[Freeipa-users] Any recent guides for Postfix and IPA integration?

Fri Dec 11 23:26:12 UTC 2015

Hello Ranbir,

I'm working on this, even today I was putting more things together.
(That DRAFT is really uncommented version of what I currently have). And
I've opened also https://fedorahosted.org/freeipa/ticket/5521 to get a
bit more out of it.

To sum it up what I've put together:
- Postfix for SMTP MTA
- Dovecot for IMAP (no POP3)
- Amavisd-new with ClamAV and SpamAssassin for Antispam / Antivirus /
additional header checks, etc.
- SPF, DKIM, DMARC support for both sending and receiving mail
- setup is HA thanks to DNS records, and 2 separate systems running
almost identical configuration and Dovecot replicates mailboxes using
dsync
- PLAIN / LOGIN / GSSAPI authentication for SSO login thanks to FreeIPA
(integration with Evolution on Fedora/RHEL/CentOS desktop joined to
FreeIPA domain works also great)
- users, of course, stored in FreeIPA, usage granted only to ones with
correct e-mail field, group membership (and enablement of the ID)
- but some pieces are still missing:
  - I'm still reviewing e.g. correct postfix restrictions and
documenting the full setup
  - there's missing support for GUI configuration domain aliases, user
aliases, sender/receiver Bcc support, quota setup, etc. even if
something is managable via ipa-admintools and LDAP attributes

I would like to finish it asap, within a week or two, cause I run this
e-mail system at home (as somebody already mentioned, why not?) and I
don't like it unfinished. ;)

But to give you a good place to start: have a look to iRedMail project, 
http://www.iredmail.org/, ZhangHuangbin's product is great and it helped
me a lot to prepare what I described above. There's no support for 'old-
style' HA, but you can still run it 'HA' on VM with all the benefits,
and there's not direct support for FreeIPA integration, but guideline
for ActiveDirectory integration exists, so you can start there: http://w
ww.iredmail.org/docs/active.directory.html.

As Natxo mentioned, it all depends what kind of integration you want and
what do you expect from mail setup. ;)

Martin

On Pi, 2015-12-11 at 22:13 +0100, Natxo Asenjo wrote:
> hi Ranbir,
> 
> 
> On Fri, Dec 11, 2015 at 9:29 PM, Ranbir <m3freak at thesandhufamily.ca>
> wrote:
> > Hi All,
> > 
> > I want to integrate my Postfix server with IPA. I've found a couple
> > of
> > documents on how this can be done, but they don't accomplish the
> > feat
> > the same way (they're also not discussing the exact same end goal).
> > I'm
> > left wondering how exactly to integrate IPA and Postfix.
> > 
> what exactly do you want to achieve? 'Integrate' could mean a couple
> of things, so please specify. 
> 
> --
> Groeten,
> natxo
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151212/7cdc48b4/attachment.sig>