problem dovecot+postfix+mysql+postfixamin+sasl2

Discussion in 'Server Operation' started by vanhels, Jun 15, 2013.

  1. vanhels

    vanhels New Member

    Good evening I have the following problem, configure dovecot + postfix + mysql + postfixamin + sasl2+courier-imap, could well set the imap folders connect with postfixamin accounts, but to send by smtp I have not been able to do, just send to the users of the system, my files configuration:

    1.- dovecot.conf (/etc/dovecot):
    ## Dovecot configuration file
    # Protocols we want to be serving.
    protocols = imap pop3 lmtp
    mail_location = mbox:~/mail:INBOX=/home/vmail/%u
    log_path=/var/log/dovecot.log

    dict {
    quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
    expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
    }

    # Most of the actual configuration gets included below. The filenames are
    # first sorted by their ASCII value and parsed in that order. The 00-prefixes
    # in filenames are intended to make it easier to understand the ordering.
    !include conf.d/*.conf

    2.- dovecot-sql.conf.ext (/etc/dovecot):

    driver = mysql
    connect = host=localhost dbname=postfixadmin user=postfix password=postfix
    default_pass_scheme = MD5-CRYPT
    password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home,concat('maildir:/home/vmail/', maildir) as userdb_mail, 502 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
    user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 502 AS uid, 12 AS gid, CONCAT('*:messages=10000:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active = '1'

    3.- auth-sql.conf.ext (/etc/dovecot/conf.d):

    # Authentication for SQL users. Included from auth.conf.
    # <doc/wiki/AuthDatabase.SQL.txt>

    passdb {
    driver = sql

    # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
    args = /etc/dovecot/dovecot-sql.conf.ext
    }

    userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf.ext
    }

    4.- 10-master.conf (/etc/dovecot/conf.d);

    #default_process_limit = 100
    #default_client_limit = 1000

    # Default VSZ (virtual memory size) limit for service processes. This is mainly
    # intended to catch and kill processes that leak memory before they eat up
    # everything.
    #default_vsz_limit = 256M

    # Login user is internally used by login processes. This is the most untrusted
    # user in Dovecot system. It shouldn't have access to anything at all.
    #default_login_user = dovenull

    # Internal user is used by unprivileged processes. It should be separate from
    # login user, so that login processes can't disturb other processes.
    #default_internal_user = dovecot

    service imap-login {
    inet_listener imap {
    #port = 143
    }
    inet_listener imaps {
    #port = 993
    #ssl = yes
    }

    # Number of connections to handle before starting a new process. Typically
    # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
    # is faster. <doc/wiki/LoginProcess.txt>
    #service_count = 1

    # Number of processes to always keep waiting for more connections.
    #process_min_avail = 0

    # If you set service_count=0, you probably need to grow this.
    #vsz_limit = 64M
    }

    service pop3-login {
    inet_listener pop3 {
    #port = 110
    }
    inet_listener pop3s {
    #port = 995
    #ssl = yes
    }
    }

    service lmtp {
    unix_listener lmtp {
    #mode = 0666
    }

    # Create inet listener only if you can't use the above UNIX socket
    #inet_listener lmtp {
    # Avoid making LMTP visible for the entire internet
    #address =
    #port =
    #}
    }

    service imap {
    # Most of the memory goes to mmap()ing files. You may need to increase this
    # limit if you have huge mailboxes.
    #vsz_limit = 256M

    # Max. number of IMAP processes (connections)
    #process_limit = 1024
    }

    service pop3 {
    # Max. number of POP3 processes (connections)
    #process_limit = 1024
    }

    service auth {
    # auth_socket_path points to this userdb socket by default. It's typically
    # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
    # permissions make it readable only by root, but you may need to relax these
    # permissions. Users that have access to this socket are able to get a list
    # of all usernames and get results of everyone's userdb lookups.
    unix_listener auth-userdb {
    mode = 0666
    user = vmail
    group = mail
    }

    # Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
    }

    # Auth process is run as this user.
    #user = $default_internal_user
    }

    service auth-worker {
    # Auth worker process is run as root by default, so that it can access
    # /etc/shadow. If this isn't necessary, the user should be changed to
    # $default_internal_user.
    #user = root
    }

    service dict {
    # If dict proxy is used, mail processes should have access to its socket.
    # For example: mode=0660, group=vmail and global mail_access_groups=vmail
    unix_listener dict {
    #mode = 0600
    #user = vmail
    #group = mail
    }
    }

    5.- smtp.conf (/etc/sasl2):

    pwcheck_method: auxprop
    mech_list: PLAIN LOGIN
    sql_engine: mysql
    sql_hostnames: localhost
    sql_user: postfix
    sql_passwd: postfix
    sql_database: postfixadmin
    sql_select: select password from mailbox where username = '%u@%r'
    log_level: 3

    6.- authdaemonrc (/etc/authlib):

    authmodulelistorig="authmysql authpam"
    daemons=5
    authdaemonvar=/var/spool/authdaemon
    DEBUG_LOGIN=0
    DEFAULTOPTIONS=""
    LOGGEROPTS=""

    7.- authmysqlrc (/etc/authlib):

    MYSQL_SERVER localhost
    MYSQL_USERNAME postfix
    MYSQL_PASSWORD postfix
    MYSQL_PORT 0
    MYSQL_OPT 0
    MYSQL_DATABASE postfixadmin
    MYSQL_USER_TABLE mailbox
    MYSQL_CRYPT_PWFIELD password
    MYSQL_UID_FIELD 502
    MYSQL_GID_FIELD 12
    MYSQL_LOGIN_FIELD username
    MYSQL_HOME_FIELD "/home/vmail"
    MYSQL_MAILDIR_FIELD concat('/home/vmail/', maildir)

    8.- main.cf (/etc/postfix);

    # Global Postfix configuration file. This file lists only a subset

    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    myhostname = mx.example.com
    mydomain = mx.example.com.local
    inet_protocols = all
    unknown_local_recipient_reject_code = 550
    relay_domains = mysql:/etc/postfix/relay.conf
    mailbox_command = /usr/bin/procmail

    # DEBUGGING CONTROL
    debug_peer_level = 2
    debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

    # INSTALL-TIME CONFIGURATION INFORMATION
    sendmail_path = /usr/sbin/sendmail.postfix

    # newaliases_path: The full pathname of the Postfix newaliases command.
    newaliases_path = /usr/bin/newaliases.postfix

    # mailq_path: The full pathname of the Postfix mailq command. This
    # is the Sendmail-compatible mail queue listing command.
    mailq_path = /usr/bin/mailq.postfix

    # setgid_group: The group for mail submission and queue management
    # commands. This must be a group name with a numerical group ID that
    # is not shared with other accounts, not even with the Postfix account.
    setgid_group = postdrop

    # html_directory: The location of the Postfix HTML documentation.
    html_directory = no

    # manpage_directory: The location of the Postfix on-line manual pages.
    manpage_directory = /usr/share/man

    # sample_directory: The location of the Postfix sample configuration files.
    # This parameter is obsolete as of Postfix 2.1.
    sample_directory = /usr/share/doc/postfix-2.6.6/samples

    # readme_directory: The location of the Postfix README files.
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES

    # virtual setup
    virtual_alias_maps = mysql:/etc/postfix/alias.conf,
    regexp:/etc/postfix/virtual_regexp
    virtual_mailbox_base = /home/vmail
    virtual_mailbox_domains = mysql:/etc/postfix/domains.conf
    virtual_mailbox_maps = mysql:/etc/postfix/mailbox.conf
    virtual_mailbox_limit_maps = mysql:/etc/postfix/quota.conf
    virtual_minimum_uid = 500
    virtual_uid_maps = static:502
    virtual_gid_maps = static:502
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1

    # Soporte para autenticar TLS
    smtpd_tls_security_level = may
    smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt

    # Las rutas deben corresponder a las del certificado y firma digital creados.
    smtpd_tls_key_file = /etc/pki/tls/private/smtp.key
    smtpd_tls_cert_file = /etc/pki/tls/certs/smtp.crt
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    # Soporte para autenticar a trav s de SASL.
    # smtpd_sasl_local_domain = # Solo como referencia.
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

    # Varios.
    smtpd_helo_required = yes
    unknown_local_recipient_reject_code = 550
    disable_vrfy_command = yes
    smtpd_data_restrictions = reject_unauth_pipelining

    Thansk you,

    Wilmer.
     
    vanhels, Jun 15, 2013
    #1

Share This Page