An Intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks . When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology
Guardian is a security program which works in conjunction with Snort to automaticly update firewall rules based on alerts generated by Snort. The updated firewall rules block all incoming data from the IP address of the attacking machine (the machine which caused Snort to generate an alert. There is also logic in place which pervents blocking important machines, such as DNS servers, gateways, and whatever else you want.
Step 3:
Go to http://www.chaotic.org/guardian/ to download Guardian. The current version as at this writing is version 1.7. #wget http://www.chaotic.org/guardian/guardian-1.7.tar.gz #tar -xzvf guardian-1.7.tar.gz #cd guardian-1.7 #cp guardian.pl /usr/local/bin/ #cp scripts/iptables_block.sh /usr/local/bin/guardian_block.sh #cp scripts/iptables_unblock.sh /usr/local/bin/guardian_unblock.sh #cp guardian.conf /etc/snort/ #touch /etc/snort/guardian.ignore #touch /etc/snort/guardian.target #touch /var/log/snort/guardian.log
Step 4:
edit /etc/snort/guardian.conf change some variables
Step 5: Edit /usr/local/bin/guardian_block.sh change some variables(this shell will block ip attacker and alert mail to test@conheotiensinh.co.cc )
source=$1 interface=$2
/sbin/iptables -I INPUT -s $source -i $interface -j DROP /sbin/iptables -I FORWARD -s $source -i $interface -j DROP echo "$source is blocked!" | mail -s "Snort alert is blocked" test@conheotiensinh.co.cc
Step 6:
Edit /usr/local/bin/guardian_unblock.sh change some variables(this shell will delete ip attaker from block ip and alert mail to test@conheotiensinh.co.cc)
source=$1 interface=$2
/sbin/iptables -D INPUT -s $source -i $interface -j DROP /sbin/iptables -D FORWARD -s $source -i $interface -j DROP
echo "$source is blocked for 24 hours! It is released!" | mail -s "Snort alert is released" test@conheotiensinh.co.cc
stop() { ps aux | grep 'guardian.pl *-c' 2>&1 > /dev/null if [ $? -eq 0 ]; then kill `ps aux | grep 'guardian.pl *-c' | awk '{print $2}'` else echo "Guardian is not running ....." fi }
status() { ps aux | grep 'guardian.pl *-c' 2>&1 > /dev/null if [ $? -eq 0 ]; then echo "Guardian is Running ....." else echo "Guardian is not Running ...." fi }
An Intrusion detection system (IDS) is a device (or application) that monitors network and/or system activities for malicious activities or policy violation.IDS install very hard (you need install Snort,HTTP,MYSQL and ......). But With EasyIDS you install IDS easier
II/Install
Step 1:you download ISO EasyIDS from http://sourceforge.net/projects/easyids/files/
Step 2:install It as install Centos OS (EasyIDS 4.0 run with Centos 5.4)
Step3:config Ip for Nic Card
Setp 4: To access the EasyIDS GUI browse to https://IPADDRESS from another computer and login with the username admin and the password password.
Step 5:atttack Easy IDS and check Status in Easy IDS
Beside you can use Easey IDS as IPS(Intrusion Prevention System) with iptables and Guardian.I will intro later
Monit is a free open source utility for managing and monitoring, processes, files, directories and filesystems on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.
set daemon 60 set logfile syslog facility log_daemon set mailserver localhost #mail server set mail-format { from: monit@server1.example.com } set alert root@localhost #alert to admin with email adrress root@localhost set httpd port 2812 and SSL ENABLE PEMFILE /var/certs/monit.pem allow admin:test
some features example of monit
*check host CUIBAP with address 19.16.12.32 if failed icmp type echo with timeout 20 seconds then alert (check host if over 20 second it will alert mail to admin)
*check host CONHEO with address 132.163.193.3 if failed port 25 with timeout 30 seconds then alert (check Service SMTP if over 30 second it will alert mail to admin)
*check process sshd with pidfile /var/run/sshd.pid start program "/etc/init.d/sshd start" stop program "/etc/init.d/sshd stop" if failed port 22 protocol ssh then restart if failed port 22 protocol ssh then alert if 5 restarts within 5 cycles then timeout (check Service SSH if it down monit auto start only run in localhost)
As document previous I intro to you how to install iredmail use Mysql as backend http://conheotiensinh.blogspot.com/2009/08/install-linux-mail-server-with-5.html.Today I Will intro to you how to install iredmail use LDAP as backend(config iredadmin for admin mailbox .If you use Mysql as backend(postfixadmin)).Beside I will intro install and config Groupware Server use SOGO
*SOGo is groupware server with a focus on scalability and open standards.
*SOGo provides a rich AJAX-based Web interface and supports multiple native clients through the use of standard protocols such as CalDAV, CardDAV and GroupDAV.
*SOGo is the missing component of your infrastructure; it sits in the middle of your servers to offer your users an uniform and complete interface to access their information. It has been deployed in production environments where thousands of users are involved.
II/INSTALL
1/Install iredmail as normal but attention ! you choose ldap as backend password of account postmaster
2/Install and config Iredadmin
Default after install finish you can use phpldapadmin for admin mailbox but It very hard for config
Step 2:download Iredadmin(you need buy liscense because open source version only fearture create mailbox not create maillist but you can use phpldapadmin create mailist ) from http://iredmail.googlecode.com/files/iRedAdmin-0.1.1.tar.bz2 Step 3:Copy iRedAdmin to /var/www/, set correct file permissions Step 4:
AddType text/html .py Order deny,allow Allow from all
Step 6:Edit /etc/httpd/conf.d/ssl.conf, make iredadmin accessable via HTTPS. Add below lines before :
WSGIScriptAlias /iredadmin /var/www/iredadmin/iredadmin.py/ Alias /iredadmin/static /var/www/iredadmin/static/
Step 7:restart apache
/etc/init.d/httpd restart
Step 8:Create MySQL database: iredadmin and grant privileges
$ mysql -uroot -p mysql> CREATE DATABASE iredadmin DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; mysql> USE iredadmin; mysql> SOURCE /var/www/iredadmin/docs/samples/iredadmin.sql; GRANT SELECT,INSERT,UPDATE,DELETE ON iredadmin.* TO iredadmin@localhost IDENTIFIED BY '123' ; FLUSH PRIVILEGES;
Step 9:Configure iRedAdmin
$ cd /var/www/iredadmin/ $ cp settings.ini.sample settings.ini
#yum install sogo #yum install sope49-gdl1-postgresql(you can use mysql or oracle)
Step 3:Because SOGo requires a relational database system in order to store appointments, tasks and contacts information. It also uses the database system to store personal preferences of SOGo users.You need create DB and Grand permission
Step 4:Edit /home/sogo/GNUstep/Defaults/.GNUstepDefaults as image
If you only use the SOGo Connector plug in, you can still easily access your data. To access your personal address book: Choose Go > Address Book.Choose File > New > Remote Address Book. Enter a signifcant name for your calendar in the Name feld. Type the following URL in the URL feld:http://localhost/SOGo/dav/u1/Contacts/personal/Click on OK. To access your personal calendar:Choose Go > Calendar. Choose Calendar > New Calendar.Select On the Network and click on Continue.Select CalDAV. Type the following URL in the URL feld:http://localhost/SOGo/dav/u1/Calendar/personal/Click on Continue.
STep 7:Test create 1 calendar in web it will auto sync to thunderbird
*NetFlow Analyzer is a, web based (no hardware probes), bandwidth monitoring, network forensics and network traffic analysis tool that has been optimizing thousands of networks across varied industries for peak performance and helping them to put their bandwidth for a better use. NetFlow Analyzer is a NetFlow, sFlow, JFLow (and more) collector, analyzer and reporting engine integrated together. With close to 4000 enterprises using NetFlow Analyzer for an in-depth visibility into their network traffic and its patterns, NetFlow Analyzer continues to earn trust of more users by giving business knowledge of real-time network behavior and how traffic impacts the network's overall health.
*PRTG Traffic Grapher is an easy to use Windows software for monitoring and classifying bandwidth traffic usage. It provides system administrators with live readings and long-term usage trends for their network devices. The most common usage is bandwidth management, but you can also monitor many other aspects of your network like memory and CPU utilizations.
II/Install
Step 1:install pfsense as normal
Step 2:install Service pfflowd(system->Packages chose pffflow click icon "+")
Step 3:Config Service pfflowd in pfsense (services -> pfflowd) and config as image with Host(address of machine install netflow) and click save Step 4:config Service SNMP for PRTG(Services -> SNMP check enable as image ) Step 5 :install PRTG and Netflow .
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella – shielding applications from attacks. ModSecurity supports both branches of the Apache web server.
The module filters, and optionally rejects, incoming requests based on a number of different criteria like CGI variables, HTTP headers, environment variables, and even individual script parameters. mod_security can also create an audit log, storing full request details in a separate file, including POST payloads (the audit feature can be turned on or off on a per-server or per-directory basis).
hMailServer is a free e-mail server for Microsoft Windows. It's used by Internet service providers, companies, governments, schools and enthusiasts in all parts of the world.
It supports the common e-mail protocols (IMAP, SMTP and POP3) and can easily be integrated with many existing web mail systems. It has flexible score-based spam protection and can attach to your virus scanner to scan all incoming and outgoing email.
1/Services(POP3,STMP,IMAP) 2/database support(Microsoft SQL Server, PostgreSQL and MySQL) 3/webmail(you can use Roundcube,SquirrelMail ,AfterLogic WebMail Pro) 4/Security(hMailServer is pre-configured to have high security when it comes to relaying and authentication so that no one can use your server to send spam messages. It also supports the very popular open source virus scanner ClamAV. Configuring hMailServer to use ClamAV only takes a single click! The server also supports black list servers and other spam-stopping mechanisms such as SPF and MX lookups). 5/feature * POP3, SMTP, IMAP * Virtual domains * Built-in backup * SSL encryption * Anti-spam * Anti-virus * Scripting * Server-side rules * Multilingual * Routing * MX backup * Multihoming * SQL backend * Web administration * ClamWin * SpamAssassin 6/other(hMailServer can use account of Active directory)
Step 3: After install add domain(conheotiensinh.co.cc)
Step 4:Add Account you can use account of AD
Step 5:install web admin and Web mail
For easier install you can use xampp(http://www.apachefriends.org/en/xampp.html)
1/Web admin - Copy folder PHPWebAdmin from in folder install hmailServer to folder htdocs of xampp -Set the value of rooturl to the URL where the WebAdmin will be accessed.
2/Webmail a/use SquirrelMail Download It from (http://www.squirrelmail.org/download.php).In your mail folder, you will found a config folder with a file named config_default.php. Rename the config_default.php to config.php.Edit it $domain="localhost";$smtpServerAddress="localhost";// your hMailServer address$imapServerAddress="localhost";// your hMailServer address$imap_server_type="hmailserver"; $data_dir="C:/xampp/htdocs/mail/data/"; $attachment_dir="C:/xampp/htdocs/mail/attach/" b/Use roundcube(recommend) -Download from http://roundcube.net/ -Create database roundcubemail from phpmyadmin -Rename your “db.inc.php.dist” to “db.inc.php” and “main.inc.php.dist” to “main.inc.php” in folder config of roundcube -Edit your “db.inc.php” and change this line “$rcmail_config['db_dsnw'] = ‘mysql://roundcube:pass@localhost/roundcubemail’;” with this “$rcmail_config['db_dsnw'] = ‘mysql://root:@localhost/roundcubemail’;” -access http://localhost/roundcubemail/installer and configure it
Step 1: Install pfsense and set local IP’s on both firewalls.
Step 2: Logon to the web interface for pfsense on each box and assign the WAN addresses.
Step 3: Enable IPSEC (VPN->IPSEC->Enable IPSec). Do this on both firewalls.
Step 4: Add a tunnel on Site 1’s firewall to Site 2 by adding a tunnel and changing only the following items: * Remote Subnet: 172.16.10.0/24 * Remote Gateway: 192.168.20.83 * Phase 1 Lifetime: 28800 * PreShared Key: conheotiensinh * PFS Key Group: 2 * Phase 2 Lifetime: 3600
Step 5: Add a tunnel on Site 2’s firewall to Site 1 by adding a tunnel and changing only the following items: * Remote Subnet: 172.16.1.0/16 * Remote Gateway: 192.168.20.203 * Phase 1 Lifetime: 28800 * PreShared Key: conheotiensinh * PFS Key Group: 2 * Phase 2 Lifetime: 3600
Step 6: "Apply Changes”
Step 7: Allow Authenticated Headers (TCP/51) and ISAKMP (UPD/500) with Firewall rules so that IPSEC can pass. Firewall->Rules: WAN Tab. Rule 1 * Source IP: Any * Destination IP: WAN Address * Protocol: TCP * Port: 51
Rule 2 * Source IP: Any * Destination IP: WAN Address * Protocol: UDP * Port:500
Do this on both firewalls and Apply Changes when prompted
Step 8: Allow all traffic to pass through the IPSEC tunnel. Firewall->Rules : IPSEC Tab Rule * Source IP: Any * Destination IP: Any * Protocol: Any * Port Range: Any
II/TEST
ping test connection from local in site 1 to site 2 and site 2 to site 1
PPTP works by sending a regular PPP session to the peer with the Generic Routing Encapsulation (GRE) protocol. A second session on TCP port 1723 is used to initiate and manage the GRE session. PPTP is difficult to forward past a network firewall because it requires two network sessions. As such, firewalls are unable to let pass this traffic flawlessly, resulting in an inability to connect.
II/ INSTALL
We need install pfsense with 2 interface
Wan interface:192.168.20.203 Lan interface:172.16.1.1
Step 1: Enable PPTP Server (VPN > PPTP).Setup as Image
*Redirect incoming PPTP connections to:If check you will redirect to other PPTP Server(Example Window PPTP) *Use a RADIUS server for authentication:used Account of Radius(AD,FreeRadius...)
Step 2: create Account for access VPN (click tab users)
Step 3:create Rule for VPN Zone access internet
Step 4: connect to PPTP with ip:192.168.20.203 and test connection
Pfsense use snort as IPS( Snort Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. )
II/INSTALL
In This lab we need setup network with info:
Wan Interface:192.168.20.203 Lan Interface:172.16.1.1
STEP 1:Install pfsense as ip STEP 2:Install snort(The package is available to install from System > Packages and you must only install SNORT or SNORT_DEV never both. It is strongly suggested you get a paid subscription form www.snort.org in order for you to download the latest rules. ) STEP 3:After Install done We configure snort(Services > Snort)click tab Setting and configure as image
Notes:
Block offenders:Pfsense will automatically block hosts that generate a snort alert Remove blocked hosts every: It Will auto remove hosts from tab blocked Oinkmaster code:you need register 1 Account in Snort or buy (http://www.snort.org/vrt/buy-a-subscription/ will get the the latest rule updates 30 days faster than registered users)
Step 4:click tab update rules(please waith about 4-10 minutes)
Step 5:Test before attack(ping external ip)
Step 6:user super scan tool scan ip external and check tab blocked
Step 7 :access agian ip external
Step 8:Delete ip attacker in tab blocked and test again
Beside You can use Blocking Skype ,Yahoo ,P2P.... with pfSense and Snort.I will intro later
This setup enables pfSense to load balance traffic from your LAN to multiple internet connections (WANs). Traffic from the LAN is shared out on a round robin basis across the available WANs. pfSense monitors each WAN connection, using an IP address you provide, and if the monitor fails, a failover configuration is used, this typically just feeds all traffic down the other connection(s). This example sets up 2 WANs, but 3 or more can be used.
2/Intro
You can use other device load balance but it very expensive for your Company (Include My company).Pfsense can deploy all company from small -> big company( <500users)
3/Install
you can Setup pfsense with 3 interface
Lan:172.16.1.1
Wan1: 192.168.20.204
Wan2:172.16.10.1
Step 1: Create App pool wan1&wan2(services>load balancer)
Step 2:Create rule for Local access internet via poolwan1&wan2 Step 3:Check status pool (Status > Load Balancer)
Step 4:Disconnect line 1 check internet va status pool
Step 4:Connect Line 1 Disconnect line 2 check internet va status pool other you can setup Pfsense cluster failover .I will intro later
This article walks through the setup for a email gateway for multiple domains, rejects unknown email addresses, and uses a script to query valid email addresses via Active Directory.
Overview
This article describes the rationale and the setup of an external email firewall/gateway server with Postfix, a secure, high performance, and easily configurable alternative SMTP server to Sendmail.
The most common reason for this is to improve security (this applies even if you're not running Exchange). Since the email gateway theoretically only exposes its SMTP port, and will not store any emails, so even in the (ideally unlikely) event that it is compromised, any sensitive or valuable data is held elsewhere. The worst that could happen is that the attacker obtains a list of vaild email addresses for your domain(s). It can also be used for offloading services from your main email server, tasks like rejecting and filtering spam, greylisting, scanning viruses, avoiding unnecessary bandwidth, etc.
There are "articles" on the Internet that make references to simplying using the "relayhost = internalsmtp.test.vn" directive. The problem with this setup is that since the external email gateway knows nothing about the internal addresses (even when configured to only accept email to @test.vn), that it has to accept and forward everything and depend on the internal host to handle rejecting and bouncing messages. This might be acceptable, except if/when your domain becomes the target of a flood of spam or viruses to invalid/generated email addresses. Especially since the source and reply-to addresses of these emails are typically spoofed, each message ends up being accepted at the email gateway, forwarded to your internal server, rejected and relayed back to your email gateway, queued by the email gateway for delivery, retried repeatedly until it exceeds the nominal timeout, then bounced back to the email admin account on your internal email server. Lather, rinse and repeat that for every single message and it should be clear why you should never just use the "relayhost" directive to do this.
The "correct(tm)" way to do this, is to set up the email gateway so that it has knowledge of valid email addresses. That way, any address that doesn't exist is immediately rejected before the email gateway even gets to accept the data. This is important enough to worth being redudant. Rejecting unknown addresses not only avoids the whole loop described above, but avoids tying up your bandwidth receiving whatever data that would have been sent.
References / Links
Basically, this article is a restatement of Postfix email firewall/gateway found on Postfix.org's online configuration examples
Configuration
This article will not cover the compiling or installation of Postfix as it's generally available or easily installed for most distributions.
/etc/postfix/main.cf
As the name implies, this is the main configuration file for Postfix. One main attribute with Postfix is that the defaults generally default to something sensible, so that for the most part, outside of the parameters that need to be customized to your setup, they can be completely omitted in main.cf.
Hint: The command below will show the configuration directives that have been altered from default.
postconf -n
Since this is an email gateway only meant to forward email, disable local mail delivery by (Note: setting a configuration directive to empty disables it):
mydestination = local_recipient_maps = local_transport = error:local mail delivery is disabled
Normally, emails that originate from a host will have a from address in the form of username@hostname.test.vn. However, since the email gateway cannot receive mail for local users (as disabled above), you need to set the originating domain to something sensible:
myorigin = test.vn
mynetworks = define which networks are allowed to relay mail through this host. Although it's meant for internal networks to be able to relay mail without having to authenticate, it can be used (abused) to include external IP addresses or networks. However, the proper solution is to set up your Postfix installation to do SASL authentication:
mynetworks = 127.0.0.0/8, 192.168.20.0/24
This section below prevents addresses such as usernexame@subdomain.test.vn to match. Explicitly define domains you wish to accept using relay_domains below.
transport_maps = holds the mappings between domains and the SMTP server where the mail gets forwarded. See /etc/postfix/transport for details.
transport_maps = hash:/etc/postfix/transport
relay_recipient_maps = points to a file that lists all of the email addresses for which the email gateway will accept mail. See /etc/postfix/relay_recipients.
show_user_unknown_table_name = controls whether Postfix returns "User unknown in relay recipient table" (default - useful for debugging only) or "User unknown" (when set to no). This configuration directive is only used in conjunction with relay_recipient_maps.
show_user_unknown_table_name = no
ven though local mail delivery is disabled, the email gateway is still supposed to accept emails to postmaster and abuse. To do so, define a virtual alias map (we'll populate the values later). See /etc/postfix/virtual for details.
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/master.cf
This file basically defines services that Postfix will provide. To completely disable local mail delivery, edit /etc/postfix/master.cf and insert a # symbol in front of the local service definition:
#local unix - n n - - local
/etc/postfix/virtual
In a typical setup, /etc/aliases is used to forward mail to other account or external addresses. However, since local mail delivery is disabled, modifying /etc/aliases has no effect. This file holds the alias mappings between local addresses and actual email addresses. Note: this is only necessary because there is no local mail delivery, and that some "local" addresses ought to exist for technical correctness.
Actually, you can use this file for more than local addresses. You can forward emails from ex-users to their new emails addresses, create simple distribution lists, or copy an email to another user, etc.
This file folds a complete list of email address for which the email gateway will accept mail. Even though you have to enter the values as a pair (key & value), the second part (the value) doesn't actually matter as long as the email addresses are correct.
user1@test1.vn OK user2@test1.vn OK user1@test2.vn OK user2@test2.vn OK user1@subdomain.test.vn OK user2@subdomain.test.vn OK
Populating relay_recipients from Active Directory
Note that this script requires perl and Net::LDAP(you need install perl-ldap by yum). However, this does NOT have to be on your email gateway.
Shorewall (more appropriately the Shoreline Firewall) is an open sourcefirewall tool for Linux that builds upon the Netfilter (iptables/ipchains) system built into the Linux kernel, making it easier to manage more complex configuration schemes.
Using an analogy understandable to programmers: Shorewall is to iptables, what C is to assembly language. It provides a higher level of abstraction for describing rules using text files.
II/INSTALL
1/ download all packages *.rpm of shorewall(http://rpm.pbone.net/ if You use Fedora can use yum ) and install with command rpm -ivh *.rpm
2/Configure Shorewall
I Configure shorewall with 3 interface and 3 zone:net,DMZ,Local
2.1/in file /etc/shorewall/zone add all lines
fw firewall net ipv4 # loc ipv4 #
dmz ipv4 #
2.2/ In file /etc/shorewall/interfaces add all lines
net eth1 #interface of zone net
loc eth0 # interface of Zone loc
dmz eth2 #interface of Zone dmz 2.3/In File /etc/shorewall/masq add all lines (This file use for NAT outbound)
This guide will show you how to integrate Active Directory/LDAP into Postfix and Dovecot. In this page, you will learn how to enable Postfix to lookup email addresses in LDAP and how to enable Dovecot to authenticate to an LDAP server.
We will be using the following attributes
samaccountname or uid – User Name for Active Directory or OpenLDAP respectively.
mail – Email Address. For Active Directory users, you need to fill-up the E-mail field of the User.
othermailbox – For Active Directory only. We will use this field to store email aliases. Use ADSI Edit to update this field.
Create the Virtual Mail User Account
Since the Active Directory/OpenLDAP user names are not part of the Linux system, we will have to create a user that will be the owner for all the files belonging to the LDAP user names.
1. Create a new user, we will call it vmail. Change the Login Shell to /sbin/nologin, this user account should not be used for logging in.
2. Take note of the User ID and Home Directory of vmail(example 502).
3. Now note down the Group ID of vmail. We’ll be needing all of them later.
Postfix Active Directory/LDAP Integration
1. Create the file /etc/postfix/ldap-users.cf containing the lines below
server_host = dc.test.vn search_base = dc=test,dc=vn version = 3 query_filter = (&(objectclass=person)(mail=%s)) result_attribute = samaccountname #Account from DC result_format = %s/Maildir/
If you are connecting to an Active Directory server and would like to have email alias capability, change the query filter to (&(objectclass=person)(|(mail=%s)(othermailbox=%s))) to include the othermailbox field in the search.
Change samaccountname to uid if you will be connecting to an Active Directory server. If your server requires authentication, add the lines below
virtual_mailbox_base, virtual_uid_maps and virtual_gid_maps should contain the home directory, user id and group id of vmail respectively.
Make sure $mydomain in mydestination has been removed, otherwise the lookup will not work and you will get a “User unknown in local recipient table” error.
4. Restart the Postfix
5. You should now be able to send email to addresses found in your LDAP server. sing LDAP email addresses instead of the system user names.
Dovecot Active Directory/LDAP Integration
1. Create the file /etc/dovecot-ldap.conf containing the lines below
