This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.

Dovecot LDA with Sendmail

The following describes how to configure Sendmail to use deliver where root permission is not granted and Dovecot runs under a single user ID. It may need some adjustment for more typical setups. Other assumptions are that Sendmail is configured for virtual hosting and that local-system mail delivery is not handled by deliver.

Allowing that sendmail.mc has MAILER(procmail)dnl included, edit sendmail.cf adding these lines after the Mprocmail definition:

######################*****##############
###   DOVECOT Mailer specification                              ###
##################*****##################
Mdovecot,   P=/usr/local/libexec/dovecot/deliver, F=DFMPhnu9,
                 S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
                 T=DNS/RFC822/X-Unix,
                 A=/usr/local/libexec/dovecot/deliver -d $u

If you're using sendmail.mc then put the lines above into a new file /usr/share/sendmail/cf/mailer/dovecot.m4 and put MAILER(dovecot) into your sendmail.mc

===================================

Another method of doing the above is by editing your hostname.mc with the following three lines:

FEATURE(`local_procmail', `/usr/local/libexec/dovecot/deliver',`/usr/local/libexec/dovecot/deliver -d $u')
MODIFY_MAILER_FLAGS(`LOCAL', `-f')
MAILER(procmail)

After editing hostname.mc with the above, be sure to remake your hostname.cf file. This is confirmed to work with:

===================================

For non-root setups apply SUID and SGID permissions to deliver:

FIXME: Why is this needed here? This is almost as bad as making deliver setuid-root. And why dovecot user?.. I don't recommend anyone doing those changes below.

###chown dovecot:dovecot /usr/local/libexec/dovecot/deliver
###chmod ug+s /usr/local/libexec/dovecot/deliver

If sendmail runs under a different non-root UID via

in sendmail.mc, then the env_put(t_strconcat("RESTRICT_ lines in deliver.c must be commented-out.

Now add a

virtualdomain.example.com dovecot:dovecot

line for each virtual domain to mailertable.cf and run makemap hash mailertable.db < mailertable.cf. The dovecot (or some other random text) after the colon character is required, else sendmail will fail to pass command arguments to deliver correctly. Make sure all the virtual domains are in the virtuserdomains file.

Be aware that sendmail logs stat=unknown mailer error 89 if deliver returns any unusual error. This message is misleading and looks as though sendmail were failing to find the deliver executable. It actually means that the error is unknown. As of v1.0.rc27 this should never happen.


===========================================

(Fedora 14: dovecot 2.0.8 & sendmail 8.14.4)

Summing up all previous experience, one may keep all virtual user accounts under one system account.

The sendmail's "U=" mailer option with changing the owner of lda (to "keeper" here for instance):

-rwxr-xr-x. 1 keeper mail 14536 Dec  7 16:43 /usr/libexec/dovecot/dovecot-lda

allows to run virtual users under one system account without applying SUID.

Sendmail can pass a user account to LDA with or without the domain. Passing a user name without the domain can be achieved with S=/R= rewriting rules of the local mailer. Finally, into cf/mailer/dovecot.m4 goes the block of lines:

Mdovecot,      P=/usr/libexec/dovecot/dovecot-lda,
               F=l59DFMPhnu,
               S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
               M=51200000,
               U=keeper:mail,
               T=DNS/RFC822/X-Unix,
               A=/usr/libexec/dovecot/dovecot-lda -d $u

dovecot.m4 can be a bit more complex.

None: LDA/Sendmail (last edited 2010-12-17 18:34:46 by pppoe)