Difference between revisions of "Dovecot and Postfix Hybrid Authentication Example"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(configure postfix)
(configure postfix)
Line 22: Line 22:
 
   driver = passwd-file
 
   driver = passwd-file
 
   args = /etc/postfix/passwd/%d
 
   args = /etc/postfix/passwd/%d
 +
 +
== edit the postfix main.cf ==
 +
Here are (some) important lines you will need in your main.cf
 +
 +
alias_maps = hash:/etc/aliases
 +
alias_database = hash:/etc/aliases
 +
home_mailbox = Maildir/
 +
virtual_alias_maps = hash:/etc/postfix/virtual
 +
virtual_mailbox_domains = hash:/etc/postfix/domains
 +
virtual_mailbox_base = /var/spool/vmail
 +
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
 +
virtual_minimum_uid = 4000
 +
virtual_uid_maps = static:5000
 +
virtual_gid_maps = static:5000
 +
 +
== edit the dovecot.conf ==
 +
Here is a sample of (minimum) lines from dovecot.conf
 +
 +
protocols = imap pop3 lmtp
 +
listen = *
 +
login_greeting = Hello visitor!
 +
!include conf.d/*.conf
 +
 +
== edit conf.d/10-auth.conf ==
 +
The 10-auth.conf is located in the conf.d/ folder.  Here is a sample of (minimum) lines from 10-auth.conf
 +
 +
disable_plaintext_auth = no
 +
auth_failure_delay = 4 secs
 +
auth_mechanisms = plain login
 +
!include auth-system.conf.ext
 +
!include auth-checkpassword.conf.ext
 +
 +
Make sure that !include auth-checkpassword.conf.ext is uncommented. 
 +
 +
== edit conf.d/auth-checkpassword.conf.ext ==
 +
The auth-checkpassword.conf.ext is in the conf.d/ filder.  Here are all the necessary lines.
 +
 +
passdb {
 +
  driver = passwd-file
 +
  args = /etc/postfix/passwd/%d
 +
}
 +
 +
userdb {
 +
  driver = prefetch
 +
}
 +
 +
userdb {
 +
  driver = passwd-file
 +
  args = /etc/postfix/passwd/%d
 +
}
  
 
== references ==
 
== references ==

Revision as of 19:10, 13 February 2014

This guide assumes you already have postfix installed, dovecot installed, and at minimum have email established for unix accounts either by final destination or virtual alias domains. Now you want to set up a separate virtual user database, and these virtual users that do not have a unix account on the system will be able to retrieve their email from their virtual mailbox. The security benefit is in that email only users need not have any security credentials in the /etc/passwd and still be able to pop or imap in and retrieve email.

It might make things more clear to first Understand Postfix Account Types for a Linux system.

configure postfix

Locate your postfix configuration files, they might be in /etc/postfix, or /etc/mail/postfix, or /etc/mail depending on your distro and installation.


This document is not complete... here is a summary

 

Contributeduck176.gif
Note: This page is notably incomplete. You can help. Please contribute by registering your email address and adding your knowledge to this page. The D.U.C.K. wiki was created to be a free informative place that allows an open exchange of accurate information.
Learn more...
  • Set up postfix virtual mailbox text file with email address and destination folder - this is plain text file that must be made hash database
  • Make sure all domains are configured in postfix
  • create a passwd file for each virtual user domain /etc/passwd.domain.com
  • edit dovecot/conf.d/auth-checkpassword.conf.ext
mail_location = maildir:~/Maildir
passdb {
 driver = pam
}
 driver = passwd-file
 args = /etc/postfix/passwd/%d

edit the postfix main.cf

Here are (some) important lines you will need in your main.cf

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_domains = hash:/etc/postfix/domains
virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 4000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

edit the dovecot.conf

Here is a sample of (minimum) lines from dovecot.conf

protocols = imap pop3 lmtp
listen = *
login_greeting = Hello visitor!
!include conf.d/*.conf

edit conf.d/10-auth.conf

The 10-auth.conf is located in the conf.d/ folder. Here is a sample of (minimum) lines from 10-auth.conf

disable_plaintext_auth = no
auth_failure_delay = 4 secs
auth_mechanisms = plain login
!include auth-system.conf.ext
!include auth-checkpassword.conf.ext

Make sure that !include auth-checkpassword.conf.ext is uncommented.

edit conf.d/auth-checkpassword.conf.ext

The auth-checkpassword.conf.ext is in the conf.d/ filder. Here are all the necessary lines.

passdb {
  driver = passwd-file
  args = /etc/postfix/passwd/%d
}

userdb {
  driver = prefetch
}

userdb {
  driver = passwd-file
  args = /etc/postfix/passwd/%d
}

references

&nbsp