Dovecot LDA with Sendmail
=========================
The following describes how to configure Sendmail to use 'dovecot-lda' where
'root' permission is not granted and Dovecot runs under a single user ID. It
may need some adjustment for more typical setups. Other assumptions are that
Sendmail is configured for virtual hosting and that local-system mail delivery
is not handled by 'dovecot-lda'.
Allowing that 'sendmail.mc' has 'MAILER(procmail)dnl' included, edit
'sendmail.cf' adding these lines after the 'Mprocmail' definition:
---%<-------------------------------------------------------------------------
######################*****##############
### DOVECOT Mailer specification ###
##################*****##################
Mdovecot, P=/usr/local/libexec/dovecot/dovecot-lda, F=DFMPhnu9,
S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
T=DNS/RFC822/X-Unix,
A=/usr/local/libexec/dovecot/dovecot-lda -d $u
---%<-------------------------------------------------------------------------
If you're using 'sendmail.mc' then put the lines above into a new file
'/usr/share/sendmail-cf/mailer/dovecot.m4' and put 'MAILER(dovecot)' into your
'sendmail.mc'
===================================
Another method of doing the above is by editing your 'hostname.mc' with the
following three lines:
---%<-------------------------------------------------------------------------
FEATURE(`local_procmail',
`/usr/local/libexec/dovecot/dovecot-lda',`/usr/local/libexec/dovecot/dovecot-lda
-d $u')
MODIFY_MAILER_FLAGS(`LOCAL', `-f')
MAILER(procmail)
---%<-------------------------------------------------------------------------
After editing 'hostname.mc' with the above, be sure to remake your
'hostname.cf' file. This is confirmed to work with:
* dovecot-1.0.7
* FreeBSD 6.3-RELEASE-p3 i386
* sendmail Version 8.14.2
* Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF
STARTTLS TCPWRAPPERS USERDB XDEBUG
===================================
If 'sendmail' runs under a different non-'root' UID via
* 'define(`confRUN_AS_USER', `sendmail')dnl'
in 'sendmail.mc', then the /env_put(t_strconcat("RESTRICT_/ lines in
'deliver.c' must be commented-out.
Now add a
---%<-------------------------------------------------------------------------
virtualdomain.example.com vmail:vmail
---%<-------------------------------------------------------------------------
line for each virtual domain to 'mailertable.cf' and run 'makemap hash
mailertable.db < mailertable.cf'. The 'dovecot' (or some other random text)
after the colon character is required, else 'sendmail' will fail to pass
command arguments to 'dovecot-lda' correctly. Make sure all the virtual
domains are in the 'virtuserdomains' file.
===========================================
(Fedora 14: dovecot 2.0.8 & sendmail 8.14.4)
Summing up all previous experience, one may keep all virtual user accounts
under one system account.
The sendmail's "U=" mailer option with changing the owner of lda (to "keeper"
here for instance):
---%<-------------------------------------------------------------------------
-rwxr-xr-x. 1 keeper mail 14536 Dec 7 16:43 /usr/libexec/dovecot/dovecot-lda
---%<-------------------------------------------------------------------------
allows to run virtual users under one system account without applying SUID.
Sendmail can pass a user account to LDA with or without the domain. Passing a
user name without the domain can be achievedwith S=/R= rewriting rules of the
local mailer. Finally, into '/usr/share/sendmail-cf/mailer/dovecot.m4' goes the
block of lines:
---%<-------------------------------------------------------------------------
Mdovecot, P=/usr/libexec/dovecot/dovecot-lda,
F=l59DFMPhnu,
S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
M=51200000,
U=keeper:mail,
T=DNS/RFC822/X-Unix,
A=/usr/libexec/dovecot/dovecot-lda -d $u
---%<-------------------------------------------------------------------------
dovecot.m4 [http://sites.google.com/site/mclroy/dovecot/dovecot-m4] can be a
bit more complex.
(This file was created from the wiki on 2017-05-11 04:42)
