CentOS - Aug 2013 - mail server: sendmail with integrated AD

I'm preparing my new Sendmail mail server with pop3s + smtps where user 
authentication occurs through Microsoft Active Directory by Winbind daemon.
OS is Centos 6.4 and Sendmail is 8.14
Mailboxes will be in this server but how to create them !??!
It's necessary to add user by 'useradd' command into /etc/passwd or
It's
only necessary add new entry in '/etc/aliases' file for every AD user
like
in following example ?!

mark.landers:        marklanders

- 'marklander' is the user account in Microsoft AD
- user mail is 'mark.landers at example.com'


POP3s
the account name (AD user), which I'll use to access my mailbox by pop3s, 
must have the same name of mailbox file ?
According to previous example:

if I wanted to download email of 'mark.landers at example.com', in my
client I
shall have to type 'marklanders' with its password, so my requirement is
to
have this mailbox file into my mail server:
<mail path>/<user> for example: /var/spool/mail/marklanders
I think pop3S WILL SEARCH mailbox with the same name of account name ! What 
do you think ?

Am 20.08.2013 06:04, schrieb Riccardo Castellani:
> I'm preparing my new Sendmail mail server with pop3s + smtps where user
SMTPS is obsolete since a couple of years. Use SMTP/STARTTLS instead
over the submission port.
> authentication occurs through Microsoft Active Directory by Winbind daemon.
> OS is Centos 6.4 and Sendmail is 8.14
> Mailboxes will be in this server but how to create them !??!
That totally depends on the choice and configuration of the mail storage
and access server. Sendmail is an MTA, it does not know about
"mailboxes". It knows - if properly configured - about destination
mail
addresses it is responsible for to hand over to an MDA/LDA.
> It's necessary to add user by 'useradd' command into
/etc/passwd or It's
> only necessary add new entry in '/etc/aliases' file for every AD
user like
> in following example ?!
> 
> mark.landers:        marklanders
> 
> - 'marklander' is the user account in Microsoft AD
> - user mail is 'mark.landers at example.com'
That depends on the chosen mail storage and access server configuration.
The part of your setup which will server for POP3S. CentOS 6 comes with
cyrus-imapd and dovecot. Read about them and make a choice. Maybe you
already know one of them good enough.
> POP3s
> the account name (AD user), which I'll use to access my mailbox by
pop3s,
> must have the same name of mailbox file ?
No.
> According to previous example:
> 
> if I wanted to download email of 'mark.landers at example.com', in
my client I
> shall have to type 'marklanders' with its password, so my
requirement is to
> have this mailbox file into my mail server:
> <mail path>/<user> for example: /var/spool/mail/marklanders
First you will have to decide whether you will run a single domain setup
or to provide multiple domains where mailbox accout foo at example.com
isn't neccessarily for the same user as foo at example.org or foo at
bar.com.

You too will have to decide where to store the mailboxes. That depends
on your chosen mail storage server and its setup.
"/var/spool/mail/<user>" is the ancient default storage location
if
nothing specific has been setup. And it is in mbox format by default. In
these days where mailboxes typically get a fair size you should choose
to store in Maildir format. This may not be so relevant in your case as
you like to use POP3 access, which seems to indicate that mail will not
stay on the server but will be quickly fetched off.
> I think pop3S WILL SEARCH mailbox with the same name of account name ! What
> do you think ? 
No, again. This depends on the setup and configuration of the server
part which provides mail access through POP3(S).

Alexander

> Am 20.08.2013 06:04, schrieb Riccardo Castellani:
>> I'm preparing my new 
Sendmail mail server with pop3s + smtps where user
> SMTPS is obsolete since a 
couple of years. Use SMTP/STARTTLS instead
> over the submission port.
I know, 
I used both ports (SMTP over SSL port 465, SMTP/STARTTLS port 587) for mail-
client compatibility.
Do you suggest to use only port 25 with SMTP/STARTTLS ?



>> authentication occurs through Microsoft Active Directory by Winbind 
>> 
daemon. OS is Centos 6.4 and Sendmail is 8.14
>> Mailboxes will be in this 
server but how to create them !??!
> That totally depends on the choice and 
configuration of the mail storage
> and access server. Sendmail is an MTA, it 
does not know about
> "mailboxes". It knows - if properly configured - about 
destination mail
> addresses it is responsible for to hand over to an MDA/LDA.

My MDA/LDA is procmail but neither .forward and nor .procmailrc file exist.

There is no filter/rule
..
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
MAILER(procmail)
dnl
..


>> It's necessary to add user by 'useradd' command into
/etc/passwd
or It's
>> only necessary add new entry in '/etc/aliases' file for every
AD
user 
>> like
>> in following example ?!
>That depends on the chosen mail 
storage and access server configuration.

I don?t understand server behavior 
(where no configuration procmail files exist) when MTA receives email message 
to delivery to mailbox which stays on the same server. 
How does system know 
what mailbox file to delivery to ? What link among ?AD user account? and 
?mailbox filename?.
In my case I had to create new recipient user by ?adduser? 
command, otherwise my system said ?user unknown?. 
I remember my user is on AD 
services on another server which run Windows OS. 

My maillog:

Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: Milter: no active filter
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 220 mailserver.example.
com ESMTP Sendmail 8.14.4/8.14.4; Fri, 16 Aug 2013 19:28:18 +0200
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: <-- EHLO client
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-mailserver.example.com 
Hello client.example.com [10.35.2.4], pleased to meet you
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-ENHANCEDSTATUSCODES
Aug 16 
19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-PIPELINING
Aug 16 
19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-8BITMIME
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-SIZE
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-DSN
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-ETRN
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 250-AUTH LOGIN PLAIN
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-STARTTLS
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250-DELIVERBY
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 250 HELP
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: <-- AUTH LOGIN
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: --- 334 VXNlcm5hbWU6
Aug 16 19:28:
18 mailserver sendmail[11130]: r7GHSIV1011130: --- 334 UGFzc3dvcmQ6
Aug 16 19:
28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 235 2.0.0 OK 
Authenticated
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: <-- 
MAIL FROM: <ssl587 at example.com>
Aug 16 19:28:18 mailserver sendmail[11130]: 
r7GHSIV1011130: --- 250 2.1.0 <ssl587 at example.com>... Sender ok
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: <-- RCPT TO: <friend.home at
nord.
example.com>
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: --- 
250 2.1.5 <friend.home at nord.example.com>... Recipient ok
Aug 16 19:28:18 
mailserver sendmail[11130]: r7GHSIV1011130: <-- DATA
Aug 16 19:28:18 mailserver 
sendmail[11130]: r7GHSIV1011130: --- 354 Enter mail, end with "." on a
line by
itself
Aug 16 19:28:18 mailserver sendmail[11130]: r7GHSIV1011130: 
from=<ssl587 at example.com>, size=2466, class=0, nrcpts=1, 
msgid=<00ea01ce9aa6$0fe72be0$2fb583a0$@toscana.it>, proto=ESMTP,
daemon=MTA,
relay=client.example.com [10.35.2.4]
Aug 16 19:28:18 mailserver sendmail
[11130]: r7GHSIV1011130: --- 250 2.0.0 r7GHSIV1011130 Message accepted for 
delivery
Aug 16 19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: alias 
<friend.home at nord.example.com> => friendhome
Aug 16 19:28:18 mailserver sendmail
[11131]: r7GHSIV1011130: /dev/null: unsafe directory path, marked unsafe
Aug 16 
19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: forward /dev/null/.forward.
mailserver: World writable directory
Aug 16 19:28:18 mailserver sendmail
[11131]: r7GHSIV1011130: /dev/null: unsafe directory path, marked unsafe
Aug 16 
19:28:18 mailserver sendmail[11131]: r7GHSIV1011130: forward /dev/null/.
forward: World writable directory
Aug 16 19:28:18 mailserver sendmail[11131]: 
r7GHSIV1011130: to=friendhome, delay=00:00:00, xdelay=00:00:00, mailer=local, 
pri=32684, dsn=2.0.0, stat=Sent
Aug 16 19:28:18 mailserver sendmail[11131]: 
r7GHSIV1011130: done; delay=00:00:00, ntries=1


> The part of your setup 
which will server for POP3S. CentOS 6 comes with
> cyrus-imapd and dovecot. 
Read about them and make a choice. Maybe you
> already know one of them good 
enough.

I chose Dovecot to use only POP3s service.


>> POP3s
>> the account 
name (AD user), which I'll use to access my mailbox by
pop3s,
>> must have the 
same name of mailbox file ?
> No.
>> According to previous example:
>>
>> if I 
wanted to download email of 'mark.landers at example.com', in my client
>> I
>> 
shall have to type 'marklanders' with its password, so my requirement is
>> to
>> have this mailbox file into my mail server:
>> <mail path>/<user> for 
example: /var/spool/mail/marklanders
>
> First you will have to decide whether 
you will run a single domain setup
> or to provide multiple domains where 
mailbox accout foo at example.com
> isn't neccessarily for the same user as 
foo at example.org or foo at bar.com.

Single domain