SETTING UP DOVECOT

INSTALL

INSTAll DOVECOT

SETUP (MBOX FORMAT)

this is an example for Mbox mail format and we are assuming you’ve created mail user as a local unix account with no specific GID. we are living without the mail group here. the mail folder is /home/%u/mail/ for happy shell and Alpine users

ls -lhF /etc/ssl/dh.pem # noexist
openssl dhparam -rand /dev/urandom 2048 > /etc/ssl/dh.pem
chmod 400 /etc/ssl/dh.pem

ls -lhF /usr/local/share/doc/dovecot/example-config/
ls -lhF /usr/local/etc/dovecot/
vi /usr/local/etc/dovecot/dovecot.conf

protocols = imap
disable_plaintext_auth = yes
auth_mechanisms = plain
userdb {
    driver = passwd
}
passdb {
    #slackware-current
    driver = pam
    #BSD
    #driver = passwd
}
first_valid_uid = 1000
#last_valid_uid =
mail_location = mbox:/home/%u/mail:INBOX=/var/spool/mail/%u
mbox_very_dirty_syncs = yes

ssl = required
verbose_ssl = no
ssl_dh = </etc/ssl/dh.pem
ssl_cert = </etc/ssl/slackmx.nethence.com.crt
ssl_key = </etc/ssl/slackmx.nethence.com.key
#ssl_cert = </usr/pkg/etc/letsencrypt/live/xc.nethence.com/fullchain.pem
#ssl_key = </usr/pkg/etc/letsencrypt/live/xc.nethence.com/privkey.pem
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags

service imap-login {
    inet_listener imap {
        port = 0
    }
    inet_listener imaps {
        port = 993
        ssl = yes
    }
}

#idling server here
service imap {
    process_limit = 10
}

and if you wanna add POP3

protocols = imap pop3

service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

service pop3 {
  process_limit = 3
}

SASL socket

add the login method and an authentication socket

vi /usr/local/etc/dovecot/dovecot.conf

auth_mechanisms = plain login

service auth {
    unix_listener /var/spool/postfix/private/auth {
        mode = 0660
        user = postfix
        group = wheel
    }
}

start Dovecot and check

/usr/local/sbin/dovecot
ls -lhF /var/spool/postfix/private/auth

you can now enable SASL on your MTA of choice

OPERATIONS

that does not help to validate the config, but prints it

doveconf -Pn

enable

vi /etc/rc.local

echo -n starting dovecot...
rm -f /usr/local/var/run/dovecot/master.pid
/usr/local/sbin/dovecot && echo done

status

ps auxfww | grep dovecot | grep -v grep
netstat -lntup | grep dove
#netstat -an -f inet,inet6 | grep LISTEN

reload

/usr/local/sbin/dovecot reload

stop

/usr/local/sbin/dovecot stop

ACCEPTANCE

openssl s_client -showcerts -servername slackmx.nethence.com -connect slackmx.nethence.com:993

ADDITIONAL

namespaces?

#namespace inbox {
#   inbox = yes
#}

Namespaces https://doc.dovecot.org/configuration_manual/namespace/

no mail group

#mail_privileged_group = mail

password scheme

default_pass_scheme = MD5

restrict by ip

allow_nets restriction not fully tested

vi /usr/local/etc/cram-md5.pwd

USER:PASSFIELD::::::allow_nets=x.x.x.x/32,x.x.x.x/32

tuning

define a range for mail users e.g.

first_valid_uid = 5000
last_valid_uid = 5999

TROUBLES

when trying to connect tru IMAP or SMTP

Error: Failed to initialize SSL server context: Couldn't parse DH parameters

==> Dovecot 2.3 requires to setup DH params: https://wiki.dovecot.org/SSL/DovecotConfiguration

RESOURCES

Dovecot Logging https://wiki.dovecot.org/Logging

Dovecot SSL configuration https://wiki.dovecot.org/SSL/DovecotConfiguration

Dovecot-2.3.6 http://linuxfromscratch.org/blfs/view/cvs/server/dovecot.html

auth

Passwd-file https://doc.dovecot.org/configuration_manual/authentication/passwd_file/

Password databases (passdb) https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/

Password Schemes https://doc.dovecot.org/configuration_manual/authentication/password_schemes/

the mail group issue

Mbox https://doc.dovecot.org/configuration_manual/quick_configuration/#mbox

Operation Not Permitted https://wiki2.dovecot.org/Errors/ChgrpNoPerm

[Dovecot-news] Security issue #5: mail_extra_groups setting is often used insecurely https://dovecot.org/list/dovecot-news/2008-March/000060.html

dovecot can’t compact mail folder /var/mail/username https://askubuntu.com/questions/118416/dovecot-cant-compact-mail-folder-var-mail-username

misc

Dovecot configuration file https://dovecot.org/doc/dovecot-example.conf

[Dovecot] Disable unsecure POP3 at all (Dovecot 2.1) https://dovecot.org/list/dovecot/2013-October/093191.html

Howto: Linux Dovecot Secure IMAPS / POP3S SSL Server configuration https://www.cyberciti.biz/faq/unix-dovecot-ssl-tls-server-configuration/

Security tuning https://wiki.dovecot.org/SecurityTuning

user mgmt

Authentication Mechanisms https://wiki2.dovecot.org/Authentication/Mechanisms

System users used by Dovecot https://wiki.dovecot.org/UserIds

Master users/passwords https://wiki.dovecot.org/Authentication/MasterUsers

HowToCRAM-MD5 https://wiki.dovecot.org/HowTo/CRAM-MD5

Operation Not Permitted https://wiki2.dovecot.org/Errors/ChgrpNoPerm

restrict by ip

https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets

https://wiki2.dovecot.org/LoginProcess

https://wiki2.dovecot.org/PostLoginScripting

Allow_nets extra field https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets

TRASH / OBSOLETE

passdb passwd-file

fgrep -v '*' /etc/master.passwd | cut -d : -f 1-4,8-10
vi /usr/local/etc/dovecot.passwd
chown dovecot:dovecot /usr/local/etc/dovecot.passwd
chmod 400 /usr/local/etc/dovecot.passwd

passdb cram-md5

auth_mechanisms = plain cram-md5

passdb {
  driver = passwd-file
  #args = scheme=cram-md5 /usr/local/etc/cram-md5.pwd
  args = /usr/local/etc/dovecot.passwd
}

touch /usr/local/etc/dovecot.passwdcram-md5.pwd
echo -n USER: >> /usr/local/etc/cram-md5.pwd
doveadm pw >> /usr/local/etc/cram-md5.pwd
#chmod 600 /usr/local/etc/cram-md5.pwd
chown dovecot:dovecot /usr/local/etc/cram-md5.pwd
chmod 400 /usr/local/etc/cram-md5.pwd

HOME | GUIDES | BENCHMARKS | html