User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
email:configure-dovecot [2025/03/03 14:34] – created willyemail:configure-dovecot [2025/03/13 14:05] (current) – [Configuring Dovecot] willy
Line 1: Line 1:
-====== Configuring Dovecot ======+====== G) Configuring Dovecot ======
  
 +Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**. 
  
-<file - dovecot.conf> +For each file, i will show you the changes from the defaults that you need to apply.
-log_path = syslog +
-syslog_facility = mail +
-mail_debug = no +
-auth_debug = no +
-auth_debug_passwords = no +
-auth_verbose = no +
-base_dir = /var/run/dovecot/ +
-listen = * +
-protocols = imap sieve  +
-login_greeting = IMAPD ready.+
  
-# Mailbox setup +===== Main changes =====
-mail_location maildir:/home/vmail/storage/%d/%n/maildir +
-namespace inbox {  +
-  inbox yes +
-+
-mail_uid 5000 +
-mail_gid 5000 +
-mailbox_list_index yes +
-mailbox_idle_check_interval 30 secs +
-maildir_copy_with_hardlinks yes+
  
-# Sieve +You need to enable the selected protocols and change the login greeting, as don't like to let others know that i use dovecot, for security reasons.
-managesieve_notify_capability = mailto +
-managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date+
  
-Authentication and login +Edit **doveconf.conf**: 
-disable_plaintext_auth = yes +<code> 
-auth_default_realm mydomain.com +protocols = imap lmtp sieve 
-auth_mechanisms plain login +login_greeting = IMAP server ready. 
-auth_realms mydomain.com +Optional DEBUG stuff to enable if things don't work: 
-auth_failure_delay 2 secs+#auth_verbose = yes 
 +#auth_verbose_passwords no 
 +#auth_debug yes 
 +#auth_debug_passwords yes 
 +#mail_debug yes 
 +#verbose_ssl = yes 
 +</code>
  
-# SQLite link +===== Setup link to postfix ===== 
-sql_driver sqlite + 
-sqlite_path /home/vmail/database/vmail.sqlite3 +Changes in **conf.d/10-master.conf**: 
-passdb sql { +<code> 
-  query SELECT username, domain, password FROM mailbox WHERE username '%u' AND active 1 +service lmtp 
-} +  unix_listener /var/spool/postfix/private/dovecot-lmtp { 
-userdb sql +    group postfix 
-  query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active 1 +    mode 0660 
-  iterate_query SELECT username AS user FROM mailbox +    user = postfix 
-}+  }
  
 service auth { service auth {
Line 54: Line 40:
   }   }
 } }
 +</code>
  
-SSL TLS setup +This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well. 
-ssl = yes+ 
 +===== Setup Sieve ===== 
 + 
 +Sieve let's you create custom filters that will filter your inbound emails. 
 + 
 +Changes in **conf.d/20-lmtp.conf**: 
 +<code> 
 +protocol lmtp { 
 +  mail_plugins = $mail_plugins sieve 
 +
 +</code> 
 + 
 +And specify which folder should store the filters. 
 + 
 +Changes in **conf.d/90-sieve.conf**: 
 +<code> 
 +plugin { 
 +  sieve = file:/home/vmail/storage/%d/%n/sieve;active=/home/vmail/storage/%d/%n/.dovecot.sieve 
 +</code> 
 + 
 +===== Setup authentication ===== 
 + 
 +Changes in **conf.d/10-auth.conf**: 
 +<code> 
 +auth_mechanisms = plain login 
 +#auth_default_realm = mydomain.com # is this needed? 
 +#auth_realms = mydomain.com # is this needed? 
 +#!include auth-system.conf.ext 
 +!include auth-sql.conf.ext 
 +</code> 
 + 
 +===== Setup SQL backend ===== 
 + 
 +Changes in **dovecot-sql.conf.ext**: 
 +<code> 
 +driver = sqlite 
 +connect = /home/vmail/database/vmail.sqlite3 
 +password_query = SELECT username, domain, password FROM mailbox WHERE username = '%u' AND active = 1 
 +user_query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = 1 
 +iterate_query = SELECT username AS user FROM mailbox 
 +</code> 
 + 
 +===== Setup mailboxes ===== 
 + 
 +Changes in **conf.d/10-mail.conf**: 
 +<code> 
 +mail_location = maildir:/home/vmail/storage/%d/%n/maildir 
 +mail_uid = 5000 
 +mail_gid = 5000 
 +</code> 
 + 
 +===== Setup TLS ===== 
 + 
 +You need to point to the Let's Encrypt certificates. 
 + 
 +Changes in **conf.d/10-ssl.conf**: 
 +<code>
 ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
 ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
-ssl_min_protocol TLSv1.2 +</code> 
-ssl_cipher_list ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384+ 
 +===== Setup Sieve and ManageSieve ====
 + 
 +TBD 
 + 
 +<code> 
 +# Sieve 
 +managesieve_notify_capability = mailto 
 +managesieve_sieve_capability fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date 
 +</code> 
 + 
 + 
 +===== Testing ===== 
 + 
 +Start dovecot 
 + 
 +Check that login works: 
 +<code bash> 
 +doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com 
 +</code> 
 + 
 +Test IMAP: 
 +<code bash> 
 +telnet mail.mydomain.com 143 
 +Trying 1.2.3.4... 
 +Connected to mail.mydomain.com. 
 +Escape character is '^]'
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP </code> 
 + 
 +Test that login works: 
 +<code bash> 
 +telnet 127.0.0.1 1143 
 +Trying 127.0.0.1... 
 +Connected to 127.0.0.1. 
 +Escape character is '^]'
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready. 
 +a login user@mydomain.com password 
 +a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in 
 +</code>
  
-</file>+Test TLS works: 
 +<code bash> 
 +openssl s_client -connect mail.mydomain.com:993 
 +[ expect similar output as above ] 
 +</code>
  
 +Test STARTTLS works:
 +<code bash>
 +openssl s_client -connect mail.mydomain.com:143 -starttls imap
 +[ expect similar output as above ]
 +</code>
  
 +If all those checks worked fine, your dovecot seems all set!