Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Bionic Beaver 18.04 LTS

This howto will describe how to set up and configure virtual mail hosting with an LDAP backend.

The software we will use in this howto: Postfix (MTA), Dovecot (IMAP / POP3), Gnarwl (vacation), OpenLDAP (LDAP)  and vMailpanel as the management interface.

Optional are Proftpd FTP, Roundcube (webmail) and MariaDB (SQL backend for Roundcube).

This worked for me, but I cannot guarantee that this set up will work for you so this howto comes without any guarantee.

Assumptions

This how-to assumes the following configurations, if your installation differs from this, then replace the entries below with your actual configuration.

Mail delivery (mailboxes) path:

/home/vmail/

User vmail:

UID:1000, GID:1000

User postfix:

UID: 108, GID:108

OpenLDAP base dn:

dc=example,dc=tld

OpenLDAP admin account:

cn=admin,dc=example,dc=tld

vMailpanel search dn:

o=hosting,dc=example,dc=tld

A read only account for the o=hosting,dc=example,dc=tld tree:

cn=vmail,o=hosting,dc=example,dc=tld

You're using root as the user during this guide. 

If you want for example o=maildomains or ou=domains, please make sure to replace o=hosting with what you  want, especially in the acl.ldif. This acl file is strict, phamm will not work correctly if it is not exactly as it should be. If you want a different read only user than phamm than replace cn=phamm with cn=wat-you everywhere in this how to.

This guide also assumes that you have installed and configured your Ubuntu server to your needs, there are plenty of good guides on Howtoforge for example:

The Perfect Server - Ubuntu 18.04 (Bionic Beaver) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.1

You can stop after the installation and configuration of Apache2.

Step 1: Download vMailpanel

Download the vMailpanel package:

cd /usr/share

Get the latest version of vMailpanel:

git clone https://git.com/wolmfan68/vMailpanel

OK, now we can start.

Step 2: Install and configure OpenLDAP

Install OpenLDAP and ldap-utils:

apt -y install slapd ldap-utils php-ldap

Reconfigure slapd to make sure it reflects your wanted setup

dpkg-reconfigure slapd

You will have to answer some questions:

Omit OpenLDAP server configuration? No
 DNS domain name: example.tld ==>put your domain name here
Organization name: example.tld ==> put your organization here
 Administrator password: secret ==> put your password
 Confirm password: secret 
Database backend to use: MDB
 Do you want the database to be removed when slapd is purged? Yes
 Move old database? Yes

Change into the /etc/ldap/schema directory:

cd /etc/ldap/schema

Copy the phamm.schema and perversia.net.schema from the phamm package to the schema directory:

cp /usr/share/vMailbox/schema/* /etc/ldap/schema.

Now we add the schemas to openldap.

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/phamm.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ISPEnv2.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/amavis.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/pureftpd.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/perversia.net.ldif

Now we create the o=hosting entry, and the vmail account.

Modify the text below to your needs and wants and generate a password for the vmail account. The hash currently in this file sets the password to read-only

To create the hash for the vmail account  issue the following command:

slappasswd -h {MD5}

Type the wanted password twice and copy the result into the text below.

nano base.ldif

Contents of base.ldif

dn: o=hosting,dc=example,dc=tld
objectClass: organization
objectClass: top
o: hosting description: Hosting Organization
# Read only account
dn: cn=vmail,o=hosting,dc=example,dc=tld
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: vmail
userPassword: {MD5}M267sheb6qc0Ck8WIPOvQA==
description: Read only account

Load the base dn into the database with the following command:

ldapmodify -a -D cn=admin,dc=example,dc=tld -W -f base.ldif

Now we need to modify the acl's so that the correct access is given to each user type.

ldapmodify -Y EXTERNAL -H ldapi:/// -f acl-remove.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f acl-new.ldif

You can check the new acl's with the following command:

slapcat -n 0

This concludes the OpenLDAP configuration.

Step 3: Install And Configure Postfix

Before this, we need to have the vmail user and its home directory.

Create the vmail user and group:

useradd vmail

By default, the group vmail is created, too.

Check /etc/passwd for the actual uid and group number.

Next, create the vmail directory and set ownership to the vmail user and group.

mkdir /home/vmail
mkdir /home/vmail/domains 
chown -R vmail:vmail /home/vmail

Run the following command to install Postfix and other required applications:

apt install postfix postfix-ldap

You will be asked two questions. Answer as follows:

General type of mail configuration: <--Stand alone
System mail name: <-- mail.example.tld

We do not install sasl since we will use the Dovecot LDA and deliver.

Now we create the certificates for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Note: you can copy all of the files under examples/postfix to your etc/postfix directory and make changes accordingly. For completeness reasons I will give the complete setup below.

Now we will configure postfix:

cd /etc/postfix 
mv /etc/postfix/main.cf /etc/postfix/main.cf.bck
nano /etc/postfix/main.cf

And paste the following into it. Please not that this config allows the sending (relaying) of mails by authenticated users, and also the sending of local mails (like for example to root, postmaster, ...) to the respective aliases if they are configured.

smtpd_banner = $myhostname ESMTP $mail_name
biff = no
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
 
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
 
myhostname = mail.example.tld
alias_maps = hash:/etc/aliases,
alias_database = hash:/etc/aliases
myorigin = localhost
relayhost = 
mynetworks = 127.0.0.0/8
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/lib/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
#smtp_bind_address = your ip address (optional) ==>unmark and change the ip address for your setup.
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no

smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

home_mailbox = Maildir/
 
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_invalid_hostname
    reject_non_fqdn_hostname
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unauth_destination
    reject_unauth_pipelining
    reject_invalid_hostname
    reject_unknown_sender_domain
    reject_rbl_client list.dsbl.org
    reject_rbl_client cbl.abuseat.org
    reject_rhsbl_sender dsn.fc-ignorant.org

smtpd_data_restrictions =
    reject_unauth_pipelining,
    reject_multi_recipient_bounce,
    permit

smtpd_helo_required = yes
 
# transport_maps
maildrop_destination_concurrency_limit = 2 
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1 
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport, ldap:/etc/postfix/ldap-transport.cf
mydestination = $transport_maps, localhost, localhost.localdomain, $myhostname, localhost.$mydomain, $mydomain

virtual_alias_maps = 
    ldap:/etc/postfix/ldap-aliases.cf,
    ldap:/etc/postfix/ldap-virtualforward.cf,
    ldap:/etc/postfix/ldap-accountsmap.cf
 
# virtual accounts for delivery
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps =
    ldap:/etc/postfix/ldap-accounts.cf
virtual_minimum_uid = 1000 ==> Change this to the actual uid of the user vmail
virtual_uid_maps = static:1000 ==> Change this to the actual uid of the user vmail
virtual_gid_maps = static:1000 ==> Change this to the actual uid of the user vmail
 
local_recipient_maps = $alias_maps

recipient_bcc_maps = ldap:/etc/postfix/ldap-vacation.cf

nano /etc/postfix/master.cf

And paste the following into it (add the end):

dovecot   unix  -       n       n       -       -       pipe
         flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
gnarwl    unix  -       n       n       -       -       pipe
         flags=F  user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

 Now we need to write the different ldap-xxx.cf files

nano ldap-accounts.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readmonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailbox 

nano ldap-accounstmap.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mail 

nano ldap-aliases.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
result_attribute = maildrop 

nano ldap-transport.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE)(delete=FALSE)) 
result_attribute = postfixTransport 

nano ldap-vacation.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailAutoreply 

nano ldap-virtualforward.cf

And paste the following in to it:

server_host = localhost
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,o=hosting,dc=example,dc=tld
bind_pw = readonly
search_base = o=hosting,dc=example,dc=tld
scope = sub
query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
result_attribute = maildrop

This concludes the postfix setup. 

Step 4: Install And Configure Dovecot

apt install dovecot-imapd dovecot-pop3d dovecot-ldap

This will install dovecot and all necessary files and also create the standard SSL certificates for IMAPs and POP3s.

First, we change into the dovecot directory.

Note: you can copy all of the files under examples/dovecot to your etc/dovecot directory and make changes accordingly. For completeness reasons I will give the complete setup below.

 cd /etc/dovecot

Now we configure the different dovecot configuration files.

nano dovecot-ldap.conf.ext

 And make the following changes:

hosts           = localhost:389
ldap_version    = 3
auth_bind       = yes
dn              = cn=vmail,o=hosting,dc=example,dc=tld
dnpass          = readonly
base            = o=hosting,dc=hosting,dc=tld
scope           = subtree
deref           = never

user_attrs = quota=quota=maildir:storage
user_attrs = quota=quota=maildir:storage=%$B
user_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
pass_attrs = mail,userPassword
pass_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
default_pass_scheme = MD5

cd conf.d
vi 10-auth.conf

 And change the section Password and User Databases to this:

#!include auth-deny.conf.ext
#!include auth-master.conf.ext

#!include auth-system.conf.ext
#!include auth-sql.conf.ext
!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

vi 10-mail.conf 

 And make the following changes:

mail_location = maildir:/home/vmail/%d/%u

mail_uid = 1000 ==> change to the actual vmail uid value

mail_gid = 1000 ==> change this to the actual vmail gid value

first_valid_uid = 1000 ==> change to the actual vmail uid value

first_valid_gid = 1000 ==> change this to the actual vmail gid value

vi 10-master.conf 

And make the following changes:

   unix_listener auth-userdb {
    mode = 0666
    user = vmail
    group = vmail
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }

 vi 15-lda.conf

And make the following changes: 

postmaster_address = [email protected]

lda_mailbox_autocreate = yes

This concludes the Dovecot configuration.

Step 5: Install And Configure gnarwl

Let's install gnarwl:

apt install gnarwl

Now let's configure gnarwl.

First, we're going to back up the original configuration file and replace it with a new one.

mv /etc/gnarwl.conf /etc/gnarwl.conf.bck

Now we create the new conf file:

vi /etc/gnarwl.conf

And insert the following:

map_sender $sender
map_receiver $recepient
map_subject $subject
map_field $begin vacationStart
map_field $end vacationEnd
map_field $fullname cn
map_field $deputy vacationForward
map_field $reply mail
server localhost
port 389
scope sub
login cn=vmail,o=hosting,dc=example,dc=tld
password readonly
protocol 0
base dc=example,dc=tld
queryfilter (&(mailAutoreply=$recepient)(vacationActive=TRUE))
result vacationInfo
blockfiles /var/lib/gnarwl/block/
umask 0644
blockexpire 48
mta /usr/sbin/sendmail -F $recepient -t $sender
maxreceivers 64
maxheader 512
charset ISO8859-1
badheaders /var/lib/gnarwl/badheaders.db
blacklist /var/lib/gnarwl/blacklist.db
forceheader /var/lib/gnarwl/header.txt
forcefooter /var/lib/gnarwl/footer.txt
recvheader To Cc
loglevel 3

Make the gnarwl directory readable for the vmail user

chown -R vmail:vmail /var/lib/gnarwl/

Next, we need to add the gnarwl transport to postfix

vi /etc/postfix/transport

Insert the following:

.autoreply      gnarwl:

Now we need to create the transport.db

postmap /etc/postfix/transport

This concludes the gnarwl configuration. 

Step 6: Install And Configure vMailpanel

Since we downloaded vMailpanel before, we can directly begin with the configuration of the vMailpanel interface.

chown -R www-data:www-data /usr/share/phamm
cd /usr/share/vMailpanel

Now we will configure phamm for actual use.

cp config.inc.example.php config.inc.php
nano config.inc.php

Change the ldap connection parameters to fit your actual configuration.

// *============================*
// *=== LDAP Server Settings ===*
// *============================*

// The server address (IP or FQDN)
define ('LDAP_HOST_NAME','127.0.0.1');

// The protocol version [2,3]
define ('LDAP_PROTOCOL_VERSION','3');

// The server port
define ('LDAP_PORT','389');

// The container
define ('SUFFIX','dc=example,dc=tld');

// The admin bind dn (could be rootdn)
define ('BINDDN','cn=admin,dc=example,dc=tld');

// The Phamm container
define ('LDAP_BASE','o=hosting,dc=example,dc=tld');

and change

// Welcome message
define ('SEND_WELCOME',1);
$welcome_msg = '../welcome_message.txt';
$welcome_subject = 'Welcome!';
# $welcome_sender = 'postmaster@localhost';
$welcome_bcc = '[email protected]';

This will send a welcome message and a bcc to your postmaster account.

Enable the fpt and person plugin by removing the // in the plugins section. If wanted you can also enable the davical and or jabber plugins, the schema needed for these plugins is installed.

In the config.inc.php you will find:

define ('DELETE_ACCOUNT_IMMEDIATELY', false);

If you set this to true, account or domain deletion takes effect immediately. However, the physical mailbox is not deleted (or the domain directory). In order to delete the physical mailbox, we should use the cleaner.sh script. This is described below.

You can edit plugins/mail.xml to change the defaults for SMTP and quota, modify them to your needs. The default is set to 1GB quota.

You can edit plugins/ftp.xml to change the defaults for default ftp (base) directory and quota, modify them to your needs.

Do not forget to create the aliases and or mailboxes for postmaster, webmaster since these are used by official's and ISP's to send mail to in case of ... Not having these addresses could result in being blacklisted.

By default the aliases [email protected] and [email protected] that default to [email protected] are created.

Now the cleaner script:

cp tools/cleaner.sh /home/vmail/cleaner.sh

Change the following in cleaner.sh

BINDDN="cn=admin,dc=example,dc=tld"
BINDPW="password"
LDAP_BASE="o=hosting,dc=example,dc=tld"

To reflect your installation

nano /home/vmail/cleaner.sh
crontab -e

Insert the following:

*/10 * * * * /home/vmail/cleaner.sh

This will run the cleaner script every 10 minutes. Feel free to change the timing.

Now we will add vMailpanel to Apache

nano /etc/apache2/conf-enabled/000-default.conf

And add between the <VirtualHost> </VirtualHost> entries the following:

Alias /vmailpanel /usr/share/vMailpanel/public

This concludes the vMailpanel configuration.

Step 7: Install and configure Roundcube webmail

First, we create a database called roundcube:

mysqladmin -u root -p create roundcube

Next, we go to the MySQL shell:

mysql -u root -p

On the MySQL shell, we create the user roundcube with the password roundcube_password (replace it with a password of your choice) who has SELECT,INSERT,UPDATE,DELETE privileges on the roundcube database. This user will be used by Postfix and Courier to connect to the roundcube database:

GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY 'roundcube_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost.localdomain' IDENTIFIED BY 'roundcube_password';
FLUSH PRIVILEGES;

Now we download and install Roundcube:

cd/usr/src 
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6.tar.gz
tar xvzf roundcubemail-1.3.6.tar.gz
mv roundcubemail-1.3.6 /var/www/roundcube
chown -R www-data:www-data /var/www/roundcube
cd /var/www/roundcube

Always check for the lastest version of Roundcube and download that one and modify the commands above to the version of Roundcube you downloaded.

https://roundcube.net/download/

Now we load the sql tables in to the database we created before:

mysql -u roundcube -p roundcube <  SQL/mysql.initial.sql

Now we edit the Roundcube configuration:

cp config/config.inc.php.sample config/config.inc.php

Set the database configuration:

nano config/config.inc.php

Change the following line to the database configuration:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:roundcube_password@localhost/roundcube';

And change the following

From:

// List of active plugins (in plugins/ directory)
$config['plugins'] = array(
    'archive', 
    'zipdownload',

To:

// List of active plugins (in plugins/ directory)
$config['plugins'] = array(
    'archive', 
    'zipdownload',
    'password',
    'vacation',

Change:

chars.$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';

To:

chars.$rcmail_config['des_key'] = 'your-own-24-digitkeystring';

Change:

$rcmail_config['default_host'] = '';

To:

$rcmail_config['default_host'] = 'localhost';

Change:

$rcmail_config['smtp_server'] = '';

To

$rcmail_config['smtp_server'] = 'localhost';

The configuration for the password plugin:

cp plugins/password/config.inc.php.dist plugins/password/config.inc.php

Edit the configuration:

nano plugins/password/config.inc.php

Change the following entries

From:

$rcmail_config['password_driver'] = 'sql';

To:

$rcmail_config['password_driver'] = 'ldap';

From:

// LDAP Driver options
// -------------------
// LDAP server name to connect to.
// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
// Default: 'localhost'
$rcmail_config['password_ldap_host'] = 'localhost';

// LDAP server port to connect to
// Default: '389'
$rcmail_config['password_ldap_port'] = '389';

// TLS is started after connecting
// Using TLS for password modification is recommanded.
// Default: false
$rcmail_config['password_ldap_starttls'] = false;

// LDAP version
// Default: '3'
$rcmail_config['password_ldap_version'] = '3';

// LDAP base name (root directory)
// Exemple: 'dc=exemple,dc=com'
$rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com';

// LDAP connection method
// There is two connection method for changing a user's LDAP password.
// 'user': use user credential (recommanded, require password_confirm_current=true)
// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
// Default: 'user'
$rcmail_config['password_ldap_method'] = 'user';

// LDAP Admin DN
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminDN'] = null;

// LDAP Admin Password
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminPW'] = null;

// LDAP user DN mask
// The user's DN is mandatory and as we only have his login,
// we need to re-create his DN using a mask
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
$rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';

// LDAP password hash type
// Standard LDAP encryption type which must be one of: crypt,
// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
// Please note that most encodage types require external libraries
// to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info.
// Default: 'crypt'
$rcmail_config['password_ldap_encodage'] = 'crypt';

// LDAP password attribute
// Name of the ldap's attribute used for storing user password
// Default: 'userPassword'
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

// LDAP password force replace
// Force LDAP replace in cases where ACL allows only replace not read
// See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace
// Default: true
$rcmail_config['password_ldap_force_replace'] = true;

To:

$rcmail_config['password_ldap_host'] = 'localhost';
$rcmail_config['password_ldap_port'] = '389';
$rcmail_config['password_ldap_starttls'] = false;
$rcmail_config['password_ldap_version'] = '3';
$rcmail_config['password_ldap_basedn'] = 'o=hosting,dc=example,dc=tld';

$rcmail_config['password_ldap_method'] = 'user';
$rcmail_config['password_ldap_adminDN'] = null;
$rcmail_config['password_ldap_adminPW'] = null;

$rcmail_config['password_ldap_userDN_mask'] = 'mail=%login,vd=%domain,o=hosting,dc=example,dc=tld';

$rcmail_config['password_ldap_encodage'] = 'md5';
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

$rcmail_config['password_ldap_force_replace'] = true;

Now we're going to download and install the vacation plugin:

cd /usr/src
wget https://github.com/bhuisgen/rc-vacation/archive/master.zip
unzip rc-vacation-master.zip
mv rc-vacation /var/www/roundcube/plugins/vacation
cd /var/www/roundcube/plugins/vacation

Now we edit the configuration and change:

nano plugins/vacation/config.inc.php

Change:

$rcmail_config['vacation_gui_vacationsubject'] = TRUE;

To:

$rcmail_config['vacation_gui_vacationsubject'] = FALSE;

Change:

$rcmail_config['vacation_driver'] = 'sql';

To:

$rcmail_config['vacation_driver'] = 'ldap';

Change:

// Base DN
$rcmail_config['vacation_ldap_base'] = 'dc=ldap,dc=my,dc=domain';

// Bind DN
$rcmail_config['vacation_ldap_binddn'] =
'cn=user,dc=ldap,dc=my,dc=domain';

// Bind password
$rcmail_config['vacation_ldap_bindpw'] = 'pa$$w0rd';

To:

// Base DN
$rcmail_config['vacation_ldap_base'] = 'o=hosting,dc=example,dc=tld';

// Bind DN
$rcmail_config['vacation_ldap_binddn'] = 'cn=admin,dc=example,dc=tld';

// Bind password
$rcmail_config['vacation_ldap_bindpw'] = 'yourpassword';

Change:

// Search filter to read data
$rcmail_config['vacation_ldap_search_filter'] = '(objectClass=mailAccount)';

// Search attributes to read data
$rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo');

// array of DN to use for modify operations required to write data.
$rcmail_config['vacation_ldap_modify_dns'] = array (
'cn=%email_local,ou=Mailboxes,dc=%email_domain,ou=MailServer,dc=ldap,dc=my,dc=domain'
);

To:

// Search base to read data
$rcmail_config['vacation_ldap_search_base'] =
'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld';

// Search filter to read data
$rcmail_config['vacation_ldap_search_filter'] = '(objectClass=VirtualMailAccount)';

// Search attributes to read data
$rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo');

// array of DN to use for modify operations required to write data.
$rcmail_config['vacation_ldap_modify_dns'] = array (
'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld'
);

We have to change the document root in the Apche2 server configuration so that Roundcube can be accessed.

nano /etc/apache2/sites-enabled/000-default.conf

And change from:

DocumentRoot /var/www/html

To:

DocumentRoot /var/www/

This concludes the configuration for Roundcube.

Step 8: Install and configure proftpd

First, we will install proftpd and its requirements:

apt install proftpd proftpd-mod-ldap

Depending on your load you can decide between stand alone and inet.d.

Note: You can copy the config files from examples/proftpd to /etc/proftpd but for clarity, I will outline all of the configuration steps.

Edit /etc/proftpd/proftpd.conf:

nano /etc/proftpd/proftpd.conf

And change from:

# Use this to jail all users in their homes
# DefaultRoot                   ~

To:

# Use this to jail all users in their homes
DefaultRoot      

And change from:

#RequireValidShell               off

To:

RequireValidShell               off

And change:

# Alternative authentication frameworks
#
# Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

To:

# Alternative authentication frameworks
#
Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
             ~

Now edit /etc/proftpd/modules.conf:

nano /etc/proftpd/modules.conf 

And change from:

# Install proftpd-mod-ldap to use this
#LoadModule mod_ldap.c

To:

# Install proftpd-mod-ldap to use this
LoadModule mod_ldap.c

And from:

# Install proftpd-mod-ldap to use this
# LoadModule mod_quotatab_ldap.c

To:

# Install proftpd-mod-ldap to use this
LoadModule mod_quotatab_ldap.c

No edit /etc/proftpd/ldap.conf and set the following:

<IfModule mod_ldap.c>
#
#LDAPServer ldap://ldap.example.com
#LDAPBindDN "cn=admin,dc=example,dc=com" "admin_password"
#LDAPUsers dc=users,dc=example,dc=com (uid=%u) (uidNumber=%u)
#LDAPUseTLS on
#
#
#LDAPServer ldaps://ldap.example.com
#LDAPBindDN "cn=admin,dc=example,dc=com" "admin_password"
#LDAPUsers dc=users,dc=example,dc=com (uid=%u) (uidNumber=%u)
#
LDAPServer                      ldap://127.0.0.1/??sub
LDAPBindDN                      "cn=vmail,o=hosting,dc=example,dc=tld "readonly"
LDAPUsers                       "o=hosting,dc=example,dc=tld"  "(&(uid=%v)(objectclass=posixAccount))"
LDAPDefaultGID                  33
LDAPDefaultUID                  33
LDAPForceDefaultGID             True
LDAPForceDefaultUID             True

</IfModule>

The following commands set the default user to www-data which suits me, you can change these values to suit your setup or leave them out to use the login uid / gid.

LDAPDefaultGID                  33
LDAPDefaultUID                  33
LDAPForceDefaultGID             True
LDAPForceDefaultUID             True

33 Is the uid/gid of my testing setup, it can be different on your setup. 

This concludes the proftpd installation.

Step 9: Bringing it all together

Issue the following commands to restart all of the services:

service slapd restart 
service postfix restart
service dovecot restart
service proftpd restart
service apache2 restart

Now you can go to phamm and start adding mail domains and users.

Enjoy.

Note: notify me of any errors or problems with this how to so I can improve and amend this how to. 

Use this thread in the forum:

https://www.howtoforge.com/community/threads/postfix-virtual-hosting-with-ldap-backend-and-with-dovecot-as-imap-pop3-server-on-ubuntu-bionic-beav.79408/

I am subscribed to this thread so I will get notifications of new posts in this thread.

Share this page:

11 Comment(s)