This is an old revision of the document!
Configuring Dovecot
Dovecot configuation is stored in /etc/dovecot. There is a master file called dovecot.conf but most of the changes need to be applied to the files under /etc/dovecot/conf.d.
For each file, i will show you the changes from the defaults that you need to apply.
Main changes
You need to enable the selected protocols and change the login greeting, as i don't like to let others know that i use dovecot, for security reasons.
Edit doveconf.conf:
protocols = imap lmtp sieve managesieve login_greeting = IMAP server ready.
Setup link to postfix
Changes in conf.d/10-master.conf:
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well.
Setup authentication
Changes in conf.d/10-auth.conf:
auth_mechanisms = plain login #auth_default_realm = mydomain.com # is this needed? #auth_realms = mydomain.com # is this needed? #!include auth-system.conf.ext !include auth-sql.conf.ext
Setup SQL backend
Changes in dovecot-sql.conf.ext:
driver = sqlite
connect = /home/vmail/database/vmail.sqlite3
password_query = SELECT username, domain, password FROM mailbox WHERE username = '%u' AND active = 1
user_query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = 1
iterate_query = SELECT username AS user FROM mailbox
Setup mailboxes
Changes in conf.d/10-mail.conf:
mail_location = maildir:/home/vmail/storage/%d/%n/maildir mail_uid = 5000 mail_gid = 5000
Setup TLS
You need to point to the Let's Encrypt certificates.
Changes in conf.d/10-ssl.conf:
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
Setup Sieve and ManageSieve
TBD
# Sieve managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
Testing
Start dovecot
Check that login works:
doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com
Test IMAP:
telnet mail.mydomain.com 143 Trying 1.2.3.4... Connected to mail.mydomain.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP
Test that login works:
telnet 127.0.0.1 1143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready. a login user@mydomain.com password a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in
Test TLS works:
openssl s_client -connect mail.mydomain.com:993 [ expect similar output as above ]
Test STARTTLS works:
openssl s_client -connect mail.mydomain.com:143 -starttls imap [ expect similar output as above ]
If all those checks worked fine, your dovecot seems all set!