Minimal mail server based on Postfix and Dovecot. Part 1: Dovecot

1. Support any number of domains and users.
2. Serve users who are not tied to local accounts.
3. Provide access to mailboxes via POP3, IMAP with TLS support.
4. Provide sending and receiving emails using SMTP protocol with TLS support.

Mail system structure

Classic mail system Postfix, Dovecot have access to the list of users and work in parallel, sharing access to user mailboxes.	Simplified Mail System Dovecot is a "backend" for access to user mailboxes. With this approach, the location of the mailboxes, the list of users, is known only to Dovecot. It is this approach that we will use to achieve our goal.

1. Performance. Postfix has access to mailboxes and can deliver mail directly to the user faster and easier than in the second case.
2. The independence of the parts of the system from each other. In case of disconnection of Dovecot, Postfix will continue its main function - to receive letters.

1. The format of the mailboxes should be clear to both programs.
2. It is necessary to synchronize access to mailboxes.
3. Security. Additional authority is required for Postfix. Postfix must have direct access to mailboxes and a list of users.
4. The setup and maintenance is a little more complicated.

Docot

1. Let's create a user “vmail” to store mail, without “shell” access, but with the home folder “/ home / vmail”.
   
   
2. Set up authentication.
   

   auth_mechanisms = plain login 

   (login is the same plain, but for Outlook)
   

   mail_gid = vmail
   mail_uid = vmail

   Restriction of password transmission only after establishing a TLS connection is performed by default in Dovecot and does not require additional settings. Since we will use TLS, we do not need any other authentication mechanisms, only PLAIN. A self-signed certificate, in CentOS, is created when Dovecot is installed in the folder, / etc / pki / dovecot / certs /, we will use it for now to configure TLS.
   I want to draw your attention to one important point. It is necessary to distinguish the authentication mechanism from the method of storing authentication data. Although these two concepts may be called the same, they are two different things. Details here and here .
   
   
3. Set up where we will store user mailboxes.
   For each virtual user, set the home folder in the format - / home / vmail / domain / username,
   

   mail_home = /home/vmail/%d/%n

   and the location of mail in the home folder - / home / vmail / domain / username / Maildir,

   mail_location = maildir:~/Maildir

   The format of Maildir mailboxes is chosen to simplify the transition to the classical system, if necessary, because Postfix supports Maildir. But if you do not plan to return to the classical system, you can choose any mailbox format supported by Dovecot .
   
   
4. The following two directives specify where and how Dovecot will look up user names and passwords.
   

   userdb {
       args = username_format=%u /etc/dovecot/users
       driver = passwd-file
     }
   passdb {
       args = scheme=ssha512 username_format=%u /etc/dovecot/users
       driver = passwd-file
   }

   We used the file, / etc / dovecot / users, which has the format of the standard password file / etc / passwd.
   Example password file (password is truncated):
   

   user1@example1.com:{SSHA512}2YT51xuhilbvb4vYRIb1oj1EvrKFszhf2MNw=::::::
   user3@example3.com:{SSHA512}GdBv9GEE1rfFpd4+fzXS+UKh4x6gTpTaH4=::::::

   For security, we do not store user passwords in clear text, but store their salted SHA512. To fill in the file “/ etc / dovecot / users”, we will use this script with two parameters, username and password of the user.

   #!/bin/sh
   echo $1:$(doveadm pw -s ssha512 -p $2):::::: >> /etc/dovecot/users

   
   
5. Set up services for communication with Postfix.
   To search for usernames and SASL authentication.
   

   service auth {
     unix_listener /var/spool/postfix/private/auth {
       group = postfix
       mode = 0660
       user = postfix
     }
     unix_listener auth-userdb {
       mode = 0600
       user = vmail
     }
   }

   To access user mailboxes.
   

   service lmtp {
     unix_listener /var/spool/postfix/private/dovecot-lmtp {
       group = postfix
       mode = 0600
       user = postfix
     }
     user = vmail
   }
   protocol lmtp {
     postmaster_address = postmaster@example1.ru
   }

   You can read in more detail: here about LMTP , here about LMTP and Postfix , and here about SASL .
   

# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-504.16.2.el6.x86_64 x86_64 CentOS release 6.6 (Final)
auth_mechanisms = plain login
mail_gid = vmail
mail_home = /home/vmail/%d/%n
mail_location = maildir:~/Maildir
mail_uid = vmail
mbox_write_locks = fcntl
passdb {
  args = scheme=ssha512 username_format=%u /etc/dovecot/users
  driver = passwd-file
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
  user = vmail
}
ssl_cert =