This is a little tutorial for setting up Postfix with dovecot authentication and LDA. With dovecot LDA you can use sieve scripts for mail filter and vacation messages.
Postfix Configuration:
First create vmail user for virtual delivery:
# useradd vmail # id vmail uid=1002(vmail) gid=1003(vmail) grupos=1003(vmail)
We are going to deliver mails for user@domain.com to /var/mail/domain.com/user
For virtual transport we set dovecot. virtual_mailbox_domains are domains that we host in this server and virtual_mailbox_maps is a table to look for valid mailboxes in the server.
main.cf
# delivery virtual_mailbox_domains = domain1.com, domain2.com virtual_transport = dovecot dovecot_destination_recipient_limit = 1 mail_spool_directory = /var/mail virtual_mailbox_base = /var/mail mailbox_size_limit = 0 recipient_delimiter = + virtual_minimum_uid = 100 virtual_alias_maps = hash:/etc/postfix/virtual_alias virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox
/etc/postfix/virtual_alias
postmaster@domain1.com postmaster@otherdomain.com postmaster@domain2.com postmaster@otherdomain.com
Rebuild table with:
# postmap /etc/postfix/virtual_alias
/etc/postfix/virtual_mailbox
This fiile is only listing mailboxes that are going to accept for local delivery.
user1@domain1.com OK user2@domain1.com OK user1@domain2.com OK user3@domain2.com OK
Rebuild table with:
# postmap /etc/postfix/virtual_mailbox
master.cf
In postfix master.cf file we set for submission service dovecot authentication. In this way only authenticated users are allowed to relay mails to external domains.
In the last line we configure dovecot for local delivery agent.
submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination [...] dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
Dovecot configuration:
/etc/dovecot/vusers.conf
We use this file for authentication as a users database. You can use too a mysql db or ldap for this, but the simplest way is to use a plain file for storing users an its passwords.
info@domain1.com:{SHA256}gSGn1f3fg0lTRDezXhC7uJqp3XapE8uT7W42PKDDLyY= admin@domain2.com:{SHA256}PtkqLjF6lRo3h6WAQOVbuZQ/2d7hupW5BCv0Vx/q7gY=
To generate the passwords we use doveadm command.
$ doveadm pw -s sha256 Enter new password: Retype new password: {SHA256}SKqtTLTAct6agUe7MQDvTgOtYyjtxJWWTQXiATus88w=
The following settings are the files I have to change in dovecot to configure the authentication through vusers.conf file and the socket for postfix authentication for mail submission service.
10-auth.conf
auth_mechanisms = plain !include auth-static.conf.ext
auth-static.conf.ext
passdb { driver = passwd-file args = username_format=%u /etc/dovecot/vusers.conf } userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/%d/%n }
10-mail.conf
mail_home = /var/mail/%d/%n mail_location = maildir:/var/mail/%d/%n mail_uid = 1002 mail_gid = 1003 mail_privileged_group = vmail
10-master.conf
under “service auth” configure the auth-userdb socket with user/group vmail and the socket for postfix authentication with user/group postfix.
unix_listener auth-userdb { #mode = 0666 user = vmail group = vmail } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }
15-lda.conf
lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes
And that’s all, we have a postfix server using dovecot authentication and dovecot LDA. Now, you can install the sieve plugin for dovecot and use for mail filtering and vacations messages.