Виртуальные пользователи Dovecot не могут отправлять / получать почту
Несколько дней назад я запустил Dovecot + Postfix вместе с Squirrelmail. Вскоре мне надоела «Почта за орехи», и я перешел на RainLoop. Однако, похоже, он работает нормально, только с буквальными пользователями. Виртуальные пользователи могут войти, но не может отправлять ИЛИ получать почту. Я огляделась, но ничего не могу понять. В одном сообщении указывалось, что это было вызвано тем, что в конфигурации Postfix имелись пункты назначения, отличные от "localhost", но у меня все еще была та же проблема.
Я думаю, что я создал все необходимые учетные записи. UserDB находится под учетной записью vmail.
Postfix (main.cf): # См. /Usr/share/postfix/main.cf.dist для получения более полной версии с комментариями
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = server1.endev.xyz
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
relayhost = </code>
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
mailbox_command =
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = encrypt
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Dovecot (dovecot.conf):
## Dovecot configuration file
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace "
# Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Name of this instance. In multi-instance setup doveadm and other commands
# can use -i <instance_name> to select which instance is used (an alternative
# to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output.
#instance_name = dovecot
# Greeting message for clients.
#login_greeting = Dovecot ready.
# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =
# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ
##
## Dictionary server settings
##
# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
# CUSTOM CONFIG #
# Enabled Protocols
protocols = pop3 imap
pop3_uidl_format = %08Xu%08Xv
# Plugins
mail_plugins = $mail_plugins quota
# IMAP Protocol
protocol imap {
listen = *:143
ssl_listen = *:993
imap_client_workarounds = tb-extra-mailbox-sep
mail_plugins = $mail_plugins imap_quota
}
# POP3 Protocol
protocol pop3 {
listen = *:110
ssl_listen = *:995
}
plugin {
quota = maildir
}
# SSL
ssl = yes
ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
# logs
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
# Authentication configuration:
auth_verbose = yes
auth_mechanisms = plain
passdb {
driver = passwd-file
args = scheme=plain-md5 username_format=%n /home/vmail/dovedb
}
userdb {
driver = passwd-file
args = username_format=%n /home/vmail/dovedb
default_fields = uid=vmail gid=vmail home=/home/vmail/%u
}
protocol lda {
postmaster_address = postmaster@endev.xyz
}
Команды Dovecot также, похоже, указывают на то, что некоторые настройки, такие как ssl_cert_file и ssl_key_file устарели, однако, когда я заменил их новыми настройками, RainLoop не аутентифицировался. Я все равно подумываю о переходе на RoundCube, но все еще не понимаю, что произошло.
VirtualUserDB (dovedb):
oct:{SSHA}*removed*::::::userdb_quota_rule=*:storage=128M
pf:{SSHA}*removed*::::::userdb_quota_rule=*:storage=128M
0
задан octacian
18 August 2016 в 06:35
Ссылка
1 ответ
I have got it to work using RoundCube 1.2.2 using the following:
Create a self-signed SSL certificate and place it in:
smtpd_tls_cert_file=/etc/ssl/dovecot.crt smtpd_tls_key_file=/etc/ssl/dovecot.keyIn addition, the vmail user/group numbers are 5000 (
virtual_uid_mapsandvirtual_gid_maps)Create a file
/etc/postfix/vhostsand there enter each domain name you have on separate lines, i.e.:domain1.com domain2.com domain3.org com.netCreate a file
/etc/postfix/virtualand there place your virtual users and domains on separate lines, i.e.: (hidden) (hidden) @domain2.com (hidden) @domain3.org (hidden) @dom.net (hidden)- In the
main.cfbelow, replace the"FQDN"below with your own server's FQDN.
- In the
The contents of /etc/postfix/main.cf:
home_mailbox = Maildir/
mailbox_command =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_cert_file=/etc/ssl/dovecot.crt
smtpd_tls_key_file=/etc/ssl/dovecot.key
smtpd_use_tls=yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = "FQDN"
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = "FQDN", mercury, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
queue_directory = /var/spool/postfix
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_cert_file = /etc/ssl/dovecot.crt
smtp_tls_key_file = /etc/ssl/dovecot.key
smtp_use_tls = yes
The /etc/postfix/master.cf contents are:
smtp inet n - - - - smtpd
-o content_filter=spamassassin
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=hash:/etc/postfix/virtual
-o smtpd_sender_restrictions=reject_sender_login_mismatch
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Create a file /etc/dovecot/users and place there the virtual user and password on separate lines, i.e:
info@domain1.com:$1$eOnO.zN.$ZleCa/AeffpJaUs7U9uf9/:5000:5000::/var/vmail/domain1.com/info/::
info@domain2.com:$1$eOnO.zN.$ZleCa/AeffpJaUs7U9uf9/:5000:5000::/var/vmail/domain2.com/info/::
info@domain3.org:$1$eOnO.zN.$ZleCa/AeffpJaUs7U9uf9/:5000:5000::/var/vmail/domain3.org/info/::
info@dom.net:$1$eOnO.zN.$ZleCa/AeffpJaUs7U9uf9/:5000:5000::/var/vmail/dom.net/info/::
Where $1$eOnO.zN.$ZleCa/AeffpJaUs7U9uf9/ is the results of running mkpasswd --hash=md5 password
Hint: you can create this script to run and create users (script name dovecot-adduser`):
echo "$username@$domain:`mkpasswd --hash=md5 $2`:5000:5000::/home/vmail/$domain/$username/::" >> /etc/dovecot/users
# create the maildir directory structure
/usr/bin/maildirmake.dovecot /var/vmail/$domain/$username/mail 5000:5000
chown -R vmail:vmail /home/vmail/$domain
# add the user to the Postfix virtual map file
echo $1 $domain/$username/ >> /etc/postfix/vmaps
postmap /etc/postfix/vmaps
postfix reload
and then run dovecot-adduser username password
The contents of /etc/dovecot/dovecot.conf are:
!include_try /usr/share/dovecot/protocols.d/*.protocol
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf
base_dir = /var/run/dovecot/
protocols = imap pop3
ssl = no
ssl_cert = /etc/ssl/dovecot.crt
ssl_key = /etc/ssl/dovecot.key
ssl_parameters_regenerate = 24hours
log_path = /var/log/dovecot
info_log_path = /var/log/dovecot.info
verbose_ssl = yes
valid_chroot_dirs = /home/vmail/
auth_mechanisms = plain
auth_verbose = yes
pop3_uidl_format = %g
mail_location = maildir:~/
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/%n
# 'domain' below is domain.tld
# %u - user - full name user@domain
# %n - username - user part in user@domain
# %d - domain - domain part in user@domain
}
Also, not sure if that can be included in the dovecot.conf or not, but I have the following in /etc/dovecot/conf.d/auth-passwdfile.conf.ext:
passdb {
driver = passwd-file
args = scheme=PLAIN username_format=%u /etc/dovecot/users
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/%n
}
I hope I did not miss anything. Restart dovecot and postfix, and give it a try. I have noticed that when I login for the first time for a new user, it will fail at first. I refresh and try again and it works. I suspect it happens because the first time it does not have the Maildir directory structure and it creates it, and on the second try it has no issues.
0