Avatar of vwal

asked on 

Help needed with Postfix with Dovecot setup (virtual domains/users, LDAP, Dovecot as LDA/SASL AUTH)

I'm setting up a mail system on FreeBSD 7.0 using Postfix 2.5.1, Dovecot 1.1.1, and OpenLDAP 2.3. I've been running qmail for last six years, and thus am new to Postfix/Dovecot world. Although it's wonderful to see how much more streamlined things have become (as compared to the very patched, aging qmail), the sheer number of variables in the new setup is causing me trouble.

The goals for this system are:

- Postfix 2.5.1 as the MTA
- Dovecot 1.1.1 as the LDA for both for the local and virtual accounts (though the few existing local accounts - mainly root - will be fowarded to one of the virtual accounts)
- Dovecot 1.1.1 as the SASL AUTH source
- OpenLDAP as the store for the virtual account login info (I'll be likely using Phamm to manage LDAP)
- TSL should be enabled (but not required) for external connections. The required certs have been generated.

The system will handle couple of dozen virtual domains where many of the accounts are forward accounts (mail is forwarded elsewhere). Mail destined for the local system accounts (such as the root or the postmaster) should be received but forwarded to an account in one of the virtual domains.

Below is what I've got so far as far as the configuration goes. I realize this is not yet complete. LDAP integration, for one, is missing altogether as it is a new area for me and I haven't had the chance to read up on it yet extensively (or rather, sufficiently).

I'm asking for help to point out possible errors (functionality/security) in the configuration, and to complete the setup (including the LDAP integration). There are a lot of resources on the web on these, but many conflict having been written for varying versions, varying configurations, and on varying platforms.

I don't mind doing lots of tweaking/debugging/"RTFM", but the process will be much easier and less time consuming if someone who is more familiar with Postfix/Dovecot/LDAP setup would assist with this initial setup.

Thanks for any insights and advice!

base_dir = /var/run/dovecot/
login_dir = /var/run/dovecot/login
mail_location = maildir:/home/vmail/%d/%n/Maildir
protocols = imap imaps pop3 pop3s
login_user = dovecot
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
first_valid_uid = 500 
first_valid_gid = 0
mail_uid = vmail
mail_gid = vmail
ssl_disable = no
ssl_listen = *
ssl_cert_file = /etc/ssl/certs/dovecot-inertia.crt
ssl_key_file = /etc/ssl/certs/dovecot-inertia.pem
ssl_cipher_list = ALL:!LOW:!SSLv2
verbose_ssl = no
log_path = /var/log/dovecot-error.log
info_log_path = /var/log/dovecot-info.log
log_timestamp = "%F %H:%M:%S "
maildir_copy_with_hardlinks = yes
verbose_proctitle = yes
protocol imap {
protocol pop3 {
	pop3_uidl_format = %08Xu%08Xv
	pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
protocol lda {
	postmaster_address = postmaster@inertia.mydomain.com
	auth_socket_path = /var/run/dovecot/auth-master
	log_path = /var/log/dovecot-deliver.log
	info_log_path = /var/log/dovecot-deliver.log
auth default {
	mechanisms = plain login
	socket listen {
		master {
	        path = /var/run/dovecot/auth-master
    	    mode = 0600
        	user = vmail # User runing deliver
        	group = vmail
		client {
			path = /var/spool/postfix/private/auth
			mode = 0660
			user = postfix
			group = postfix
	passdb pam {
	userdb passwd {
		args = mail=maildir:/home/%u/Maildir
	userdb static {
		args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir 
	user = root
dict {
plugin {
debug_peer_level = 9  # normally set to 2
debug_peer_list =
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
myhostname = inertia.mydomain.com
mydomain = inertia.mydomain.com 
myorigin = $myhostname
mydestination = $myhostname
mynetworks_style = host
mynetworks =  #currently behind a firewall
relay_domains = $mydestination
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
home_mailbox = Maildir/
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/local/libexec/dovecot/deliver
mailbox_transport = dovecot
virtual_transport = dovecot
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = someotherdomain.com  
#virtual_mailbox_maps = hash:/etc/postfix/virtual # do I actually need this with Dovecot as  the LDA?
smtpd_recipient_restrictions = 
smtpd_data_restrictions = 
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
readme_directory = /usr/local/etc/postfix/README_FILES
#Postfix master.cf is the default file with the following changes (only the changes from the file are included below):
#enable alternative SMTPD ports as 25 is often blocked by ISPs
465       inet  n       -       n       -       -       smtpd
587       inet  n       -       n       -       -       smtpd
#tlsmgr is commented out:
#tlsmgr    unix  -       -       n       1000?   1       tlsmgr 
#Dovecot LDA
dovecot    unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}

Open in new window

DatabasesEmail ProtocolsEmail Servers

Avatar of undefined
Last Comment
David Beveridge
Avatar of David Beveridge
David Beveridge
Flag of Australia image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Regarding this

#virtual_mailbox_maps = hash:/etc/postfix/virtual # do I actually need this with Dovecot as  the LDA?

I still think you will need this regardless of what does the local delivery.


Databases are organized collections of data, most commonly accessed through management systems including schemas, tables, queries and processes that allow users to enter and manipulate the information or utilize it in other fashions, such as with web applications or for reporting purposes.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo