簡化密碼
chmod 777 /opt/www/iRedAdmin-1.2/libs/default_settings.py
vi /opt/www/iRedAdmin-1.2/libs/default_settings.py
PASSWORD_HAS_LETTER = False
PASSWORD_HAS_UPPERCASE = False
PASSWORD_HAS_NUMBER = False
PASSWORD_HAS_SPECIAL_CHAR = False

指定轉寄站
relayhost = [10.3.1.16]
/etc/init.d/postfix restart

備份信件
(所有)
always_bcc = backup@tscgg.com
(進)
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
(出)
sender_bcc_maps = hash:/etc/postfix/sender_bcc
格式: [A使用者郵件位址]\n\n\n\n[B使用者郵件位址]
(中間務必留4個空白，之前測過只留1個空白有出現問題)
也不可以有空白行
/sbin/postmap /etc/postfix/sender_bcc_maps

別名設定
(可多行來自不同的地方)
virtual_alias_maps =
proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf
hash:/etc/postfix/josh_domain_alias
網域文檔格式: @josh.com @tscs.com.tw
也可用來變成群組發信功能(此部份使用ldap ad實現)

指定可不加密連線網段dovecot
vi /etc/dovecot/dovecot.conf
#Allow plain text password per IP address/net
remote 10.3.2.8/32 {
ssl = no
disable_plaintext_auth = no
}

OUTLOOK 2010無法使用加密連線問題dovecot
vi /etc/dovecot/dovecot.conf
ssl_min_protocol = TLSv1
/etc/init.d/dovecot restart
pop3s port(SSL):995
smtps port(TLS):587

TEST

telnet 10.0.0.0 25
ehlo localhost

跟dovecot串連認證的重點
vi /etc/postfix/main.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtp不加密連線寄信(但不建議使用)
使用568進行帳號認證寄信，postfix(25)使用接外部信模式，兩者分開
vi /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes

postfix 虛擬帳號設定重點記錄
vi /etc/postfix/main.cf
(01)不用認證直接轉信的網域
mynetworks = 127.0.0.0/8 10.3.2.0/24

(02)因使用虛擬帳號，故本地網域設為空
mydestination =

(03)虛擬帳號的網域
指如本機接信的domain,不在此內則往外發信
virtual_mailbox_domains = /etc/postfix/domains

vi /etc/postfix/domains
tscgg.com

(04)虛擬信件的root位置
virtual_mailbox_base = /home/vmail

(05)儲存信件的路徑(此點後續將轉為ldap)
virtual_mailbox_maps = hash:/etc/postfix/virtual

vi /etc/postfix/virtual
a@tscgg.com tscgg.com/a/

/sbin/postmap /etc/postfix/virtual

(06)指定儲存的帳號權限
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

(07)OPEN TLS 587
vi /etc/postfix/master.cf
submission inet n – y – – smtpd
-o smtpd_sasl_auth_enable=yes

dovecot ldap

(01)建立帳號
/usr/sbin/addgroup –gid 5000 vmail
/usr/sbin/adduser –shell /usr/sbin/nologin –home /home/vmail –gid 5000 –uid 5000 vmail

(02) 安裝程式
apt-get install dovecot-pop3d dovecot-ldap

(03)增加認證項目
vi /etc/dovecot/conf.d/10-auth.conf
!include auth-ldap.conf.ext
(04)刪除本機帳號的認證
#!include auth-system.conf.ext

(05)因為使用虛擬帳號ldap來認證，所以要指定用那個帳號來查看mail
沒有指定的log：Error: Couldn’t drop privileges: User is missing UID
有幾個方式可以指定使用者
(01)強制指定
vi /etc/dovecot/conf.d/auth-ldap.conf.ext
mail_uid = 5000
mail_gid = 5000
(02)userdb使用static
vi /etc/dovecot/conf.d/auth-ldap.conf.ext
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/vmail/%u
}
(03)於ldap查詢時回串
vi /etc/dovecot/dovecot-ldap.conf.ext
user_attrs = =uid=%{ldap:description},=gid=%{ldap:description},=home=/home/vmail

(06)連線ldap的程式檔
vi /etc/dovecot/dovecot-ldap.conf.ext

hosts           = 10.3.1.6:389
ldap_version    = 3
auth_bind       = yes
dn              = tgenergy\ldap
dnpass          = l12345678
base            = OU=TSCS_User,OU=TSCS,DC=tgenergy,DC=com,DC=tw
scope           = subtree
deref           = never
default_pass_scheme = CRYPT

user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password