[筆記] Iredmail + Postfix Admin dovecot 的一些設定
/etc/dovecot/dovecot.conf
重點
disable_plaintext_auth = no
mail_location = maildir:/var/vmail/%d/%n:INDEX=/var/vmail/%d/%n/indexes
> #ssl_dh_parameters_length = 2048
>
> #ssl_prefer_server_ciphers = yes
>
>
> # IP ranges specified by login_trusted_networks setting are assumed to be secure.
>
> #login_trusted_networks = 127.0.0.1
>
>
> # With disable_plaintext_auth=yes AND ssl=required, STARTTLS is mandatory.
>
> # Set disable_plaintext_auth=no AND ssl=yes to allow plain password transmitted
>
> # insecurely.
>
> disable_plaintext_auth = no
>
> # Allow plain text password per IP address/net
>
> #remote 192.168.0.0/24 {
>
> # disable_plaintext_auth = no
>
> # }
>
>
> # Mail location and mailbox format.
>
> #mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/
>
> mail_location = maildir:/var/vmail/%d/%n:INDEX=/var/vmail/%d/%n/indexes
>
> # Authentication related settings.
>
> # Append this domain name if client gives empty realm.
>
> auth_default_realm = abc.org
>
>
> # Authentication mechanisms.
>
> auth_mechanisms = PLAIN LOGIN
>
>
> # Limits the number of users that can be logging in at the same time.
>
> # Default is 100. This can be overridden by process_limit = in
>
> # service [protocol] block.
>
> # e.g.
>
> # protocol imap-login {
>
> # …
>
> # process_limit = 500
>
> # }
>
> #default_process_limit = 100
>
>
> service auth {
>
>
> unix_listener /var/spool/postfix/private/dovecot-auth {
>
> user = postfix
>
> group = postfix
>
> mode = 0666
>
> }
>
> unix_listener auth-master {
>
> user = vmail
>
> group = vmail
>
> mode = 0666
>
> }
>
> unix_listener auth-userdb {
>
> user = vmail
>
> group = vmail
>
> mode = 0660
>
> }
>
> }
>
>
> # LMTP server (Local Mail Transfer Protocol).
>
> # Reference: http://wiki2.dovecot.org/LMTP
>
> service lmtp {
>
> user = vmail
>
>
> # For higher volume sites, it may be desirable to increase the number of
>
> # active listener processes. A range of 5 to 20 is probably good for most
>
> # sites.
>
> process_min_avail = 5
>
>
> # Logging.
>
> # Require ‘info_log_path =’ in ‘protocol lmtp { }’ block.
>
> executable = lmtp -L
>
>
> # Listening on socket file and TCP
>
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>
> user = postfix
>
>
> group = postfix
>
> mode = 0600
>
> }
>
>
> inet_listener lmtp {
>
> # Listen on localhost (ipv4)
>
> address = 127.0.0.1
>
> port = 24
>
> }
>
> }
>
>
> # Virtual mail accounts.
>
> userdb {
>
> args = /etc/dovecot/dovecot-mysql.conf
>
> driver = sql
>
> }
>
> passdb {
>
> args = /etc/dovecot/dovecot-mysql.conf
>
> driver = sql
>
> }
>
>
> # Master user.
>
> # Master users are able to log in as other users. It’s also possible to
>
> # directly log in as any user using a master password, although this isn’t
>
> # recommended.
>
> # Reference: http://wiki2.dovecot.org/Authentication/MasterUsers
>
> auth_master_user_separator = *
>
> passdb {
>
> driver = passwd-file
>
> args = /etc/dovecot/dovecot-master-users
>
> master = yes
>
> }
>
>
> plugin {
>
>
> auth_socket_path = /var/run/dovecot/auth-master
>
>
> # Quota configuration.
>
> # Reference: http://wiki2.dovecot.org/Quota/Configuration
>
> quota = dict:user::proxy::quotadict
>
> quota_rule = *:storage=1G
>
> #quota_rule2 = :messages=0
>
> #quota_rule3 = Trash:storage=1G
>
> #quota_rule4 = Junk:ignore
>
>
> # Quota warning.
>
> #
>
> # If user suddenly receives a huge mail and the quota jumps from
>
> # 85% to 95%, only the 95% script is executed.
>
> #
>
> # Only the command for the first exceeded limit is executed, so configure
>
> # the highest limit first.
>
> quota_warning = storage=100%% quota-warning 100 %u
>
> quota_warning2 = storage=95%% quota-warning 95 %u
>
> quota_warning3 = storage=90%% quota-warning 90 %u
>
> quota_warning4 = storage=85%% quota-warning 85 %u
>
>
> # allow user to become max 10% (or 50 MB) over quota
>
> quota_grace = 10%%
>
> #quota_grace = 50 M
>
>
> # Custom Quota Exceeded Message.
>
> # You can specify the message directly or read the message from a file.
>
> #quota_exceeded_message = Quota exceeded, please try again later.
>
> #quota_exceeded_message = </path/to/quota_exceeded_message.txt
>
>
> # Plugin: autocreate. Create and subscribe to default IMAP folders.
>
> autocreate = INBOX
>
> autocreate2 = Sent
>
>
> autocreate3 = Trash
>
> autocreate4 = Drafts
>
> autocreate5 = Junk
>
> autosubscribe = INBOX
>
> autosubscribe2 = Sent
>
> autosubscribe3 = Trash
>
> autosubscribe4 = Drafts
>
> autosubscribe5 = Junk
>
>
> # Plugin: expire.
>
> #expire = Trash 7 Trash/ 7 Junk 30
>
> #expire_dict = proxy::expire
>
>
> # ACL and share folder
>
> acl = vfile
>
> acl_shared_dict = proxy::acl
>
>
> # By default Dovecot doesn’t allow using the IMAP “anyone” or
>
> # “authenticated” identifier, because it would be an easy way to spam
>
> # other users in the system. If you wish to allow it,
>
> #acl_anyone = allow
>
>
> # Pigeonhole managesieve service.
>
> # Reference: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
>
> # Per-user sieve settings.
>
> sieve_dir = %Lh/sieve
>
> sieve = %Lh/sieve/dovecot.sieve
>
>
> # Global sieve settings.
>
> sieve_global_dir = /var/vmail/sieve
>
> # Note: if user has personal sieve script, global sieve rules defined in
>
> # sieve_default will be ignored. Please use sieve_before or
>
> # sieve_after instead.
>
> #sieve_default =
>
> sieve_before = /var/vmail/sieve/dovecot.sieve
>
> #sieve_after =
>
>
> # The maximum number of redirect actions that can be performed during a
>
> # single script execution.
>
> # The meaning of 0 differs based on your version. For pigeonhole-0.3.0 and
>
> # beyond this means that redirect is prohibited. For older versions,
>
> # however, this means that the number of redirects is unlimited.
>
> #sieve_max_redirects = 4
>
> }
>
>
> service quota-warning {
>
> executable = script /usr/local/bin/dovecot-quota-warning.sh
>
> unix_listener quota-warning {
>
> user = vmail
>
> group = vmail
>
> mode = 0660
>
> }
>
> }
>
>
> service dict {
>
> unix_listener dict {
>
> mode = 0660
>
> user = vmail
>
> group = vmail
>
> }
>
> }
>
>
> dict {
>
> #expire = db:/var/lib/dovecot/expire/expire.db
>
> quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
>
> acl = mysql:/etc/dovecot/dovecot-share-folder.conf
>
> }
>
>
> }
>
>
> protocol lda {
>
> # Reference: http://wiki2.dovecot.org/LDA
>
> mail_plugins = $mail_plugins sieve autocreate
>
> auth_socket_path = /var/run/dovecot/auth-master
>
> log_path = /var/log/dovecot-sieve.log
>
> lda_mailbox_autocreate = yes
>
> lda_mailbox_autosubscribe = yes
>
> postmaster_address = root
>
> }
>
>
> protocol lmtp {
>
> # Log file
>
> info_log_path = /var/log/dovecot-lmtp.log
>
>
> # Plugins
>
> mail_plugins = quota sieve
>
> postmaster_address = postmaster
>
>
> lmtp_save_to_detail_mailbox = yes
>
> recipient_delimiter = +
>
> }
>
>
> protocol imap {
>
> mail_plugins = $mail_plugins imap_quota autocreate imap_acl
>
> imap_client_workarounds = tb-extra-mailbox-sep
>
>
> # Maximum number of IMAP connections allowed for a user from each IP address.
>
> # NOTE: The username is compared case-sensitively.
>
> # Default is 10.
>
> # Increase it to avoid issue like below:
>
> # “Maximum number of concurrent IMAP connections exceeded”
>
> mail_max_userip_connections = 30
>
> }
>
>
> protocol pop3 {
>
> mail_plugins = $mail_plugins
>
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
>
> pop3_uidl_format = %08Xu%08Xv
>
>
> # Maximum number of IMAP connections allowed for a user from each IP address.
>
> # NOTE: The username is compared case-sensitively.
>
> # Default is 10.
>
> mail_max_userip_connections = 30
>
> }
>
>
> # Login processes. Refer to Dovecot wiki for more details:
>
> # http://wiki2.dovecot.org/LoginProcess
>
> service imap-login {
>
> #inet_listener imap {
>
> # port = 143
>
> # }
>
> #inet_listener imaps {
>
> # port = 993
>
> # ssl = yes
>
> # }
>
>
> service_count = 1
>
>
> # To avoid startup latency for new client connections, set process_min_avail
>
> # to higher than zero. That many idling processes are always kept around
>
> # waiting for new connections.
>
> #process_min_avail = 0
>
>
> # number of simultaneous IMAP connections
>
> process_limit = 500
>
>
> # vsz_limit should be fine at its default 64MB value
>
>
>
>
>
> }
>
>
> service pop3-login {
>
> #inet_listener pop3 {
>
> # port = 110
>
> # }
>
> #inet_listener pop3s {
>
> # port = 995
>
> # ssl = yes
>
> # }
>
>
> service_count = 1
>
>
> # number of simultaneous POP3 connections
>
> #process_limit = 500
>
> }
>
>
> service managesieve-login {
>
> inet_listener sieve {
>
> # Listen on localhost (ipv4)
>
> address = 127.0.0.1
>
> port = 4190
>
> }
>
> }
>
>
> namespace {
>
> type = private
>
> separator = /
>
> prefix =
>
> #location defaults to mail_location.
>
> inbox = yes
>
> }
>
> namespace {
>
> type = shared
>
> separator = /
>
> prefix = Shared/%%u/
>
> location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%u
>
> # this namespace should handle its own subscriptions or not.
>
> subscriptions = yes
>
> list = children
>
> }
>
>
> # Public mailboxes.
>
> # Refer to Dovecot wiki page for more details:
>
> # http://wiki2.dovecot.org/SharedMailboxes/Public
>
> #namespace {
>
> # type = public
>
> # separator = /
>
> # prefix = Public/
>
> #
>
> # # CONTROL=: Mark this public folder as read-only mailbox
>
> # # INDEX=: Per-user \Seen flag
>
> # location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
>
> #
>
> # # Allow users to subscribe to the public folders.
>
> # subscriptions = yes
/etc/dovecot/dovecot-mysql.conf
有 # 的是iredmail 自動做好的設定
註解掉之後新增最後面的幾行,改成自己的DB、帳號、密碼、確認一下uid 跟 postfix的main.cf 一樣
> #driver = mysql
>
> #default_pass_scheme = CRYPT
>
> #connect = host=127.0.0.1 dbname=vmail user=vmail password=NP5eaW3VSRogGT5bx0qaHMm7CKemRY
>
> # Required by ‘doveadm mailbox …’.
>
> #iterate_query = SELECT username AS user FROM mailbox
>
> #password_query = SELECT password, allow_nets FROM mailbox WHERE username=‘%u’ AND enable%Ls%Lc=1 AND active=1
>
> #user_query = SELECT
>
> # ‘%u’ AS master_user,
>
> # CONCAT(mailbox.storagebasedirectory, ‘/’, mailbox.storagenode, ‘/’, mailbox.maildir) AS home,
>
> # CONCAT(’*:bytes=‘, mailbox.quota*1048576) AS quota_rule
>
> #FROM mailbox,domain
>
> #WHERE mailbox.username=‘%u’
>
> # AND mailbox.domain=‘%d’
>
> # AND mailbox.enable%Ls%Lc=1
>
> # AND mailbox.domain=domain.domain
>
> # AND domain.backupmx=0
>
> # AND domain.active=1
>
> # AND mailbox.active=1
>
>
> driver = mysql
>
> connect = host=127.0.0.1 dbname=postfix user=postfix password=postfixadmin
>
> default_pass_scheme = MD5-CRYPT
>
> user_query = SELECT ‘/var/vmail/%d/%n’ as home, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = ‘%u’
>
> password_query = SELECT password FROM mailbox WHERE username = ‘%u’
postfix main.cf
重點 uid 設定要一樣 都是 2000
原則上就是在原本的 proxy:mysql 這些設定後面,加入 postfixadmin 的設定
然後有一些只有 iredmail 有, postfix admin 沒有的,都先註解掉
像是底下這部分 > # > > # Lookup virtual mail accounts > > # > > #transport_maps = > > # proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf > > # proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf > > > #sender_dependent_relayhost_maps = > > # proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf > > > # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses. > > #smtpd_sender_login_maps = > > # proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
其他的設定如下
> alias_database = hash:/etc/postfix/aliases > > alias_maps = hash:/etc/postfix/aliases > > allow_min_user = no > > allow_percent_hack = no > > biff = no > > body_checks = pcre:/etc/postfix/body_checks.pcre > > command_directory = /usr/sbin > > config_directory = /etc/postfix > > daemon_directory = /usr/libexec/postfix > > data_directory = /var/lib/postfix > > debug_peer_level = 2 > > disable_vrfy_command = yes > > enable_original_recipient = no > > header_checks = pcre:/etc/postfix/header_checks > > home_mailbox = Maildir/ > > inet_interfaces = all > > inet_protocols = ipv4 > > lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 > > lmtp_tls_protocols = !SSLv2 !SSLv3 > > mail_owner = postfix > > mailbox_command = /usr/libexec/dovecot/deliver > > mailq_path = /usr/bin/mailq.postfix > > message_size_limit = 15728640 > > mydestination = $myhostname, localhost, localhost.localdomain > > mydomain = iredmail.cowbay.org > > myhostname = iredmail.cowbay.org > > mynetworks = 127.0.0.1 > > myorigin = iredmail.cowbay.org > > newaliases_path = /usr/bin/newaliases.postfix > > proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $rela > > y_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_ali > > as_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps > > queue_directory = /var/spool/postfix > > recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf > > recipient_delimiter = + > > relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cfsender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf > > sendmail_path = /usr/sbin/sendmail.postfix > > setgid_group = postdrop > > smtp_tls_CAfile = $smtpd_tls_CAfile > > smtp_tls_loglevel = 1 > > smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 > > smtp_tls_note_starttls_offer = yes > > smtp_tls_protocols = !SSLv2 !SSLv3 > > smtp_tls_security_level = may > > smtpd_data_restrictions = reject_unauth_pipelining > > smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777 > > smtpd_helo_required = yes > > smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname check_helo_access pcre:/etc > > /postfix/helo_access.pcre > > smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 > > permit_mynetworks permit_sasl_authenticated reject_unauth_destination > > smtpd_reject_unlisted_recipient = yes > > smtpd_reject_unlisted_sender = yes > > smtpd_sasl_path = private/dovecot-auth > > smtpd_sasl_type = dovecot > > smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_saslauthenticated check > > sender_access pcre:/etc/postfix/sender_access.pcre > > smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail.crt > > smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail.crt > > smtpd_tls_dh1024_param_file = /etc/pki/tls/dh2048_param.pem > > smtpd_tls_dh512_param_file = /etc/pki/tls/dh512_param.pem > > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA > > smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key > > smtpd_tls_loglevel = 1 > > smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 > > smtpd_tls_protocols = !SSLv2 !SSLv3 > > swap_bangpath = no > > tls_random_source = dev:/dev/urandom > > unknown_local_recipient_reject_code = 550 > > virtual_alias_domains = > > virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf proxy:mysql:/etc/postfix > > /sql/mysql_virtual_alias_domain_maps.cf proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf > > virtual_gid_maps = static:2000 > > virtual_mailbox_base = /var/vmail > > virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf > > virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf > > virtual_minimum_uid = 2000 > > virtual_transport = virtual > > virtual_uid_maps = static:2000