dovecot-sql.conf.ext

1. # This file is commonly accessed via passdb {} or userdb {} section in
2. # conf.d/auth-sql.conf.ext
3.  
4. # This file is opened as root, so it should be owned by root and mode 0600.
5. #
6. # http://wiki2.dovecot.org/AuthDatabase/SQL
7. #
8. # For the sql passdb module, you'll need a database with a table that
9. # contains fields for at least the username and password. If you want to
10. # use the user@domain syntax, you might want to have a separate domain
11. # field as well.
12. #
13. # If your users all have the same uig/gid, and have predictable home
14. # directories, you can use the static userdb module to generate the home
15. # dir based on the username and domain. In this case, you won't need fields
16. # for home, uid, or gid in the database.
17. #
18. # If you prefer to use the sql userdb module, you'll want to add fields
19. # for home, uid, and gid. Here is an example table:
20. #
21. # CREATE TABLE users (
22. # username VARCHAR(128) NOT NULL,
23. # domain VARCHAR(128) NOT NULL,
24. # password VARCHAR(64) NOT NULL,
25. # home VARCHAR(255) NOT NULL,
26. # uid INTEGER NOT NULL,
27. # gid INTEGER NOT NULL,
28. # active CHAR(1) DEFAULT 'Y' NOT NULL
29. # );
30.  
31. # Database driver: mysql, pgsql, sqlite
32. driver = mysql
33.  
34. # Database connection string. This is driver-specific setting.
35. #
36. # HA / round-robin load-balancing is supported by giving multiple host
37. # settings, like: host=sql1.host.org host=sql2.host.org
38. #
39. # pgsql:
40. # For available options, see the PostgreSQL documentation for the
41. # PQconnectdb function of libpq.
42. # Use maxconns=n (default 5) to change how many connections Dovecot can
43. # create to pgsql.
44. #
45. # mysql:
46. # Basic options emulate PostgreSQL option names:
47. # host, port, user, password, dbname
48. #
49. # But also adds some new settings:
50. # client_flags - See MySQL manual
51. # connect_timeout - Connect timeout in seconds (default: 5)
52. # read_timeout - Read timeout in seconds (default: 30)
53. # write_timeout - Write timeout in seconds (default: 30)
54. # ssl_ca, ssl_ca_path - Set either one or both to enable SSL
55. # ssl_cert, ssl_key - For sending client-side certificates to server
56. # ssl_cipher - Set minimum allowed cipher security (default: HIGH)
57. # ssl_verify_server_cert - Verify that the name in the server SSL certificate
58. # matches the host (default: no)
59. # option_file - Read options from the given file instead of
60. # the default my.cnf location
61. # option_group - Read options from the given group (default: client)
62. #
63. # You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
64. # Note that currently you can't use spaces in parameters.
65. #
66. # sqlite:
67. # The path to the database file.
68. #
69. # Examples:
70. # connect = host=192.168.1.1 dbname=users
71. # connect = host=sql.example.com dbname=virtual user=virtual password=blarg
72. # connect = /etc/dovecot/authdb.sqlite
73. #
74. #connect =
75. connect = host=localhost dbname=vpopmail user=vpopmail password=Passwd
76.  
77. # Default password scheme.
78. #
79. # List of supported schemes is in
80. # http://wiki2.dovecot.org/Authentication/PasswordSchemes
81. #
82. default_pass_scheme = MD5-CRYPT
83.  
84. # passdb query to retrieve the password. It can return fields:
85. # password - The user's password. This field must be returned.
86. # user - user@domain from the database. Needed with case-insensitive lookups.
87. # username and domain - An alternative way to represent the "user" field.
88. #
89. # The "user" field is often necessary with case-insensitive lookups to avoid
90. # e.g. "name" and "nAme" logins creating two different mail directories. If
91. # your user and domain names are in separate fields, you can return "username"
92. # and "domain" fields instead of "user".
93. #
94. # The query can also return other fields which have a special meaning, see
95. # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
96. #
97. # Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
98. # for full list):
99. # %u = entire user@domain
100. # %n = user part of user@domain
101. # %d = domain part of user@domain
102. #
103. # Note that these can be used only as input to SQL query. If the query outputs
104. # any of these substitutions, they're not touched. Otherwise it would be
105. # difficult to have eg. usernames containing '%' characters.
106. #
107. # Example:
108. # password_query = SELECT userid AS user, pw AS password \
109. # FROM users WHERE userid = '%u' AND active = 'Y'
110. #
111. #password_query = \
112. # SELECT username, domain, password \
113. # FROM users WHERE username = '%n' AND domain = '%d'
114. password_query = SELECT CONCAT(pw_name, '@', '%d') AS user, \
115. pw_passwd AS password, \
116. pw_dir as userdb_home, \
117. 89 AS userdb_uid, \
118. 89 AS userdb_gid \
119. FROM `vpopmail` \
120. WHERE pw_name = '%n' AND pw_domain = '%d'
121.  
122. # userdb query to retrieve the user information. It can return fields:
123. # uid - System UID (overrides mail_uid setting)
124. # gid - System GID (overrides mail_gid setting)
125. # home - Home directory
126. # mail - Mail location (overrides mail_location setting)
127. #
128. # None of these are strictly required. If you use a single UID and GID, and
129. # home or mail directory fits to a template string, you could use userdb static
130. # instead. For a list of all fields that can be returned, see
131. # http://wiki2.dovecot.org/UserDatabase/ExtraFields
132. #
133. # Examples:
134. # user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
135. # user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
136. # user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
137. #
138. #user_query = \
139. # SELECT home, uid, gid \
140. # FROM users WHERE username = '%n' AND domain = '%d'
141. # (Thanks to Arturo Blanco for his hints concerning vpopmail limits)
142. # (Thanks to Alexandre Fonceca for quota_rule addition)
143.  
144. user_query = \
145. SELECT pw_dir AS home, \
146. 89 AS uid, \
147. 89 AS gid, \
148. CONCAT('*:bytes=', REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule \
149. FROM vpopmail \
150. WHERE pw_name = '%n' AND pw_domain = '%d' \
151. AND ('%a'!='995' or !(pw_gid & 2)) \
152. AND ('%r'!='82.95.194.45' or !(pw_gid & 4)) \
153. AND ('%r'='82.95.194.45' or '%a'!='993' or !(pw_gid & 8))
154.  
155. # CONCAT('*:bytes=', REPLACE(TRIM(TRAILING 'S' FROM pw_shell), 'NOQUOTA', '0')) AS quota_rule \
156.  
157. # If you wish to avoid two SQL lookups (passdb + userdb), you can use
158. # userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
159. # also have to return userdb fields in password_query prefixed with "userdb_"
160. # string. For example:
161. #password_query = \
162. # SELECT userid AS user, password, \
163. # home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
164. # FROM users WHERE userid = '%u'
165.  
166. # [WEBMAIL-IP] is the IP of your webmail web server.
167. # I'm assuming that the imap connection is only on port 993 and the pop3 connection is on port 955.
168. # Adjust to your needs
169. #
170. # logically this means:
171. # SELECT user
172. # WHEN POP is not disabled for that user connecting on port 995 (995 is the pop3s port allowed from remote in my configuration)
173. # AND WHEN webmail access is not disabled for that user when connecting from [WEBMAIL-IP]
174. # AND WHEN IMAP is not disabled for that user connecting on port 993 (993 is the imap port allowed from remote
175. # in my configuration) unless his remote ip the one belonging to the webmail.
176.  
177. # Query to get a list of all usernames.
178. #iterate_query = SELECT username AS user FROM users
179. iterate_query = SELECT CONCAT(pw_name,'@',pw_domain) AS username FROM `vpopmail`
180.  
181.