{"id":260977,"date":"2015-07-08T19:53:02","date_gmt":"2015-07-08T15:53:02","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=260977"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=260977","title":{"rendered":"\u0420\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u0430\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Exim \u0438 Dovecot \u0441 \u043f\u0440\u0438\u0432\u044f\u0437\u043a\u043e\u0439 \u043a OpenLDAP"},"content":{"rendered":"

\u0412 \u044d\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u0430\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Exim, Dovecot \u0438 OpenLDAP \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043c\u043e\u0435\u0433\u043e \u043e\u043f\u044b\u0442\u0430 \u0441 \u044d\u0442\u0438\u043c\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438. \u0411\u044b\u0442\u044c \u043c\u043e\u0436\u0435\u0442, \u043a\u0442\u043e-\u0442\u043e \u043d\u0430\u0439\u0434\u0435\u0442 \u0434\u043b\u044f \u0441\u0435\u0431\u044f \u0447\u0442\u043e-\u043b\u0438\u0431\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0438 \u043d\u043e\u0432\u043e\u0435 \u2014 \u0432 \u044d\u0442\u043e\u043c \u0438 \u0431\u044b\u043b\u0430 \u0446\u0435\u043b\u044c \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0433\u043e howto \u043d\u0430 \u0434\u0430\u043d\u043d\u0443\u044e \u0442\u0435\u043c\u0443.<\/p>\n

\u041f\u043e\u0447\u0435\u043c\u0443 Exim \u0438 OpenLDAP, \u0430 \u043d\u0435 Postfix \u0438 MySQL, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440? Postfix \u043e\u0442\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u00ab\u0438\u0437 \u043a\u043e\u0440\u043e\u0431\u043a\u0438\u00bb, \u043d\u043e \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u043e \u0447\u0442\u043e-\u0442\u043e \u043d\u0435\u043e\u0440\u0434\u0438\u043d\u0430\u0440\u043d\u043e\u0435, \u0442\u043e \u043e\u0447\u0435\u043d\u044c \u0441\u043a\u043e\u0440\u043e Postfix \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u043f\u043e\u0432\u043e\u0440\u043e\u0442\u043b\u0438\u0432\u043e\u0433\u043e \u043c\u043e\u043d\u0441\u0442\u0440\u0430, \u043e\u0431\u0432\u0435\u0448\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u043b-\u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438, Exim \u0436\u0435 \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0447\u0443\u0434\u043e\u0432\u0438\u0449\u043d\u044b\u043c \u043f\u043e \u0441\u0438\u043b\u0435 \u043c\u0435\u0442\u0430-\u044f\u0437\u044b\u043a\u043e\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438\u0441\u044c \u0431\u0435\u0437 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0438 \u043a\u043e\u0441\u0442\u044b\u043b\u0435\u0439. MySQL \u044f \u043f\u043e\u0441\u0447\u0438\u0442\u0430\u043b \u0438\u0437\u0431\u044b\u0442\u043e\u0447\u043d\u044b\u043c \u0434\u043b\u044f \u043c\u043e\u0438\u0445 \u0437\u0430\u0434\u0430\u0447 \u0438 \u0437\u0430\u043c\u0435\u043d\u0438\u043b \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c OpenLDAP, \u0442\u0435\u043c \u0431\u043e\u043b\u0435\u0435 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f LDAP. Dovecot \u043e\u0447\u0435\u043d\u044c \u0448\u0443\u0441\u0442\u0440\u044b\u0439 \u0438 \u043b\u0435\u0433\u043a\u0438\u0439 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043f\u043b\u044e\u0441 \u043e\u0442\u043b\u0438\u0447\u043d\u043e \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0441 Exim, \u0442\u0430\u043a \u0438 \u0441 OpenLDAP.
<\/a>
\u0418\u0442\u0430\u043a, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0439 \u0441\u043e\u0444\u0442, \u0442\u0443\u0442 \u0432\u0441\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e (apt-get, yum \u0438 \u0442\u0434). \u042f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b Gentoo, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 emerge openldap dovecot exim (exim \u0438 dovecot \u0434\u043e\u043b\u0436\u043d\u044b \u0438\u043c\u0435\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 ldap).<\/p>\n

\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 USE \u0444\u043b\u0430\u0433\u0438 \u043f\u0440\u0438 \u0441\u0431\u043e\u0440\u043a\u0435:<\/p>\n

net-nds\/openldap-2.4.40-r3::x-overlay  USE="berkdb crypt gnutls overlays samba sasl ssl syslog mail-mta\/exim-4.85::gentoo  USE="dkim dnsdb dovecot-sasl dsn exiscan-acl gnutls ldap lmtp maildir pam pkcs11 prdr spf ssl syslog  net-mail\/dovecot-2.2.18::gentoo USE="bzip2 caps ldap maildir managesieve pam sieve ssl zlib<\/code><\/pre>\n
  \u041f\u0435\u0440\u0432\u044b\u043c \u0432 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u0431\u0443\u0434\u0435\u0442 OpenLDAP, \u0432 \u0435\u0433\u043e \u0431\u0430\u0437\u0435 \u0431\u0443\u0434\u0443\u0442 \u0445\u0440\u0430\u043d\u0438\u0442\u044c\u0441\u044f \u0432\u0441\u0435 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b, \u0433\u0440\u0443\u043f\u043f\u044b \u0438 \u0430\u043b\u044c\u044f\u0441\u044b, \u0442\u0430\u043a\u0436\u0435 OpenLDAP \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0438 \u0434\u043b\u044f \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432. \u0414\u043b\u044f \u043f\u0440\u043e\u0441\u0442\u043e\u0442\u044b \u0438 \u0443\u0434\u043e\u0431\u0441\u0442\u0432\u0430 \u044f \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e slapd-config, \u0430 \u0445\u0440\u0430\u043d\u044e \u0432\u0441\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0432 \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u043c slapd.conf.<\/p>\n
  \u0422\u0430\u043a \u043a\u0430\u043a \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 OpenLDAP \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u0432 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0435\u0439 \u0441\u0445\u0435\u043c\u044b \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u043e\u0447\u0442\u043e\u0439, \u0442\u043e \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0441\u0432\u043e\u044e \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e phamm.schema<\/a> \u0438 phamm-vacation.schema<\/a>.<\/p>\n
\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenLDAP<\/h4>\n
  \u041e\u043f\u0443\u0441\u043a\u0430\u044e \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u0443\u044e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443, \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 basedn dc=domain,dc=com \u0438 ssl \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u0434\u043b\u044f OpenLDAP, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0442\u0443\u0442 \u0432\u0441\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e.<\/p>\n
\u041a\u043e\u043d\u0444\u0438\u0433 slapd.conf<\/b><\/p>\n
\n
include \/etc\/openldap\/schema\/core.schema include \/etc\/openldap\/schema\/cosine.schema include \/etc\/openldap\/schema\/corba.schema include \/etc\/openldap\/schema\/inetorgperson.schema include \/etc\/openldap\/schema\/nis.schema include \/etc\/openldap\/schema\/misc.schema # \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u043d\u0443\u0436\u043d\u044b\u0435 \u0441\u0445\u0435\u043c\u044b include \/etc\/openldap\/schema\/phamm.schema include \/etc\/openldap\/schema\/phamm-vacation.schema  pidfile \/run\/openldap\/slapd.pid argsfile    \/run\/openldap\/slapd.args  # \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0443\u0442\u044c \u043a \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0447\u0435\u0440\u0435\u0437 TLS TLSCACertificateFile    \/etc\/openldap\/ssl\/cacert.pem TLSCertificateFile         \/etc\/openldap\/ssl\/newcert.pem TLSCertificateKeyFile   \/etc\/openldap\/ssl\/newkey.pem TLSProtocolMin             3.1 TLSVerifyClient             allow  database        bdb  # \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u0430\u044f bdb \u0431\u0430\u0437\u0430, \u043d\u0435\u0431\u044b\u0441\u0442\u0440\u0430\u044f, \u043d\u043e \u043d\u0430\u0434\u0435\u0436\u043d\u0430\u044f. cachesize       100000 suffix          "dc=domain,dc=com" rootdn          "uid=manager,dc=domain,dc=com" #\u0443\u0447\u0435\u0442\u043a\u0430 \u0430\u0434\u043c\u0438\u043d\u0430 rootpw          **** directory       \/var\/lib\/openldap-data checkpoint      32 30 idletimeout     120 writetimeout    120 loglevel    none  overlay syncprov  # \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043c\u043e\u0434\u0443\u043b\u044c \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100  # \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c \u0438\u043d\u0434\u0435\u043a\u0441\u044b index uid,accountActive,vacationActive,createMaildir eq index cn,givenName,sn,mail pres,eq,sub index uidNumber,gidNumber,memberUid eq index entryCSN,entryUUID eq index objectClass,member,uniqueMember eq  # \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c \u043f\u0440\u0430\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0435 # \u0443\u0447\u0435\u0442\u043a\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f \u0434\u043b\u044f \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 limits dn="uid=replicator,ou=services,dc=domain,dc=com"     size=unlimited     time=unlimited  # \u0443\u0447\u0435\u0442\u043a\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f phpldapadmin limits dn="uid=ldapadmin,ou=services,dc=domain,dc=com"     size=unlimited     time=unlimited  #\u0443\u0447\u0435\u0442\u043a\u0430 exim  limits dn="uid=exim,ou=services,dc=domain,dc=com"     size=unlimited     time=unlimited  #\u0443\u0447\u0435\u0442\u043a\u0430 nsswitch limits dn="uid=proxyagent,ou=services,dc=domain,dc=com"     size=unlimited     time=unlimited  #\u0441\u0430\u043c\u043e\u0435 \u0446\u0435\u043d\u043d\u043e\u0435 \u0432 \u0431\u0430\u0437\u0435 \u044d\u0442\u043e \u043f\u0430\u0440\u043e\u043b\u0438 access to attrs=userPassword     by dn.base="uid=ldapadmin,ou=services,dc=domain,dc=com" write     by dn.base="uid=replicator,ou=services,dc=domain,dc=com" read     by dn.base="uid=proxyagent,ou=services,dc=domain,dc=com" read     by anonymous auth     by self write     by * none  access to attrs=mail     by dn.base="uid=ldapadmin,ou=services,dc=domain,dc=com" write     by * read  access to *     by dn.base="uid=ldapadmin,ou=services,dc=domain,dc=com" write     by users read     by anonymous auth<\/code><\/pre>\n
  <\/div>\n<\/div>\n
  \u041e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u044e \u0434\u043b\u044f OpenLDAP (\u043e\u043f\u044f\u0442\u044c \u0436\u0435 \u0442\u0443\u0442 \u0432\u0441\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u043f\u0443\u0441\u043a\u0430\u044e \u0434\u0435\u0442\u0430\u043b\u0438). \u0415\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0447\u0442\u043e \u043c\u043d\u0435 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c OpenLDAP \u0440\u0443\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 sssvlv (Server Side Sorting and Virtual List View) \u0432 \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0435 (.\/configure —enable-ipv6=no —enable-syncprov=yes —enable-sssvlv=yes —with-tls=yes).<\/p>\n
  \u0412\u0442\u043e\u0440\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043a\u0430\u043a \u0430\u0434\u0440\u0435\u0441\u043d\u0430\u044f \u043a\u043d\u0438\u0433\u0430 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f.<\/p>\n
\u041a\u043e\u043d\u0444\u0438\u0433 slapd.conf \u0434\u043b\u044f \u0432\u0442\u043e\u0440\u043e\u0433\u043e LDAP \u0441\u0435\u0440\u0432\u0435\u0440\u0430<\/b><\/p>\n
\n
include \/etc\/ldap\/schema\/corba.schema include \/etc\/ldap\/schema\/core.schema include \/etc\/ldap\/schema\/cosine.schema include \/etc\/ldap\/schema\/inetorgperson.schema include \/etc\/ldap\/schema\/misc.schema include \/etc\/ldap\/schema\/nis.schema # \u0432\u0441\u0435 slapd \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438 \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043e\u043b\u0436\u043d\u044b \u0438\u043c\u0435\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0447\u043d\u044b\u0435 \u0441\u0445\u0435\u043c\u044b include \/etc\/ldap\/schema\/phamm-vacation.schema include \/etc\/ldap\/schema\/phamm.schema  # Load dynamic backend modules: #modulepath     \/usr\/lib\/ldap #moduleload     back_hdb.so #moduleload     sssvlv.so  #\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c sssvlv \u043c\u043e\u0434\u0443\u043b\u044c \u0434\u043b\u044f \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0438 Outlook  idletimeout     120 threads         8 sizelimit       1000 pidfile         \/var\/run\/slapd\/slapd.pid argsfile        \/var\/run\/slapd\/slapd.args loglevel        0  # \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0443\u0442\u044c \u043a \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0447\u0435\u0440\u0435\u0437 TLS TLSCACertificateFile    \/etc\/ldap\/ssl\/ca.pem TLSCertificateFile         \/etc\/ldap\/ssl\/ab.domain.com_crt.pem TLSCertificateKeyFile   \/etc\/ldap\/ssl\/ab.domain.com_key.pem TLSProtocolMin            3.1 TLSVerifyClient             allow  database          hdb  #\u0442\u0443\u0442 \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043b\u0435\u0433\u043a\u043e\u0432\u0435\u0441\u043d\u0430\u044f hdb cachesize         100000 suffix                "dc=domain,dc=com" rootdn             "cn=replicator,ou=services,dc=domain,dc=com"  rootpw             ***** directory          \/var\/lib\/ldap checkpoint       32 30 idletimeout      120 writetimeout    120  overlay sssvlv  #\u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 TLS, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f syncrepl syncrepl rid=001 #ID \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438         provider=ldaps:\/\/domain.com #\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f ldaps:\/\/ , \u0442\u0430\u043a \u043a\u0430\u043a \u0447\u0435\u0440\u0435\u0437 starttls \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e \u0441 self-signed \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c\u0438         type=refreshOnly         interval=00:00:10:00         searchbase="dc=domain,dc=com"         scope=sub         schemachecking=off         bindmethod=simple         binddn="uid=replicator,ou=services,dc=domain,dc=com"  #\u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 posix \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0432 ou=services, \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0439 \u0432 slapd.conf         credentials=****         tls_cacertdir=\/etc\/ssl\/certs         tls_cacert=\/etc\/ldap\/ssl\/ca.pem         tls_cert=\/etc\/ldap\/ssl\/ab.domain.com_crt.pem         tls_key=\/etc\/ldap\/ssl\/ab.domain.com_key.pem         tls_reqcert=allow  index uid,accountActive,vacationActive eq index cn,givenName,sn,mail pres,eq,sub index uidNumber,gidNumber,memberUid eq index entryCSN,entryUUID eq index objectClass,member,uniqueMember eq  # \u0443\u0431\u0438\u0440\u0430\u0435\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 limits dn="uid=replicator,ou=services,dc=domain,dc=com"         size=unlimited         time=unlimited  #\u0443\u0431\u0438\u0440\u0430\u0435\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0438 limits users         size=unlimited         time=unlimited  # \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c \u043f\u0440\u0430\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 access to attrs=userPassword         by dn.base="uid=ldapadmin,ou=services,dc=domain,dc=com" write         by dn.base="uid=replicator,ou=services,dc=domain,dc=com" write         by dn.base="uid=proxyagent,ou=services,dc=domain,dc=com" read         by anonymous auth         by self write         by * none  access to attrs=mail         by dn.base="uid=ldapadmin,ou=services,dc=domain,dc=com" write         by dn.base="uid=replicator,ou=services,dc=domain,dc=com" write         by * read  access to attrs=cn         by dn.base="uid=ldapadmin,ou=services,dc=domain,dc=com" write         by dn.base="uid=replicator,ou=services,dc=domain,dc=com" write         by * read  access to *         by dn.base="uid=ldapadmin,ou=services,dc=domain,dc=com" write         by dn.base="uid=replicator,ou=services,dc=domain,dc=com" write         by users read         by anonymous auth <\/code><\/pre>\n<\/div>\n<\/div>\n
  \u0414\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f LDAP \u0431\u0430\u0437\u044b \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e phpldapadmin, \u0442\u0430\u043a \u043a\u0430\u043a \u043e\u043d \u043b\u0435\u0433\u043a\u0438\u0439, \u0443\u0434\u043e\u0431\u043d\u044b\u0439 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 XML \u0448\u0430\u0431\u043b\u043e\u043d\u043e\u0432, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0433\u0438\u0431\u043a\u043e \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0448\u0430\u0431\u043b\u043e\u043d\u044b \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432. \u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u043f\u0440\u043e\u0435\u043a\u0442 \u0434\u0430\u0432\u043d\u043e \u0437\u0430\u0431\u0440\u043e\u0448\u0435\u043d \u0430\u0432\u0442\u043e\u0440\u043e\u043c \u0438 \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u0435\u0442\u0441\u044f.<\/p>\n
  \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043f\u0440\u0438\u043c\u0435\u0440 \u0448\u0430\u0431\u043b\u043e\u043d\u0430 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430.  <\/p>\n
\u041a\u043e\u0434<\/b><\/p>\n
\n
 <objectClasses>  <objectClass id="top"><\/objectClass>  <objectClass id="inetOrgPerson"><\/objectClass>  <objectClass id="posixAccount"><\/objectClass> #\u0431\u0430\u0437\u043e\u0432\u044b\u0439 posix \u0430\u043a\u043a\u0430\u0443\u043d\u0442  <objectClass id="VirtualMailAccount"><\/objectClass> #\u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043a\u043b\u0430\u0441\u0441 \u0438\u0437 \u043d\u0430\u0448\u0435\u0439 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0439 phamm \u0441\u0445\u0435\u043c\u044b  <objectClass id="Vacation"><\/objectClass> #\u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043a\u043b\u0430\u0441\u0441 \u0438\u0437 phamm-vacation \u0441\u0445\u0435\u043c\u044b  <\/objectClasses>  <attributes> <attribute id="givenName">    <display>First Name<\/display>    <icon>ldap-uid.png<\/icon>    <order>1<\/order>    <page>1<\/page> <\/attribute>  <attribute id="sn">    <display>Last Name<\/display>    <onchange>=autoFill(cn;%givenName% %sn%)<\/onchange>    <onchange>=autoFill(uid;%givenName|0-1\/l%%sn\/l%)<\/onchange>    <onchange>=autoFill(loginShell;\/sbin\/nologin)<\/onchange>    <onchange>=autoFill(FTPStatus;enabled)<\/onchange>    <order>2<\/order>    <page>1<\/page> <\/attribute>  <attribute id="cn">    <display>Common Name<\/display>    <order>3<\/order> <\/attribute>  <attribute id="uid">    <display>UID<\/display>    <onchange>=autoFill(homeDirectory;\/home\/%uid%)<\/onchange>    <onchange>=autoFill(mailbox;\/home\/%uid%\/Maildir)<\/onchange>    <onchange>=autoFill(mail;%uid%@domain.com)<\/onchange>    <onchange>=autoFill(company;My Company)<\/onchange>    <order>4<\/order>    <spacer>1<\/spacer> <\/attribute> <\/code><\/pre>\n<\/div>\n<\/div>\n
  \u041f\u0440\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0441\u0445\u0435\u043c\u0443 LDAP \u0431\u0430\u0437\u044b:<\/p>\n
  ou=people,dc=domain,dc=com \u2014 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432;
  ou=groups,dc=domain,dc=com \u2014 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f posix \u0433\u0440\u0443\u043f\u043f;
  ou=services,dc=domain,dc=com \u2014 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 (posix \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b);
  ou=aliases,dc=domain,dc=com \u2014 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0430\u043b\u044c\u044f\u0441\u043e\u0432.<\/p>\n
  \u041f\u0440\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043c\u043d\u043e\u044e phamm \u0441\u0445\u0435\u043c\u044b, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u044b\u0445\u043e\u0434\u0438\u0442 \u0437\u0430 \u0440\u0430\u043c\u043a\u0438 \u044d\u0442\u043e \u0441\u0442\u0430\u0442\u044c\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, createMaildir \u0438\u043b\u0438 Backup). \u041e\u0442\u043c\u0435\u0447\u0443 \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0445 \u043f\u043e\u0438\u0441\u043a\u0430.
  accountActive = TRUE|FALSE \u2014 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c\/\u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0438\u043b\u0438 \u0430\u043b\u044c\u044f\u0441;
  vacationInfo \u2014 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0442\u0435\u043a\u0441\u0442 Out of Office \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f;
  vacationActive \u2014 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c\/\u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c OoO \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435;
  quota \u2014 \u0442\u0443\u0442 \u0438 \u0442\u0430\u043a \u043f\u043e\u043d\u044f\u0442\u043d\u043e (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440: quota = 4G)<\/p>\n
  \u0418\u0442\u0430\u043a, OpenLDAP \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u0438 \u0437\u0430\u043f\u0443\u0449\u0435\u043d, \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 phpldapadmin \u0441\u043e\u0437\u0434\u0430\u043d \u043f\u0435\u0440\u0432\u044b\u0439 \u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0439 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 ipupkin c \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u043f\u043e\u0447\u0442\u044b ipupkin@domain.com. \u0412 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0434\u0438\u043d \u0434\u043e\u043c\u0435\u043d domain.com, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0432 \u043d\u0430\u0448\u0435\u043c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435 ou=groups posix \u0433\u0440\u0443\u043f\u043f\u0443 domain \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c ipupkin \u0432 \u044d\u0442\u0443 \u0433\u0440\u0443\u043f\u043f\u0443.<\/p>\n
  \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0432\u0441\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0430 \u043e\u0434\u043d\u043e\u043c \u043b\u0438\u043d\u0443\u043a\u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0438 \u043b\u043e\u0433\u0438\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043b\u0434\u0430\u043f \u0431\u0430\u0437\u0443 \u0434\u043b\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0435\u043c \u044d\u0442\u043e \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u0443 \u043d\u0430 \u043f\u043b\u0435\u0447\u0438 Name Service Switch (nss) \u0438\u043b\u0438 System Security Services Daemon (sssd). \u0422\u0430\u043a\u0436\u0435 \u043f\u043b\u044e\u0441\u043e\u043c \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043b\u0435\u0433\u043a\u0430\u044f \u0430\u0434\u0430\u043f\u0442\u0430\u0446\u0438\u044f \u0441 Samba \u0434\u043e\u043c\u0435\u043d\u043e\u043c, \u043f\u0440\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438.
  \u041f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0443\u0436\u043d\u043e \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f \u0447\u0442\u043e \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u043f\u0430\u043a\u0435\u0442 nss_ldap (\u0438\u043b\u0438 libnss-ldapd).
  \u0412 \/etc\/nsswitch.conf \u043c\u0435\u043d\u044f\u0435\u043c \u0441\u0442\u0440\u043e\u043a\u0438 \u0441 compat \u043d\u0430 ldap (\u0438\u043b\u0438 winbind \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 Samba \u0434\u043e\u043c\u0435\u043d\u0430):
  passwd: files ldap
  shadow: files ldap
  group: files ldap<\/p>\n
  \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0444\u0430\u0439\u043b \/etc\/ldap.conf \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u044f:<\/p>\n
ldap.conf<\/b><\/p>\n
uri ldap:\/\/127.0.0.1
  uri ldap:\/\/192.168.0.1 #\u0432\u0442\u043e\u0440\u043e\u0439 \u043b\u0434\u0430\u043f-\u0441\u0435\u0440\u0432\u0435\u0440 \u043a\u0430\u043a fallback<\/p>\n
  base dc=domain,dc=com
  binddn uid=proxyagent,ou=services,dc=domain,dc=com #\u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0432 ou=services posix \u0430\u043a\u043a\u0430\u0443\u043d\u0442, \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0439 \u0432 slapd.conf
  bindpw *****<\/p>\n
  pam_filter objectclass=posixAccount
  pam_login_attribute uid
  pam_check_host_attr no
  pam_lookup_policy no
  pam_member_attribute memberUid
  pam_min_uid 1000
  pam_max_uid 65535
  ssl start_tls #\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c TLS \u0432\u043c\u0435\u0441\u0442\u043e SSL
  #\u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0443\u0442\u0438 \u043a \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c
  tls_cacert \/etc\/openldap\/ssl\/ca.pem
  tls_key \/etc\/openldap\/ssl\/mail_crt_new.pem
  tls_cert \/etc\/openldap\/ssl\/mail_key_new.pem
  tls_reqcert allow
  tls_checkpeer no
  tls_ciphers TLSv1
  scope sub
  timelimit 5
  bind_timelimit 5
  bind_policy soft
  nss_reconnect_tries 4
  nss_reconnect_sleeptime 1
  nss_reconnect_maxsleeptime 16
  nss_reconnect_maxconntries 2  <\/div>\n<\/div>\n
  \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c, \u0447\u0442\u043e nss \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0430 \u0434\u043e\u043c\u0430\u0448\u043d\u0430\u044f \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044f (mkdir -m 700 \/home ipupkin && chown ipupkin:domain \/home\/ipupkin).
  >id ipupkin
  uid=1057(ipupkin) gid=1000(domain) groups=1000(domain)
  > ls -ld \/home\/ipupkin
  drwx—— 3 ipupkin domain 4096 Jun 22 15:50 \/home\/ipupkin<\/p>\n
  \u0422\u0435\u043f\u0435\u0440\u044c, \u043a\u043e\u0433\u0434\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c ipupkin \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0435\u0442\u0441\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439, \u043d\u0443\u0436\u043d\u043e \u0447\u0442\u043e\u0431\u044b ipupkin \u0441\u043c\u043e\u0433 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0438 \u043e\u0442\u0441\u044b\u043b\u0430\u0442\u044c \u043f\u043e\u0447\u0442\u0443.<\/p>\n
\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Dovecot<\/h4>\n
  \u041f\u0440\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 Dovecot \u044f \u0443\u0434\u0430\u043b\u0438\u043b \u0432\u0441\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0435 \u043c\u043e\u043d\u0441\u0442\u0440\u0443\u043e\u0437\u043d\u044b\u0435 \u0434\u0435\u0444\u043e\u043b\u0442\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0438 \u0438 \u0434\u043b\u044f \u0443\u0434\u043e\u0431\u0441\u0442\u0432\u0430 \u0441\u043e\u0437\u0434\u0430\u043b \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u0432\u0430 \u2014 dovecot.conf \u0438 dovecot-ldap.conf.<\/p>\n
dovecot.conf<\/b><\/p>\n
auth_cache_negative_ttl = 10 mins
  auth_debug = no
  auth_debug_passwords = no
  auth_mechanisms = plain login #\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f TLS, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c plain
  base_dir = \/var\/run\/dovecot\/
  default_vsz_limit = 1024 M
  disable_plaintext_auth = no
  dotlock_use_excl = yes
  lda_mailbox_autocreate = yes #\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e
  lda_mailbox_autosubscribe = yes #\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e
  listen = *
  mmap_disable = yes
  mail_fsync = always
  mail_nfs_storage = no
  mail_nfs_index = no
  mail_debug = no
  mail_location = maildir:~\/Maildir #\u0433\u0434\u0435 \u0438\u0441\u043a\u0430\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a, \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 maildir \u0431\u0435\u0440\u0435\u0442\u0441\u044f \u0438\u0437 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 homeDirectory (\u0432 \u043d\u0430\u0448\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u044d\u0442\u043e \/home\/ipupkin), \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043f\u043e\u043b\u043d\u044b\u0439 \u043f\u0443\u0442\u044c \u0431\u0443\u0434\u0435\u0442 \/home\/ipupkin\/Maildir.
  mail_plugins = $mail_plugins quota notify expire
  managesieve_notify_capability = mailto
  managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
  ssl_ca = <\/etc\/dovecot\/ssl\/ca.pem
  ssl_cert = <\/etc\/dovecot\/ssl\/mail_crt_new.pem
  ssl_key = <\/etc\/dovecot\/ssl\/mail_key_new.pem
  ssl_verify_client_cert = no
  verbose_ssl = no<\/p>\n
  protocols = imap pop3 sieve<\/p>\n
  userdb {
   args = \/etc\/dovecot\/dovecot-ldap.conf #\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u043d\u0430\u0448 ldap \u043a\u043e\u043d\u0444\u0438\u0433
   driver = ldap
  }<\/p>\n
  passdb {
   args = \/etc\/dovecot\/dovecot-ldap-pass.conf #\u043f\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0430\u0432\u0442\u043e\u0440\u043e\u0432 dovecot \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 dovecot-ldap.conf
   driver = ldap
  }<\/p>\n
  service auth {
   unix_listener auth-userdb {
   mode = 0666
   }
  }<\/p>\n
  service imap-login {
   process_min_avail = 6
   service_count = 0
  }<\/p>\n
  service pop3-login {
   process_min_avail = 6
   service_count = 0
  }<\/p>\n
  #\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f managesieve \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u043c \u0432\u0435\u0431\u043f\u043e\u0447\u0442\u044b roundcube
  service managesieve-login {
   process_min_avail = 6
   service_count = 0
   inet_listener sieve {
   port = 4190
   }
  }<\/p>\n
  service managesieve {
  }<\/p>\n
  service dict {
   unix_listener dict {
   mode = 0666
   }
   }<\/p>\n
  #\u043f\u0440\u0438 \u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u044f\u0449\u0438\u043a\u0430 \u043d\u0430 90%, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 
  service quota-warning {
   executable = script \/etc\/dovecot\/quota-warning.sh # \u0441\u0430\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0442\u0430\u043a  <\/p>\n
\u0421\u043a\u0440\u0438\u043f\u0442<\/b><\/p>\n
\n
#!\/bin\/sh  PERCENT=$1 USER=$2 cat << EOF | \/usr\/libexec\/dovecot\/dovecot-lda -d $USER -o "plugin\/quota=maildir:User quota:noenforcing" From: postmaster@domain.com Subject: Your mailbox is $PERCENT% full Content-Type: text\/plain; charset="UTF-8" X-Priority: 2  Warning! Your mailbox is now $PERCENT% full. EOF <\/code><\/pre>\n
  <\/div>\n<\/div>\n
  unix_listener quota-warning {
   mode = 0666
   }
  }<\/p>\n
  protocol imap {
   imap_client_workarounds = delay-newmail #\u0445\u0430\u043a \u0434\u043b\u044f \u0410\u0443\u0442\u043b\u0443\u043a\u0430
   mail_plugins = quota imap_quota mail_log notify
  }<\/p>\n
  protocol pop {
   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh #\u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0445\u0430\u043a\u0438 \u0434\u043b\u044f \u0410\u0443\u0442\u043b\u0443\u043a\u0430
   #pop3_uidl_format = %08Xu%08Xv #\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u0410\u0443\u0442\u043b\u0443\u043a\u043e\u043c \u043f\u043e\u0447\u0442\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u044d\u0442\u043e\u0442 \u0444\u043e\u0440\u043c\u0430\u0442 \u0438\u043c\u0435\u0435\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u0410\u0443\u0442\u043b\u0443\u043a\u043e\u043c 2013
   pop3_uidl_format = %g
   pop3_fast_size_lookups=yes #\u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u0437\u0434\u0435\u0441\u044c<\/a> \u0440\u0430\u0437\u0434\u0435\u043b Maildir perfomance.
   mail_plugins =
  }<\/p>\n
  # Logical Delivery Agent (LDA) \u0441\u0435\u0440\u0432\u0438\u0441, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 Exim \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u043f\u043e\u0447\u0442\u044b.
  protocol lda {
   hostname = domain.com
   mail_fsync = optimized
   mail_plugins = sieve quota
   postmaster_address = postmaster@domain.com
   log_path =
   info_log_path =
  }<\/p>\n
  protocol sieve {
  }<\/p>\n
  #\u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043e\u043f\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u043e\u0431\u0430\u0432\u043a\u0438
  plugin {
   quota = maildir:User quota
   quota_rule = *:storage=1M
   quota_rule2 = Trash:ignore
   quota_rule3 = Deleted Items:ignore
   quota_rule4 = Junk E-mail:ignore
   quota_rule5 = Archive:ignore
   quota_rule6 = archive:ignore
   quota_warning = storage=90%% quota-warning 90 %u #\u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u043d\u0442 \u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u044f\u0449\u0438\u043a\u0430, \u043f\u0440\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 quota-warning.sh
   sieve = ~\/Maildir\/.dovecot.sieve
   sieve_dir = ~\/Maildir\/sieve
   expire_dict = proxy::expire 
   expire = Trash
   expire2 = Deleted Items
   expire3 = Junk E-mail
   expire_cache = yes
  }<\/p><\/div>\n<\/div>\n
  \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043e\u043a \u043d\u0435\u0442 (dovecot -a) \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c dovecot.<\/p>\n
 \u0424\u0438\u043d\u0430\u043b: \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Exim<\/h4>\n
  \u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u043f\u0440\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 Exim \u0431\u044b\u043b \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u043e\u0442\u043a\u0430\u0437 \u043e\u0442 \u043b\u044e\u0431\u044b\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0432\u0441\u0435\u0433\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\u043c\u0438 Exim. \u0422\u043e\u043b\u044c\u043a\u043e \u043a\u0430\u043a \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u0435\u0431\u0438\u0430\u043d\u043e\u0432\u0441\u043a\u0438\u0439 greylistd \u043d\u0430 \u043f\u0438\u0442\u043e\u043d\u0435 \u0438 \u043f\u0435\u0440\u043b\u043e\u0432\u044b\u0439 amavisd-new. 
  \u041f\u0440\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 Exim \u0442\u0430\u043a\u0436\u0435 \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u0432\u0430 \u0444\u0430\u0439\u043b\u0430 \u2014 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 exim.conf \u0438 acl_smtp \u0434\u043b\u044f ACL \u043f\u0440\u0430\u0432\u0438\u043b.
  \u0422\u0430\u043a\u0436\u0435 \u043e\u043f\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0440\u043e\u0443\u0442\u0435\u0440 \u0438 \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442 \u0434\u043b\u044f mailman.<\/p>\n
exim.conf<\/b><\/p>\n
CONFIG_PREFIX=\/etc\/exim
  ACL_PREFIX=CONFIG_PREFIX\/acls #\u0437\u0434\u0435\u0441\u044c \u0445\u0440\u0430\u043d\u044f\u0442\u0441\u044f \u0432\u0441\u0435 ACL \u043a\u043e\u043d\u0444\u0438\u0433\u0438
  DB_PREFIX=\/var\/spool\/exim\/db #\u0434\u043b\u044f \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c tmpfs<\/p>\n
  # \u0428\u0430\u0431\u043b\u043e\u043d\u044b \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0441\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u043e\u0439 Exim, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043b\u0435\u0433\u043a\u043e \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u043b\u0438\u043d\u043d\u0443\u044e \u0441\u0442\u0440\u043e\u043a\u0443 \u043a\u043e\u0440\u043e\u0442\u043a\u0438\u043c \u0441\u043b\u043e\u0432\u043e\u043c.
  # \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c \u0448\u0430\u0431\u043b\u043e\u043d\u044b \u0434\u043b\u044f mailman
  MM_HOME=\/var\/lib\/mailman
  MM_UID=mailman
  MM_GID=mailman
  MM_WRAP=\/usr\/lib\/mailman\/mail\/mailman
  MM_LISTCHK=MM_HOME\/lists\/${lc::$local_part}\/config.pck<\/p>\n
  ldap_default_servers = \/var\/run\/openldap\/slapd.sock: 192.168.0.1 #\u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043a\u0430\u043a \u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0442\u044c\u0441\u044f \u043a \u043b\u0434\u0430\u043f-\u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c, \u0432\u0442\u043e\u0440\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043a\u0430\u043a fallback.<\/p>\n
  INTERFACE = your_external_ip #\u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0430\u0439\u043f\u0438, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0431\u0443\u0434\u0435\u0442 \u0432\u0438\u0441\u0435\u0442\u044c exim
  BASEDN = dc=domain,dc=com #basedn \u043b\u0434\u0430\u043f \u0441\u0435\u0440\u0432\u0435\u0440\u0430<\/p>\n
  # \u0412 \u044d\u0442\u043e\u0439 \u0441\u0435\u043a\u0446\u0438\u0438 \u0443\u043a\u0430\u0437\u0430\u043d\u044b \u0441\u0430\u043c\u044b\u0435 \u0432\u0430\u0436\u043d\u044b\u0435 \u0442\u0435\u043c\u043f\u043b\u0435\u0439\u0442\u044b, \u0437\u0430\u0434\u0430\u044e\u0449\u0438\u0435 \u043b\u043e\u0433\u0438\u043a\u0443 \u0440\u0430\u0431\u043e\u0442\u044b Exim<\/p>\n
  #\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0430\u043b\u044c\u044f\u0441\u0430, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043b\u0438 \u0430\u0434\u0440\u0435\u0441 \u0430\u043b\u044c\u044f\u0441\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 mail \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435 aliases, \u0430\u043b\u044c\u044f\u0441 \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0442\u044c \u043a\u043b\u0430\u0441\u0441\u0443 VirtualMailAlias \u0438 \u0438\u043c\u0435\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 TRUE \u0434\u043b\u044f \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 accountActive
  CHECK_1 = ${lookup ldap {user=\u00abuid=exim,ou=services,dc=domain,dc=com\u00bb pass=*** ldap:\/\/\/ou=aliases,dc=domain,dc=com?mail?sub?(&(objectClass=VirtualMailAlias)(accountActive=TRUE)(mail=${quote_ldap:$local_part@$domain}))} }<\/p>\n
  #\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043b\u0438 \u0430\u0434\u0440\u0435\u0441 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u044f \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 mail \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435 people, \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0442\u044c \u043a \u043a\u043b\u0430\u0441\u0441\u0443 VirtualMailAccount \u0438 \u0438\u043c\u0435\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 TRUE \u0434\u043b\u044f \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 accountActive
  CHECK_2 = ${lookup ldap {user=\u00abuid=exim,ou=services,dc=domain,dc=com\u00bb pass=*** ldap:\/\/\/ou=people,dc=domain,dc=com?mail?sub?(&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=${quote_ldap:$local_part@$domain}))} }<\/p>\n
  #\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u0432 \u0430\u043b\u044c\u044f\u0441\u0430, \u043a\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u0430\u0442\u044c \u043f\u043e\u0447\u0442\u0443, \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0430\u0442\u0442\u0440\u0438\u0431\u0443\u0442\u0430 maildrop
  CHECK_DATA = ${lookup ldapm {user=\u00abuid=exim,ou=services,dc=domain,dc=com\u00bb pass=*** ldap:\/\/\/ou=aliases,dc=domain,dc=com?maildrop?sub?(&(objectClass=VirtualMailAlias)(mail=${quote_ldap:$local_part@$domain}))}}<\/p>\n
  #\u041f\u0443\u0442\u044c \u043a \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c\u0443 \u044f\u0449\u0438\u043a\u0443, \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0430\u0442\u0442\u0440\u0438\u0431\u0443\u0442\u0430 mailbox
  CHECK_MAILDIR = ${lookup ldap {user=\u00abuid=exim,ou=services,dc=domain,dc=com\u00bb pass=*** ldap:\/\/\/ou=people,dc=domain,dc=com?mailbox?sub?(&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=${quote_ldap:$local_part@$domain}))} }<\/p>\n
  #\u0422\u0435\u043a\u0441\u0442 OoO \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f, \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0430\u0442\u0442\u0440\u0438\u0431\u0443\u0442\u0430 vacationInfo
  CHECK_VACATION = ${lookup ldap {user=\u00abuid=exim,ou=services,dc=domain,dc=com\u00bb pass=*** ldap:\/\/\/ou=people,dc=domain,dc=com?vacationInfo?sub?(&(objectClass=VirtualMailAccount)(vacationActive=TRUE)(mail=${quote_ldap:$local_part@$domain}))}}<\/p>\n
  #Hack for double commas in OoO message, exim’s bug 660 #\u043a\u0430\u0436\u0435\u0442\u0441\u044f \u0442\u0430\u043a \u0438 \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438
  VACATION = ${sg{ ${lookup ldap {user=\u00abuid=exim,ou=services,dc=domain,dc=com\u00bb pass=*** ldap:\/\/\/ou=people,dc=domain,dc=com?vacationInfo?sub?(&(objectClass=VirtualMailAccount)(vacationActive=TRUE)(mail=${quote_ldap:$local_part@$domain}))}} }{,,}{,}}<\/p>\n
  domainlist_cache virt_domains = domain.com #\u0442\u0430\u043a \u043a\u0430\u043a \u0443 \u043d\u0430\u0441 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0434\u0438\u043d \u0434\u043e\u043c\u0435\u043d, \u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0435\u0433\u043e. \u0415\u0441\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0434\u043e\u043c\u0435\u043d\u043e\u0432, \u0442\u043e \u043d\u0443\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0442\u0435\u043c\u043f\u043b\u0435\u0439\u0442 \u0432\u044b\u0431\u043e\u0440\u043a\u0438 \u0434\u043e\u043c\u0435\u043d\u043e\u0432 \u0438\u0437 \u043b\u0434\u0430\u043f \u0431\u0430\u0437\u044b.
  domainlist_cache local_domains = localhost: mail.domain.com
  hostlist relay_from_hosts = 127.0.0.1: 192.168.0.0\/16 
  addresslist noautoreply_senders = DB_PREFIX\/autoreply.noanswer.db<\/p>\n
  sender_unqualified_hosts = 127.0.0.1: 192.168.0.0\/16
  recipient_unqualified_hosts = 127.0.0.1: 192.168.0.0\/16<\/p>\n
  local_interfaces = 0.0.0.0.25: 0.0.0.0.26: 0.0.0.0.465: 0.0.0.0.587: 127.0.0.1.10025
  tls_on_connect_ports = 465<\/p>\n
  acl_smtp_connect = acl_check_connect
  acl_smtp_helo = acl_check_helo
  acl_smtp_mail = acl_check_mail
  acl_smtp_rcpt = acl_check_rcpt
  acl_smtp_data = acl_check_data
  acl_smtp_dkim = acl_check_dkim<\/p>\n
  accept_8bitmime
  auth_advertise_hosts = !127.0.0.1 #\u043d\u0435 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0442\u044c SMTP AUTH \u043b\u043e\u043a\u0430\u043b\u0445\u043e\u0441\u0442\u0443
  bounce_message_file = CONFIG_PREFIX\/bounce.msg #\u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u043e\u0440\u043c\u0430\u0442 bounce \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f, \u0443 \u043c\u0435\u043d\u044f \u0442\u0430\u043a:<\/p>\n
bounce msg<\/b><\/p>\n
Subject: Mail delivery failed ${if eq{$sender_address}{$bounce_recipient}{: returning message to sender}}
  ****
  This message was created automatically by mail delivery software.<\/p>\n
  A message ${if eq{$sender_address}{$bounce_recipient}{that you sent }{sent by<\/p>\n
  <$sender_address><\/p>\n
  }}could not be delivered to all of its recipients.
  The following address(es) failed:
  ****
  The following text was generated during the delivery attempt(s):
  ****
   \u2014 This is a copy of the message, including all the headers. \u2014 ****
   \u2014 The body of the message is $message_size characters long; only the first
   \u2014 $return_size_limit or so are included here.
  ****  <\/div>\n<\/div>\n
  bounce_return_size_limit = 100K
  delay_warning = 15m:1h:99d
  deliver_queue_load_max = 40
  disable_ipv6
  exim_group = vmail #\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0447\u0442\u043e\u0431\u044b \u0432\u0441\u0435 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b (dovecot, spamassassin, clamav \u0438 \u0442\u0434) \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043f\u043e\u0434 \u043e\u0434\u043d\u0438\u043c gid
  exim_user = vmail #\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0447\u0442\u043e\u0431\u044b \u0432\u0441\u0435 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b (dovecot, spamassassin, clamav \u0438 \u0442\u0434) \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043f\u043e\u0434 \u043e\u0434\u043d\u0438\u043c uid 
  headers_charset = UTF-8 #\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c
  ignore_bounce_errors_after = 0s
  local_scan_timeout = 0s
  message_size_limit = 50M
  never_users = root
  no_message_logs
  no_smtp_enforce_sync
  no_syslog_duplication
  primary_hostname = mail.domain.com
  qualify_domain = domain.com
  queue_only_load = 12
  queue_run_max = 5
  recipients_max = 500
  recipients_max_reject
  remote_max_parallel = 2
  return_size_limit = 10000
  rfc1413_query_timeout = 0s
  smtp_accept_max = 500
  smtp_accept_max_per_host = 500
  smtp_accept_queue = 500
  smtp_accept_queue_per_connection = 1000
  smtp_accept_reserve = 15
  smtp_banner = $primary_hostname ESMTP ready $tod_full
  smtp_connect_backlog = 40
  smtp_load_reserve = 20
  smtp_return_error_details
  split_spool_directory
  strip_excess_angle_brackets
  strip_trailing_dot
  syslog_facility = mail #\u043b\u043e\u0433\u0438 \u043e\u0442\u0441\u044b\u043b\u0430\u044e\u0442\u0441\u044f syslog \u0441\u0435\u0440\u0432\u0438\u0441\u0443
  syslog_processname = exim
  system_filter = DB_PREFIX\/exim.filter #\u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u044b\u0439 exim \u0444\u0438\u043b\u044c\u0442\u0435\u0440, \u0443 \u043c\u0435\u043d\u044f \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f
  timeout_frozen_after = 7d
  tls_advertise_hosts = !127.0.0.1 #\u043d\u0435 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0442\u044c TLS \u043b\u043e\u043a\u0430\u043b\u0445\u043e\u0441\u0442\u0443<\/p>\n
  #\u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0443\u0442\u044c \u043a \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c
  tls_certificate = \/etc\/exim\/ssl\/mail_crt_new.pem
  tls_privatekey = \/etc\/exim\/ssl\/mail_key_new.pem
  tls_verify_certificates = \/etc\/exim\/ssl\/ca.pem<\/p>\n
  #\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c \u0444\u043e\u0440\u043c\u0430\u0442 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 \u043f\u0438\u0441\u044c\u043c\u0430
  received_header_text = \u00abReceived:\\
   ${if def:sender_rcvhost {from INTERFACE\\n\\t}\\
   {${if def:sender_ident {from relay }}\\
   ${if def:sender_helo_name {(helo=${sender_helo_name})\\n\\t}}}}\\
   by ${qualify_domain}\\
   id ${message_id}\\
   ${if def:received_for {\\n\\tfor <$received_for>}}\u00bb<\/p>\n
  #\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441 \u0438 \u0430\u043d\u0442\u0438\u0441\u043f\u0430\u043c \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e, \u0442\u0430\u043a \u043a\u0430\u043a LDAP \u0437\u0434\u0435\u0441\u044c \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f, \u0442\u043e \u0432\u0441\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443.
  # av_scanner = clamd:\/tmp\/clamd
  # spamd_address = 127.0.0.1 783<\/p>\n
  begin acl<\/p>\n
  #\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u043d\u0430\u0448 ACL \u043a\u043e\u043d\u0444\u0438\u0433 (\u0441\u043c \u043d\u0438\u0436\u0435)
  .include ACL_PREFIX\/acl_smtp<\/p>\n
  #\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0440\u043e\u0443\u0442\u0435\u0440\u044b
  begin routers<\/p>\n
  # \u0420\u043e\u0443\u0442\u0435\u0440 \u0434\u043b\u044f \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u0439 \u043f\u043e\u0447\u0442\u044b
  dnslookup:
   driver = dnslookup
   domains = !+local_domains: !+virt_domains
   transport = remote_smtp
   ignore_target_hosts = 0.0.0.0: 127.0.0.0\/8
   no_more<\/p>\n
  # \u0420\u043e\u0443\u0442\u0435\u0440\u044b \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u044f\u0449\u0435\u0439 \u043f\u043e\u0447\u0442\u044b<\/p>\n
  #\u041e\u043f\u0438\u0446\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442 \u0434\u043b\u044f amavis (\u0441\u0434\u0435\u043b\u0430\u0435\u043c \u043e\u0434\u043d\u043e \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u043b\u0443 \ud83d\ude42 )
  #amavis:
  # driver = manualroute
  # condition = ${if or {\\
  # {eq{$interface_port}{10025}} \\
  # {eq{$received_protocol}{spam-scanned}}\\
  # {eq{$sender_address}{}}\\
  # {eq{$sender_address_domain}{domain.com}}\\
  # {eq{$sender_address_domain}{kaspersky.com}}\\
  # {eq{${lc:$dkim_verify_status}}{pass}}\\
  # {match{$sender_address_local_part}{-bounces}}\\
  # }{0}{1}}
  # domains = +virt_domains
  # senders =!: !postmaster@*: !mailer-daemon@*: !nagios@*: !monit@*
  # no_verify
  # no_expn
  # transport = amavis
  # route_list = "* localhost byname"
  # self = send<\/p>\n
  autorespond:
   driver = accept
   domains = +virt_domains
   senders =!: !+noautoreply_senders #\u043d\u0435 \u043e\u0442\u0432\u0435\u0447\u0430\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u0445\u043e\u0441\u0442\u0443 \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044f\u043c, \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u043c \u0432 autoreply.noanswer.db
   condition = ${if and {\\
   {!eq{CHECK_VACATION}{}}\\ #\u043d\u0430\u0448 \u0448\u0430\u0431\u043b\u043e\u043d
   {!match{$h_precedence:}{junk|bulk|list}}\\ #\u043d\u0435 \u043e\u0442\u0432\u0435\u0447\u0430\u0442\u044c \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0430\u043c
   {!def:header_Auto-Submitted:}\\
   {!def:header_List-Id:}\\
   }}
   no_verify
   no_expn
   unseen
   transport = auto_responder<\/p>\n
  #\u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0430\u043b\u044c\u044f\u0441\u044b
  aliases:
   driver = redirect
   domains = !+local_domains
   condition = CHECK_1 #\u0442\u0443\u0442 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0434\u0432\u043e\u0439\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 (\u043f\u0435\u0440\u0432\u0430\u044f \u0432 acl_smtp), \u0435\u0441\u043b\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0438\u043c\u0435\u0435\u0442 \u0435\u0449\u0435 \u0438 \u0430\u043b\u044c\u044f\u0441, \u043d\u0438\u0447\u0435\u0433\u043e \u043b\u0443\u0447\u0448\u0435 \u043d\u0435 \u043f\u0440\u0438\u0434\u0443\u043c\u0430\u043b
   forbid_file
   forbid_pipe
   forbid_filter_reply = true
   data = CHECK_DATA #\u043a\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u0430\u0442\u044c \u043f\u0438\u0441\u044c\u043c\u0430
   allow_fail
   allow_defer<\/p>\n
  mailman_router:
   driver = accept
   domains = domain.com
   require_files = MM_LISTCHK #\u0432\u043c\u0435\u0441\u0442\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e \u0444\u0430\u0439\u043b\u0443, \u043c\u043e\u0436\u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u043f\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 aliasType=DL, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440
   local_part_suffix_optional
   local_part_suffix = -admin: \\
   -bounces: -bounces+*: \\
   -confirm: -confirm+*: \\
   -join: -leave: \\
   -owner: -request: \\
   -subscribe: -unsubscribe
   transport = mailman_transport<\/p>\n
  system_aliases:
   driver = redirect
   domains = +local_domains
   errors_to =
   no_verify
   data = ${lookup{$local_part}partial0-dbm{DB_PREFIX\/aliases.db}{$value}fail}
   file_transport = address_file
   pipe_transport = address_pipe
   allow_fail
   allow_defer<\/p>\n
  localuser:
   driver = accept
   domains = +local_domains: +virt_domains
   check_local_user
   transport = dovecot_lda #\u043f\u0435\u0440\u0435\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0435\u043c \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0443 \u043f\u0438\u0441\u044c\u043c\u0430 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a \u043d\u0430 \u043f\u043b\u0435\u0447\u0438 dovecot lda
   cannot_route_message = Unknown account #dovecot \u043e\u0442\u0432\u0435\u0442\u0438\u043b \u043d\u0435\u0442, \u0441\u0434\u0430\u0435\u043c\u0441\u044f
   no_more<\/p>\n
  ###############################################################
  begin transports
  ###############################################################<\/p>\n
  remote_smtp:
   driver = smtp
   helo_data = mail.domain.com
   max_rcpt = 500
   #\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c DKIM
   dkim_domain = domain.com
   dkim_selector = dkim
   dkim_private_key = DB_PREFIX\/dkim.private.key
   dkim_canon = relaxed<\/p>\n
  auto_responder:
   driver = autoreply
   from = "${local_part}@${domain}"
   to = "${sender_address}"
   once = "\/var\/spool\/exim\/autoreply\/${local_part}@${domain}"
   once_repeat = 1d #\u043e\u0442\u0432\u0435\u0447\u0430\u0442\u044c \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044e \u043e\u0434\u0438\u043d \u0440\u0430\u0437 \u0432 \u0434\u0435\u043d\u044c, \u0445\u043e\u0442\u044f \u043c\u043e\u0436\u043d\u043e \u043b\u043e\u0433\u0438\u043a\u0443 \u043f\u0435\u0440\u0435\u043d\u0435\u0441\u0442\u0438 \u0442\u0430\u043a\u0436\u0435 \u0432 LDAP
   headers = \u00abContent-Type: text\/plain; charset=utf-8\\nContent-Transfer-Encoding: 8bit\u00bb
   subject = ${rfc2047:Auto-Reply: $h_subject:}
   text = VACATION #\u043d\u0430\u0448 \u0448\u0430\u0431\u043b\u043e\u043d \u0441 \u0442\u0435\u043a\u0441\u0442\u043e\u043c OoO \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f.
   body_only
   no_return_message<\/p>\n
  #\u0442\u043e\u0442 \u0441\u0430\u043c\u044b\u0439 \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442 \u0434\u043b\u044f dovecot
  dovecot_lda:
   driver = pipe
   command = \/usr\/libexec\/dovecot\/dovecot-lda -f "$sender_address" -d "$local_part@$domain"
   home_directory = \/home\/$local_part
   delivery_date_add
   envelope_to_add
   return_path_add
   log_output
   log_defer_output
   return_fail_output
   freeze_exec_fail
   temp_errors = 64: 69: 70: 71: 72: 73: 74: 75: 78<\/p>\n
  address_pipe:
   driver = pipe
   return_output<\/p>\n
  address_file:
   driver = appendfile
   current_directory = SPOOL
   home_directory = SPOOL
   create_directory
   directory_mode = 0700
   maildir_format
   user = vmail
   group = vmail
   mode = 0600
   no_check_owner
   no_mode_fail_narrower<\/p>\n
  address_reply:
   driver = autoreply<\/p>\n
  maillist_pipe:
   driver = pipe
   group = mail
   return_fail_output
   user = vmail<\/p>\n
  mailman_transport:
   driver = pipe
   command = MM_WRAP \\
   ‘${if def:local_part_suffix \\
   {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} \\
   {post}}’ \\
   $local_part
   current_directory = MM_HOME
   home_directory = MM_HOME
   user = MM_UID
   group = MM_GID<\/p>\n
  #amavis:
   # driver = smtp
   # port = 10024
   # allow_localhost<\/p>\n
  begin retry
   * quota
   * rcpt_4xx senders=: F,1h,10m
   * * F,2h,10m; G,16h,1h,1.5; F,4d,6h<\/p>\n
  #\u0432\u0441\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0440\u0443\u0442\u043e\u0432 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c \u043d\u0430 \u043e\u0434\u0438\u043d \u044f\u0449\u0438\u043a
  begin rewrite
   root@* collector@domain.com Ttbcr<\/p>\n
  # \u0430\u0443\u0442\u0435\u043d\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b SMTP AUTH
  begin authenticators
  plain:
   driver = plaintext
   public_name = PLAIN
   server_prompts =:
   server_condition = "${lookup ldap{user=uid=${quote_ldap_dn:$auth2},ou=people,BASEDN pass=${quote:$auth3} \\
   ldap:\/\/\/ou=people,BASEDN?uid?sub?(&(uid=$auth2)(objectClass=VirtualMailAccount)(accountActive=TRUE))}{yes}fail}"
   server_set_id = $auth2<\/p>\n
  login:
   driver = plaintext
   public_name = LOGIN
   server_prompts = \u00abUsername::: Password::\u00bb
   server_condition = "${lookup ldap{user=uid=${quote_ldap_dn:$auth1},ou=people,BASEDN pass=${quote:$auth2} \\
   ldap:\/\/\/ou=people,BASEDN?uid?sub?(&(uid=$auth1)(objectClass=VirtualMailAccount)(accountActive=TRUE))}{yes}fail}"
   server_set_id = $auth1<\/p><\/div>\n<\/div>\n
  \u041e\u0440\u0443\u0434\u0438\u0435 \u0433\u043b\u0430\u0432\u043d\u043e\u0433\u043e \u043a\u0430\u043b\u0438\u0431\u0440\u0430 Exim \u2014 \u044d\u0442\u043e Access Control Lists.
  \u0421\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0432\u0441\u044f \u0441\u0442\u0430\u0442\u044c\u044f \u0437\u0430\u0442\u0435\u0432\u0430\u043b\u0430\u0441\u044c \u0440\u0430\u0434\u0438 \u043e\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0432 \u0441\u0435\u043a\u0446\u0438\u0438 smtp_rcpt.<\/p>\n
acl_smtp<\/b><\/p>\n
acl_check_connect:
   accept hosts =: +relay_from_hosts: net-dbm;DB_PREFIX\/whitelist_hosts.db
   deny message = $sender_host_address is listed in $dnslist_domain ${if def:dnslist_text {($dnslist_text)}}
   dnslists = sbl.spamhaus.org: xbl.spamhaus.org: bl.spamcop.net
  accept<\/p>\n
  acl_check_dkim:
   warn log_message = DKIM: Sender without DKIM signature
   sender_domains = gmail.com: autodesk.com: paypal.com
   dkim_signers = gmail.com: autodesk.com: paypal.com
   dkim_status = none:invalid:fail
  accept<\/p>\n
  acl_check_helo:
   accept hosts =: +relay_from_hosts<\/p>\n
  #HELO is an open proxy
   deny condition = ${if and {\\
   {isip{$sender_helo_name}}\\
   {eq{$sender_helo_name}{$sender_host_address}}\\
   }}
   message = Open Proxy in HELO\/EHLO (HELO was $sender_helo_name)
   delay = 10s<\/p>\n
  #HELO is my hostname
   deny condition = ${if match{$sender_helo_name}{$primary_hostname}}
   message = Bad HELO \u2014 Host impersonating [$sender_helo_name]<\/p>\n
  #HELO is my address
   deny condition = ${if eq{$interface_address}{$sender_helo_name}}
   message = $interface_address is my address
  accept<\/p>\n
  acl_check_mail:<\/p>\n
  accept hosts =: +relay_from_hosts
   discard senders = dbm;DB_PREFIX\/banned_senders.db: dbm;DB_PREFIX\/scammers.db<\/p>\n
  #HELO required before MAIL
   deny condition = ${if eq{$sender_helo_name}{}}
   message = HELO\/EHLO required before MAIL<\/p>\n
  accept<\/p>\n
  acl_check_rcpt:<\/p>\n
  #stub address
   discard condition = ${if match{$local_part@$domain}{blackhole@domain.com}} #blackhole \u0430\u043a\u043a\u0430\u0443\u043d\u0442<\/p>\n
  deny message = Restricted characters in address
   local_parts = ^[.]: ^.*[@%!\/|]<\/p>\n
  #Reverse DNS check
   warn condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}{yes}{no}}
   !hosts =: +relay_from_hosts: net-dbm;DB_PREFIX\/whitelist_hosts.db
   control = no_pipelining
   delay = 10s #\u0434\u0435\u043b\u0430\u0435\u043c \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0443 \u0432 10 \u0441\u0435\u043a\u0443\u043d\u0434 \u0438\u0437 \u0432\u0440\u0435\u0434\u043d\u043e\u0441\u0442\u0438
   log_message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address<\/p>\n
  # RATELIMIT SECTION<\/p>\n
  #Keep authenticated users under control
   warn authenticated = *
   ratelimit = 100 \/ 5m \/ strict \/ $authenticated_id
   set acl_m100 = ${eval: ${sg{$sender_rate}{[.].*}{}} \u2014 $sender_rate_limit + 10}s
   delay = $acl_m100
   log_message = Ratelimit: Delay $acl_m100 for $authenticated_id. Rate limit $sender_rate \/ $sender_rate_period<\/p>\n
  #Limit local senders, exclude mailing-list agent
   warn condition = ${if !match{$sender_address_local_part}{bounces}}
   hosts =: 127.0.0.1
   ratelimit = 1000 \/ 1h \/ per_rcpt \/ strict \/ $sender_host_address
   set acl_m101 = ${eval: ${sg{$sender_rate}{[.].*}{}} \u2014 $sender_rate_limit}s
   delay = $acl_m101
   log_message = Ratelimit: Delay $acl_m101 for $sender_address ($sender_host_address). Rate $sender_rate \/ limit $sender_rate_limit<\/p>\n
  #Limit fast senders
   hosts = !127.0.0.1: +relay_from_hosts
   ratelimit = 100 \/ 5m \/ per_rcpt \/ strict
   set acl_m102 = ${eval: ${sg{$sender_rate}{[.].*}{}} \u2014 $sender_rate_limit + 5}s
   delay = $acl_m102
   log_message = Ratelimit: Delay $acl_m102 for $sender_address ($sender_host_address). Rate $sender_rate \/ limit $sender_rate_limit<\/p>\n
  #Limit DSNs
   warn condition = ${if and{\\
   {<{$recipients_count}{0}}\\
   {!eq{$sender_address_domain}{domain.com}}\\
   }}
   senders =: postmaster@*: mailer-daemon@*
   delay = 10s
   log_message = Ratelimit: DSN delay 10s for $sender_address ($sender_host_address)<\/p>\n
  # END RATELIMIT SECTION<\/p>\n
  #Predefined acl variables for smtp_data level
   warn set acl_m0 = $sender_address_domain
   warn set acl_m1 = $domain
   warn set acl_m2 = $sender_host_address
   warn set acl_m3 = $sender_address
   warn set acl_m4 = $local_part@$domain<\/p>\n
  #Verify recipient for our domains.
   deny message = Unknown or disabled account
   domains = +virt_domains
   !local_parts = postmaster: *-admin: *-bounces: *-bounces+*: *-confirm: *-confirm+* :\\
   *-join: *-leave: *-owner: *-request: *-subscribe: *-unsubscribe<\/p>\n
  #\u0412\u043e\u0442 \u044d\u0442\u0430 \u0442\u0430 \u0441\u0430\u043c\u0430\u044f \u0441\u0442\u0440\u043e\u0447\u043a\u0430, \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u043e\u0441\u0442\u0438 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432 \u0438 \u0430\u043b\u044c\u044f\u0441\u043e\u0432 \u043d\u0430 \u044d\u0442\u0430\u043f\u0435 check_rcpt, \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0440\u0430\u0441\u0441\u044b\u043b\u043e\u043a.
   !recipients = CHECK_1: CHECK_2<\/p>\n
  accept hosts =: +relay_from_hosts
   control = dkim_disable_verify
   #\u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044f\u043c \u0434\u0430\u043b\u044c\u0448\u0435 \u0434\u0435\u043b\u0430\u0442\u044c \u0447\u0442\u043e \u0443\u0433\u043e\u0434\u043d\u043e
   accept authenticated = *
   control = dkim_disable_verify<\/p>\n
  #\u043a\u043e\u043c\u0443 \u043c\u043e\u0436\u043d\u043e \u0440\u0435\u043b\u0435\u0438\u0442\u044c \u043f\u043e\u0447\u0442\u0443, \u0435\u0441\u043b\u0438 \u043d\u0435\u043b\u044c\u0437\u044f, \u0442\u043e 10 \u0441\u0435\u043a\u0443\u043d\u0434 \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0438 \u0441\u0435\u0441\u0441\u0438\u0438.
   deny message = relay not permitted
   !domains = +local_domains: +virt_domains
   delay = 10s<\/p>\n
  #\u0422\u0443\u0442 \u043c\u044b \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u0435\u043c \u043e\u0442\u0441\u044b\u043b\u0430\u0442\u044c \u043f\u043e\u0447\u0442\u0443 \u0441 \u0447\u0443\u0436\u0438\u0445 \u0445\u043e\u0441\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0430\u0448\u0435 \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0435 \u0438\u043c\u044f, \u043e\u043f\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e
   #Deny non-authorized senders with our own domain prefix
   deny condition = ${if match{$sender_address_domain}{domain.com}}
   !hosts =: +relay_from_hosts: +adobe_hosts: +microsoft_hosts: net-dbm;DB_PREFIX\/whitelist_hosts.db
   message = Sender domain is not allowed here
   log_message = Sender $sender_address is not authenticated<\/p>\n
  #Dictionary attack protection
   #Start
   warn condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
   log_message = Ratelimit: Detected Dictionary Attack (Let $rcpt_fail_count bad recipients though before engaging)
   set acl_m7 = 1<\/p>\n
  warn condition = ${if eq {${acl_m7}}{1}{1}{0}}
   ratelimit = 0 \/ 1h \/ strict \/ per_conn
   log_message = Ratelimit: Increment Connection Ratelimit \u2014 $sender_fullhost because of Dictionary Attack<\/p>\n
  drop condition = ${if eq {${acl_m7}}{1}{1}{0}}
   log_message = Ratelimit: Number of failed recipients exceeded
   #End<\/p>\n
  #\u0437\u0434\u0435\u0441\u044c \u044f \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0430\u043b\u044c\u044f\u0441\u043e\u0432 \u043d\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u0440\u0430\u0437 \u0432 \u0441\u0443\u0442\u043a\u0438 \u043f\u0430\u0440\u0441\u0435\u0440 \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u0442 \u0438\u0437 \u043b\u043e\u0433\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 lastchange \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 "%Y%m%d" \u0434\u043b\u044f \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0430\u043b\u044c\u044f\u0441\u0430. \u041f\u043e\u0442\u043e\u043c \u043f\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u044d\u0442\u043e\u0433\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c, \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043b\u0438 \u0430\u043b\u044c\u044f\u0441\u043e\u043c \u0438\u043b\u0438 \u043d\u0435\u0442.
  \u0422\u043e\u0436\u0435 \u0441\u0430\u043c\u043e\u0435 \u0441\u0434\u0435\u043b\u0430\u043d\u043e \u0434\u043b\u044f \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432, \u043d\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e log_message, \u043a\u0430\u043a \u0434\u043b\u044f \u0430\u043b\u044c\u044f\u0441\u0430, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f.
   #Alias statistic 
   warn
   domains = +virt_domains
   log_message = ALIAS: $local_part@$domain
   recipients = CHECK_1<\/p>\n
  #\u043e\u0442\u0441\u044b\u043b\u0430\u0435\u043c \u043f\u0438\u0441\u044c\u043c\u043e \u0432 \u0433\u0440\u0435\u0439\u043b\u0438\u0441\u0442
   #Greylist section
   defer message = $sender_host_address is not yet authorized to deliver \\
   mail from <$sender_address> to <$local_part@$domain>. Please try later
   log_message = Sender $sender_address greylisted
   domains = +virt_domains
   !sender_domains = partial1()dbm;DB_PREFIX\/whitelist_grey_domains.db
   !authenticated = *
   condition = ${readsocket{\/var\/run\/greylistd\/socket}\\
   {—grey %s $sender_address $local_part@$domain}{5s}{}{false}}<\/p>\n
  accept<\/p>\n
  acl_check_vrfy_expn_etrn:<\/p>\n
  accept hosts = 127.0.0.1<\/p>\n
  deny<\/p>\n
  acl_check_data:<\/p>\n
  #\u041a\u043e\u0433\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c spamassassin\u0443, \u043e\u043f\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e. \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u043f\u043e\u043c\u0435\u0449\u0435\u043d\u0438\u0435\u043c \u0442\u044d\u0433\u0430 SPAM \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a \u043f\u0438\u0441\u044c\u043c\u0430 \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442\u0441\u044f \u0441\u0430\u043c Exim.<\/p>\n
  \u0413\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u044b\u0439 exim.filter \u0442\u043e\u0433\u0434\u0430 \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u0433\u043b\u044f\u0434\u0435\u0442\u044c \u0442\u0430\u043a:<\/p>\n
exim.filter<\/b><\/p>\n
if first_delivery then
  headers remove X-Spam-Score:X-Spam-Report:X-Spam-Checker-Version:X-Spam-Status:X-Spam-Level<\/p>\n
  if "${if def:header_X-New-Subject: {there}}" is there
  then
   headers remove Subject
   headers add \u00abSubject: $rh_X-New-Subject:\u00bb
   headers remove X-New-Subject
  endif<\/p>\n
  endif<\/p><\/div>\n<\/div>\n
  #
  # no antispam check for relay hosts and authenticated users
  # accept hosts =: +relay_from_hosts
  # accept authenticated = *
  #
  # Antispam scan
  # warn
  # condition = ${if and {\\
  # {<{$message_size}{50k}}\\
  ## {!eq{${mask:$acl_m2\/16}}{192.168.0.0\/16}}\\
  # {!eq{$sender_address}{}}\\
  ## {!match_address{$sender_address}{dbm;DB_PREFIX\/whitelist_spam_senders.db}}\\
  # {!match_domain{$acl_m0}{partial1()dbm;DB_PREFIX\/whitelist_grey_domains.db}}\\
  ## {match_domain{$acl_m1}{dbm;DB_PREFIX\/domains_spam.db}}\\
  # }}
  # spam = nobody:true\/defer_ok
  # set acl_m6 = $spam_score_int<\/p>\n
  # add new subj for global exim filter
  # message = X-New-Subject: SPAM[$spam_score_int\/80]: $rh_subject:
  # condition = ${if and {\\
  # {def:spam_score_int}\\
  # {>{$spam_score_int}{80}}\\
  # }}<\/p>\n
  accept  <\/div>\n<\/div>\n
  \u0412\u043e\u0442, \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0438 \u0432\u0441\u0435.<\/p>\n
  \u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c Exim, \u043e\u0442\u0441\u044b\u043b\u0430\u0435\u043c \u043f\u0438\u0441\u044c\u043c\u043e ipupkin\u0443, \u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043b\u043e\u0433\u0438\u2026             <\/p>\n
<\/div>\n
 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438  http:\/\/habrahabr.ru\/post\/262101\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
             \u0412 \u044d\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u0430\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Exim, Dovecot \u0438 OpenLDAP \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043c\u043e\u0435\u0433\u043e \u043e\u043f\u044b\u0442\u0430 \u0441 \u044d\u0442\u0438\u043c\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438. \u0411\u044b\u0442\u044c \u043c\u043e\u0436\u0435\u0442, \u043a\u0442\u043e-\u0442\u043e \u043d\u0430\u0439\u0434\u0435\u0442 \u0434\u043b\u044f \u0441\u0435\u0431\u044f \u0447\u0442\u043e-\u043b\u0438\u0431\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0438 \u043d\u043e\u0432\u043e\u0435 \u2014 \u0432 \u044d\u0442\u043e\u043c \u0438 \u0431\u044b\u043b\u0430 \u0446\u0435\u043b\u044c \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0433\u043e howto \u043d\u0430 \u0434\u0430\u043d\u043d\u0443\u044e \u0442\u0435\u043c\u0443.<\/p>\n
  \u041f\u043e\u0447\u0435\u043c\u0443 Exim \u0438 OpenLDAP, \u0430 \u043d\u0435 Postfix \u0438 MySQL, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440? Postfix \u043e\u0442\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u00ab\u0438\u0437 \u043a\u043e\u0440\u043e\u0431\u043a\u0438\u00bb, \u043d\u043e \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u043e \u0447\u0442\u043e-\u0442\u043e \u043d\u0435\u043e\u0440\u0434\u0438\u043d\u0430\u0440\u043d\u043e\u0435, \u0442\u043e \u043e\u0447\u0435\u043d\u044c \u0441\u043a\u043e\u0440\u043e Postfix \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u043f\u043e\u0432\u043e\u0440\u043e\u0442\u043b\u0438\u0432\u043e\u0433\u043e \u043c\u043e\u043d\u0441\u0442\u0440\u0430, \u043e\u0431\u0432\u0435\u0448\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u043b-\u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438, Exim \u0436\u0435 \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0447\u0443\u0434\u043e\u0432\u0438\u0449\u043d\u044b\u043c \u043f\u043e \u0441\u0438\u043b\u0435 \u043c\u0435\u0442\u0430-\u044f\u0437\u044b\u043a\u043e\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438\u0441\u044c \u0431\u0435\u0437 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0438 \u043a\u043e\u0441\u0442\u044b\u043b\u0435\u0439. MySQL \u044f \u043f\u043e\u0441\u0447\u0438\u0442\u0430\u043b \u0438\u0437\u0431\u044b\u0442\u043e\u0447\u043d\u044b\u043c \u0434\u043b\u044f \u043c\u043e\u0438\u0445 \u0437\u0430\u0434\u0430\u0447 \u0438 \u0437\u0430\u043c\u0435\u043d\u0438\u043b \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c OpenLDAP, \u0442\u0435\u043c \u0431\u043e\u043b\u0435\u0435 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f LDAP. Dovecot \u043e\u0447\u0435\u043d\u044c \u0448\u0443\u0441\u0442\u0440\u044b\u0439 \u0438 \u043b\u0435\u0433\u043a\u0438\u0439 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043f\u043b\u044e\u0441 \u043e\u0442\u043b\u0438\u0447\u043d\u043e \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0441 Exim, \u0442\u0430\u043a \u0438 \u0441 OpenLDAP.  <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-260977","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/260977","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=260977"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/260977\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=260977"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=260977"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=260977"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}