====== G) Configuring Dovecot ======

Dovecot configuation is stored in **/etc/dovecot**. There is a master file called **dovecot.conf** but most of the changes need to be applied to the files under **/etc/dovecot/conf.d**. 

For each file, i will show you the changes from the defaults that you need to apply.

===== Main changes =====

You need to enable the selected protocols and change the login greeting, as i don't like to let others know that i use dovecot, for security reasons.

Edit **doveconf.conf**:
<code>
protocols = imap lmtp sieve
login_greeting = IMAP server ready.
# Optional DEBUG stuff to enable if things don't work:
#auth_verbose = yes
#auth_verbose_passwords = no
#auth_debug = yes
#auth_debug_passwords = yes
#mail_debug = yes
#verbose_ssl = yes
</code>

===== Setup link to postfix =====

Changes in **conf.d/10-master.conf**:
<code>
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0660
    user = postfix
  }

service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
</code>

This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well.

===== Setup Sieve =====

Sieve let's you create custom filters that will filter your inbound emails.

Changes in **conf.d/20-lmtp.conf**:
<code>
protocol lmtp {
  mail_plugins = $mail_plugins sieve
}
</code>

And specify which folder should store the filters.

Changes in **conf.d/90-sieve.conf**:
<code>
plugin {
  sieve = file:/home/vmail/storage/%d/%n/sieve;active=/home/vmail/storage/%d/%n/.dovecot.sieve
</code>

===== Setup authentication =====

Changes in **conf.d/10-auth.conf**:
<code>
auth_mechanisms = plain login
#auth_default_realm = mydomain.com # is this needed?
#auth_realms = mydomain.com # is this needed?
#!include auth-system.conf.ext
!include auth-sql.conf.ext
</code>

===== Setup SQL backend =====

Changes in **dovecot-sql.conf.ext**:
<code>
driver = sqlite
connect = /home/vmail/database/vmail.sqlite3
password_query = SELECT username, domain, password FROM mailbox WHERE username = '%u' AND active = 1
user_query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = 1
iterate_query = SELECT username AS user FROM mailbox
</code>

===== Setup mailboxes =====

Changes in **conf.d/10-mail.conf**:
<code>
mail_location = maildir:/home/vmail/storage/%d/%n/maildir
mail_uid = 5000
mail_gid = 5000
</code>

===== Setup TLS =====

You need to point to the Let's Encrypt certificates.

Changes in **conf.d/10-ssl.conf**:
<code>
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
</code>

===== Setup Sieve and ManageSieve =====

TBD

<code>
# Sieve
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
</code>


===== Testing =====

Start dovecot

Check that login works:
<code bash>
doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com
</code>

Test IMAP:
<code bash>
telnet mail.mydomain.com 143
Trying 1.2.3.4...
Connected to mail.mydomain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP </code>

Test that login works:
<code bash>
telnet 127.0.0.1 1143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready.
a login user@mydomain.com password
a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in
</code>

Test TLS works:
<code bash>
openssl s_client -connect mail.mydomain.com:993
[ expect similar output as above ]
</code>

Test STARTTLS works:
<code bash>
openssl s_client -connect mail.mydomain.com:143 -starttls imap
[ expect similar output as above ]
</code>

If all those checks worked fine, your dovecot seems all set!