Differences

This shows you the differences between two versions of the page.

--- email:configure-dovecot [2025/03/04 07:30] – willy
+++ email:configure-dovecot [2026/01/22 17:58] (current) – [Setup Sieve] willy
@@ Line 1: / Line 1: @@
-====== Configuring Dovecot ======
+====== G) Configuring Dovecot ======
 Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**.
 For each file, i will show you the changes from the defaults that you need to apply.
+**NOTE:** Dovecot 2.4 introduced some changes to the config file. The following has been adapted to this new format.
 ===== Main changes =====
@@ Line 11: / Line 13: @@
 Edit **doveconf.conf**:
 <code>
-protocols = imap lmtp sieve managesieve
+dovecot_config_version = 2.4.2
-login_greeting = IMAP server ready.
+dovecot_storage_version = 2.4.2
+!include_try conf.d/*.conf
+protocols {
+  imap = yes
+  lmtp = yes
+  sieve = yes
+}
+mail_home = /home/vmail/storage/%{user | domain}/%{user | username}
+mail_driver = maildir
+mail_path = ~/maildir
+mail_uid = vmail
+mail_gid = vmail
+namespace inbox {
+  inbox = yes
+  separator = /
+}
+sql_driver = sqlite
+sqlite_path = /home/vmail/database/vmail.sqlite3
+passdb sql {
+  query = SELECT username, domain, password FROM mailbox WHERE username = '%{user}' AND active = 1
+}
+userdb sql {
+  query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%{user}' AND active = 1
+  iterate_query = SELECT username AS user FROM mailbox
+}
 </code>
@@ Line 37: / Line 71: @@
 This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well.
-===== Setup authentication =====
+===== Setup Sieve =====
-Changes in **conf.d/10-auth.conf**:
+Sieve let's you create custom filters that will filter your inbound emails.
+Changes in **conf.d/90-sieve.conf**:
 <code>
-auth_mechanisms = plain login
+sieve_script personal {
-#auth_default_realm = mydomain.com # is this needed?
+  path = /home/vmail/storage/%{user | domain}/%{user | username}/sieve
-#auth_realms = mydomain.com # is this needed?
+}
-#!include auth-system.conf.ext
-!include auth-sql.conf.ext
 </code>
-===== Setup SQL backend =====
+And enable sieve for lmtp (local delivery), edit **conf.d/20-lmtp.conf**:
+<code>
+protocol lmtp {
+    mail_plugins {
+    sieve = yes
+  }
+</code>
-Changes in **dovecot-sql.conf.ext**:
+===== Setup authentication =====
+Changes in **conf.d/10-auth.conf**:
 <code>
-driver = sqlite
+auth_mechanisms = plain login
-connect = /home/vmail/database/vmail.sqlite3
-password_query = SELECT username, domain, password FROM mailbox WHERE username = '%u' AND active = 1
-user_query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = 1
-iterate_query = SELECT username AS user FROM mailbox
 </code>
@@ Line 63: / Line 102: @@
 Changes in **conf.d/10-mail.conf**:
 <code>
-mail_location = maildir:/home/vmail/storage/%d/%n/maildir
+mail_home = /home/vmail/storage/%{user | domain}/%{user | username}
-mail_uid = 5000
+mail_driver = maildir
-mail_gid = 5000
+mail_path = ~/maildir
+mail_uid = vmail
+mail_gid = vmail
 </code>
@@ Line 74: / Line 116: @@
 Changes in **conf.d/10-ssl.conf**:
 <code>
-ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
+ssl = yes
-ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
+ssl_server {
+  cert_file = /etc/dovecot/fullchain.pem
+  key_file = /etc/dovecot/privkey.pem
+}
 </code>
-===== Setup Sieve and ManageSieve =====
+For this to work, you need to ensure that the certs are properly moved after being renewed by Let's Encrypt. I use the following post hook in **/etc/letsencrypt/renewal-hooks/post/dovecot.sh**:
+<file - dovecot.sh>
+cp /etc/letsencrypt/live/[cert path]/privkey.pem /etc/dovecot/privkey.pem
+cp /etc/letsencrypt/live/[cert path]/fullchain.pem /etc/dovecot/fullchain.pem
+chmod o+r /etc/dovecot/privkey.pem /etc/dovecot/fullchain.pem
+/etc/init.d/dovecot restart
+</file>
-TBD
+the chmod is required for command line tools using **doveadm**, like PostfixAdmin.
-<code>
+===== Testing =====
-# Sieve
-managesieve_notify_capability = mailto
+Start dovecot
-managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
+Check that login works:
+<code bash>
+doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com
 </code>
+Test IMAP:
+<code bash>
+telnet mail.mydomain.com 143
+Trying 1.2.3.4...
+Connected to mail.mydomain.com.
+Escape character is '^]'.
+* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP </code>
+Test that login works:
+<code bash>
+telnet 127.0.0.1 1143
+Trying 127.0.0.1...
+Connected to 127.0.0.1.
+Escape character is '^]'.
+* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready.
+a login user@mydomain.com password
+a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in
+</code>
+Test TLS works:
+<code bash>
+openssl s_client -connect mail.mydomain.com:993
+[ expect similar output as above ]
+</code>
+Test STARTTLS works:
+<code bash>
+openssl s_client -connect mail.mydomain.com:143 -starttls imap
+[ expect similar output as above ]
+</code>
+If all those checks worked fine, your dovecot seems all set!

Willy's Wiki

User Tools

Differences