Postfix Virtual Hosting With LDAP Backend With Dovecot As IMAP/POP3 Server On Ubuntu Hardy Heron 8.04 TLS - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by Miguel (Contact Author) (Forums) on Mon, 2008-07-28 16:30. ::

Step 4: Install and configure dovecot

apt-get install dovecot-imapd dovecot-pop3d

This will install dovecot and all necessary files and also create the standard ssl certificates for IMAPs and POP3s.

Now we back up the original configuration file for safe keeping.

mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.bck
mv /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-ldap.conf.bck

Next you can create new configuration files with the examples provide below.

vi /etc/dovecot/dovecot.conf

auth_verbose = yes
mail_debug = yes

base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
protocol lda {
  postmaster_address = postmaster@example.tld
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/log/dovecot-deliver.log
  info_log_path = /var/log/dovecot-deliver.log
  }
listen = *
shutdown_clients = yes
log_path = /var/log/dovecot.log
info_log_path = /var/log/mail.log
log_timestamp = "%b %d %H:%M:%S "
syslog_facility = mail
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
login_chroot = yes
login_user = postfix
login_process_per_connection = yes
login_processes_count = 2
login_max_processes_count = 128
login_max_connections = 256
login_greeting = Welkom bij Webhabitat's Dovecot eMail Server.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_log_format = %$: %s
default_mail_env = maildir:/home/vmail/domains/%d/%u
first_valid_uid = 108 # REMEBER THIS MUST BE CHANGED TO YOUR UID FOR "postfix" FROM /etc/passwd
pop3_uidl_format = %08Xu%08Xv
auth default {
    mechanisms = PLAIN LOGIN
    passdb ldap {
        args = /etc/dovecot/dovecot-ldap.conf
    }
    userdb ldap {
        args = /etc/dovecot/dovecot-ldap.conf
    }
socket listen {
                master {
                        path = /var/run/dovecot/auth-master
                                mode = 0600
                        user = vmail
                        group = vmail
                }
                client {
                        path = /var/spool/postfix/private/auth
                        mode = 0660
                        user = postfix
                        group = postfix
                }
        }
        user = vmail
}

vi /etc/dovecot/dovecot-ldap.conf

hosts = localhost
auth_bind = yes
auth_bind_userdn = mail=%u,vd=%d,o=hosting,dc=example,dc=tld
ldap_version = 3
base = dc=example,dc=tld
dn = cn=admin,dc=example,dc=tld
dnpass = secret
deref = never
scope = subtree
user_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
pass_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
default_pass_scheme = MD5
# the uid of your vmail user
user_global_uid = 1000
# the guid of your vmail group
user_global_gid = 1000

Note: Remember to change example.tld to your own domain.tld see assumptions.

The follwoing entry in dovecot.conf enables sasl:

socket listen {
                master {
                        path = /var/run/dovecot/auth-master
                                mode = 0600
                        user = vmail
                        group = vmail
                }
                client {
                        path = /var/spool/postfix/private/auth
                        mode = 0660
                        user = postfix
                        group = postfix
                }
        }
        user = vmail
}

The following entry in dovecot.conf provides session and logging for dovecot deliver:

protocol lda {
  postmaster_address = postmaster@example.tld
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/log/dovecot-deliver.log
  info_log_path = /var/log/dovecot-deliver.log
  }

At this moment I haven't gotten dovecot to use the quota entries provided by phamm, this will be an addon in the (very, hopefully :) ) future.

This concludes the dovecot configuration.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by difallah (not registered) on Sun, 2011-05-29 14:25.

to avoid :

root@mail:/etc/ssl/certs# tailf /var/log/dovecot.log 
dovecot: May 29 15:05:15 Error: pop3-login: Can't load private key file 
/etc/ssl/certs/ssl-cert-snakeoil.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line
dovecot: May 29 15:05:15 Error: child 15890 (login) returned error 89
dovecot: May 29 15:05:15 Error: child 15891 (login) returned error 89
dovecot: May 29 15:05:15 Error: child 15892 (login) returned error 89
dovecot: May 29 15:05:15 Error: child 15893 (login) returned error 89
dovecot: May 29 15:05:15 Error: pop3-login: Can't load private key file 
/etc/ssl/certs/ssl-cert-snakeoil.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line
dovecot: May 29 15:05:15 Error: imap-login: Can't load private key file 
/etc/ssl/certs/ssl-cert-snakeoil.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line
dovecot: May 29 15:05:15 Error: imap-login: Can't load private key file 
/etc/ssl/certs/ssl-cert-snakeoil.pem: error:0906D06C:PEM 
routines:PEM_read_bio:no start line 

correct in /etc/dovecot/dovecot.conf : Replace

ssl_key_file = /etc/ssl/certs/ssl-cert-snakeoil.pem

By ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key

 and allow user devocot read right for .  /etc/ssl/private/ssl-cert-snakeoil.key by adding him to ssl-cert  as secondary group  :

usermod -a -G ssl-cert dovecot
Submitted by willi (not registered) on Sun, 2009-06-28 01:22.

Thank you for this howto - I do follow your explanations on an CentOS 5 System: With modifications I have dovecot working and accepting it. Phamm is implemented on another system and connects to the Mailserver with Openldap (I do want to go further moving it to another Server with Kerberos Ldap support isolating mail.lan.dom for security reasons) 1.) I got stuck with gnarwl getting compile errors - will contact the developer for this! BUT: I do have problems with postfix - accounts are verified against ldap - this is OK BUT: I think postfix is not able to create the mailbox path a postmap -q john.doe@lan.dom ldap:accounts retreats lan.dom/john.doe which seems to be perfect the maillog issues: fatal: pipe_command: execvp /usr/local/bin/maildrop: No such file or directory++ ps.: I'd built transport.db and virtual.db from empty files tks in advance IF - I'm through with this I will write it down and send you the implementation log - if you like

Submitted by Janusz (not registered) on Wed, 2009-04-15 22:37.

Hi, this howto includes one mistake and some inaccuraties. Please take under consideration the following issues: - it is:
 dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient)
while it should be:
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
- it is:
# the uid of your vmail user user_global_uid = 1000
# the guid of your vmail group user_global_gid = 1000
mine dovecot doesn't recognize those options, but those work:
mail_uid = 1000 mail_gid = 1000
- in /etc/dovecot/dovecot-ldap.conf it is:
dn = cn=admin,dc=example,dc=tld dnpass = secret
what for is it for? its not needed, in my opinion.
- you use Debian - once upon a time I've also used Debian. The problem with it was that postfix deb wasn't compiled with vda extension - quota need this to work. The howto is ok, but I would suggest writing also overall architecture
- there is no saslauthd and this is great as the setup is much more simple, but one don't have to know that postfix can use dovecot-sasl or even that dovecot provides one. The most important thing which wasn't written is that the phamm.org (or better - phamm package) includes most of examples provided here, so they are very good for reference. Regards.

Submitted by willi (not registered) on Sun, 2009-06-28 01:06.

sorry i'd like to say beam me up scotty I do not see the point I think those lines are equal: Hi, this howto includes one mistake and some inaccuraties. Please take under consideration the following issues: - it is:  dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient) while it should be: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} -----------------------

Submitted by Clayton Davis (not registered) on Fri, 2008-12-05 18:55.

Dovecot requires you to replace "default_mail_env" with "mail_location" if you are using Dovecot > 1.0rc11.  This is applicable to the default version installed in Ibex (8.10).