Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, Mysql, Dovecot, DSpam, ClamAV, Postgrey, RBL) - Page 9

VI. Insecure IMAP

So now you've got a pretty darned bullet-proof mail server setup. Mail comes in, is run through a variety of anti-spam procedures, and is checked for viruses before being nicely deposited in a virtual user's directory on the internal server. But... how do the users get to their email?

Good question. The answer varies depending on where the user is. For the time being, we're going to assume that the user is either (A) On the local (internal) network, or (B) is accessing their email via a secure connection to the web server. For either one of these, they will need IMAP to be running. Since the postman server already has a fully-functional IMAP server installed on it (Dovecot), let's use that server to do their accesses.

Open up the Dovecot configuration file located in /etc/dovecot/dovecot.conf and make it look the following. There is
probably already lots of default configuration done, so you will probably only need to uncomment certain sections and change minor things.

## Dovecot configuration file
#
base_dir = /var/run/dovecot/
#
# imap imaps pop3 pop3s (use imaps and pop3s if configured for SSL)
protocols = imap
#
# Uncomment the ssl_listen statements and comment out listen if using SSL
protocol imap {
listen = *:143
# ssl_listen = *:993
}
#protocol pop3 {
#listen = *:110
# ssl_listen = *:995
#}
#
log_timestamp = “%Y-%m-%d %H:%M:%S ”
syslog_facility = mail
#
# Uncomment these if using SSL
#ssl_cert_file = /etc/ssl/mycompany/mailserver/mail-cert.pem
#ssl_key_file = /etc/ssl/mycompany/mailserver/mail-key.pem
#ssl_ca_file = /etc/ssl/mycompany/ca/mycompany.pem
#ssl_verify_client_cert = yes
#ssl_parameters_regenerate = 168
#verbose_ssl = no
#
# Where the mailboxes are located
mail_location = maildir:/vmail/%d/%u
#
mail_extra_groups = mail
mail_debug = no
first_valid_uid = 150
last_valid_uid = 150
maildir_copy_with_hardlinks = yes
#
protocol imap {
login_executable = /usr/lib/dovecot/imap-login
mail_executable = /usr/lib/dovecot/imap
imap_max_line_length = 65536
}
#protocol pop3 {
#login_executable = /usr/lib/dovecot/pop3-login
#mail_executable = /usr/lib/dovecot/pop3
#pop3_uidl_format = %08Xu%08Xv
#}
protocol lda {
postmaster_address = postmaster@mydomain.com
sendmail_path = /usr/lib/sendmail
auth_socket_path = /var/run/dovecot/auth-master
}
#
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
#
auth default {
mechanisms = plain
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
#
# If you want client certificates, use these lines
# ssl_require_client_cert = yes
# ssl_username_from_cert = yes
}

NOTE: You can't just copy the above configuration and expect it to work! You're going to need to incorporate any changes above into your own configuration.

The Dovecot configuration is almost complete, but just as with the Postfix configuration, the MySQL settings need to be incorporated.

Open the file /etc/dovecot/dovecot-sql.conf and make sure that the following is present.

driver = mysql
connect = host=sql-1.internal.example.com dbname=virtual_mail user=vmail_user password=vmail_user_password
# The new name for MD5 is MD5-CRYPT so you might need to change this depending on version
default_pass_scheme = MD5
# Get the mailbox
user_query = SELECT '/vmail/%d/%n' AS home, 'maildir:/vmail/%d/%n' AS mail, 150 AS uid, 8 AS gid, CONCAT('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
# Get the password
password_query = SELECT username AS user, password, '/vmail/%d/%n' AS userdb_home, 'maildir:/vmail/%d/%n' AS userdb_mail, 150 AS userdb_uid, 8 AS userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
# If using client certificates for authentication, comment the above and uncomment the following
#password_query = SELECT null AS password, '%u' AS user

Since we've stored our MySQL password in plain-text format in this document, we're going to want to make sure we're the only ones who can read it!

# chmod 600 /etc/dovecot/*.conf
# chown vmail /etc/dovecot/*.conf

The Internal/Insecure Dovecot configuration is now finished!  go ahead and resart the dovecot service:

# invoke-rc.d dovecot restart

... and your internal/webmail users can now check for email on postman.internal.example.com

Share this page:

Sub pages

5 Comment(s)

Add comment

Comments

From: at: 2008-03-27 06:06:28

Hi Vector,

I would just like to know how the mail gets transferred from the MX's to the delivery server (postman). I'm trying to understand how this full mail server setup works because I would like to implement something similar to this but using centos and ldap users.  

From: Stefan at: 2008-11-01 18:07:49

There is no explanation on how the mail is actually transfered from the MX server to the Mail Delivery Server. Using the steps in the guide will make the MX server try to deliver the mail directory into the NFS shared vmail folder, which isn't the desired behaviour.

From: Matt at: 2009-06-15 13:16:16

"NOTE: This is a temporary setup, just because we hadn't finished the DSPAM virtual user install prior to writing this guide. Ideally, you'd want DSPAM looking at the same virtual user table as Postfix in order to get all the token information stored correctly. I'll update the guide as soon as we've completed that change-over."

 Has this been updated anywhere? can anyone shed some light on what changes should be made?

 

From: mbsouth at: 2009-09-10 10:02:01

Would be nice to have an updated howto (based an this one) with Debian Lenny, Postfix 2.5(6), Dovecot 1.1(2) on three nodes (2xSMTP Postfix, 1x Dovecot IMAP/POP3)

 

From: at: 2007-11-15 20:55:15

Heads up when using the configuration examples for the mailbox path. Since maildir:/vmail/%d/%u is used in dovecot.conf, you should do the same in dovecot-sql.conf.

Such as:

# Get the mailbox
user_query = SELECT '/vmail/%d/%u' AS home, 'maildir:/vmail/%d/%u' AS mail, 150 AS uid, 8 AS gid, CONCAT('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
# Get the password
password_query = SELECT username AS user, password, '/vmail/%d/%u' AS userdb_home, 'maildir:/vmail/%d/%u' AS userdb_mail, 150 AS userdb_uid, 8 AS userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

Otherwise mail is delivered to /vmail/domain/user@domain and then IMAP checks /vmail/domain/user

Or change dovecot.conf to maildir:/vmail/%d/%n if you prefer the latter.