Dovecot postfix ldap
From DWIKI
Project Goal
A mailserver handling virtual mail accounts in multiple domains.
Implementation
A mailserver running dovecot, postfix, ldap and squirrelmail, with virtual domains and users.
Global variables and paths used
Variables
Primary domain
example.com
Second domain
acme.com
Hostname
mail.example.com
Files and paths
/etc/passwd
(on debian 101 is already taken by postfix!)
vmail:*:101:101:vmail user:/vmail:/bin/sh
Mail storage
mkdir -p /vmail/domains/ chown vmail /vmail/domains/ chmod 700 /vmail/domains/
/etc/group
vmail:*:101:
/var/run/dovecot/
owned by root
LDAP
For the per user mail quota and aliases i added schema qmail.schema to slapd.conf, with some small alterations: http://dhits.nl/download/qmail.new.schema
dn's used
ldap root
o=ldap
ldap admin
dc=root,o=ldap
domain root
o=users,dc=example,dc=com,o=ldap
slapd.conf
#this one is needed by qmail schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/qmail.new.schema #users will be allowed to change password via squirrelmail access to attrs=userPassword by self write by anonymous auth by * read
To allow users to maintain mail aliases via squirrelmail
access to attrs=mailAlternateAddress
by self write
by * read
access to attrs=entry
by self write
by * read
access to * by * read
Dovecot
dovecot-ldap.conf
ldap_version = 3 base = o=ldap #http://wiki.dovecot.org/Variables user_attrs = %n,%Dd=user,mailQuota=quota_rule=*:storage=%$,=home=/vmail/domains/%d/%n/Maildir user_filter = (&(objectClass=inetOrgPerson)(mail=%u)) pass_attrs = mail=user,userPassword=password,mailQuota=userdb_quota_rule=*:bytes=%$,=userdb_home=/vmail/domains/%d/%n/Maildir,mail=userdb_user pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)) default_pass_scheme = SSHA
dovecot.conf
base_dir = /var/run/dovecot/ login_dir = /var/run/dovecot/login #the protocols used protocols = imap imaps pop3 managesieve mail_uid = 101 mail_gid = 101 disable_plaintext_auth = no ssl_disable = no ssl_cert_file = /etc/ssl/certs/dovecot.pem ssl_key_file = /etc/ssl/private/dovecot.pem mail_location = maildir:/vmail/domains/%d/%n/Maildir mail_privileged_group = mail mail_debug = yes verbose_proctitle = no first_valid_uid = 101 last_valid_uid = 101 first_valid_gid = 101 last_valid_gid = 101
protocol imap {
mail_plugins = quota imap_quota
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster@example.com
plugins = quota
mail_plugins = cmusieve quota
sieve_global_path = /data/vmail/domains/.dovecot.sieve
mail_plugin_dir = /usr/local/lib/dovecot/imap
sendmail_path = /usr/local/sbin/sendmail
log_path = /var/log/dovecot-deliver.log
info_log_path = /var/log/dovecot-deliver.log
rejection_reason = Your message to<%t> was automatically rejected:%n%r
}
protocol managesieve {
sieve = /data/vmail/domains/%d/%n/.dovecot.sieve
sieve_storage = /data/vmail/domains/%d/%n/sieve
login_executable = /usr/local/libexec/dovecot/managesieve-login
mail_executable = /usr/local/libexec/dovecot/managesieve
}
#for users logging in without @domain.tld auth_default_realm = example.com auth_verbose = no auth_debug = no auth_debug_passwords = no
auth default {
mechanisms = plain login
socket listen {
#it looks like the user 'vmail' is also the user postfix has to call deliver as
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
}
# socket used by postfix smtp auth/sasl, in queue_directory
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb prefetch {
}
userdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
user = vmail
}
dict {
#quota = mysql:/usr/local/etc/dovecot-dict-quota.conf
}
plugin {
quota = maildir:User quota
quota_rule = *:storage=100M
quota_rule2 = Trash:storage=10M
quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95
quota_warning2 = storage=90%% /usr/local/bin/quota-warning.sh 90
quota_warning3 = storage=80%% /usr/local/bin/quota-warning.sh 80
sieve = /data/vmail/domains/%d/%n/.dovecot.sieve
}
quota-warning.sh
dovecot-nowarning.conf is same as dovecot.conf, without the quota_warning* lines
#!/bin/sh PERCENT=$1 cat << EOF | /usr/local/libexec/dovecot/deliver -d $USER -c /usr/local/etc/dovecot-nowarning.conf From: postmaster@domain.com Subject: quota warning
Your mailbox is now $PERCENT% full. EOF
Postfix
main.cf
#generic postfix config skipped
disable_vrfy_command = yes
mail_owner = postfix
myhostname = mail.example.com
mydomain = example.com
#milters
milter_connect_macros = b j _ {daemon_name} {if_name} {if_addr}
#first one is called first, assuming all these milters have been installed
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock, unix:/var/run/milter-regex/sock, unix:/var/run/clamav/clmilter.sock, unix:/var/run/spamass-milter.sock
milter_default_action = accept
#probably not needed when ldap is running mydestination = $myhostname, acme.com, localhost.$mydomain, localhost.localdomain
virtual_mailbox_domains = example.com, acme.com virtual_mailbox_base = /vmail virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap-users.cf dovecot_destination_concurrency_limit = 1 dovecot_destination_recipient_limit = 1 virtual_transport = dovecot #this makes sure alias gets rewritten even before passed to milter virtual_alias_maps = ldap:/usr/local/etc/postfix/ldap-aliases.cf
virtual_create_maildirsize = yes # #local_recipient_maps = $alias_maps unix:passwd.byname $virtual_mailbox_maps local_recipient_maps = $alias_maps $virtual_mailbox_maps unknown_local_recipient_reject_code = 550
#i'm behind a NAT :) mynetworks_style = subnet alias_maps = hash:/etc/aliases,ldap:/usr/local/etc/postfix/ldap-aliases.cf #this is not needed #home_mailbox = Maildir/ #don't think this will be used when all's well mail_spool_directory = /var/mail
debug_peer_level = 1 message_size_limit = 5000000
ldap-users.cf
#maybe part of this is redundant, but at least clear bind = no version = 3 timeout = 20
debuglevel = 0 size_limit = 1 expansion_limit = 0
start_tls = no tls_require_cert = no
server_host = ldap://localhost scope = sub search_base = o=ldap query_filter = (|(mail=%s)(mailAlternateAddress=%s)) result_attribute = mail
ldap-aliases.cf
bind = no version = 3 timeout = 20 size_limit = 1 expansion_limit = 1
start_tls = no tls_require_cert = no scope = sub query_filter = mailAlternateAddress=%s result_attribute = mail server_host = ldap://localhost search_base = o=ldap
master.cf
#the entire master.cf can be left as is, just add:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
Squirrelmail
Tips & tricks
Disallow imap
Use authldap.schema, 'disableimap'
Notes
- Check out authldap.schema!!!
