postfix dovecot and microsoft AD

May 10, 2019 297 views
Email Debian 9

Im trying to set up postfix dovecot and active directory mail server.
the problem is that i cant authenticate with roundcube to my ad server and i cant sent or recive email.
tomorow i will publish some logs.

postfix main.cf

# wiadomość powitalna serwera dla DNS
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no

# ustawienia zabezpieczeń
smtpd_tls_cert_file=/etc/ssl/certs/final_efektum.crt
smtpd_tls_key_file=$smtpd_tls_cert_file
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# Głłówne ustawienia serwera pocztowego
myhostname = poczta2.efektum.pl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = poczta2.efektum.pl, localhost.mydomain.local, localhost
relayhost =
mynetworks = 165.22.68.0/24 10.172.90.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Limit wiadomości parsowanych jednocześnie
dovecot_destination_recipient_limit = 1

# mapa kont lokalnych ( NUE UŻYWAMY KONT LOKALNIE DLATEGO NIE MA TU PLIKU )
local_recipient_maps =

# ustawienia autoryzacji użytkownika między postfixem a dovecotem
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = poczta2.efektum.pl
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# restrykcje określające jakie maile możemy przyjąć i jakie odrzucamy z automatu
smtpd_recipient_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_hostname,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unauth_destination,
 reject_unauth_pipelining,
 reject_invalid_hostname

# konfiguracja LDAP

virtual_mailbox_domains = poczta2.efektum.pl
# lokalizacja skrzynek pocztowych użytkowników
virtual_mailbox_base = /home/AD/
# pobieranie użytkowników z serwera AD
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/accounts.cf

# mapowanie nadawcy wiadomości do konta AD
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender.cf



# określenie jaki użytkownik odpowiada za tworzenie oraz zapisywanie wiadoości pocztowych 
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001

# określenie jaki mechanizm odpowiada za transport informacji między ad a postfixem i dovecotem
virtual_transport = dovecot


postfix users.cf

server_host = 10.172.90.3
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=postmaster,ou=services,dc=ad,dc=efektum,dc=pl
bind_pw = Das5ahec23a
search_base = cn=users,dc=ad,dc=efektum,dc=pl
scope = sub
query_filter = (&(objectClass=person)(mail=%s))
#result_format = /home/AD/%u
result_attribute = mail
special_result_filter = %s@%d

debuglevel = 0

dovecot-ldap

hosts = 10.172.90.3:389
#uris = ldap://dc1.mydomain.local
ldap_version = 3

base = dc=ad,dc=efektum,dc=pl
deref = never
scope = subtree

auth_bind = yes
auth_bind_userdn = %u
#auth_bind_userdn = CN=Read Only,CN=Users,DC=mydomain,DC=local
#auth_bind_userdn = readonly@mydomain.local

pass_filter = (&(objectClass=person)(userPrincipalName=%n))

debug_level = 0

mail err log

May 10 00:51:26 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<adam.dabrowski>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<Pv1A932IZsOlFkR+>
May 10 00:51:38 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<adam.dabrowski>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<euu+932IaMOlFkR+>
May 10 00:52:04 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<adam.dabrowski@poczta2.efektum.pl>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<LEmL+X2IbMOlFkR+>
May 10 00:52:18 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<adam.dabrowski@poczta2.efektum.pl>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<2B8f+n2IbsOlFkR+>
May 10 00:52:34 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 3 secs): user=<adam.dabrowski>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<QwBN+32IcMOlFkR+>
May 10 00:52:52 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<adam.dabrowski>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<Pt1t/H2IcsOlFkR+>
May 10 00:54:32 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<adam.dabrowski>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<cqpXAn6IeMOlFkR+>
May 10 00:54:53 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<adam.dabrowski>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<WrKiA36IfMOlFkR+>
May 10 00:56:23 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<adam.dabrowski>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<amz6CH6IgsOlFkR+>
May 10 01:00:41 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<adam.dabrowski>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<9C5dGH6IjsOlFkR+>
May 10 01:02:43 poczta2 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<marcin.testowy>, method=PLAIN, rip=165.22.68.126, lip=165.22.68.126, secured, session=<sradH36IlsOlFkR+>


Be the first one to answer this question.