summaryrefslogtreecommitdiffstats
path: root/doc/wiki/LDA.Exim.txt
blob: 1b2ab214f8b1f2031b63b25824ab779cbc28a773 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
Dovecot LDA with Exim
=====================

System users
------------

Change the localuser router to use dovecot_delivery transport:

---%<-------------------------------------------------------------------------
localuser:
  driver = accept
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  transport = dovecot_delivery
---%<-------------------------------------------------------------------------

'check_local_user' is required. It makes Exim execute the transport with the
user's UID and GID and it also sets HOME environment.

Next create a new transport for dovecot-lda:

---%<-------------------------------------------------------------------------
dovecot_delivery:
  driver = pipe

  # Use /usr/lib/dovecot/dovecot-lda  if using Debian's package.
  # You may or may not want to add -d $local_part@$domain depending on if you
need a userdb lookup done.
  command = /usr/local/libexec/dovecot/dovecot-lda -f $sender_address

  message_prefix =
  message_suffix =
  log_output
  delivery_date_add
  envelope_to_add
  return_path_add
  #group = mail
  #mode = 0660
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
---%<-------------------------------------------------------------------------

LDA is now running using the local user's UID and GID. The mail is delivered to
the location specified by <mail_location> [MailLocation.txt] setting. Note that
the above configuration doesn't do any <userdb> [UserDatabase.txt] lookups, so
you can't have any per-user configuration. If you want that, see the virtual
user setup below.

Virtual users
-------------

Make sure that 'check_local_user' isn't set in the router.

Single UID
----------

Configure the transport to run as the user you want, for example vmail:

---%<-------------------------------------------------------------------------
dovecot_virtual_delivery:
  driver = pipe
  command = /usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain  -f
$sender_address
  # v1.1+: command = /usr/local/libexec/dovecot/dovecot-lda -d
$local_part@$domain  -f $sender_address -a
$original_local_part@$original_domain
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  user = vmail
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
---%<-------------------------------------------------------------------------

You'll also need to have a master authentication socket and give vmail user
access to it. See <LDA.txt> for more information.

List of temp_errors can be found in '/usr/include/sysexits.h'.

Multiple UIDs
-------------

If you need multiple uids/gids you'll need to set dovecot-lda setuid root. See
<LDA#multipleuids> [LDA.txt] for how to do this securely.

You could alternatively set 'user = root', but this requires that you built
Exim without root being in FIXED_NEVER_USERS list.

Multiple UIDs, without running dovecot-lda as root
--------------------------------------------------

In this mode, dovecot-lda won't be querying Dovecot's master socket, instead
trusting Exim to setup its execution environment. This means you must set up
Exim to get the UID, GID, Home directory from LDAP/SQL/whatever. Here, we're
setting them in the router and the transport automatically inherits them.

Router configuration
--------------------

Insert the following router after your external delivery routers and before
your local system delivery routers.

This assumes you're using macros set elsewhere to handle your external queries,
as they can quickly become unwieldy to manage. Make sure you adjust it to suit
your installation first!

---%<-------------------------------------------------------------------------
ldap_local_user:
  debug_print = "R: ldap_local_user for $local_part@$domain"
  driver = accept
  domains = +ldap_local_domains
  condition = LDAP_VIRT_COND
  router_home_directory = LDAP_VIRT_HOME
  user = LDAP_VIRT_UID
  group = LDAP_VIRT_GID
  #local_part_suffix = +* : -*
  #local_part_suffix_optional
  transport = dovecot_lda
---%<-------------------------------------------------------------------------

Transport configuration
-----------------------

This transport has been tested with Exim 4.69-9 and Dovecot 1:1.2.5-2
(backported) on Debian Lenny. You also have to set

---%<-------------------------------------------------------------------------
dovecot_lda:
  debug_print = "T: dovecot_lda for $local_part@$domain"
  driver = pipe
  # Uncomment the following line and comment the one after it if you want
dovecot-lda to try
  # to deliver subaddresses into INBOX.{subaddress}. If you do this, uncomment
the
  # local_part_suffix* lines in the router as well. Make sure you also change
the separator
  # to suit your local setup.
  #command = /usr/lib/dovecot/dovecot-lda -e -k -m
"INBOX|${substr_1:$local_part_suffix}" \
  command = /usr/lib/dovecot/dovecot-lda -e -k \
      -f "$sender_address" -a "$original_local_part@$original_domain"
  environment = USER=$local_part@$domain
  home_directory = /var/mail/home/$domain/$local_part
  umask = 002
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  log_defer_output
  return_fail_output
  freeze_exec_fail
  #temp_errors = *
  temp_errors = 64 : 69 : 70 : 71 : 72 : 73 : 74 : 75 : 78
---%<-------------------------------------------------------------------------

You need to have <home directory> [VirtualUsers.Home.txt] set to have duplicate
database enabled, among other reasons.

(This file was created from the wiki on 2019-06-19 12:42)