Help needed with Postfix with Dovecot setup (virtual domains/users, LDAP, Dovecot as LDA/SASL AUTH)

I'm setting up a mail system on FreeBSD 7.0 using Postfix 2.5.1, Dovecot 1.1.1, and OpenLDAP 2.3. I've been running qmail for last six years, and thus am new to Postfix/Dovecot world. Although it's wonderful to see how much more streamlined things have become (as compared to the very patched, aging qmail), the sheer number of variables in the new setup is causing me trouble.

The goals for this system are:

- Postfix 2.5.1 as the MTA
- Dovecot 1.1.1 as the LDA for both for the local and virtual accounts (though the few existing local accounts - mainly root - will be fowarded to one of the virtual accounts)
- Dovecot 1.1.1 as the SASL AUTH source
- OpenLDAP as the store for the virtual account login info (I'll be likely using Phamm to manage LDAP)
- TSL should be enabled (but not required) for external connections. The required certs have been generated.

The system will handle couple of dozen virtual domains where many of the accounts are forward accounts (mail is forwarded elsewhere). Mail destined for the local system accounts (such as the root or the postmaster) should be received but forwarded to an account in one of the virtual domains.

Below is what I've got so far as far as the configuration goes. I realize this is not yet complete. LDAP integration, for one, is missing altogether as it is a new area for me and I haven't had the chance to read up on it yet extensively (or rather, sufficiently).

I'm asking for help to point out possible errors (functionality/security) in the configuration, and to complete the setup (including the LDAP integration). There are a lot of resources on the web on these, but many conflict having been written for varying versions, varying configurations, and on varying platforms.

I don't mind doing lots of tweaking/debugging/"RTFM", but the process will be much easier and less time consuming if someone who is more familiar with Postfix/Dovecot/LDAP setup would assist with this initial setup.

Thanks for any insights and advice!

## DOVECOT CONFIGURATION FILE
 
base_dir = /var/run/dovecot/
login_dir = /var/run/dovecot/login
mail_location = maildir:/home/vmail/%d/%n/Maildir
 
protocols = imap imaps pop3 pop3s
login_user = dovecot
 
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
 
first_valid_uid = 500 
first_valid_gid = 0
mail_uid = vmail
mail_gid = vmail
 
ssl_disable = no
ssl_listen = *
ssl_cert_file = /etc/ssl/certs/dovecot-inertia.crt
ssl_key_file = /etc/ssl/certs/dovecot-inertia.pem
ssl_cipher_list = ALL:!LOW:!SSLv2
verbose_ssl = no
 
log_path = /var/log/dovecot-error.log
info_log_path = /var/log/dovecot-info.log
log_timestamp = "%F %H:%M:%S "
 
maildir_copy_with_hardlinks = yes
verbose_proctitle = yes
 
protocol imap {
}
  
protocol pop3 {
	pop3_uidl_format = %08Xu%08Xv
	pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
 
protocol lda {
	postmaster_address = postmaster@inertia.mydomain.com
	auth_socket_path = /var/run/dovecot/auth-master
	log_path = /var/log/dovecot-deliver.log
	info_log_path = /var/log/dovecot-deliver.log
}
 
auth default {
	mechanisms = plain login
	socket listen {
		master {
	        path = /var/run/dovecot/auth-master
    	    mode = 0600
        	user = vmail # User runing deliver
        	group = vmail
        }
		client {
			path = /var/spool/postfix/private/auth
			mode = 0660
			user = postfix
			group = postfix
		}
	}
	passdb pam {
	}
	userdb passwd {
		args = mail=maildir:/home/%u/Maildir
	}
	userdb static {
		args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir 
	}	
	user = root
}
 
dict {
}
 
plugin {
}
 
-----------------------------
 
## MAIN.CF
 
debug_peer_level = 9  # normally set to 2
debug_peer_list = 127.0.0.1
 
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
 
mail_owner = postfix
myhostname = inertia.mydomain.com
mydomain = inertia.mydomain.com 
myorigin = $myhostname
 
mydestination = $myhostname
	localhost.$mydomain
	localhost
 
mynetworks_style = host
mynetworks = 192.168.1.0/24  #currently behind a firewall
relay_domains = $mydestination
 
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
 
home_mailbox = Maildir/
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/local/libexec/dovecot/deliver
mailbox_transport = dovecot
virtual_transport = dovecot
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = someotherdomain.com  
#virtual_mailbox_maps = hash:/etc/postfix/virtual # do I actually need this with Dovecot as  the LDA?
 
smtpd_recipient_restrictions = 
	reject_non_fqdn_recipient
	reject_non_fqdn_sender
	reject_unknown_sender_domain
	reject_unknown_recipient_domain
	permit_mynetworks
	permit_sasl_authenticated
	reject_non_fqdn_hostname 
	reject_invalid_hostname
	reject_unauth_destination 
 
smtpd_data_restrictions = 
	reject_multi_recipient_bounce
	reject_unauth_pipelining
 
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
readme_directory = /usr/local/etc/postfix/README_FILES
 
-----------------------------
## MASTER.CF
#Postfix master.cf is the default file with the following changes (only the changes from the file are included below):
 
#enable alternative SMTPD ports as 25 is often blocked by ISPs
465       inet  n       -       n       -       -       smtpd
587       inet  n       -       n       -       -       smtpd
 
#tlsmgr is commented out:
#tlsmgr    unix  -       -       n       1000?   1       tlsmgr 
 
#Dovecot LDA
dovecot    unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}

Select allOpen in new window