User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:configure-dovecot [2025/03/03 17:25] willyemail:configure-dovecot [2025/03/13 14:05] (current) – [Configuring Dovecot] willy
Line 1: Line 1:
-====== Configuring Dovecot ======+====== G) Configuring Dovecot ======
  
-Changes in doveconf.conf:+Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**.  
 + 
 +For each file, i will show you the changes from the defaults that you need to apply. 
 + 
 +===== Main changes ===== 
 + 
 +You need to enable the selected protocols and change the login greeting, as i don't like to let others know that i use dovecot, for security reasons. 
 + 
 +Edit **doveconf.conf**:
 <code> <code>
-protocols = imap sieve managesieve+protocols = imap lmtp sieve
 login_greeting = IMAP server ready. login_greeting = IMAP server ready.
 +# Optional DEBUG stuff to enable if things don't work:
 +#auth_verbose = yes
 +#auth_verbose_passwords = no
 +#auth_debug = yes
 +#auth_debug_passwords = yes
 +#mail_debug = yes
 +#verbose_ssl = yes
 </code> </code>
  
-Changes in conf.d/10-master.conf:+===== Setup link to postfix ===== 
 + 
 +Changes in **conf.d/10-master.conf**:
 <code> <code>
 +service lmtp {
 +  unix_listener /var/spool/postfix/private/dovecot-lmtp {
 +    group = postfix
 +    mode = 0660
 +    user = postfix
 +  }
 +
 service auth { service auth {
   unix_listener /var/spool/postfix/private/auth {   unix_listener /var/spool/postfix/private/auth {
Line 18: Line 42:
 </code> </code>
  
-Changes in dovecot-sql.conf.ext:+This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well. 
 + 
 +===== Setup Sieve ===== 
 + 
 +Sieve let's you create custom filters that will filter your inbound emails. 
 + 
 +Changes in **conf.d/20-lmtp.conf**: 
 +<code> 
 +protocol lmtp { 
 +  mail_plugins = $mail_plugins sieve 
 +
 +</code> 
 + 
 +And specify which folder should store the filters. 
 + 
 +Changes in **conf.d/90-sieve.conf**: 
 +<code> 
 +plugin { 
 +  sieve = file:/home/vmail/storage/%d/%n/sieve;active=/home/vmail/storage/%d/%n/.dovecot.sieve 
 +</code> 
 + 
 +===== Setup authentication ===== 
 + 
 +Changes in **conf.d/10-auth.conf**: 
 +<code> 
 +auth_mechanisms = plain login 
 +#auth_default_realm = mydomain.com # is this needed? 
 +#auth_realms = mydomain.com # is this needed? 
 +#!include auth-system.conf.ext 
 +!include auth-sql.conf.ext 
 +</code> 
 + 
 +===== Setup SQL backend ===== 
 + 
 +Changes in **dovecot-sql.conf.ext**:
 <code> <code>
 driver = sqlite driver = sqlite
Line 27: Line 85:
 </code> </code>
  
-Changes in conf.d/10-mail.conf:+===== Setup mailboxes ===== 
 + 
 +Changes in **conf.d/10-mail.conf**:
 <code> <code>
 mail_location = maildir:/home/vmail/storage/%d/%n/maildir mail_location = maildir:/home/vmail/storage/%d/%n/maildir
Line 34: Line 94:
 </code> </code>
  
-Changes in conf.d/10-auth.conf: +===== Setup TLS =====
-<code> +
-auth_mechanisms plain login +
-#auth_default_realm mydomain.com ??? +
-#auth_realms mydomain.com ??? +
-</code>+
  
-Changes in conf.d/10-ssl.conf:+You need to point to the Let's Encrypt certificates. 
 + 
 +Changes in **conf.d/10-ssl.conf**:
 <code> <code>
 ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
Line 47: Line 104:
 </code> </code>
  
-<file - DA_PIAZZARE>+===== Setup Sieve and ManageSieve ===== 
 + 
 +TBD 
 + 
 +<code>
 # Sieve # Sieve
 managesieve_notify_capability = mailto managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
 +</code>
  
-</file> 
  
 +===== Testing =====
 +
 +Start dovecot
 +
 +Check that login works:
 +<code bash>
 +doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com
 +</code>
 +
 +Test IMAP:
 +<code bash>
 +telnet mail.mydomain.com 143
 +Trying 1.2.3.4...
 +Connected to mail.mydomain.com.
 +Escape character is '^]'.
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP </code>
 +
 +Test that login works:
 +<code bash>
 +telnet 127.0.0.1 1143
 +Trying 127.0.0.1...
 +Connected to 127.0.0.1.
 +Escape character is '^]'.
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready.
 +a login user@mydomain.com password
 +a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in
 +</code>
 +
 +Test TLS works:
 +<code bash>
 +openssl s_client -connect mail.mydomain.com:993
 +[ expect similar output as above ]
 +</code>
 +
 +Test STARTTLS works:
 +<code bash>
 +openssl s_client -connect mail.mydomain.com:143 -starttls imap
 +[ expect similar output as above ]
 +</code>
  
 +If all those checks worked fine, your dovecot seems all set!
  
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information