Michael Hammer/ server config/ Dovecot IMAP configuration

Home

About me

Blog

Software

Projects

Science

Teaching

c++ debian electronics gentoo hardware howto mac privat software

First install postfix and dovecot which we will use to serve the imap directory and as SASL implementation.

apt-get install postfix dovecot-imapd

We are using LDAP for the passdb and the userdb. We will also configure the LDA (Local delivery agent) because we will use dovecot for delivery as it is able to use sieve scripts.

We have to create a common user for our virtual maildirs.

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m

The configuration file /etc/dovecot/dovecot.conf could look similar to the following

protocols = imap imaps
disable_plaintext_auth = yes
syslog_facility = mail

mail_uid = vmail
mail_gid = vmail
mail_privileged_group = vmail

protocol lda {
  postmaster_address = michael@example.net
  mail_plugins = sieve
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/vmail/dovecot-deliver.log
}

auth default {
  passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }

  userdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }

  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
      group = vmail
    }
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

plugin {
  sieve=/var/vmail/sieve/%n.%d.sieve
  sieve_global_path = /var/vmail/globalsieverc
}

All the configuration regarding to the LDAP directory is moved into the config file /etc/dovecot/dovecot-ldap.conf

hosts = localhost
dn = cn=dovecot,dc=example,dc=net
dnpass = <1234>
ldap_version = 3
base = ou=People,dc=example,dc=net
scope = subtree

user_attrs = homeDirectory=home,mailbox=mail
user_filter = (&(objectClass=posixAccount)(|(uid=%u)(maildrop=%u)))

pass_attrs = uid=user, userPassword=password
pass_filter = (&(objectClass=posixAccount)(|(uid=%u)(maildrop=%u)))

As you can see I am using an own LDAP dn to bind to the server. That is done to allow dovecot to read the userPassword attribute. You have to add the appropriate object to LDAP (e.g. with ldapvi - do not use the password 1234 :-))

add cn=dovecot,dc=example,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: dovecot
userPassword: {SSHA}sgCbYZK3TFhp3Q9KtKDl/kKTwrBodUP

and configure the acl

olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=dovecot,dc=example,dc=net" by self write by anonymous auth by * none

Postfix connection

We have to tell postfix that it should use dovecot for delivery be editing /etc/postfix/main.cf

virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

In the /etc/postfix/master.cf we have to create a service which is called dovecot

dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

Now dovecot is responsible for delivering.

Sieve

I've decided to use 2 kinds of sieve scripts. A global one for every user who doesn't write his own and a per user script. You can find the appropriate parts in the config file above inside the plugin section and have to enable the sieve plugin

protocol lda {
   mail_plugins = sieve
}

plugin {
   sieve=/var/vmail/sieve/%n.%d.sieve
   sieve_global_path = /var/vmail/globalsieverc
}

Now we can create the global script

touch /var/vmail/globalsieverc
chown vmail: /var/vmail/globalsieverc

and edit /var/vmail/globalsieverc to contain something like

require ["fileinto"];
# Move spam to spam folder
if anyof ( header :contains "X-Spam-Flag" "YES",
           header :contains "Subject" "***SPAM***" ) {
  fileinto "spam";
  stop;
}

If you want to use you own per user script you might create a file like /var/vmail/sieve/michael.example.net.sieve. This should be readable by dovecot and overwrites the global one.

Clean spam folder

That means all SPAM marked emails are moved into the spam folder. There I am deleting emails older than a week for all users. This is done with the following line in /etc/crontab

0  4    * * *   root    find /var/vmail -type f -a \( -wholename "*/.spam/cur/*" -o -wholename "*/.spam/new/*" \) -a -mtime +7 -delete &> /dev/null

Logrotate for LDA

If you use the log file like mentioned above you really should configure logrotate to do the rotation. Else this file can get really big. Do this by adding the file /etc/logrotate.d/dovecot-deliver

/var/vmail/dovecot-deliver.log {
  weekly
  rotate 14
  compress
}

<- Previous | Home | Next ->