Mailserver with ldap tutorial – part 2: dovecot

After we’ve setup openldap in part 1, I’m going to describe in this post how to setup dovecot. In our mailserver dovecot will have three tasks: it provides access to the mailboxes via imaps, it will destribute the mails accepted by postfix to the mailboxes (local deliviery agent) and it will provide an authentication interface for postfix

This is step 2 of the 8 step tutorial for setting up a mailserver with openldap, postfix and dovecot using virtual users. You can find the overview here.
I’m assuming that all commands are executed with root rights.

1. Install dovecot

aptitude install dovecot-imapd

2. Create user vmail

As we are using virtual users for our mailserver we need a common user for the virtual maildirs. Create it using:

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m

3. Configuration

Dovecot has one main config file, the /etc/dovecot/dovecot.conf. It should look similar to this:

protocols = imap imaps
disable_plaintext_auth = yes
syslog_facility = mail
ssl_cert_file = /etc/ssl/certs/cert.pem
ssl_key_file = /etc/ssl/private/key.pem
mail_uid = vmail
mail_gid = vmail
mail_privileged_group = vmail
protocol lda {
  postmaster_address =
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/vmail/dovecot-deliver.log
auth default {
  passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  userdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
      group = vmail
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix

As the mailbox location is stored in the ldap we have to read it from there. The configuration for that ist stored in /etc/dovecot/dovecot-ldap.conf as mentioned above.

hosts = localhost
dn = cn=dovecot,dc=cbjck,dc=de
dnpass = 
ldap_version = 3
base = ou=people,dc=cbjck,dc=de
scope = subtree
user_attrs = homeDirectory=home,mailbox=mail
user_filter = (&(objectClass=mailUser)(|(uid=%u)(maildrop=%u)(mail=%u)))
pass_attrs = uid=user, userPassword=password
pass_filter = (&(objectClass=mailUser)(|(uid=%u)(maildrop=%u)(mail=%u)))

Of course the pasword for cn=dovecot,dc=cbjck,dc=de is not!

4. Logrotate

As the logfile set in /etc/dovecot/dovecot.conf might get quite large it is a good idea to onfigure logrotate for that file. Create /etc/logrotate.d/dovecot-deliver:

/var/vmail/dovecot-deliver.log {
  rotate 14

That’s it. Dovecot is ready and we can continue to step 3: postfix.

Edited on Jan 9th 2015 for better redability.

3 thoughts on “Mailserver with ldap tutorial – part 2: dovecot

  1. Pingback: Shared mailboxes with dovecot

  2. Pingback: Mailserver with ldap tutorial - part 3: postfix

  3. Pingback: mailserver with ldap tutorial - overview -

Leave a Reply

Your email address will not be published. Required fields are marked *