Exim4+Dovecot2 and alternative email mailbox

This guide assumes the use of the “alternate email address” in the user settings in FusionDirectory as a alternative real mailbox, access to which can be configured in any mail client.

  1. First, you must install configure FusionDirectory as described in the documentation. Installation on Debian based systems
  2. Second, install and configure DSA plugin, to maintain the security of access to the credentials in LDAP. Installation and configuration DSA plugin
  3. Third, install and configure Alias plugin. Installation and configuration Alias plugin
  4. Third, install and configure the demon Exim4. Exim4 and base mail method
  5. Fourthly, you need to install Dovecot2 and configure according to the documentation. Wiki Dovecot2


Configure Exim4


We need to make some changes in the configuration of the mail server Exim4.
Because, to specify alias email addresses, we will use the Alias plugin. That is, as an alias email address, we will use mailAliasDistribution class.
And for an alternative user's mailbox, we will use the field gosaMailAlternateAddress.

Now open the configuration file exim4.conf and make the following changes.

# Query that returns aliases for the mailing address, if they have
CHECK_VIRTUAL_ALIASES = \
      ${lookup ldap{user="cn=exim4,ou=dsa,dc=ibc,dc=local" pass=1724ibcexim4 \
         ldap:///dc=example,dc=com?mail?sub?(&(objectClass=mailAliasDistribution)(gosaMailAlternateAddress=$local_part@$domain))}{$value}fail}

# Query that tests the existence of the users primary mailbox
CHECK_VIRTUAL_USER = \
      ${lookup ldap{user="cn=exim4,ou=dsa,dc=ibc,dc=local" pass=1724ibcexim4 \
         ldap:///dc=example,dc=com?mail?sub?(&(objectClass=inetOrgPerson)(mail=$local_part@$domain))}{$value}}

# Query that tests the existence of the users alternative email mailbox
CHECK_VIRTUAL_SECOND_USER = \
      ${lookup ldap{user="cn=exim4,ou=dsa,dc=ibc,dc=local" pass=1724ibcexim4 \
         ldap:///dc=example,dc=com?gosaMailAlternateAddress?sub?(&(objectClass=inetOrgPerson)(gosaMailAlternateAddress=$local_part@$domain))}{$value}}
  
#####################################################################
#                      Routers parameters
#####################################################################
#      Sequence of instructions routes is important here.
#     Address is passed in order to routers until some will not work.
#####################################################################
    begin routers
  
    virtual_user:
        driver = accept
        debug_print = "R: Check address using virtual_user for $local_part@$domain"
        transport = dovecot_delivery
        domains = +local_domains
        hide condition = ${if or \
                        { \
                                        {eq{$local_part@$domain}{CHECK_VIRTUAL_USER}}{eq{$local_part@$domain}{CHECK_VIRTUAL_SECOND_USER}} \
                                } \
                        }{yes}{no}
        no_more

Configure Dovecot2


Installing and configuring Dovecot2 occurs according to the official documentation.
Connecting Dovecot2 to an LDAP described in the file dovecot-ldap.conf.ext.
We need to make the following adjustments.

# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
#   uid - System UID
#   gid - System GID
#   home - Home directory
#   mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki2.dovecot.org/UserDatabase/ExtraFields
user_attrs = =user=%Lu

# Filter for user lookup. Some variables can be used (see
# http://wiki2.dovecot.org/Variables for full list):
#   %u - username
#   %n - user part in user@domain, same as %u if there's no domain
#   %d - domain part in user@domain, empty if user there's no domain
user_filter = (&(objectClass=inetOrgPerson)(|(mail=%u)(gosaMailAlternateAddress=%u)))

# Password checking attributes:
#  user: Virtual user name (user@domain), if you wish to change the
#        user-given username to something else
#  password: Password, may optionally start with {type}, eg. {crypt}
# There are also other special fields which can be returned, see
# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
pass_attrs = =user=%Lu,userPassword=password

# Filter for password lookups
pass_filter = (&(objectClass=inetOrgPerson)(|(mail=%u)(gosaMailAlternateAddress=%u)))

# Default password scheme. "{scheme}" before password overrides this.
# List of supported schemes is in: http://wiki2.dovecot.org/Authentication
default_pass_scheme = CRYPT

The fact that the request from the LDAP password must necessarily return values user and userPassword.
Because we do search for a user's mailing address, and, upon receipt of a response from the LDAP, we assign the desired value (name@domain) of the variable user.
Thus using the primary or alternate email address for authentication.

If you have questions or comments to the article, please contact jakal66 at gmail dot com.

en/documentation_howto/alternative_email_addresses.txt · Last modified: 2017/10/31 10:32 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0