This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
virtualmailboxeswitheximanddovecot [2011/02/24 11:19] – created jim | virtualmailboxeswitheximanddovecot [2016/08/15 08:43] (current) – Give Exim read permission on vmail passwd jim | ||
---|---|---|---|
Line 7: | Line 7: | ||
Time, then, to add virtual mailboxes to your poor little mail host. | Time, then, to add virtual mailboxes to your poor little mail host. | ||
- | There all sorts of HOWTOs on doing this, of various ages and usefulness. I'm adding this page to the malestrom just to document the configuration changes I did. | + | There all sorts of HOWTOs on doing this, of various ages and usefulness. I'm adding this page to the malestrom just to document the configuration changes I did. Or rather, the configuration changes I ended up with. The details of configuration aren't original, but synthesised from too many of the HOWTOs I read to properly credit each. |
+ | |||
+ | I'm illustrating this by setting up a new domain example.mod with user tommy.atkins. | ||
+ | |||
+ | ===== Set up virtual mailbox space and configuration ===== | ||
+ | |||
+ | First I created a user and group '' | ||
+ | |||
+ | # adduser --home / | ||
+ | |||
+ | and a configuration directory. | ||
+ | |||
+ | # mkdir / | ||
+ | |||
+ | Configuration information for the domain will be under ''/ | ||
+ | |||
+ | # mkdir / | ||
+ | |||
+ | The general scheme is that we have mailboxes under ''/ | ||
+ | |||
+ | # mkdir -p / | ||
+ | # chown -R vmail:vmail / | ||
+ | |||
+ | Now add two configuration files. The first, '' | ||
+ | |||
+ | < | ||
+ | # cat > / | ||
+ | postmaster: root | ||
+ | webmaster: root | ||
+ | security: root | ||
+ | admin: root | ||
+ | root: guru@example-owner.mod | ||
+ | |||
+ | squaddie: tommy.atkins | ||
+ | ^D | ||
+ | </ | ||
+ | |||
+ | The second, '' | ||
+ | |||
+ | < | ||
+ | # doveadm pw -s SHA256-CRYPT -p password | ||
+ | {SHA256-CRYPT}$5$TQGxffy9XCxe53vu$L2NWgKJ47w3PoAIj3/ | ||
+ | # cat > / | ||
+ | tommy.atkins: | ||
+ | ^D | ||
+ | # chown dovecot: | ||
+ | # adduser Debian-exim vmail | ||
+ | # chmod 0660 / | ||
+ | </ | ||
+ | |||
+ | ===== Arranging mail delivery ===== | ||
+ | |||
+ | The next step is to configure Exim to deliver to virtual mailboxes. | ||
+ | |||
+ | Exactly how you do this depends on which of Debian' | ||
+ | |||
+ | The first thing to do is to add the domain to the list of local domains. You need to end up with a configuration file with the domain as part of the '' | ||
+ | |||
+ | < | ||
+ | VMAIL_DELIVERY=dovecot_vmail | ||
+ | |||
+ | VMAIL_DOMAINS=dsearch;/ | ||
+ | |||
+ | VMAIL_ALIASES=/ | ||
+ | VMAIL_PASSWD=/ | ||
+ | |||
+ | VMAIL_MAILBOX_DIR=/ | ||
+ | </ | ||
+ | |||
+ | That '' | ||
+ | |||
+ | I then made a small modification to '' | ||
+ | |||
+ | < | ||
+ | # Local modification - add vmail domains to local domains, and provide | ||
+ | # main_local_domains for the non-vmail domains. | ||
+ | domainlist local_domains = MAIN_LOCAL_DOMAINS : VMAIL_DOMAINS | ||
+ | domainlist main_local_domains = MAIN_LOCAL_DOMAINS | ||
+ | </ | ||
+ | |||
+ | (I use '' | ||
+ | |||
+ | Next I need a router to expand virtual domain aliases. I put this into '' | ||
+ | |||
+ | < | ||
+ | vmail_aliases: | ||
+ | driver = redirect | ||
+ | domains = VMAIL_DOMAINS | ||
+ | allow_fail | ||
+ | allow_defer | ||
+ | data = ${lookup{$local_part}lsearch{VMAIL_ALIASES}} | ||
+ | qualify_domain = $domain | ||
+ | </ | ||
+ | |||
+ | '' | ||
+ | |||
+ | Once that's done, I can think about routing virtual mail users to a transport for delivery, and rejecting messages to unknown users in a virtual mail domain. I put this into '' | ||
+ | |||
+ | < | ||
+ | vmail_user: | ||
+ | driver = accept | ||
+ | domains = VMAIL_DOMAINS | ||
+ | local_parts = lsearch; | ||
+ | transport = VMAIL_DELIVERY | ||
+ | |||
+ | vmail_no_such_user: | ||
+ | driver = redirect | ||
+ | domains = VMAIL_DOMAINS | ||
+ | allow_fail = true | ||
+ | data = :fail: Unknown user | ||
+ | more = false | ||
+ | </ | ||
+ | |||
+ | Here I'm accepting the mail on condition that the local part of the address appears in the domain' | ||
+ | |||
+ | Now to the transports. I am now delivering all mail using Dovecot '' | ||
+ | |||
+ | < | ||
+ | dovecot_vmail: | ||
+ | driver = pipe | ||
+ | command = / | ||
+ | message_prefix = | ||
+ | message_suffix = | ||
+ | log_output | ||
+ | delivery_date_add | ||
+ | envelope_to_add | ||
+ | return_path_add | ||
+ | user = vmail | ||
+ | temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 | ||
+ | </ | ||
+ | Prior to using Dovecot '' | ||
+ | |||
+ | < | ||
+ | vmail_home: | ||
+ | driver = appendfile | ||
+ | envelope_to_add | ||
+ | directory = VMAIL_MAILBOX_DIR/ | ||
+ | maildir_format | ||
+ | create_directory = true | ||
+ | user = vmail | ||
+ | group = vmail | ||
+ | return_path_add | ||
+ | </ | ||
+ | |||
+ | This transport adds the message to the user's '' | ||
+ | |||
+ | By the way, when you add a user, it's an idea to either send them a welcome mail to check things are working properly and create their '' | ||
+ | |||
+ | When that's done, test your handiwork: | ||
+ | |||
+ | # exim4 -bt tommy.atkins@example.mod | ||
+ | tommy.atkins@example.mod | ||
+ | router = vmail_user, transport = dovecot_vmail | ||
+ | |||
+ | ===== Reading mail ===== | ||
+ | |||
+ | Now we need to modify the Dovecot setup to allow our user to read mail. | ||
+ | |||
+ | ==== Dovecot 1.x ==== | ||
+ | |||
+ | I'm assuming your '' | ||
+ | |||
+ | mail_location = maildir: | ||
+ | |||
+ | in it, telling Dovecot to find your regular users mail in '' | ||
+ | |||
+ | We need to add the virtual domains to the | ||
+ | |||
+ | auth default { | ||
+ | } | ||
+ | |||
+ | section of the configuration. The first stage is to add the virtual users password files. | ||
+ | |||
+ | passdb passwd-file { | ||
+ | args = username_format=%n / | ||
+ | } | ||
+ | |||
+ | Here's a tip. My configuration also has a configuration for PAM | ||
+ | |||
+ | passdb pam { | ||
+ | } | ||
+ | |||
+ | Put the virtual users '' | ||
+ | |||
+ | Now you need to add a '' | ||
+ | |||
+ | userdb passwd { | ||
+ | } | ||
+ | |||
+ | section serving your existing users. **After** that, add a catch-all for the virtual mailbox users. | ||
+ | |||
+ | userdb static { | ||
+ | args = uid=vmail gid=vmail home=/ | ||
+ | } | ||
+ | |||
+ | This tells Dovecot to use '' | ||
+ | |||
+ | In practice, you'll most probably run into authentication problems. For help sorting them out, add | ||
+ | |||
+ | auth_debug = yes | ||
+ | auth_debug_passwords = yes | ||
+ | |||
+ | to your '' | ||
+ | |||
+ | ==== Dovecot 2.x with Debian conf.d configuration ==== | ||
+ | |||
+ | Again, I'm assuming that '' | ||
+ | |||
+ | mail_location = maildir: | ||
+ | |||
+ | in it, telling Dovecot to find your regular users mail in '' | ||
+ | |||
+ | I first added a new auth configuration file, '' | ||
+ | |||
+ | # Virtual mailbox passwords. | ||
+ | passdb { | ||
+ | driver = passwd-file | ||
+ | args = username_format=%n / | ||
+ | } | ||
+ | |||
+ | # VMail static settings. | ||
+ | userdb { | ||
+ | driver = static | ||
+ | args = uid=vmail gid=vmail home=/ | ||
+ | } | ||
+ | |||
+ | This gives Dovecot the essential password and user info settings. | ||
+ | |||
+ | I then modified '' | ||
+ | |||
+ | !include auth-vmail.conf.ext | ||
+ | |||
+ | To debug authentication problems, enable '' | ||
+ | |||
+ | ===== Letting your virtual users send mail ===== | ||
+ | |||
+ | Your virtual mail users will probably want to send some mail, too. So you may want to give them access to your Exim server to relay mail. But, of course, you don't want world+dog also relaying their spam through your host. | ||
+ | |||
+ | There' | ||
+ | |||
+ | ==== Dovecot 1.x ==== | ||
+ | |||
+ | I needed to create the Dovecot authenticator socket by adding | ||
+ | |||
+ | | ||
+ | | ||
+ | path = / | ||
+ | mode = 0666 | ||
+ | } | ||
+ | } | ||
+ | |||
+ | to the | ||
+ | |||
+ | auth default { | ||
+ | } | ||
+ | |||
+ | section in '' | ||
+ | |||
+ | Then, in the Exim configuration, | ||
+ | |||
+ | < | ||
+ | dovecot_plain: | ||
+ | driver = dovecot | ||
+ | public_name = PLAIN | ||
+ | server_socket = / | ||
+ | # | ||
+ | server_mail_auth_condition = false | ||
+ | |||
+ | |||
+ | dovecot_login: | ||
+ | driver = dovecot | ||
+ | public_name = LOGIN | ||
+ | server_socket = / | ||
+ | # | ||
+ | server_mail_auth_condition = false | ||
+ | </ | ||
+ | |||
+ | ==== Dovecot 2.x ==== | ||
+ | |||
+ | In '' | ||
+ | |||
+ | < | ||
+ | unix_listener auth-client { | ||
+ | mode = 0660 | ||
+ | group = Debian-exim | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Then add '' |