This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== G) Configuring Dovecot ====== Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**. For each file, i will show you the changes from the defaults that you need to apply. ===== Main changes ===== You need to enable the selected protocols and change the login greeting, as i don't like to let others know that i use dovecot, for security reasons. Edit **doveconf.conf**: <code> protocols = imap lmtp sieve login_greeting = IMAP server ready. # Optional DEBUG stuff to enable if things don't work: #auth_verbose = yes #auth_verbose_passwords = no #auth_debug = yes #auth_debug_passwords = yes #mail_debug = yes #verbose_ssl = yes </code> ===== Setup link to postfix ===== Changes in **conf.d/10-master.conf**: <code> service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } </code> This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well. ===== Setup Sieve ===== Sieve let's you create custom filters that will filter your inbound emails. Changes in **conf.d/20-lmtp.conf**: <code> protocol lmtp { mail_plugins = $mail_plugins sieve } </code> And specify which folder should store the filters. Changes in **conf.d/90-sieve.conf**: <code> plugin { sieve = file:/home/vmail/storage/%d/%n/sieve;active=/home/vmail/storage/%d/%n/.dovecot.sieve </code> ===== Setup authentication ===== Changes in **conf.d/10-auth.conf**: <code> auth_mechanisms = plain login #auth_default_realm = mydomain.com # is this needed? #auth_realms = mydomain.com # is this needed? #!include auth-system.conf.ext !include auth-sql.conf.ext </code> ===== Setup SQL backend ===== Changes in **dovecot-sql.conf.ext**: <code> driver = sqlite connect = /home/vmail/database/vmail.sqlite3 password_query = SELECT username, domain, password FROM mailbox WHERE username = '%u' AND active = 1 user_query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = 1 iterate_query = SELECT username AS user FROM mailbox </code> ===== Setup mailboxes ===== Changes in **conf.d/10-mail.conf**: <code> mail_location = maildir:/home/vmail/storage/%d/%n/maildir mail_uid = 5000 mail_gid = 5000 </code> ===== Setup TLS ===== You need to point to the Let's Encrypt certificates. Changes in **conf.d/10-ssl.conf**: <code> ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem </code> ===== Setup Sieve and ManageSieve ===== TBD <code> # Sieve managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date </code> ===== Testing ===== Start dovecot Check that login works: <code bash> doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com </code> Test IMAP: <code bash> telnet mail.mydomain.com 143 Trying 1.2.3.4... Connected to mail.mydomain.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP </code> Test that login works: <code bash> telnet 127.0.0.1 1143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready. a login user@mydomain.com password a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in </code> Test TLS works: <code bash> openssl s_client -connect mail.mydomain.com:993 [ expect similar output as above ] </code> Test STARTTLS works: <code bash> openssl s_client -connect mail.mydomain.com:143 -starttls imap [ expect similar output as above ] </code> If all those checks worked fine, your dovecot seems all set!
