1

I'm having trouble understanding how Postfix relays data to Dovecot and looking for a minimal (as little deviation from distro config files as possible) but complete example on how to accomplish the following:

I have several domains for which I want to receive mail. I want to have virtual users with all information about them, including passwords stored in plain-text file(s).

So, following Postfix's example I would have

virtual_mailbox_domains = mydomain1.com, mydomain2.com, ... (or a hash)
virtual_mailbox_maps = hash:/path/to/vmailboxes
virtual_transport = lmtp:unix:private/dovecot-lmtp

and in vmailboxes I would have

[email protected] someuser

and in Dovecot I would have

passdb {
  driver = passwd-file
  args = scheme=plain-md5 username_format=%n /usr/local/etc/dovecot/users
}
userdb {
  driver = passwd-file
  args = username_format=%n /usr/local/etc/dovecot/users
  default_fields = uid=dovecot gid=dovecot home=/home/dovecot/%u
}

So the way I see it I should have Postfix accept mail for [email protected], understand that it's destined for the user named someuser and relay precisely that to Dovecot. However Postfix always relays [email protected] to Dovecot which is definitely not what I want because I may have other email addresses pointing to the same user, say

[email protected] someuser
[email protected] someuser

and I expect Dovecot to consult its password/user database and stuff the mail in the appropriate directory for someuser. I also likewise expect it to consult the very same database for IMAP authentication.

And finally, I would like to have SMTP authorization so that someuser may connect to Postfix and use it as a relay. How would I do that with the configuration that I have? Should I have separate password tables in Postfix just for that, or will Postfix somehow consult Dovecot and allow said user to send mail?

Improve this question
2
  • Why should postfix care what the next program to process the mail does with it? It sounds more useable to relay as much as possible so the next program has as much information as possible.
    – Henrik supports the community
    Commented Mar 8, 2018 at 21:42
  • They question is not why it should or shouldn't care, it's simply what I want to get from it. And I need to understand its logic behind all those parameters.
    – Захар Joe
    Commented Mar 8, 2018 at 22:06

1 Answer 1

Reset to default
0

So there were two mistakes, essentially.

First, virtual_mailbox_maps is not the right option for my scenario. Instead, I have to use virtual_alias_maps.

Second, we need to provide email addresses both on the left and on the right side of virtualmailboxes, because otherwise Postfix will attempt to deliver to $myhostname, it just cannot provide a simple username via LMTP. So in case of

[email protected] [email protected]
[email protected] [email protected]
[email protected] anotheruser

The first two lines would work fine, relaying mail destined for both [email protected] and [email protected] to a user named "[email protected]" in Dovecot. The only difference there is that now when authenticating we'll have to login using "[email protected]" instead of just a username without an "@...".

The third line however would relay mail for [email protected] to [email protected], and mailbox write will be handled by Postfix, LMTP won't be invoked in that case.

Finally, it's better to use relay_ instead of virtual_ because in Postfix's terms relaying mail to Dovecot's LMTP service even if it's running on the same machine is the same as relaying it elsewhere, therefore using relay_ options is "saner".

The working config for main.cf would then be

relay_transport = lmtp:unix:private/dovecot-lmtp
relay_domains = mydomain1.com, mydomain2.com
virtual_alias_maps = hash:/usr/local/etc/postfix/virtualmailboxes

smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_auth_enable = yes

smtpd_tls_cert_file = /etc/ssl/servercertificate.pem
smtpd_tls_key_file = /etc/ssl/serverkey.pem
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

All other options according to your needs, but I haven't touched anything else in the sample main.cf that came with Postfix to make things work.

virtualmailboxes:

[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]

Authorization part configured in Dovecot:

auth_debug = yes
auth_verbose = yes
auth_mechanisms = plain
passdb {
  driver = passwd-file
  args = scheme=plain-md5 username_format=%u /usr/local/etc/dovecot/users
}
userdb {
  driver = passwd-file
  args = username_format=%u /usr/local/etc/dovecot/users
  default_fields = uid=dovemail gid=dovemail home=/var/mail/%u
}

/usr/local/etc/dovecot/users:

[email protected]:{PLAIN}yourpassword::::::
[email protected]:{PLAIN}yourpassword::::::

/usr/local/etc/dovecot/conf.d/10-master.conf needs uncommenting a few lines in the middle to make the section already present there look like so:

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    group = postfix
    user = postfix
  }

and another section in the same file:

unix_listener /var/spool/postfix/private/auth {
   mode = 0660
   user = postfix
   group = postfix
}

dovemail user needs to be created and given read/write rights to the mail directory, which is /var/mail

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .