[CentOS] mail server: sendmail with integrated AD
Riccardo Castellani
ric.castellani at alice.it
Wed Aug 21 07:12:38 UTC 2013
> Am 20.08.2013 06:04, schrieb Riccardo Castellani:
>> I'm preparing my new
Sendmail mail server with pop3s + smtps where user
> SMTPS is obsolete since a
couple of years. Use SMTP/STARTTLS instead
> over the submission port.
I know,
I used both ports (SMTP over SSL port 465, SMTP/STARTTLS port 587) for mail-
client compatibility.
Do you suggest to use only port 25 with SMTP/STARTTLS ?
>> authentication occurs through Microsoft Active Directory by Winbind
>>
daemon. OS is Centos 6.4 and Sendmail is 8.14
>> Mailboxes will be in this
server but how to create them !??!
> That totally depends on the choice and
configuration of the mail storage
> and access server. Sendmail is an MTA, it
does not know about
> "mailboxes". It knows - if properly configured - about
destination mail
> addresses it is responsible for to hand over to an MDA/LDA.
My MDA/LDA is procmail but neither .forward and nor .procmailrc file exist.
There is no filter/rule
..
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
MAILER(procmail)
dnl
..
>> It's necessary to add user by 'useradd' command into /etc/passwd
or It's
>> only necessary add new entry in '/etc/aliases' file for every AD
user
>> like
>> in following example ?!
>That depends on the chosen mail
storage and access server configuration.
I don’t understand server behavior
(where no configuration procmail files exist) when MTA receives email message
to delivery to mailbox which stays on the same server.
How does system know
what mailbox file to delivery to ? What link among ‘AD user account’ and
‘mailbox filename’.
In my case I had to create new recipient user by ‘adduser’
command, otherwise my system said ‘user unknown’.
I remember my user is on AD
services on another server which run Windows OS.
My maillog:
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: Milter: no active filter
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 220 mailserver.example.
com ESMTP Sendmail 8.14.4/8.14.4; Fri, 16 Aug 2013 19:28:18 +0200
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: <-- EHLO client
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-mailserver.example.com
Hello client.example.com [10.35.2.4], pleased to meet you
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-ENHANCEDSTATUSCODES
Aug 16
19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-PIPELINING
Aug 16
19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-8BITMIME
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-SIZE
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-DSN
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-ETRN
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-AUTH LOGIN PLAIN
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-STARTTLS
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-DELIVERBY
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250 HELP
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: <-- AUTH LOGIN
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: --- 334 VXNlcm5hbWU6
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 334 UGFzc3dvcmQ6
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 235 2.0.0 OK
Authenticated
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: <--
MAIL FROM: <ssl587 at example.com>
Aug 16 19:28:18 mailserver sendmail[11130]:
r7GHSIV1011130: --- 250 2.1.0 <ssl587 at example.com>... Sender ok
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: <-- RCPT TO: <friend.home at nord.
example.com>
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: ---
250 2.1.5 <friend.home at nord.example.com>... Recipient ok
Aug 16 19:28:18
mailserver sendmail[11130]: r7GHSIV1011130: <-- DATA
Aug 16 19:28:18 mailserver
sendmail[11130]: r7GHSIV1011130: --- 354 Enter mail, end with "." on a line by
itself
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130:
from=<ssl587 at example.com>, size=2466, class=0, nrcpts=1,
msgid=<00ea01ce9aa6$0fe72be0$2fb583a0$@toscana.it>, proto=ESMTP, daemon=MTA,
relay=client.example.com [10.35.2.4]
Aug 16 19:28:18 mailserver sendmail
[11130]: r7GHSIV1011130: --- 250 2.0.0 r7GHSIV1011130 Message accepted for
delivery
Aug 16 19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: alias
<friend.home at nord.example.com> => friendhome
Aug 16 19:28:18 mailserver sendmail
[11131]: r7GHSIV1011130: /dev/null: unsafe directory path, marked unsafe
Aug 16
19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: forward /dev/null/.forward.
mailserver: World writable directory
Aug 16 19:28:18 mailserver sendmail
[11131]: r7GHSIV1011130: /dev/null: unsafe directory path, marked unsafe
Aug 16
19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: forward /dev/null/.
forward: World writable directory
Aug 16 19:28:18 mailserver sendmail[11131]:
r7GHSIV1011130: to=friendhome, delay=00:00:00, xdelay=00:00:00, mailer=local,
pri=32684, dsn=2.0.0, stat=Sent
Aug 16 19:28:18 mailserver sendmail[11131]:
r7GHSIV1011130: done; delay=00:00:00, ntries=1
> The part of your setup
which will server for POP3S. CentOS 6 comes with
> cyrus-imapd and dovecot.
Read about them and make a choice. Maybe you
> already know one of them good
enough.
I chose Dovecot to use only POP3s service.
>> POP3s
>> the account
name (AD user), which I'll use to access my mailbox by pop3s,
>> must have the
same name of mailbox file ?
> No.
>> According to previous example:
>>
>> if I
wanted to download email of 'mark.landers at example.com', in my client
>> I
>>
shall have to type 'marklanders' with its password, so my requirement is
>> to
>> have this mailbox file into my mail server:
>> <mail path>/<user> for
example: /var/spool/mail/marklanders
>
> First you will have to decide whether
you will run a single domain setup
> or to provide multiple domains where
mailbox accout foo at example.com
> isn't neccessarily for the same user as
foo at example.org or foo at bar.com.
Single domain
More information about the CentOS
mailing list