Difference between revisions of "Dovecot (2.1)"

Revision as of 22:19, 6 May 2014

Dovecot seems to be a natural fit for Postfix. As complex as these configurations look, building up to them was easy.

/etc/dovecot.conf

listen = 198.51.100.187, 2001:db8::4
- Set this to your ips, obviously.
login_greeting = Dovecot ready (or whatever greeting you feel like)

/etc/dovecot/dovecot-sql.conf

Editing guidelines:

driver = mysql
connect = host=/var/run/mysqld/mysqld.sock dbname=mail user=vmreader password=yourpasshere
default_pass_scheme = SSHA256
- Or choose whatever
user_query = SELECT CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',u.username) AS home, 999 AS uid, 999 AS gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- Obviously set the home directory appropriately.
password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- Note the md5 hash splitting - you can add further subtrees:
  - password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',substring(md5(u.username),3,2),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
  - or additional characters:
  - password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,3),'/',substring(md5(u.username),4,3),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- But when you clearly don't need it, too many subtrees is more of a nuisance than a feature.

/etc/dovecot/conf.d/auth-sql.conf.ext

# Authentication for SQL users. Included from auth.conf.
#
# <doc/wiki/AuthDatabase.SQL.txt>

passdb {
  driver = sql

  # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
  args = /etc/dovecot/dovecot-sql.conf
}

# "prefetch" user database means that the passdb already provided the
# needed information and there's no need to do a separate userdb lookup.
# <doc/wiki/UserDatabase.Prefetch.txt>
userdb {
  driver = prefetch
}

# for the LDA
userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}

/etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = yes
auth_username_format = %Lu
auth_mechanisms = plain login
Comment out system include, uncomment sql include

/etc/dovecot/conf.d/10-logging.conf

##
## Log destination.
##

# Log file to use for error messages. "syslog" logs to syslog,
# /dev/stderr logs to stderr.
log_path = syslog

# Log file to use for informational messages. Defaults to log_path.
#info_log_path =
# Log file to use for debug messages. Defaults to info_log_path.
#debug_log_path =

# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard
# facilities are supported.
# Trying to figure out mailing issues with dovecot cluttering the logs is annoying.
# Get it out of there.
syslog_facility = local2

##
## Logging verbosity and debugging.
##

# Log unsuccessful authentication attempts and the reasons why they failed.
auth_verbose = yes

# In case of password mismatches, log the attempted password. Valid values are
# no, plain and sha1. sha1 can be useful for detecting brute force password
# attempts vs. user simply trying the same password over and over again.
# auth_verbose_passwords = no

# Even more verbose logging for debugging purposes. Shows for example SQL
# queries.
auth_debug = yes

# In case of password mismatches, log the passwords and used scheme so the
# problem can be debugged. Enabling this also enables auth_debug.
#auth_debug_passwords = no

# Enable mail process debugging. This can help you figure out why Dovecot
# isn't finding your mails.
mail_debug = yes

# Show protocol level SSL errors.
verbose_ssl = yes

/etc/dovecot/conf.d/10-mail.conf

Nine nine nine nine...

mail_location = maildir:/var/vmail/%d/%2Mn/%n/Maildir
maildir_broken_filename_sizes = yes
mail_privileged_group = vmail
valid_chroot_dirs = /var/vmail

mail_uid = 999
mail_gid = 999

first_valid_uid = 999
last_valid_uid = 999

first_valid_gid = 999
last_valid_gid = 999

/etc/dovecot/conf.d/10-master.conf

Only planning to listen on IMAP over ssl, so:

service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
  process_min_avail = 2
}

== /etc/dovecot/conf.d/

/var/vmail/presieve/spamtojunk.sieve

require ["fileinto"];
# Move spam to Junk folder
if header :contains "X-Spam-Flag" ["YES"] {
  fileinto "Junk";
  stop;
}

Ensure is owned by vmail user:group, chmod 640
sievec spamtojunk.sieve

Revision as of 22:19, 6 May 2014 (view source) Vekseid (talk \| contribs) (Created page with "Dovecot seems to be a natural fit for Postfix. As complex as these configurations look, building up to them was easy. == /etc/dovecot.conf == * listen = 198.51.100.187, 2001...")		Revision as of 22:19, 6 May 2014 (view source) Vekseid (talk \| contribs) Newer edit →
Line 25:		Line 25:


−	=== /etc/dovecot/conf.d/auth-sql.conf.ext ===	+	== /etc/dovecot/conf.d/auth-sql.conf.ext ==

	# Authentication for SQL users. Included from auth.conf.		# Authentication for SQL users. Included from auth.conf.