User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:configure-dovecot [2025/03/03 17:23] willyemail:configure-dovecot [2025/03/13 14:05] (current) – [Configuring Dovecot] willy
Line 1: Line 1:
-====== Configuring Dovecot ======+====== G) Configuring Dovecot ======
  
-Changes in doveconf.conf:+Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**.  
 + 
 +For each file, i will show you the changes from the defaults that you need to apply. 
 + 
 +===== Main changes ===== 
 + 
 +You need to enable the selected protocols and change the login greeting, as i don't like to let others know that i use dovecot, for security reasons. 
 + 
 +Edit **doveconf.conf**:
 <code> <code>
-protocols = imap sieve managesieve+protocols = imap lmtp sieve
 login_greeting = IMAP server ready. login_greeting = IMAP server ready.
 +# Optional DEBUG stuff to enable if things don't work:
 +#auth_verbose = yes
 +#auth_verbose_passwords = no
 +#auth_debug = yes
 +#auth_debug_passwords = yes
 +#mail_debug = yes
 +#verbose_ssl = yes
 </code> </code>
  
-Changes in dovecot-sql.conf.ext:+===== Setup link to postfix ===== 
 + 
 +Changes in **conf.d/10-master.conf**: 
 +<code> 
 +service lmtp { 
 +  unix_listener /var/spool/postfix/private/dovecot-lmtp { 
 +    group = postfix 
 +    mode = 0660 
 +    user = postfix 
 +  } 
 + 
 +service auth { 
 +  unix_listener /var/spool/postfix/private/auth { 
 +    group = postfix 
 +    mode = 0660 
 +    user = postfix 
 +  } 
 +
 +</code> 
 + 
 +This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well. 
 + 
 +===== Setup Sieve ===== 
 + 
 +Sieve let's you create custom filters that will filter your inbound emails. 
 + 
 +Changes in **conf.d/20-lmtp.conf**: 
 +<code> 
 +protocol lmtp { 
 +  mail_plugins = $mail_plugins sieve 
 +
 +</code> 
 + 
 +And specify which folder should store the filters. 
 + 
 +Changes in **conf.d/90-sieve.conf**: 
 +<code> 
 +plugin { 
 +  sieve = file:/home/vmail/storage/%d/%n/sieve;active=/home/vmail/storage/%d/%n/.dovecot.sieve 
 +</code> 
 + 
 +===== Setup authentication ===== 
 + 
 +Changes in **conf.d/10-auth.conf**: 
 +<code> 
 +auth_mechanisms = plain login 
 +#auth_default_realm = mydomain.com # is this needed? 
 +#auth_realms = mydomain.com # is this needed? 
 +#!include auth-system.conf.ext 
 +!include auth-sql.conf.ext 
 +</code> 
 + 
 +===== Setup SQL backend ===== 
 + 
 +Changes in **dovecot-sql.conf.ext**:
 <code> <code>
 driver = sqlite driver = sqlite
Line 16: Line 85:
 </code> </code>
  
-Changes in conf.d/10-mail.conf:+===== Setup mailboxes ===== 
 + 
 +Changes in **conf.d/10-mail.conf**:
 <code> <code>
 mail_location = maildir:/home/vmail/storage/%d/%n/maildir mail_location = maildir:/home/vmail/storage/%d/%n/maildir
Line 23: Line 94:
 </code> </code>
  
-Changes in conf.d/10-auth.conf: +===== Setup TLS ===== 
-<code> + 
-auth_mechanisms plain login +You need to point to the Let's Encrypt certificates.
-#auth_default_realm mydomain.com ??? +
-#auth_realms mydomain.com ??? +
-</code>+
  
-Changes in conf.d/10-ssl.conf:+Changes in **conf.d/10-ssl.conf**:
 <code> <code>
 ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
Line 36: Line 104:
 </code> </code>
  
-<file - dovecot.conf>+===== Setup Sieve and ManageSieve ===== 
 + 
 +TBD 
 + 
 +<code>
 # Sieve # Sieve
 managesieve_notify_capability = mailto managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
 +</code>
  
-service auth { 
-  unix_listener /var/spool/postfix/private/auth { 
-    group = postfix 
-    mode = 0660 
-    user = postfix 
-  } 
-} 
-</file> 
  
 +===== Testing =====
 +
 +Start dovecot
 +
 +Check that login works:
 +<code bash>
 +doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com
 +</code>
 +
 +Test IMAP:
 +<code bash>
 +telnet mail.mydomain.com 143
 +Trying 1.2.3.4...
 +Connected to mail.mydomain.com.
 +Escape character is '^]'.
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP </code>
 +
 +Test that login works:
 +<code bash>
 +telnet 127.0.0.1 1143
 +Trying 127.0.0.1...
 +Connected to 127.0.0.1.
 +Escape character is '^]'.
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready.
 +a login user@mydomain.com password
 +a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in
 +</code>
 +
 +Test TLS works:
 +<code bash>
 +openssl s_client -connect mail.mydomain.com:993
 +[ expect similar output as above ]
 +</code>
 +
 +Test STARTTLS works:
 +<code bash>
 +openssl s_client -connect mail.mydomain.com:143 -starttls imap
 +[ expect similar output as above ]
 +</code>
  
 +If all those checks worked fine, your dovecot seems all set!