Postfix with Dovecot setup

Notes about setting up a Postfix MTA with Dovecot email server.

Versions used were Postfix 2.5.5 and Dovecot 1.0.15.

Index

Desired setup

We want a couple of system users that can receive mail - john and dave - to the addresses john@example.com and dave@example.com. Their mail will be kept in ~/Mail. Only john can log in to the computer. Two email aliases will be set up for these system users, info@example.com -> john/dave and webmaster@example.com -> john.

We want a virtual domain example.org with the accounts [john\|paul]@example.org. Their mail will be kept in /var/mail/vhosts/example.org/[john\|paul]/Mail. Three alises will be set up, [info\|john.smith]@example.org -> john@example.org and paul.smith@example.org -> paul@example.org.

Finally, we want example.edu as an alias of example.org, with all emails to example.edu going to example.org and one specific alias of webmaster1@example.edu -> john@example.org.

I use example.net as a test email account, so replace this with a live email account that can receive emails.

System users

Some, but not many, of these instructions are specific to Debian (e.g. boot config).

  1. Install Postfix (mail delivery agent).

  2. Make sure the domain is specified in the mydestination line in /etc/postfix/main.cf:

    mydestination = localhost, example.com

    Note that you may not have to do this because postfix will query hostname from system by default (can query server hostname via ‘hostname’ command) if it has a line like the following:

    mydestination = $myhostname, localhost

  3. Tell postfix to use maildir format (better than old mbox format). Note that the directory will be automatically created for any existing users without it when they receive an email. Edit /etx/postfix/main.cf and add the following to the bottom:

    # Mail box format. Any relative pathname that ends in / turns on qmail-style maildir delivery.
home_mailbox = Mail/

  4. Have new users get the Maildir by default:

    mkdir -p /etc/skel/Mail/new
mkdir -p /etc/skel/Mail/cur
mkdir -p /etc/skel/Mail/tmp

  5. Install Dovecot (pop3/imap server).

  6. Tell dovecot to use maildir format. Edit /etc/dovecot/dovecot.conf and ensure the following is present:

    mail_location = maildir:~/Mail

  7. Install mutt.

  8. Tell mutt to use maildir format. Edit /etc/muttrc and add the following to the bottom:

    # Use qmail-style maildir format.
set folder="~/Mail"
set mask="!^\\.[^.]"
set mbox="~/Mail"
set record="+.Sent"
set postponed="+.Drafts"
set spoolfile="~/Mail"

  9. Create users for email.

    adduser john

    If the user won’t have a shell login account (i.e. they’ll not be able to log in to the server):

    adduser --shell /usr/sbin/nologin dave

  10. Add email aliases to /etc/aliases e.g:

    info: dave,john
webmaster: john
catchall: john

    Update aliases.db with:

    newaliases

  11. Check that postfix and dovecot are set to start at boot (runlevel 2):

    ls –l /etc/rc2.d/S*

  12. Make postfix/dovecot start on boot if necessary e.g:

    update-rc.d postfix defaults

  13. Restart postfix/dovecot e.g:

    /etc/init.d/postfix restart

  14. Test email sending:

    mail -s"Test email from example" whoever@example.net
Test email from example
ctrl-D
ctrl-D

  15. Set up MX record for example.com.

  16. Send test emails to whoever@example.com addresses.

  17. Set up email account in your mail client (e.g. thunderbird). Can receive emails via SSL or TLS (all test emails, to all aliases, received). However, can not send emails using SSL, only TLS.

  18. To remove a user:

    deluser --remove-all-files theuser

  19. After adding aliases, reload with:

    newalises
/etc/init.d/postfix restart

  20. Forward root email to a different address by adding address to /root/.forward:

    sys@example.com

  21. Set up catch-all email alias by adding the following to main.cf (and reloading postfix):

    luser_relay = catchall@example.com
local_recipient_maps =

Virtual domains

  1. Add virtual domain config to /etc/postfix/main.cf (the smtpd_sasl_* config is for smtp auth) e.g:

    virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

  2. Create /etc/postfix/vdomains e.g:

    example.org

  3. Create /etc/postfix/vmailbox e.g:

    john@example.org example.org/john/Mail/
paul@example.org example.org/paul/Mail/

  4. Create /etc/postfix/virtual e.g:

    john@example.org john@example.org
paul@example.org paul@example.org
info@example.org john@example.org
john.smith@example.org john@example.org
paul.smith@example.org paul@example.org
@example.org paul@example.org

    Gotcha: Note that you need the self-referential mappings to prevent the catch-all catching them - it catches any email not specifically mapped.

  5. Update vmailbox and virtual dbs:

    postmap /etc/postfix/vmailbox
postmap /etc/postfix/virtual

  6. Create directory to store virtual domains mailboxes:

    mkdir /var/mail/vhosts
chown 5000:5000 /var/mail/vhosts

  7. Reload postfix:

    /etc/init.d/postfix reload

    (execute the command “postmap /etc/postfix/virtual” after changing the virtual file, and execute the command “postfix reload” after changing the main.cf file)

  8. Add virtual domain config and password mehanism to /etc/dovecot/dovecot.conf (the ‘socket listen’ config is for smtp auth) and prevent plain text login unless connected via TLS (aka SSL) e.g:

    disable_plaintext_auth = yes
...
auth default {
  ...
  mechanisms = plain login
  ...
  passdb passwd-file {
    args = /etc/dovecot/passwords
  }
  userdb static {
    args = uid=5000 gid=5000 home=/var/mail/vhosts/%d/%n/
  }
  ...
  socket listen {
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

  9. Create passwords file /etc/dovecot/passwords e.g:

    john@example.org:{PLAIN-MD5}passhash1
paul@example.org:{PLAIN-MD5}passhash2

    The MD5 hashes were generated using ‘dovecotpw -s plain-md5’

Aliased domains

If you want accept email for a domain but don’t need it as a real or virtual domain, you can add an alias to main.cf and configure its target in virtual:

/etc/postfix/main.cf:
...
virtual_alias_domains = example.edu
...

Run postfix reload after altering main.cf.

/etc/postfix/virtual
...
webmaster1@example.edu john@example.org
@example.edu @example.org
...

Run postmap /etc/postfix/virtual after altering virtual.

Complete configuration files

/etc/postfix/main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/*.example.com.crt
smtpd_tls_key_file=/etc/ssl/private/*.example.com.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_domains = example.edu
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable=yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
home_mailbox = Mail/
mailbox_command =
luser_relay = catchall@example.com
local_recipient_maps =

Complete /etc/dovecot/dovecot.conf

protocols = imap imaps pop3 pop3s
disable_plaintext_auth = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
ssl_cert_file = /etc/ssl/certs/*.example.com.crt
ssl_key_file = /etc/ssl/private/*.example.com.key
login_processes_count = 2
mail_location = maildir:~/Mail
mail_privileged_group = mail
protocol imap {
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}
protocol managesieve {
  sieve=~/.dovecot.sieve
  sieve_storage=~/sieve
}
auth default {
  mechanisms = plain login
  passdb pam {
  }
  passdb passwd-file {
    args = /etc/dovecot/passwords
  }
  userdb passwd {
  }
  userdb static {
    args = uid=5000 gid=5000 home=/var/mail/vhosts/%d/%n/
  }
  user = root
  socket listen {
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }

}
dict {
}
plugin {
}

Testing with telnet

telnet <IP> 25
EHLO
MAIL FROM: <from-email>
RCPT TO: <recipient-email>
DATA
Type message here.
.

References

Last modified: 11/06/2013 Tags: ,

Related Pages

Other pages possibly of interest:

This website is a personal resource. Nothing here is guaranteed correct or complete, so use at your own risk and try not to delete the Internet. -Stephan

Site Info

mindspill.net © Stephan Dale.

Privacy policy

Go to top