Installing a mail server in Oracle Linux on the base of Cyrus IMAP and Postfix with Active Directory integration
Incoming mail
install necessary packets
dnf install cyrus-sasl cyrus-sasl-plain cyrus-imapd postfix
edit the /etc/sysconfig/saslauthd file
MECH=ldap
create the /etc/saslauthd.conf file
ldap_servers: ldaps://dc.domain.local:636
ldap_tls_check_peer: yes
ldap_tls_cacert_file: /etc/ssl/certs/domain.local.crt
ldap_bind_dn: CN=cyrus,OU=Special Users,DC=domain,DC=local
ldap_bind_pw: some_pass
ldap_search_base: OU=Employees,DC=domain,DC=local
ldap_filter: mail=%U@%r
change permissions on the /etc/saslauthd.conf file
chmod 600 /etc/saslauthd.conf
edit the /etc/cyrus.conf file
SERVICES {
#imaps cmd="imapd -s" listen="imaps" prefork=1
#pop3 cmd="pop3d" listen="pop3" prefork=3
#pop3s cmd="pop3d -s" listen="pop3s" prefork=1
#sieve cmd="timsieved" listen="sieve" prefork=0
#nntp cmd="nntpd" listen="nntp" prefork=3
#nntps cmd="nntpd -s" listen="nntps" prefork=1
#http cmd="httpd" listen="http" prefork=3
#https cmd="httpd -s" listen="https" prefork=1
#notify cmd="notifyd" listen="/run/cyrus/socket/notify" proto="udp" prefork=1
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
}
DAEMON {
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
edit the /etc/imapd.conf file
lmtpsocket: /var/lib/imap/socket/lmtp
#httpmodules: caldav carddav
virtdomains: userid
tls_required: yes
autocreate_quota: 0
autocreate_post: 1
edit the /etc/postfix/main.cf file
myhostname = mail.domain.local
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
relay_recipient_maps =
mailbox_transport =
virtual_mailbox_domains = hash:/etc/postfix/domains
virtual_mailbox_maps = hash:/etc/postfix/recipients
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp
smtpd_relay_restrictions=defer_unauth_destination
create the /etc/postfix/domains file
green.com ok
yellow.com ok
create the /etc/postfix/recipients file
create the /etc/postfix/domains.db and the /etc/postfix/recipients.db hash tables
postmap hash:/etc/postfix/domains
postmap hash:/etc/postfix/recipients
start all the services
systemctl --now enable saslauthd
systemctl --now enable cyrus-imapd
systemctl --now enable postfix
verify the work of the authentication
imtest -t "" -u [email protected] -a [email protected] localhost
imtest -t "" -u [email protected] -a [email protected] localhost
connect to the server using TCP/25 port and try to send a test message
HELO test
MAIL FROM: <src_mail_address>
RCPT TO: <dst_mail_address>
DATA
<test_message_body>
.
QUIT
note: for a non-encrypted connection use the "telnet 25" command and for a SSL-encrypted connection use the "openssl s_client -connect :25 -starttls smtp" command
verify that the message has been successfully received and saved in the /var/spool/imap folder
Outgoing mail
edit the /etc/postfix/master.cf file
587 inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=cyrus
-o smtpd_sasl_path=smtpd
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_tls_security_options=noanonymous
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
note: the "smtpd_sasl_path=smtpd" parameter means that SASL-authentication uses the /etc/sasl2/smtpd.conf configuration file
restart Postfix
systemctl restart postfix
connect to the server using TCP/587 port and try to send a test message
note: in order to authenticate enter the "AUTH PLAIN" SMTP command and provide a login and a password in Base64 encoding (you can convert your login and password into Base64 encodong with the "echo -ne '\[email protected]\0password' | base64" command)