This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 31 and 50 (spanning 19 versions)
Revision 31 as of 2004-08-19 17:43:22
Size: 5048
Editor: ip213-185-36-189
Comment:
Revision 50 as of 2013-03-31 13:40:36
Size: 6281
Editor: cpc5-basf10-2-0-cust708
Comment: couple of spelling corrections
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was renamed from VirtualhostingWithExim
Line 2: Line 3:
An exercise in mailrouting by F. Overkamp <florian@obsimref.com> An exercise in mailrouting by F. Overkamp < florian@obsimref.com >
Line 5: Line 6:
I wanted to use Dovecot to deal with mailboxes that may belong to accounts that may or may not exist as a unix user. I also required a large amount of flexibility in migration options - so mail-accounts may have any number of formats and daemons. I am doing distribution of these users by using [http://www.vergenet.net/linux/perdition/ Perdition], but thats just a preference. I wanted to use Dovecot to deal with mailboxes that may belong to accounts that may or may not exist as a unix user. I also required a large amount of flexibility in migration options - so mail-accounts may have any number of formats and daemons. I am doing distribution of these users by using [[http://www.vergenet.net/linux/perdition/|Perdition]], but thats just a preference.
Line 8: Line 9:
Line 21: Line 23:

Line 24: Line 24:
Line 26: Line 25:
auth = default
auth_userdb = static uid=500 gid=500 home=/home/dovecot/users/%u
auth_passdb = passwd-file /home/dovecot/passwd
auth_user = dovecot
auth default {
  userdb static {
    args =
uid=vmail gid=vmail home=/home/dovecot/users/%u
  }
  
passdb passwd-file {
    args =
/home/dovecot/passwd
  }
}
Line 31: Line 34:
The password file should not contain plain-text passwords, but rather the checksums for the desired authentication method. Add a second args line if you need more authentication methods.
Line 37: Line 41:
# Directors are evaluated in order of configuration, so if you place this  # Directors are evaluated in order of configuration, so if you place this
Line 42: Line 46:
# then uncomment the suffix stanzas  # then uncomment the suffix stanzas
Line 55: Line 59:
  user = dovecot
  group = dovecot
  user = vmail
  group = vmail
Line 68: Line 72:
Line 74: Line 79:
# then uncomment the suffix stanzas  # then uncomment the suffix stanzas
Line 87: Line 92:
  user = dovecot
  group = dovecot
  user = vmail
  group = vmail
Line 98: Line 103:
== Exim4 on Debian ==
Using the exim4 package on Debian the configuration changes need to be applied to the /router/ and /transport/ directories inside /etc/exim4/conf.d/ (by default). This only applies in split-configuration mode. In single-file configuration, the changes must be applied at the appropriate points. I created new files in each with a similar numbering scheme as the current ones. The numbers determine the order in which these get added to the main configuration file.

After the changes are made, you will need to run (as root) the '''invoke-rc.d exim4 restart''' command and the file will be regenerated. (You will have to pass a -r argument or else it will spit out an error message telling you to read the man page - THIS IS DANGEROUS as it overwrites your entire configuration - so if you haven't been using Debian's scripts to maintain your configuration files, don't use this command!)
Line 99: Line 109:
Be carefull how you do this - test it with 'exim -bt <address>' for a few different options Be careful how you do this - test it with 'exim -bt <address>' for a few different options
Line 102: Line 112:
Line 107: Line 118:
 * So if florian@host is a unix user and it was not yet migrated to dovecot, use the old mailbox:   * So if florian@host is a unix user and it was not yet migrated to dovecot, use the old mailbox:
Line 113: Line 125:
Line 116: Line 127:

== Security considerations ==
Need evaluation and recommendations.

Dovecot virtual users

An exercise in mailrouting by F. Overkamp < florian@obsimref.com >

Preamble

I wanted to use Dovecot to deal with mailboxes that may belong to accounts that may or may not exist as a unix user. I also required a large amount of flexibility in migration options - so mail-accounts may have any number of formats and daemons. I am doing distribution of these users by using Perdition, but thats just a preference.

A few assumptions were made in this setup:

  • All virtual users/mailboxes are in /home/dovecot/users
  • Password file for these users is /home/dovecot/passwd (looks just like a htpasswd file)

Desired results

The result I was looking for was this:

Mail for the domain comes in. If it has a dovecot mailbox, deliver it there. If not, continue with 'normal' local delivery.

  • So if frops@host is not a unix user and it does exist in dovecot, use that
  • So if florian@host is a unix user and it was not yet migrated to dovecot, use the old mailbox
  • So if dummy@host is a unix user and it was not yet migrated to dovecot, use the old mailbox
  • So if nonexistent@host exists nowhere, bounce :-)

Making dovecot use these mailboxes

auth default {
  userdb static {
    args = uid=vmail gid=vmail home=/home/dovecot/users/%u
  }
  passdb passwd-file {
    args = /home/dovecot/passwd
  }
}

The password file should not contain plain-text passwords, but rather the checksums for the desired authentication method. Add a second args line if you need more authentication methods.

By the way, I did not bother making another set of configs to deal with non-virtual users - I use perdition for that in my migration scenario.

Making exim 3 deliver to those virtual users

# Director to send any mail for who a dovecot user exists to the appropriate maildir box
# Directors are evaluated in order of configuration, so if you place this
# above the local_delivery director this will play nice:
# If there is a virtual user in the dovecot dirs it will use that
# If not, it will try normal local delivery
# If you want to allow + addressing (ie having an address extension)
# then uncomment the suffix stanzas
dovecot:
  driver = smartuser
  #suffix = +*
  #suffix_optional
  require_files = +/home/dovecot/users/${local_part}/
  transport = dovecot_transport

# Transport to send any mail for who a dovecot user exists to the appropriate maildir box
# Transports definitions are not order dependant - you just call a named transport
dovecot_transport:
  driver = appendfile
  user = vmail
  group = vmail
  mode = 0600
  directory=/home/dovecot/users/${lc:$local_part}/
  maildir_format = true
  mode_fail_narrower = false
  envelope_to_add = true
  return_path_add = true

In order to make this work, exim must be able to read the /home/dovecot/users/ directory, otherwise delivery will not work.

Making exim 4 deliver to those virtual users

If at all possible you should use exim 4 in place of the obsolete exim 3. Exim 4 has many more features to enable fine control of mail policy. Packages are available for all current linux distributions and other OS platforms.

# Router to send any mail for who a dovecot user exists to the appropriate maildir box
# Routers are evaluated in order of configuration.
# You will want to place this after the remote router and before the
# localuser router in the default configuration.
# If you want to allow + addressing (ie having an address extension)
# then uncomment the suffix stanzas
dovecot_router:
  driver = accept
  #local_part_suffix = +*
  #local_part_suffix_optional
  require_files = +/home/dovecot/users/${local_part}/
  transport = dovecot_transport

# Transport to send any mail for who a dovecot user exists to the appropriate maildir box
# Transports definitions are not order dependant - you just call a named transport
dovecot_transport:
  driver = appendfile
  user = vmail
  group = vmail
  mode = 0600
  directory=/home/dovecot/users/${lc:$local_part}/
  maildir_format = true
  mode_fail_narrower = false
  envelope_to_add = true
  return_path_add = true

In order to make this work, exim must be able to read the /home/dovecot/users/ directory, otherwise delivery will not work.

Exim4 on Debian

Using the exim4 package on Debian the configuration changes need to be applied to the /router/ and /transport/ directories inside /etc/exim4/conf.d/ (by default). This only applies in split-configuration mode. In single-file configuration, the changes must be applied at the appropriate points. I created new files in each with a similar numbering scheme as the current ones. The numbers determine the order in which these get added to the main configuration file.

After the changes are made, you will need to run (as root) the invoke-rc.d exim4 restart command and the file will be regenerated. (You will have to pass a -r argument or else it will spit out an error message telling you to read the man page - THIS IS DANGEROUS as it overwrites your entire configuration - so if you haven't been using Debian's scripts to maintain your configuration files, don't use this command!)

Testing your exim configuration

Be careful how you do this - test it with 'exim -bt <address>' for a few different options

  • So if frops@host is not a unix user and it does exist in dovecot, use that:

frops@host
  deliver to frops in domain host
  director = dovecot, transport = dovecot_transport
  • So if florian@host is a unix user and it was not yet migrated to dovecot, use the old mailbox:

florian@host
  deliver to florian in domain host
  director = procmail, transport = procmail_pipe

Further Issues

It is possible to extend this configuration to make exim use the same database for SMTP authentication, although it is slightly difficult due to the different password hashing schemes. If you keep the password database file in PLAIN format then it can be done relatively easily.

Security considerations

Need evaluation and recommendations.


None: HowTo/VirtualhostingWithExim (last edited 2013-03-31 13:40:36 by cpc5-basf10-2-0-cust708)