[Dovecot] Newbie question: configuration for virtual users

Tim Southerwood ts at doc.ic.ac.uk
Wed Jul 21 02:17:29 EEST 2004 

Hi

I've not done this but dovecot should be capable of doing what you want.

Try in dovecot.conf something like:

	default_mail_env = mbox:/home/example/Mail/%u

(assumes each user's INBOX is actually called INBOX, otherwise add the
:INBOX= option)

That sorts out the location bit - best to chroot the imap server process
and deny full filesystem access so they can't get to each other's mail.

That just leaves the authentication/userdb bit (shamelessly lifted from
docs)

	auth_userd = pgsql /etc/dovecot-pgsql.conf
	auth_passdb = pgsql /etc/dovecot-pgsql.conf

and in dovecot-pgsql.conf:
	connect = host=sql.example.com dbname=virtual user=virtual
		password=blarg	
 	user_query = SELECT home, 501 AS uid, 501 AS gid FROM users
		WHERE userid = '%u'
	password_query = SELECT password FROM users WHERE userid = '%u'
	default_pass_scheme = PLAIN

The user_query =  is pretty much just showing the username is valid or
not and forcing the UID/GID. You *could* store the location of the
mail directory as "home" the use mbox:%h instead - or in my example not
bother.

I'll offer some out of band advice - if your users are fairly static, I
would advise storing dovecot's user list and passwords in a flat file
which can be auto-generated from Postgres regularly. It just makes it
easier to take the database offline for maintenance without forcing
everything to a halt. Live DB driven services are good for sites with
high data turnover like portals or ISPs - giving an instant reposnse to
things like a new user registering - but sometimes it's more trouble
than it's worth.

We used to tie exim into postgres - but if postgres fell over for a
night we got a big pile of trouble in the form of mega mail queues.


Munge that lot to fit your server/table layouts etc and common UID/GID

You have the choice of holding the plain passwd, a PLAIN-MD5, DIGEST-MD5
or a crypt version in the database. However - choose wisely based on
what the mail clients will support - there's a lot of variation.
Sylpheed will do PLAIN or CRAM-MD5 only. You may find that despite the
obvious issues, PLAIN is the best to use as everything can use it. Or if
the user's already authenticate via some other mechanism, use that if
dovecot supports it.

Hope that helps.

Tim

On Tue, 20 Jul 2004 23:41:13 +0100
Rory Campbell-Lange <rory at campbell-lange.net> wrote:

> Hi!
> 
> I'm looking forward to deploying dovecot as an IMAP server. I did some
> research into the various options and it looks like dovecot is the
> right daemon for me. I'll be using it with Exim.
> 
> I am running a few tens of users on my server, most of them small
> numbers of people part of a small company, e.g. example.com.
> 
> At present I have exim delivering to mbox in each virtual user's mail
> folder. So, for chris, john and mandy @ example.com, I have
> 
>     /home/example/Mail/
>         chris
>         john
>         mandy
> 
> All of the users in example.com run under the same uid and gid
> (example). I like to separate these 'virtual' users from the real
> system users for security reasons. I presently serve up these mboxes
> via teapop, which allows for per-domain configuration. I couldn't find
> a similar setup after a cursory read of the config file examples on
> the dovecot website.
> 
> I'd like some advice on how to support different non-system users
> under dovecot, ideally storing mail in a similar configuration to
> above, except (presumably?) that the user files will be under each
> user name? Thus:
> 
>     /home/example/Mail/
>         chris/
>         john/
>         mandy/
> 
> I may use postgresql to store user configuration data if appropriate.
> 
> Advice gratefully received.
> Rory
> -- 
> Rory Campbell-Lange 
> <rory at campbell-lange.net>
> <www.campbell-lange.net>


-- 
Tim Southerwood

More information about the dovecot mailing list