User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
email:configure-dovecot [2025/03/03 14:34] – created willyemail:configure-dovecot [2025/03/13 14:05] (current) – [Configuring Dovecot] willy
Line 1: Line 1:
-====== Configuring Dovecot ======+====== G) Configuring Dovecot ======
  
 +Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**. 
  
-<file - dovecot.conf> +For each file, i will show you the changes from the defaults that you need to apply.
-log_path = syslog +
-syslog_facility = mail +
-mail_debug = no +
-auth_debug = no +
-auth_debug_passwords = no +
-auth_verbose = no +
-base_dir = /var/run/dovecot/ +
-listen = * +
-protocols = imap sieve  +
-login_greeting = IMAPD ready.+
  
-# Mailbox setup +===== Main changes =====
-mail_location maildir:/home/vmail/storage/%d/%n/maildir +
-namespace inbox {  +
-  inbox yes +
-+
-mail_uid 5000 +
-mail_gid 5000 +
-mailbox_list_index yes +
-mailbox_idle_check_interval 30 secs +
-maildir_copy_with_hardlinks yes+
  
-# Sieve +You need to enable the selected protocols and change the login greeting, as don't like to let others know that i use dovecot, for security reasons.
-managesieve_notify_capability = mailto +
-managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date+
  
-Authentication and login +Edit **doveconf.conf**: 
-disable_plaintext_auth = yes +<code> 
-auth_default_realm mydomain.com +protocols = imap lmtp sieve 
-auth_mechanisms plain login +login_greeting = IMAP server ready. 
-auth_realms mydomain.com +Optional DEBUG stuff to enable if things don't work: 
-auth_failure_delay 2 secs+#auth_verbose = yes 
 +#auth_verbose_passwords no 
 +#auth_debug yes 
 +#auth_debug_passwords yes 
 +#mail_debug yes 
 +#verbose_ssl = yes 
 +</code>
  
-# SQLite link +===== Setup link to postfix ===== 
-sql_driver sqlite + 
-sqlite_path /home/vmail/database/vmail.sqlite3 +Changes in **conf.d/10-master.conf**: 
-passdb sql { +<code> 
-  query SELECT username, domain, password FROM mailbox WHERE username '%u' AND active 1 +service lmtp 
-} +  unix_listener /var/spool/postfix/private/dovecot-lmtp { 
-userdb sql +    group postfix 
-  query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active 1 +    mode 0660 
-  iterate_query SELECT username AS user FROM mailbox +    user = postfix 
-}+  }
  
 service auth { service auth {
Line 54: Line 40:
   }   }
 } }
 +</code>
  
-SSL TLS setup +This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well. 
-ssl = yes+ 
 +===== Setup Sieve ===== 
 + 
 +Sieve let's you create custom filters that will filter your inbound emails. 
 + 
 +Changes in **conf.d/20-lmtp.conf**: 
 +<code> 
 +protocol lmtp { 
 +  mail_plugins = $mail_plugins sieve 
 +
 +</code> 
 + 
 +And specify which folder should store the filters. 
 + 
 +Changes in **conf.d/90-sieve.conf**: 
 +<code> 
 +plugin { 
 +  sieve = file:/home/vmail/storage/%d/%n/sieve;active=/home/vmail/storage/%d/%n/.dovecot.sieve 
 +</code> 
 + 
 +===== Setup authentication ===== 
 + 
 +Changes in **conf.d/10-auth.conf**: 
 +<code> 
 +auth_mechanisms = plain login 
 +#auth_default_realm = mydomain.com # is this needed? 
 +#auth_realms = mydomain.com # is this needed? 
 +#!include auth-system.conf.ext 
 +!include auth-sql.conf.ext 
 +</code> 
 + 
 +===== Setup SQL backend ===== 
 + 
 +Changes in **dovecot-sql.conf.ext**: 
 +<code> 
 +driver = sqlite 
 +connect = /home/vmail/database/vmail.sqlite3 
 +password_query = SELECT username, domain, password FROM mailbox WHERE username = '%u' AND active = 1 
 +user_query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = 1 
 +iterate_query = SELECT username AS user FROM mailbox 
 +</code> 
 + 
 +===== Setup mailboxes ===== 
 + 
 +Changes in **conf.d/10-mail.conf**: 
 +<code> 
 +mail_location = maildir:/home/vmail/storage/%d/%n/maildir 
 +mail_uid = 5000 
 +mail_gid = 5000 
 +</code> 
 + 
 +===== Setup TLS ===== 
 + 
 +You need to point to the Let's Encrypt certificates. 
 + 
 +Changes in **conf.d/10-ssl.conf**: 
 +<code>
 ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
 ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
-ssl_min_protocol TLSv1.2 +</code> 
-ssl_cipher_list ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384+ 
 +===== Setup Sieve and ManageSieve ====
 + 
 +TBD 
 + 
 +<code> 
 +# Sieve 
 +managesieve_notify_capability = mailto 
 +managesieve_sieve_capability fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date 
 +</code> 
 + 
 + 
 +===== Testing ===== 
 + 
 +Start dovecot 
 + 
 +Check that login works: 
 +<code bash> 
 +doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com 
 +</code> 
 + 
 +Test IMAP: 
 +<code bash> 
 +telnet mail.mydomain.com 143 
 +Trying 1.2.3.4... 
 +Connected to mail.mydomain.com. 
 +Escape character is '^]'
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP </code> 
 + 
 +Test that login works: 
 +<code bash> 
 +telnet 127.0.0.1 1143 
 +Trying 127.0.0.1... 
 +Connected to 127.0.0.1. 
 +Escape character is '^]'
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready. 
 +a login user@mydomain.com password 
 +a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in 
 +</code>
  
-</file>+Test TLS works: 
 +<code bash> 
 +openssl s_client -connect mail.mydomain.com:993 
 +[ expect similar output as above ] 
 +</code>
  
 +Test STARTTLS works:
 +<code bash>
 +openssl s_client -connect mail.mydomain.com:143 -starttls imap
 +[ expect similar output as above ]
 +</code>
  
 +If all those checks worked fine, your dovecot seems all set!
  
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information