first commit
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjTCCAnWgAwIBAgIQMs1Xnvqa+4FCQq5hBIBWaTANBgkqhkiG9w0BAQsFADBZ
|
||||
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGTAXBgoJkiaJk/IsZAEZFglieXRldHJh
|
||||
aWwxJTAjBgNVBAMTHGJ5dGV0cmFpbC1XSU4tR0tDUVJNTkMzQVUtQ0EwHhcNMjYw
|
||||
NTI0MjA1NTI1WhcNMzEwNTI0MjEwNTI1WjBZMRUwEwYKCZImiZPyLGQBGRYFbG9j
|
||||
YWwxGTAXBgoJkiaJk/IsZAEZFglieXRldHJhaWwxJTAjBgNVBAMTHGJ5dGV0cmFp
|
||||
bC1XSU4tR0tDUVJNTkMzQVUtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||
AoIBAQDhdGKkuW/2dbr8yoUoS9MamUFzVD8IHRSkRx1BSBbiXXTny0B1ziEYCxOP
|
||||
COh1GfJ+EvgUsjrJTfnP0Kl1+hi7ribGbzgDp+FrRWDDk1w9819aSqHfke1m8Qjr
|
||||
MUYPwR/e2oNMwQan0E+/VNpP5FRXkyXTi+nXgAuv176uCMPN4WZcJzo42Yfomtj8
|
||||
lsCVSbuGDgztNWRprXVr8zhCRjO6nMWq5X9CKhTfdSSkpu5WdgM1gTSrUhMSZg1a
|
||||
g5qqW5AeM2Z2cvSOCJ394N5r/wQ5C9kQmeGKpjjxYaGjvZzUNA2fXHdIrapGY9i4
|
||||
frM3JJlgzQNlv8zXCXSdxF8soIwtAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNV
|
||||
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTnYOwmQanTgSyr1QrYpLpHMDhBoDAQBgkr
|
||||
BgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAhYISThHMl3jBiTWdQPAK
|
||||
Nycp4I8eUjHnesNTHDicK8cazx6oSCQW4lEj8L/mTpoHdxU1aMhDcml+LsZkv620
|
||||
uKIhd71mEAju7x+TzJ7xHuiG750OHlu5Q2Wbp3MvGZey8W3ZgfS5oUOisZRnomzD
|
||||
H8NX8bGW2/JqdfgmBGfiUp30a7upSEqjdh1vyXEIWd6kOoTLIwFzGeILxy8GFsmP
|
||||
dcgqlUtnOgzQ2a1EqK3Lcr/R5I6/Sc+lhIQmIyfX3EmJlMLGYF90ZTXDXN4LyJLb
|
||||
AhKaOXPBs68Bl5EzSjB+Aar+laQKD7I6wEqLBCmjsCXt1wORkiC5iuavHXWBG0bu
|
||||
RQ==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
|
||||
# 1. Anpassungen für Active Directory Gruppen-Auflösung (aus Schritt 1)
|
||||
echo "Patsche ldap-groups.cf für Active Directory..."
|
||||
grep -q '^leaf_result_attribute = mail$' /etc/postfix/ldap-groups.cf || echo "leaf_result_attribute = mail" >> /etc/postfix/ldap-groups.cf
|
||||
grep -q '^special_result_attribute = member$' /etc/postfix/ldap-groups.cf || echo "special_result_attribute = member" >> /etc/postfix/ldap-groups.cf
|
||||
|
||||
# 2. NEU: Windows AD Stammzertifikat importieren
|
||||
if [ -f /tmp/docker-mailserver/ad-ca.crt ]; then
|
||||
echo "AD-Zertifikat gefunden. Kopiere in den lokalen Vertrauensspeicher..."
|
||||
cp /tmp/docker-mailserver/ad-ca.crt /usr/local/share/ca-certificates/
|
||||
|
||||
echo "Aktualisiere das Linux-Zertifikatsregister (update-ca-certificates)..."
|
||||
update-ca-certificates
|
||||
else
|
||||
echo "HINWEIS: /tmp/docker-mailserver/ad-ca.crt wurde nicht gefunden. Stelle sicher, dass die Datei existiert, falls LDAPS fehlschlägt."
|
||||
fi
|
||||
@@ -0,0 +1,67 @@
|
||||
services:
|
||||
mailserver:
|
||||
image: ghcr.io/docker-mailserver/docker-mailserver:latest
|
||||
container_name: mailserver
|
||||
# Passe den Hostnamen an deinen tatsächlichen Mail-Server (nicht den DC) an
|
||||
hostname: mail.bytetrail.at
|
||||
extra_hosts:
|
||||
- "WIN-GKCQRMNC3AU.bytetrail.local:192.168.56.10"
|
||||
ports:
|
||||
- "25:25"
|
||||
- "143:143"
|
||||
- "587:587"
|
||||
- "993:993"
|
||||
volumes:
|
||||
- ./dms/mail-data/:/var/mail/
|
||||
- ./dms/mail-state/:/var/mail-state/
|
||||
- ./dms/mail-logs/:/var/log/mail/
|
||||
- ./dms/config/:/tmp/docker-mailserver/
|
||||
- ./mailserver-certs/:/tmp/dms/custom-certs/:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
- ENABLE_SPAMASSASSIN=1
|
||||
- ENABLE_CLAMAV=1
|
||||
- ENABLE_FAIL2BAN=1
|
||||
- ENABLE_POSTGREY=1
|
||||
|
||||
# >>> LDAP / Active Directory Basis-Verbindung
|
||||
- ACCOUNT_PROVISIONER=LDAP
|
||||
- LDAP_SERVER_HOST=ldap://WIN-GKCQRMNC3AU.bytetrail.local
|
||||
- LDAP_START_TLS=yes
|
||||
- DOVECOT_TLS=yes
|
||||
- SASLAUTHD_LDAP_START_TLS=yes
|
||||
|
||||
# Bind-User (Hier der Standard-Administrator, besser wäre ein dedizierter Service-Account)
|
||||
- LDAP_BIND_DN=CN=Mailserver Service Account,OU=Server,DC=bytetrail,DC=local
|
||||
- LDAP_BIND_PW=Mail$$3rv!ceAcc2026
|
||||
- LDAP_SEARCH_BASE=DC=bytetrail,DC=local
|
||||
|
||||
# >>> Postfix LDAP Integration
|
||||
- LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s)
|
||||
- LDAP_QUERY_FILTER_USER=(&(objectclass=person)(mail=%s))
|
||||
- LDAP_QUERY_FILTER_ALIAS=(&(objectclass=person)(proxyAddresses=smtp:%s))
|
||||
- LDAP_QUERY_FILTER_GROUP=(&(objectClass=group)(mail=%s))
|
||||
|
||||
# SPOOF_PROTECTION: Beachte hier "CN=Domänen-Admins" aus deinem Screenshot
|
||||
- SPOOF_PROTECTION=1
|
||||
- LDAP_QUERY_FILTER_SENDERS=(|(mail=%s)(proxyAddresses=smtp:%s)(memberOf=CN=Domänen-Admins,CN=Users,DC=bytetrail,DC=local))
|
||||
|
||||
# >>> Dovecot LDAP Integration
|
||||
- DOVECOT_AUTH_BIND=yes
|
||||
- DOVECOT_USER_FILTER=(&(objectclass=person)(sAMAccountName=%n))
|
||||
- DOVECOT_PASS_ATTRS=sAMAccountName=user,userPassword=password
|
||||
# AD Workaround laut Doku: Hardcoded UID/GID 5000, um Rechte-Probleme zu vermeiden
|
||||
- DOVECOT_USER_ATTRS==uid=5000,=gid=5000,=home=/var/mail/%Ln,=mail=maildir:~/Maildir
|
||||
|
||||
# >>> SASL LDAP Authentication
|
||||
- ENABLE_SASLAUTHD=1
|
||||
- SASLAUTHD_MECHANISMS=ldap
|
||||
- SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
|
||||
|
||||
- SSL_TYPE=manual
|
||||
- SSL_CERT_PATH=/tmp/dms/custom-certs/cert.pem
|
||||
- SSL_KEY_PATH=/tmp/dms/custom-certs/key.pem
|
||||
|
||||
- PERMIT_DOCKER=host
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
@@ -0,0 +1,32 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcTCCA1mgAwIBAgIUd5bpjI5W/zFjmmDsM2jxXVcqvhEwDQYJKoZIhvcNAQEL
|
||||
BQAwHDEaMBgGA1UEAwwRbWFpbC5ieXRldHJhaWwuYXQwHhcNMjYwNTIzMTUxNTA0
|
||||
WhcNMjcwNTIzMTUxNTA0WjAcMRowGAYDVQQDDBFtYWlsLmJ5dGV0cmFpbC5hdDCC
|
||||
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOVhqAXJxgExbxNGw3z1ENKv
|
||||
ixvP8jpc2aPkCpYQvfd6yS32FncgzuDSQlKJLZAFcb0MBf8UpS4plQ/ziG4B4u2r
|
||||
Uzc6M3s+qErCLNQWgmMMr3qCJNpTBZ69O5mUTAOHkuuvUa+Z/ceStR5zDtrMsV/3
|
||||
Wxt3ar5lIenvNHo6NlDpB17DM3J97Ee+crAveJISHGCio+1JR3IpjMLbwsVxw3sF
|
||||
eSz8gEGcOa1k9SS9rxEkN2hEqiqRNe2cRcV7GAd/jiNLRDHWVBmrQ/LB+pODHK/W
|
||||
kfu2vOqs7MBWY93KwD44WY4rVmTOY3yL3mXz4y7IQ+aSbCB0F0Ywwd8jtqgO9FOD
|
||||
eiFT/jFHVSSt/v+KPdGDU5zDkaxAHPZb9+CAWmXFgjc7yX0yIwLZcRXzZOKOFdOv
|
||||
b5eSMNQjdAsUVLdpYvk+lYx5oaGtTqtKDBOhkU+7/WkTmhaipw3RXr1i9Rnpypmt
|
||||
QlNSz/MrnkUYOsAs4SF0yEdJWD9ZV079tCLFFJvqxCDNLWr7O1uHzC3Iss0TvJhk
|
||||
6Qh4+qN8BJBpKJHvjd0RvNbi9bs/PzUOODO8Z6TNOAELLVhQrRVvkj6IQ1T4Pvu4
|
||||
siF5xsdoptadi+lZqqh551+eOdazJVR90X7kNk+1sVPg20DASicYLQS26A1QdbDq
|
||||
v4QG7Iw6+DMjI/pKpaYNAgMBAAGjgaowgacwHQYDVR0OBBYEFP97kdYqMU0VBIqy
|
||||
bvWOdOLDG2RUMB8GA1UdIwQYMBaAFP97kdYqMU0VBIqybvWOdOLDG2RUMA8GA1Ud
|
||||
EwEB/wQFMAMBAf8wVAYDVR0RBE0wS4IRbWFpbC5ieXRldHJhaWwuYXSCFG1haWwu
|
||||
Ynl0ZXRyYWlsLmxvY2Fsgg9tYWlsLmJ5dGUudHJhaWyCD21haWwuYnl0ZS50cmFp
|
||||
bDANBgkqhkiG9w0BAQsFAAOCAgEAipWrx9lLmz3OPAX5Y3l2c9dMfwE8yq6CWbmU
|
||||
qJWKmCB+mGR6EbOEABnIyqrIKx6QOHTwDGuLQ0gvPK4wv1Al3XJq4BWU7WNJzhMM
|
||||
OwkgPZcLVGa47R+mxlOG/ezqqq9dRIGbHj+PjgDWPDqChgrOAXb/1WERwXEVvF1N
|
||||
8gBa/Xi1MgnhqThBOAygOsHicCgLtp/DEotjmajbQHB/ULP/6evl5x/0nY7F1zv0
|
||||
qaArhjopDeVIfnrWY68M4HDO5o3EyZOgUdN6mQbyeorpPx8BU3Y5gLHYlG05tQ8a
|
||||
M1PNCDputZJblPssc0VNlhAkKB3UaT4qVAVRK0IQESXeGGx/eIeCWGN2OflAOMm7
|
||||
eX4zkXJZt7h8cjeWy26I8KYQboEc58LprDK8QIj8YEKJlXY/JsZdq/VxFq9R5oD8
|
||||
os74pn1zEvvUWnps9cz/0zQz+v8nQE/m2gh/vvA7poW9ElqoFjCMqwNIDSopIJ4H
|
||||
9izv4ITvLnSlQq0Y/cSQm05emJD/gHr4eYKQhAMD9XS2SDyIVsU/NZVGqcAQVfap
|
||||
6QeoyvMbw/Psq/X9fTM7eCb8M80UrcdJxlsnjftftUXEgOq83rf36qwJrXKA6eSL
|
||||
3Ydny4imnlsd1IVN7ZxjeBgMOT2vsyUQ6w2qu3+ElQvcIds+MvSwscYtzLny36ZX
|
||||
3ELX648=
|
||||
-----END CERTIFICATE-----
|
||||
@@ -0,0 +1,52 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDlYagFycYBMW8T
|
||||
RsN89RDSr4sbz/I6XNmj5AqWEL33eskt9hZ3IM7g0kJSiS2QBXG9DAX/FKUuKZUP
|
||||
84huAeLtq1M3OjN7PqhKwizUFoJjDK96giTaUwWevTuZlEwDh5Lrr1Gvmf3HkrUe
|
||||
cw7azLFf91sbd2q+ZSHp7zR6OjZQ6QdewzNyfexHvnKwL3iSEhxgoqPtSUdyKYzC
|
||||
28LFccN7BXks/IBBnDmtZPUkva8RJDdoRKoqkTXtnEXFexgHf44jS0Qx1lQZq0Py
|
||||
wfqTgxyv1pH7trzqrOzAVmPdysA+OFmOK1ZkzmN8i95l8+MuyEPmkmwgdBdGMMHf
|
||||
I7aoDvRTg3ohU/4xR1Ukrf7/ij3Rg1Ocw5GsQBz2W/fggFplxYI3O8l9MiMC2XEV
|
||||
82TijhXTr2+XkjDUI3QLFFS3aWL5PpWMeaGhrU6rSgwToZFPu/1pE5oWoqcN0V69
|
||||
YvUZ6cqZrUJTUs/zK55FGDrALOEhdMhHSVg/WVdO/bQixRSb6sQgzS1q+ztbh8wt
|
||||
yLLNE7yYZOkIePqjfASQaSiR743dEbzW4vW7Pz81DjgzvGekzTgBCy1YUK0Vb5I+
|
||||
iENU+D77uLIhecbHaKbWnYvpWaqoeedfnjnWsyVUfdF+5DZPtbFT4NtAwEonGC0E
|
||||
tugNUHWw6r+EBuyMOvgzIyP6SqWmDQIDAQABAoICAGaV/E1KZjGWaDTYywkRmQqA
|
||||
09gGcjDD4do4XLuslSkfUuYpTvbMR3moz1yWWTg2Fx4TSINCOnWgxzexFO0ODu14
|
||||
V+k1MF0IMr/sg5v+zSV7QOerWMwDoVnTC9qtxik18vFRIVlFp4ggBrytfJFCRnnC
|
||||
6I4qJCUumbJD9tZLPouFDHTHHDUyOAAGHsjJEkVRsDtPwbyXr0pRZtCm9D7VmDVm
|
||||
x0DlVH8DXZA8vJ5H7wndhqItQ2VyOAoif9nIKYEA/RKv0LnxPv+T5vmk42ohkyzY
|
||||
68UFfwv9doy2lkdVLBEnpnW80BCZdUj4TOiP4KTFkAiIp68D/Hy5xZsEH+adeYsf
|
||||
JlyV1HrnzPtfsUDsTinE5++Zu3/YJ3EaHcHTohRvj7ji2YPmDh2L6NIR1bDqegaP
|
||||
oKsSmB+8FTQH3XhYVzjuoVPrIIykyPA+v/8seol3O4/uhD1L+t1HnUr6SRwV0tU+
|
||||
lVBX4oSxz4rLcjS12xLyRAL20AahHpYOHu4IsC/s5nnMrJq0d0gsyiAyAutmTwfQ
|
||||
52k1iRWbPUiyhkRhXU6wX/c7j+rq/GOnWe150nIZtIGSO1PTmyNhrsLYHTF6RPXq
|
||||
9m3+2TYHqh6nXjs22c0NVqa5jJWt3uJsnH+jvM/Be+a+uMTPmfaXoe3hSDCz1GwH
|
||||
9I/hFli58ttsKr777i0JAoIBAQD9IsjpfPjV4e4Xsu9vD+/UYSiFvsV/i7ud8U97
|
||||
idkMqwozqPRHDoDv5c3bQokD5AG2LNdHijldZOqr+gvXYAjkN0qiCqR2lqOUiYMX
|
||||
kYxXsBjoAnbSaeACMRcQeNF6tWaNr5E2dxOtBXElt4CEi37JCN78wupckgDWFyXJ
|
||||
Ww0imeVC8wlGO0saLOJ6ois0CF4ukLDHQ3jyp/BxFJXH6dp+9ldoY/vzFB6q8v/x
|
||||
Rc8gEdM1cK0Hdw59ZBzi+1orkU8lVRNeOGDvD1g1ZrbUkpSPD+StMmQ5rtcd+mg5
|
||||
WP2Ez0i/NAmCZqtsKR6+KlZQeY8BNweeNaoFRuTu8d1qPqkXAoIBAQDn+hDzcrKh
|
||||
6JLMDzuAarS+xqx5rbb6o32QHG/9xpMZ5NCZ6knuS083+WKodeUPDSUXb3tQrzax
|
||||
9lIGsUbiSGHdPU6SmlPc70qQP2qlVvdYT0bk032A5Vqlh09eNL8WwR1hVkq4j1Wl
|
||||
7xB3gjd23aNAzCqGB0QaVYymkLTgfVay3hBme+29/yH7vit1clIsDggUFCmIyMyf
|
||||
l2Om9rMxQEPJKph2eL7nxAkYt/rvluipyjbKLrhTphQcLE9jSPqcsFPjl8+BzlO9
|
||||
vB9QJ0VgWVuz43sCd/fXj3eP0WRCm+OCIbbFWqxUWKRpcD3qJ4D8wsjoQLWn+60M
|
||||
+jB2slasedh7AoIBAATZ7c/LvVkcA1wg6cXPIGGJmyU1CsPvAaF9RnCvq6E6he+H
|
||||
hWb3ODFgzhktpUKV1BKRuW59j6viizzQhfmStZjqFlwUqCI9sNTf7cs91tq3XULV
|
||||
CUHvFYP1POPr7NfVMin0+2t3zMC8Ifb/FU90/PENYnilo6gyhCGWP/sj65SGLoah
|
||||
8cOOz1mpEo4XHYzZvDRYQYsQF/lOjqUcJ+K08KMORY6Sm/mEoTHVhmIxXE7ZCJs1
|
||||
lZtXBMgSaxtOhePf3QxyHPTpT7JFMQOU/FwGkyJKw68uEA2q9CR28BhpRDKPZm2D
|
||||
qcr9/LsN7rDmTtEsAzmavGKj1KZVPX321K98k/ECggEAJ3EuRqZe1wabRxTj8g6y
|
||||
kqlnE/1EWlNH+yPKquSDiGiOS005qsmlO4gsjSYWfzul7dknp21TKGkQQ1ELE1hp
|
||||
Q1u0K1sQHUWWcPZHZLtnrN012ZxX/31/rxtVlFf1kaHeI/mvFLhSQLdoHlnGonBG
|
||||
3LKaHFXJ74xSMNPz3SOShTEaqsIxhxeFKK+J5hs8+36bQwa2lSpHGG9+IxpZF2us
|
||||
2txiNeqL0w5S2aAWi3wmLRBTxoaxEo/vZWbnTKNQ8SlN6imav6BcPqtoy5ERy7MF
|
||||
040/Eglh24XqN0rL+ENXKH4g/GdRW7oCombSMCjtVoyr6kluWZSCNO2pJdVmxUam
|
||||
VwKCAQEArVC1aY6D09lKsqUYQbUpSRrlkgnifAqRu5f6Q8Dywl5mFk2OQw/T4hHv
|
||||
/ocCauWs4ZuOB6nXOwuD52n2YqbYKbwQiSca+9W/8AS4bC2WLHIbCBWIUWRpp8K3
|
||||
UuOO2XmFxOUsLRk4odKL8+2KYeqCkb+PGk0Uf6nD6cYlMcafsMcY08Mnlf8GCtHv
|
||||
RFxPOFx2rTxtSLSVA+NqEMd6d4nmAWD2p78fZGZauWwicDKiKnoY+wvoryU2RT8T
|
||||
VcK8FEPKk935GLdFwxgeEYAxCbeAywbR3p/abmPqlH6NJEIv25ne4cptmdafXS+G
|
||||
ngzZf9T1kzSVdKeez2NHBfF09wqg8Q==
|
||||
-----END PRIVATE KEY-----
|
||||
Reference in New Issue
Block a user