This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.

Dovecot virtual users

An exercise in mailrouting by F. Overkamp < florian@obsimref.com >

Preamble

I wanted to use Dovecot to deal with mailboxes that may belong to accounts that may or may not exist as a unix user. I also required a large amount of flexibility in migration options - so mail-accounts may have any number of formats and daemons. I am doing distribution of these users by using Perdition, but thats just a preference.

A few assumptions were made in this setup:

Desired results

The result I was looking for was this:

Mail for the domain comes in. If it has a dovecot mailbox, deliver it there. If not, continue with 'normal' local delivery.

Making dovecot use these mailboxes

auth default {
  userdb static {
    args = uid=vmail gid=vmail home=/home/dovecot/users/%u
  }
  passdb passwd-file {
    args = /home/dovecot/passwd
  }
}

The password file should not contain plain-text passwords, but rather the checksums for the desired authentication method. Add a second args line if you need more authentication methods.

By the way, I did not bother making another set of configs to deal with non-virtual users - I use perdition for that in my migration scenario.

Making exim 3 deliver to those virtual users

# Director to send any mail for who a dovecot user exists to the appropriate maildir box
# Directors are evaluated in order of configuration, so if you place this
# above the local_delivery director this will play nice:
# If there is a virtual user in the dovecot dirs it will use that
# If not, it will try normal local delivery
# If you want to allow + addressing (ie having an address extension)
# then uncomment the suffix stanzas
dovecot:
  driver = smartuser
  #suffix = +*
  #suffix_optional
  require_files = +/home/dovecot/users/${local_part}/
  transport = dovecot_transport

# Transport to send any mail for who a dovecot user exists to the appropriate maildir box
# Transports definitions are not order dependant - you just call a named transport
dovecot_transport:
  driver = appendfile
  user = vmail
  group = vmail
  mode = 0600
  directory=/home/dovecot/users/${lc:$local_part}/
  maildir_format = true
  mode_fail_narrower = false
  envelope_to_add = true
  return_path_add = true

In order to make this work, exim must be able to read the /home/dovecot/users/ directory, otherwise delivery will not work.

Making exim 4 deliver to those virtual users

If at all possible you should use exim 4 in place of the obsolete exim 3. Exim 4 has many more features to enable fine control of mail policy. Packages are available for all current linux distributions and other OS platforms.

# Router to send any mail for who a dovecot user exists to the appropriate maildir box
# Routers are evaluated in order of configuration.
# You will want to place this after the remote router and before the
# localuser router in the default configuration.
# If you want to allow + addressing (ie having an address extension)
# then uncomment the suffix stanzas
dovecot_router:
  driver = accept
  #local_part_suffix = +*
  #local_part_suffix_optional
  require_files = +/home/dovecot/users/${local_part}/
  transport = dovecot_transport

# Transport to send any mail for who a dovecot user exists to the appropriate maildir box
# Transports definitions are not order dependant - you just call a named transport
dovecot_transport:
  driver = appendfile
  user = vmail
  group = vmail
  mode = 0600
  directory=/home/dovecot/users/${lc:$local_part}/
  maildir_format = true
  mode_fail_narrower = false
  envelope_to_add = true
  return_path_add = true

In order to make this work, exim must be able to read the /home/dovecot/users/ directory, otherwise delivery will not work.

Exim4 on Debian

Using the exim4 package on Debian the configuration changes need to be applied to the /router/ and /transport/ directories inside /etc/exim4/conf.d/ (by default). This only applies in split-configuration mode. In single-file configuration, the chanegs must be applied at the aproperiate points. I created new files in each with a similar numbering scheme as the current ones. The numbers determine the order in which these get added to the main configuration file.

After the changes are made, you will need to run (as root) the invoke-rc.d exim4 restart command and the file will be regenerated. (You will have to pass a -r argument or else it will spit out an error message telling you to read the man page - THIS IS DANGEROUS as it overwrites your entire configuration - so if you haven't been using Debian's scripts to maintain your configuration files, don't use this command!)

Testing your exim configuration

Be carefull how you do this - test it with 'exim -bt <address>' for a few different options

frops@host
  deliver to frops in domain host
  director = dovecot, transport = dovecot_transport

florian@host
  deliver to florian in domain host
  director = procmail, transport = procmail_pipe

Further Issues

It is possible to extend this configuration to make exim use the same database for SMTP authentication, although it is slightly difficult due to the different password hashing schemes. If you keep the password database file in PLAIN format then it can be done relatively easily.

Security considerations

Need evaluation and recommendations.


HowTo/VirtualhostingWithExim (last edited 2009-09-10 05:28:16 by vvma)