<uri strref=“http://wiki.dovecot.org/PasswordDatabase/CheckPassword”/>

aptitude remove courier-authdaemon courier-authlib courier-authlib-userdb

aptitude install dovecot-imapd dovecot-pop3d

Patch qmail-ldap with this patch to add auth_dovecot:

<uri strref=“http://japc.uncovering.org/dovecot/qmail-ldap-1.03-20060201-dovecot.patch”/>

qmail-1.03# patch -p1 < ../qmail-ldap-1.03-20060201-dovecot.patch

<strong>/etc/dovecot/dovecot.conf</strong>:

--- ./dovecot.conf      2008/03/21 02:37:32     1.1
+++ ./dovecot.conf      2008/03/24 17:31:18
@@ -18,7 +18,7 @@
 # Protocols we want to be serving: imap imaps pop3 pop3s
 # If you only want to use dovecot-auth, you can set this to "none".
 #protocols = imap imaps
-protocols =
+protocols = imap imaps pop3 pop3s

 # IP or host address where to listen in for connections. It's not currently
 # possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
@@ -43,7 +43,7 @@
 # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = no

 # Should all IMAP and POP3 processes be killed when Dovecot master process
 # shuts down. Setting this to "no" means that Dovecot can be upgraded without
@@ -205,7 +205,7 @@
 #
 # http://wiki.dovecot.org/MailLocation
 #
-#mail_location =
+mail_location = maildir:~/Maildir

 # If you need to set multiple mailbox locations or want to change default
 # namespace settings, you can do it by defining namespace sections:
@@ -304,21 +304,21 @@
 # Show more verbose process titles (in ps). Currently shows user name and
 # IP address. Useful for seeing who are actually using the IMAP processes
 # (eg. shared mailboxes or if same uid is used for multiple accounts).
-#verbose_proctitle = no
+verbose_proctitle = yes

 # Valid UID range for users, defaults to 500 and above. This is mostly
 # to make sure that users can't log in as daemons or other system users.
 # Note that denying root logins is hardcoded to dovecot binary and can't
 # be done even if first_valid_uid is set to 0.
-#first_valid_uid = 500
-#last_valid_uid = 0
+first_valid_uid = 200
+last_valid_uid = 200

 # Valid GID range for users, defaults to non-root/wheel. Users having
 # non-valid GID as primary group ID aren't allowed to log in. If user
 # belongs to supplementary groups with non-valid GIDs, those groups are
 # not set.
-#first_valid_gid = 1
-#last_valid_gid = 0
+first_valid_gid = 200
+last_valid_gid = 200

 # Maximum number of running mail processes. When this limit is reached,
 # new users aren't allowed to log in.
@@ -512,7 +512,7 @@

   # Support for dynamically loadable plugins. mail_plugins is a space separated
   # list of plugins to load.
-  #mail_plugins =
+  mail_plugins = quota imap_quota
   #mail_plugin_dir = /usr/lib/dovecot/modules/imap

   # Send IMAP capabilities in greeting message. This makes it unnecessary for
@@ -618,7 +618,7 @@

   # Support for dynamically loadable plugins. mail_plugins is a space separated
   # list of plugins to load.
-  #mail_plugins =
+  mail_plugins = quota
   #mail_plugin_dir = /usr/lib/dovecot/modules/pop3

   # Workarounds for various client bugs:
@@ -743,7 +743,7 @@
 auth default {
   # Space separated list of wanted authentication mechanisms:
   #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
-  mechanisms = plain
+  mechanisms = plain login

   #
   # Password database is used to verify user's password (and nothing more).
@@ -779,7 +779,7 @@
   # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
   # authentication to actually work.
   # http://wiki.dovecot.org/PasswordDatabase/PAM
-  passdb pam {
+  #passdb pam {
     #  [session=yes] [setcred=yes] [cache_key=<key>] [<service name>]
     #
     # session=yes makes Dovecot open and immediately close PAM session. Some
@@ -808,7 +808,7 @@
     #   args = session=yes *
     #   args = cache_key=%u dovecot
     #args = dovecot
-  }
+  #}

   # /etc/passwd or similar, using getpwnam()
   # In many systems nowadays this uses Name Service Switch, which is
@@ -839,10 +839,10 @@
   # checkpassword executable authentication
   # NOTE: You will probably want to use "userdb prefetch" with this.
   # http://wiki.dovecot.org/PasswordDatabase/CheckPassword
-  #passdb checkpassword {
+  passdb checkpassword {
     # Path for checkpassword binary
-    #args =
-  #}
+    args = /var/qmail/bin/auth_dovecot ./Maildir/
+  }

   # SQL database
   # http://wiki.dovecot.org/AuthDatabase/SQL
@@ -877,8 +877,8 @@
   # configured in /etc/nsswitch.conf. WARNING: nss_ldap is known to be broken
   # with Dovecot. Don't use it, or users might log in as each others!
   # http://wiki.dovecot.org/AuthDatabase/Passwd
-  userdb passwd {
-  }
+  #userdb passwd {
+  #}

   # passwd-like file with specified location
   # http://wiki.dovecot.org/AuthDatabase/PasswdFile
@@ -922,8 +922,8 @@
   # This can be made to work with SQL and LDAP databases, see their example
   # configuration files for more information how to do it.
   # http://wiki.dovecot.org/UserDatabase/Prefetch
-  #userdb prefetch {
-  #}
+  userdb prefetch {
+  }

   # User to use for the process. This user needs access to only user and
   # password databases, nothing else. Only shadow and pam authentication
@@ -1026,7 +1026,7 @@
   #   dict: Keep quota stored in dictionary (eg. SQL)
   #   maildir: Maildir++ quota
   #   fs: Read-only support for filesystem quota
-  #quota = maildir
+  quota = maildir

   # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from maildir
   # directory. You can also optionally give a global ACL directory path where

Activate fail2ban to block brute force attacks.

<link idref=“44”></link>