- IMAP/POP3 mailbox access protocols
- STARTTLS enabled by default
- Mail quota
- Sieve filters
- Postfix/dovecot-lda integration
- Multi-domain
- Domain-specific configuration
- Pseudonyms
- SMTP authentication
- Active Directory integration
- SpamAssassin's Bayesian classifier training (
spamtrainers
group) - Spam retention time
Postfix example: :
postfix=service
...
MxRecordStatus=enabled
SystemUserRecipientStatus=disabled
MxRecordStatus {enabled,disabled}
Push smtp, imap, pop, pop3 into /etc/hosts. They masquerade DNS A records in the LAN.SystemUserRecipientStatus {enabled,disabled}
enabled
, accept from any network the recipient addresses formed by user account names and domain partlocalhost
,localhost.<domainname>
and FQDN hostname.
Dovecot example: :
dovecot=service
...
AdminIsMaster=disabled
DeletedToTrash=disabled
FtsLuceneStatus=enabled
ImapStatus=enabled
LmtpInetListenerStatus=disabled
LogActions=disabled
MaxProcesses=400
MaxUserConnectionsPerIp=12
PopStatus=enabled
QuotaDefaultSize=20
QuotaStatus=disabled
SharedMailboxesStatus=enabled
SpamFolder=Junk
SpamRetentionTime=15d
TlsSecurity=required
RestrictedAccessGroup=
Properties:
AdminIsMaster {enabled,disabled}
allow root user to impersonate other usersDeletedToTrash {enabled,disabled}
deletedtotrash pluginFtsLuceneStatus {enabled,disabled}
lucene indexed search pluginImapStatus {enabled,disabled}
IMAP protocol switchLmtpInetListenerStatus {enabled,disabled}
open a TCP socket for LMTP protocolLogActions {enabled,disabled}
IMAP actions logging pluginMaxProcesses N
maximum number of worker processes spawned by dovecot. A single user session usually requires multiple processes.MaxUserConnectionsPerIp N
maximum TCP connections for one user behind the same IPPopStatus {enabled,disabled}
POP3 protocol switchQuotaDefaultSize N
Default user quota size (1 unit is 10MB)QuotaStatus {enabled,disabled}
General user mail quota switchSharedMailboxesStatus {disabled,enabled}
Control the "Shared" IMAP namespace for per-user folder sharingSpamFolder FolderName
Deliver spam tagged messages to the given folder (applied to all users)SpamRetentionTime Nd
Expunge messages in SpamFolder if older than the given time span. "d" is for days.TlsSecurity {optional,required}
controls dovecotdisable_plaintext_auth
parameter: if set torequired
clear-text authentication methods are disabled, whileoptional
enables them.RestrictedAccessGroup
The value is a long group name, likedomain admins@mydomain.tld
. Members of the given group can login to dovecot services only from trusted networks. Install thenethserver-mail-server-ipaccess
package to enable this feature.
Record of type `domain`: :
internal.tld=domain
...
TransportType=none
mycompany.com=domain
...
TransportType=Relay
RelayHost=10.1.1.4
RelayPort=25
DisclaimerStatus=disabled
test.tld=domain
...
TransportType=SmtpSink
example.com=domain
...
TransportType=LocalDelivery
UnknownRecipientsActionType=deliver
UnknownRecipientsActionDeliverMailbox=jdoe
AlwaysBccStatus=enabled
AlwaysBccAddress=admin``there.org
other.net=domain
...
TransportType=Relay
RelayHost=mail.other.net
RelayPort=25
Groups: :
employees=group
...
MailStatus=enabled
MailDeliveryType=shared
administrators=group
...
MailStatus=enabled
MailDeliveryType=copy
faxservice=group
...
MailStatus=disabled
MailDeliveryType={any}
User: :
jdoe=user
FirstName=John
LastName=Doe
...
MailStatus=enabled
MailQuotaType=custom
MailQuotaCustom=15
MailForwardStatus=disabled
MailForwardAddress=
MailForwardKeepMessageCopy=no
and his pseudonyms: ::
john.doe``example.com=pseudonym
Account=jdoe
ControlledBy=system
Access=public
doe``=pseudonym
Account=jdoe
ControlledBy=operators
Access=private
The default mail quota is configured in dovecot.conf
. Custom user mail quota is set by the dovecot-postlogin
script, by reading /etc/dovecot/user-quota
(which is a template). If a custom mail quota is set the UI interface does not show the updated value until the user performs an IMAP login.
By default all system users are also Dovecot users. To disable a user we configure a blacklist in dovecot.conf
: /etc/dovecot/deny.passwd
.
As Dovecot is configured as authentication backend for Postfix, a disabled user loses also SMTP AUTH access.
Read admin's mail with Mutt IMAP client. Quickstart: :
yum install mutt
cat - <<EOF > ~/.muttrc
set spoolfile="imaps://root@localhost/"
set folder=""
EOF
mutt
See: http://dev.mutt.org/doc/manual.html
When mutt starts always asks for the root
password. To avoid typing the password again and again write it in .muttrc
: :
set spoolfile="imaps://root:PASSWORD@localhost/"
set folder=""
PASSWORD
must be URL-encoded. For instance the slash character /
is encoded as %2f
.
The nethserver-mail-shrmbx-modify
action applies some predefined ACL settings to shared mailboxes (type the mailbox name twice: the action performs also rename): :
/etc/e-smith/events/actions/nethserver-mail-shrmbx-modify EVENT OLDNAME NEWNAME ID PERM [ID PERM ...]
For instance, let's grant full "admin" permissions to group "administrators": :
/etc/e-smith/events/actions/nethserver-mail-shrmbx-modify ev 'Public folder1' 'Public Folder One' group=administrators@$(hostname -d) ADMIN
You can also use doveadm
to set special ACL on a shared mailbox: :
doveadm acl set -u <user> <shared_mailbox> <subject> <flags>
Example: allow insert and expunge to user goofy on public mailbox testshare (domain of the machine is local.nethserver.org): :
doveadm acl set -u goofy@local.nethserver.org Public/testshare "user=goofy@local.nethserver.org" insert expunge
The dovecot-postlogin
script enforces an IP-based access policy to dovecot services when the file /etc/dovecot/ipaccess.conf
exists and is readable.
The file is composed by comments and records. Comments are line starting with #
, whilst records have the following syntax: :
<long group name> = <cidr list>
A long group name is the group name with domain suffix, like domain admins@mydomain.tld
.
The cidr list is a comma-separated list of IP and network addresses in CIDR format, like 127.0.0.1, 192.168.1.0/24, 10.1.1.2
. The binary conversion is implemented by the NetAddr::IP
Perl module. See perldoc NetAddr::IP
for details.
This feature allows to restrict IMAP access for a specific group. Members of the given group have IMAP access restricted to trusted networks.
Install
nethserver-mail-server-ipaccess
package :yum install nethserver-mail-server-ipaccess
Set the limited group, remember to use the full group name:
<group>@<domain>
:config setprop dovecot RestrictedAccessGroup <group>@<domain>
Example for group
collaborators@nethserver.org
: :config setprop dovecot RestrictedAccessGroup collaborators@nethserver.org
Apply the configuration :
signal-event nethserver-mail-server-save