Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, Mysql, Dovecot, DSpam, ClamAV, Postgrey, RBL) - Page 9
On this page
VI. Insecure IMAP
So now you've got a pretty darned bullet-proof mail server setup. Mail comes in, is run through a variety of anti-spam procedures, and is checked for viruses before being nicely deposited in a virtual user's directory on the internal server. But... how do the users get to their email?
Good question. The answer varies depending on where the user is. For the time being, we're going to assume that the user is either (A) On the local (internal) network, or (B) is accessing their email via a secure connection to the web server. For either one of these, they will need IMAP to be running. Since the postman server already has a fully-functional IMAP server installed on it (Dovecot), let's use that server to do their accesses.
Open up the Dovecot configuration file located in /etc/dovecot/dovecot.conf and make it look the following. There is
probably already lots of default configuration done, so you will probably only need to uncomment certain sections and change minor things.
## Dovecot configuration file
#
base_dir = /var/run/dovecot/
#
# imap imaps pop3 pop3s (use imaps and pop3s if configured for SSL)
protocols = imap
#
# Uncomment the ssl_listen statements and comment out listen if using SSL
protocol imap {
listen = *:143
# ssl_listen = *:993
}
#protocol pop3 {
#listen = *:110
# ssl_listen = *:995
#}
#
log_timestamp = “%Y-%m-%d %H:%M:%S ”
syslog_facility = mail
#
# Uncomment these if using SSL
#ssl_cert_file = /etc/ssl/mycompany/mailserver/mail-cert.pem
#ssl_key_file = /etc/ssl/mycompany/mailserver/mail-key.pem
#ssl_ca_file = /etc/ssl/mycompany/ca/mycompany.pem
#ssl_verify_client_cert = yes
#ssl_parameters_regenerate = 168
#verbose_ssl = no
#
# Where the mailboxes are located
mail_location = maildir:/vmail/%d/%u
#
mail_extra_groups = mail
mail_debug = no
first_valid_uid = 150
last_valid_uid = 150
maildir_copy_with_hardlinks = yes
#
protocol imap {
login_executable = /usr/lib/dovecot/imap-login
mail_executable = /usr/lib/dovecot/imap
imap_max_line_length = 65536
}
#protocol pop3 {
#login_executable = /usr/lib/dovecot/pop3-login
#mail_executable = /usr/lib/dovecot/pop3
#pop3_uidl_format = %08Xu%08Xv
#}
protocol lda {
postmaster_address = [email protected]
sendmail_path = /usr/lib/sendmail
auth_socket_path = /var/run/dovecot/auth-master
}
#
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
#
auth default {
mechanisms = plain
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
#
# If you want client certificates, use these lines
# ssl_require_client_cert = yes
# ssl_username_from_cert = yes
}
NOTE: You can't just copy the above configuration and expect it to work! You're going to need to incorporate any changes above into your own configuration.
The Dovecot configuration is almost complete, but just as with the Postfix configuration, the MySQL settings need to be incorporated.
Open the file /etc/dovecot/dovecot-sql.conf and make sure that the following is present.
driver = mysql
connect = host=sql-1.internal.example.com dbname=virtual_mail user=vmail_user password=vmail_user_password
# The new name for MD5 is MD5-CRYPT so you might need to change this depending on version
default_pass_scheme = MD5
# Get the mailbox
user_query = SELECT '/vmail/%d/%n' AS home, 'maildir:/vmail/%d/%n' AS mail, 150 AS uid, 8 AS gid, CONCAT('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
# Get the password
password_query = SELECT username AS user, password, '/vmail/%d/%n' AS userdb_home, 'maildir:/vmail/%d/%n' AS userdb_mail, 150 AS userdb_uid, 8 AS userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
# If using client certificates for authentication, comment the above and uncomment the following
#password_query = SELECT null AS password, '%u' AS user
Since we've stored our MySQL password in plain-text format in this document, we're going to want to make sure we're the only ones who can read it!
# chmod 600 /etc/dovecot/*.conf
# chown vmail /etc/dovecot/*.conf
The Internal/Insecure Dovecot configuration is now finished! go ahead and resart the dovecot service:
# invoke-rc.d dovecot restart
... and your internal/webmail users can now check for email on postman.internal.example.com