This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 16 and 17
Revision 16 as of 2010-06-15 18:41:50
Size: 4573
Editor: TimoSirainen
Comment:
Revision 17 as of 2011-01-27 15:05:59
Size: 4808
Editor: tgbit
Comment: added HOME to environment
Deletions are marked like this. Additions are marked like this.
Line 101: Line 101:
You also have to set
Line 114: Line 115:
  environment = USER=$local_part@$domain   environment = USER=$local_part@$domain:HOME=/var/mail/home/$domain/$local_part
Line 128: Line 129:

You need to add HOME to the environment as well, otherwise you would get an error like:
`User user@example.com doesn't have home dir set, disabling duplicate database`

Dovecot LDA with Exim

System users

Change the localuser router to use dovecot_delivery transport:

localuser:
  driver = accept
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  transport = dovecot_delivery

check_local_user is required. It makes Exim execute the transport with the user's UID and GID and it also sets HOME environment.

Next create a new transport for dovecot-lda:

dovecot_delivery:
  driver = pipe
  command = /usr/local/libexec/dovecot/dovecot-lda
# use /usr/lib/dovecot/dovecot-lda  if using Debian's package
  message_prefix =
  message_suffix =
  log_output
  delivery_date_add
  envelope_to_add
  return_path_add
  #group = mail
  #mode = 0660
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

LDA is now running using the local user's UID and GID. The mail is delivered to the location specified by mail_location setting. Note that the above configuration doesn't do any userdb lookups, so you can't have any per-user configuration. If you want that, see the virtual user setup below.

Virtual users

Make sure that check_local_user isn't set in the router.

Single UID

Configure the transport to run as the user you want, for example vmail:

dovecot_virtual_delivery:
  driver = pipe
  command = /usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain  -f $sender_address
  # v1.1+: command = /usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain  -f $sender_address -a $original_local_part@$original_domain
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  user = vmail
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

You'll also need to have a master authentication socket and give vmail user access to it. See LDA for more information.

List of temp_errors can be found in /usr/include/sysexits.h.

Multiple UIDs

If you need multiple uids/gids you'll need to set dovecot-lda setuid root. See LDA#multipleuids for how to do this securely.

You could alternatively set user = root, but this requires that you built Exim without root being in FIXED_NEVER_USERS list.

Multiple UIDs, without running dovecot-lda as root

In this mode, dovecot-lda won't be querying Dovecot's master socket, instead trusting Exim to setup its execution environment. This means you must set up Exim to get the UID, GID, Home directory from LDAP/SQL/whatever. Here, we're setting them in the router and the transport automatically inherits them.

Router configuration

Insert the following router after your external delivery routers and before your local system delivery routers.

This assumes you're using macros set elsewhere to handle your external queries, as they can quickly become unwieldy to manage. Make sure you adjust it to suit your installation first!

ldap_local_user:
  debug_print = "R: ldap_local_user for $local_part@$domain"
  driver = accept
  domains = +ldap_local_domains
  condition = LDAP_VIRT_COND
  router_home_directory = LDAP_VIRT_HOME
  user = LDAP_VIRT_UID
  group = LDAP_VIRT_GID
  #local_part_suffix = +* : -*
  #local_part_suffix_optional
  transport = dovecot_lda

Transport configuration

This transport will not work with Dovecot 1.0.*, as its LDA didn't have support for this scenario yet. It has been tested with Exim 4.69-9 and Dovecot 1:1.2.5-2 (backported) on Debian Lenny. YMMV with Dovecot 1.1.*. You also have to set

dovecot_lda:
  debug_print = "T: dovecot_lda for $local_part@$domain"
  driver = pipe
  # Uncomment the following line and comment the one after it if you want dovecot-lda to try
  # to deliver subaddresses into INBOX.{subaddress}. If you do this, uncomment the
  # local_part_suffix* lines in the router as well. Make sure you also change the separator
  # to suit your local setup.
  #command = /usr/lib/dovecot/dovecot-lda -e -k -m "INBOX|${substr_1:$local_part_suffix}" \
  command = /usr/lib/dovecot/dovecot-lda -e -k \
      -f "$sender_address" -a "$original_local_part@$original_domain"
  use_shell
  environment = USER=$local_part@$domain:HOME=/var/mail/home/$domain/$local_part
  umask = 002
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  log_defer_output
  return_fail_output
  freeze_exec_fail
  #temp_errors = *
  temp_errors = 64 : 69 : 70 : 71 : 72 : 73 : 74 : 75 : 78

You need to add HOME to the environment as well, otherwise you would get an error like: User user@example.com doesn't have home dir set, disabling duplicate database

LDA/Exim (last edited 2013-05-02 15:00:18 by TimoSirainen)