Shulou(Shulou.com)06/01 Report--

This article is about how to integrate iRedMail Roundcube in Samba4 AD. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Request

How to install iRedMail on CentOS 7 for Samba4 AD integration

Configure iRedMail on CentOS 7 for Samba4 AD integration

* * step: the email address of the voice domain account in Samba4 AD DC

1. In order to send and receive mail from Samba4 AD DC domain accounts, you need to edit each user account, as shown below, explicitly fill in the correct address in the mailbox field by opening the ADUC tool from the Windows machine where the RSAT tool is installed and have joined the Samba4 AD.

Add a mailbox account to join Samba4 AD DC

Similarly, to use mailing lists, you need to create groups in ADUC, add the appropriate email address for each group, and assign the appropriate user account as a member of each group.

This creates a mailing list, and the mailboxes of all members of the Samba4 AD group will receive messages to the mailbox address of the AD group. Use the screenshot below as a guide to declare email fields for the Samba4 group and add domain members to the group.

Make sure that all domain account members are added to the group with the e-mail address declared.

Create a group administrator for Samba4 AD DC

Add users to a group

In this example, all email addresses sent to admins@tecmint.lan will be received by each member of the group, which is the e-mail address declared by the "Domain Admins" group.

3. Another way you can declare the email address of your Samba4 AD account is to create a user or group directly from one of the AD DC consoles using the samba-tool command line and specify the email address using the-- mail-address flag.

Use one of the following commands to create a user with a specified email address:

# samba-tool user add-mail-address=user_email@domain.tld-surname=your_surname-given-name=your_given_name your_ad_user

Create a group with a specified email address:

# samba-tool group add-mail-address=group_email@domain.tld your_ad_group

Add members to the group:

# samba-tool group addmembers your_group user1,user2,userX

Use the following syntax to list the command fields in samba-tool about users or groups:

# samba-tool user add-h # samba-tool group add-h

Step 2: secure Roundcube Webmail

4. Before you start modifying the Roundcube configuration file, first use the netstat command pipeline to output to the egrep filter to list the sockets that Dovecot and Postfix listen on, and make sure that the secure port (IMAPS is 993 and Postfix is 587) is active and enabled.

# netstat-tulpn | egrep 'dovecot | master'

5. To force mail to be received and sent between Roundcube and iRedMail services that use secure IMAP and SMTP ports, open the Roundcube configuration file located in / var/www/roundcubemail/config/config.inc.php and make sure that you have modified the following line, in this case, localhost, as shown in the following snippet:

/ / For IMAPS $config ['default_host'] =' ssl://127.0.0.1'; $config ['default_port'] = 993; $config [' imap_auth_type'] = 'LOGIN'; / / For SMTP $config [' smtp_server'] = 'tls://127.0.0.1'; $config [' smtp_port'] = 587; $config ['smtp_user'] ='% ugg; $config ['smtp_pass'] ='% p' $config ['smtp_auth_type'] =' LOGIN'

This step is strongly recommended to install Roudcube on a remote host, rather than on a host that provides mail services (IMAP, POP3, or SMTP daemon).

6. Next, do not close the configuration file, search and make the following minor changes so that Roundcube can access through the HTTPS protocol, hide the version number, and automatically append the domain name for the account logged into the Web interface.

$config ['force_https'] = true; $config [' useragent'] = 'Your Webmail'; / / Hide version number $config [' username_domain'] = 'domain.tld'

Again, disable the following plug-ins: managesieve and password, by adding a comment / / before the line starting with $config ['plugins'].

Once the domain is logged in and verified, the user will change the password from the Windows or Linux machine connected to the Samba4 AD DC. The system administrator manages all filtering rules for domain accounts globally.

/ / $config ['plugins'] = array (' managesieve', 'password')

8. *, save and close the configuration file, open a browser to access Roundcube Webmail, and enter the iRedMail IP address or FQDN/mail location through the HTTPS protocol.

Because the browser uses a self-signed certificate, you will see a warning on the browser when you visit Roundcube. Accept the certificate and log in with your Samba AD account credentials.

Https://iredmail-FQDN/mail

Roundcube Webmail login

Step 3: enable Samba AD contacts in Roundcube

9. To configure the Samba AD global LDAP address book to display in Roundcube contacts, open the Roundcube configuration file again and make the following changes:

Go to the bottom of the file, identify the part that starts with # Global LDAP Address Book with AD, delete everything to the bottom of the file, and replace it with the following code snippet:

# Global LDAP Address Book with AD. # $config ['ldap_public'] ["global_ldap_abook"] = array (' name' = > 'tecmint.lan',' hosts' = > array ("tecmint.lan"), 'port' = > 389,' use_tls' = > false, 'ldap_version' = >' 317, 'network_timeout' = > 10,' user_specific' = > false, 'base_dn' = > "dc=tecmint Dc=lan ", 'bind_dn' = >" vmail@tecmint.lan ",' bind_pass' = >" your_password ", 'writable' = > false,' search_fields' = > array ('mail',' cn', 'sAMAccountName',' displayname', 'sn',' givenName'), 'fieldmap' = > array (' name' = > 'cn',' surname' = > 'sn'') 'firstname' = >' givenName', 'title' = >' title', 'email' = >' mail:*', 'phone:work' = >' telephoneNumber', 'phone:mobile' = >' mobile', 'department' = >' departmentNumber', 'notes' = >' description',), 'sort' = >' cn', 'scope' = >' sub' 'filter' = >' (& (mail=*) (| (& (objectClass=user) (! (objectClass=computer) (objectClass=group)', 'fuzzy_search' = > true,' vlv' = > false, 'sizelimit' = > false,' timelimit' = > '0mm,' referrals' = > false,)

Replace the corresponding values of name, hosts, base_dn, bind_dn, and bind_pass in this code.

10. After making the necessary changes, save and close the file, log in to the Roundcube webmail interface, and enter the address book menu.

The contact list for all domain name accounts (users and groups) and their specified email addresses will be displayed in the global address book.

Roundcube user contact list

Step 4: add an alias to the Roundcube Webmail interface

11. To access Roundcube from https://webmail.domain.tld instead of the old address provided by default from iRedMail, you need to make the following changes.

Open the DNS Manager on the joined Windows machine where the RSAT tool is installed, and add a CNAME record for iRedMail FQDN and named webmail as shown below.

DNS Webmail attribute

Next, on the iRedMail machine, open the SSL configuration file of the Apache Web server located at / etc/httpd/conf.d/ssl.conf and point the DocumentRoot to / var/www/roundcubemail/.

Modify / etc/httpd/conf.d/ssl.conf clip:

DocumentRoot "/ var/www/roundcubemail/"

Restart Apache for the changes to take effect.

# systemctl restart httpd

13. Now open the address below and the Roundcube interface should be displayed. Accept a self-signed certificate error to enter the login page. Replace domain.tld in the example with your own domain name.

Https://webmail.domain.tld

Step 5: disable iRedMail unused services

14. Because the iRedMail daemon is configured to query the account information and other resources of the Samba4 AD DC LDAP server, you can safely stop and disable some local services on the iRedMail machine, such as the LDAP database server and the iredpad service, by using the following command.

# systemctl stop slapd iredpad # systemctl disable slapd iredpad

In addition, as shown in the following figure, some scheduled tasks performed by iRedMail, such as LDAP database backups and iRedPad trace records, are disabled by adding a comment # before each line in the crontab file.

# crontab-e

Disable iRedMail tasks

Step 6: use mail aliases in Postfix

16. To redirect all locally generated messages (sent to postmaster and then redirected to the root account) to a specific Samba4 AD account, open the Postfix alias profile located in / etc/postfix/aliases and modify the root line as follows:

Root: your_AD_email_account@domain.tld

17. Apply the alias profile so that Postfix can read it in its own format by executing the newaliases command and test whether the message is sent to the correct domain email account by issuing the following command.

# echo "Test mail" | mail-s "This is root's email" root

18. After the email has been sent, please log in to Roundcube webmail using the domain account you set up for email redirection and verify that the previously sent email should be in your account inbox.

Verify user email

That's it! Now you have a fully working mail server integrated with Samba4 AD. Domain accounts can send and receive messages using their internal or other external domains.

Thank you for reading! This is the end of the article on "how to integrate iRedMail Roundcube in Samba4 AD". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.