export DEBIAN_FRONTEND=noninteractive
apt install postfix-pcre postfix-ldap dovecot-core dovecot-ldap dovecot-pop3d dovecot-imapd dovecot-lmtpd ldap-utils mailutils
unset DEBIAN_FRONTEND
Crear grupo y usuario locales para el almacén de buzones vmail.
groupadd -g 5000 vmail
useradd -m -g 5000 -u 5000 -d /var/vmail -s /usr/sbin/nologin -c "Virtual Mailbox Storage" vmail
Crear certificado de seguridad TLS/SSL.
Para Debian 9 Stretch.
openssl req -x509 -nodes -days 3650 -sha512 \
-subj "/C=CU/ST=Provincia/L=Ciudad/O=EXAMPLE TLD/OU=IT/CN=mail.example.tld/emailAddress=postmaster@example.tld/" \
-reqexts SAN -extensions SAN \-config <(cat /etc/ssl/openssl.cnf \
<(printf "\n[SAN]\nsubjectAltName=DNS:smtp.example.tld,\
DNS:pop3.example.tld,DNS:imap.example.tld,\
DNS:webmail.example.tld,IP:192.168.0.4")) \
-newkey rsa:4096 \
-out /etc/ssl/certs/exampleMail.crt \
-keyout /etc/ssl/private/exampleMail.key
Para Debian 10 Buster.
openssl req -x509 -nodes -days 3650 -sha512 \
-subj "/C=CU/ST=Provincia/L=Ciudad/O=EXAMPLE TLD/OU=IT/CN=mail.example.tld/emailAddress=postmaster@example.tld/" \
-addext "subjectAltName = DNS:smtp.example.tld,\
DNS:pop3.example.tld,DNS:imap.example.tld,\
DNS:webmail.example.tld,IP:192.168.0.4" \
-newkey rsa:4096 \
-out /etc/ssl/certs/exampleMail.crt \
-keyout /etc/ssl/private/exampleMail.key
openssl dhparam -out /etc/ssl/dh2048.pem 2048
chmod 0444 /etc/ssl/certs/exampleMail.crt
chmod 0400 /etc/ssl/private/exampleMail.key
Comprobar correcta creación del certificado.
openssl x509 -in /etc/ssl/certs/exampleMail.crt -text -noout
Crear nueva Cuenta de Usuario del Dominio para el servicio postfix.
samba-tool user create 'postfix' 'P@s$w0rd.345' \
--surname='Dovecot Roundcube' \
--given-name='Postfix' \
--company='EXAMPLE' \
--description='Mail Service Account'
Evitar que la cuenta expire.
samba-tool user setexpiry postfix --noexpiry
Crear registros DNS.
samba-tool dns add localhost example.tld mail A '192.168.0.4' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost 0.168.192.in-addr.arpa 4 PTR 'mail.example.tld.' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld @ MX 'mail.example.tld 10' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld @ TXT "'v=spf1 a:example.tld mx -all'" -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld smtp CNAME 'mail.example.tld' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld pop3 CNAME 'mail.example.tld' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld imap CNAME 'mail.example.tld' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld webmail CNAME 'mail.example.tld' -U 'administrator'%'P@s$w0rd.123'
Crear nueva Unidad Organizativa Email para grupos de correo electrónico, perteneciente a ACME.
samba-tool ou create 'OU=Email,OU=ACME,DC=example,DC=tld' --description='Email Groups Organizational Unit'
Crear Grupos de Usuarios de correo electrónico.
samba-tool group add Everyone --groupou='OU=Email,OU=ACME' --description='All Users Email Group' --mail='everyone@example.tld'
samba-tool group add Management --groupou='OU=Email,OU=ACME' --description='Management Email Group' --mail='management@example.tld'
samba-tool group add Support --groupou='OU=Email,OU=ACME' --description='Technical Support Email Group' --mail='support@example.tld'
Añadir usuarios a los grupos creados.
samba-tool group addmembers ‘Everyone’ sheldon,leonard,rajesh
samba-tool group addmembers ‘Management’ sheldon
samba-tool group addmembers ‘Support’ rajesh,sheldon
Realizar copia de seguridad de los ficheros de configuración.
cp /etc/postfix/main.cf{,.org}
cp /etc/postfix/master.cf{,.org}
Declarar dominio de correo a gestionar.
postconf -e "mydomain = example.tld"
postconf -e "smtpd_sasl_local_domain = example.tld"
postconf -e "virtual_mailbox_domains = example.tld"
Definir transporte virtual del dominio de correo.
postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"
Definir usuarios virtuales de correo electrónico.
postconf -e "smtpd_sender_login_maps = proxy:ldap:/etc/postfix/virtual_sender_login_maps.cf"
nano /etc/postfix/virtual_sender_login_maps.cf
server_host = dc.example.tld server_port = 389 version = 3 bind = yes start_tls = no bind_dn = postfix@example.tld bind_pw = P@s$w0rd.345 search_base = OU=ACME,DC=example,DC=tld scope = sub query_filter = (&(objectClass=person)(userPrincipalName=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute = userPrincipalName debuglevel = 0
Definir buzón almacén de correo electrónico.
postconf -e "always_bcc = archive@example.tld"
Definir buzones virtuales de correo electrónico.
postconf -e "virtual_minimum_uid = 5000"
postconf -e "virtual_uid_maps = static:5000"
postconf -e "virtual_gid_maps = static:5000"
postconf -e "virtual_mailbox_base = /var/vmail"
postconf -e "virtual_mailbox_maps = proxy:ldap:/etc/postfix/virtual_mailbox_maps.cf"
nano /etc/postfix/virtual_mailbox_maps.cf
server_host = dc.example.tld server_port = 389 version = 3 bind = yes start_tls = no bind_dn = postfix@example.tld bind_pw = P@s$w0rd.345 search_base = OU=ACME,DC=example,DC=tld scope = sub query_filter = (&(objectClass=person)(userPrincipalName=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute = userPrincipalName result_format = %d/%u/Maildir/ debuglevel = 0
Definir listas y aliases virtuales de correo electrónico.
postconf -e "virtual_alias_maps = proxy:ldap:/etc/postfix/virtual_list_maps.cf, proxy:ldap:/etc/postfix/virtual_alias_maps.cf"
nano /etc/postfix/virtual_list_maps.cf
server_host = dc.example.tld server_port = 389 version = 3 bind = yes start_tls = no bind_dn = postfix@example.tld bind_pw = P@s$w0rd.345 search_base = OU=ACME,DC=example,DC=tld scope = sub query_filter = (&(objectClass=person)(memberOf=cn=%u,OU=Email,OU=ACME,DC=example,DC=tld)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute = userPrincipalName debuglevel = 0
nano /etc/postfix/virtual_alias_maps.cf
server_host = dc.example.tld server_port = 389 version = 3 bind = yes start_tls = no bind_dn = postfix@example.tld bind_pw = P@s$w0rd.345 search_base = OU=ACME,DC=example,DC=tld scope = sub query_filter = (&(objectClass=person)(otherMailbox=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute = userPrincipalName debuglevel = 0
NOTA: El atributo otherMailbox puede editarse utilizando el comando samba-tool user edit ; o mediante las herramientas administrativas GUI RSAT o Apache Directory Studio.
Habilitar puerto seguro TCP\587 Submission y establecer comunicación con dovecot.
nano /etc/postfix/master.cf
submission inet n - y - 10 smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_cert_file=/etc/ssl/certs/exampleMail.crt
-o smtpd_tls_key_file=/etc/ssl/private/exampleMail.key
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}
postmap -q leonard@example.tld ldap:/etc/postfix/virtual_sender_login_maps.cf
postmap -q rajesh@example.tld ldap:/etc/postfix/virtual_mailbox_maps.cf
postmap -q everyone@example.tld ldap:/etc/postfix/virtual_list_maps.cf
postmap -q postmaster@example.tld ldap:/etc/postfix/virtual_alias_maps.cf
Reiniciar el servicio.
systemctl restart postfix.service
Realizar salva de seguridad del fichero de configuración principal.
cp /etc/dovecot/dovecot.conf{,.org}
Crear script de alerta de sobreuso de cuota y asignar permiso de ejecución.
nano /usr/local/bin/quota-warning
#!/bin/bash
PERCENT=${1}
USER=${2}
DOMAIN=${USER#*@}
cat << EOT | /usr/lib/dovecot/dovecot-lda -d ${USER} -o "plugin/quota=maildir:User quota:noenforcing"
From: no-reply@${DOMAIN}
Subject: ALERTA: USO DE CUOTA SUPERIOR AL ${PERCENT}%
ESTIMADO(A) USUARIO(A),
SU BUZON DE CORREO ACTUALMENTE OCUPA MAS DEL ${PERCENT}% DE LA CUOTA
ASIGNADA. BORRE ALGUNOS CORREOS VIEJOS PARA PODER SEGUIR RECIBIENDO
EMAILS.
MENSAJE AUTOMATIZADO DEL SISTEMA
EOT
exit 0
chmod +x /usr/local/bin/quota-warning
nano /etc/dovecot/dovecot.conf
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
nano /etc/dovecot/dovecot-ldap.conf
hosts = dc.example.tld:389 auth_bind = yes ldap_version = 3 dn = postfix@example.tld dnpass = P@s$w0rd.345 base = OU=ACME,DC=example,DC=tld deref = never scope = subtree user_filter = (&(objectClass=person)(userPrincipalName=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) user_attrs = maxStorage=quota_rule=*:bytes=%$ pass_filter = (&(objectClass=person)(userPrincipalName=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_attrs = userPassword=password default_pass_scheme = CRYPT
NOTA: El atributo maxStorage puede editarse utilizando el comando samba-tool user edit ; o mediante las herramientas administrativas GUI RSAT o Apache Directory Studio.
Reiniciar el servicio.
systemctl restart dovecot.service
Descomprimir el paquete de instalación de Rouncubemail en el sistema y asignar permisos.
tar -xzmf roundcubemail-*-complete.tar.gz -C /opt/
mv /opt/roundcubemail-* /opt/roundcube
ln -s /opt/roundcube/bin/{cleandb,gc}.sh /etc/cron.daily/
chown -R root:www-data /opt/roundcube/
find /opt/roundcube/ -type d \-exec chmod 0755 {} \;
find /opt/roundcube/ -type f \-exec chmod 0644 {} \;
chmod 0770 /opt/roundcube/{logs,temp}Instalar gestor de base de datos PostgreSQL.
apt install postgresqlCrear base de datos para Roundcubemail.
su - postgres
psql
\password postgres
CREATE DATABASE roundcubemail WITH TEMPLATE template0 ENCODING 'UNICODE';
\qInicializar la base de datos.
psql -h localhost -U postgres -W -f /opt/roundcube/SQL/postgres.initial.sql roundcubemailInstalación de paquetes necesarios.
apt install nginx-full php-fpm php-pear php-mbstring php-intl php-ldap php-gd php-imagick php-pgsqlDefinir zona horaria.
sed -i "s/^;date\.timezone =.*$/date\.timezone = 'America\/Havana'/;
s/^;cgi\.fix_pathinfo=.*$/cgi\.fix_pathinfo = 0/" \
/etc/php/7*/fpm/php.iniHabilitar el servicio.
nano /etc/nginx/sites-available/roundcube
ln -s /etc/nginx/sites-available/roundcube /etc/nginx/sites-enabled/Instalación de paquetes necesarios.
apt install apache2 libapache2-mod-php php-pear php-mbstring php-intl php-ldap php-gd php-imagick php-pgsqlDefinir zona horaria.
sed -i "s/^;date\.timezone =.*$/date\.timezone = 'America\/Havana'/;
s/^;cgi\.fix_pathinfo=.*$/cgi\.fix_pathinfo = 0/" \
/etc/php/7*/apache2/php.iniHabilitar el servicio.
nano /etc/apache2/sites-available/roundcube.conf
a2ensite roundcube.confnano /opt/roundcube/config/config.inc.php
// Samba AD DC Address Book
$config['autocomplete_addressbooks'] = array(
'sql',
'global_ldap_abook'
);
$config['ldap_public']["global_ldap_abook"] = array(
'name' => 'Mailboxes',
'hosts' => array('dc.example.tld'),
'port' => 389,
'use_tls' => false,
'ldap_version' => '3',
'network_timeout' => 10,
'user_specific' => false,
'base_dn' => 'OU=ACME,DC=example,DC=tld',
'bind_dn' => 'postfix@example.tld',
'bind_pass' => 'P@s$w0rd.345',
'writable' => false,
'search_fields' => array(
'mail',
'cn',
'sAMAccountName',
'displayName',
'sn',
'givenName',
),
'fieldmap' => array(
'name' => 'cn',
'surname' => 'sn',
'firstname' => 'givenName',
'title' => 'title',
'email' => 'mail:*',
'phone:work' => 'telephoneNumber',
'phone:mobile' => 'mobile',
'phone:workfax' => 'facsimileTelephoneNumber',
'street' => 'street',
'zipcode' => 'postalCode',
'locality' => 'l',
'department' => 'department',
'notes' => 'description',
'photo' => 'jpegPhoto',
),
'sort' => 'cn',
'scope' => 'sub',
'filter' => '(&(|(objectclass=person))(!(mail=archive@example.tld))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
'fuzzy_search' => true,
'vlv' => false,
'sizelimit' => '0',
'timelimit' => '0',
'referrals' => false,
'group_filters' => array(
'departments' => array(
'name' => 'Lists',
'scope' => 'sub',
'base_dn' => 'OU=Email,OU=ACME,DC=example,DC=tld',
'filter' => '(objectClass=group)',
),
),
);
Como referencia, debajo se muestra la lista de artículos de esta serie.
Uno de los grandes retos al que nos podemos enfrentar cuando una aplicación crece, es…
Percona Monitoring and Management (PMM) es una herramienta de código abierto para la supervisión y…
Qué es lo que deseo hacer en este capítulo? Básicamente un sonoff, quiero encender/apagar las…
Hace algunos meses estoy escuchando hablar del proyecto Home Assistant (HA). En palabras literales del…
Desde hace varios meses vengo con la idea de automatizar la casa donde vivo. Poco…
El artículo describe el uso para un caso particular de OpenWRT y la creación de…
Ver comentarios
Saludos, he probado esta guía paso a paso, pero el correo no me funciona, no puedo acceder ni por el roundcube ni por el outlook,