Differences

This shows you the differences between two versions of the page.

--- ubuntu:email:install_dovecot [2020/12/06 13:12] – created peter
+++ ubuntu:email:install_dovecot [2020/12/06 13:30] (current) – peter
@@ Line 22: / Line 22: @@
 ----
+===== Install Dovecot =====
+<code bash>
+sudo apt install dovecot
+</code>
+----
+===== Configuring Dovecot =====
+The configuration files for Dovecot are usually found in **/etc/dovecot**.
+<WRAP info>
+**NOTE:**  It is recommended to leave the default configuration alone and just adding your modifications into **local.conf**.
+This file is read last and so any settings it contains will override the same settings that are contained in the default configuration.
+</WRAP>
+==== Basic Configuration ====
+The first part of the configuration specifies which protocols to support (IMAP and/or POP3) and where the mailboxes can be found:
+<file bash /etc/dovecot/local.conf>
+#protocols = imap pop3
+protocols = imap
+mail_location = maildir:~/mail
+</file>
+----
+==== Transport Layer Security (SSL) ====
+This assumes that you have already created an certificate using OpenSSL. The one I am using is named ssl-mail-cert:
+<file bash /etc/dovecot/local.conf>
+...
+# TLS/SSL protocols to use (avoid older SSL protocols)
+ssl_protocols = !SSLv2  !SSLv3
+# SSL ciphers to use
+ssl_cipher_list = ALL:!ADH:!EXPORT:!SSLv2:!aNULL:!eNULL:RC4+RSA:+HIGH:-MEDIUM:-LOW
+ssl_prefer_server_ciphers = yes
+# SSL certificate
+ssl=required
+ssl_cert = </etc/pki/tls/certs/ssl-mail-cert.crt
+ssl_key = </etc/pki/tls/private/ssl-mail-cert.key
+</file>
+----
+==== Authentication ====
+The following is used to configure authentication:
+<file bash /etc/dovecot/local.conf>
+...
+auth_mechanisms = plain
+passdb {
+    driver = passwd-file
+    args = /etc/dovecot/passwd
+}
+userdb {
+    driver = static
+    args = uid=vmail gid=vmail home=/home/vmail/%d/%n allow_all_users=yes
+}
+service auth {
+    unix_listener auth-client {
+        path = /var/spool/postfix/private/auth
+        mode = 0660
+        user = postfix
+        group = postfix
+    }
+    user = root
+}
+</file>
+<WRAP info>
+**NOTE:**
+  * **auth_mechanisms** specifies the various forms in which the password can be passed to Dovecot (there may be more than one specified).
+    * Using plain is fine because it will only be passed through an SSL tunnel, and so will not be exposed.
+  * **passdb** specifies password database, in this case **/etc/dovecot/passwd**. It takes the form: <file bash /etc/dovecot/passwd>
+peter@sharewiz.net:{PLAIN}5Eu6f9AKe2vN
+peter@abcd.com:{PLAIN}L2YoWQ6JdSCo
+admin@sharewiz.net:{PLAIN}M2ydCc4ZwA1s
+</file>
+    * Each consists of the email for each of the virtual mail boxes (much match values given to Postfix in the **virtual_mailbox_maps** file).
+    * After the email address there is a colon and then a specification of how the password is encoded enclosed in braces.
+    * Finally there is the encoded password. Of course, if the encoding is specified as PLAIN, there is no encoding and the password is given directly. However it is more secure it you do encode the passwords. To do so, run: <code bash>
+doveadm pw -s SSHA
+</code>
+      * SSHA employs a salted SSH1 hash, but there are many others available.
+  * **userdb** specifies parameters used when creating the virtual mailboxes.
+  * **service auth** specifies the parameters for a socket that is created to allow Postfix to communicate with Dovecot to support authentication.
+    * The path is the location of the socket (the last part of this path should be specified to Postfix in **smtpd_sasl_path**.
+</WRAP>
+----
+==== Configuring Dovecot as the Local Delivery Agent ====
+The following is sufficient to configure the Dovecot LDA:
+<file bash /etc/dovecot/local.conf>
+...
+protocol lda {
+    postmaster_address = admin@sharewiz.net
+}
+</file>
+----
+==== Firewall Configuration ====
+Open firewall ports:
+  * 993: IMAP.
+  * 110: POP3.  Only needed if using POP.
+  * 587: SMTP.
+----
+===== Running Dovecot =====
+Start Dovecot using:
+<code bash>
+systemctl start dovecot
+</code>
+If Dovecot is already running, and you have changed a configuration file, you can get Dovecot to reread these files using:
+<code bash>
+systemctl reload dovecot
+</code>
+You can stop Dovecot with:
+<code bash>
+systemctl stop dovecot
+</code>
+You can get Dovecot status with:
+<code bash>
+systemctl status dovecot
+</code>
+Once Dovecot is running, you should configure your email client and confirm that you can both view the mailboxes and you can send messages.
+  * Look in **/var/log/maillog** for messages from Dovecot.
+Once Dovecot is running properly, you can enable it so that it starts automatically when the server starts using:
+<code bash>
+systemctl enable dovecot
+</code>
+----
+===== Configuring Email Client =====
+To configure Thunderbird to use your new Postfix/Dovecot email system
+<code>
+IMAP server: sharewiz.net
+    Port: 993
+    Security: SSL/TLS
+    Authentication Method: normal password
+    Username: peter@sharewiz.net
+SMTP server: sharewiz.net
+    Port: 587
+    Security: STARTTLS
+    Authentication Method: normal password
+    Username: peter@sharewiz.net
+</code>
+To configure Mutt to use your new Postfix/Dovecot email system:
+<code>
+set spoolfile=imaps://sharewiz.net:993/INBOX
+set folder=imaps://sharewiz,net:993/
+set smtp_url=smtp://peter@sharewiz.net:587
+#               ^ do not use smtps here
+# Alternative ways of giving username and password.
+set imap_user="peter@sharewiz.net"
+set imap_pass="`abraxas -q work-email-fallback`"
+set smtp_pass=$imap_pass
+set smtp_authenticators="plain"
+</code>