Simple Virtual User Installation
Virtual users configured in passwd authentication database.
Assuming an unmodified Dovecot v2.x installation.
Assuming you're not using NFS. See NFS for problems related to it.
System Configuration
Create
dovecot
anddovenull
users and groups if they don't exist yet. These are unprivileged users for Dovecot's internal use. They don't need a home directory or a shell.Create
vmail
user andvmail
group. This is the user/group that's used to access the mails.Create
/home/vmail
directory owned byvmail:vmail
. The mails for all users are stored under this directory.Create
/var/log/dovecot.log
and/var/log/dovecot-info.log
files owned byvmail:vmail
, so that LDA can write to them.
dovecot.conf
Below is a fully working dovecot.conf
file. You can use it directly, but it might be better to instead use as a guide to alter your current configuration.
If you want to configure SSL, see SSL.
protocols = imap pop3
# It's nice to have separate log files for Dovecot. You could do this
# by changing syslog configuration also, but this is easier.
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
# Disable SSL for now.
ssl = no
auth_allow_cleartext = yes
# We're using Maildir format
mail_driver = maildir
mail_path = ~/Maildir
# If you're using POP3, you'll need this:
pop3_uidl_format = %{guid}
# Authentication configuration:
auth_verbose = yes
auth_mechanisms = plain
passdb passwd-file {
passwd_file_path = /etc/dovecot/passwd
}
userdb static {
fields {
uid = vmail
gid = vmail
home = /home/vmail/%{user}
}
}
/etc/dovecot/passwd
See passwd-file authentication database for the full file format.
Here we're interested only having usernames and passwords in it:
test:{PLAIN}pass::::::
bill:{PLAIN}secret::::::
timo@example.com:{PLAIN}hello123::::::
dave@example.com:{PLAIN}world234::::::
joe@elsewhere.org:{PLAIN}whee::::::
jane@elsewhere.org:{PLAIN}mypass::::::
As you can see, you can use multiple domains in the file, or no domains at all. Dovecot doesn't care about domains.
The extra colons are needed for passwd-file authentication database format, and can be omitted if you are using the static user database in the example above.
Users can be added by editing this file. Dovecot automatically notices the new users immediately after they're added. It also creates their home directories when the user logs in.
Passwords
The passwords in the example passwd file are listed using cleartext scheme.
It's possible to use other password schemes as well. For example, sha256-crypt would be a pretty strong scheme.
You can create them using doveadm pw
utility, for example:
doveadm pw -s sha256-crypt
Enter new password: foo
Retype new password: foo
{SHA256-CRYPT}$5$88T/Emz.AbSmbz5C$D3GLxhvDffdN1ldpKkulh2fHyUNzvojIjiVbTovPdyC
Note that you won't get the same output after {SSHA256}
as above, because Dovecot uses random salts when creating the SSHA256 hash. This means that even if multiple users have the same password, you won't know that because their hashes are different.
The passwd file entry would be:
{SHA256-CRYPT}$5$88T/Emz.AbSmbz5C$D3GLxhvDffdN1ldpKkulh2fHyUNzvojIjiVbTovPdyC
Joe would now have "foo" as his password.
SMTP Server Configuration
Delivering Mails
You can configure the SMTP server to deliver mails internally, or you can use LDA. Using dovecot-lda gives you better performance because it updates Dovecot's index files while saving the mails.
See LDA for configuration information.
Alternatively, you can also use LMTP Server.
In config you should have:
protocol lda {
postmaster_address = postmaster@example.com
}
SMTP AUTH
If you're using one of these MTAs, you can use Dovecot SASL to authenticate SMTP.
Quota
If you need to have quota, add this to dovecot.conf
:
mail_plugins {
quota = yes
}
protocol imap {
mail_plugins {
imap_quota = yes
}
}
quota User {
}
Then configure quota by adding userdb_quota_storage_size
userdb: Extra Fields /etc/dovecot/passwd
, for example:
joe:{PLAIN}pass::::::userdb_quota_storage_size=100M
jane:{PLAIN}pass::::::userdb_quota_storage_size=200M
Joe has now 100MB quota and Jane has 200MB quota.