Postfix + Dovecot SMTP and IMAP on Debian Etch

Anatoliy Belsky

  

Sunday, January 20. 2008

Postfix + Dovecot SMTP and IMAP on Debian Etch

Yesterday I was configuring the mail server on my hosting. Because I'm mostly doing programming, not administration, I'm writing this notes which are serving as a simple how to, if I must do it once more in a couple of years.

In spite of the fact I've done all on Debian, all the described things schould work on some other Linux distribution as well. First install Postfix and Dovecot

The configuration will fulfill the following points:

  • IMAP over SSL

  • SMTP over SSL (Postfix using Dovecot SASL)

  • Multiple domains with virtual users

  • Mailing possibility for the local users

  • Mailboxes in the Maildir format




A thing you should keep in the mind before you start- if something goes wrong, always check /var/log/mail* files as well as /var/log/syslog. Normally it helps to know what exactly goes wrong and to figure the way out.


Configuring Dovecot

Create the user vmail and group vmail. This user needs neither home dir nor shell.
Create the /srv/mail directory with subdirs for the virtual domains and give the the appropriate rights:

BASH:
user@host~# ls -l /srv/mail
Total 16
drwx------ 6 vmail vmail 4096 2008-01-20 13:56 .
drwx------ 5 vmail vmail 4096 2008-01-18 21:07 ..
drwx------ 4 vmail vmail 4096 2008-01-19 19:55 vdomain1
drwx------ 4 vmail vmail 4096 2008-01-19 20:32 vdomain2


In each vdomain dir create etc dir where the virtual host data will be saved:

BASH:
user@host~# mkdir /srv/mail/vdomain1/etc/


You don't need to take care about the virtual users folders, they'll be created automatically by the server once some event related to the user is recieved.

Now we can create the mailboxes records (the passwd file must be in the hash format of the normal passwd file). Use the following to do it:

BASH:
user@host~# echo "testuser:`dovecotpw`:`id -u vmail`:`id -g vmail`::::" >> /srv/mail/vdomain1/etc/passwd


The config file I've created is quite simple and only corresponds minimalistic needs:

BASH:
protocols = imaps
ssl_disable = no
listen = *
ssl_listen = [::]
ssl_disable = no
disable_plaintext_auth = yes
mail_location = maildir:/srv/mail/%d/%n/Maildir
log_timestamp = "%Y-%m-%d %H:%M:%S "
 
first_valid_uid = 1000
 
#only for debug purposes
auth_verbose = yes
auth_debug = yes
mail_debug = yes
 
auth default {
 
        user = root
 
        mechanisms = plain login
 
        passdb passwd-file {
                args = /srv/mail/%d/etc/passwd
        }
 
        userdb passwd-file {
                args = /srv/mail/%d/etc/passwd
        }
        socket listen {
                client {
                        # Assuming the default Postfix $queue_directory setting
                        path = /var/spool/postfix/private/auth
                        mode = 0660
                        # Assuming the default Postfix user and group
                        user = postfix
                        group = postfix
                        }
        }
}


The maildir:/srv/mail/%d/%n/Maildir string sets the mailboxes format to the maildir. %d and %n are the parts of the user@vdomain (username and the domain accordingly) and are being replaced at the request time, to dynamically build the path to the virtual user mail dir (the same principle is used to set the path to the passw file). That's why we must always use the user@vdomain login format.

Let us assume, you've created the user testuser. Restart the dovecot and try to telnet to your server:
BASH:
user@host~# openssl s_client -connect 911aquarium.de:993


If all is ok, you should see some exchange info and as the last line something like:
BASH:
* OK Dovecot ready.


Try to login:
BASH:
1 login testuser@domain1 password


and you should see
BASH:
1 OK Logged in.


check if we can see the inbox
BASH:
2 select inbox


The server should output something like this:
BASH:
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 90 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1200773447] UIDs valid
* OK [UIDNEXT 809] Predicted next UID
2 OK [READ-WRITE] Select completed.


At this point we could check if the normal email client works with our imap server. To do it, send an email from some local user
BASH:
user@domain~# echo "test mail" | mail -s test1 testuser@vdomain1


And now the mail client should receive the message from the testuser@vdomain1's mailbox.

Configuring Postfix

Configuring the Postfix is quite simple. As mentioned above, it will use Dovecot's SASL for the SMTP and will deliver mails for the virtual as well as for the local users.

Create the /etc/postfix/vdomains with the following content:

vdomain1
vdomain2

Create /etc/postfix/vmailbox with the following content

testuser@vdomain1 vdomain1/testuser/Maildir/

and and invoke the postmap:

BASH:
user@host~# postmap /etc/postfix/vmailbox


Note that the '/' at the end of the relative path indicates, that the testuser has the maildir format mailbox.

Time to edit the /etc/postfix/main.cf adding a couple of lines:

virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_base = /srv/mail
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_uid_maps = static:1005
virtual_gid_maps = static:1005
virtual_minimum_uid = 1000

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options=noanonymous
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_delay_reject = yes
broken_sasl_auth_clients = yes

1005 there is the gid of the vmail user. Check the mydestination config variable to be shure it contains your hostname, which is needed to deliver mails for the local users. After saving the config file we can telnet our smtp server. Note that Postfix uses port 25 for the SSL connections.


BASH:
user@host~# telnet host 25
Trying 192.168.0.3 ...
Connected to host.
Escape character is '^]'.
220 host ESMTP Postfix


type further:

BASH:
ehlo host
250-host
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


So as you see it works. Time to use some mail client to send a mail. I think in a couple of weeks I'll make it working with Postgres instead of passwd files and install Clamav+SpamAssassin

Some usefull links

http://wiki.dovecot.org/
http://www.cyberciti.biz/tips/postfix-smtp-ssl-certificate-csr-installation-guide.html
http://www.postfix.org/docs.html
http://www.postfix.org/VIRTUAL_README.html
http://www.iana.org/assignments/port-numbers
Posted by Anatoliy Belsky in Bash, Linux at 13:53 | Comments (2) | Trackback (1) Tweet This!

Trackbacks
Trackback specific URI for this entry

SquirrellMail Change Password Plugin
A couple of years ago I've shared my expierience about how to setup virtual mail hosting with Postfix. Some time ago I needed to make that accessible via Web. So, a webmail. After trying a couple of engines I've decided in favour of SquirrelMail. This
Weblog: Anatoliy Belsky
Tracked: Oct 02, 13:57

Comments
Display comments as (Linear | Threaded)

Great tutorial, thanks for posting it :-)
#1 John Harrison (Homepage) on 2009-06-06 13:50 (Reply)

Add Comment

Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
BBCode format allowed
BBCode format allowed
 
Submitted comments will be subject to moderation before being displayed.
 

Categories



All categories

Quicksearch

Archives