Minimal mail server based on Postfix and Dovecot. Part 1: Dovecot

1. Maintain any number of domains and users.
2. Serve users who are not tied to local accounts.
3. Provide access to mailboxes via POP3, IMAP protocols with TLS support.
4. To provide sending and reception of letters via SMTP protocol with TLS support.

The structure of the postal system

Classic mail system Postfix, Dovecot have access to the list of users and work in parallel, sharing access to user mailboxes.	Simplified Mail System Dovecot is a “backend” for accessing user mailboxes. With this approach, the location of the mailboxes, the list of users, is known only to Dovecot. This is the approach we will use to achieve our goal.

1. Performance. Postfix has access to mailboxes and can be faster and easier than in the second case, to deliver mail directly to the user.
2. Independence of system parts from each other. In case Dovecot is disabled, Postfix will continue its main function - to receive letters.

1. Mailbox format should be understandable to both programs.
2. It is necessary to synchronize access to mailboxes.
3. Security. Additional permissions are required for Postfix. Postfix should have direct access to mailboxes and the list of users.
4. Setup and maintenance is a bit more complicated.

Dovecot

1. Create a user "vmail" to store mail, without the "shell" of access, but with the home folder "/ home / vmail".
   
   
2. Configure authentication.
   

   auth_mechanisms = plain login 

   (login is the same plain but for Outlook)
   

    mail_gid = vmail mail_uid = vmail 

   Restricting the transfer of a password only after establishing a TLS connection is performed in Dovecot by default and does not require additional settings. Since we will use TLS, we do not need any other authentication mechanisms, only PLAIN. The self-signed certificate, in CentOS, is created when Dovecot is installed in the / etc / pki / dovecot / certs / folder, we will use it for now to configure TLS.
   I want to draw your attention to one important point. It is necessary to distinguish the authentication mechanism from the method of storing the authentication data. Although these two concepts may be called the same, they are two different things. Details here and here .
   
   
3. Set up where we will store user mailboxes.
   For each virtual user, set the home folder in the format - / home / vmail / domain / username,
   

    mail_home = /home/vmail/%d/%n 

   and the location of mail in the home folder is / home / vmail / domain / username / Maildir,

    mail_location = maildir:~/Maildir 

   Maildir format Maildir is chosen to simplify the transition to the classical system, if necessary, because Postfix supports Maildir. But if you do not plan to return to the classic system, you can choose any mailbox format supported by Dovecot .
   ')
   
4. The following two directives specify where and how Dovecot will look for user names and passwords.
   

    userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } passdb { args = scheme=ssha512 username_format=%u /etc/dovecot/users driver = passwd-file } 

   We used the file / etc / dovecot / users, which has the format of a standard password file / etc / passwd.
   Sample password file (password cut off):
   

    user1@example1.com:{SSHA512}2YT51xuhilbvb4vYRIb1oj1EvrKFszhf2MNw=:::::: user3@example3.com:{SSHA512}GdBv9GEE1rfFpd4+fzXS+UKh4x6gTpTaH4=:::::: 

   For security, we do not store user passwords in clear text, but store their salted SHA512. To fill in the file "/ etc / dovecot / users", we will use this script with two parameters, username and user password.

    #!/bin/sh echo $1:$(doveadm pw -s ssha512 -p $2):::::: >> /etc/dovecot/users 

   
   
5. Let's configure services for communication with Postfix.
   To search for usernames and SASL authentication.
   

    service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } } 

   For access to user mailboxes.
   

    service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } protocol lmtp { postmaster_address = postmaster@example1.ru } 

   You can read in more detail: here about LMTP , here about LMTP and Postfix , and here about SASL .
   

 # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.16.2.el6.x86_64 x86_64 CentOS release 6.6 (Final) auth_mechanisms = plain login mail_gid = vmail mail_home = /home/vmail/%d/%n mail_location = maildir:~/Maildir mail_uid = vmail mbox_write_locks = fcntl passdb { args = scheme=ssha512 username_format=%u /etc/dovecot/users driver = passwd-file } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } protocol lmtp { postmaster_address = postmaster@example.com }