Linux Mail Server Setup and Howto Guide

Hi forum,

I have combined some of the excelent guides in this site with a bit of this and that and i'm already extremely satisfied with the results. Here's the setup:

• centos
• postfix with virtual users mapped from active directory
• dovecot with static userdb and pam.krb5 (against ADS)
• postfix auth via dovecot-sasl
• amavisd, clamav, spamd, dcc, ryzor and pyzor
• latest horde with ldap addressbook, filters with dovecot-managesieve and deliver/sieve

ms-exchange was replaced with this and everybody is happy.

One problem i had i couldn't find info about how to solve was replacing the "virtual" lda from postfix with dovecot's deliver, which i wanted to plug for sieve filtering. The most commonly used way to setup the transport in postfix is:

dovecot unix – n n – – pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}

and then use smtpd with virtual_transport = dovecot and possibly dovecot_destination_recipient_limit = 1.

The problem with this is that it doesn't work at all with static userdb and pam passdb, and it wasn't obvious at first (at least for me) how to get it to work. Searched a lot but couldn't find anything specific, except that the dovecot wiki says you can tell deliver to not do userdb lookups prior to delivery – calling it with $HOME=/path/to/virtualhomedir and obviating -d parameter. You should ensure that ${user} param from "pipe" does exist in your domain, though.

 I think that after all the checks postfix (and amavis?) do i could say i'm guaranteed i'm delivering to a real user in my domain, but then i'm not sure yet (i'm just starting with these tools). Anyway this is what worked for me, and it can be extended also to do any kind of mangling with the dovecot userdb as needed.

———————————————

postfix master.cf

dovecot unix – n n – – pipe
flags=DORXhu user=vmail:mail argv=/usr/bin/deliver.sh ${user} ${sender}

——————————————–

deliver.sh

#!/bin/sh

export HOME=/home/vmail/$1
/usr/libexec/dovecot/deliver -c /etc/dovecot.conf -f $2

———————————————

deliver.sh could to another lookup or some other check to verify users, or anything.

Prior alternatives that came to cope to this problem were passing another dovecot.conf to deliver with another passdb/userdb combination, rethink the scheme used entirely (relying in winbind and using the passdb backend for example, or other combinations like involving a local ldap/mysql syncing to ADS), or ditching deliver and trying with procmail. This seemed a more straightforward and flexible way.

I hope this saves time to someone getting into the same puzzle. Thank you very much for the material in this site!