• Postfix-Dovecot-MySQL: Dovecot
  • Installation
  • Konfiguration
    • conf.d/10-auth.conf
    • conf.d/auth-sql.conf.ext
    • conf.d/10-mail.conf
    • conf.d/10-master.conf
    • conf.d/10-ssl.conf
    • conf.d/15-mailboxes.conf
    • dovecot-sql.conf.ext
  • Start
  • Links

Postfix-Dovecot-MySQL: Dovecot

Zweiter Teil der “Postfix-Dovecot-MySQL”-Trilogie

Installation

sudo apt-get install dovecot-mysql dovecot-imapd dovecot-lmtpd -t jessie-backports

Konfiguration

Email soll in Postfächern ‘virtueller’ Benutzer gespeichert werden. Es wird ein dedizierter User für alle Postfächer gebraucht:

sudo mkdir -m 0700 /var/vmail
sudo adduser \
  --home /var/vmail \
  --no-create-home \
  --shell /bin/false \
  --disabled-password \
  --disabled-login \
  --gecos "Virtual Mailboxes" vmail
sudo chown vmail.vmail /var/vmail

conf.d/10-auth.conf

grep -vE "^\s*$|^\s*#" 10-auth.conf 
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-sql.conf.ext

conf.d/auth-sql.conf.ext

passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
  driver = static
  args = uid=vmail gid=vmail home=/var/vmail/%d/%n
}

conf.d/10-mail.conf

grep -vE "^\s*$|^\s*#" 10-mail.conf
mail_location = maildir:/var/vmail/%d/%n/Maildir
namespace inbox {
  inbox = yes
}

conf.d/10-master.conf

Bis zum Live-Gang sollen alle Dovecot-Dienste nicht öffentlich sichtbar sein, daher sind alle IP/Port-basierten Diensten auf localhost beschränkt (address = 127.0.0.1), dies wird für IMAP und POP3 später geändert.

LMTP bleibt nicht-öffentlich!

grep -vE "^\s*$|^\s*#" 10-master.conf
default_internal_user = dovecot
service imap-login {
  inet_listener imap {
    port = 143
    address = 127.0.0.1
  }
  inet_listener imaps {
    port = 993
    ssl = yes
    address = 127.0.0.1
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 110
    address = 127.0.0.1
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
    address = 127.0.0.1
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
  }
  inet_listener lmtp {
    address = 127.0.0.1
    port = 24
  }
}
service imap {
}
service pop3 {
}
service auth {
  unix_listener auth-userdb {
    mode = 0660
    user = vmail
    group = vmail
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
  user = $default_internal_user
}
service auth-worker {
  user = $default_internal_user
}
service dict {
  unix_listener dict {
  }
}

conf.d/10-ssl.conf

grep -vE "^\s*$|^\s*#" 10-ssl.conf
ssl = required
ssl_cert =</etc/dovecot/ssl/dovecot.crt
ssl_key  =</etc/dovecot/ssl/dovecot.key
ssl_dh_parameters_length = 1024
ssl_protocols = !SSLv2
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_prefer_server_ciphers = yes
#>

conf.d/15-mailboxes.conf

grep -vE "^\s*$|^\s*#" 15-mailboxes.conf
namespace inbox {
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Trash {
    special_use = \Trash
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
}

dovecot-sql.conf.ext

grep -vE "^\s*$|^\s*#" dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=dovecot password=ChangeMe
default_pass_scheme = SHA256-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';

Start

sudo service dovecot restart
# ...
sudo netstat -tlpen | grep dovecot
# ...
openssl s_client -starttls imap -connect 127.0.0.1:143
# ...
openssl s_client -starttls smtp -connect 127.0.0.1:24
# ...

Links

1. Postfix-Dovecot-MySQL: MySQL ist der erste Teil der “Postfix-Dovecot-MySQL”-Trilogie
2. Postfix-Dovecot-MySQL: Postfix ist der dritte Teil der “Postfix-Dovecot-MySQL”-Trilogie