User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:configure-dovecot [2025/03/03 20:27] willyemail:configure-dovecot [2026/01/22 17:58] (current) – [Setup Sieve] willy
Line 1: Line 1:
-====== Configuring Dovecot ======+====== G) Configuring Dovecot ======
  
 Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**.  Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**. 
  
 For each file, i will show you the changes from the defaults that you need to apply. For each file, i will show you the changes from the defaults that you need to apply.
 +
 +**NOTE:** Dovecot 2.4 introduced some changes to the config file. The following has been adapted to this new format.
  
 ===== Main changes ===== ===== Main changes =====
Line 11: Line 13:
 Edit **doveconf.conf**: Edit **doveconf.conf**:
 <code> <code>
-protocols = imap sieve managesieve +dovecot_config_version 2.4.2 
-login_greeting IMAP server ready.+dovecot_storage_version = 2.4.2 
 + 
 +!include_try conf.d/*.conf 
 + 
 +protocols { 
 +  imap = yes 
 +  lmtp = yes 
 +  sieve = yes 
 +
 + 
 +mail_home /home/vmail/storage/%{user | domain}/%{user | username} 
 +mail_driver = maildir 
 +mail_path = ~/maildir 
 + 
 +mail_uid = vmail 
 +mail_gid = vmail 
 + 
 +namespace inbox { 
 +  inbox = yes 
 +  separator = / 
 +
 + 
 +sql_driver = sqlite 
 +sqlite_path = /home/vmail/database/vmail.sqlite3 
 + 
 +passdb sql { 
 +  query = SELECT username, domain, password FROM mailbox WHERE username = '%{user}' AND active = 1 
 +
 + 
 +userdb sql { 
 +  query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%{user}' AND active = 1 
 +  iterate_query = SELECT username AS user FROM mailbox 
 +}
 </code> </code>
  
-===== Setup auth endpoint for postfix =====+===== Setup link to postfix =====
  
 Changes in **conf.d/10-master.conf**: Changes in **conf.d/10-master.conf**:
 <code> <code>
 +service lmtp {
 +  unix_listener /var/spool/postfix/private/dovecot-lmtp {
 +    group = postfix
 +    mode = 0660
 +    user = postfix
 +  }
 +
 service auth { service auth {
   unix_listener /var/spool/postfix/private/auth {   unix_listener /var/spool/postfix/private/auth {
Line 28: Line 69:
 </code> </code>
  
-===== Setup authentication =====+This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well.
  
-Changes in **conf.d/10-auth.conf**:+===== Setup Sieve ===== 
 + 
 +Sieve let's you create custom filters that will filter your inbound emails. 
 + 
 +Changes in **conf.d/90-sieve.conf**:
 <code> <code>
-auth_mechanisms = plain login +sieve_script personal { 
-#auth_default_realm mydomain.com # is this needed? +  path /home/vmail/storage/%{user | domain}/%{user | username}/sieve 
-#auth_realms = mydomain.com # is this needed? +}
-#!include auth-system.conf.ext +
-!include auth-sql.conf.ext+
 </code> </code>
  
-===== Setup SQL backend =====+And enable sieve for lmtp (local delivery), edit **conf.d/20-lmtp.conf**: 
 +<code> 
 +protocol lmtp { 
 +    mail_plugins { 
 +    sieve yes 
 +  } 
 +</code>
  
-Changes in **dovecot-sql.conf.ext**:+ 
 +===== Setup authentication ===== 
 + 
 +Changes in **conf.d/10-auth.conf**:
 <code> <code>
-driver sqlite +auth_mechanisms plain login
-connect = /home/vmail/database/vmail.sqlite3 +
-password_query = SELECT username, domain, password FROM mailbox WHERE username = '%u' AND active = 1 +
-user_query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = 1 +
-iterate_query = SELECT username AS user FROM mailbox+
 </code> </code>
  
Line 54: Line 102:
 Changes in **conf.d/10-mail.conf**: Changes in **conf.d/10-mail.conf**:
 <code> <code>
-mail_location maildir:/home/vmail/storage/%d/%n/maildir +mail_home = /home/vmail/storage/%{user | domain}/%{user | username} 
-mail_uid = 5000 +mail_driver = maildir 
-mail_gid = 5000+mail_path = ~/maildir 
 + 
 +mail_uid = vmail 
 +mail_gid = vmail
 </code> </code>
  
Line 65: Line 116:
 Changes in **conf.d/10-ssl.conf**: Changes in **conf.d/10-ssl.conf**:
 <code> <code>
-ssl_cert </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem +ssl = yes 
-ssl_key </etc/letsencrypt/live/mail.mydomain.com/privkey.pem+ssl_server { 
 +  cert_file = /etc/dovecot/fullchain.pem 
 +  key_file = /etc/dovecot/privkey.pem 
 +}
 </code> </code>
  
-===== Setup Sieve and ManageSieve =====+For this to work, you need to ensure that the certs are properly moved after being renewed by Let's Encrypt. I use the following post hook in **/etc/letsencrypt/renewal-hooks/post/dovecot.sh**: 
 +<file - dovecot.sh> 
 +cp /etc/letsencrypt/live/[cert path]/privkey.pem /etc/dovecot/privkey.pem 
 +cp /etc/letsencrypt/live/[cert path]/fullchain.pem /etc/dovecot/fullchain.pem 
 +chmod o+r /etc/dovecot/privkey.pem /etc/dovecot/fullchain.pem 
 +/etc/init.d/dovecot restart 
 +</file>
  
-TBD+the chmod is required for command line tools using **doveadm**, like PostfixAdmin.
  
-<code> +===== Testing ===== 
-# Sieve + 
-managesieve_notify_capability = mailto +Start dovecot 
-managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date+ 
 +Check that login works: 
 +<code bash
 +doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com
 </code> </code>
  
 +Test IMAP:
 +<code bash>
 +telnet mail.mydomain.com 143
 +Trying 1.2.3.4...
 +Connected to mail.mydomain.com.
 +Escape character is '^]'.
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP </code>
 +
 +Test that login works:
 +<code bash>
 +telnet 127.0.0.1 1143
 +Trying 127.0.0.1...
 +Connected to 127.0.0.1.
 +Escape character is '^]'.
 +* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready.
 +a login user@mydomain.com password
 +a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in
 +</code>
 +
 +Test TLS works:
 +<code bash>
 +openssl s_client -connect mail.mydomain.com:993
 +[ expect similar output as above ]
 +</code>
 +
 +Test STARTTLS works:
 +<code bash>
 +openssl s_client -connect mail.mydomain.com:143 -starttls imap
 +[ expect similar output as above ]
 +</code>
  
 +If all those checks worked fine, your dovecot seems all set!