Dovecot administration without headaches?

Question

I've run Dovecot+Postfix mail servers in medium-to-large corporate environments, where email addresses are mostly generated via LDAP accounts, or passed down through some HR system or other. I also run that combination (Dovecot+Postfix) with a MariaDB back end on my personal server, which is home to a bunch of projects, a family member's small business, and so on.

I am not looking for help with how to install Dovecot and Postfix themselves. What I'd like to know is what tool or tools others use on small installations (command-line only, please) for managing domains, mailboxes, aliases, and so on in my Postfix+Dovecot install.

I had a web-based management panel in the past, but am tired of trying to pile eggshell security around something so badly put together. Nor do I want to hand query the DB to make changes.

I'm also not concerned with migration overhead...the number of domains, mailboxes, and aliases on this server that will need to go to its replacement are within the range that I could bribe my teenager to enter by hand if needed. ;)

Have you ever tried PostfixAdmin? With the proper setup, it's a pretty neat tool to manage the email accounts. — Julie Pelletier, Jun 07 '16 at 05:10
I'm really trying to avoid yet another web frontend for my mailserver. There's no reason I can't hit the command line to do that kind of administration, and it saves me an attack surface. — HedgeMage, Jun 07 '16 at 22:36
Why do you need to make it visible to the outside world? Just put a restriction based on your IP or something. You want something simple but the hard way is too hard, then you should accept solutions that exist and simply restrict them. — Julie Pelletier, Jun 08 '16 at 03:44
@JuliePelletier Not an acceptable level of security for my use case. — HedgeMage, Jun 09 '16 at 04:48
You either go with existing solutions which apparently are not secure enough for you or design your own, which will hopefully be safer. Custom requirements imply custom development. — Julie Pelletier, Jun 09 '16 at 05:22
Note that avoiding a web interface is probably your biggest limitation. As you may know, there are solutions to only run it on localhost through a shell with text mode browsers. — Julie Pelletier, Jun 09 '16 at 05:25

score 3 · Answer 1 · answered Jun 08 '16 at 03:43

3

I've created a set of simple bash scripts for managing multiple domains, accounts, users, aliases, but it's still not ready for publishing on GitHub. I'm and was using it with success for the last 3-4 years. I have all my dovecot/postfix configs file-based, no database. I see I'm not the only one in need for a simple and working command-line solution?

answered Jun 08 '16 at 03:43

Thomas Szteliga

191
1
5

You're definitely not the only one. Everyone else I've asked has said they wish they had such a thing. Unfortunately, since I'm using a DB back-end for multiple domains/users without system accounts, your scripts won't work for me. :/ – HedgeMage Jun 09 '16 at 04:38
@HedgeMage My scripts are designed for pure virtual accounts - no system users. I'm not using a DB-backend because everybody has its own and it would be problematic to handle/configure all DB-structures and the format of text files used by Postfix/Dovecot is kinda unified and well documented. But it would be possible to read data from your DB and create Postfix/Dovecot configs based on this data in an automated way. Publishing my scripts on GitHub is on my TODO list 8-) – Thomas Szteliga Jun 16 '16 at 07:18
Thanks, @thomas-szteliga ...if you ever get around to posting, let me know. – HedgeMage Jun 16 '16 at 12:23

score 3 · Accepted Answer · answered Jun 10 '16 at 13:24

I have a similar small scale setup, with MySQL providing the virtual_domains and virtual_aliases to postfix and dovecot. I wrote my own web interface to manage them (primarily so I could hand it off to someone else to maintain).

Given that you're not interested in a web interface, or direct SQL the only other alternative I can think of would be shell scripts.

Essentially you'd have to write your SQL into a (bash) script to do certain jobs. Then you can then call the appropriate scripts to add, update or remove aliases/domains/users.

Something along the lines of this:

#!/bin/bash
## updatepassword.sh <email@address> <password>

## Update the password for an email account
mysql -u root -p forge -e "UPDATE users SET password = '$2' WHERE email= '$1'";

## Tell me if it's worked or not!
if [ $? -eq 0 ]
then
    echo "$1 updated"
else
    echo "Couldn't update password for $1"
fi

updatepassword.sh name@example.com newpass

Keep in mind this example is very basic and you'd need to encrypt the password using whatever mechanism you were using. You could easily expand upon it if you wanted to to add data validation for inevitable typos and sanity checks for deleting aliases/users/domains.

I'll admit, I'm interested in what other people come up with.

This is roughly what I've ended up doing, rolling my own. I really didn't have time, but there just didn't seem to be anything out there. — HedgeMage, Jun 16 '16 at 12:23

score 0 · Answer 3 · answered Jun 07 '16 at 06:41

On a similar setup I tried to keep things as simple as possible. I use the Mail Admin (0.4.1) web interface to administer the accounts themselves. As for editing any configuration file I use the good old MC. I also hate making database changes for e-mail forwarding, away messages and such...so I manage those from web interface as well (RCube Webmail).

So basically, all file management goes the MC and account administration to web interfaces. Hope that helped.

Dovecot administration without headaches?

3 Answers3