Simple yet functional dovecot+postfix

9 years ago · 47272df96b
parent 508c741ffa
commit 47272df96b
24 changed files with 195 additions and 278 deletions
--- a/10
+++ b/10
@ -3,12 +3,18 @@ FROM debian:jessie
 RUN export DEBIAN_FRONTEND=noninteractive \
 && apt-get update \
 && apt-get install -y --no-install-recommends \
-      postfix dovecot-imapd dovecot-sqlite \
+      postfix dovecot-imapd dovecot-sqlite dovecot-lmtpd \
      dovecot-sieve dovecot-managesieved \
      dovecot-antispam spamassassin clamav \
-      supervisor \
+      supervisor rsyslog \
 && apt-get clean
 # When installed non-interactively, the file does not get copied to the
 # postfix chroot, thus causing smtpd to fail.
 RUN cp /etc/services /var/spool/postfix/etc/
 ADD config /etc/
 # Explicitely specify the configuration file to avoid problems when
 # the default configuration path changes.
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
--- a/README.md
+++ b/README.md
@ -21,22 +21,15 @@ Architecture
 The mail infrastructure is based on a standard MTA-LDA :
- * Postfix with an SQL database for transport ;
+ * Postfix with an SQLite database for transport ;
- * Dovecot with an SQL database for delivery and access ;
+ * Dovecot with an SQLite database for delivery and access ;
 * Spamassassin for spam filtering ;
 * ClamAV for malware filtering.
 Additional Web UI :
 * Roundcube Webmail (can easily be replaced) ;
- * Administration UI based on Flask an VMM.
+ * Administration UI based on Flask.
 The administration UI does not interact with the database directly but with
 VMM instead, which has a great API and already implements most features while
 providing solid configuration files for Postfix and Dovecot.
 Only authentication and authorization is managed directly by the Web
 administration UI.
 All components are monitored by supervisord.
@ -47,10 +40,10 @@ The project is still at a very (very !) early stage.
 This is more of a roadmap than a proper TODO list. Please poke me or pull
 request if you would like to join the effort.
- - [ ] Import vmm configuration files and tune them to support spamassassin and clamav.
+ - [x] Import vmm configuration files and get a simple postfix/dovecot running with SQLite.
- - [ ] Run a mail container with a simple  vmm command line.
+ - [ ] Add support for spamassassin.
 - [ ] Add support for clamav.
 - [ ] Draft a Web administration UI.
 - [ ] Implement basic features from the free (as in beer) poste.io.
 - [ ] Start using on a couple production mail servers.
 - [ ] Find a proper way to maintain vmm without forking.
 - [ ] Implement some fancy features.
--- a/config/dovecot/conf.d/10-auth.conf
+++ b/config/dovecot/conf.d/10-auth.conf
@ -1,13 +0,0 @@
 auth_mechanisms = plain login cram-md5
 passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
 }
 userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
 }
 #!include auth-system.conf.ext
--- a/config/dovecot/conf.d/10-mail.conf
+++ b/config/dovecot/conf.d/10-mail.conf
@ -1,6 +0,0 @@
 # mailbox configuration
 first_valid_gid = 70000
 first_valid_uid = 70000
 mail_access_groups = mail
 mail_location = maildir:~/Maildir
--- a/config/dovecot/conf.d/10-master.conf
+++ b/config/dovecot/conf.d/10-master.conf
@ -1,43 +0,0 @@
 service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
  }
 }
 service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    user = postfix
    group = postfix
    mode = 0600
  }
 }
 service auth {
  user = doveauth
  unix_listener auth-userdb {
  }
  unix_listener /var/spool/postfix/private/dovecot-auth {
    user = postfix
    group = postfix
    mode = 0600
  }
 }
 service auth-worker {
  unix_listener auth-worker {
    user = mail
    group = $default_internal_user
    mode = 0660
  }
  user = mail
 }
 service dict {
  unix_listener dict {
    group = mail
    mode = 0660
  }
 }
--- a/config/dovecot/conf.d/10-ssl.conf
+++ b/config/dovecot/conf.d/10-ssl.conf
@ -1,4 +0,0 @@
 # SSL/TLS support
 ssl = yes
 ssl_cert = </etc/ssl/cert.pem
 ssl_key = </etc/ssl/key.pem
--- a/config/dovecot/conf.d/15-lda.conf
+++ b/config/dovecot/conf.d/15-lda.conf
@ -1,6 +0,0 @@
 # delivery configuration
 postmaster_address = admin@domain.tld
 recipient_delimiter = +
 protocol lda {
 }
--- a/config/dovecot/conf.d/20-imap.conf
+++ b/config/dovecot/conf.d/20-imap.conf
@ -1,3 +0,0 @@
 # mail browsing
 protocol imap {
 }
--- a/config/dovecot/conf.d/20-lmtp.conf
+++ b/config/dovecot/conf.d/20-lmtp.conf
@ -1,3 +0,0 @@
 # mail delivery
 protocol lmtp {
 }
--- a/config/dovecot/dovecot-sql.conf.ext
+++ b/config/dovecot/dovecot-sql.conf.ext
@ -1,18 +1,10 @@
-driver = pgsql
+driver = sqlite
-connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
+connect = /data/freeposte.db
 # Return the user hashed password
 password_query = \
- SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls
+ SELECT password FROM users, domains WHERE username = '%n' AND domain = '%d'
-# uncomment this user_query if you want to use the quota plugin
+# Mostly get the user quota
-#user_query = \
+user_query = \
-# SELECT home, uid, gid, mail, quota_rule FROM dovecotquotauser('%Ln', '%Ld')
+ SELECT '*:bytes=' || quota_bytes AS quota_rule FROM users WHERE username = '%n' AND domain = '%d'
 # otherwise uncomment the following user_query
 #user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')
 iterate_query = \
 SELECT local_part AS username, domain_name.domainname AS domain \
   FROM users \
        LEFT JOIN domain_data USING (gid) \
        LEFT JOIN domain_name USING (gid)
--- a/config/dovecot/dovecot.conf
+++ b/config/dovecot/dovecot.conf
@ -1,2 +1,123 @@
-# handled protocols
+###############
-protocols = imap lmtp
+# General
 ###############
 protocols = imap lmtp sieve
 postmaster_address = %{env:POSTMASTER_ADDRESS}
 hostname = %{env:MAIL_HOSTNAME}
 ###############
 # Mailboxes
 ###############
 first_valid_gid = 8
 first_valid_uid = 8
 mail_location = maildir:/data/mail/%u
 mail_home = /data/mail/%u
 mail_uid = mail
 mail_gid = mail
 mail_privileged_group = mail
 mail_access_groups = mail
 ###############
 # TLS
 ###############
 ssl = yes
 ssl_cert = </data/ssl/cert.pem
 ssl_key = </data/ssl/key.pem
 ###############
 # Authentication
 ###############
 auth_mechanisms = plain login cram-md5
 passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
 }
 userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
 }
 service auth {
  user = dovecot
  unix_listener auth-userdb {
  }
  unix_listener /var/spool/postfix/private/dovecot-auth {
    user = postfix
    group = postfix
    mode = 0600
  }
 }
 service auth-worker {
  unix_listener auth-worker {
    user = mail
    group = $default_internal_user
    mode = 0660
  }
  user = mail
 }
 ###############
 # IMAP
 ###############
 protocol imap {
 }
 service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
  }
 }
 ###############
 # Delivery
 ###############
 protocol lmtp {
 }
 protocol lda {
  recipient_delimiter = +
 }
 service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    user = postfix
    group = postfix
    mode = 0600
  }
 }
 service dict {
  unix_listener dict {
    group = mail
    mode = 0660
  }
 }
 ###############
 # Filtering
 ###############
 service managesieve-login {
 	inet_listener sieve {
    port = 4190
  }
 	inet_listener sieve_deprecated {
    port = 2000
  }
 }
 plugin {
 	sieve = ~/.sieve
 	sieve_dir = ~/sieve
 	sieve_before = /var/lib/dovecot/sieve/before.sieve
 	sieve_default = /var/lib/dovecot/sieve/default.sieve
 	sieve_after = /var/lib/dovecot/sieve/after.sieve
 }
--- a/config/postfix/main.cf
+++ b/config/postfix/main.cf
@ -1,33 +1,43 @@
-# aliases
+###############
-sql      = pgsql:${config_directory}/
+# General
-proxysql = proxy:${sql}
+###############
-# relocated users from the database
+# The list of relayed networks is still loaded from a configuration file
-relocated_maps = ${proxysql}pgsql-relocated_maps.cf
+mynetworks = /data/relaynets
 # Empty alias list to override the configuration variable and disable NIS
 alias_maps = hash:/etc/aliases
 # SQLite configuration
 sql = sqlite:${config_directory}/
-# transport settings from our database
+###############
-transport_maps = ${proxysql}pgsql-transport_maps.cf
+# TLS
 ###############
 smtpd_use_tls = yes
 smtpd_tls_cert_file=/data/ssl/cert.pem
 smtpd_tls_key_file=/data/ssl/key.pem
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-# virtual domains, mailboxes and aliases
+###############
-virtual_mailbox_domains = ${proxysql}pgsql-virtual_mailbox_domains.cf
+# SASL
-virtual_alias_maps = ${proxysql}pgsql-virtual_alias_maps.cf
+###############
-virtual_minimum_uid = 70000
+smtpd_sasl_local_domain = $myhostname
 virtual_uid_maps = ${sql}pgsql-virtual_uid_maps.cf
 virtual_gid_maps = ${sql}pgsql-virtual_gid_maps.cf
 virtual_mailbox_base = /
 virtual_mailbox_maps = ${proxysql}pgsql-virtual_mailbox_maps.cf
 # delivery transport
 virtual_transport = lmtp:unix:private/dovecot-lmtp
 # dovecot SASL
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/dovecot-auth
 smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noplaintext, noanonymous
+smtpd_sasl_security_options = noanonymous
-# submission restrictions
+###############
-smtpd_recipient_restrictions =
+# Virtual
- permit_mynetworks
+###############
- permit_sasl_authenticated
+virtual_mailbox_domains = ${sql}sqlite-virtual_mailbox_domains.cf
- reject_unauth_destination
+virtual_alias_maps = ${sql}sqlite-virtual_alias_maps.cf
 virtual_transport = lmtp:unix:private/dovecot-lmtp
 ###############
 # Milter
 ###############
 milter_default_action = tempfail
 milter_protocol = 6
 smtpd_milters =
 non_smtpd_milters =
--- a/config/postfix/master.cf
+++ b/config/postfix/master.cf
@ -1,33 +1,18 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
-# main SMTP services
+# Exposed SMTP services
 smtp      inet  n       -       -       -       -       smtpd
 submission inet n       -       -       -       -       smtpd
-  -o syslog_name=postfix/submission
+  -o smtpd_enforce_tls=yes
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
 smtps     inet  n       -       -       -       -       smtpd
-  -o syslog_name=postfix/smtps
+  -o smtpd_enforce_tls=yes
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
-# internal postfix services
+# Internal postfix services
 pickup    unix  n       -       -       60      1       pickup
 cleanup   unix  n       -       -       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
 tlsmgr    unix  -       -       -       1000?   1       tlsmgr
@ -35,18 +20,14 @@ rewrite   unix  -       -       -       -       -       trivial-rewrite
 bounce    unix  -       -       -       -       0       bounce
 defer     unix  -       -       -       -       0       bounce
 trace     unix  -       -       -       -       0       bounce
 proxymap  unix  -       -       -       -       -       proxymap
 verify    unix  -       -       -       -       1       verify
 flush     unix  n       -       -       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       -       -       -       smtp
 relay     unix  -       -       -       -       -       smtp
 showq     unix  n       -       -       -       -       showq
 error     unix  -       -       -       -       -       error
 retry     unix  -       -       -       -       -       error
 discard   unix  -       -       -       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       -       -       -       lmtp
 anvil     unix  -       -       -       -       1       anvil
 scache    unix  -       -       -       -       1       scache
--- a/config/postfix/pgsql-relocated_maps.cf
+++ b/config/postfix/pgsql-relocated_maps.cf
@ -1,14 +0,0 @@
 # All parameters are described in pgsql_table(5) / PGSQL PARAMETERS
 #
 # The hosts that Postfix will try to connect to and query from.
 hosts = localhost
 # The user name and password to log into the pgsql server.
 user = postfix
 password = some_password
 # The database name on the servers.
 dbname = mailsys
 # The SQL query template used to search the database
 query = SELECT destination FROM postfix_relocated_map('%u', '%d')
--- a/config/postfix/pgsql-smtpd_sender_login_maps.cf
+++ b/config/postfix/pgsql-smtpd_sender_login_maps.cf
@ -1,18 +0,0 @@
 # All parameters are described in pgsql_table(5) / PGSQL PARAMETERS
 #
 # The hosts that Postfix will try to connect to and query from.
 hosts = localhost
 # The user name and password to log into the pgsql server.
 user = postfix
 password = some_password
 # The database name on the servers.
 dbname = mailsys
 # XXX see create_optional_types_and_functions.pgsql
 # 	* line  9: type sender_login
 # 	* line 26: function postfix_smtpd_sender_login_map + comment above
 #
 # The SQL query template used to search the database
 query = SELECT login FROM postfix_smtpd_sender_login_map('%u', '%d')
--- a/config/postfix/pgsql-transport_maps.cf
+++ b/config/postfix/pgsql-transport_maps.cf
@ -1,14 +0,0 @@
 # All parameters are described in pgsql_table(5) / PGSQL PARAMETERS
 #
 # The hosts that Postfix will try to connect to and query from.
 hosts = localhost
 # The user name and password to log into the pgsql server.
 user = postfix
 password = some_password
 # The database name on the servers.
 dbname = mailsys
 # The SQL query template used to search the database
 query = SELECT transport FROM postfix_transport_map('%u', '%d')
--- a/config/postfix/pgsql-virtual_alias_maps.cf
+++ b/config/postfix/pgsql-virtual_alias_maps.cf
@ -1,14 +0,0 @@
 # All parameters are described in pgsql_table(5) / PGSQL PARAMETERS
 #
 # The hosts that Postfix will try to connect to and query from.
 hosts = localhost
 # The user name and password to log into the pgsql server.
 user = postfix
 password = some_password
 # The database name on the servers.
 dbname = mailsys
 # The SQL query template used to search the database
 query = SELECT destination FROM postfix_virtual_alias_map('%u', '%d')
--- a/config/postfix/pgsql-virtual_gid_maps.cf
+++ b/config/postfix/pgsql-virtual_gid_maps.cf
@ -1,14 +0,0 @@
 # All parameters are described in pgsql_table(5) / PGSQL PARAMETERS
 #
 # The hosts that Postfix will try to connect to and query from.
 hosts = localhost
 # The user name and password to log into the pgsql server.
 user = postfix
 password = some_password
 # The database name on the servers.
 dbname = mailsys
 # The SQL query template used to search the database
 query = SELECT gid FROM postfix_gid WHERE domainname='%d'
--- a/config/postfix/pgsql-virtual_mailbox_domains.cf
+++ b/config/postfix/pgsql-virtual_mailbox_domains.cf
@ -1,14 +0,0 @@
 # All parameters are described in pgsql_table(5) / PGSQL PARAMETERS
 #
 # The hosts that Postfix will try to connect to and query from.
 hosts = localhost
 # The user name and password to log into the pgsql server.
 user = postfix
 password = some_password
 # The database name on the servers.
 dbname = mailsys
 # The SQL query template used to search the database
 query = SELECT gid FROM postfix_gid WHERE domainname='%s'
--- a/config/postfix/pgsql-virtual_mailbox_maps.cf
+++ b/config/postfix/pgsql-virtual_mailbox_maps.cf
@ -1,14 +0,0 @@
 # All parameters are described in pgsql_table(5) / PGSQL PARAMETERS
 #
 # The hosts that Postfix will try to connect to and query from.
 hosts = localhost
 # The user name and password to log into the pgsql server.
 user = postfix
 password = some_password
 # The database name on the servers.
 dbname = mailsys
 # The SQL query template used to search the database
 query = SELECT maildir FROM postfix_virtual_mailbox_map('%u', '%d')
--- a/config/postfix/pgsql-virtual_uid_maps.cf
+++ b/config/postfix/pgsql-virtual_uid_maps.cf
@ -1,14 +0,0 @@
 # All parameters are described in pgsql_table(5) / PGSQL PARAMETERS
 #
 # The hosts that Postfix will try to connect to and query from.
 hosts = localhost
 # The user name and password to log into the pgsql server.
 user = postfix
 password = some_password
 # The database name on the servers.
 dbname = mailsys
 # The SQL query template used to search the database
 query = SELECT uid FROM postfix_virtual_uid_map('%u', '%d')
--- a/config/postfix/sqlite-virtual_alias_maps.cf
+++ b/config/postfix/sqlite-virtual_alias_maps.cf
@ -0,0 +1,2 @@
 dbpath = /data/freeposte.db
 query = SELECT destination FROM aliases WHERE localpart = '%u' AND domain = '%d'
--- a/config/postfix/sqlite-virtual_mailbox_domains.cf
+++ b/config/postfix/sqlite-virtual_mailbox_domains.cf
@ -0,0 +1,2 @@
 dbpath = /data/freeposte.db
 query = SELECT domain FROM domains WHERE domain='%s'
--- a/config/supervisor/supervisord.conf
+++ b/config/supervisor/supervisord.conf
@ -1,8 +1,12 @@
 [supervisord]
 nodaemon = true
 loglevel=debug
 [program:postfix]
 command = /usr/lib/postfix/master -d
 [program:dovecot]
 command = /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf -F
 [program:rsyslog]
 command = rsyslogd -n
		`@ -0,0 +1,2 @@`
							`dbpath = /data/freeposte.db`
							`query = SELECT destination FROM aliases WHERE localpart = '%u' AND domain = '%d'`
		`@ -0,0 +1,2 @@`
							`dbpath = /data/freeposte.db`
							`query = SELECT domain FROM domains WHERE domain='%s'`