Difference between revisions of "Dovecot (2.1)"
Jump to navigation
Jump to search
(Created page with "Dovecot seems to be a natural fit for Postfix. As complex as these configurations look, building up to them was easy. == /etc/dovecot.conf == * listen = 198.51.100.187, 2001...") |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Dovecot seems to be a natural fit for Postfix. As complex as these configurations look, building up to them was | + | __TOC__ |
+ | Dovecot seems to be a natural fit for Postfix. As complex as these configurations look, building up to them was a relatively painless process. | ||
+ | |||
+ | Except for quotas. Save yourself the pain unless you really need them. | ||
== /etc/dovecot.conf == | == /etc/dovecot.conf == | ||
Line 25: | Line 28: | ||
− | + | == /etc/dovecot/conf.d/auth-sql.conf.ext == | |
# Authentication for SQL users. Included from auth.conf. | # Authentication for SQL users. Included from auth.conf. | ||
Line 147: | Line 150: | ||
} | } | ||
+ | == /etc/dovecot/conf.d/10-ssl.conf == | ||
+ | |||
+ | SSL is teh future. | ||
+ | |||
+ | ssl = required | ||
+ | ssl_cert = </etc/maincert/example.crt | ||
+ | ssl_key = </etc/maincert/example.key | ||
+ | |||
+ | You can block older protocols and bad ciphers, as well - the format is standard for OpenSSL just as nginx is. Set them accordingly. | ||
+ | |||
+ | == /etc/dovecot/conf.d/15-lda.conf == | ||
+ | |||
+ | * Set your postmaster address, naturally. | ||
+ | # Again, make sure you are consistent with setting this everywhere else. | ||
+ | recipient_delimiter = _ | ||
+ | # Should saving a mail to a nonexistent mailbox automatically create it? | ||
+ | lda_mailbox_autocreate = yes | ||
+ | # Should automatically created mailboxes be also automatically subscribed? | ||
+ | lda_mailbox_autosubscribe = yes | ||
− | = | + | protocol lda { |
+ | # Space separated list of plugins to load (default is global mail_plugins). | ||
+ | mail_plugins = sieve | ||
+ | } | ||
+ | == /etc/dovecot/conf.d/15-mailboxes == | ||
− | + | Uncomment and autosubscribe the basics: | |
+ | mailbox Archive { | ||
+ | auto = subscribe | ||
+ | special_use = \Archive | ||
+ | } | ||
+ | mailbox Drafts { | ||
+ | auto = subscribe | ||
+ | special_use = \Drafts | ||
+ | } | ||
+ | mailbox Junk { | ||
+ | auto = subscribe | ||
+ | special_use = \Junk | ||
+ | } | ||
+ | mailbox Sent { | ||
+ | auto = subscribe | ||
+ | special_use = \Sent | ||
+ | } | ||
+ | mailbox Trash { | ||
+ | auto = subscribe | ||
+ | special_use = \Trash | ||
+ | } | ||
− | == /etc/dovecot/conf.d/ | + | == /etc/dovecot/conf.d/90-sieve.conf == |
+ | We're not using this for a whole lot, really. This and the following file automagically move stuff that Spamassassin thinks are spam into the junk folder. | ||
+ | |||
+ | * sieve_before = /var/vmail/presieve | ||
+ | ** Make sure to create the directory. | ||
+ | * recipient_delimiter = _ | ||
+ | ** In the event that we use sieve for more, we don't want to mess this up. | ||
== /var/vmail/presieve/spamtojunk.sieve == | == /var/vmail/presieve/spamtojunk.sieve == | ||
Line 171: | Line 223: | ||
* Ensure is owned by vmail user:group, chmod 640 | * Ensure is owned by vmail user:group, chmod 640 | ||
* sievec spamtojunk.sieve | * sievec spamtojunk.sieve | ||
+ | |||
+ | And enjoy! | ||
+ | |||
+ | {{Bottom_Wheezy}} |
Latest revision as of 17:29, 12 May 2014
Dovecot seems to be a natural fit for Postfix. As complex as these configurations look, building up to them was a relatively painless process.
Except for quotas. Save yourself the pain unless you really need them.
/etc/dovecot.conf
- listen = 198.51.100.187, 2001:db8::4
- Set this to your ips, obviously.
- login_greeting = Dovecot ready (or whatever greeting you feel like)
/etc/dovecot/dovecot-sql.conf
Editing guidelines:
- driver = mysql
- connect = host=/var/run/mysqld/mysqld.sock dbname=mail user=vmreader password=yourpasshere
- default_pass_scheme = SSHA256
- Or choose whatever
- user_query = SELECT CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',u.username) AS home, 999 AS uid, 999 AS gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- Obviously set the home directory appropriately.
- password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- Note the md5 hash splitting - you can add further subtrees:
- password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',substring(md5(u.username),3,2),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- or additional characters:
- password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,3),'/',substring(md5(u.username),4,3),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- But when you clearly don't need it, too many subtrees is more of a nuisance than a feature.
- Note the md5 hash splitting - you can add further subtrees:
/etc/dovecot/conf.d/auth-sql.conf.ext
# Authentication for SQL users. Included from auth.conf. # # <doc/wiki/AuthDatabase.SQL.txt>
passdb { driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext args = /etc/dovecot/dovecot-sql.conf }
# "prefetch" user database means that the passdb already provided the # needed information and there's no need to do a separate userdb lookup. # <doc/wiki/UserDatabase.Prefetch.txt> userdb { driver = prefetch }
# for the LDA userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
/etc/dovecot/conf.d/10-auth.conf
- disable_plaintext_auth = yes
- auth_username_format = %Lu
- auth_mechanisms = plain login
- Comment out system include, uncomment sql include
/etc/dovecot/conf.d/10-logging.conf
## ## Log destination. ##
# Log file to use for error messages. "syslog" logs to syslog, # /dev/stderr logs to stderr. log_path = syslog
# Log file to use for informational messages. Defaults to log_path. #info_log_path = # Log file to use for debug messages. Defaults to info_log_path. #debug_log_path =
# Syslog facility to use if you're logging to syslog. Usually if you don't # want to use "mail", you'll use local0..local7. Also other standard # facilities are supported. # Trying to figure out mailing issues with dovecot cluttering the logs is annoying. # Get it out of there. syslog_facility = local2
## ## Logging verbosity and debugging. ##
# Log unsuccessful authentication attempts and the reasons why they failed. auth_verbose = yes
# In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. # auth_verbose_passwords = no
# Even more verbose logging for debugging purposes. Shows for example SQL # queries. auth_debug = yes
# In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. #auth_debug_passwords = no
# Enable mail process debugging. This can help you figure out why Dovecot # isn't finding your mails. mail_debug = yes
# Show protocol level SSL errors. verbose_ssl = yes
/etc/dovecot/conf.d/10-mail.conf
Nine nine nine nine...
- mail_location = maildir:/var/vmail/%d/%2Mn/%n/Maildir
- maildir_broken_filename_sizes = yes
- mail_privileged_group = vmail
- valid_chroot_dirs = /var/vmail
- mail_uid = 999
- mail_gid = 999
- first_valid_uid = 999
- last_valid_uid = 999
- first_valid_gid = 999
- last_valid_gid = 999
/etc/dovecot/conf.d/10-master.conf
Only planning to listen on IMAP over ssl, so:
service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 2 }
/etc/dovecot/conf.d/10-ssl.conf
SSL is teh future.
ssl = required ssl_cert = </etc/maincert/example.crt ssl_key = </etc/maincert/example.key
You can block older protocols and bad ciphers, as well - the format is standard for OpenSSL just as nginx is. Set them accordingly.
/etc/dovecot/conf.d/15-lda.conf
- Set your postmaster address, naturally.
# Again, make sure you are consistent with setting this everywhere else. recipient_delimiter = _
# Should saving a mail to a nonexistent mailbox automatically create it? lda_mailbox_autocreate = yes
# Should automatically created mailboxes be also automatically subscribed? lda_mailbox_autosubscribe = yes
protocol lda { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = sieve }
/etc/dovecot/conf.d/15-mailboxes
Uncomment and autosubscribe the basics:
mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash }
/etc/dovecot/conf.d/90-sieve.conf
We're not using this for a whole lot, really. This and the following file automagically move stuff that Spamassassin thinks are spam into the junk folder.
- sieve_before = /var/vmail/presieve
- Make sure to create the directory.
- recipient_delimiter = _
- In the event that we use sieve for more, we don't want to mess this up.
/var/vmail/presieve/spamtojunk.sieve
require ["fileinto"]; # Move spam to Junk folder if header :contains "X-Spam-Flag" ["YES"] { fileinto "Junk"; stop; }
- Ensure is owned by vmail user:group, chmod 640
- sievec spamtojunk.sieve
And enjoy!