dovecot - Jun 2012 - Virtual users - what is better Maildir or mbox?

Hi,

I'm trying to configure a server to use SAMBA and Winbind to
authenticate to Active Directory.... I managed to get this portion up
and running even the Dovecot portion.

For reference something similar to this guide:

http://www.whitneytechnologies.com/?p=119


However PAM is slightly different:


# cat /etc/pam.d/dovecot
auth        sufficient   pam_krb5.so no_user_check validate
account     sufficient   pam_permit.so


This is what my dovecot.conf file looks like:



# cat dovecot.conf
# v1.2+:
auth_use_winbind = yes

auth_winbind_helper_path = /usr/local/bin/ntlm_auth

protocols = imap

# It's nice to have separate log files for Dovecot. You could do this
# by changing syslog configuration also, but this is easier.
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log

# Disable SSL for now.
ssl = no
disable_plaintext_auth = no

# We're using Maildir format
#mail_location = maildir:~/Maildir
mail_location = mbox:/mail:INBOX=/mail/%u


# Authentication configuration:
auth_verbose = yes
auth_debug = yes
auth_username_format = %n
auth_mechanisms = plain ntlm login
userdb {
  driver = static
#  args = uid=501 gid=1001 home=/mail/%u
  args = home=/mail/%u
  driver = static
}

passdb {
  driver = pam
  args = failure_show_msg=yes
}




Now what I would like to know is, which is better for "virtual
hosting" Maildir or mbox?


Basically my requirement is that I would like to separate users via
either individual folders and then put each user's mbox or Maildir in
the created directory, or simply name each mbox or Maildir according
to the user name.


First up is this possible?


Secondly, how would I go about doing it?

My users are not allowed to login to the system outside of IMAP as
it's a Mail only server.


Currently I've been looking at many links:

http://satish-linuxbug.blogspot.co.uk/2008/08/freebsd-with-active-directory-single.html

http://joseph.randomnetworks.com/2005/11/08/freebsd-users-and-groups-with-samba-winbind-and-active-directory/

http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm

http://wiki2.dovecot.org/Authentication/Mechanisms/Winbind

http://wiki2.dovecot.org/TestInstallation

http://wiki2.dovecot.org/VirtualUsers

http://www.linuxmail.info/active-directory-dovecot-pam-authentication/

http://wiki2.dovecot.org/HowTo/SimpleVirtualInstall



I'm running dovecot version 2.1.7 on FreeBSD 8.2 x64 RELEASE.


The system is not being used as an MTA server meaning that only IMAP
transfers are being done using MS Outlook then filtered by
Thunderbird.



Regards,


Kaya

On 06/25/2012 01:20 AM, Kaya Saman wrote:
> Hi,
>
> I'm trying to configure a server to use SAMBA and Winbind to
> authenticate to Active Directory.... I managed to get this portion up
> and running even the Dovecot portion.
>
> For reference something similar to this guide:
>
> http://www.whitneytechnologies.com/?p=119
>
>
> However PAM is slightly different:
>
>
> # cat /etc/pam.d/dovecot
> auth        sufficient   pam_krb5.so no_user_check validate
> account     sufficient   pam_permit.so
>
>
> This is what my dovecot.conf file looks like:
If you are using Samba 4 (possibly recent versions of S3), any reason
you are not doing krb5 and ldap (for account verification, not
authentication) on dovecot instead of through pam? It is a bit harder to
setup, but no text passwords. I still do pam_krb5 for devices that
cannot do kerberos.

I am using Maildir, but my setup is currently largely idle.

Trever
-- 
"Marxist Law of Distribution of Wealth: Shortages will be divided
equally among the peasants." -- Unknown

On 25 Jun 2012, at 08:20, Kaya Saman wrote:
> Now what I would like to know is, which is better for "virtual
> hosting" Maildir or mbox?
I always use Maildir in preference to mbox . . it's just such a lovely
solution, imho :)
(Mind you, I'm on a *nix server, so filesystem behaviour may be a
consideration for non-*nix hosts.)

> Basically my requirement is that I would like to separate users via
> either individual folders and then put each user's mbox or Maildir in
> the created directory, or simply name each mbox or Maildir according
> to the user name.
> 
> First up is this possible?
> 
> Secondly, how would I go about doing it?
In haste, I haven't been able to check your email thoroughly, but I have
used passwd with an extra field appended to each user, to identify the mailbox
location. If you're authenticating against ActiveDirectory, then I guess
that means generating a passwd-file style 'database' from the users in
ActiveDirectory and I have no idea if that's trivial.

Sorry if my rushed thoughts are too sketchy to be of use, but thought I'd
share my experience in case it offers any pointers.

J.

On 06/25/2012 01:20 AM, Kaya Saman wrote:
> Now what I would like to know is, which is better for "virtual
> hosting" Maildir or mbox?
>
>
> Basically my requirement is that I would like to separate users via
> either individual folders and then put each user's mbox or Maildir in
> the created directory, or simply name each mbox or Maildir according
> to the user name.
>
>
> First up is this possible?
>
>
> Secondly, how would I go about doing it?
>
Sorry, I missed this at first. It is quite simple. I don't store it in
passwd or any other place, since you are doing vmail, you might find
this easiest:

in /etc/dovecot/conf.d/10-mail.conf (where mail_location is):

mail_home = /home/vmail/%Ld/%Ln
mail_location = maildir:~/Maildir

in /etc/dovecot/conf.d/10-mail.conf (after paragraph ?# System user and
group used to access mails...?):

mail_uid=vmail
mail_gid=vmail

Obviously, vmail may not be your user for vmail. Also, some of my notes
may no longer be accurate for location, just find where it exists and edit.

I hope this helps. Of course, this is a Maildir setup. mbox is probably
very similar, but I have had too many mbox style mail queues go south
losing all of the mail (or more than one would like), so I do Maildir,
even though it isn't necessarily the best use of disk space.

Trever
-- 
"I do not fear computers. I fear the lack of them." -- Isaac Asimov

On 2012-06-25 3:20 AM, Kaya Saman <kayasaman at gmail.com>
wrote:
> # cat dovecot.conf
> # v1.2+:
> auth_use_winbind = yes
Please always only provide output of doveconf -n, not copy/pastes from 
the config files.

This proves (to yourself and everyone else) that you are using the 
config that dovecot is actually using - it this shows you mistakes like 
typos, certain deprecated/invalid settings, and even if you are editing 
the wrong config file(s).

-- 

Best regards,

Charles