I'm not sure if this is exactly what you're looking for, but below are the configurations for setting up dovecot and postfix using virtual users in a MySQL database with virus/spam scanning enabled. I commented every few lines to describe what the parameters do.
With this setup each virtual user gets mapped to a system user and group, so it's up to you how to divide these but you could do this per domain for example. I've bolded any configuration values that you'll need to change manually.
Software required:
Code:
yum install dovecot postfix mysql-server amavisd-new clamav-server spamassassin
Enable the services:
Code:
for i in dovecot postfix mysql amavisd clamd.amavisd;do
chkconfig $service on
done
Allow dovecot to deliver mail to user's mailboxes with varying UID/GIDs:
Code:
chown root.mail /usr/libexec/dovecot/deliver
chmod 4750 /usr/libexec/dovecot/deliver
To setup a basic configuration for amavisd, edit /etc/amavisd/amavisd.conf and change the settings to your liking. At a minimum you'll want to edit the $mydomain, $myhostname, $*_admin and $*level_deflt variables. You can find more information about the spam levels in the spamassassin documentation.
This is the configuration for Postfix, /etc/postfix/main.cf:
Code:
# basic server settings
myhostname = mail.your-domain.tld
mydomain = localdomain
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
smtpd_banner = $myhostname ESMTP $mail_name: You can put your own message here.
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
parent_domain_matches_subdomains = no
# Remember to run "newaliases" when you change this file
alias_maps = hash:/etc/aliases
# Configuration for Postfix/SQL interation
# This allows Postfix to know which domains it should be handling
virtual_mailbox_domains = mysql:/etc/postfix/mysql-vdomains.cf
# This tells Postfix which virtual users are present
virtual_mailbox_maps = mysql:/etc/postfix/mysql-vusers.cf
# Additional alias maps (SQL) for Postfix
virtual_alias_maps = mysql:/etc/postfix/mysql-valiases.cf
# Enables dovecot local delivery agent (lda). When mail is sent to this server,
# it is passed onto Dovecot for delivery into the user's mbox
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
# SASL authentication via dovecot.
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Reject unknown local users with error code to prevent backscatter spam
# Mail to unknown virtual users is also automatically deflected with a 550
unknown_local_recipient_reject_code = 550
# Disallow non fully qualified domain names & relay if user isn't authenticated
# Stops spammers from using the mail server
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain
# Do not discard messages at HELO until RCPT TO command is given
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_non_fqdn_helo_hostname, reject_invalid_hostname
# TLS config
smtpd_tls_security_level = may
# You need to create these keys manually - look online for more info
smtpd_tls_key_file = /etc/pki/tls/private/server-ssl.key
smtpd_tls_cert_file = /etc/pki/tls/certs/server-ssl.cert
# Send session info to log
smtpd_tls_loglevel = 1
# Don't renegotiate new TLS sessions with the same client for an hour
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
# Enable me to force TLS connections
#smtpd_tls_auth_only = yes
# Spam filtering - relays to amavisd
content_filter = smtp:[127.0.0.1]:10024
# Limit how fast we can accept mail so that is is processed correctly
default_process_limit = 20
# Some standard defaults
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
mail_owner = postfix
# Max message size of ~20MB
message_size_limit = 20480000
Here is the dovecot configuration, /etc/dovecot.conf:
Code:
# Support IMAP and POP (plain & secure)
protocols = imap imaps pop3 pop3s
# Set to "yes" to force secure authentication
# This setup uses SSL so plaintext authentication isn't a huge deal.
disable_plaintext_auth = no
# Enable me to debug authentication failures
#auth_debug_passwords=yes
# for $USER@$DOMAIN, maildir storage in $HOME/mail/$DOMAIN/$USER
# $HOME is set in the virtual user SQL DB
mail_location = maildir:%h/mail/%d/%n
umask = 0077 # 700 permissions
# For compatability with some older mail clients
pop3_uidl_format = %08Xu%08Xv
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
# Increases performance
maildir_copy_with_hardlinks = yes
# Lowercase all usernames
auth_username_format = %Lu
# TLS settings
# These are the same keys used in the Postfix config
ssl_disable = no
ssl_cert_file = /etc/pki/tls/certs/server-ssl.cert
ssl_key_file = /etc/pki/tls/private/server-ssl.key
# Disable insecure ciphers
ssl_cipher_list = ALL:!LOW:!SSLv2
#verbose_ssl = yes
auth default {
mechanisms = plain login
# Lookup virtual users in the SQL DB
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb prefetch {
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
# The sockets allow Postfix to perform SASL authentication via Dovecot
socket listen {
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = dovecot
group = mail # Postfix is running as this user
}
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = dovecot
group = mail # User running deliver = Postfix = mail UID/GID
}
}
}
# Enable lda (local delivery agent)
# Allows postfix to pass mail to dovecot for delivery into the proper user's mailbox
protocol lda {
postmaster_address = postmaster@your-domain.tld
auth_socket_path = /var/run/dovecot/auth-master
}
Now, let's set up the SQL databases that dovecot and postfix will use:
Create the tables:
Code:
CREATE DATABASE your-db-name
USE your-db-name
CREATE TABLE `forwarders` (
`source` varchar(128) NOT NULL,
`destination` varchar(128) NOT NULL,
PRIMARY KEY (`source`)
);
CREATE TABLE `vusers` (
`userid` varchar(128) NOT NULL,
`domain` varchar(128) NOT NULL,
`password` varchar(64) NOT NULL,
`home` varchar(255) NOT NULL,
`uid` int(11) NOT NULL,
`gid` int(11) NOT NULL,
PRIMARY KEY (`userid`,`domain`)
);
GRANT ALL ON your-db-name.* TO USER 'your-db-user'@'localhost' IDENTIFIED BY 'your-password';
exit
In order to access the SQL databases, Postfix and Dovecot need to be configured with additional config files - remember to use the same database, username and password as earlier!
/etc/dovecot-mysql.conf:
Code:
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=your-db-name user=your-db-user password=your-password
#%u = user@domain.tld, %n = use, %d = domain.tld
# password w/ prefetch lookups
password_query = SELECT concat(userid, '@', domain) AS user, password, home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid FROM vusers WHERE userid = '%Ln' AND domain = '%Ld'
# For deliver lookups:
user_query = SELECT home, uid, gid FROM vusers WHERE userid = '%Ln' AND domain = '%Ld'
/etc/postix/mysql-valiases.cf:
Code:
# Connection info for alias lookups
user = your-db-user
password = your-password
hosts = 127.0.0.1
# The database name on the servers.
dbname = your-db-name
# SQL query template - see mysql_table(5) for details.
query = SELECT destination FROM forwarders WHERE source='%s'
/etc/postfix/mysql-vusers.cf
Code:
# Connection info for virtual user lookups
user = your-db-user
password = your-password
hosts = 127.0.0.1
# The database name on the servers.
dbname = your-db-name
# SQL query template - see mysql_table(5) for details.
query = SELECT 1 FROM vusers WHERE concat(userid, '@', domain)='%s'
/etc/postfix/mysql-vdomains.cf:
Code:
# Connection info for "virtual domains"
user = your-db-user
password = your-password
hosts = 127.0.0.1
# The database name on the servers.
dbname = your-db-name
# SQL query template - see mysql_table(5) for details.
query = SELECT DISTINCT(domain) FROM vusers WHERE domain='%s'
The last piece to put it all together is to setup the transports so that Postfix can relay to Dovecot LDA or Amavisd for scanning.
Add, do not replace, the following to /etc/postfix/master.cf:
Code:
# Dovecot LDA, ignores extensions (user+extension@domain.com --> user@domain.com)
dovecot unix - n n - - pipe
flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
# Spam filtering
127.0.0.1:10025 inet n - - - 0 smtpd -o content_filter= -o smtpd_sasl_auth_enable=no
Postfix+dovecot+spamassassin
Linear Mode
