<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
On 01/30/2012 11:42 AM, Dale Macartney wrote:<br>
<span style="white-space: pre;">></span><br>
<blockquote type="cite"><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Of course Dmitri<br>
<br>
Here you go. I was actually trying to resolve this for an
automated kickstart process anyway. The details specific to
dovecot are in the middle.<br>
<br>
# Connect server to IPA domain (ensure DNS is working correctly
otherwise this step will fail)<br>
ipa-client-install -U -p admin -w mysecretpassword<br>
<br>
# install postfix if necessary (installed by default in rhel6)<br>
yum -y install postfix<br>
<br>
# set postfix to start on boot<br>
chkconfig postfix on<br>
<br>
# configure postfix with hostname, domain and origin details<br>
sed -i 's/#myhostname = host.domain.tld/myhostname =
servername.example.com/g' /etc/postfix/main.cf<br>
sed -i 's/#mydomain = domain.tld/mydomain = example.com/g'
/etc/postfix/main.cf<br>
sed -i 's/#myorigin = $mydomain/myorigin = $mydomain/g'
/etc/postfix/main.cf<br>
<br>
# configure postfix to listen on all interfaces<br>
sed -i 's/#inet_interfaces = all/inet_interfaces = all/g'
/etc/postfix/main.cf<br>
sed -i 's/inet_interfaces = localhost/#inet_interfaces =
localhost/g' /etc/postfix/main.cf<br>
<br>
# apply postfix changes<br>
service postfix restart<br>
<br>
# Install dovecot<br>
yum -y install dovecot<br>
<br>
# set dovecot to start on boot<br>
chkconfig dovecot on<br>
<br>
# set dovecot to listen on imap and imaps only<br>
sed -i 's/#protocols = imap pop3 lmtp/protocols = imap imaps/g'
/etc/dovecot/dovecot.conf<br>
<br>
# point dovecot to required mailbox directory (This is the section
that was previously failing)<br>
echo "mail_location = mbox:~/mail:INBOX=/var/mail/%u" >>
/etc/dovecot/dovecot.conf<br>
<br>
# reload dovecot to apply changes<br>
service dovecot restart<br>
<br>
# Apply working IPtables<br>
cat > /etc/sysconfig/iptables << EOF<br>
# Generated by iptables-save v1.4.7 on Tue Jan 10 12:17:41 2012<br>
*filter<br>
:INPUT ACCEPT [0:0]<br>
:FORWARD ACCEPT [0:0]<br>
:OUTPUT ACCEPT [29:4596]<br>
- -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT<br>
- -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT<br>
- -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT<br>
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br>
- -A INPUT -p icmp -j ACCEPT<br>
- -A INPUT -i lo -j ACCEPT<br>
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT<br>
- -A INPUT -j REJECT --reject-with icmp-host-prohibited<br>
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited<br>
COMMIT<br>
# Completed on Tue Jan 10 12:17:41 2012<br>
EOF<br>
<br>
With the above details, I am able to replicate a 100% working IPA
authenticated mail server, allowing IPA users to retrieve mail via
imap/imaps.<br>
<br>
I hope this helps.<br>
<br>
</blockquote>
<br>
<br>
A lot! Thanks!<br>
<a class="moz-txt-link-freetext" href="http://freeipa.org/page/Dovecot_Integration">http://freeipa.org/page/Dovecot_Integration</a><br>
<br>
<blockquote type="cite"><br>
Dale<br>
<br>
<br>
<br>
On 01/30/2012 01:46 PM, Dmitri Pal wrote:<br>
<br>
- </blockquote>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
<br>
-- <br>
Thank you,<br>
Dmitri Pal<br>
<br>
Sr. Engineering Manager IPA project,<br>
Red Hat Inc.<br>
<br>
<br>
-------------------------------<br>
Looking to carve out IT costs?<br>
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a><br>
<br>
<br>
<br>
</body>
</html>