[Dovecot] sendmail to postfix-dovecot
Hi, I am a newbie to postfix and dovecot so I hope you can help me. I have an old server running sendmail for many years now. On this server I have about 100 domains and 500 users. The users are named as myuser or myuser.dom. People use pop3 and imap for fetching reading their email. I've setup a new server with postfix and dovecot2 on freebsd and managed to get it all working with virtual users. However, now I found out that I overlooked something; People have to login with username@domain.tld<mailto:username@domain.tld> on the new server but only use their username on the old server. This means they all have to change their login credentials, which is not an option. Is it possible to do some scripting before authentication where the username is looked up in the database and the right domain is added to the account? If I understand right it is not possible to use system and virtual users together.
Thanks, Roger
Roger Berger skrev den 2013-11-27 11:41:
If I understand right it is not possible to use system and virtual users together.
incorrect it is, see here http://wiki2.dovecot.org/VirtualUsers part of usernames and domains
its all about dovecot auth how its configured, if you want both system and virtual users make sure system users get domain stripped in auth
nned more help ?, post dovecot -n
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 27 Nov 2013, Benny Pedersen wrote:
Roger Berger skrev den 2013-11-27 11:41:
If I understand right it is not possible to use system and virtual users together.
incorrect it is, see here http://wiki2.dovecot.org/VirtualUsers part of usernames and domains
its all about dovecot auth how its configured, if you want both system and virtual users make sure system users get domain stripped in auth
in addition to Benny's remark, you can also override the username, e.g. system users may auth without domain, but passdb/userdb return the user with domain. Then you can have all users as virtual user/domain.
But probably using two userdb's is easier to maintain.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUpYicV3r2wJMiz2NAQLA8Af/UihRhqMl+zMA8KhaeTZNA2HXslfnwEby nYwEjaznsW07o8oJw4uEpABE+iifZbexPBlBYz9ZifDbcPjz40EyXDbMPaK1CFQs 1ScetGtKli0/jZue4kTbuXKZhzRAqU+fQDwgsyCGCtQEdzp+CdW7IDRnUltgtFQg YFcdHENNpOGPnht+vMCOlnPRLmqzasQujOALe3CWNhU/MsD1EfQC6Hw5hx8btYpd M731NdH7YT8RH2SV+FOPWO1Bixg0sqw15VJznj4390jlmVsIuNu47ABt0Ht6Kfm2 AHyi7oZz3EpRyl7RAI+dwKTd0wKP3sgmvnbdqrDdNVPUIp5cTmaHCA== =5Jpo -----END PGP SIGNATURE-----
Steffen Kaiser schreef op 27-11-2013 17:48:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 27 Nov 2013, Benny Pedersen wrote:
Roger Berger skrev den 2013-11-27 11:41:
If I understand right it is not possible to use system and virtual users together.
incorrect it is, see here http://wiki2.dovecot.org/VirtualUsers part of usernames and domains
its all about dovecot auth how its configured, if you want both system and virtual users make sure system users get domain stripped in auth
in addition to Benny's remark, you can also override the username, e.g. system users may auth without domain, but passdb/userdb return the user with domain. Then you can have all users as virtual user/domain.
But probably using two userdb's is easier to maintain.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUpYicV3r2wJMiz2NAQLA8Af/UihRhqMl+zMA8KhaeTZNA2HXslfnwEby nYwEjaznsW07o8oJw4uEpABE+iifZbexPBlBYz9ZifDbcPjz40EyXDbMPaK1CFQs 1ScetGtKli0/jZue4kTbuXKZhzRAqU+fQDwgsyCGCtQEdzp+CdW7IDRnUltgtFQg YFcdHENNpOGPnht+vMCOlnPRLmqzasQujOALe3CWNhU/MsD1EfQC6Hw5hx8btYpd M731NdH7YT8RH2SV+FOPWO1Bixg0sqw15VJznj4390jlmVsIuNu47ABt0Ht6Kfm2 AHyi7oZz3EpRyl7RAI+dwKTd0wKP3sgmvnbdqrDdNVPUIp5cTmaHCA== =5Jpo -----END PGP SIGNATURE-----
Here is my dovecot -n: root@mail:/usr/local/etc/dovecot/conf.d # dovecot -n # 2.2.6: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.2-RELEASE amd64 auth_default_realm = mail.nedport.net auth_mechanisms = plain login auth_realms = mail.nedport.net nedport.net disable_plaintext_auth = no first_valid_gid = 500 hostname = mail.nedport.net lda_mailbox_autocreate = yes mail_gid = 5000 mail_location = maildir:~/ mail_plugins = quota expire mail_log notify mail_temp_dir = /var/tmp mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Trash mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = maildir:User quota quota_exceeded_message = Storage quota for this account has been exceeded, please try again later. quota_rule = *:storage=1G quota_rule2 = Trash:storage=+30%% quota_rule3 = Sent:storage=+30%% quota_warning = storage=90%% quota-warning 90 %u quota_warning2 = storage=75%% quota-warning 75 %u } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh postmaster_address = postmaster@nedport.net sendmail_path = /usr/local/sbin/sendmail service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl = no ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = prefetch } userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol imap { mail_max_userip_connections = 3 mail_plugins = quota expire mail_log notify imap_quota imap_zlib } protocol pop3 { mail_max_userip_connections = 3 }
I've been thinking about this and I want to put all system users in the database using the provided tools from postfixadmin and then sync the mail using imapsync. In that case domain admins can handle their own mailboxes using postfixadmin. In that case I have all users as virtual users, but they have to be able to login with only their username. That means new users should login by using their complete emailaddress and old users as username or emailaddress. so: old user: info@domain1.com user: info can login as info or info@domain1.com old user: info@domain2.com user: info.ltd can login as info.ltd or info@domain2.com new user: info@domain3.com can login only as info@domain3.com if the new user tries to login as info he gets a password failure Is this possible an correct ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 27 Nov 2013, R. Berger wrote:
Steffen Kaiser schreef op 27-11-2013 17:48:
On Wed, 27 Nov 2013, Benny Pedersen wrote:
Roger Berger skrev den 2013-11-27 11:41:
If I understand right it is not possible to use system and virtual users together.
incorrect it is, see here http://wiki2.dovecot.org/VirtualUsers part of usernames and domains
its all about dovecot auth how its configured, if you want both system and virtual users make sure system users get domain stripped in auth
in addition to Benny's remark, you can also override the username, e.g. system users may auth without domain, but passdb/userdb return the user with domain. Then you can have all users as virtual user/domain.
But probably using two userdb's is easier to maintain.
Here is my dovecot -n: root@mail:/usr/local/etc/dovecot/conf.d # dovecot -n # 2.2.6: /usr/local/etc/dovecot/dovecot.conf
mail_location = maildir:~/
you should not use the home directory as base for mail storage, use ~/Maildir
passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql }
userdb { driver = prefetch } userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql }
I've been thinking about this and I want to put all system users in the database using the provided tools from postfixadmin and then sync the mail using imapsync.
OK, then all user data are in the SQL database.
In that case domain admins can handle their own mailboxes using postfixadmin. In that case I have all users as virtual users, but they have to be able to login with only their username. That means new users should login by using their complete emailaddress and old users as username or emailaddress. so: old user: info@domain1.com user: info can login as info or info@domain1.com old user: info@domain2.com user: info.ltd can login as info.ltd or info@domain2.com new user: info@domain3.com can login only as info@domain3.com if the new user tries to login as info he gets a password failure Is this possible an correct ?
configure your SQL query so, that info@domain1.com and info hits the same entry and that the username is overwritten (field "user", IMHO) to info@domain1.com. Then this user can login as info@domain1.com or info with the same password, internally Dovecot handles all mail as info@domain1.com only.
Do the same for all other users as appropriate.
One can craft the database like so:
one table with the user data of info@domain1.com, username, password a.s.o.
one table with alias names and foreign key of user data table
the select for passdb joins both tables
Search the list and wiki for such setup, e.g. http://wiki2.dovecot.org/PasswordDatabase?highlight=%28username%29
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUpcIHl3r2wJMiz2NAQL5tgf/c130rwnZvXqNQOKiMpympmIZQhEmTMbd skSn+Bq7oLlU1nR3ao8HrdPmDlKeJYDUgU2Gr2U1Gw8z247TdFCQhLczFrm0gL+J gDUGS35sNVo6muSPlXGuTRL3J0kFDZX25Ic6APsvahk6HJGg3Z65cmYDLvi9PiyN TYysA4/zHmn0rZqzAdmeJdRF5VdW4CcDJ2ThKfbUVDgVYhRLRV1NhxK1sujkAWR8 WRTd96iB7dqNZo4SMkxQ9qhwL+HmfyWY2z2WVniqkhzUSRuc3v/StOU4/T4EaUTA wrM9TbHOWU7KU3DAmFj9TuVNP0KU2eINREainhl86IBrK5HTCY1NTQ== =0voO -----END PGP SIGNATURE-----
OK,
My dovecot-sql.conf.ext looks like this:
connect = host=127.0.0.1 port=3306 user=postfix password=blabla
dbname=postfix
driver = mysql
default_pass_scheme = MD5-CRYPT
password_query = SELECT password,CONCAT('/mail/', maildir) AS userdb_home,
'5000' AS userdb_uid, '5000' AS userdb_gid, allow_nets,
concat('*:bytes=', quota) AS userdb_quota_rule
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
user_query = SELECT CONCAT('/mail/', maildir) AS home, 'maildir:~/' as mail,
'5000' AS uid, '5000' AS gid,
concat('*:bytes=', quota) AS quota_rule
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
#iterate_query = SELECT username AS user FROM mailbox
-----Oorspronkelijk bericht----- Van: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] Namens Steffen Kaiser Verzonden: donderdag 28 november 2013 10:09 Aan: R. Berger CC: dovecot@dovecot.org Onderwerp: Re: [Dovecot] sendmail to postfix-dovecot
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 27 Nov 2013, R. Berger wrote:
Steffen Kaiser schreef op 27-11-2013 17:48:
On Wed, 27 Nov 2013, Benny Pedersen wrote:
Roger Berger skrev den 2013-11-27 11:41:
If I understand right it is not possible to use system and virtual users together.
incorrect it is, see here http://wiki2.dovecot.org/VirtualUsers part of usernames and domains
its all about dovecot auth how its configured, if you want both system and virtual users make sure system users get domain stripped in auth
in addition to Benny's remark, you can also override the username, e.g. system users may auth without domain, but passdb/userdb return the user with domain. Then you can have all users as virtual user/domain.
But probably using two userdb's is easier to maintain.
Here is my dovecot -n: root@mail:/usr/local/etc/dovecot/conf.d # dovecot -n # 2.2.6: /usr/local/etc/dovecot/dovecot.conf
mail_location = maildir:~/
you should not use the home directory as base for mail storage, use ~/Maildir
passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql }
userdb { driver = prefetch } userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql }
I've been thinking about this and I want to put all system users in the database using the provided tools from postfixadmin and then sync the mail using imapsync.
OK, then all user data are in the SQL database.
In that case domain admins can handle their own mailboxes using postfixadmin. In that case I have all users as virtual users, but they have to be able to login with only their username. That means new users should login by using their complete emailaddress and old users as username or emailaddress. so: old user: info@domain1.com user: info can login as info or info@domain1.com old user: info@domain2.com user: info.ltd can login as info.ltd or info@domain2.com new user: info@domain3.com can login only as info@domain3.com if the new user tries to login as info he gets a password failure Is this possible an correct ?
configure your SQL query so, that info@domain1.com and info hits the same entry and that the username is overwritten (field "user", IMHO) to info@domain1.com. Then this user can login as info@domain1.com or info with the same password, internally Dovecot handles all mail as info@domain1.com only.
Do the same for all other users as appropriate.
One can craft the database like so:
one table with the user data of info@domain1.com, username, password a.s.o.
one table with alias names and foreign key of user data table
the select for passdb joins both tables
Search the list and wiki for such setup, e.g. http://wiki2.dovecot.org/PasswordDatabase?highlight=%28username%29
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUpcIHl3r2wJMiz2NAQL5tgf/c130rwnZvXqNQOKiMpympmIZQhEmTMbd skSn+Bq7oLlU1nR3ao8HrdPmDlKeJYDUgU2Gr2U1Gw8z247TdFCQhLczFrm0gL+J gDUGS35sNVo6muSPlXGuTRL3J0kFDZX25Ic6APsvahk6HJGg3Z65cmYDLvi9PiyN TYysA4/zHmn0rZqzAdmeJdRF5VdW4CcDJ2ThKfbUVDgVYhRLRV1NhxK1sujkAWR8 WRTd96iB7dqNZo4SMkxQ9qhwL+HmfyWY2z2WVniqkhzUSRuc3v/StOU4/T4EaUTA wrM9TbHOWU7KU3DAmFj9TuVNP0KU2eINREainhl86IBrK5HTCY1NTQ== =0voO -----END PGP SIGNATURE-----
OK, I have changed my mail_location. But the mysql is a bit off a hassle. If I add tables to the database, will it still work with postfixadmin?
My dovecot-sql.conf.ext looks like this:
connect = host=127.0.0.1 port=3306 user=postfix password=blabla
dbname=postfix
driver = mysql
default_pass_scheme = MD5-CRYPT
password_query = SELECT password,CONCAT('/mail/', maildir) AS userdb_home,
'5000' AS userdb_uid, '5000' AS userdb_gid, allow_nets,
concat('*:bytes=', quota) AS userdb_quota_rule
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
user_query = SELECT CONCAT('/mail/', maildir) AS home, 'maildir:~/' as mail,
'5000' AS uid, '5000' AS gid,
concat('*:bytes=', quota) AS quota_rule
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
#iterate_query = SELECT username AS user FROM mailbox
I'll check out the wiki pages.
Roger
Steffen Kaiser schreef op 28-11-2013 10:08:
Here is my dovecot -n: root@mail:/usr/local/etc/dovecot/conf.d # dovecot -n # 2.2.6: /usr/local/etc/dovecot/dovecot.conf
mail_location = maildir:~/
you should not use the home directory as base for mail storage, use ~/Maildir
passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql }
userdb { driver = prefetch } userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql }
I've been thinking about this and I want to put all system users in the database using the provided tools from postfixadmin and then sync the mail using imapsync.
OK, then all user data are in the SQL database.
In that case domain admins can handle their own mailboxes using postfixadmin. In that case I have all users as virtual users, but they have to be able to login with only their username. That means new users should login by using their complete emailaddress and old users as username or emailaddress. so: old user: info@domain1.com user: info can login as info or info@domain1.com old user: info@domain2.com user: info.ltd can login as info.ltd or info@domain2.com new user: info@domain3.com can login only as info@domain3.com if the new user tries to login as info he gets a password failure Is this possible an correct ?
configure your SQL query so, that info@domain1.com and info hits the same entry and that the username is overwritten (field "user", IMHO) to info@domain1.com. Then this user can login as info@domain1.com or info with the same password, internally Dovecot handles all mail as info@domain1.com only.
Do the same for all other users as appropriate.
One can craft the database like so:
one table with the user data of info@domain1.com, username, password a.s.o.
one table with alias names and foreign key of user data table
the select for passdb joins both tables
Search the list and wiki for such setup, e.g. http://wiki2.dovecot.org/PasswordDatabase?highlight=%28username%29
- -- Steffen Kaiser
Hmm.. I am googling around for about 4 hours now, but not getting anywhere. Can you point me in the right direction?
Thanks, Roger
participants (5)
-
Benny Pedersen
-
R. Berger
-
Roger
-
Roger Berger
-
Steffen Kaiser