Difference between revisions of "Dovecot Help"
(→hybrid of unix system accounts and virtual users) |
|||
Line 111: | Line 111: | ||
Example A: In this example we will configure postfix and dovecot for a system with a mix of unix and virtual user accounts. The example can be seen in [[Dovecot and Postfix Hybrid Authentication Example]]. | Example A: In this example we will configure postfix and dovecot for a system with a mix of unix and virtual user accounts. The example can be seen in [[Dovecot and Postfix Hybrid Authentication Example]]. | ||
− | + | == Determine installed version == | |
From the command line: | From the command line: |
Latest revision as of 18:32, 4 June 2015
Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems. The Postfix mailer and Dovecot are used together for a complete Internet email system.
This guide is Dovecot version 2 centric. For Dovecot version 1 it may be of less help.
Contents
Understanding Dovecot 2.0.x Configuration Files
The primary dovecot configuration file has always been dovecot.conf with many users adding a local.conf to be included where they put their custom configurations. More recently dovecot now includes a directory of pre-configured configuration files, each having addressed a specific need. Once understood, this makes the process of configuring dovecot much easier for admins because it is no longer necessary to look up all of the syntax and parameters since they are already in their specific associated file.
First look in the dovecot.conf file and observe the following line:
!include conf.d/*.conf
This line tells dovecot to read though ALL of the files ending in .conf that are located in the new conf.d directory. You will note that the conf.d directory contains files ending in both .conf and .ext - and within the .conf files are many remarked out parameters (those preceded with #) and a few that are not remarked out. Any feature or configuration you wish to enable can be accomplished by removing the # character from infront of the parameter.
Understand that when you start dovecot, it first reads
- dovecot.conf
Which passes a configuration telling dovecot to read though
- conf.d/*.conf
And some of the configuration lines in those files call additional parameters in
- conf.d/*.ext
While these convenient, pre-written configuration files address most any need of dovecot by an admin, some admin may still choose to manually add configuration parameters. It is advised not to add them directly to dovecot.conf, but rather add this"
!include_try /etc/dovecot/local.conf
Which tells dovecot to also read local.conf for additional configuration parameters, but if local.conf doesn't exist, just ignore it's absence and proceed as normal.
conf.d configuration files
Dovecot version 2.0.x includes configuration files that are read through by dovecot on start. Dovecot will ignore all lines beginning with the # character (remarks). By default, very few of these configuration parameters are active, most are remarked out until you decide you need the feature and remove the # character.
The configuration files
- auth.conf
- director.conf
- logging.conf
- mail.conf
- master.conf
- ssl.conf
- lda.conf
- imap.conf
- lmtp.conf
- pop3.conf
- acl.conf
- plugin.conf
- quota.conf
Additional extensions
- auth-checkpassword.conf.ext
- auth-deny.conf.ext
- auth-ldap.conf.ext
- auth-master.conf.ext
- auth-passwdfile.conf.ext
- auth-sql.conf.ext
- auth-static.conf.ext
- auth-system.conf.ext
- auth-vpopmail.conf.ext
These are all located in the dovecot/conf.d directory. Minor changes in naming may occur between versions and distributions, however, they work the same way and serve the same purpose.
Note: One big advantage to the new config directory is that you no longer have to go digging though documentation to find the parameter to accomplish what you want. Most of the time you can find it in one of the conf files, and you need only remove the remark characters and, if necessary, make slight modifications to the syntax for your customization.
using the configuration file system
In this example, we want to tell dovecot we are using the Maildir system rather than mbox. This parameter already exists in one of the configuration files in the conf.d directory. Rather than manually typing it in to the local.conf, you can just unremark it from the correct existing .conf file. The files are logically labeled so it seems logical to guess where the parameter is. However, if you don't like guessing, just do a quick search though the conf files to find the remarked parameter we want...
cd ./conf.d/ grep Maildir *
And we find it in mail.conf
vi mail.conf
And we remove the remark in the line
mail_location = maildir:~/Maildir
You can check to make sure the parameter will be read by dovecot by performing this test at the command line:
dovecot -n
Which spits out only what dovecot reads (less all remarks)
sample dovecot command line
command to debug user and mailbox or shared mailbox issues
doveadm acl debug doveadm acl debug -u user@domain Public/mailbox
authenticate users against unix system accounts
Accomplish this using pam authentication rather than parsing the /etc/passwd file directly. PAM (Pluggable Authentication Modules) authenticates users against the unix passwd using the pam_unix.so module, which authenticates users from the system's shadow password file.
The PAM configuration is usually in the /etc/pam.d/ directory, but some systems may use a single file, /etc/pam.conf. By default Dovecot uses dovecot as the PAM service name, so the configuration is read from /etc/pam.d/dovecot.
The default installation on Redhat/Fedora/CentOS will use pam by default without you having to make changes. However, to view the configuration involved, do
vi 10-auth.conf
which you will see has an include to read from 'auth-system.conf.ext' which you can view
vi auth-system.conf.ext
Look for
passdb { driver = pam }
Make sure that is not remarked out. In older versions you will find these lines directly in the dovecot.conf file. No matter where they are, as long as they are part of the dovecot configuration it will use pam authentication.
authenticate users against virtual (non-unix system) accounts
There are multiple authentication mechanisms available to use with dovecot. These databases can be used as ALTERNATIVES to the System users (passwd) as both password databases and user databases:
- Passwd-file: /etc/passwd-like file in specified location
- LDAP: Lightweight Directory Access Protocol
- SQL: SQL database (PostgreSQL, MySQL, SQLite)
- Dict: Dict key-value database (Redis, memcached, etc.)
- VPopMail: External software used to handle virtual domains
The scope of configuration for each of this is too broad to cover in this page. Follow the links to the pages for each individual means if available.
hybrid of unix system accounts and virtual users
Dovecot supports defining multiple authentication databases, so that if the password doesn't match in the first database, it checks the next one. This can be useful if you want to easily support having both local system users in /etc/passwd and virtual users.
Example A: In this example we will configure postfix and dovecot for a system with a mix of unix and virtual user accounts. The example can be seen in Dovecot and Postfix Hybrid Authentication Example.
Determine installed version
From the command line:
dovecot --version
resources
Dovecot Mail List: http://www.dovecot.org/mailinglists.html