Configuring DBMail
dbmail.conf is the DBMail configuration file for all services. It follows a typical key=value INI file format where there are sections and comments.
Core configuration and defaults are in the [DBMAIL] section, other sections add and override entries for a section.
As a minimum you need to specify the database and auth driver, you will probably want to use tls security.
Database
DBMail is database agnostic so both popular databases PostgreSQL and MySQL are supported. Thanks to libzdb Oracle is also supported.
The format is as follows:
database://[user:password@][host][:port]/database[?name=value][&name=value]...
You probably want one of the following:
dburi = mysql://user:password@db.example.com:3306/dbmail
dburi = postgresql://user:password@db.example.com:5432/dbmail
Authentication
All mail is associated with a user in dbmail_users and that table can also be used for authentication.
LDAP offers single sign on, to authenticate your users against your ldap server set the following:
authdriver = ldap
Then update the settings in the [LDAP] section.
DBMail uses your user's email address to lookup the user, if you're using authdriver = sql then use dbmail-users to manage aliases or if you're using ldap then DBMail uses the user's mail attribute (configurable.)
Network
The default is to open a connection on all available interfaces. There are differences between Linux and the BSDs so for clarity you may prefer to specify your network address.
#bindip = 0.0.0.0 # IPv4 only - all IP's
#bindip = :: # IPv4 and IPv6 - all IP's (linux)
#bindip = :: # IPv6 only - all IP's (BSD)
#bindip = 0.0.0.0,:: # IPv4 and IPv6 - all IP's (BSD)
TLS Transport Layer Security
DBMail uses TLS certificates so clients can securely connect their email client to your IMAP server.
There's useful documentation on the Let's Encrypt website https://letsencrypt.org/docs/
You need to let DBMail know where to find your certificate files and optionally what ciphers to use.
The three core settings are for the certificate authorities, your certificate and your key file.
A file containing a list of CAs in PEM format
tls_cafile = /etc/ssl/cert.pem
A file containing your PEM format certificate
tls_cert = /usr/local/etc/letsencrypt/live/example.com/fullchain.pem
A file containing your PEM format ECDSA or RSA key
tls_key = /usr/local/etc/letsencrypt/live/example.com/privkey.pem
If you wish to limit the ciphers DBMail can use, set tls_ciphers, leave it empty for the openssl defaults.
tls_ciphers =
Capabilities
DBMail can be configured to offer various ways to connect and authenticate and when a client connects the server sends a list of capabilities that the client can use - these are the mechanisms that the client and server use to talk to each other.
Clients connect via port 143 then use STARTTLS to ensure a secure connection before authenticating to access their mailbox.
DBMail currently supports LOGIN for authentication. For backwards compatibility DBMail also supports CRAM-MD5 though as this requires passwords to be stored unencrypted this is strongly discouraged.
The following settings may be helpful when providing information to your clients on how to connect to your server.
DBMail configuration
[IMAP] port = 143 # Leave tls_port commented out as SSL/TLS is not required
Client connection settings
Let your clients have the following information, substituting your domain for the Server Name and their login id for the userid.
Server type: IMAP Mail Server
Server Name: example.com
User name: userid
Connection security: STARTTLS
Authentication method: Normal password
Sending emails
DBMail can forward emails and users can use SIEVE scripts to send replies.
Set smtp_host to your SMTP provider, for example:
smtp_host = smtp://smtp.example.com:587
smtp_user = username
smtp_password = secret