Wissen

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Sie befinden sich hier: Start » dovecot-system-user
Zuletzt angesehen: wireless_lan_wlan mysql_-_load_data_infile animationssoftware flatpak mysql-dump security_key winget beispiel-programme_in_go
dovecot-system-user

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

dovecot-system-user [2016-04-12 22:49:59] – Externe Bearbeitung 127.0.0.1dovecot-system-user [2021-06-08 18:44:34] (aktuell) manfred
Zeile 1: Zeile 1:
 +====== Dovecot System User ======
 +
 +System users are typically defined in '/etc/passwd' file, but this isn't necessary. Using NSS [[http://en.wikipedia.org/wiki/Name_Service_Switch]] you can configure the lookups to be done from for example LDAP. See "passwd" (AuthDatabase.Passwd.txt) userdb configuration for how to set this up. Especially if you're using nss_ldap you must set "blocking=yes".
 +
 +System users usually have their own separate user IDs (UIDs). This is good from security point of view, because it means that the kernel will also prevent users from accessing each others' mails.
 +
 +If the users have direct write access the mail files (eg. the users have shell access), they can easily cause all sorts of mailbox corruptions. That may generate all kinds of error messages to Dovecot's error logs, so it may be
 +sometimes difficult to tell if there really is a problem or if user is just doing something stupid.
 +
 +If users are going to access the mailboxes with other software than Dovecot, it's important to make sure that their mailbox accesses are compatible. This mostly means that with mboxes you must make sure that everyone uses the "same locking methods in the same order" (MailboxFormat.mbox.txt).
 +
 +==== Authentifikation ====
 +
 +Admins often wish to use different passwords for IMAP and POP3 than for other
 +services (eg. SSH), because IMAP and POP3 clients often send the password
 +unencrypted over the internet without even bothering to give users any
 +warnings. Dovecot can easily support non-system passwords for system users.
 +
 +If you wish to use system passwords, you'll want to use one of these passdbs:
 +
 +  * //PAM// [PasswordDatabase.PAM.txt]: Most commonly used in Linux and BSDs nowadays.
 +  * //BSDAuth// [PasswordDatabase.BSDAuth.txt]: BSD authentication is used by OpenBSD.
 +  * //Passwd// [AuthDatabase.Passwd.txt]: System users (NSS, "/etc/passwd", or similiar). This may work instead of PAM (mostly in some BSDs).
 +  * //Shadow// [PasswordDatabase.Shadow.txt]: Shadow passwords for system users (NSS,"/etc/shadow" or similiar). Deprecated by PAM nowadays, but it should work with Linux and Solaris.
 +
 +If you wish to use non-system passwords, you can use pretty much any of the
 +Dovecot's "password databases" (PasswordDatabase.txt), but for simple
 +installations you'll probably want to use "passwd-file" (AuthDatabase.PasswdFile.txt).
 +
 +"User database" (UserDatabase.txt) for system users is always "passwd" (AuthDatabase.Passwd.txt).
 +
 +==== Mail Location ====
 +
 +Usually UNIX systems are configured by default to deliver mails to
 +"/var/mail/username" or "/var/spool/mail/username" mboxes. You may decide to
 +use these, or use "maildir" (MailboxFormat.Maildir.txt) format instead.
 +
 +Dovecot detects the mailbox format and location automatically if "mail_location" setting isn't set, but it's still a good idea to explicitly tell Dovecot where to find the mails. This makes it sure that Dovecot behaves correctly also when the user's mailbox doesn't exist at the moment (eg. a new user). If Dovecot can't figure out where the existing mails are, it simply gives an error message and quits. It never tries to create a missing mailbox when autodetection is used.
 +
 +See (MailLocation.txt) for more information how to configure the mailbox location. Below are the highlights for mbox and maildir.
 +
 +==== mbox ====
 +
 +The "/var/mail/username" mbox is called user's INBOX. IMAP protocol supports
 +multiple mailboxes however, so Dovecot needs some directory where to store the
 +other mailboxes. Typically they're stored in "~/mail/" or "~/Mail/" directory.
 +All of these locations are included in mailbox location autodetection. You can
 +specify them manually with:
 +
 +  mail_location = mbox:~/mail:INBOX=/var/mail/%u
 +
 +Remember that the first path after 'mbox:' is the mailbox root directory, never
 +try to give 'mbox:/var/mail/%u' because that just isn't going to work (unless
 +you really want to store mails under '/var/mail/%u/' directory).
 +
 +If you're also using other software than Dovecot to access mboxes, you should
 +try to figure out what locking methods exactly they're using and update
 +"mbox_read_locks" and "mbox_write_locks" settings accordingly. See locking
 +section in "mbox" (MailboxFormat.mbox.txt) for more information.
 +
 +==== Maildir ====
 +
 +Maildir is typically stored in "~/Maildir" directory. You can specify this
 +manually with:
 +
 +  mail_location = maildir:~/Maildir