Notes about setting up a Postfix MTA with Dovecot email server.
Versions used were Postfix 2.5.5 and Dovecot 1.0.15.
Index
- Desired setup
- System users
- Virtual domains
- Aliased domains
- Complete configuration files
- Testing with telnet
- References
Desired setup
We want a couple of system users that can receive mail - john and dave - to the addresses john@example.com
and dave@example.com
. Their mail will be kept in ~/Mail
. Only john can log in to the computer. Two email aliases will be set up for these system users, info@example.com -> john/dave
and webmaster@example.com -> john
.
We want a virtual domain example.org
with the accounts [john\|paul]@example.org
. Their mail will be kept in /var/mail/vhosts/example.org/[john\|paul]/Mail
. Three alises will be set up, [info\|john.smith]@example.org -> john@example.org
and paul.smith@example.org -> paul@example.org
.
Finally, we want example.edu
as an alias of example.org
, with all emails to example.edu
going to example.org
and one specific alias of webmaster1@example.edu -> john@example.org
.
I use example.net
as a test email account, so replace this with a live email account that can receive emails.
System users
Some, but not many, of these instructions are specific to Debian (e.g. boot config).
- Install Postfix (mail delivery agent).
-
Make sure the domain is specified in the mydestination line in /etc/postfix/main.cf:
mydestination = localhost, example.com
Note that you may not have to do this because postfix will query hostname from system by default (can query server hostname via ‘hostname’ command) if it has a line like the following:
mydestination = $myhostname, localhost
-
Tell postfix to use maildir format (better than old mbox format). Note that the directory will be automatically created for any existing users without it when they receive an email. Edit /etx/postfix/main.cf and add the following to the bottom:
# Mail box format. Any relative pathname that ends in / turns on qmail-style maildir delivery. home_mailbox = Mail/
-
Have new users get the Maildir by default:
mkdir -p /etc/skel/Mail/new mkdir -p /etc/skel/Mail/cur mkdir -p /etc/skel/Mail/tmp
-
Install Dovecot (pop3/imap server).
-
Tell dovecot to use maildir format. Edit /etc/dovecot/dovecot.conf and ensure the following is present:
mail_location = maildir:~/Mail
-
Install mutt.
-
Tell mutt to use maildir format. Edit /etc/muttrc and add the following to the bottom:
# Use qmail-style maildir format. set folder="~/Mail" set mask="!^\\.[^.]" set mbox="~/Mail" set record="+.Sent" set postponed="+.Drafts" set spoolfile="~/Mail"
-
Create users for email.
adduser john
If the user won’t have a shell login account (i.e. they’ll not be able to log in to the server):
adduser --shell /usr/sbin/nologin dave
-
Add email aliases to /etc/aliases e.g:
info: dave,john webmaster: john catchall: john
Update aliases.db with:
newaliases
-
Check that postfix and dovecot are set to start at boot (runlevel 2):
ls –l /etc/rc2.d/S*
-
Make postfix/dovecot start on boot if necessary e.g:
update-rc.d postfix defaults
-
Restart postfix/dovecot e.g:
/etc/init.d/postfix restart
-
Test email sending:
mail -s"Test email from example" whoever@example.net Test email from example ctrl-D ctrl-D
-
Set up MX record for example.com.
-
Send test emails to whoever@example.com addresses.
-
Set up email account in your mail client (e.g. thunderbird). Can receive emails via SSL or TLS (all test emails, to all aliases, received). However, can not send emails using SSL, only TLS.
-
To remove a user:
deluser --remove-all-files theuser
-
After adding aliases, reload with:
newalises /etc/init.d/postfix restart
-
Forward root email to a different address by adding address to /root/.forward:
sys@example.com
-
Set up catch-all email alias by adding the following to main.cf (and reloading postfix):
luser_relay = catchall@example.com local_recipient_maps =
Virtual domains
-
Add virtual domain config to /etc/postfix/main.cf (the smtpd_sasl_* config is for smtp auth) e.g:
virtual_mailbox_domains = /etc/postfix/vdomains virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_alias_maps = hash:/etc/postfix/virtual smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth
-
Create /etc/postfix/vdomains e.g:
example.org
-
Create /etc/postfix/vmailbox e.g:
john@example.org example.org/john/Mail/ paul@example.org example.org/paul/Mail/
-
Create /etc/postfix/virtual e.g:
john@example.org john@example.org paul@example.org paul@example.org info@example.org john@example.org john.smith@example.org john@example.org paul.smith@example.org paul@example.org @example.org paul@example.org
Gotcha: Note that you need the self-referential mappings to prevent the catch-all catching them - it catches any email not specifically mapped.
-
Update vmailbox and virtual dbs:
postmap /etc/postfix/vmailbox postmap /etc/postfix/virtual
-
Create directory to store virtual domains mailboxes:
mkdir /var/mail/vhosts chown 5000:5000 /var/mail/vhosts
-
Reload postfix:
/etc/init.d/postfix reload
(execute the command “postmap /etc/postfix/virtual” after changing the virtual file, and execute the command “postfix reload” after changing the main.cf file)
-
Add virtual domain config and password mehanism to /etc/dovecot/dovecot.conf (the ‘socket listen’ config is for smtp auth) and prevent plain text login unless connected via TLS (aka SSL) e.g:
disable_plaintext_auth = yes ... auth default { ... mechanisms = plain login ... passdb passwd-file { args = /etc/dovecot/passwords } userdb static { args = uid=5000 gid=5000 home=/var/mail/vhosts/%d/%n/ } ... socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } }
-
Create passwords file /etc/dovecot/passwords e.g:
john@example.org:{PLAIN-MD5}passhash1 paul@example.org:{PLAIN-MD5}passhash2
The MD5 hashes were generated using ‘dovecotpw -s plain-md5’
Aliased domains
If you want accept email for a domain but don’t need it as a real or virtual domain, you can add an alias to main.cf and configure its target in virtual:
/etc/postfix/main.cf:
...
virtual_alias_domains = example.edu
...
Run postfix reload after altering main.cf.
/etc/postfix/virtual
...
webmaster1@example.edu john@example.org
@example.edu @example.org
...
Run postmap /etc/postfix/virtual after altering virtual.
Complete configuration files
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/*.example.com.crt
smtpd_tls_key_file=/etc/ssl/private/*.example.com.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_domains = example.edu
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable=yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
home_mailbox = Mail/
mailbox_command =
luser_relay = catchall@example.com
local_recipient_maps =
Complete /etc/dovecot/dovecot.conf
protocols = imap imaps pop3 pop3s
disable_plaintext_auth = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
ssl_cert_file = /etc/ssl/certs/*.example.com.crt
ssl_key_file = /etc/ssl/private/*.example.com.key
login_processes_count = 2
mail_location = maildir:~/Mail
mail_privileged_group = mail
protocol imap {
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
protocol managesieve {
sieve=~/.dovecot.sieve
sieve_storage=~/sieve
}
auth default {
mechanisms = plain login
passdb pam {
}
passdb passwd-file {
args = /etc/dovecot/passwords
}
userdb passwd {
}
userdb static {
args = uid=5000 gid=5000 home=/var/mail/vhosts/%d/%n/
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
Testing with telnet
telnet <IP> 25
EHLO
MAIL FROM: <from-email>
RCPT TO: <recipient-email>
DATA
Type message here.
.