Dovecot (2.1)
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Dovecot seems to be a natural fit for Postfix. As complex as these configurations look, building up to them was a relatively painless process.
Except for quotas. Save yourself the pain unless you really need them.
/etc/dovecot.conf
- listen = 198.51.100.187, 2001:db8::4
- Set this to your ips, obviously.
- login_greeting = Dovecot ready (or whatever greeting you feel like)
/etc/dovecot/dovecot-sql.conf
Editing guidelines:
- driver = mysql
- connect = host=/var/run/mysqld/mysqld.sock dbname=mail user=vmreader password=yourpasshere
- default_pass_scheme = SSHA256
- Or choose whatever
- user_query = SELECT CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',u.username) AS home, 999 AS uid, 999 AS gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- Obviously set the home directory appropriately.
- password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- Note the md5 hash splitting - you can add further subtrees:
- password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,2),'/',substring(md5(u.username),3,2),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- or additional characters:
- password_query = SELECT CONCAT(u.username,'@',d.domain_name) AS user, u.mailpass AS password, CONCAT('/var/vmail/',d.domain_name,'/',substring(md5(u.username),1,3),'/',substring(md5(u.username),4,3),'/',u.username) AS userdb_home, 999 AS userdb_uid, 999 AS userdb_gid FROM mail_users AS u, mail_domains AS d WHERE u.isactive AND u.ID_DOMAIN=d.ID_DOMAIN AND d.domain_name='%d' AND u.username='%n'
- But when you clearly don't need it, too many subtrees is more of a nuisance than a feature.
- Note the md5 hash splitting - you can add further subtrees:
/etc/dovecot/conf.d/auth-sql.conf.ext
# Authentication for SQL users. Included from auth.conf. # # <doc/wiki/AuthDatabase.SQL.txt>
passdb { driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext args = /etc/dovecot/dovecot-sql.conf }
# "prefetch" user database means that the passdb already provided the # needed information and there's no need to do a separate userdb lookup. # <doc/wiki/UserDatabase.Prefetch.txt> userdb { driver = prefetch }
# for the LDA userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
/etc/dovecot/conf.d/10-auth.conf
- disable_plaintext_auth = yes
- auth_username_format = %Lu
- auth_mechanisms = plain login
- Comment out system include, uncomment sql include
/etc/dovecot/conf.d/10-logging.conf
## ## Log destination. ##
# Log file to use for error messages. "syslog" logs to syslog, # /dev/stderr logs to stderr. log_path = syslog
# Log file to use for informational messages. Defaults to log_path. #info_log_path = # Log file to use for debug messages. Defaults to info_log_path. #debug_log_path =
# Syslog facility to use if you're logging to syslog. Usually if you don't # want to use "mail", you'll use local0..local7. Also other standard # facilities are supported. # Trying to figure out mailing issues with dovecot cluttering the logs is annoying. # Get it out of there. syslog_facility = local2
## ## Logging verbosity and debugging. ##
# Log unsuccessful authentication attempts and the reasons why they failed. auth_verbose = yes
# In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. # auth_verbose_passwords = no
# Even more verbose logging for debugging purposes. Shows for example SQL # queries. auth_debug = yes
# In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. #auth_debug_passwords = no
# Enable mail process debugging. This can help you figure out why Dovecot # isn't finding your mails. mail_debug = yes
# Show protocol level SSL errors. verbose_ssl = yes
/etc/dovecot/conf.d/10-mail.conf
Nine nine nine nine...
- mail_location = maildir:/var/vmail/%d/%2Mn/%n/Maildir
- maildir_broken_filename_sizes = yes
- mail_privileged_group = vmail
- valid_chroot_dirs = /var/vmail
- mail_uid = 999
- mail_gid = 999
- first_valid_uid = 999
- last_valid_uid = 999
- first_valid_gid = 999
- last_valid_gid = 999
/etc/dovecot/conf.d/10-master.conf
Only planning to listen on IMAP over ssl, so:
service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 2 }
/etc/dovecot/conf.d/10-ssl.conf
SSL is teh future.
ssl = required ssl_cert = </etc/maincert/example.crt ssl_key = </etc/maincert/example.key
You can block older protocols and bad ciphers, as well - the format is standard for OpenSSL just as nginx is. Set them accordingly.
/etc/dovecot/conf.d/15-lda.conf
- Set your postmaster address, naturally.
# Again, make sure you are consistent with setting this everywhere else. recipient_delimiter = _
# Should saving a mail to a nonexistent mailbox automatically create it? lda_mailbox_autocreate = yes
# Should automatically created mailboxes be also automatically subscribed? lda_mailbox_autosubscribe = yes
protocol lda { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = sieve }
/etc/dovecot/conf.d/15-mailboxes
Uncomment and autosubscribe the basics:
mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash }
/etc/dovecot/conf.d/90-sieve.conf
We're not using this for a whole lot, really. This and the following file automagically move stuff that Spamassassin thinks are spam into the junk folder.
- sieve_before = /var/vmail/presieve
- Make sure to create the directory.
- recipient_delimiter = _
- In the event that we use sieve for more, we don't want to mess this up.
/var/vmail/presieve/spamtojunk.sieve
require ["fileinto"]; # Move spam to Junk folder if header :contains "X-Spam-Flag" ["YES"] { fileinto "Junk"; stop; }
- Ensure is owned by vmail user:group, chmod 640
- sievec spamtojunk.sieve
And enjoy!