mirror/postfixadmin
0
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2024-09-19 11:12:15 +02:00
Code
master
postfixadmin/DOCUMENTS/DOVECOT.txt
John Fawcett 668960ccf6 Add a flag to mailbox table for enable/disable smtp protocol. The table column name 
is "smtp_active". This enables use of this flag instead of active flag for postfix
mysql queries. There is a new configuration parameter $CONF['smtp_active_flag'] =
YES or NO, which defaults to NO, providing the existing behaviour. When set to YES
the active_smtp field is displayed in the edit mode and can be modified.
The commit includes update to the language files and documentation.

The commit does not include the code to add the field to existing installs,
which I presume can be added during the release cycle in upgrade.php along the
lines of:

_db_add_field('mailbox',  'smtp_active', 'int DEFAULT 1');
2024-01-09 20:50:49 +01:00

280 lines
8.6 KiB
Plaintext
Raw Permalink Blame History

#
# Dovecot configuration for Postfix Admin
# Originally written by: Massimo <AndyCapp> Danieli
# Revised by: Sampsa Hario <shario> for Dovecot v1.0
# Revised by: David Goodwin <david@palepurple.co.uk> for Dovecot 2.1.x (2014/01/02)
#
More complete Dovecot documentation:
http://wiki.dovecot.org/Quota
http://wiki.dovecot.org/Quota/Dict
http://www.opensourcehowto.org/how-to/mysql/mysql-users-postfixadmin-postfix-dovecot--squirrelmail-with-userprefs-stored-in-mysql.html
Here are the relevant parts of Dovecot v2.1.x configuration for Postfixadmin setup.
Please refer to Dovecot documentation for complete information.
The setup gets userdb and passdb info from MySQL as well as quotas, and
uses dict backend to store used quotas as key=value pairs so that they can
be viewed real-time in Postfixadmin.
1. Dovecot setup
-----------------
A basic /etc/dovecot/dovecot.conf is as follows, this was generated using 'dovecot -n' on a vanilla install and then
changing to talk to a PostgreSQL or MySQL database.
# BEGIN /etc/dovecot/dovecot.conf:
# Change this to where your mail root is, this needs to match whatever structure postfix expects....
# See also: https://wiki.dovecot.org/MailLocation - %d domain, %u full username, %n user part (%u with no domain)
mail_location = maildir:/var/mail/vmail/%u/
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
protocols = "imap pop3"
# change to 'no' if you don't have ssl cert/keys, and comment out ssl_cert/ssl_key
ssl = yes
# If you're using LetsEncrypt/certbot see e.g. /etc/letsencrypt/live/MyDomain/fullchain.pem.
#
# cat server.crt server.key > dovecot.pem
#
# Make sure dovecot can read these file(s)
#
# If you use doveadm for your PostfixAdmin hashing, the webserver will also need read access to these files
# See also : https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/HASHING.md#dovecotmethod
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
# login is for outlook express smtpd auth
auth_mechanisms = plain login
# If you're having trouble, try uncommenting these:
#auth_debug = yes
#auth_debug_passwords = yes
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
# Uncomment this if you want Postfix to be able to do smtpd auth through dovecot
# At a minimum Postfix probably needs smtpd_sasl_type = dovecot
# And additionally: smtpd_sasl_path = private/auth
#service auth {
# unix_listener /var/spool/postfix/private/auth {
# mode = 0660
# user = postfix
# group = postfix
# }
#}
# Needs to match Postfix virtual_uid_maps
first_valid_uid = 1001
# allow plaintext auth (change to 'yes' to block plaintext passwords)
disable_plaintext_auth = no
#END
2. Dovecot *sql setup
----------------------
Below you'll find the relevant part of dovecot-sql.conf file regarding our
setup.
Things you will probably need to change are db connection settings (connect=)
and the default_pass_scheme.
#BEGIN /etc/dovecot/dovecot-sql.conf
connect = host=localhost dbname=postfix user=postfix password=postfix
# Use either
driver = mysql
# Or
# driver = pgsql
# Default password scheme - change to match your Postfixadmin setting.
# depends on your $CONF['encrypt'] setting:
# md5crypt -> MD5-CRYPT
# md5 -> PLAIN-MD5
# cleartext -> PLAIN
default_pass_scheme = MD5-CRYPT
# Query to retrieve password. user can be used to retrieve username in other
# formats also.
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
# Query to retrieve user information, note uid matches dovecot.conf AND Postfix virtual_uid_maps parameter.
# MYSQL:
user_query = SELECT CONCAT('/var/mail/vmail/', maildir) AS home, 1001 AS uid, 1001 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
# PostgreSQL:
# user_query = SELECT '/var/mail/vmail/' || maildir AS home, 1001 AS uid, 1001 AS gid,
# '*:bytes=' || quota AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
# see: https://doc.dovecot.org/configuration_manual/authentication/sql/#id6
iterate_query = SELECT username as user FROM mailbox WHERE active = '1'
#END /etc/dovecot/dovecot-sql.conf
If you make use of the separate smtp_active flag in the mailbox table of postfixadmin by
enabling the configuration parameter $CONF['smtp_active_flag'] = YES in postfixadmin configuration
and you're using dovecot sasl with postfix, the dovecot queries can be updated to use the different flag for smtp:
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND (('%s' = 'smtp' AND smtp_active = '1') OR ('%s' <> 'smtp' AND active = '1'))
user_query = SELECT CONCAT('/var/mail/vmail/', maildir) AS home, 1001 AS uid, 1001 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND (('%s' = 'smtp' AND smtp_active = '1') OR ('%s' <> 'smtp' AND active = '1'))
3. Permissions
--------------
Applicable to those older versions of Postfixadmin (before v 3.4) (see also https://github.com/postfixadmin/postfixadmin/pull/491)
With Dovecot 2.3.11 (ish?), if you are using the Postfixadmin dovecot password hashing backend - so your Postfixadmin configuration looks like
`$CONF['encrypt'] = 'dovecot:something';`
then the system user account running the PostfixAdmin code (normally the webserver user
account, like www-data or http or nobody) will need ...
* read access to any SSL certificate files defined in /etc/dovecot/dovecot.conf
(check: ssl_key, ssl_cert)
* read/write access to /run/dovecot/stats-writer
* Fixable with: `usermod -aG dovecot www-data``
Please note, Postfixadmin does not need to run on the same server as the Dovecot server.
See also the following tickets which contain discussions and solutions :
* https://github.com/postfixadmin/postfixadmin/issues/381 (Unable to login after Dovecot upgrade)
* https://github.com/postfixadmin/postfixadmin/issues/398 (Dovecotpw needs to read my TLS cert and private key)
4. Dovecot v1.0 quota support (optional)
----------------------------------------
Please note that you need to use Dovecot's own local delivery agent to
enforce and update quotas. Then you can view real-time used quotas in
Postfixadmin.
Add to dovecot.conf:
## IMAP quota
protocol imap {
mail_plugins = quota
}
## POP quota
protocol pop3 {
mail_plugins = quota
}
## Local Delivery Agent
protocol lda {
mail_plugins = quota
}
## Dictionary DB proxy
dict {
quota = mysql:/etc/dovecot-dict-quota.conf
}
## Default quota values
plugin {
quota = dict:storage=200000 proxy::quota
}
Change dovecot-sql.conf to return quota values:
for MySQL:
user_query = SELECT maildir, 1001 AS uid, 1001 AS gid, CONCAT('dict:storage=',floor(quota/1000),' ::proxy::quota') as quota FROM mailbox WHERE username = '%u' AND active='1'
for PostgreSQL:
user_query = SELECT maildir, 1001 AS uid, 1001 AS gid, 'dict:storage=' || floor(quota/1000) || '::proxy::quota' as quota FROM mailbox WHERE username = '%u' AND active='1'
Create file dovecot-dict-quota.conf.
For dovecot 1.0 & 1.1, use this as a template:
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5-CRYPT
table = quota
select_field = current
where_field = path
username_field = username
If you use dovecot 1.2 or newer, use this:
connect = host=localhost dbname=postfix user=postfix password=postfix
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
Create database in Mysql:
(This is automatically done by postfixadmin's setup.php)
Enable quota support in Postfixadmin config.inc.php:
$CONF['used_quotas'] = 'YES';
$CONF['quota'] = 'YES';
Note: The above text describes the configuration for dovecot 1.0 & 1.1 quota table format.
If you use dovecot 1.2 or newer,
- use the 'quota2' table (also created by setup.php)
- set $CONF['new_quota_table'] = 'YES'
5. Dovecot Allowed IPs and App Password support (optional)
----------------------------------------------------------
To enhance end user security, Postfixadmin supports a set of features that
need implementation in the Dovecot login SQL queries.
The following features are available:
* Restrict login to a list of allowed remote IP addresses.
* Allow login with app passwords.
View Git Blame Copy Permalink