[Dovecot] some basic questions

alan premselaar alien at 12inch.com
Thu Jun 29 04:21:37 EEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



David wrote:
> I'm seeking a small IMAP server, and dovecat was recommended by those
> more savvy than me. (The sign on my monitor is "My programming language
> is solder..") so I'll be getting help to deploy this, but first...
> 
> I've read through the wiki docs but still have questions, ones likely
> too obvious for most readers....
> 
> There will be <100 users, the platform will Debian, and I need IMAP/PO
> over SSL/TSL and locally-hosted Squirrelmail [unless someone has a
> better webmail client...]. Other boxes here run postfix, so that is a
> first choice.

I don't use postfix, but I have basically the same setup using dovecot.

> 
> Clients will be Eudora, maybe TBird/Apple mail; no M$ Outlook.
> 
> A) I need multi-domain support, with <joe at xyz.com> and <joy at qbc.net>
> being separate users.

although I personally don't do this (for lack of need, really), it
should be doable.  You'll want to make sure that whatever back-end
you're using for postfix to support multi-domains is configured
appropriately for dovecot as well. (for example, if you're using LDAP or
MySQL backend for virtual user support in postfix, you'll want to use
the same for dovecot)  someone with more experience in this should
probably offer more details.

> B) I have a problem with storage-abusers & really want the carrot-stick
> quota system my favorite ISP, Panix, has. You get N bytes {or messages,
> I can live with either/both} and when you get near, you get nagged until
> you solve it.

I personally use filesystem quotas.  with this, if the user goes over
quota they are no longer able to receive email.  my current setup will
permfail incoming mail if the system is unable to store it with an error
stating "user over quota."  this is my preference.

I also wrote a custom script (which is basically just like warnquota,
only supports Japanese text) to run twice daily to check users' quota
usage and send them email if they're over their soft limit.  users over
the hard limit or beyond the grace period no longer receive mail and
thus don't get those nagging emails either.  the script also sends a
summary report to my sysadmin account.

(this specifically has nothing to do with dovecot or any other IMAP/POP
server however)

> 
> When you exceed quota, you get no more incoming mail, just nagging. It's
> shunted aside until you make room. After D days, if it's still there,
> the shunted mail is returned.

if you use dovecot LDA (deliver) then this is the default (possibly
non-configurable) behavior.  deliver returns a TEMPFAIL if it cannot
write the new mail to user's storage device.  this is at least the case
for filesytem quotas.  if you're going to have strictly virtual users,
you'll need to use something like maildir quotas which may have
different behavior.

> 
> Regular reports as to who's naughty and nice would be great.
> 

you'll likely need to write your own script(s) to do this, depending on
how you implement quotas.  this specifically has nothing to do with the
IMAP/POP server however.

> C) Password changes. How can I have user-changable pw's, with
> crack/sanity checking of the new ones? Do I have to have accessible
> shell accounts on the box for each user? [argh]

To my knowledge, dovecot (or rather, most IMAP/POP servers) does not
handle password change requests. I know that early versions of Eudora
had a "Change Password" option, I'm not sure if that's still there but
that option is not common in modern email clients.

You'll need to choose your user management tools properly according to
your needs. (i.e. do you use LDAP or MySQL for your backend database?
what types of management tools are provided with each? will you have to
provide your own tools? etc)

> 
> D) Spam: assume I can run spam-assassin and have it move suspected mail
> into a Junque mailbox; true?

this only applies to dovecot if you're using dovecot-LDA (deliver) as
your local delivery agent. and only if you're using its sieve support to
do server-side pre-processing of your mail.  Otherwise, this is specific
to your MTA/LDA

> 
> E) Non-guru creation/deletion of accounts: It appears from "Virtual
> Users" that this is possible via a text file, but I'm not sure...

you can use a passwd style text file as your authentication backend with
dovecot, but the question is will your MTA (postfix?) support that for
accepting mail?  probably not.  so you'll need to look at other common
options (such as LDAP or MySQL) and what tools they provide for user
management.

if you create system "real" users, you could use this passwd style text
file solely for IMAP/POP authentication.  by doing this you could
prevent shell logins by having completely different passwords (or
possibly just having the real account disabled while allowing
authentication for IMAP/POP access separately)

It's not the cleanest solutions, but I personally just create real user
accounts on my system (i don't have the need to distinguish by domains
however) with a shell that prevents logins but allows IMAP/POP
connections.  I then use a plugin to squirrelmail to allow the users to
change their passwords.  As stated before, i use filesystem quotas and
some custom scripts for reporting/nagging.

HTH

Alan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEoyshE2gsBSKjZHQRAjsLAJ4qVDR56asT5oS+L4typ5tH7pgv+QCg5OVj
qVyUsxMOZ1HI9bAQU2yECpE=
=9xws
-----END PGP SIGNATURE-----


More information about the dovecot mailing list