mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
668960ccf6
is "smtp_active". This enables use of this flag instead of active flag for postfix mysql queries. There is a new configuration parameter $CONF['smtp_active_flag'] = YES or NO, which defaults to NO, providing the existing behaviour. When set to YES the active_smtp field is displayed in the edit mode and can be modified. The commit includes update to the language files and documentation. The commit does not include the code to add the field to existing installs, which I presume can be added during the release cycle in upgrade.php along the lines of: _db_add_field('mailbox', 'smtp_active', 'int DEFAULT 1');
280 lines
8.6 KiB
Plaintext
280 lines
8.6 KiB
Plaintext
#
|
|
# Dovecot configuration for Postfix Admin
|
|
# Originally written by: Massimo <AndyCapp> Danieli
|
|
# Revised by: Sampsa Hario <shario> for Dovecot v1.0
|
|
# Revised by: David Goodwin <david@palepurple.co.uk> for Dovecot 2.1.x (2014/01/02)
|
|
#
|
|
|
|
More complete Dovecot documentation:
|
|
|
|
http://wiki.dovecot.org/Quota
|
|
http://wiki.dovecot.org/Quota/Dict
|
|
http://www.opensourcehowto.org/how-to/mysql/mysql-users-postfixadmin-postfix-dovecot--squirrelmail-with-userprefs-stored-in-mysql.html
|
|
|
|
|
|
Here are the relevant parts of Dovecot v2.1.x configuration for Postfixadmin setup.
|
|
|
|
Please refer to Dovecot documentation for complete information.
|
|
|
|
The setup gets userdb and passdb info from MySQL as well as quotas, and
|
|
uses dict backend to store used quotas as key=value pairs so that they can
|
|
be viewed real-time in Postfixadmin.
|
|
|
|
|
|
1. Dovecot setup
|
|
-----------------
|
|
|
|
A basic /etc/dovecot/dovecot.conf is as follows, this was generated using 'dovecot -n' on a vanilla install and then
|
|
changing to talk to a PostgreSQL or MySQL database.
|
|
|
|
# BEGIN /etc/dovecot/dovecot.conf:
|
|
# Change this to where your mail root is, this needs to match whatever structure postfix expects....
|
|
# See also: https://wiki.dovecot.org/MailLocation - %d domain, %u full username, %n user part (%u with no domain)
|
|
mail_location = maildir:/var/mail/vmail/%u/
|
|
|
|
namespace inbox {
|
|
inbox = yes
|
|
location =
|
|
mailbox Drafts {
|
|
special_use = \Drafts
|
|
}
|
|
mailbox Junk {
|
|
special_use = \Junk
|
|
}
|
|
mailbox Sent {
|
|
special_use = \Sent
|
|
}
|
|
mailbox "Sent Messages" {
|
|
special_use = \Sent
|
|
}
|
|
mailbox Trash {
|
|
special_use = \Trash
|
|
}
|
|
prefix =
|
|
}
|
|
|
|
protocols = "imap pop3"
|
|
# change to 'no' if you don't have ssl cert/keys, and comment out ssl_cert/ssl_key
|
|
ssl = yes
|
|
|
|
# If you're using LetsEncrypt/certbot see e.g. /etc/letsencrypt/live/MyDomain/fullchain.pem.
|
|
#
|
|
# cat server.crt server.key > dovecot.pem
|
|
#
|
|
# Make sure dovecot can read these file(s)
|
|
#
|
|
# If you use doveadm for your PostfixAdmin hashing, the webserver will also need read access to these files
|
|
# See also : https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/HASHING.md#dovecotmethod
|
|
|
|
ssl_cert = </etc/dovecot/private/dovecot.pem
|
|
ssl_key = </etc/dovecot/private/dovecot.pem
|
|
|
|
# login is for outlook express smtpd auth
|
|
auth_mechanisms = plain login
|
|
|
|
# If you're having trouble, try uncommenting these:
|
|
#auth_debug = yes
|
|
#auth_debug_passwords = yes
|
|
|
|
userdb {
|
|
driver = sql
|
|
args = /etc/dovecot/dovecot-sql.conf
|
|
}
|
|
|
|
passdb {
|
|
driver = sql
|
|
args = /etc/dovecot/dovecot-sql.conf
|
|
}
|
|
|
|
# Uncomment this if you want Postfix to be able to do smtpd auth through dovecot
|
|
# At a minimum Postfix probably needs smtpd_sasl_type = dovecot
|
|
# And additionally: smtpd_sasl_path = private/auth
|
|
#service auth {
|
|
# unix_listener /var/spool/postfix/private/auth {
|
|
# mode = 0660
|
|
# user = postfix
|
|
# group = postfix
|
|
# }
|
|
#}
|
|
|
|
# Needs to match Postfix virtual_uid_maps
|
|
first_valid_uid = 1001
|
|
|
|
# allow plaintext auth (change to 'yes' to block plaintext passwords)
|
|
disable_plaintext_auth = no
|
|
|
|
#END
|
|
|
|
|
|
2. Dovecot *sql setup
|
|
----------------------
|
|
|
|
Below you'll find the relevant part of dovecot-sql.conf file regarding our
|
|
setup.
|
|
|
|
Things you will probably need to change are db connection settings (connect=)
|
|
and the default_pass_scheme.
|
|
|
|
#BEGIN /etc/dovecot/dovecot-sql.conf
|
|
|
|
connect = host=localhost dbname=postfix user=postfix password=postfix
|
|
# Use either
|
|
driver = mysql
|
|
# Or
|
|
# driver = pgsql
|
|
|
|
# Default password scheme - change to match your Postfixadmin setting.
|
|
# depends on your $CONF['encrypt'] setting:
|
|
# md5crypt -> MD5-CRYPT
|
|
# md5 -> PLAIN-MD5
|
|
# cleartext -> PLAIN
|
|
default_pass_scheme = MD5-CRYPT
|
|
|
|
# Query to retrieve password. user can be used to retrieve username in other
|
|
# formats also.
|
|
|
|
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
|
|
|
|
# Query to retrieve user information, note uid matches dovecot.conf AND Postfix virtual_uid_maps parameter.
|
|
# MYSQL:
|
|
user_query = SELECT CONCAT('/var/mail/vmail/', maildir) AS home, 1001 AS uid, 1001 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
|
|
# PostgreSQL:
|
|
# user_query = SELECT '/var/mail/vmail/' || maildir AS home, 1001 AS uid, 1001 AS gid,
|
|
# '*:bytes=' || quota AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
|
|
|
|
# see: https://doc.dovecot.org/configuration_manual/authentication/sql/#id6
|
|
iterate_query = SELECT username as user FROM mailbox WHERE active = '1'
|
|
|
|
#END /etc/dovecot/dovecot-sql.conf
|
|
|
|
If you make use of the separate smtp_active flag in the mailbox table of postfixadmin by
|
|
enabling the configuration parameter $CONF['smtp_active_flag'] = YES in postfixadmin configuration
|
|
and you're using dovecot sasl with postfix, the dovecot queries can be updated to use the different flag for smtp:
|
|
|
|
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND (('%s' = 'smtp' AND smtp_active = '1') OR ('%s' <> 'smtp' AND active = '1'))
|
|
user_query = SELECT CONCAT('/var/mail/vmail/', maildir) AS home, 1001 AS uid, 1001 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND (('%s' = 'smtp' AND smtp_active = '1') OR ('%s' <> 'smtp' AND active = '1'))
|
|
|
|
3. Permissions
|
|
--------------
|
|
|
|
Applicable to those older versions of Postfixadmin (before v 3.4) (see also https://github.com/postfixadmin/postfixadmin/pull/491)
|
|
|
|
With Dovecot 2.3.11 (ish?), if you are using the Postfixadmin dovecot password hashing backend - so your Postfixadmin configuration looks like
|
|
|
|
`$CONF['encrypt'] = 'dovecot:something';`
|
|
|
|
then the system user account running the PostfixAdmin code (normally the webserver user
|
|
account, like www-data or http or nobody) will need ...
|
|
|
|
* read access to any SSL certificate files defined in /etc/dovecot/dovecot.conf
|
|
(check: ssl_key, ssl_cert)
|
|
|
|
* read/write access to /run/dovecot/stats-writer
|
|
* Fixable with: `usermod -aG dovecot www-data``
|
|
|
|
Please note, Postfixadmin does not need to run on the same server as the Dovecot server.
|
|
|
|
See also the following tickets which contain discussions and solutions :
|
|
|
|
* https://github.com/postfixadmin/postfixadmin/issues/381 (Unable to login after Dovecot upgrade)
|
|
* https://github.com/postfixadmin/postfixadmin/issues/398 (Dovecotpw needs to read my TLS cert and private key)
|
|
|
|
|
|
4. Dovecot v1.0 quota support (optional)
|
|
----------------------------------------
|
|
|
|
Please note that you need to use Dovecot's own local delivery agent to
|
|
enforce and update quotas. Then you can view real-time used quotas in
|
|
Postfixadmin.
|
|
|
|
Add to dovecot.conf:
|
|
|
|
## IMAP quota
|
|
protocol imap {
|
|
mail_plugins = quota
|
|
}
|
|
|
|
## POP quota
|
|
protocol pop3 {
|
|
mail_plugins = quota
|
|
}
|
|
|
|
## Local Delivery Agent
|
|
protocol lda {
|
|
mail_plugins = quota
|
|
}
|
|
|
|
## Dictionary DB proxy
|
|
dict {
|
|
quota = mysql:/etc/dovecot-dict-quota.conf
|
|
}
|
|
|
|
## Default quota values
|
|
plugin {
|
|
quota = dict:storage=200000 proxy::quota
|
|
}
|
|
|
|
|
|
Change dovecot-sql.conf to return quota values:
|
|
|
|
for MySQL:
|
|
user_query = SELECT maildir, 1001 AS uid, 1001 AS gid, CONCAT('dict:storage=',floor(quota/1000),' ::proxy::quota') as quota FROM mailbox WHERE username = '%u' AND active='1'
|
|
|
|
for PostgreSQL:
|
|
user_query = SELECT maildir, 1001 AS uid, 1001 AS gid, 'dict:storage=' || floor(quota/1000) || '::proxy::quota' as quota FROM mailbox WHERE username = '%u' AND active='1'
|
|
|
|
|
|
Create file dovecot-dict-quota.conf.
|
|
|
|
For dovecot 1.0 & 1.1, use this as a template:
|
|
|
|
driver = mysql
|
|
connect = host=localhost dbname=postfix user=postfix password=postfix
|
|
default_pass_scheme = MD5-CRYPT
|
|
table = quota
|
|
select_field = current
|
|
where_field = path
|
|
username_field = username
|
|
|
|
If you use dovecot 1.2 or newer, use this:
|
|
|
|
connect = host=localhost dbname=postfix user=postfix password=postfix
|
|
map {
|
|
pattern = priv/quota/storage
|
|
table = quota2
|
|
username_field = username
|
|
value_field = bytes
|
|
}
|
|
map {
|
|
pattern = priv/quota/messages
|
|
table = quota2
|
|
username_field = username
|
|
value_field = messages
|
|
}
|
|
|
|
|
|
Create database in Mysql:
|
|
(This is automatically done by postfixadmin's setup.php)
|
|
|
|
Enable quota support in Postfixadmin config.inc.php:
|
|
|
|
$CONF['used_quotas'] = 'YES';
|
|
$CONF['quota'] = 'YES';
|
|
|
|
Note: The above text describes the configuration for dovecot 1.0 & 1.1 quota table format.
|
|
|
|
If you use dovecot 1.2 or newer,
|
|
- use the 'quota2' table (also created by setup.php)
|
|
- set $CONF['new_quota_table'] = 'YES'
|
|
|
|
5. Dovecot Allowed IPs and App Password support (optional)
|
|
----------------------------------------------------------
|
|
|
|
To enhance end user security, Postfixadmin supports a set of features that
|
|
need implementation in the Dovecot login SQL queries.
|
|
|
|
The following features are available:
|
|
|
|
* Restrict login to a list of allowed remote IP addresses.
|
|
* Allow login with app passwords.
|