Home

Dovecot passwd-file Based Virtual Users

Submitted by bahadunn on Tue, 01/29/2008 - 20:58.

Dovecot passwd-file Based Virtual Users

To setup Dovecot using passwd-file the following steps should be taken:

  • Use the dovecotpw program to generate passwords for users
  • Create a file to contain users and passwords
  • Configure Dovecot to use the passwd-file to lookup virtual users

The dovecotpw program

The dovecotpw program is used to generate passwords for a user using a number of available password schemes. Here is the usage summary of the dovecotpw command:

usage: dovecotpw [-l] [-p plaintext] [-s scheme] [-u user] [-V]
    -l List known password schemes
    -p plaintext New password
    -s scheme Password scheme
    -u user Username (if scheme uses it)
    -V Internally verify the hash

To list the available password schemes use the command:

linux:~$ dovecotpw -l
CRYPT MD5 MD5-CRYPT SHA SHA1 SMD5 SSHA PLAIN CLEARTEXT CRAM-MD5 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM RPA

To create a password for a user using the MD5-CRYPT password scheme using the following command:

linux:~$ dovecotpw -u username -s MD5-CRYPT
Enter new password:
Retype new password:
{MD5-CRYPT}$1$YQ7nF.Dr$EyuQDAojnkEyW0Nk7C6zg.

Create a File to Store Users and Passwords

Using your favorite editor create a file in which you will keep a list of users and passwords. You can create a file called "dovecot.users" for example. Your file should contain a list of users and passwords, one per line, in the following format:

user:password

The username can be in the format of "username" or "username@domain.com". The password filed should contain the output from the dovecotpw command. In our example that is the string "{MD5-CRYPT}$1$YQ7nF.Dr$EyuQDAojnkEyW0Nk7C6zg." without quotes.

Configure Dovecot

Now we need to configure dovecot to use the passwd-file to lookup passwords. The first thing to do is setup the user lookup. Edit the dovecot.conf file so that the user static configuration line looks like this:

userdb static {
    args = uid=vmail gid=vmail home=/home/vmail/%u
}

The uid and gid fields configure dovecot to use the specified uid and gid to access the virtual mail directory. The home configuration field tells dovecot where the virtual mail directory is located. The %u part of the home configuration field is replaced by the username found in the passwd file.

To configure the password lookup in Dovecot edit the dovecot.conf file to include a configuration similar to the following:

passdb passwd-file {
    args = /etc/dovecot/dovecot.users
}

One last configuration needs to be done. We need to configure the mail_location directive in dovecot.conf so that dovecot knows where in the virtual mail directory the actual mail is. If you are just using /home/vmail/%u (expands to /home/vmail/username@domain.com for example) you may need to set the mail_location directive like this:

mail_location = maildir:~

This tells dovecot that the maildir structure is located directly in the user directory. Some people have the maildir structure in /home/vmail/username@domain.com/Maildir for example. In that case mail_location would look like this:

mail_location = maildir:~/Maildir

NOTE: I am assuming a complete dovecot.conf file already in place which only needs to be edited to include the configuration for virtual users based on passwd-file.

»