==== install ====
<code>
net-libs/courier-authlib ldap
net-mail/courier-imap fam gdbm
dev-libs/cyrus-sasl authdaemond openldap ssl urandom
mail-mta/postfix ldap sasl ssl eai lmdb
</code>
==== set in /etc/postfix/main.cf ====
<code>
myhostname = post.lionsoft.org
mydomain = lionsoft.org
mynetworks_style = host

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = lionsoft.org,forgottenroots.de,mightymice.org,metzmachers.de,watzhahn.de,post.lionsoft.org
virtual_mailbox_maps = ldap:/etc/postfix/ldap_mailbox_maps.cf
virtual_alias_maps = ldap:/etc/postfix/ldap_alias_maps.cf

smtp_tls_security_level = may
tls_random_source = dev:/dev/urandom
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/postfix/cert-20160309-074522.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/key-20160309-074522.pem
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
</code>

==== set in /etc/postfix/ldap_mailbox_maps.cf ====
<code>
server_host = ldap://127.0.0.1/
search_base = ou=mailuser,dc=lionsoft,dc=org
version = 3
bind = yes
bind_dn = cn=mailadmin,dc=lionsoft,dc=org
bind_pw = test1234
query_filter = (&(objectclass=inetOrgPerson)(uid=%s))
result_attribute = mail
debug_level = 0
</code>

==== set in /etc/postfix/ldap_alias_maps.cf ====
<code>
server_host = ldap://127.0.0.1/
search_base = ou=mailvirtual,dc=lionsoft,dc=org
version = 3
bind = yes
bind_dn = cn=mailadmin,dc=lionsoft,dc=org
bind_pw = test1234
query_filter = (&(objectclass=inetOrgPerson)(cn=%s))
result_attribute = mail
debug_level = 0
</code>

==== set in /etc/sasl2/smtpd.conf ====
<code>
pwcheck_method:authdaemond
mech_list: PLAIN LOGIN
log_level: 0
authdaemond_path: /var/lib/courier/authdaemon/socket
</code>

==== set in /etc/conf.d/saslauthd ====
<code>
SASLAUTHD_OPTS="-a rimap -O localhost"
</code>


==== set in /etc/courier/authlib/authdaemonrc ====
<code>
authmodulelist="authldap"
</code>

==== set in /etc/courier/authlib/authldaprc ====
<code>
LDAP_URI		ldap://127.0.0.1/
LDAP_BASEDN		ou=mailuser,dc=lionsoft,dc=org
LDAP_BINDDN		cn=mailadmin,dc=lionsoft,dc=org
LDAP_BINDPW		test1234
LDAP_MAIL		uid
LDAP_GLOB_UID		vmail
LDAP_GLOB_GID		vmail
LDAP_MAILDIR		mail
#LDAP_CLEARPW		clearPassword

</code>


==== test postfix for tls ====
<code>
% telnet lionsoft.org 25
Connected to lionsoft.org.
Escape character is '^]'.
220 post.lionsoft.org ESMTP Postfix

% EHLO post.lionsof.org
250-post.lionsoft.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
</code>
STARTTLS needs to be there!


==== test postfix with tls ====
<code>
% perl -MMIME::Base64 -e 'print encode_base64("\000jms1\@jms1.net\000not.my.real.password")'
AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=

% openssl s_client -starttls smtp -crlf -ign_eof -connect lionsoft.org:25
...
% EHLO post.lionsoft.org
250-post.lionsoft.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8

AUTH has to be there!

% AUTH PLAIN AGNvdG9uQGxpb25zb2Z0Lm9yZwB0ZXN0MTIzNA==
235 2.7.0 Authentication successful
mail from:wurst@brot.de
250 2.1.0 Ok
rcpt to:test@lionsoft.org
250 2.1.5 Ok
data
...
.

QUIT
</code>