dovecot « WordPress.com Tag Feed

Configuration de Postfix et Dovecot - partie 2

Bertrand PERALTA — Sun, 21 Sep 2008 10:21:31 +0000

Une fois que postfix est fonctionnel il faut penser à installer ce qu'il faut pour voir lire les mails qui sont reçus ;-)

Dovecot permet la gestion des boites au format Maildir, la récupération du courrier en pop3 et impa, SSL ou non et peut assurer le service d'authentification pour Postfix afin d'autoriser nos utilisateurs à envoyer des mails en utilisant notre serveur.

Fichier dovecot.conf

Voici donc les différetns paramètres modifiés par rapport à la configuration d'origine :

disable_plaintext_auth = no

Nécessaire pour l'uthentification de base. Toutes nos connexions avec Dovecot seront faites via SSL/TLS donc pas de soucis de lecture des mots de passe sur la ligne.

ssl_disable = no

SSL sera donc activé

protocol imap {
ssl_cert_file = /var/keys/imap.mondomaine.fr_cert.pem
ssl_key_file = /var/keys/imap.mondomaine.fr_key.pem
ssl_key_password = <Password de la clé>
}
protocol pop3 {
ssl_cert_file = /var/keys/pop3.mondomaine.fr_cert.pem
ssl_key_file = /var/ssl/keys/pop3.mondomaine.fr_key.pem
ssl_key_password = <Password de la clé>
}

SSL sera alors activé pour imap et pop3. La création des clés et certificats peuvent être faits en suivant les explications ici.

mail_location = maildir:~/Maildir

Même emplacement que défini dans Postfix (c'est mieux ;-) )

auth default {
  mechanisms = plain login
}

Permet d'autauriser les authentification en PlainText

passdb passwd-file {
  args = /etc/dovecot/dovecot.users
}
userdb passwd-file {
  args = /etc/dovecot/dovecot.users
}

Indique l'emplacement du fichier listant les utilisateurs

socket listen {
  client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
  }
}

Indique à dovecot qui a le droit d'utiliser son authentification (cf paramètre smtpd_sasl_path de la conf postfix).

Fichier dovecot.users

Il reste maintenant à lister nos utilisateurs dans le fichier dovecot.users. Une ligne type à cette forme :

<userlogin>:{<encodagepwd>}<passwd>:vmail:vmail::<chemin de la boite>::userdb_mail=maildir:~

Par exemple,

monlogin:{PLAIN}passwd:vmail:vmail::/home/vmail/monlogin::userdb_mail=maildir:~

L'enregistrement dans ce fichier des mots de passe en mode PLAIN n'est pas recommandé d'un point de vue sécurité. Différents encodage peuvent être utilisé. Il suffit d'utiliser l'outil dovecotpw qui génère la chaine encodée à insérer dans le fichier de configuration.

Configuration de Postfix et Dovecot - partie 1

Bertrand PERALTA — Sat, 20 Sep 2008 23:05:57 +0000

Ce billet n'a pas pour vocation de remplacer la doc ou de couvrir les différents cas d'utilisation qu'il est possible de rencontrer avec Postfix et Dovecot. Cela couvre une utilisation relativement simple permettant de mettre en place le minimum requis par un serveur smtp. L'installation est faite sur une OpenSuse 10.2 et n'utilise pas de base de données pour gérer les utilisateurs.

Voici dans un premier temps le paramétrage de Postfix. Le paramétrage de dovecot viendra dans un second temps...

Tout d'abord, spécifiquement pour la Suse, il faut demander à Yast de ne plus gérer lui-même Postfix.

Système / Editeur pour fichier /etc/sysconfig / Network / Mail / General / MAIL_CREATE_CONFIG = no

Voici ensuite les différents paramètres à renseigner dans le fichier /etc/postfix/main.cf

myhostname = <Nom du serveur>

par exemple : smtp.mondomaine.fr

mydomain = <domaine principal>

par exemple : mondomaine.fr

mydestination = $myhostname, localhost.$mydomain, localhost, <nomserveurinterne>

Dans mon cas, je veux pouvoir router certains mails via une adresse précise correspondant à un alias de smtp.mondomaine.fr. Par exemple, smtp.domaineinterne.com

virtual_mailbox_domains = <liste de domaines>

Par exemple, mondomaine.fr, seconddomaine.com, serveurmail.mondomaine.fr
Dans mon cas, je renseigne cette liste en utilisant virtual_mailbox_domains et non pas virtual_alias_domains car j'utilise la possibilité de gérer des utilisateurs virtuels (qui ne sont pas des utilisateurs déclarés sur mon serveur linux).

virtual_alias_maps = hash:/etc/postfix/virtual

Le fichier virtual contient la liste de mes redirections vers d'autres emails ou vers des utilisateurs système

virtual_mailbox_maps = hash:/etc/postfix/vmailbox

Le fichier vmailbox contient la liste de mes redirections vers mes utilisateurs virtuels

virtual_mailbox_base = /home/vmail

Définit le répertoire contenant les boites des utilisateurs virtuels

virtual_minimum_uid = 500
virtual_uid_maps = static:3000
virtual_gid_maps = static:3000

Les boites mails virtuelles doivent appartenir à un compte et un groupe ayant l'id 3000 (par exemple vmail)

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

Le smtp autorise l'accès sasl pour les utilisateurs non anonymes

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Cet accès sasl est géré par dovecot

smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, permit_sasl_authenticated, reject_unauth_destination

On utilise les utilisateurs du réseau interne et les utilisateurs authentifiés

mynetworks = 192.168.1.0/24

Définition du réseau local interne

home_mailbox = Maildir/

Les boites sont gérés en format Maildir (un répertoire par boite et non pas un fichier). Le / est important...

Exemple de fichier virtual

nom@mondomaine.fr      userlinux
autre@mondomaine.fr    autre@hotmail.f

Exemple de fichier vmailbox

user1@mondomaine.fr      user1/

Cela signifie que les mails reçus par user1@mondomaine.fr seront stocké dans la boit user1 au format Maildir (grâce à la présence du / ) dans le répertoire user1 (qui sera lui-même situé sous /home/vmail).

Important : Ces deux fichiers doivent être "recompilés" avec l'outil postmap après chaque modification afin de mettre à jour les .db respectifs.

Voilà, le postfix doit en principe être fonctionnel, et les règles d'anti-relaying en place si les domaines et noms de serveurs correctement renseignés. Il est important de bien tester cette partie sous peine de rapidement avoir un serveur qui croulera sous le trafic de spams :-/

Prochain épisode, le paramétrage de Dovecot permettant de relever le courrier mais également d'authentifier nos utilisateurs pour l'envoi des mails.

Complete GMail redundancy in 7 easy steps

Pádraig — Sun, 24 Aug 2008 00:06:49 +0000

If there is anything that the recent GMail outages taught us, it's that losing access to your email for a few hours should not mean that the end of the world has arrived. I think it also served as a reminder that if you rely 100% on the cloud for access to your data, then be prepared to be disconnected from it every once in a while. Fortunately, it's quite easy to take advantage of free email services from the likes of Google while also making sure that should the worst happen, you can still access your data.

With more and more communication, both professional and personal, being conducted through email, it's no wonder that people do get nervous when they suddenly lose control over several years worth of contacts and emails. This short article will show you how easy it is to back up your GMail automatically to a remote server which you can then access in the event that GMail goes down or you lose access to your account. We'll be using nothing but free open-source software. If you already have a net-connected machine with Ubuntu installed then you're set to go. Otherwise, consider recycling an old pentium-or-better-cpu machine with a network card—the processing demands are relatively low and the most important resource is storage space for all the emails and attachments. Although these instructions are for Ubuntu, they should also work on Debian or any other Debian-based distro.

To set this up you obviously need a GMail account, although any email account which can be accessed using the POP protocol can be backed up using the same method. We'll be using the excellent Fetchmail to retrieve messages from the GMail account while leaving them untouched in your GMail inbox, Procmail to deliver and filter them into a local Maildir-format mailbox, and Dovecot to access the emails remotely, all on the latest release of Ubuntu, Hardy Heron (8.04 LTS).

1. Setup GMail

Log in to your GMail account
Click 'Settings>Imap/Pop' and enable POP access
You can chose whether to only download messages which arrive from now on or to download all existing messages. The latter is useful if you have already been using your GMail account for a while and would like to back all existing messages to a secure alternative location.

2. Install packages

Fire up a terminal window and run the following command:sudo apt-get install dovecot-imapd procmail fetchmail mutt
This should automatically download and install everything you need. The mutt package is optional and is a useful tool for checking if your IMAP server is working properly and that your emails are being downloaded (not to mention a nice command-line email client!).

3. Configure Fetchmail

We need to define our GMail accounts in fetchmail's configuration file. Open the file /etc/fetchmailrc for editing as root. The file won't exist yet so we'll have to create it.
Copy & paste the following into the file:set daemon 60 set syslog set postmaster "localuser" poll pop.gmail.com protocol pop3 username "username@gmail.com" there with password "yourpassword" is localuser here keep ssl mda "/usr/bin/procmail -d localuser"
Change localuser to your local username on the linux box and the email and password to match your gmail account. If you want, you can add as many other accounts as you want here. For each account, just copy the text starting from 'poll...' and change the login details.
The first line tells fetchmail to check for new emails every 60 seconds. Edit to match your preferred update frequency.
Edit /etc/default/fetchmail as root and change the line START_DAEMON=no to START_DAEMON=yes

4. Configure Procmail (~/.procmailrc)

We're using procmail to deliver email from fetchmail to a mailbox in Maildir format. This is necessary due to the lack of Maildir support in Fetchmail, which supports the mbox format. The main difference between the formats is that Maildir stores each email in a single file, making it very efficient when you have a lot of emails. In contrast, mbox format stores all emails in a single file.
Create ~/.procmailrc and put the following text in it:MAILDIR=$HOME/Mail/ DEFAULT=$MAILDIR VERBOSE=on LOGFILE=$MAILDIR/procmail.log :0 $MAILDIR
Set permissions on the file with: chmod 640 ~/.procmailrc
This file simply tells procmail where to store the emails (in ~/Mail) and where to store it's logs. Procmail is capable of a lot more than this, and it supports a powerful filtering language. You can specify rules in your ~/.procmailrc file to filter emails based on sender, subject, etc.

5. Configure Dovecot

We're almost there! We can retrieve emails from the GMail servers and deliver them locally. Now we need a way to access the email remotely. For this we're using Dovecot, and we need to tweak the configure a little.
As root, open up /etc/dovecot/dovecot.conf and update the following lines:protocols = imaps mail_location = maildir:~/Mail

6. Setup maildir

We need to create the local mailbox with:maildirmake.dovecot ~/Mail

7. Start services

Okay, now everything is set up we need to start up the services:

sudo /etc/init.d/fetchmail start sudo /etc/init.d/dovecot start

8. Enjoy!

That's it! Run tail -f /var/log/syslog to check fetchmail is receiving messages and also check ~/Mail/procmail.log to see that procmail is not throwing up any errors. The final thing you need to do is make sure you can access your email server remotely. Dovecot is running over SSL on port 993, so just configure your router to enable external access to that port. Then just configure Outlook , Thunderbird, etc. to access IMAP over SSL and you have full access to all your emails on your own server.

Note: if you chose to setup GMail POP access to allow all existing messages to be downloaded and you have lots of messages in your account, it will take a few runs of fetchmail to collect them all. Leave things running overnight and check back in the morning!

Optional step: Setup mutt

Create the file ~/.muttrc and put the following in it:set mbox_type=Maildir set folder="~/Mail" set mask="!^\\.[^.]" set mbox="~/Mail" set record="+.Sent" set postponed="+.Drafts" set spoolfile="~/Mail"
Now just run mutt and read your email!

Related Links

FreeNAS as Digital Shoebox

James — Thu, 22 May 2008 02:02:19 +0000

FreeNAS is nearly what I want (for now). In addition to consolidating my files I want to run an IMAP server (dovecot) for my decade of archived email on my wildly over-powered "storage appliance" (sporting GBs of underutilized RAM and storage). Combined with fetchmail this would be great was to consolidate email for the long term (beyond Gmail). The necessary software is already ported to FreeBSD, so maybe could be trivial. Maybe it could take months of overcoming unanticipated challenges. Maybe I'll do it myself.

If this thing was Linux based I could probably hack it together tonight. :(

Mail with postfix and ldap

Sahil Ahuja — Sat, 03 May 2008 03:09:43 +0000

Yes, it's possible. I did it for the pragyan.org server.

The setup we used was :

/var/mail/virtual/%u : the inboxes of different users,

/var/mail/virtual/PragyanMail/%u/%f : the different folders in mailboxes of different users.

It's much easily setup than one thinks initially.

HOW?? Here's how :

But, as with anything else, basics first

SMTP server : Simple Mail Transfer Protocol : The server which sends and receives mails. Postfix (or smtp).

IMAP server : Internet Message Access Protocol : The service which interacts with the SMTP server to access mail and send mail. Dovecot
These come preinstalled in most linux distributions.

Apart from these, other tricks that can be used by people to confuse simple minded, bread earning people like us are :

MTA : Mail transfer agent : A computer program or software agent that transfers electronic mail messages from one computer to another. (Eg: Postfix, Sendmail)
MDA : Mail delivery agent : A Mail Delivery Agent (MDA) is software that delivers e-mail messages right after they've been accepted on a server, distributing them to recipients' individual mailboxes. (Eg: dovecot)
MUA : Mail user agent : An e-mail client, aka Mail User Agent (MUA), aka email reader is a frontend computer program used to manage email. (Eg: gmail, evolution, horde, squirrelmail, Outlook Express.)

Now that thats out of the way, lets get our hands dirty.

But again, not so fast. As with anything in linux, when you set off to configure something, you end up knowing much more than you bargained for. ;)

Aliases

Aliases are mappings between one source name and one or many destination name (in mail).
Aliases can be found out from flat files in the form of mapping, from sql queries or from ldap (man ldap_table). The source itself can be in the destination.
Link to alias files is given in /etc/postfix/main.cf at line

alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf

Type /usr/sbin/postmap -q core@pragyan.org ldap:/etc/postfix/ldap-aliases.cf to see its effects.

local_transport

The local_transport parameter corresponds to the mail delivery agent used.

The default with postfix is local. The problem with local is that is requires local users and hence, a posixAccount schema to be an objectClass of every mail account. Rejected. Btw local also has to ability of mail forwarding to a user. i.e. if mailbox of user user1 is user1@gmail.com (user forwarding), then local will also forward to user1@gmail.com. By default, it assumes the uid of the user it is delivering mail to while delvering mail.
Next is virtual. This is the one used. Virtual accepts users who are system users. But virtual (for security purposes) does not forward to hosts other than the localhost. So how do we forward to external hosts? virtual forwards in case the mails are aliases. So we simply put the gmail address as the entry of one of the aliases of the mail. If virtual MDA is used then whose uid does it use? (because the uid of the user himself doesn’t exist on the system). Another parameter value has to be used :
```
  virtual_minimum_uid = 100 (security feature)
  virtual_uid_maps = static:700
  virtual_gid_maps = static:700
```
Other mail delivery agents : procmail doesn’t understand LDAP, and maildrop has too much overhead.

Group expansion

Excellent notes are available in /usr/share/doc/postfix-2.4.3/README_FILES/LDAP_README.

Any “map” parameter value, like alias_maps, can be either given a flat mapping file name, or a .cf file, with tells it what to do to get the mapping, in this format : protocol:filename. Eg.

virtual_mailbox_maps = ldap:/etc/postfix/accountsmap.cf

Mail boxes

mbox is a format for storing mails. It is the default format used in postfix and dovecot. This is a line from dovecot conf :

mail_location = mbox:/var/spool/mail/virtual/PragyanMail/%u:INBOX=/var/spool/mail/virtual/%u

The first part (mbox:/var/spool/mail/virtual/PragyanMail/%u:INBOX=/var/spool/mail/virtual/%u) refers to the user’s mail folder, which contains all his mail folders (Trash, drafts, sent mail.. ) (the user’s mail folders are files in mbox format)

The second part (mbox:/var/spool/mail/virtual/PragyanMail/%u:INBOX=/var/spool/mail/virtual/%u) refers to the one specific user folder (i.e. server file) which postfix writes to, that is his INBOX. (All other folders are written to and handled by the IMAP client - dovecot.) Other variables which could have been used for specifying this are : %u - username, %n - user part in user@domain, same as %u if there’s no domain, %d - domain part in user@domain, %h - home directory etc.
A virtual user can specify his mail folder to be anywhere. So, the following is a security config for postfix INBOX files :

virtual_mailbox_base = /var/spool/mail/virtual

Also

chmod g+s /usr/bin/procmail

for it to be able to create mail directories

Maps specified in postfix

Maps are specified in /etc/postfix/main.cf. Important maps to be specified are :

User aliases virtual_alias_maps- mapping between group@domain.org and user1@pragyan.org, user2@pragyan.org, ...
User mailboxes virtual_mailbox_maps - mapping between mailaddress (user1@pragyan.org) and mailbox location (/var/spool/mail/virtual/user1). A confirmation that the mail address corresponds to a real virtual user. For mail to be delivered, this entry needs to be there, which contains the mailbox address. This is but only a one to one mapping. (Ignores all following values)

local_recipient_maps = $virtual_mailbox_maps

This line is required whenever the local_transport is changed to something else. (in this case to virtual)

Schemas (The Real Working):

Ldap Entry evolutionPersonList

contact (multiple) : links to others ldap entries : uid=sahil,ou=P... , uid=cyber, ou=.. , ...
mail (multiple) : mails : sahilahuja@gmail.com, core@pragyan.org, ...
listName (single) : list name : coding

main.cf entry : virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf . Contents of ldap-aliases.cf :

server_host = 10.0.0.126
search_base = ou=Groups,ou=Pragyan,dc=delta,dc=nitt.edu
query_filter = (&(objectClass=*)(listName=%u))
result_attribute = mail
special_result_attribute = contact
bind = yes
bind_dn = cn=dovecot,ou=Pragyan,dc=delta,dc=nitt.edu
bind_pw = ******

The field matched is listName.
The query runs recursively runs on field “contact”.
All mails of form alias@pragyan.org again go through the same process

Ldap entry evolutionPerson . Important thing in it is the mapping between uid and mail. It’s a proof to postfix the user is a real virtual user.

main.cf entry virtual_mailbox_maps = ldap:/etc/postfix/accountsmap.cf . Contents of accountsmap.cf :

server_host = 10.0.0.126
search_base = ou=People,ou=Pragyan,dc=delta,dc=nitt.edu
query_filter = (&(objectClass=*)(mail=%s))
result_attribute = uid
bind = yes
bind_dn = cn=dovecot,ou=Pragyan,dc=delta,dc=nitt.edu
[gallery]bind_pw = ******

The final main.cf entry that fits it all : virtual_mailbox_base = /var/spool/mail/virtual . A file with the name that is a result of the previous query (uid), gets created in this directory as the inbox of the user.

Workflow is mailid → getaliases → Use alias result to get mail ids → deliver. That is, first alaises get processed, then accountsmap.

Here are the files I used finally :

Postfix : main.cf, accountsmap.cf, ldap-alias.conf
Dovecot : dovecot.conf, dovecot-ldap.conf
Here is a compilation of the final content of these files : mailconfiguration pdf, mailconfiguration odt

Here is the link of the guide I used as my own reference.

Imapsync vs secure copy+mb2md SAS

Fernando André — Wed, 30 Apr 2008 21:57:17 +0000

++++ Statistics ++++

Time : 50 sec Messages transfered : 995 Messages skipped : 0 Total bytes transfered : 25959720 Total bytes skipped : 0 Total bytes error : 0 Detected 0 errors Please, rate imapsync at http://freshmeat.net/projects/imapsync/

real 0m50.666s user 0m46.519s sys 0m3.476s

28M /home/ndref/

Teste após ter feito um POP

++++ Statistics ++++ Time : 3 sec Messages transfered : 0 Messages skipped : 943 Total bytes transfered : 0 Total bytes skipped : 25720752 Total bytes error : 0 Detected 0 errors Please, rate imapsync at http://freshmeat.net/projects/imapsync/

real 0m3.377s user 0m3.140s sys 0m0.200s

Eliminei dados de uma das pastas

antes : du -s /home/ndref/ 28228 /home/ndref/

depois : du -s /home/ndref/ 28680 /home/ndref/

++++ Statistics ++++ Time : 44 sec Messages transfered : 39 Messages skipped : 943 Total bytes transfered : 346799 Total bytes skipped : 25720752 Total bytes error : 0 Detected 0 errors Please, rate imapsync at http://freshmeat.net/projects/imapsync/

real 0m43.550s user 0m40.927s sys 0m2.536s

Teste usando copy com scp e depois o mdb2maildir

time scp root@192.168.34.83:/var/spool/mail/user2 . root@192.168.34.83’s password: joseol 100% 275MB 34.4MB/s 00:08

real 0m10.490s user 0m3.840s sys 0m1.264s

time ./mb2md user2 user2Maildir real 0m40.188s user 0m30.702s sys 0m7.488s

Resultou em vários erros durante a conversão de timestamps.

http://www.gerg.ca/hacks/mb2md/ works more or less ok in maildir, need to test the file contents.

http://batleth.sapienti-sat.org/projects/mb2md/

time scp root@192.168.34.83:/var/spool/mail/teste61b . root@192.168.34.83’s password: tvtel47261b 100% 263MB 5.4MB/s 00:49

real 0m56.528s user 0m3.644s sys 0m1.348s

time ./mb2md user1 teste61bMaildir real 0m20.478s user 0m17.633s sys 0m2.600s [18:06:06] mailer1:~/tmp#

time scp root@192.168.34.83:/var/spool/mail/user1 . root@88.157.32.65’s password: tvtel105853b 100% 244MB 15.2MB/s 00:16

real 0m22.852s user 0m3.520s sys 0m1.180s

Após executar conversão com mb2maidir real 0m35.396s user 0m26.550s sys 0m6.644s

Teste hdparm

/dev/sda: Timing cached reads: 9662 MB in 2.00 seconds = 4837.35 MB/sec mailStorage1:/etc#

Hardware

2 discos sas em raid 1 ;

4GB Ram

QuadCore Intel(R) Xeon(R) CPU E5405 @ 2.00GHz

Resultado:

No final o mb2md com nfs mounted volume funcionou bem mas mesmo usando este modo demorou uma eternidade para migrar tudo.

ImapSync demora muito quando se pretendem fazer várias caixas de correio simultaneamente, sincronismo semanalmente para migração lenta é engraçado mas o sync com mais de 1000 caixas de correio com ~250 MB demora muito.

O dovecot continua a surpreender-me com os vários mecanismos de controlo de conteúdo da INBOX .

O que falhou na migração ?! Nada correu tudo bem, foi demorado mas correu bem. Após a cópia fez-se um redimensionamento das quotas para abranger a junção da antiga home+mailbox para a nova Home.

Em alguns casos resultou num tamanho exagerado, as home's só tinham mailbox do webmail foram migradas também com o script abaixo que foi melhorado pelo Russel Nelson.

Script usado : http://qmail.europnews.de/convert-and-create

este revelou vantagens no acesso às mailbox's do uw-imap , conversão dos dados do webmail.

HdParm a um disco sas:

hdparm -T /dev/sda

/dev/sda:
Timing cached reads: 8466 MB in 2.00 seconds = 4237.86 MB/sec

dovecot

Fernando André — Tue, 01 Apr 2008 14:19:35 +0000

Com tantos problemas porque é que não implementam uma solução directa no servidor ?!

"Attempted master login with no master passdbs"

martin — Sun, 10 Feb 2008 06:31:16 +0000

If you get this under some conditions while using dovecot for SASL authentication from the Postfix MTA, you're using an outdated pre-release version of dovecot, like e.g. 1.0.rc15. This specific version is still included not only in CentOS and RHEL 5 but also in Debian 4.0 (etch). The error is caused by a bug that was already fixed in later pre-release versions.

I replaced the stock rpm from CentOS 5 with the current released dovecot 1.0.10 rpm from atrpms.net, which instantly fixed the problem.

Packages of dovecot 1.0.10 for Debian are available from backports.org.

tpop3d-Migrationspfad

martin — Sat, 09 Feb 2008 19:22:20 +0000

So leid es tut, daß der Autor von tpop3d sich vor einem Jahr das Leben genommen hat, so dringlich war es dann doch, eine Software, die nicht mehr gewartet wird und für die auch kein Fork ansteht, weil ihre Zeit nebenbei auch ein wenig vorbei ist, durch eine andere Lösung zu ersetzen.

Gut, daß ich mich in diesen Tagen aus anderen Gründen mit dovecot auseinandersetzen durfte. Da dovecot nicht nur die in meinen Perl-Authenticator für tpop3d verwendeten Prozentzeichen im Nutzernamen (first.last%example.com) in Klammeraffen übersetzen kann, sondern sogar eine Konfigurationsoption hat, um auf dem selben Maildir auch die selben UIDs wie tpop3d anzuzeigen...

auth_username_translation = %@
pop3_uidl_format = %Mf

...bestand die ganze Migration darin, das Script, das die passwd-Datei für tpop3d generierte, so anzupassen, daß Klammeraffen statt Prozentzeichen verwendet werden. Danach habe ich todesmutig direkt den POP3-Server für meine 100 User umgeswitcht. Die ersten Anwender, die erkennbar leave-mail-on-server aktiv haben, haben schon gepollt und nicht die alten Mails mitbekommen. Der UIDL-Hack hat also funktioniert.

Ciao, tpop3d mit Deinem voll mit Perl verscriptbaren Authentifizierungs-API. Ich habe Dir immerhin sechs Jahre lang die Treue gehalten. Und danke Chris (hoffentlich an einem Ort, der dir besser gefällt) dafür, daß Du mir immer geholfen hast, das Ding auch nochmal unter Solaris zu übersetzen. :-)

Wahrscheinlich bin ich der einzige Mensch weit und breit, der jetzt dovecot als reinen POP3-Server einsetzt. Geradezu reaktionär, wo doch IMAP der allerletzte Schrei ist.

So, und jetzt nichts wie weg vom Rechner und das Handy ausschalten. ;-)

Mail Server with Virtual Users using Postfix + Postfix Admin + Dovecot + MySQL + CentOS 4.5 with RoundcubeMail

jangestre — Tue, 27 Nov 2007 01:43:21 +0000

This installation was done using CentOS 4.5 since the it is mandatory on my part to use a RHEL clone. You maybe wondering why not CentOS 5, the reason behind is that the source rpm for postfix that I got is not built for RHEL5 and I'll rather use FreeBSD or Debian if given the choice. :)

I've installed the default apache, mysql, postfix, dovecot and php-mysql from the installation CD's, then upgrade the packages using yum with --enablerepo=CentOSPlus.

Since the default MTA for CentOS is Sendmail, use system-switch-mail-nox from the command line to change the MTA from Sendmail to Postfix.

# system-switch-mail-nox

Then make sure the services are started during bootup using chkconfig command:

# chkconfig mysqld on
# chkconfig httpd on
# chkconfig dovecot on
# chkconfig postfix on

It is now time to upgrade the packages installed. This command will upgrade php from version to version 5 including the dependencies that includes mysql5

# yum --enablerepo=centosplus install php5

Then upgrade apache: To update apache first use the base repo then upgrade using the centosplus repo. If you won't
follow this sequence you'll end up with a broken httpd installation.

# yum update http* # yum upgrade --enablerepo=centosplus http*

The default postfix rpm does not include mysql support, so to overcome this we must rebuild postfix using the source rpm.
NOTE: The source rpm is specifically built for RHEL4 so that's why I used CentOS4.x series.

Download the postfix-2.4.x.src.rpm

# wget http://postfix.wl0.org/ftp/official/2.4/SRPMS/postfix-2.4.6-1.src.rpm

Install postfix-2.4.x.src.rpm

# rpm -Uvh postfix-2.4.x.src.rpm

Then edit postfix.spec, modify the version and add MySQL support (%define with_mysql_redhat 1) and build it.
Note: Use mysql_redhat instead of mysql!

# vi /usr/src/redhat/SPECS/postfix.spec

-----

%define with_cdb          0
%define with_ldap         1
%define with_mysql        0
%define with_mysql_redhat 1
%define with_pcre         1
%define with_pgsql        0
%define with_sasl         1
%define with_spf          0
%define with_dovecot      1
%define with_tls          1
%define with_tlsfix       2
%define with_vda          0  

----- # rpmbuild -bb /usr/src/redhat/SPECS/postfix.spec

Download dovecot 1.0.7 src.rpm, the version that comes with Centos4.5 doesn't have MySQL support

# wget http://dl.atrpms.net/all/dovecot-1.0.7-0_63.src.rpm

Rebuild Dovecot:

First you need to create the /etc/rpm/macros.atrpms file to overcome the kernel limitation and insert the following in the file:

# vi /etc/rpm/macros.atrpms  %bcond_with()           %{expand:%%{?_with_%{1}:%%global with_%{1} 1}}
%bcond_without()        %{expand:%%{!?_without_%{1}:%%global with_%{1} 1}}
%with()                 %{expand:%%{?with_%{1}:1}%%{!?with_%{1}:0}}
%without()              %{expand:%%{?with_%{1}:0}%%{!?with_%{1}:1}}

Save and quit vi.

Edit /usr/src/redhat/SPECS/dovecot.spec and add support for MySQL.

For my build I need to install gettext-devel, go ahead and install using yum.

# yum install gettext-devel pcre-devel

Then rebuild the rpm.

# rpmbuild --without inotify -bb /usr/src/redhat/SPECS/dovecot.spec

Create the virtualmail user and virtual users mail directory:
Note: It need not be in /home, it can also exist in /var

# useradd -r -u 150 -g mail -d /home/virtualmail -s /sbin/nologin -c "Virtual Mailbox" virtualmail

The above command means that user virtualmail is a member of the "mail" group with default home at /home/virtualmail.

Then create the directory and change ownership:

# mkdir -p /home/virtualmail
# chmod 770 /home/virtualmail
# chown virtualmail:mail /home/virtualmail/

Self-signed server certificate:

This will be used by postfix and dovecot.
First create the directories, create the private key, and lastly create the certificate.

# mkdir -p /etc/postfix/ssl
# cd /etc/postfix/ssl
# openssl genrsa 1024 > mail-key.pem
# chmod 400 mail-key.pem
# openssl req -new -x509 -nodes -sha1 -days 3650 -key mail-key.pem > mail-cert.pem

Postfix Configuration Files:

Manually create the following files under the /etc/postfix directory which will be used for the virtual settings:

/etc/postfix/mysql_virtual_alias_maps.cf :

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address

/etc/postfix/mysql_virtual_domains_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
# The ff: is optional
additional_conditions = and backupmx = '0' and active = '1'

/etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username

/etc/postfix/mysql_virtual_mailbox_limits_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username

/etc/postfix/mysql_relay_domains_maps.cf:

user            = postfix
password        = postfix
hosts           = localhost
dbname          = postfix
query           = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'

Edit /etc/postfix/main.cf, my config looks like the following:

myhostname = mail.myserver.ph
mydomain = myserver.ph
myorigin = $mydomain
inet_interfaces = all
mydestination = localhost
mynetworks = 192.168.234.0/24, 127.0.0.0/8
relay_domains = $mydestination
smtpd_recipient_restrictions =  permit_sasl_authenticated
				permit_mynetworks
				reject_unauth_destination
                                permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# -------Virtual mailbox settings-----------
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /home/virtualmail
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later
virtual_overquota_bounce = yes

Edit master.cf and let dovecot handle local delivery:

# Dovecot LDA
 dovecot   unix  -       n       n       -       -       pipe
 flags=DRhu user=virtualmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}

Dovecot Configuration:

Create the dovecot user that will be used to access the postfix database:

mysql> grant SELECT ON postfix.*  to 'dovecot'@'localhost' IDENTIFIED by 'dovecot';

Edit dovecot.conf, here is my configurations:

## Dovecot configuration file
 base_dir = /var/run/dovecot/
 protocols = imap imaps pop3 pop3s
 listen = [::]
 log_timestamp = "%Y-%m-%d %H:%M:%S "
 syslog_facility = mail
 ssl_disable = no
 ssl_cert_file = /etc/postfix/ssl/mail-cert.pem
 ssl_key_file = /etc/postfix/ssl/mail-key.pem
 ssl_parameters_regenerate = 168
 verbose_ssl = no
 mail_location = maildir:/home/virtualmail/%d/%u
 mail_extra_groups = mail
 mail_debug = no
 first_valid_uid = 150
 last_valid_uid = 150
 maildir_copy_with_hardlinks = yes
 protocol imap {
 login_executable = /usr/libexec/dovecot/imap-login
 mail_executable = /usr/libexec/dovecot/imap.
 imap_max_line_length = 65536
 imap_client_workarounds = outlook-idle
 }
 protocol pop3 {
 # Login executable location.
 login_executable = /usr/libexec/dovecot/pop3-login
 mail_executable = /usr/libexec/dovecot/pop3
 pop3_uidl_format = %08Xu%08Xv
 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
 }
 protocol lda {
 # Address to use when sending rejection mails.
 postmaster_address = postmaster@myserver.ph
 # Binary to use for sending mails.
 sendmail_path = /usr/lib/sendmail # UNIX socket path to master authentication server to find users.  auth_socket_path = /var/run/dovecot/auth-master
}
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
auth default {
passdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
args = /etc/dovecot-sql.conf
}
# SQL database <doc/wiki/AuthDatabase.SQL.txt>
userdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
args = /etc/dovecot-sql.conf }
user = nobody
socket listen {
	master {
	path = /var/run/dovecot/auth-master
	mode = 0660
	user = virtualmail
	group = mail
	}
	client {
	path = /var/run/dovecot/auth-client
	mode = 0660
	user = postfix
	group = mail
	}
  }
}
dict {
}
plugin {
}

----
Edit /etc/dovecot-sql.conf:

driver = mysql
 connect = host=localhost dbname=postfix user=dovecot password=dovecot
 default_pass_scheme = MD5
 # Get the mailbox
 user_query = SELECT '/home/virtualmail/%d/%n' as home, 'maildir:/home/virtualmail/%d/%n' as mail, 150 AS uid, 12 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
 # Get the password
 password_query = SELECT username as user, password, '/home/virtualmail/%d/%n' as userdb_home, 'maildir:/home/virtualmail/%d/%n' as userdb_mail, 150 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

Postfix Admin configuration:

Download latest postfixadmin v2.2 from svn

# svn co https://postfixadmin.svn.sourceforge.net/svnroot/postfixadmin/trunk postfixadmin

put postfixadmin in web root

# mkdir -p /var/www/html/postfixadmin

Copy entire postfixadmin to --> "/var/www/html/postfixadmin"

Edit DATABASE_MYSQL.TXT and provide password for user postfix and postfixadmin.
If not, you will get a database access denied error!

# vi /var/www/html/postfixadmin/DATABASE_MYSQL.TXT FLUSH PRIVILEGES;
 GRANT USAGE ON postfix.* TO postfix@localhost IDENTIFIED BY 'postfix';
 GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfix@localhost;
 GRANT USAGE ON postfix.* TO postfixadmin@localhost IDENTIFIED BY 'postfixadmin';
 GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfixadmin@localhost;
 USE postfix;

Save the changes made and exit vi.
Load the postfixadmin database.

# mysql -u root -ppassword < /var/www/html/postfixadmin/DATABASE_MYSQL.TXT

Edit config.inc.php and set your default domain, to globally change the given default domain name, use the replace command:

# replace change-this-to-your.domain.tld yourdomain.com -- config.inc.php

Set some variable in config.inc.php:

//$CONF['configured'] = false; <-- remember to comment out this line, enabled by default! // Postfix Admin Path
 // Set the location of your Postfix Admin installation here.
 // You must enter complete url (http://domain.tld/) and full path (/var/www/postfixadmin)
 $CONF['postfix_admin_url'] = 'http://192.168.159.131/postfixadmin/';
 $CONF['postfix_admin_path'] = '/var/www/html/postfixadmin';
 $CONF['database_type'] = 'mysqli';
 $CONF['database_host'] = 'localhost';
 $CONF['database_user'] = 'postfixadmin';
 $CONF['database_password'] = 'postfixadmin';
 $CONF['database_name'] = 'postfix';
 $CONF['database_prefix'] = '';

Go to browser and type url http://ip.add.ress/postfixadmin and run setup from the menu and check for errors!

To be continued!

Dovecot in park of the city of Elche, Spain

ballesta — Sun, 29 Apr 2007 06:43:26 +0000