I got Dovecot + Postfix running a few days ago in conjunction with Squirrelmail. Soon after, I got tired of "Mail for nuts," and switched to RainLoop. It seems to be working fine however, only with literal users. Virtual users can login, but cannot send OR receive mail. I've looked around, but can't figure anything out. One post indicated that this was caused by having destinations other than "localhost" in the Postfix config, but I still had the same issue.
I think I've created all the needed accounts. The userDB is under the vmail account.
Postfix (main.cf):
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = server1.endev.xyz
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
relayhost = </code>
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
mailbox_command =
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = encrypt
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Dovecot (dovecot.conf):
## Dovecot configuration file
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace "
# Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Name of this instance. In multi-instance setup doveadm and other commands
# can use -i <instance_name> to select which instance is used (an alternative
# to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output.
#instance_name = dovecot
# Greeting message for clients.
#login_greeting = Dovecot ready.
# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =
# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ
##
## Dictionary server settings
##
# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
# CUSTOM CONFIG #
# Enabled Protocols
protocols = pop3 imap
pop3_uidl_format = %08Xu%08Xv
# Plugins
mail_plugins = $mail_plugins quota
# IMAP Protocol
protocol imap {
listen = *:143
ssl_listen = *:993
imap_client_workarounds = tb-extra-mailbox-sep
mail_plugins = $mail_plugins imap_quota
}
# POP3 Protocol
protocol pop3 {
listen = *:110
ssl_listen = *:995
}
plugin {
quota = maildir
}
# SSL
ssl = yes
ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
# logs
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
# Authentication configuration:
auth_verbose = yes
auth_mechanisms = plain
passdb {
driver = passwd-file
args = scheme=plain-md5 username_format=%n /home/vmail/dovedb
}
userdb {
driver = passwd-file
args = username_format=%n /home/vmail/dovedb
default_fields = uid=vmail gid=vmail home=/home/vmail/%u
}
protocol lda {
postmaster_address = postmaster@endev.xyz
}
Dovecot commands also seems to indicate that some settings such as ssl_cert_file
and ssl_key_file
are deprecated, however, when I replaced them with the new settings, RainLoop would not authenticate. I'm thinking about switching to RoundCube anyway, but still not sure what happened.
VirtualUserDB (dovedb):
oct:{SSHA}*removed*::::::userdb_quota_rule=*:storage=128M
pf:{SSHA}*removed*::::::userdb_quota_rule=*:storage=128M
Best Answer
I have got it to work using RoundCube 1.2.2 using the following:
Create a self-signed SSL certificate and place it in:
In addition, the vmail user/group numbers are 5000 (
virtual_uid_maps
andvirtual_gid_maps
)Create a file
/etc/postfix/vhosts
and there enter each domain name you have on separate lines, i.e.:Create a file
/etc/postfix/virtual
and there place your virtual users and domains on separate lines, i.e.:main.cf
below, replace the"FQDN"
below with your own server's FQDN.The contents of
/etc/postfix/main.cf
:The
/etc/postfix/master.cf
contents are:Create a file
/etc/dovecot/users
and place there the virtual user and password on separate lines, i.e:Where
$1$eOnO.zN.$ZleCa/AeffpJaUs7U9uf9/
is the results of runningmkpasswd --hash=md5 password
Hint: you can create this script to run and create users (script name dovecot-adduser`):
and then run
dovecot-adduser username password
The contents of
/etc/dovecot/dovecot.conf
are:Also, not sure if that can be included in the
dovecot.conf
or not, but I have the following in/etc/dovecot/conf.d/auth-passwdfile.conf.ext
:I hope I did not miss anything. Restart
dovecot
andpostfix
, and give it a try. I have noticed that when I login for the first time for a new user, it will fail at first. I refresh and try again and it works. I suspect it happens because the first time it does not have theMaildir
directory structure and it creates it, and on the second try it has no issues.