[CentOS] mail server: sendmail with integrated AD

Riccardo Castellani ric.castellani at alice.it
Wed Aug 21 07:12:38 UTC 2013


> Am 20.08.2013 06:04, schrieb Riccardo Castellani:
>> I'm preparing my new 
Sendmail mail server with pop3s + smtps where user
> SMTPS is obsolete since a 
couple of years. Use SMTP/STARTTLS instead
> over the submission port.

I know, 
I used both ports (SMTP over SSL port 465, SMTP/STARTTLS port 587) for mail-
client compatibility.
Do you suggest to use only port 25 with SMTP/STARTTLS ?




>> authentication occurs through Microsoft Active Directory by Winbind 
>> 
daemon. OS is Centos 6.4 and Sendmail is 8.14
>> Mailboxes will be in this 
server but how to create them !??!
> That totally depends on the choice and 
configuration of the mail storage
> and access server. Sendmail is an MTA, it 
does not know about
> "mailboxes". It knows - if properly configured - about 
destination mail
> addresses it is responsible for to hand over to an MDA/LDA.


My MDA/LDA is procmail but neither .forward and nor .procmailrc file exist.

There is no filter/rule
..
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
MAILER(procmail)
dnl
..



>> It's necessary to add user by 'useradd' command into /etc/passwd 
or It's
>> only necessary add new entry in '/etc/aliases' file for every AD 
user 
>> like
>> in following example ?!
>That depends on the chosen mail 
storage and access server configuration.

I don’t understand server behavior 
(where no configuration procmail files exist) when MTA receives email message 
to delivery to mailbox which stays on the same server. 
How does system know 
what mailbox file to delivery to ? What link among ‘AD user account’ and 
‘mailbox filename’.
In my case I had to create new recipient user by ‘adduser’ 
command, otherwise my system said ‘user unknown’. 
I remember my user is on AD 
services on another server which run Windows OS. 

My maillog:

Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: Milter: no active filter
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 220 mailserver.example.
com ESMTP Sendmail 8.14.4/8.14.4; Fri, 16 Aug 2013 19:28:18 +0200
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: <-- EHLO client
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-mailserver.example.com 
Hello client.example.com [10.35.2.4], pleased to meet you
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-ENHANCEDSTATUSCODES
Aug 16 
19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-PIPELINING
Aug 16 
19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-8BITMIME
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-SIZE
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-DSN
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-ETRN
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-AUTH LOGIN PLAIN
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-STARTTLS
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-DELIVERBY
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250 HELP
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: <-- AUTH LOGIN
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 334 VXNlcm5hbWU6
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 334 UGFzc3dvcmQ6
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 235 2.0.0 OK 
Authenticated
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: <-- 
MAIL FROM: <ssl587 at example.com>
Aug 16 19:28:18 mailserver sendmail[11130]: 
r7GHSIV1011130: --- 250 2.1.0 <ssl587 at example.com>... Sender ok
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: <-- RCPT TO: <friend.home at nord.
example.com>
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 
250 2.1.5 <friend.home at nord.example.com>... Recipient ok
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: <-- DATA
Aug 16 19:28:18 mailserver 
sendmail[11130]: r7GHSIV1011130: --- 354 Enter mail, end with "." on a line by 
itself
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: 
from=<ssl587 at example.com>, size=2466, class=0, nrcpts=1, 
msgid=<00ea01ce9aa6$0fe72be0$2fb583a0$@toscana.it>, proto=ESMTP, daemon=MTA, 
relay=client.example.com [10.35.2.4]
Aug 16 19:28:18 mailserver sendmail
[11130]: r7GHSIV1011130: --- 250 2.0.0 r7GHSIV1011130 Message accepted for 
delivery
Aug 16 19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: alias 
<friend.home at nord.example.com> => friendhome
Aug 16 19:28:18 mailserver sendmail
[11131]: r7GHSIV1011130: /dev/null: unsafe directory path, marked unsafe
Aug 16 
19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: forward /dev/null/.forward.
mailserver: World writable directory
Aug 16 19:28:18 mailserver sendmail
[11131]: r7GHSIV1011130: /dev/null: unsafe directory path, marked unsafe
Aug 16 
19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: forward /dev/null/.
forward: World writable directory
Aug 16 19:28:18 mailserver sendmail[11131]: 
r7GHSIV1011130: to=friendhome, delay=00:00:00, xdelay=00:00:00, mailer=local, 
pri=32684, dsn=2.0.0, stat=Sent
Aug 16 19:28:18 mailserver sendmail[11131]: 
r7GHSIV1011130: done; delay=00:00:00, ntries=1



> The part of your setup 
which will server for POP3S. CentOS 6 comes with
> cyrus-imapd and dovecot. 
Read about them and make a choice. Maybe you
> already know one of them good 
enough.

I chose Dovecot to use only POP3s service.



>> POP3s
>> the account 
name (AD user), which I'll use to access my mailbox by pop3s,
>> must have the 
same name of mailbox file ?
> No.
>> According to previous example:
>>
>> if I 
wanted to download email of 'mark.landers at example.com', in my client 
>> I
>> 
shall have to type 'marklanders' with its password, so my requirement is 
>> to

>> have this mailbox file into my mail server:
>> <mail path>/<user> for 
example: /var/spool/mail/marklanders
>
> First you will have to decide whether 
you will run a single domain setup
> or to provide multiple domains where 
mailbox accout foo at example.com
> isn't neccessarily for the same user as 
foo at example.org or foo at bar.com.

Single domain






More information about the CentOS mailing list