This is an old revision of the document!
<uri strref=“http://wiki.dovecot.org/PasswordDatabase/CheckPassword”/>
aptitude remove courier-authdaemon courier-authlib courier-authlib-userdb
aptitude install dovecot-imapd dovecot-pop3d
Patch qmail-ldap with this patch to add auth_dovecot:
<uri strref=“http://japc.uncovering.org/dovecot/qmail-ldap-1.03-20060201-dovecot.patch”/>
qmail-1.03# patch -p1 < ../qmail-ldap-1.03-20060201-dovecot.patch
<strong>/etc/dovecot/dovecot.conf</strong>:
--- ./dovecot.conf 2008/03/21 02:37:32 1.1 +++ ./dovecot.conf 2008/03/24 17:31:18 @@ -18,7 +18,7 @@ # Protocols we want to be serving: imap imaps pop3 pop3s # If you only want to use dovecot-auth, you can set this to "none". #protocols = imap imaps -protocols = +protocols = imap imaps pop3 pop3s # IP or host address where to listen in for connections. It's not currently # possible to specify multiple addresses. "*" listens in all IPv4 interfaces. @@ -43,7 +43,7 @@ # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. -#disable_plaintext_auth = yes +disable_plaintext_auth = no # Should all IMAP and POP3 processes be killed when Dovecot master process # shuts down. Setting this to "no" means that Dovecot can be upgraded without @@ -205,7 +205,7 @@ # # http://wiki.dovecot.org/MailLocation # -#mail_location = +mail_location = maildir:~/Maildir # If you need to set multiple mailbox locations or want to change default # namespace settings, you can do it by defining namespace sections: @@ -304,21 +304,21 @@ # Show more verbose process titles (in ps). Currently shows user name and # IP address. Useful for seeing who are actually using the IMAP processes # (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no +verbose_proctitle = yes # Valid UID range for users, defaults to 500 and above. This is mostly # to make sure that users can't log in as daemons or other system users. # Note that denying root logins is hardcoded to dovecot binary and can't # be done even if first_valid_uid is set to 0. -#first_valid_uid = 500 -#last_valid_uid = 0 +first_valid_uid = 200 +last_valid_uid = 200 # Valid GID range for users, defaults to non-root/wheel. Users having # non-valid GID as primary group ID aren't allowed to log in. If user # belongs to supplementary groups with non-valid GIDs, those groups are # not set. -#first_valid_gid = 1 -#last_valid_gid = 0 +first_valid_gid = 200 +last_valid_gid = 200 # Maximum number of running mail processes. When this limit is reached, # new users aren't allowed to log in. @@ -512,7 +512,7 @@ # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. - #mail_plugins = + mail_plugins = quota imap_quota #mail_plugin_dir = /usr/lib/dovecot/modules/imap # Send IMAP capabilities in greeting message. This makes it unnecessary for @@ -618,7 +618,7 @@ # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. - #mail_plugins = + mail_plugins = quota #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 # Workarounds for various client bugs: @@ -743,7 +743,7 @@ auth default { # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi - mechanisms = plain + mechanisms = plain login # # Password database is used to verify user's password (and nothing more). @@ -779,7 +779,7 @@ # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM # authentication to actually work. # http://wiki.dovecot.org/PasswordDatabase/PAM - passdb pam { + #passdb pam { # [session=yes] [setcred=yes] [cache_key=<key>] [<service name>] # # session=yes makes Dovecot open and immediately close PAM session. Some @@ -808,7 +808,7 @@ # args = session=yes * # args = cache_key=%u dovecot #args = dovecot - } + #} # /etc/passwd or similar, using getpwnam() # In many systems nowadays this uses Name Service Switch, which is @@ -839,10 +839,10 @@ # checkpassword executable authentication # NOTE: You will probably want to use "userdb prefetch" with this. # http://wiki.dovecot.org/PasswordDatabase/CheckPassword - #passdb checkpassword { + passdb checkpassword { # Path for checkpassword binary - #args = - #} + args = /var/qmail/bin/auth_dovecot ./Maildir/ + } # SQL database # http://wiki.dovecot.org/AuthDatabase/SQL @@ -877,8 +877,8 @@ # configured in /etc/nsswitch.conf. WARNING: nss_ldap is known to be broken # with Dovecot. Don't use it, or users might log in as each others! # http://wiki.dovecot.org/AuthDatabase/Passwd - userdb passwd { - } + #userdb passwd { + #} # passwd-like file with specified location # http://wiki.dovecot.org/AuthDatabase/PasswdFile @@ -922,8 +922,8 @@ # This can be made to work with SQL and LDAP databases, see their example # configuration files for more information how to do it. # http://wiki.dovecot.org/UserDatabase/Prefetch - #userdb prefetch { - #} + userdb prefetch { + } # User to use for the process. This user needs access to only user and # password databases, nothing else. Only shadow and pam authentication @@ -1026,7 +1026,7 @@ # dict: Keep quota stored in dictionary (eg. SQL) # maildir: Maildir++ quota # fs: Read-only support for filesystem quota - #quota = maildir + quota = maildir # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from maildir # directory. You can also optionally give a global ACL directory path where
Activate fail2ban to block brute force attacks.
<link idref=“44”></link>