This guide assumes you already have postfix installed, dovecot installed, and at minimum have email established for unix accounts either by final destination or virtual alias domains. Now you want to set up a separate virtual user database, and these virtual users that do not have a unix account on the system will be able to retrieve their email from their virtual mailbox. The security benefit is in that email only users need not have any security credentials in the /etc/passwd and still be able to pop or imap in and retrieve email.
It might make things more clear to first Understand Postfix Account Types for a Linux system.
configuration steps with examples
Step 1: prepare necessary files and directories
Locate your postfix configuration files, they might be in /etc/postfix, or /etc/mail/postfix, or /etc/mail depending on your distro and installation. For Redhat/Fedora/CentOS you will likely find the following directory structure:
/etc/poastfix /etc/dovecot
You will have to manually create some files.
touch /etc/postfix/virtual touch /etc/postfix/domains touch /etc/postfix/vmailbox mkdir /etc/auth touch /etc/auth/yourdomain.com/passwd
You will have to manually populate those files. Click on each one for a sample. Remember to change obvious things such as yourdomain.com to your actual domain name, and populate the users with your actual users.
Step 2: edit the postfix main.cf
Here are (some) important lines you will need in your main.cf
alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases home_mailbox = Maildir/ virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_domains = hash:/etc/postfix/domains virtual_mailbox_base = /var/spool/vmail virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 4000 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000
Step 3: edit the dovecot.conf
Here is a sample of (minimum) lines from dovecot.conf
protocols = imap pop3 lmtp listen = * login_greeting = Hello visitor! !include conf.d/*.conf
Step 4: edit conf.d/10-auth.conf
The 10-auth.conf is located in the conf.d/ folder. Here is a sample of (minimum) lines from 10-auth.conf
disable_plaintext_auth = no auth_failure_delay = 4 secs auth_mechanisms = plain login !include auth-system.conf.ext !include auth-checkpassword.conf.ext
Make sure that !include auth-checkpassword.conf.ext is uncommented.
Step 5: edit conf.d/auth-checkpassword.conf.ext
The auth-checkpassword.conf.ext is in the conf.d/ filder. Here are all the necessary lines.
passdb {
driver = passwd-file
args = /etc/auth/%d/passwd
}
userdb {
driver = prefetch
}
userdb {
driver = passwd-file
args = /etc/auth/%d/passwd
}
references
- Postfix Virtual Domain Hosting Howto
- Dovecot Multiple Authentication Databases
- Dovecot Password Databases
- Dovecot User Databases
- Dovecot Authentication Databases
- Ubuntu PostfixVirtualMailBoxClamSmtpHowto