Scribd
Upload
38 views6 pages

DOVECOT

Uploaded by

informatica
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
38 views6 pages

DOVECOT

Uploaded by

informatica
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

#

# Dovecot configuration for Postfix Admin


# Originally written by: Massimo <AndyCapp> Danieli
# Revised by: Sampsa Hario <shario> for Dovecot v1.0
# Revised by: David Goodwin <[email protected]> for Dovecot 2.1.x
(2014/01/02)
#

More complete Dovecot documentation:

http://wiki.dovecot.org/Quota
http://wiki.dovecot.org/Quota/Dict
http://www.opensourcehowto.org/how-to/mysql/mysql-users-postfixadmin-postfix-
dovecot--squirrelmail-with-userprefs-stored-in-mysql.html

Here are the relevant parts of Dovecot v2.1.x configuration for Postfixadmin setup.

Please refer to Dovecot documentation for complete information.

The setup gets userdb and passdb info from MySQL as well as quotas, and
uses dict backend to store used quotas as key=value pairs so that they can
be viewed real-time in Postfixadmin.

1. Dovecot setup
-----------------

A basic /etc/dovecot/dovecot.conf is as follows, this was generated using 'dovecot


-n' on a vanilla install and then
changing to talk to a PostgreSQL or MySQL database.

# BEGIN /etc/dovecot/dovecot.conf:
# Change this to where your mail root is, this needs to match whatever structure
postfix expects....
# See also: https://wiki.dovecot.org/MailLocation - %d domain, %u full username, %n
user part (%u with no domain)
mail_location = maildir:/var/mail/vmail/%u/

namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
protocols = "imap pop3"
# change to 'no' if you don't have ssl cert/keys, and comment out ssl_cert/ssl_key
ssl = yes

# If you're using LetsEncrypt/certbot see e.g.


/etc/letsencrypt/live/MyDomain/fullchain.pem.
#
# cat server.crt server.key > dovecot.pem
#
# Make sure dovecot can read these file(s)
#
# If you use doveadm for your PostfixAdmin hashing, the webserver will also need
read access to these files
# See also : https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/
HASHING.md#dovecotmethod

ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem

# login is for outlook express smtpd auth


auth_mechanisms = plain login

# If you're having trouble, try uncommenting these:


#auth_debug = yes
#auth_debug_passwords = yes

userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}

passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}

# Uncomment this if you want Postfix to be able to do smtpd auth through dovecot
# At a minimum Postfix probably needs smtpd_sasl_type = dovecot
# And additionally: smtpd_sasl_path = private/auth
#service auth {
# unix_listener /var/spool/postfix/private/auth {
# mode = 0660
# user = postfix
# group = postfix
# }
#}

# Needs to match Postfix virtual_uid_maps


first_valid_uid = 1001

# allow plaintext auth (change to 'yes' to block plaintext passwords)


disable_plaintext_auth = no

#END

2. Dovecot *sql setup


----------------------
Below you'll find the relevant part of dovecot-sql.conf file regarding our
setup.

Things you will probably need to change are db connection settings (connect=)
and the default_pass_scheme.

#BEGIN /etc/dovecot/dovecot-sql.conf

connect = host=localhost dbname=postfix user=postfix password=postfix


# Use either
driver = mysql
# Or
# driver = pgsql

# Default password scheme - change to match your Postfixadmin setting.


# depends on your $CONF['encrypt'] setting:
# md5crypt -> MD5-CRYPT
# md5 -> PLAIN-MD5
# cleartext -> PLAIN
default_pass_scheme = MD5-CRYPT

# Query to retrieve password. user can be used to retrieve username in other


# formats also.

password_query = SELECT username AS user,password FROM mailbox WHERE username =


'%u' AND active='1'

# Query to retrieve user information, note uid matches dovecot.conf AND Postfix
virtual_uid_maps parameter.
# MYSQL:
user_query = SELECT CONCAT('/var/mail/vmail/', maildir) AS home, 1001 AS uid, 1001
AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u'
AND active='1'
# PostgreSQL:
# user_query = SELECT '/var/mail/vmail/' || maildir AS home, 1001 AS uid, 1001 AS
gid,
# '*:bytes=' || quota AS quota_rule FROM mailbox WHERE username = '%u' AND active
= '1'

# see: https://doc.dovecot.org/configuration_manual/authentication/sql/#id6
iterate_query = SELECT username as user FROM mailbox WHERE active = '1'

#END /etc/dovecot/dovecot-sql.conf

If you make use of the separate smtp_active flag in the mailbox table of
postfixadmin by
enabling the configuration parameter $CONF['smtp_active_flag'] = YES in
postfixadmin configuration
and you're using dovecot sasl with postfix, the dovecot queries can be updated to
use the different flag for smtp:

password_query = SELECT username AS user,password FROM mailbox WHERE username =


'%u' AND (('%s' = 'smtp' AND smtp_active = '1') OR ('%s' <> 'smtp' AND active =
'1'))
user_query = SELECT CONCAT('/var/mail/vmail/', maildir) AS home, 1001 AS uid, 1001
AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u'
AND (('%s' = 'smtp' AND smtp_active = '1') OR ('%s' <> 'smtp' AND active = '1'))
3. Permissions
--------------

Applicable to those older versions of Postfixadmin (before v 3.4) (see also


https://github.com/postfixadmin/postfixadmin/pull/491)

With Dovecot 2.3.11 (ish?), if you are using the Postfixadmin dovecot password
hashing backend - so your Postfixadmin configuration looks like

`$CONF['encrypt'] = 'dovecot:something';`

then the system user account running the PostfixAdmin code (normally the webserver
user
account, like www-data or http or nobody) will need ...

* read access to any SSL certificate files defined in /etc/dovecot/dovecot.conf


(check: ssl_key, ssl_cert)

* read/write access to /run/dovecot/stats-writer


* Fixable with: `usermod -aG dovecot www-data``

Please note, Postfixadmin does not need to run on the same server as the Dovecot
server.

See also the following tickets which contain discussions and solutions :

* https://github.com/postfixadmin/postfixadmin/issues/381 (Unable to login after


Dovecot upgrade)
* https://github.com/postfixadmin/postfixadmin/issues/398 (Dovecotpw needs to read
my TLS cert and private key)

4. Dovecot v1.0 quota support (optional)


----------------------------------------

Please note that you need to use Dovecot's own local delivery agent to
enforce and update quotas. Then you can view real-time used quotas in
Postfixadmin.

Add to dovecot.conf:

## IMAP quota
protocol imap {
mail_plugins = quota
}

## POP quota
protocol pop3 {
mail_plugins = quota
}

## Local Delivery Agent


protocol lda {
mail_plugins = quota
}

## Dictionary DB proxy
dict {
quota = mysql:/etc/dovecot-dict-quota.conf
}

## Default quota values


plugin {
quota = dict:storage=200000 proxy::quota
}

Change dovecot-sql.conf to return quota values:

for MySQL:
user_query = SELECT maildir, 1001 AS uid, 1001 AS gid,
CONCAT('dict:storage=',floor(quota/1000),' ::proxy::quota') as quota FROM mailbox
WHERE username = '%u' AND active='1'

for PostgreSQL:
user_query = SELECT maildir, 1001 AS uid, 1001 AS gid, 'dict:storage=' ||
floor(quota/1000) || '::proxy::quota' as quota FROM mailbox WHERE username = '%u'
AND active='1'

Create file dovecot-dict-quota.conf.

For dovecot 1.0 & 1.1, use this as a template:

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5-CRYPT
table = quota
select_field = current
where_field = path
username_field = username

If you use dovecot 1.2 or newer, use this:

connect = host=localhost dbname=postfix user=postfix password=postfix


map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}

Create database in Mysql:


(This is automatically done by postfixadmin's setup.php)

Enable quota support in Postfixadmin config.inc.php:

$CONF['used_quotas'] = 'YES';
$CONF['quota'] = 'YES';

Note: The above text describes the configuration for dovecot 1.0 & 1.1 quota table
format.

If you use dovecot 1.2 or newer,


- use the 'quota2' table (also created by setup.php)
- set $CONF['new_quota_table'] = 'YES'

5. Dovecot Allowed IPs and App Password support (optional)


----------------------------------------------------------

To enhance end user security, Postfixadmin supports a set of features that


need implementation in the Dovecot login SQL queries.

The following features are available:

* Restrict login to a list of allowed remote IP addresses.


* Allow login with app passwords.

You might also like