Hi,
After a long struggle with OpenSMTPD and dovecot, I send what I have
managed to work, for seconding the suggestion to publish some working
configs. Here is my contribution
A) The MUA ( Thunderbird)
a) SMTP: port 587, a <submission-username>, normal password, STARTTLS
b) IMAP: port 143, <[email protected]>, SSL/TLS, normal password for virtuser,
but for system user the login name has to be only <user>
B) OpenSMTPD
The mail server listen on port submission only for users in
<submission.creds>. The usernames in this table are never used
elsewhere, except, of course, in the MUA.
cat submission.creds:
submission-username
$2a$06$wFyLTXxVQN/VNj7SajXz3ekJVSpY3XjBwj.o736xaf1lOe589KHEa
listen on egress port submission tls-require pki mon.domaine.fr auth
<submission.creds> hostname mon.domaine.fr
Here I use egress which is a nice OpenBSD abstraction for external
network interface(s).
What to do for mails whose rcpt-to's domain is in <domaines.locaux> and
rcpt-to's user is either in <virtual.aliases> or in <mes.utilisateurs> ?
accept for domain <domaines.locaux> alias <virtual.aliases> userbase
<mes.utilisateurs> deliver to mda
"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}"
A couple of warnings, here:
1)
don't use "virtual <virtual.aliases>" but "alias <virtual.aliases>".
After reading 4 times the man page, I don't unterstand the difference.
But for me "virtual <virtual.aliases> is broken.
With the same table which works with "alias" I have erratic results with
"virtual".
smtpd -dv -T lookup
gives
-----------------
lookup: lookup "[email protected]" as ALIAS in table
static:virtual.aliases -> 0
lookup: lookup "user" as ALIAS in table static:virtual.aliases -> 0
lookup: lookup "@mon.domaine.fr" as ALIAS in table
static:virtual.aliases -> 0
lookup: lookup "@" as ALIAS in table static:virtual.aliases -> 0
smtp-in: Failed command on session fd4bc2bef2645ea9: "RCPT
TO:<[email protected]>" => 550 Invalid recipient
-----------------
but with alias, it works
-----------------
lookup: lookup "user" as ALIAS in table static:virtual.aliases -> 0
lookup: lookup "user" as USERINFO in table static:mes.utilisateurs ->
"user:5000:5000:"
-----------------
2)Alias resolution is recursive
3) In the second part of alias file you HAVE to use a domain name. Not
doing so, the mails will arrive in the original rcpt-to mailbox
4) OpenSMTPD doesn't inform of the address translation in the headers of
the mail ( Postfix does do it).
Here is <domaines.locaux>
---------------
domaine.fr
*.domaine.fr
Here is <virtual.aliases>
---------------
apple [email protected]
# does change %{dest}
#apple pub doesn't change %{dest}
phil phili
phili [email protected]
gmail [email protected]
---------------
Here is <mes.utilisateurs>
---------
user1 5000:5000:
user2 5000:5000:
pub 5000:5000:
---------
A couple of remarks about this table.
a) The directory part is useless because I don't use OpenSMTPD's own
MDA, so I happily not have to put it in this file.
b) The uig:gid part is useless for the same reason, but is MANDATORY
c) Don't use [email protected]
C) OpenSMTPD --> Dovecot
deliver to mda "/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d
%{dest}"
I discovered that the the -a is not used by dovecot-lda. I struglled
hard to have %{dest} being the final recipient and not the original rcpt-to.
I don't use OpenSMTPD's own MDA for having only one software dealing
with mailboxes.
I don't use the LMTP way of transmission from OpenSMTPD to Dovecot
because OpenSMTPD use RCPT TO:<user> and not RCPT TO:<[email protected]>,
so dovecot can't distinguish between bob@domain1 and bob@domain2.
D) Dovecot
l) Listen
protocols = imap lmtp
service imap-login {
inet_listener imap {
address = localhost
port = 143
ssl = no (* for webmail *)
}
inet_listener imaps {
address = host.domaine.fr
port = 143 (* 993 deprecated *)
ssl = yes
}
}
a) In /etc/passwd
doveLDA:*:5000:5000:Facteur chargi de livrer le
courrier:/nonexistent:/sbin/nologin
b) ls -ld /var/mail/users
drwxr-xr-x 4 doveLDA doveLDA 512 Dec 3 03:18 /var/mail/users
Permission of auto-created directories will inherit from /var/mail/users
c) Auth
c-1) System users:
passdb {
driver = bsdauth
# args = username_format=%n REFUSED
}
This is the reason why system user have to login as <user> and not as
<user@domain>
c-2) Virt users:
passdb {
driver = passwd-file
args = username_format=%n /etc/dovecot/passwd
}
Only <user> from login <user@domain> is used to check the password ( NOT
VERY CONSUSTENT, I acknowledge!)
d) mailboxes
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_home=/var/mail/users/%d/%n # will be overriden by value from
/etc/passwd for system users
mail_location = maildir:/var/mail/users/system/%n/Maildir # will be
overriden from userdb for system users
userdb {
driver = static
args = uid=5000 gid=5000 mail=mdbox:~/mdbox allow_all_users=yes
}
e) Debugging
e-1) All dovecot sub-routines can be used stand alone, make debugging easy
e-2)
#auth_verbose = yes
#auth_verbose_passwords = plain
#auth_debug_passwords = yes
mail_debug=yes
deliver_log_format = msgid=%m: %$ From: %f Subject: %s
TO-DO
1) listen on egress port smtp
5) MX
4) Roundcubemail
2) Mailbox migration
3) User guide
Ph. Le.
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
