[Freeipa-users] Any recent guides for Postfix and IPA integration?
Martin Kosek
mkosek at redhat.com
Mon Dec 14 12:15:38 UTC 2015
On 12/12/2015 12:26 AM, Martin Štefany wrote:
> Hello Ranbir,
>
> I'm working on this, even today I was putting more things together.
> (That DRAFT is really uncommented version of what I currently have). And
> I've opened also https://fedorahosted.org/freeipa/ticket/5521 to get a
> bit more out of it.
>
> To sum it up what I've put together:
> - Postfix for SMTP MTA
> - Dovecot for IMAP (no POP3)
> - Amavisd-new with ClamAV and SpamAssassin for Antispam / Antivirus /
> additional header checks, etc.
> - SPF, DKIM, DMARC support for both sending and receiving mail
> - setup is HA thanks to DNS records, and 2 separate systems running
> almost identical configuration and Dovecot replicates mailboxes using
> dsync
> - PLAIN / LOGIN / GSSAPI authentication for SSO login thanks to FreeIPA
> (integration with Evolution on Fedora/RHEL/CentOS desktop joined to
> FreeIPA domain works also great)
> - users, of course, stored in FreeIPA, usage granted only to ones with
> correct e-mail field, group membership (and enablement of the ID)
> - but some pieces are still missing:
> - I'm still reviewing e.g. correct postfix restrictions and
> documenting the full setup
> - there's missing support for GUI configuration domain aliases, user
> aliases, sender/receiver Bcc support, quota setup, etc. even if
> something is managable via ipa-admintools and LDAP attributes
>
> I would like to finish it asap, within a week or two, cause I run this
> e-mail system at home (as somebody already mentioned, why not?) and I
> don't like it unfinished. ;)
>
> But to give you a good place to start: have a look to iRedMail project,
> http://www.iredmail.org/, ZhangHuangbin's product is great and it helped
> me a lot to prepare what I described above. There's no support for 'old-
> style' HA, but you can still run it 'HA' on VM with all the benefits,
> and there's not direct support for FreeIPA integration, but guideline
> for ActiveDirectory integration exists, so you can start there: http://w
> ww.iredmail.org/docs/active.directory.html.
>
> As Natxo mentioned, it all depends what kind of integration you want and
> what do you expect from mail setup. ;)
>
> Martin
Looks as a decent amount of work included in this. BTW, if you have cycles to
contribute a How To to http://www.freeipa.org/page/HowTos or update/improve
existing guides there, I think other FreeIPA community members would be very
very grateful :-)
Thanks,
Martin
More information about the Freeipa-users
mailing list