{"id":702,"date":"2013-05-28T13:55:27","date_gmt":"2013-05-28T11:55:27","guid":{"rendered":"http:\/\/elkano.org\/blog\/?page_id=702"},"modified":"2016-12-14T16:19:12","modified_gmt":"2016-12-14T15:19:12","slug":"postfix-virtual-users-with-dovecot","status":"publish","type":"post","link":"https:\/\/elkano.org\/blog\/postfix-virtual-users-with-dovecot\/","title":{"rendered":"Postfix virtual users with Dovecot"},"content":{"rendered":"

This is a little tutorial for setting up Postfix with dovecot authentication and LDA. With dovecot LDA you can use sieve scripts for mail filter and vacation messages.<\/p>\n

Postfix Configuration:<\/h2>\n

First create vmail user for virtual delivery:<\/p>\n

\r\n# useradd vmail\r\n# id vmail \r\nuid=1002(vmail) gid=1003(vmail) grupos=1003(vmail)\r\n<\/pre>\n
We are going to deliver mails for user@domain.com to \/var\/mail\/domain.com\/user
\nFor virtual transport we set dovecot. virtual_mailbox_domains are domains that we host in this server and virtual_mailbox_maps is a table to look for valid mailboxes in the server.<\/p>\n
main.cf<\/strong><\/p>\n
\r\n# delivery\r\nvirtual_mailbox_domains = domain1.com, domain2.com\r\nvirtual_transport = dovecot\r\ndovecot_destination_recipient_limit = 1\r\nmail_spool_directory = \/var\/mail\r\nvirtual_mailbox_base = \/var\/mail\r\nmailbox_size_limit = 0\r\nrecipient_delimiter = +\r\nvirtual_minimum_uid = 100\r\nvirtual_alias_maps = hash:\/etc\/postfix\/virtual_alias\r\nvirtual_mailbox_maps = hash:\/etc\/postfix\/virtual_mailbox<\/pre>\n
\/etc\/postfix\/virtual_alias<\/strong><\/p>\n
\r\npostmaster@domain1.com\tpostmaster@otherdomain.com\r\npostmaster@domain2.com\tpostmaster@otherdomain.com<\/pre>\n
Rebuild table with:<\/p>\n
\r\n# postmap \/etc\/postfix\/virtual_alias\r\n<\/pre>\n
\/etc\/postfix\/virtual_mailbox<\/strong>
\nThis fiile is only listing mailboxes that are going to accept for local delivery.<\/p>\n
\r\nuser1@domain1.com  OK\r\nuser2@domain1.com  OK\r\nuser1@domain2.com  OK\r\nuser3@domain2.com  OK<\/pre>\n
Rebuild table with:<\/p>\n
\r\n# postmap \/etc\/postfix\/virtual_mailbox\r\n<\/pre>\n
master.cf<\/strong><\/p>\n
In postfix master.cf file we set for submission service dovecot authentication. In this way only authenticated users are allowed to relay mails to external domains.<\/p>\n
In the last line we configure dovecot for local delivery agent.<\/p>\n
submission inet n       -       -       -       -       smtpd\r\n  -o smtpd_tls_security_level=encrypt\r\n  -o smtpd_sasl_auth_enable=yes\r\n  -o smtpd_sasl_type=dovecot\r\n  -o smtpd_sasl_path=private\/auth\r\n  -o smtpd_sasl_security_options=noanonymous\r\n  -o smtpd_sasl_local_domain=$myhostname\r\n  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\r\n  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination\r\n\r\n[...]\r\ndovecot   unix  -       n       n       -       -       pipe\r\n  flags=DRhu user=vmail:vmail argv=\/usr\/lib\/dovecot\/deliver -f ${sender} -d ${user}@${nexthop}<\/pre>\n
Dovecot configuration:<\/h2>\n
\/etc\/dovecot\/vusers.conf<\/strong>
\nWe use this file for authentication as a users database. You can use too a mysql db or ldap for this, but the simplest way is to use a plain file for storing users an its passwords.<\/p>\n
info@domain1.com:{SHA256}gSGn1f3fg0lTRDezXhC7uJqp3XapE8uT7W42PKDDLyY=\r\nadmin@domain2.com:{SHA256}PtkqLjF6lRo3h6WAQOVbuZQ\/2d7hupW5BCv0Vx\/q7gY=\r\n<\/pre>\n
To generate the passwords we use doveadm command.<\/p>\n
$ doveadm pw -s sha256\r\nEnter new password: \r\nRetype new password: \r\n{SHA256}SKqtTLTAct6agUe7MQDvTgOtYyjtxJWWTQXiATus88w=<\/pre>\n
The following settings are the files I have to change in dovecot to configure the authentication through vusers.conf file and the socket for postfix authentication for mail submission service.<\/p>\n
10-auth.conf<\/strong><\/p>\n
auth_mechanisms = plain\r\n!include auth-static.conf.ext<\/pre>\n
auth-static.conf.ext<\/strong><\/p>\n
passdb {\r\n  driver = passwd-file\r\n  args = username_format=%u \/etc\/dovecot\/vusers.conf\r\n}\r\n\r\nuserdb {\r\n  driver = static\r\n  args = uid=vmail gid=vmail home=\/var\/mail\/%d\/%n\r\n}<\/pre>\n
10-mail.conf<\/strong><\/p>\n
mail_home = \/var\/mail\/%d\/%n\r\nmail_location = maildir:\/var\/mail\/%d\/%n\r\nmail_uid = 1002\r\nmail_gid = 1003\r\nmail_privileged_group = vmail<\/pre>\n
10-master.conf<\/strong><\/p>\n
under “service auth” configure the auth-userdb socket with user\/group vmail and the socket for postfix authentication with user\/group postfix.<\/p>\n
\r\nunix_listener auth-userdb {\r\n    #mode = 0666\r\n    user = vmail\r\n    group = vmail\r\n  }\r\n\r\n  # Postfix smtp-auth\r\n  unix_listener \/var\/spool\/postfix\/private\/auth {\r\n    mode = 0666\r\n    user = postfix\r\n    group = postfix\r\n  }<\/pre>\n
15-lda.conf<\/strong><\/p>\n
lda_mailbox_autocreate = yes\r\nlda_mailbox_autosubscribe = yes<\/pre>\n
And that’s all, we have a postfix server using dovecot authentication and dovecot LDA. Now, you can install the sieve plugin for dovecot and use for mail filtering and vacations messages.<\/p>\n","protected":false},"excerpt":{"rendered":"
This is a little tutorial for setting up Postfix with dovecot authentication and LDA. With dovecot LDA you can use sieve scripts for mail filter and vacation messages. Postfix Configuration: First create vmail user for virtual delivery: # useradd vmail # id vmail uid=1002(vmail) gid=1003(vmail) grupos=1003(vmail) We are going to deliver mails for user@domain.com to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[202,181,203],"_links":{"self":[{"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/posts\/702"}],"collection":[{"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/comments?post=702"}],"version-history":[{"count":26,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/posts\/702\/revisions"}],"predecessor-version":[{"id":728,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/posts\/702\/revisions\/728"}],"wp:attachment":[{"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/media?parent=702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/categories?post=702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/tags?post=702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}