This commit is contained in:
github-actions[bot] 2022-08-22 06:32:04 +00:00
parent d6f53265d1
commit 1be70794ed
6 changed files with 98 additions and 82 deletions

View file

@ -1660,7 +1660,9 @@
<details class="example" open="open"> <details class="example" open="open">
<summary>Example</summary> <summary>Example</summary>
<p>A really simple <code>LDAP_QUERY_FILTER</code> configuration, using only the <em>user filter</em> and allowing only <code>admin@*</code> to spoof any sender addresses.</p> <p>A really simple <code>LDAP_QUERY_FILTER</code> configuration, using only the <em>user filter</em> and allowing only <code>admin@*</code> to spoof any sender addresses.</p>
<div class="highlight"><pre><span></span><code><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_LDAP=1</span><span class="w"></span> <div class="highlight"><pre><span></span><code><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_LDAP=1</span><span class="w"> </span><span class="c1"># with the :edge tag, use ACCOUNT_PROVISIONER</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_START_TLS=yes</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ACCOUNT_PROVISIONER=LDAP</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SERVER_HOST=ldap.example.org</span><span class="w"></span> <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SERVER_HOST=ldap.example.org</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SEARCH_BASE=dc=example,dc=org&quot;</span><span class="w"></span> <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SEARCH_BASE=dc=example,dc=org&quot;</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_BIND_DN=cn=admin,dc=example,dc=org</span><span class="w"></span> <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_BIND_DN=cn=admin,dc=example,dc=org</span><span class="w"></span>
@ -1740,17 +1742,17 @@
<li>To deliver the emails to different members of Active Directory <strong>Security Group</strong> or <strong>Distribution Group</strong> (similar to mailing lists), use a <a href="../override-defaults/user-patches/"><code>user-patches.sh</code> script</a> to modify <code>ldap-groups.cf</code> so that it includes <code>leaf_result_attribute = mail</code> and <code>special_result_attribute = member</code>. This can be achieved simply by:</li> <li>To deliver the emails to different members of Active Directory <strong>Security Group</strong> or <strong>Distribution Group</strong> (similar to mailing lists), use a <a href="../override-defaults/user-patches/"><code>user-patches.sh</code> script</a> to modify <code>ldap-groups.cf</code> so that it includes <code>leaf_result_attribute = mail</code> and <code>special_result_attribute = member</code>. This can be achieved simply by:</li>
</ul> </ul>
<p>The configuration shown to get the Group to work is from <a href="https://doc.zarafa.com/trunk/Administrator_Manual/en-US/html/_MTAIntegration.html">here</a> and <a href="https://kb.kopano.io/display/WIKI/Postfix">here</a>.</p> <p>The configuration shown to get the Group to work is from <a href="https://doc.zarafa.com/trunk/Administrator_Manual/en-US/html/_MTAIntegration.html">here</a> and <a href="https://kb.kopano.io/display/WIKI/Postfix">here</a>.</p>
<div class="highlight"><pre><span></span><code># user-patches.sh <div class="highlight"><pre><span></span><code><span class="c1"># user-patches.sh</span>
... ...
grep -q &#39;^leaf_result_attribute = mail$&#39; /etc/postfix/ldap-groups.cf || echo &quot;leaf_result_attribute = mail&quot; &gt;&gt; /etc/postfix/ldap-groups.cf grep -q <span class="s1">&#39;^leaf_result_attribute = mail$&#39;</span> /etc/postfix/ldap-groups.cf <span class="o">||</span> <span class="nb">echo</span> <span class="s2">&quot;leaf_result_attribute = mail&quot;</span> &gt;&gt; /etc/postfix/ldap-groups.cf
grep -q &#39;^special_result_attribute = member$&#39; /etc/postfix/ldap-groups.cf || echo &quot;special_result_attribute = member&quot; &gt;&gt; /etc/postfix/ldap-groups.cf grep -q <span class="s1">&#39;^special_result_attribute = member$&#39;</span> /etc/postfix/ldap-groups.cf <span class="o">||</span> <span class="nb">echo</span> <span class="s2">&quot;special_result_attribute = member&quot;</span> &gt;&gt; /etc/postfix/ldap-groups.cf
... ...
</code></pre></div> </code></pre></div>
<ul> <ul>
<li>In <code>/etc/ldap/ldap.conf</code>, if the <code>TLS_REQCERT</code> is <code>demand</code> / <code>hard</code> (default), the CA certificate used to verify the LDAP server certificate must be recognized as a trusted CA. This can be done by volume mounting the <code>ca.crt</code> file and updating the trust store via a <code>user-patches.sh</code> script:</li> <li>In <code>/etc/ldap/ldap.conf</code>, if the <code>TLS_REQCERT</code> is <code>demand</code> / <code>hard</code> (default), the CA certificate used to verify the LDAP server certificate must be recognized as a trusted CA. This can be done by volume mounting the <code>ca.crt</code> file and updating the trust store via a <code>user-patches.sh</code> script:</li>
</ul> </ul>
<div class="highlight"><pre><span></span><code># user-patches.sh <div class="highlight"><pre><span></span><code><span class="c1"># user-patches.sh</span>
... ...
cp /MOUNTED_FOLDER/ca.crt /usr/local/share/ca-certificates/ cp /MOUNTED_FOLDER/ca.crt /usr/local/share/ca-certificates/
@ -1758,25 +1760,25 @@ update-ca-certificates
... ...
</code></pre></div> </code></pre></div>
<p>The changes on the configurations necessary to work with Active Directory (<strong>only changes are listed, the rest of the LDAP configuration can be taken from the other examples</strong> shown in this documentation):</p> <p>The changes on the configurations necessary to work with Active Directory (<strong>only changes are listed, the rest of the LDAP configuration can be taken from the other examples</strong> shown in this documentation):</p>
<div class="highlight"><pre><span></span><code># If StartTLS is the chosen method to establish a secure connection with Active Directory. <div class="highlight"><pre><span></span><code><span class="c1"># If StartTLS is the chosen method to establish a secure connection with Active Directory.</span><span class="w"></span>
- LDAP_START_TLS=yes <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_START_TLS=yes</span><span class="w"></span>
- SASLAUTHD_LDAP_START_TLS=yes <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SASLAUTHD_LDAP_START_TLS=yes</span><span class="w"></span>
- DOVECOT_TLS=yes <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DOVECOT_TLS=yes</span><span class="w"></span>
- LDAP_QUERY_FILTER_USER=(&amp;(objectclass=person)(mail=%s)) <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_QUERY_FILTER_USER=(&amp;(objectclass=person)(mail=%s))</span><span class="w"></span>
- LDAP_QUERY_FILTER_ALIAS=(&amp;(objectclass=person)(proxyAddresses=smtp:%s)) <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_QUERY_FILTER_ALIAS=(&amp;(objectclass=person)(proxyAddresses=smtp:%s))</span><span class="w"></span>
# Filters Active Directory groups (mail lists). Additional changes on ldap-groups.cf are also required as shown above. <span class="c1"># Filters Active Directory groups (mail lists). Additional changes on ldap-groups.cf are also required as shown above.</span><span class="w"></span>
- LDAP_QUERY_FILTER_GROUP=(&amp;(objectClass=group)(mail=%s)) <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_QUERY_FILTER_GROUP=(&amp;(objectClass=group)(mail=%s))</span><span class="w"></span>
- LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s) <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s)</span><span class="w"></span>
# Allows only Domain admins to send any sender email address, otherwise the sender address must match the LDAP attribute `mail`. <span class="c1"># Allows only Domain admins to send any sender email address, otherwise the sender address must match the LDAP attribute `mail`.</span><span class="w"></span>
- SPOOF_PROTECTION=1 <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SPOOF_PROTECTION=1</span><span class="w"></span>
- LDAP_QUERY_FILTER_SENDERS=(|(mail=%s)(proxyAddresses=smtp:%s)(memberOf=cn=Domain Admins,cn=Users,dc=*)) <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_QUERY_FILTER_SENDERS=(|(mail=%s)(proxyAddresses=smtp:%s)(memberOf=cn=Domain Admins,cn=Users,dc=*))</span><span class="w"></span>
- DOVECOT_USER_FILTER=(&amp;(objectclass=person)(sAMAccountName=%n)) <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DOVECOT_USER_FILTER=(&amp;(objectclass=person)(sAMAccountName=%n))</span><span class="w"></span>
# At the moment to be able to use %{ldap:uidNumber}, a manual bug fix as described above must be used. Otherwise %{ldap:uidNumber} %{ldap:uidNumber} must be replaced by the hard-coded value 5000. <span class="c1"># At the moment to be able to use %{ldap:uidNumber}, a manual bug fix as described above must be used. Otherwise %{ldap:uidNumber} %{ldap:uidNumber} must be replaced by the hard-coded value 5000.</span><span class="w"></span>
- DOVECOT_USER_ATTRS==uid=%{ldap:uidNumber},=gid=5000,=home=/var/mail/%Ln,=mail=maildir:~/Maildir <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DOVECOT_USER_ATTRS==uid=%{ldap:uidNumber},=gid=5000,=home=/var/mail/%Ln,=mail=maildir:~/Maildir</span><span class="w"></span>
- DOVECOT_PASS_ATTRS=sAMAccountName=user,userPassword=password <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">DOVECOT_PASS_ATTRS=sAMAccountName=user,userPassword=password</span><span class="w"></span>
- SASLAUTHD_LDAP_FILTER=(&amp;(sAMAccountName=%U)(objectClass=person)) <span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SASLAUTHD_LDAP_FILTER=(&amp;(sAMAccountName=%U)(objectClass=person))</span><span class="w"></span>
</code></pre></div> </code></pre></div>
<h2 id="ldap-setup-examples"><a class="toclink" href="#ldap-setup-examples">LDAP Setup Examples</a></h2> <h2 id="ldap-setup-examples"><a class="toclink" href="#ldap-setup-examples">LDAP Setup Examples</a></h2>
<details class="example" open="open"> <details class="example" open="open">
@ -1809,7 +1811,8 @@ update-ca-certificates
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_POSTGREY=1</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_POSTGREY=1</span><span class="w"></span>
<span class="w"> </span><span class="c1"># &gt;&gt;&gt; Postfix LDAP Integration</span><span class="w"></span> <span class="w"> </span><span class="c1"># &gt;&gt;&gt; Postfix LDAP Integration</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_LDAP=1</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_LDAP=1</span><span class="w"> </span><span class="c1"># with the :edge tag, use ACCOUNT_PROVISIONER</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ACCOUNT_PROVISIONER=LDAP</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SERVER_HOST=ldap.example.org</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SERVER_HOST=ldap.example.org</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_BIND_DN=cn=admin,ou=users,dc=example,dc=org</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_BIND_DN=cn=admin,ou=users,dc=example,dc=org</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_BIND_PW=mypassword</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_BIND_PW=mypassword</span><span class="w"></span>
@ -1880,7 +1883,8 @@ update-ca-certificates
<span class="w"> </span><span class="c1"># &lt;&lt;&lt; SASL Authentication</span><span class="w"></span> <span class="w"> </span><span class="c1"># &lt;&lt;&lt; SASL Authentication</span><span class="w"></span>
<span class="w"> </span><span class="c1"># &gt;&gt;&gt; Postfix Ldap Integration</span><span class="w"></span> <span class="w"> </span><span class="c1"># &gt;&gt;&gt; Postfix Ldap Integration</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_LDAP=1</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_LDAP=1</span><span class="w"> </span><span class="c1"># with the :edge tag, use ACCOUNT_PROVISIONER</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ACCOUNT_PROVISIONER=LDAP</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SERVER_HOST=&lt;yourLdapContainer/yourLdapServer&gt;</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SERVER_HOST=&lt;yourLdapContainer/yourLdapServer&gt;</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SEARCH_BASE=dc=mydomain,dc=loc</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_SEARCH_BASE=dc=mydomain,dc=loc</span><span class="w"></span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=loc</span><span class="w"></span> <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=loc</span><span class="w"></span>

View file

@ -511,6 +511,13 @@
ONE_DIR ONE_DIR
</a> </a>
</li>
<li class="md-nav__item">
<a href="#account_provisioner" class="md-nav__link">
ACCOUNT_PROVISIONER
</a>
</li> </li>
<li class="md-nav__item"> <li class="md-nav__item">
@ -2424,6 +2431,13 @@
ONE_DIR ONE_DIR
</a> </a>
</li>
<li class="md-nav__item">
<a href="#account_provisioner" class="md-nav__link">
ACCOUNT_PROVISIONER
</a>
</li> </li>
<li class="md-nav__item"> <li class="md-nav__item">
@ -3346,6 +3360,15 @@
<li>0 =&gt; state in default directories.</li> <li>0 =&gt; state in default directories.</li>
<li><strong>1</strong> =&gt; consolidate all states into a single directory (<code>/var/mail-state</code>) to allow persistence using docker volumes. See the <a href="../../faq/#what-about-docker-datadmsmail-state-folder-varmail-state-internally">related FAQ entry</a> for more information.</li> <li><strong>1</strong> =&gt; consolidate all states into a single directory (<code>/var/mail-state</code>) to allow persistence using docker volumes. See the <a href="../../faq/#what-about-docker-datadmsmail-state-folder-varmail-state-internally">related FAQ entry</a> for more information.</li>
</ul> </ul>
<h5 id="account_provisioner"><a class="toclink" href="#account_provisioner">ACCOUNT_PROVISIONER</a></h5>
<p>Configures the provisioning source of user accounts (including aliases) for user queries and authentication by services managed by DMS (<em>Postfix and Dovecot</em>).</p>
<p>User provisioning via OIDC is planned for the future, see <a href="https://github.com/docker-mailserver/docker-mailserver/issues/2713">this tracking issue</a>.</p>
<ul>
<li><strong>empty</strong> =&gt; use FILE</li>
<li>LDAP =&gt; use LDAP authentication</li>
<li>OIDC =&gt; use OIDC authentication (<strong>not yet implemented</strong>)</li>
<li>FILE =&gt; use local files (this is used as the default)</li>
</ul>
<h5 id="permit_docker"><a class="toclink" href="#permit_docker">PERMIT_DOCKER</a></h5> <h5 id="permit_docker"><a class="toclink" href="#permit_docker">PERMIT_DOCKER</a></h5>
<p>Set different options for mynetworks option (can be overwrite in postfix-main.cf) <strong>WARNING</strong>: Adding the docker network's gateway to the list of trusted hosts, e.g. using the <code>network</code> or <code>connected-networks</code> option, can create an <a href="https://en.wikipedia.org/wiki/Open_mail_relay"><strong>open relay</strong></a>, for instance if IPv6 is enabled on the host machine but not in Docker.</p> <p>Set different options for mynetworks option (can be overwrite in postfix-main.cf) <strong>WARNING</strong>: Adding the docker network's gateway to the list of trusted hosts, e.g. using the <code>network</code> or <code>connected-networks</code> option, can create an <a href="https://en.wikipedia.org/wiki/Open_mail_relay"><strong>open relay</strong></a>, for instance if IPv6 is enabled on the host machine but not in Docker.</p>
<ul> <ul>
@ -3686,13 +3709,7 @@ Note: this setting needs <code>SPAMASSASSIN_SPAM_TO_INBOX=1</code></p>
<p>Note: The defaults of your fetchmailrc file need to be at the top of the file. Otherwise it won't be added correctly to all separate <code>fetchmail</code> instances.</p> <p>Note: The defaults of your fetchmailrc file need to be at the top of the file. Otherwise it won't be added correctly to all separate <code>fetchmail</code> instances.</p>
<h4 id="ldap"><a class="toclink" href="#ldap">LDAP</a></h4> <h4 id="ldap"><a class="toclink" href="#ldap">LDAP</a></h4>
<h5 id="enable_ldap"><a class="toclink" href="#enable_ldap">ENABLE_LDAP</a></h5> <h5 id="enable_ldap"><a class="toclink" href="#enable_ldap">ENABLE_LDAP</a></h5>
<ul> <p>Deprecated. See <a href="#account_provisioner"><code>ACCOUNT_PROVISIONER</code></a>.</p>
<li><strong>empty</strong> =&gt; LDAP authentification is disabled</li>
<li>1 =&gt; LDAP authentification is enabled</li>
<li>NOTE:</li>
<li>A second container for the ldap service is necessary (e.g. <a href="https://github.com/osixia/docker-openldap">docker-openldap</a>)</li>
<li>For preparing the ldap server to use in combination with this container <a href="http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/">this</a> article may be helpful</li>
</ul>
<h5 id="ldap_start_tls"><a class="toclink" href="#ldap_start_tls">LDAP_START_TLS</a></h5> <h5 id="ldap_start_tls"><a class="toclink" href="#ldap_start_tls">LDAP_START_TLS</a></h5>
<ul> <ul>
<li><strong>empty</strong> =&gt; no</li> <li><strong>empty</strong> =&gt; no</li>

View file

@ -1731,9 +1731,7 @@
cp -f /tmp/docker-mailserver/postfix-virtual.cf /etc/postfix/virtual cp -f /tmp/docker-mailserver/postfix-virtual.cf /etc/postfix/virtual
<span class="c1"># the `to` is important, don&#39;t delete it</span> <span class="k">while</span> <span class="nb">read</span> -r FROM _
<span class="c1"># shellcheck disable=SC2034</span>
<span class="k">while</span> <span class="nb">read</span> -r FROM TO
<span class="k">do</span> <span class="k">do</span>
<span class="c1"># Setting variables for better readability</span> <span class="c1"># Setting variables for better readability</span>
<span class="nv">UNAME</span><span class="o">=</span><span class="k">$(</span><span class="nb">echo</span> <span class="s2">&quot;</span><span class="si">${</span><span class="nv">FROM</span><span class="si">}</span><span class="s2">&quot;</span> <span class="p">|</span> cut -d @ -f1<span class="k">)</span> <span class="nv">UNAME</span><span class="o">=</span><span class="k">$(</span><span class="nb">echo</span> <span class="s2">&quot;</span><span class="si">${</span><span class="nv">FROM</span><span class="si">}</span><span class="s2">&quot;</span> <span class="p">|</span> cut -d @ -f1<span class="k">)</span>

View file

@ -1536,7 +1536,8 @@
</code></pre></div> </code></pre></div>
<h2 id="authenticating-with-ldap"><a class="toclink" href="#authenticating-with-ldap">Authenticating with LDAP</a></h2> <h2 id="authenticating-with-ldap"><a class="toclink" href="#authenticating-with-ldap">Authenticating with LDAP</a></h2>
<p>If you want to send emails from outside the mail-server you have to authenticate somehow (with a username and password). One way of doing it is described in <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1247">this discussion</a>. However if there are many user accounts, it is better to use authentication with LDAP. The settings for this on <code>mailserver.env</code> are:</p> <p>If you want to send emails from outside the mail-server you have to authenticate somehow (with a username and password). One way of doing it is described in <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1247">this discussion</a>. However if there are many user accounts, it is better to use authentication with LDAP. The settings for this on <code>mailserver.env</code> are:</p>
<div class="highlight"><pre><span></span><code><span class="na">ENABLE_LDAP</span><span class="o">=</span><span class="s">1</span><span class="w"></span> <div class="highlight"><pre><span></span><code><span class="na">ENABLE_LDAP</span><span class="o">=</span><span class="s">1 # with the :edge tag, use ACCOUNT_PROVISIONER</span><span class="w"></span>
<span class="na">ACCOUNT_PROVISIONER</span><span class="o">=</span><span class="s">LDAP</span><span class="w"></span>
<span class="na">LDAP_START_TLS</span><span class="o">=</span><span class="s">yes</span><span class="w"></span> <span class="na">LDAP_START_TLS</span><span class="o">=</span><span class="s">yes</span><span class="w"></span>
<span class="na">LDAP_SERVER_HOST</span><span class="o">=</span><span class="s">ldap.example.org</span><span class="w"></span> <span class="na">LDAP_SERVER_HOST</span><span class="o">=</span><span class="s">ldap.example.org</span><span class="w"></span>
<span class="na">LDAP_SEARCH_BASE</span><span class="o">=</span><span class="s">ou=users,dc=example,dc=org</span><span class="w"></span> <span class="na">LDAP_SEARCH_BASE</span><span class="o">=</span><span class="s">ou=users,dc=example,dc=org</span><span class="w"></span>
@ -1601,10 +1602,6 @@ postfix reload
<div class="admonition note"> <div class="admonition note">
<p class="admonition-title">Note</p> <p class="admonition-title">Note</p>
<p>Another solution that serves as a forward-only mail-server is <a href="https://gitlab.com/docker-scripts/postfix">this</a>.</p> <p>Another solution that serves as a forward-only mail-server is <a href="https://gitlab.com/docker-scripts/postfix">this</a>.</p>
</div>
<div class="admonition tip">
<p class="admonition-title">Tip</p>
<p>One user reports only having success if <code>ENABLE_LDAP=0</code> was set.</p>
</div> </div>

File diff suppressed because one or more lines are too long

View file

@ -2,212 +2,212 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/faq/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/faq/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/introduction/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/introduction/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/pop3/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/pop3/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/setup.sh/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/setup.sh/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/auth-ldap/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/auth-ldap/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/dovecot-master-accounts/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/dovecot-master-accounts/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/full-text-search/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/full-text-search/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/ipv6/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/ipv6/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/kubernetes/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/kubernetes/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-fetchmail/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-fetchmail/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-sieve/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-sieve/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/optional-config/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/optional-config/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/podman/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/podman/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/aws-ses/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/aws-ses/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/relay-hosts/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/relay-hosts/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/maintenance/update-and-cleanup/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/maintenance/update-and-cleanup/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/dovecot/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/dovecot/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/postfix/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/postfix/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/user-patches/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/user-patches/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/autodiscover/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/autodiscover/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dmarc/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dmarc/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/spf/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/spf/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/fail2ban/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/fail2ban/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/mail_crypt/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/mail_crypt/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/ssl/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/ssl/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/understanding-the-ports/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/understanding-the-ports/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/troubleshooting/debugging/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/troubleshooting/debugging/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/aliases/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/aliases/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/coding-style/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/coding-style/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/documentation/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/documentation/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/issues-and-pull-requests/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/issues-and-pull-requests/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/tests/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/tests/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/blog-posts/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/blog-posts/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/docker-build/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/docker-build/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/mailserver-behind-proxy/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/mailserver-behind-proxy/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/use-cases/forward-only-mailserver-with-ldap-authentication/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/use-cases/forward-only-mailserver-with-ldap-authentication/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/use-cases/imap-folders/</loc> <loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/use-cases/imap-folders/</loc>
<lastmod>2022-08-20</lastmod> <lastmod>2022-08-22</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
</urlset> </urlset>