail user and its home directory.
Create the vmail user and group:
useradd vmail
By default, the group vmail is created, too.
Check /etc/passwd for the actual uid and group number.
Next, create the vmail directory and set ownership to the vmail user and group.
mkdir /home/vmail
mkdir /home/vmail/domains
chown -R vmail:vmail /home/vmail
Run the following command to install Postfix and other required applications:
apt install postfix postfix-ldap
You will be asked two questions. Answer as follows:
General type of mail configuration: <–Stand alone
System mail name: <– mail.example.tld
We do not install sasl since we will use the Dovecot LDA and deliver.
Now we create the certificates for TLS:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Note: you can copy all of the files under examples/postfix to your etc/postfix directory and make changes accordingly. For completeness reasons I will give the complete setup below.
Now we will configure postfix:
cd /etc/postfix
mv /etc/postfix/main.cf /etc/postfix/main.cf.bck
nano /etc/postfix/main.cf
And paste the following into it. Please not that this config allows the sending (relaying) of mails by authenticated users, and also the sending of local mails (like for example to root, postmaster, …) to the respective aliases if they are configured.
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA’s job.
append_dot_mydomain = no
# Uncomment the next line to generate “delayed mail” warnings
delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
myhostname = mail.example.tld
alias_maps = hash:/etc/aliases,
alias_database = hash:/etc/aliases
myorigin = localhost
relayhost =
mynetworks = 127.0.0.0/8
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/lib/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
#smtp_bind_address = your ip address (optional) ==>unmark and change the ip address for your setup.
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_unknown_sender_domain
reject_rbl_client list.dsbl.org
reject_rbl_client cbl.abuseat.org
reject_rhsbl_sender dsn.fc-ignorant.org
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
smtpd_helo_required = yes
# transport_maps
maildrop_destination_concurrency_limit = 2
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport, ldap:/etc/postfix/ldap-transport.cf
mydestination = $transport_maps, localhost, localhost.localdomain, $myhostname, localhost.$mydomain, $mydomain
virtual_alias_maps =
ldap:/etc/postfix/ldap-aliases.cf,
ldap:/etc/postfix/ldap-virtualforward.cf,
ldap:/etc/postfix/ldap-accountsmap.cf
# virtual accounts for delivery
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps =
ldap:/etc/postfix/ldap-accounts.cf
virtual_minimum_uid = 1000 ==> Change this to the actual uid of the user vmail
virtual_uid_maps = static:1000 ==> Change this to the actual uid of the user vmail
virtual_gid_maps = static:1000 ==> Change this to the actual uid of the user vmail
local_recipient_maps = $alias_maps
recipient_bcc_maps = ldap:/etc/postfix/ldap-vacation.cf
nano /etc/postfix/master.cf
And paste the following into it (add the end):
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
gnarwl unix - n n - - pipe
flags=F user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}
Now we need to write the different ldap-xxx.cf files
nano ldap-accounts.cf
And paste the following in to it:
server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readmonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailbox
nano ldap-accounstmap.cf
And paste the following in to it:
server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mail
nano ldap-aliases.cf
And paste the following in to it:
server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
result_attribute = maildrop
nano ldap-transport.cf
And paste the following in to it:
server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE)(delete=FALSE))
result_attribute = postfixTransport
nano ldap-vacation.cf
And paste the following in to it:
server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailAutoreply
nano ldap-virtualforward.cf
And paste the following in to it:
server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
result_attribute = maildrop
This concludes the postfix setup.
Step 4: Install And Configure Dovecot
apt install dovecot-imapd dovecot-pop3d dovecot-ldap
This will install dovecot and all necessary files and also create the standard SSL certificates for IMAPs and POP3s.
First, we change into the dovecot directory.
Note: you can copy all of the files under examples/dovecot to your etc/dovecot directory and make changes accordingly. For completeness reasons I will give the complete setup below.
cd /etc/dovecot
Now we configure the different dovecot configuration files.
nano dovecot-ldap.conf.ext
And make the following changes:
hosts = localhost:389
ldap_version = 3
auth_bind = yes
dn = cn=vmail,o=hosting,dc=example,dc=tld
dnpass = readonly
base = o=hosting,dc=hosting,dc=tld
scope = subtree
deref = never
user_attrs = quota=quota=maildir:storage
user_attrs = quota=quota=maildir:storage=%$B
user_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
pass_attrs = mail,userPassword
pass_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
default_pass_scheme = MD5
cd conf.d
vi 10-auth.conf
And change the section Password and User Databases to this:
#!include auth-deny.conf.ext
#!include auth-master.conf.ext
#!include auth-system.conf.ext
#!include auth-sql.conf.ext
!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext
vi 10-mail.conf
And make the following changes:
mail_location = maildir:/home/vmail/%d/%u
mail_uid = 1000 ==> change to the actual vmail uid value
mail_gid = 1000 ==> change this to the actual vmail gid value
first_valid_uid = 1000 ==> change to the actual vmail uid value
first_valid_gid = 1000 ==> change this to the actual vmail gid value
vi 10-master.conf
And make the following changes:
unix_listener auth-userdb {
mode = 0666
user = vmail
group = vmail
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
vi 15-lda.conf
And make the following changes:
postmaster_address = [email protected]
lda_mailbox_autocreate = yes
This concludes the Dovecot configuration.
Step 5: Install And Configure gnarwl
Let’s install gnarwl:
apt install gnarwl
Now let’s configure gnarwl.
First, we’re going to back up the original configuration file and replace it with a new one.
mv /etc/gnarwl.conf /etc/gnarwl.conf.bck
Now we create the new conf file:
vi /etc/gnarwl.conf
And insert the following:
map_sender $sender map_receiver $recepient map_subject $subject map_field $begin vacationStart map_field $end vacationEnd map_field $fullname cn map_field $deputy vacationForward map_field $reply mail server localhost port 389 scope sub login cn=vmail,o=hosting,dc=example,dc=tld password readonly protocol 0 base dc=example,dc=tld queryfilter (&(mailAutoreply=$recepient)(vacationActive=TRUE)) result vacationInfo blockfiles /var/lib/gnarwl/block/ umask 0644 blockexpire 48 mta /usr/sbin/sendmail -F $recepient -t $sender maxreceivers 64 maxheader 512 charset ISO8859-1 badheaders /var/lib/gnarwl/badheaders.db blacklist /var/lib/gnarwl/blacklist.db forceheader /var/lib/gnarwl/header.txt forcefooter /var/lib/gnarwl/footer.txt recvheader To Cc loglevel 3
Make the gnarwl directory readable for the vmail user
chown -R vmail:vmail /var/lib/gnarwl/
Next, we need to add the gnarwl transport to postfix
vi /etc/postfix/transport
Insert the following:
.autoreply gnarwl:
Now we need to create the transport.db
postmap /etc/postfix/transport
This concludes the gnarwl configuration.
Step 6: Install And Configure vMailpanel
Since we downloaded vMailpanel before, we can directly begin with the configuration of the vMailpanel interface.
chown -R www-data:www-data /usr/share/phamm
cd /usr/share/vMailpanel
Now we will configure phamm for actual use.
cp config.inc.example.php config.inc.php
nano config.inc.php
Change the ldap connection parameters to fit your actual configuration.
// *============================* // *=== LDAP Server Settings ===* // *============================* // The server address (IP or FQDN) define ('LDAP_HOST_NAME','127.0.0.1'); // The protocol version [2,3] define ('LDAP_PROTOCOL_VERSION','3'); // The server port define ('LDAP_PORT','389'); // The container define ('SUFFIX','dc=example,dc=tld'); // The admin bind dn (could be rootdn) define ('BINDDN','cn=admin,dc=example,dc=tld'); // The Phamm container define ('LDAP_BASE','o=hosting,dc=example,dc=tld');
and change
// Welcome message define ('SEND_WELCOME',1); $welcome_msg = '../welcome_message.txt'; $welcome_subject = 'Welcome!'; # $welcome_sender = '[email protected]'; $welcome_bcc = '[email protected]';
This will send a welcome message and a bcc to your postmaster account.
Enable the fpt and person plugin by removing the // in the plugins section. If wanted you can also enable the davical and or jabber plugins, the schema needed for these plugins is installed.
In the config.inc.php you will find:
define ('DELETE_ACCOUNT_IMMEDIATELY', false);
If you set this to true, account or domain deletion takes effect immediately. However, the physical mailbox is not deleted (or the domain directory). In order to delete the physical mailbox, we should use the cleaner.sh script. This is described below.
You can edit plugins/mail.xml to change the defaults for SMTP and quota, modify them to your needs. The default is set to 1GB quota.
You can edit plugins/ftp.xml to change the defaults for default ftp (base) directory and quota, modify them to your needs.
Do not forget to create the aliases and or mailboxes for postmaster, webmaster since these are used by official’s and ISP’s to send mail to in case of … Not having these addresses could result in being blacklisted.
By default the aliases [email protected] and [email protected] that default to [email protected] are created.
Now the cleaner script:
cp tools/cleaner.sh /home/vmail/cleaner.sh
Change the following in cleaner.sh
BINDDN="cn=admin,dc=example,dc=tld"
BINDPW="password"
LDAP_BASE="o=hosting,dc=example,dc=tld"
To reflect your installation
nano /home/vmail/cleaner.sh
crontab -e
Insert the following:
*/10 * * * * /home/vmail/cleaner.sh
This will run the cleaner script every 10 minutes. Feel free to change the timing.
Now we will add vMailpanel to Apache
nano /etc/apache2/conf-enabled/000-default.conf
And add between the <VirtualHost> </VirtualHost> entries the following:
Alias /vmailpanel /usr/share/vMailpanel/public
This concludes the vMailpanel configuration.
Step 7: Install and configure Roundcube webmail
First, we create a database called roundcube:
mysqladmin -u root -p create roundcube
Next, we go to the MySQL shell:
mysql -u root -p
On the MySQL shell, we create the user roundcube with the password roundcube_password (replace it with a password of your choice) who has SELECT,INSERT,UPDATE,DELETE privileges on the roundcube database. This user will be used by Postfix and Courier to connect to the roundcube database:
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO ’roundcube’@’localhost’ IDENTIFIED BY ’roundcube_password’;
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO ’roundcube’@’localhost.localdomain’ IDENTIFIED BY ’roundcube_password’;
FLUSH PRIVILEGES;
Now we download and install Roundcube:
cd/usr/src
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6.tar.gz
tar xvzf roundcubemail-1.3.6.tar.gz
mv roundcubemail-1.3.6 /var/www/roundcube
chown -R www-data:www-data /var/www/roundcube
cd /var/www/roundcube
Always check for the lastest version of Roundcube and download that one and modify the commands above to the version of Roundcube you downloaded.
https://roundcube.net/download/
Now we load the sql tables in to the database we created before:
mysql -u roundcube -p roundcube < SQL/mysql.initial.sql
Now we edit the Roundcube configuration:
cp config/config.inc.php.sample config/config.inc.php
Set the database configuration:
nano config/config.inc.php
Change the following line to the database configuration:
$rcmail_config['db_dsnw'] = 'mysql://roundcube:[email protected]/roundcube';
And change the following
From:
// List of active plugins (in plugins/ directory) $config['plugins'] = array(
'archive',
'zipdownload',
To:
// List of active plugins (in plugins/ directory) $config['plugins'] = array(
'archive',
'zipdownload',
'password',
'vacation',
Change:
chars.$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';
To:
chars.$rcmail_config['des_key'] = 'your-own-24-digitkeystring';
Change:
$rcmail_config['default_host'] = '';
To:
$rcmail_config['default_host'] = 'localhost';
Change:
$rcmail_config['smtp_server'] = '';
To
$rcmail_config['smtp_server'] = 'localhost';
The configuration for the password plugin:
cp plugins/password/config.inc.php.dist plugins/password/config.inc.php
Edit the configuration:
nano plugins/password/config.inc.php
Change the following entries
From:
$rcmail_config['password_driver'] = 'sql';
To:
$rcmail_config['password_driver'] = 'ldap';
From:
// LDAP Driver options // ------------------- // LDAP server name to connect to. // You can provide one or several hosts in an array in which case the hosts are tried from left to right. // Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com'); // Default: 'localhost' $rcmail_config['password_ldap_host'] = 'localhost'; // LDAP server port to connect to // Default: '389' $rcmail_config['password_ldap_port'] = '389'; // TLS is started after connecting // Using TLS for password modification is recommanded. // Default: false $rcmail_config['password_ldap_starttls'] = false; // LDAP version // Default: '3' $rcmail_config['password_ldap_version'] = '3'; // LDAP base name (root directory) // Exemple: 'dc=exemple,dc=com' $rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com'; // LDAP connection method // There is two connection method for changing a user's LDAP password. // 'user': use user credential (recommanded, require password_confirm_current=true) // 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW) // Default: 'user' $rcmail_config['password_ldap_method'] = 'user'; // LDAP Admin DN // Used only in admin connection mode // Default: null $rcmail_config['password_ldap_adminDN'] = null; // LDAP Admin Password // Used only in admin connection mode // Default: null $rcmail_config['password_ldap_adminPW'] = null; // LDAP user DN mask // The user's DN is mandatory and as we only have his login, // we need to re-create his DN using a mask // '%login' will be replaced by the current roundcube user's login // '%name' will be replaced by the current roundcube user's name part // '%domain' will be replaced by the current roundcube user's domain part // Exemple: 'uid=%login,ou=people,dc=exemple,dc=com' $rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com'; // LDAP password hash type // Standard LDAP encryption type which must be one of: crypt, // ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. // Please note that most encodage types require external libraries // to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info. // Default: 'crypt' $rcmail_config['password_ldap_encodage'] = 'crypt'; // LDAP password attribute // Name of the ldap's attribute used for storing user password // Default: 'userPassword' $rcmail_config['password_ldap_pwattr'] = 'userPassword'; // LDAP password force replace // Force LDAP replace in cases where ACL allows only replace not read // See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace // Default: true $rcmail_config['password_ldap_force_replace'] = true;
To:
$rcmail_config['password_ldap_host'] = 'localhost'; $rcmail_config['password_ldap_port'] = '389'; $rcmail_config['password_ldap_starttls'] = false; $rcmail_config['password_ldap_version'] = '3'; $rcmail_config['password_ldap_basedn'] = 'o=hosting,dc=example,dc=tld'; $rcmail_config['password_ldap_method'] = 'user'; $rcmail_config['password_ldap_adminDN'] = null; $rcmail_config['password_ldap_adminPW'] = null; $rcmail_config['password_ldap_userDN_mask'] = 'mail=%login,vd=%domain,o=hosting,dc=example,dc=tld'; $rcmail_config['password_ldap_encodage'] = 'md5'; $rcmail_config['password_ldap_pwattr'] = 'userPassword'; $rcmail_config['password_ldap_force_replace'] = true;
Now we’re going to download and install the vacation plugin:
cd /usr/src
wget https://github.com/bhuisgen/rc-vacation/archive/master.zip
unzip rc-vacation-master.zip
mv rc-vacation /var/www/roundcube/plugins/vacation
cd /var/www/roundcube/plugins/vacation
Now we edit the configuration and change:
nano plugins/vacation/config.inc.php
Change:
$rcmail_config['vacation_gui_vacationsubject'] = TRUE;
To:
$rcmail_config['vacation_gui_vacationsubject'] = FALSE;
Change:
$rcmail_config['vacation_driver'] = 'sql';
To:
$rcmail_config['vacation_driver'] = 'ldap';
Change:
// Base DN $rcmail_config['vacation_ldap_base'] = 'dc=ldap,dc=my,dc=domain'; // Bind DN $rcmail_config['vacation_ldap_binddn'] = 'cn=user,dc=ldap,dc=my,dc=domain'; // Bind password $rcmail_config['vacation_ldap_bindpw'] = 'pa$$w0rd';
To:
// Base DN $rcmail_config['vacation_ldap_base'] = 'o=hosting,dc=example,dc=tld'; // Bind DN $rcmail_config['vacation_ldap_binddn'] = 'cn=admin,dc=example,dc=tld'; // Bind password $rcmail_config['vacation_ldap_bindpw'] = 'yourpassword';
Change:
// Search filter to read data $rcmail_config['vacation_ldap_search_filter'] = '(objectClass=mailAccount)'; // Search attributes to read data $rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo'); // array of DN to use for modify operations required to write data. $rcmail_config['vacation_ldap_modify_dns'] = array ( 'cn=%email_local,ou=Mailboxes,dc=%email_domain,ou=MailServer,dc=ldap,dc=my,dc=domain' );
To:
// Search base to read data $rcmail_config['vacation_ldap_search_base'] = 'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld'; // Search filter to read data $rcmail_config['vacation_ldap_search_filter'] = '(objectClass=VirtualMailAccount)'; // Search attributes to read data $rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo'); // array of DN to use for modify operations required to write data. $rcmail_config['vacation_ldap_modify_dns'] = array ( 'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld' );
We have to change the document root in the Apche2 server configuration so that Roundcube can be accessed.
nano /etc/apache2/sites-enabled/000-default.conf
And change from:
DocumentRoot /var/www/html
To:
DocumentRoot /var/www/
This concludes the configuration for Roundcube.
Step 8: Install and configure proftpd
First, we will install proftpd and its requirements:
apt install proftpd proftpd-mod-ldap
Depending on your load you can decide between stand alone and inet.d.
Note: You can copy the config files from examples/proftpd to /etc/proftpd but for clarity, I will outline all of the configuration steps.
Edit /etc/proftpd/proftpd.conf:
nano /etc/proftpd/proftpd.conf
And change from:
# Use this to jail all users in their homes # DefaultRoot ~
To:
# Use this to jail all users in their homes DefaultRoot
And change from:
#RequireValidShell off
To:
RequireValidShell off
And change:
# Alternative authentication frameworks
#
# Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
To:
# Alternative authentication frameworks
#
Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
~
Now edit /etc/proftpd/modules.conf:
nano /etc/proftpd/modules.conf
And change from:
# Install proftpd-mod-ldap to use this #LoadModule mod_ldap.c
To:
# Install proftpd-mod-ldap to use this LoadModule mod_ldap.c
And from:
# Install proftpd-mod-ldap to use this # LoadModule mod_quotatab_ldap.c
To:
# Install proftpd-mod-ldap to use this LoadModule mod_quotatab_ldap.c
No edit /etc/proftpd/ldap.conf and set the following:
<IfModule mod_ldap.c>
#
#LDAPServer ldap://ldap.example.com
#LDAPBindDN "cn=admin,dc=example,dc=com" "admin_password"
#LDAPUsers dc=users,dc=example,dc=com (uid=%u) (uidNumber=%u)
#LDAPUseTLS on
#
#
#LDAPServer ldaps://ldap.example.com
#LDAPBindDN "cn=admin,dc=example,dc=com" "admin_password"
#LDAPUsers dc=users,dc=example,dc=com (uid=%u) (uidNumber=%u)
#
LDAPServer ldap://127.0.0.1/??sub
LDAPBindDN "cn=vmail,o=hosting,dc=example,dc=tld "readonly"
LDAPUsers "o=hosting,dc=example,dc=tld" "(&(uid=%v)(objectclass=posixAccount))"
LDAPDefaultGID 33
LDAPDefaultUID 33
LDAPForceDefaultGID True
LDAPForceDefaultUID True</IfModule>
The following commands set the default user to www-data which suits me, you can change these values to suit your setup or leave them out to use the login uid / gid.
LDAPDefaultGID 33
LDAPDefaultUID 33
LDAPForceDefaultGID True
LDAPForceDefaultUID True
33 Is the uid/gid of my testing setup, it can be different on your setup.
This concludes the proftpd installation.
Step 9: Bringing it all together
Issue the following commands to restart all of the services:
service slapd restart
service postfix restart
service dovecot restart
service proftpd restart
service apache2 restart
Now you can go to phamm and start adding mail domains and users.
Enjoy.
Note: notify me of any errors or problems with this how to so I can improve and amend this how to.
Use this thread in the forum:
I am subscribed to this thread so I will get notifications of new posts in this thread.