Postfix, Dovecot ja lihtne virtuaalsete kasutajate kasutamine
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Sissejuhatus
Tööpõhimõte
Näiteks
internet
...
.
__|__
| | tulemüür
| |
|_____|
|
|
---|---|---------------------|-----
| |
__|__ __|__
| | | |
| | | |
|_____| |_____|
Postfix Dovecot
port 25/tcp port 24/tcp
port 587/tcp port 12345/tcp
kus
- TODO
Postfix
Muus osas seadistada nö tavalisel viisil, aga virtuaalsed kasutajad näidata
virtual_mailbox_domains = moraal.ee, imool.ee virtual_transport = smtp:10.0.6.143 virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_maps.txt virtual_alias_maps = hash:/etc/postfix/virtual_aliases_maps.txt transport_maps = hash:/etc/postfix/transport_maps.txt
kus
- TODO
# cat /etc/postfix/virtual-mailbox-maps-txt.cf mart.kask@imool.ee x priit.kask@imool.ee x
- TODO
# cat /etc/postfix/virtual_aliases_maps.txt kontakt@imool.ee mart.kask@imool.ee, priit.kask@imool.ee mart@imool.ee mark.kask@imool.ee priit@imool.ee priit.kask@imool.ee
- TODO
# cat /etc/postfix/transport_maps.txt imool.ee lmtp:[10.0.6.143] moraal.ee lmtp:[10.0.6.143]
Antud juhul toimub SMTP relee klientide autentimine vastu Dovecot serverit. St sama kasutajate baas, mis on kasutusel Dovecot imap klientide jaoks. SMTP AUTH toimub eraldi nö tavalisest port 25/tcp liiklusest port 587/tcp peal, Postfix seadistusfailis /etc/postfix/master.cf vastab sellel sektsioon
submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=inet:10.0.6.143:12345 -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject
kus
- smtpd_sasl_path - Dovecot auth serveri teenuse aadress
20251219 - postfix docker konteiner kasutamine
Sobib kasutada selline docker compose
root@dh-post:/srv/postfix/dc# cat docker-compose-postfix.yml
name: p_postfix
services:
svc_postfix:
build: .
container_name: cn_postfix
# restart: unle
environment:
- TZ=Europe/Tallinn
ports:
- '25:25'
- '587:587'
networks:
- nw_postfix
volumes:
- '/srv/postfix/volume/var/spool/postfix:/var/lib/postfix'
- '/srv/postfix/volume/etc/postfix:/etc/postfix'
- '/srv/postfix/volume/etc/ssl/localcerts:/etc/ssl/localcerts'
- '/srv/postfix/volume/var/lib/postfix:/var/lib/postfix'
networks:
nw_postfix:
name: nw_postfix
driver: bridge
kusjuures Dockerfile on
root@dh-post:/srv/postfix/dc# cat Dockerfile
FROM debian:13
# Install Postfix and necessary libraries for your hash maps and TLS
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
postfix \
ca-certificates rdate dnsutils less tcpdump procps \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Postfix 3.3+ can run in foreground natively
CMD ["postfix", "start-fg"]
Dovecot tarkvara paigaldamine
Tarkvara paigaldamiseks sobib öelda
# apt-get install dovecot-imapd dovecot-lmtpd
Paigaldamise tulemusena tekib failisüsteemi
- /etc/default/dovecot - seadistusfail
- /etc/dovecot/dovecot.conf - seadistusfail
- /etc/dovecot/conf.d - seadistusfailide kataloog
- /etc/init.d/dovecot - käivitusskript
- dovecot:dovecot ja dovenull:dovenull kasutaja:grupp
- /etc/dovecot/private/dovecot.pem - salajane võti
- /etc/dovecot/dovecot.pem - sertifikaat
Lisada kasutaja:grupp vmail:vmail
# groupadd -g 5000 vmail # useradd -g vmail -u 5000 -m -d /opt/vmail -s /bin/bash vmail
Tekitada postkastide kataloog
# mkdir /srv/vmail # chown vmail:vmail /srv/vmail
Dovecot seadistamine
LDAP kasutamine
- /etc/dovecot/conf.d/10-auth.conf - kirjeldab, millise andmestiku vastu IMAP kasutaja autentimine toimub, antud juhul LDAP (viitab failile auth-ldap.conf.ext)
- /etc/dovecot/conf.d/auth-ldap.conf.ext - kirjeldab passdb ja userdb, antud juhul vastavalt LDAP ja static (viitab failile /etc/dovecot/dovecot-ldap.conf.ext)
- /etc/dovecot/dovecot-ldap.conf.ext - kirjeldab LDAP kataloogi asukoha ning kuidas LDAP päringuid teha ja vastuseid tõlgendada
/etc/dovecot/conf.d/10-master.conf
Seadistusfail /etc/dovecot/conf.d/10-master.conf sisaldab sektsiooni
service lmtp {
unix_listener lmtp {
#mode = 0666
}
# Create inet listener only if you can't use the above UNIX socket
inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
address = 10.0.6.143
port = 24
}
}
Selleks, et Postfix saaks smtp auth kontrolli teostada
# cat /etc/dovecot/conf.d/10-master.conf
..
service auth {
...
inet_listener {
port = 12345
}
}
....
/etc/dovecot/conf.d/10-auth.conf
Seadistusfail /etc/dovecot/conf.d/10-auth.conf sisaldab ridu
disable_plaintext_auth = no auth_mechanisms = plain login !include auth-system.conf.ext
kus
- TODO
/etc/dovecot/conf.d/auth-system.conf.ext
Seadistusfail /etc/dovecot/conf.d/auth-system.conf.ext sisaldab
# cat /etc/dovecot/conf.d/auth-system.conf.ext
passdb {
driver = passwd-file
args = /etc/dovecot/passwd
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/srv/vmail/%d/%n allow_all_users=yes
}
kus
- kasutajate ligipääsuandmed on tekstifailis /etc/dovecot/passwd
# cat /etc/dovecot/passwd
priit.kask@imool.org:{SSHA}c+n6+reZtmVBrQQzxtB/KbrkPTp8eVKB
mart.kask@imool.org:{SSHA}9WHxpvarItLUtZDEJ+aju6+jmmqg1KsS
ning kuhu hashid on moodustatud abil (öeldakse sisestatud paroolile vastav hash, passwd fail tuleb ise moodustada)
# doveadm pw -s ssha
Enter new password:
Retype new password:
{SSHA}Sc3epuWFq/OlYJsKxibD/VBkZ2f6bi9s
/etc/dovecot/conf.d/10-mail.conf
Seadistusfail /etc/dovecot/conf.d/10-mail.conf näidab IMAP deemonile, kus asub failisüsteemis kasutaja postkasti ja sisaldab nt
mail_location = maildir:/srv/vmail/%d/%n/mail
namespace inbox {
inbox = yes
..
separator = /
...
prefix = INBOX/
}
kus
- TODO
SSL
SSL/TLS tööd kontrollib seadistusfail
/etc/dovecot/conf.d/10-ssl.conf
minimaalselt
ssl = required ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem # ssl_ca = </etc/dovecot/ca.pem
kus
- < märk tähistab, et parameerti väärtuseks on näidatud faili sisu
- ssl_cert sisaldab teenuse sertifikaati + kogu ahelat (faili alguses on täpsemad serdid ja faili lõpus self signed juurikas kuigi põhimõtteliselt piisab nö eelviimasest vahesertifikaadist)
Sieve
Sieve (ingl. k. sõel) abil saab kasutaja oma IMAP klientprogrammis, reeglina mugava haldusliidese abil, mitte skripte redigeerides vms
- seadistada serverit nii, et serveris jagatakse sissetulevad kirjad mingite kirjeldatud tunnuste abil postkastidesse (nt Subject sisaldab mingit sõne)
- seadistada serveris vacation (out of office, autoresponse) teate saatmine
Samas on võimalik ka postkasti arvutis, kus Dovecot töötab tekitada käsitsi erinevaid sieve skripte.
Sieve filtri juurutamine
Sieve filtrite kasutamise tugi
# apt-get install dovecot-sieve
Tööd juhib seadistusfail
conf.d/90-sieve.conf
Plugini aktiviseerimiseks tuleb kirjade sisenemisega tegeleva mooduli, nt LMTP seadistusfailis muude pluginate hulgas näidatud sieve, nt
# cat conf.d/20-lmtp.conf
protocol lda {
mail_plugins = $mail_plugins sieve quota
}
Managesieve server
Selleks, et Sieve kliendid saaksid Dovecot serverit juhtida tuleb postimasinasse juurutada Managesieve protokolliga töötav teenus
# apt-get install dovecot-managesieved
Tööd juhib seadistusfail
conf.d/20-managesieve.conf
Tulemusena töötab teenus vaikimisi pordil
# netstat -lnp | grep dove tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 16667/dovecot ...
Sieve filtri kasutamine
Sieve filtri kasutamiseks on vaja sobivat IMAP klient tarkvara, nt Roundcube veebimeili. Kasutamine paistab välja selline
Kasulikud lisamaterjalid
Taustal tekitatakse serveriss selline fail
# cat /srv/vmail/imool.org/priit/sieve/managesieve.sieve
require ["date","fileinto","relational"];
# rule:[leedu]
if header :contains "subject" "leedu"
{
fileinto "leedu";
}
# rule:[eesti]
if header :contains "subject" "eesti"
{
fileinto "eesti";
}
Vacation vastuste kasutamine
Roundcube abil paistab Vacation teate ettevalmistamine selliselt
Tehniliselt toimub Vacation vastustega tegelemine Sieve abil, vastav sektsioon on sarnane
# /srv/vmail/imool.org/priit/sieve/managesieve.sieve
require ["date","fileinto","relational","vacation"];
# rule:[Vacation]
if allof (currentdate :zone "+0200" :value "ge" "iso8601" "2015-03-16T00:00:00+02:00", \
currentdate :zone "+0300" :value "le" "iso8601" "2015-03-30T00:00:00+03:00"
{
vacation :subject "Olen tööpostilt eemal" text:
Tere!
Ma olen tööpostilt eemal ajavahemikul 16. märts - 29. märts 2015. Saadetud salvestatakse postkasti,
aga tegelen nendega alatest 30. märtsist. Kiireloomuliste küsi
Piit
.
;
From: aadressile saadetakse vacation vastus üks kord, arvestust saatmiste kohta peetakse faili abil
/srv/vmail/imool.org/priit/.dovecot.lda-dupes
Tundub, et Dovecot, õieti Sieve saadab vastuse samas arvutis töötavad Postfix abil
# grep 97AB760884 /var/log/mail.log Mar 15 17:35:02 postkast postfix/pickup[24414]: 97AB760884: uid=5000 from=<> Mar 15 17:35:02 postkast postfix/cleanup[25017]: 97AB760884: message-id=<dovecot-sieve-1426433702-589317- 1@postkast.toodang.imool.org> Mar 15 17:35:02 postkast postfix/qmgr[9352]: 97AB760884: from=<>, size=857, nrcpt=1 (queue active) Mar 15 17:35:04 postkast postfix/smtp[25022]: 97AB760884: to=<mart@imool.ee>, \ relay=mail.imool.org[194.204.62.116]:25, delay=1.4, delays=0.09/0/0.05/1.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2615D603D4) Mar 15 17:35:04 postkast postfix/qmgr[9352]: 97AB760884: removed
Käsitsi sieve skriptide kasutamine
Tundub, et Dovecot kompileerib sieve skriptid automaatselt ära. Nt kasutaja skript kasutab :global skripti
# cat conf.d/90-sieve.conf .. sieve_global_dir = /etc/dovecot/sieve ...
ning
# cat /etc/dovecot/sieve/global.sieve
require ["fileinto"];
# rule:[gloobus]
if header :contains "subject" "gloobus"
{
fileinto "gloobus";
}
ning kasutaja sieve skript
# /srv/vmail/imool.org/priit/sieve/kasutajaskript.sieve require ["date","fileinto","relational","vacation","include"]; include :global "global";
IMAP
Testimine
TODO
POP3
Testimine
$ telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user priit@imool.org +OK pass priiduparool +OK Logged in. list +OK 12 messages: 1 1096 2 1097 3 1097 . retr 2 +OK 1097 octets Return-Path: <imre@moraal.auul.pri.ee> Delivered-To: <priit@imool.org> Received: from imool.org ... . quit +OK Logging out. Connection closed by foreign host.
Kasutamine
Thunderbird Linux keskkonnnas
kus
- TODO
Paistab
kus
- ülemine konto on NAMESPACE (("INBOX/" "/")) NIL NIL
- alumine konto on NAMESPACE (("" ".")) NIL NIL
Logimine
Dovecot võimaldab suhteliselt üksikasjalikult logida ja seejuures kirjeldada, mida logitakse, http://wiki2.dovecot.org/Plugins/MailLog
TODO
Märkused
Kui ...
Sep 24 15:38:35 postkast dovecot: master: Warning: /mnt/vdc is no longer mounted. See http://wiki2.dovecot.org/Mountpoints Sep 24 15:38:35 postkast dovecot: master: Warning: /mnt/vdd is no longer mounted. See http://wiki2.dovecot.org/Mountpoints
root@postkast:~# doveadm mount remove /mnt/vdc root@postkast:~# doveadm mount remove /mnt/vdd
Kasulikud lisamaterjalid
Kasulikud lisamaterjalid
2025 sügise märkused - Dovecot kasutamine Docker platvormil
Docker compose
root@dovecot-01:~# cat /srv/dovecot/dc/docker-compose.yml
name: p_dovecot
services:
svc_dovecot:
image: dovecot/dovecot:latest
container_name: cn_dovecot
ports:
- "143:31143" # IMAP (Insecure, for testing only)
- "993:31993" # IMAPS (Secure IMAP - RECOMMENDED)
hostname: dovecot.auul.pri.ee
volumes:
- /srv/dovecot/volume/etc/dovecot:/etc/dovecot
- /srv/dovecot/volume/srv/vmail:/srv/vmail
cap_add:
- CAP_NET_ADMIN
restart: unless-stopped
environment:
- TZ=Europe/Tallinn
networks:
default:
name: dovecot-network
Seadistusfailid
root@dovecot-01:~# find /srv/dovecot/volume/etc/dovecot/ -type f -ls 1049101 4 -rw-r--r-- 1 root root 125 Dec 9 03:36 /srv/dovecot/volume/etc/dovecot/passwd 1049094 4 -rw-r--r-- 1 root root 111 Nov 15 00:07 /srv/dovecot/volume/etc/dovecot/conf.d/mail.conf 1049095 4 -rw-r--r-- 1 root root 159 Nov 15 00:07 /srv/dovecot/volume/etc/dovecot/conf.d/mail_log.conf 1049092 4 -rw-r--r-- 1 root root 417 Dec 9 03:33 /srv/dovecot/volume/etc/dovecot/conf.d/auth.conf 1049097 4 -rw-r--r-- 1 root root 92 Nov 15 00:07 /srv/dovecot/volume/etc/dovecot/conf.d/ssl.conf 1049093 4 -rw-r--r-- 1 root root 418 Nov 15 00:07 /srv/dovecot/volume/etc/dovecot/conf.d/fts.conf 1049096 4 -rw-r--r-- 1 root root 1320 Nov 15 00:07 /srv/dovecot/volume/etc/dovecot/conf.d/metrics.conf 1049090 4 -rw-r--r-- 1 root root 3582 Dec 9 03:11 /srv/dovecot/volume/etc/dovecot/ssl/tls.crt 1049100 4 -rw-r--r-- 1 root root 1708 Dec 9 03:12 /srv/dovecot/volume/etc/dovecot/ssl/tls.key 1049098 4 -rw-r--r-- 1 root root 618 Nov 15 00:07 /srv/dovecot/volume/etc/dovecot/vendor.d/rootless.conf 1049091 4 -rw-r--r-- 1 root root 1433 Nov 15 00:07 /srv/dovecot/volume/etc/dovecot/dovecot.conf
Originaal seadistuste kopeerimine lähtepunktiks
root@dovecot-01:~# docker cp ba:/etc from-container/etc
Kasulikud lisamaterjalid
- TODO
2026 kevade märkused - Postfix kasutamine Docker platvormil
Dockerfile nt selline (2026 kevadel oli mingi põhjus, miks sedasi on otstarbekam läheneda st mitte kasutada valmis postfix tõmmist dockerhub.com pealt)
root@dh-post:~# cat /srv/postfix/dc/Dockerfile
FROM debian:13
# Install Postfix and necessary libraries for your hash maps and TLS
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
postfix \
ca-certificates rdate dnsutils less tcpdump procps \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Postfix 3.3+ can run in foreground natively
CMD ["postfix", "start-fg"]
docker compose
root@dh-post:/srv/postfix# cat dc/docker-compose-postfix.yml
name: p_postfix
services:
svc_postfix:
build: .
container_name: cn_postfix
# restart: unle
environment:
- TZ=Europe/Tallinn
ports:
- '25:25'
- '587:587'
networks:
- nw_postfix
volumes:
- '/srv/postfix/volume/var/spool/postfix:/var/lib/postfix'
- '/srv/postfix/volume/etc/postfix:/etc/postfix'
- '/srv/postfix/volume/etc/ssl/localcerts:/etc/ssl/localcerts'
- '/srv/postfix/volume/var/lib/postfix:/var/lib/postfix'
networks:
nw_postfix:
name: nw_postfix
driver: bridge
ning volume'ites olevad kataloogid-failid
root@dh-post:/srv/postfix# find /srv/postfix/volume -ls
14 4 drwxr-xr-x 4 root root 4096 Dec 18 07:18 /srv/postfix/volume
15 4 drwxr-xr-x 4 root root 4096 Dec 18 07:18 /srv/postfix/volume/etc
17 4 drwxr-xr-x 3 root root 4096 Dec 18 07:18 /srv/postfix/volume/etc/ssl
18 4 drwxr-xr-x 2 root root 4096 Feb 26 09:52 /srv/postfix/volume/etc/ssl/localcerts
1692 4 -rw-r--r-- 1 root root 1704 Feb 26 09:51 /srv/postfix/volume/etc/ssl/localcerts/mail.moraal.ee.key
1691 4 -rw-r--r-- 1 root root 3631 Feb 26 09:52 /srv/postfix/volume/etc/ssl/localcerts/mail.moraal.ee.crt
16 4 drwxr-xr-x 4 root root 4096 Dec 19 07:26 /srv/postfix/volume/etc/postfix
1696 8 -rw-r--r-- 1 root root 7697 Dec 18 08:41 /srv/postfix/volume/etc/postfix/master.cf
1700 4 drwxr-xr-x 2 root root 4096 Oct 28 2025 /srv/postfix/volume/etc/postfix/sasl
1695 4 -rw-r--r-- 1 root root 2455 Oct 28 2025 /srv/postfix/volume/etc/postfix/main.cf.proto
1693 4 -rw-r--r-- 1 root root 60 Dec 18 07:57 /srv/postfix/volume/etc/postfix/dynamicmaps.cf
1699 4 drwxr-xr-x 2 root root 4096 Oct 28 2025 /srv/postfix/volume/etc/postfix/postfix-files.d
1694 4 -rw-r--r-- 1 root root 1479 Dec 19 07:26 /srv/postfix/volume/etc/postfix/main.cf
1698 12 -rw-r--r-- 1 root root 9313 Oct 28 2025 /srv/postfix/volume/etc/postfix/postfix-files
1697 8 -rw-r--r-- 1 root root 7335 Oct 28 2025 /srv/postfix/volume/etc/postfix/master.cf.proto
19 4 drwxr-xr-x 4 root root 4096 Dec 18 07:30 /srv/postfix/volume/var
23 4 drwxr-xr-x 3 root root 4096 Dec 18 07:30 /srv/postfix/volume/var/lib
25 4 drwxr-xr-x 2 systemd-resolve input 4096 Dec 18 08:48 /srv/postfix/volume/var/lib/postfix
1701 4 -rw------- 1 systemd-resolve input 33 Feb 26 09:53 /srv/postfix/volume/var/lib/postfix/master.lock
1702 4 -rw------- 1 systemd-resolve input 1024 Apr 28 13:17 /srv/postfix/volume/var/lib/postfix/prng_exch
1703 36 -rw------- 1 systemd-resolve input 32768 Apr 28 13:12 /srv/postfix/volume/var/lib/postfix/smtpd_scache.db
1704 12 -rw------- 1 systemd-resolve input 12288 Apr 28 12:23 /srv/postfix/volume/var/lib/postfix/smtp_scache.db
20 4 drwxr-xr-x 3 root root 4096 Dec 18 07:18 /srv/postfix/volume/var/spool
21 4 drwxr-xr-x 2 systemd-resolve input 4096 Dec 18 07:18 /srv/postfix/volume/var/spool/postfix
kus
- osa on etteantud seadistusfailid, krüpomaterjal jms
- osa on töötamise käigus tekkinud cache jms
- kataloogi /srv/postfix/volume/etc/postfix sisu on otsekohene korra alguses kopeerida käivitatud konteinerist dockerhosti failisüsteemi
