This is an old revision of the document!
G) Configuring Dovecot
Dovecot configuation is stored in /etc/dovecot. There is a master file called dovecot.conf but most of the changes need to be applied to the files under /etc/dovecot/conf.d.
For each file, i will show you the changes from the defaults that you need to apply.
NOTE: Dovecot 2.4 introduced some changes to the config file. The following has been adapted to this new format.
Main changes
You need to enable the selected protocols and change the login greeting, as i don't like to let others know that i use dovecot, for security reasons.
Edit doveconf.conf:
dovecot_config_version = 2.4.2
dovecot_storage_version = 2.4.2
!include_try conf.d/*.conf
protocols {
imap = yes
lmtp = yes
sieve = yes
}
mail_home = /home/vmail/storage/%{user | domain}/%{user | username}
mail_driver = maildir
mail_path = ~/maildir
mail_uid = vmail
mail_gid = vmail
namespace inbox {
inbox = yes
separator = /
}
sql_driver = sqlite
sqlite_path = /home/vmail/database/vmail.sqlite3
passdb sql {
query = SELECT username, domain, password FROM mailbox WHERE username = '%{user}' AND active = 1
}
userdb sql {
query = SELECT CONCAT('/home/vmail/storage/', maildir) AS home, CONCAT('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%{user}' AND active = 1
iterate_query = SELECT username AS user FROM mailbox
}
Setup link to postfix
Changes in conf.d/10-master.conf:
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
This is required because postfix will use dovecot to deliver mail to mailboxes internally and to perform SASL authentication as well.
Setup Sieve
Sieve let's you create custom filters that will filter your inbound emails.
Changes in conf.d/20-lmtp.conf:
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
And specify which folder should store the filters.
Changes in conf.d/90-sieve.conf:
sieve_script personal {
path = /home/vmail/storage/%{user | domain}/%{user | username}/sieve
}
Setup authentication
Changes in conf.d/10-auth.conf:
auth_mechanisms = plain login
Setup mailboxes
Changes in conf.d/10-mail.conf:
mail_home = /home/vmail/storage/%{user | domain}/%{user | username}
mail_driver = maildir
mail_path = ~/maildir
mail_uid = vmail
mail_gid = vmail
Setup TLS
You need to point to the Let's Encrypt certificates.
Changes in conf.d/10-ssl.conf:
ssl = yes
ssl_server {
cert_file = /etc/letsencrypt/live/casa.gardiol.org/fullchain.pem
key_file = /etc/letsencrypt/live/casa.gardiol.org/privkey.pem
}
Testing
Start dovecot
Check that login works:
doveadm auth test -a /var/spool/postfix/private/auth user@mydomain.com
Test IMAP:
telnet mail.mydomain.com 143 Trying 1.2.3.4... Connected to mail.mydomain.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP
Test that login works:
telnet 127.0.0.1 1143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP server ready. a login user@mydomain.com password a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in
Test TLS works:
openssl s_client -connect mail.mydomain.com:993 [ expect similar output as above ]
Test STARTTLS works:
openssl s_client -connect mail.mydomain.com:143 -starttls imap [ expect similar output as above ]
If all those checks worked fine, your dovecot seems all set!