[postfix-es] Hola a todos
Carlos R Laguna
carlosr en jovenclub.cu
Lun Ene 16 20:21:00 CET 2012
Recien y empeze a utilizar postfix y por necesidad requiero dividir el
alcance de los usuarios
o sea nacional o internacional. Para ello seguí una propuesta de usar
los grupos que se crean en ldap para manejar esto y de esta manera tengo
lo siguiente en el main.cf
# Grupos de Usuarios
internacional_server_host = 127.0.0.1
internacional_server_port = 389
internacional_bind = no
internacional_timeout = 5
internacional_search_base = ou=Groups,dc=jovenclub,dc=cu
internacional_query_filter = (&(|(cn=CorreoInt))(memberUid=%u))
internacional_result_attribute = cn
smtpd_sender_login_maps = ldap:ldapvirtualmap
smtpd_restriction_classes = CorreoInt, Internacional, InternacionalSalida
# Clases
CorreoInt = permit
Internacional =
check_recipient_access ldap:internacional,
check_sender_access regexp:/etc/postfix/internacional.cf
InternacionalSalida =
check_sender_access ldap:internacional,
check_recipient_access regexp:/etc/postfix/internacional.cf
# Reglas
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname
smtpd_sender_restrictions =
reject_non_fqdn_sender,
permit_mynetworks,
permit_sasl_authenticated
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
check_sender_access regexp:/etc/postfix/acceso.cf,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
permit
Sin embargo postfix hace caso 0 a esto y simplemente envía el correo
no tengo casi ninguna experiencia con postfix y de haber algo previo
obstaculizando estas opciones realmente no lo sabría
asi que os deja el main.cf
# Generated by Zentyal
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# require helo
smtpd_delay_reject = yes
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUAs job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myorigin = /etc/mailname
myhostname = tinomail.jovenclub.cu
mydestination = $myorigin,$myhostname,localhost,localhost.$mydomain
smtp_helo_name = tinomail.jovenclub.cu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
relayhost = mx4.jovenclub.cu
smtp_tls_security_level = may
smtp_tls_key_file = /etc/postfix/sasl/postfix.pem
smtp_tls_cert_file = /etc/postfix/sasl/postfix.pem
mynetworks = 127.0.0.0/8 192.168.xxx.xxx/32 ect.
message_size_limit = 3145728
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all
# Virtual Aliases
virtual_alias_maps = ldap:valiases
valiases_server_host = 127.0.0.1
valiases_search_base = ou=mailalias,ou=postfix,dc=jovenclub,dc=cu
valiases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
valiases_result_attribute = maildrop
aliases_bind = no
# Virtual Domains
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
#virtual_transport = virtual
virtual_mailbox_base = /var/vmail/
virtual_mailbox_maps= ldap:ldapvirtualmap
ldapvirtualmap_server_host = 127.0.0.1:389
ldapvirtualmap_bind = no
ldapvirtualmap_search_base = ou=Users,dc=jovenclub,dc=cu
ldapvirtualmap_query_filter =
(&(mail=%s)(!(quota=-1))(objectClass=CourierMailAccount))
ldapvirtualmap_result_attribute = mailbox
virtual_mailbox_domains = ldap:vmaildomains
vmaildomains_server_host = 127.0.0.1
vmaildomains_bind = no
vmaildomains_search_base = ou=postfix,dc=jovenclub,dc=cu
vmaildomains_query_filter =
(|(&(objectclass=domain)(domainComponent=%s))(&(objectclass=CourierMailAlias)(mail=@%s)))
vmaildomains_result_attribute = dc, maildrop
virtual_minimum_uid = 100
virtual_uid_maps = static:110
virtual_gid_maps = static:114
#########
# Grupos de Usuarios
internacional_server_host = 127.0.0.1
internacional_server_port = 389
internacional_bind = no
internacional_timeout = 5
internacional_search_base = ou=Groups,dc=jovenclub,dc=cu
internacional_query_filter = (&(|(cn=CorreoInt))(memberUid=%u))
internacional_result_attribute = cn
# TLS/SSL
smtpd_use_tls = yes
smtpd_tls_note_starttls = yes
smtpd_tls_key_file = /etc/postfix/sasl/postfix.pem
smtpd_tls_cert_file = /etc/postfix/sasl/postfix.pem
smtpd_tls_loglevel = 1
# recipient restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, check_helo_access
pcre:/etc/postfix/helo_checks.pcre
submission_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks,
reject
smtpd_restriction_classes = submission_recipient_restrictions
#SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = $myorigin
###########
## Reglas
# Verifico enviador
smtpd_sender_login_maps = ldap:ldapvirtualmap
# Dominio de Reenvio
#relay_domains = jovenclub.cu
# Clases de Restricciones
#smtpd_restriction_classes = CorreoInt
smtpd_restriction_classes = CorreoInt, Internacional, InternacionalSalida
# Clases
CorreoInt = permit
Internacional =
check_recipient_access ldap:internacional,
check_sender_access regexp:/etc/postfix/internacional.cf
InternacionalSalida =
check_sender_access ldap:internacional,
check_recipient_access regexp:/etc/postfix/internacional.cf
# Reglas
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname
smtpd_sender_restrictions =
reject_non_fqdn_sender,
permit_mynetworks,
permit_sasl_authenticated,
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
check_sender_access regexp:/etc/postfix/acceso.cf,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
permit
Saludos cordiales Carlos R Laguna
Más información sobre la lista de distribución postfix-es