Both sides previous revisionPrevious revisionNext revision | Previous revision |
virtualmailboxeswitheximanddovecot [2016/08/11 19:22] – Virtual users and Dovecot jim | virtualmailboxeswitheximanddovecot [2016/08/15 08:43] (current) – Give Exim read permission on vmail passwd jim |
---|
===== Set up virtual mailbox space and configuration ===== | ===== Set up virtual mailbox space and configuration ===== |
| |
First I created a system user and group ''vmail'' to own all virtual mailboxes. | First I created a user and group ''vmail'' to own all virtual mailboxes. I make the user a normal user because Dovecot will try to access all virtual mailboxes as that ''vmail'' user, and in Dovecot 2.x on Debian the config ''first_valid_uid'' is set to 500 to prevent attempts to access daemon mailboxes. |
| |
# adduser -system --home /var/local/vmail --group vmail | # adduser --home /var/local/vmail --group vmail |
| |
and a configuration directory. | and a configuration directory. |
</code> | </code> |
| |
The second, ''passwd'' contains the account information for the domain. There are two items on a line, username and password hash, separated by a colon. Generate the password has using the ''dovecotpw'' utility. Just to be on the safe side, we'll ensure the password file isn't world readable and is readable by Exim when in routing mode and in delivery mode. | The second, ''passwd'' contains the account information for the domain. There are two items on a line, username and password hash, separated by a colon. Generate the password has using the ''dovecotadm pw'' utility. Just to be on the safe side, we'll ensure the password file isn't world readable and is readable by Dovecot and Exim. |
| |
<code> | <code> |
tommy.atkins:{SHA256-CRYPT}$5$TQGxffy9XCxe53vu$L2NWgKJ47w3PoAIj3/IxLJIREA9QSyBKdKDMJlXvn07 | tommy.atkins:{SHA256-CRYPT}$5$TQGxffy9XCxe53vu$L2NWgKJ47w3PoAIj3/IxLJIREA9QSyBKdKDMJlXvn07 |
^D | ^D |
# chown vmail:Debian-exim /etc/vmail/example.mod/passwd | # chown dovecot:vmail /etc/vmail/example.mod/passwd |
# chmod 0640 /etc/vmail/example.mod/passwd | # adduser Debian-exim vmail |
| # chmod 0660 /etc/vmail/example.mod/passwd |
</code> | </code> |
| |
!include auth-vmail.conf.ext | !include auth-vmail.conf.ext |
| |
| To debug authentication problems, enable ''auth_debug'' and ''auth_debug_passwords'' in ''10-logging.conf''. |
| |
===== Letting your virtual users send mail ===== | ===== Letting your virtual users send mail ===== |
| |
There's several ways of cracking this nut. I'll just mention that if you do it by allowing authenticated SMTP, I found it easiest to do by handing the authentication over to Dovecot. | There's several ways of cracking this nut. I'll just mention that if you do it by allowing authenticated SMTP, I found it easiest to do by handing the authentication over to Dovecot. |
| |
| ==== Dovecot 1.x ==== |
| |
I needed to create the Dovecot authenticator socket by adding | I needed to create the Dovecot authenticator socket by adding |
section in ''dovecot.conf''. It's commented out by default in Debian. Without other arrangements, Exim needs its mode to be 0666; comments in the Dovecot config suggest this is generally safe. | section in ''dovecot.conf''. It's commented out by default in Debian. Without other arrangements, Exim needs its mode to be 0666; comments in the Dovecot config suggest this is generally safe. |
| |
Then, in the Exim configuration, use these authenticators: | Then, in the Exim configuration, add ''auth/30_dovecot_auth'' containing: |
| |
<code> | <code> |
server_mail_auth_condition = false | server_mail_auth_condition = false |
</code> | </code> |
| |
| ==== Dovecot 2.x ==== |
| |
| In ''10-master.conf'' I add a Dovecot authenticator socket with permissions for Exim by adding the following lines in the section ''service auth''. |
| |
| <code> |
| unix_listener auth-client { |
| mode = 0660 |
| group = Debian-exim |
| } |
| </code> |
| |
| Then add ''auth/30_dovecot_auth'' to the Exim configuration as above. |
| |