- Introduction
- Installation
- Configuration
- Choice of Protocols
- Choice of Mailboxes
- Setting up Maildir
- Test
- Authentication
- Accessing from Outside
- Email Clients
- Thunderbird
- Related Articles
- See also
- Releases
- dovecot¶
- OPTIONS¶
- COMMANDS¶
- SIGNALS¶
- FILES¶
- Минимальный почтовый сервер на основе Postfix и Dovecot. Часть 1: Dovecot
Introduction
Dovecot is a Mail Delivery Agent, written with security primarily in mind. It supports the major mailbox formats: mbox or Maildir. It is a simple and easy to install MDA. This guide explains how to set it up as an IMAP or POP3 server.
To configure Dovecot to use LDAP for user authentication see DovecotLDAP
NOTE: Dovecot will NOT work in an encrypted directory/folder. Dovecot would just complain about permissions and wont work. One answer is to create a 2nd user account that has an unencrypted home directory. We have not tested this solution on a separate home partition, but most probably the outcome would be the same.
Installation
sudo apt-get install dovecot-imapd dovecot-pop3d
Configuration
To configure dovecot, you edit the file /etc/dovecot/dovecot.conf. There are a couple of choices which you need to make.
Choice of Protocols
The choice is broadly between two protocols: IMAP and POP3. POP3 is useful when e-mail is checked from only one computer. It is best for people who download their email and then work off-line. IMAP is the better choice when you would like to check your mail from multiple computers (at work and home, for example). IMAP has the added benefit of accessing folders on the server, allowing you to organize your e-mail, and access it from anywhere. For more information, see the wikipedia articles on POP3 and IMAP. IMAPS and POP3S are more secure than the simple IMAP and POP3 because they use SSL encryption to connect.
Once you have chosen, amend the following line in the file /etc/dovecot/dovecot.conf:
protocols = pop3 pop3s imap imaps
This enables those protocols when dovecot is started. Note: if you like, you can enable all the above protocols, or you can choose to enable just one or any number of them. In addition, add the following line in the «protocol pop3» section in the /etc/dovecot/dovecot.conf:
pop3_uidl_format = %08Xu%08Xv
Choice of Mailboxes
Dovecot currently supports maildir and mbox formats. They are the most commonly used mailbox formats. They both have their own benefits, discussed here.
If you have trouble figuring out what you are using, it’s most likely mbox. Maildir mails are almost always stored in ~/Maildir/ directory, which contains cur/, new/ and tmp/ subdirectories. In maildir each mail is stored in a separate file, while with the mbox format one file contains all mails in the mailbox. Files in /var/mail/ are nearly always mbox files, one for each user.
Maildir is better overall because it is more scalable and can’t get corrupted so easily. So, if you have trouble figuring out what you should be using and have a choice, choose maildir.
To configure Dovecot for your mailbox format use (for maildir):
mail_location = maildir:~/Maildir
mail_location = mbox:~/mail:INBOX=/var/mail/%u
Note: You will also need to configure your MTA to transfer the incoming mail to this type of mailbox. (If you installed Postfix with instructions from the previous wiki, then choose mbox.)
Setting up Maildir
Do these steps ONLY if you want Maildir. This setup will put the Maildir in each user’s home directory.
If you are using Postfix as your MTA, then add the following line to your /etc/postfix/main.cf file:
Edit /etc/dovecot/dovecot.conf:
mail_location = maildir:/home/%u/Maildir
If !include conf.d/*.conf is uncommented in /etc/dovecot/dovecot.conf, it is necessary to set mail_location in /etc/dovecot/conf.d/10-mail.conf or comment the line out. 10-mail.conf will override the mail_location in dovecot.conf. If you choose to set the mail_location in 10-mail.conf, you have to change it to:
mail_location = maildir:~/Maildir
If you want to see the config Dovecot is currently using (including the mail_location), use
It’s a good idea to pre-create the Maildir for future users:
sudo maildirmake.dovecot /etc/skel/Maildir sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts sudo maildirmake.dovecot /etc/skel/Maildir/.Sent sudo maildirmake.dovecot /etc/skel/Maildir/.Trash sudo maildirmake.dovecot /etc/skel/Maildir/.Templates
Then, for an existing user:
sudo cp -r /etc/skel/Maildir /home/myuser/ sudo chown -R myuser:usergroup /home/myuser/Maildir sudo chmod -R 700 /home/myuser/Maildir
Test
Or in newer versions (as of Ubuntu 12.10) you need to use the upstart equivalent:
To check that it is running, type the command
You should see the dovecot service running. If you have enabled imap, or pop3, you can also try to log in with the commands
If you see something like the following, the installation has been successful.
matt@kalliope:~$ telnet localhost pop3 Trying localhost. Connected to localhost. Escape character is '^]'. +OK dovecot ready.
To test IMAPS (port 993), openSSL can be used:
openssl s_client -connect mail.domain.ext:993
If the server returns an «OK * DOVECOT * READY» message, you can login with:
A1 LOGIN username password
The server should return a «LOGGED IN» confirmation. To list the different folders and check if they’re accessible, run:
A2 LIST "" "*" A3 EXAMINE INBOX
If no error is returned, IMAP SSL is functioning correctly. If a server error is returned, examine «/var/log/mail.err».
Authentication
If you’ve gotten this far, dovecot is working but may still have to be configured so that users can login to check their mail. The simplest login method is sending the user login info in plain text and allowing access only to users that already have UNIX access (ie. in /etc/passwd) to the machine dovecot is running on. Allowing access only to users that already have UNIX access is the dovecot default, nothing has to be done to configure this. Also, plain text logins are enabled by default when using secure protocols. To enable plain text logins when not using a secure protocol, put the following line in /etc/dovecot/dovecot.conf:
disable_plaintext_auth = no
If you are using the secure protocols imaps or pop3s, plain text logins is not a problem, because the transfer is done via an encrypted connection. If you are using simply imap or pop3, and will be connecting to the server from outside your local computer or home network, it is a good idea to configure more secure authentication. For further details about how to do this, see this page on the dovecot website.
To configure Dovecot to use SSL, edit the file /etc/dovecot/dovecot.conf and amend the following lines (in some cases you may simply have to remove the # symbol from the beginning of the line):
The cert and key files are created automatically by Dovecot when you install it. (The keys mentioned above are actually the ones created by Postfix, however, but are suitable for use by Dovecot as well). Please note, that these keys are not signed and will give «bad signature» errors when connecting from a client. To avoid this, you can use commercial certificates, or even better, you can use your own SSL certificates. Hopefully, a guide will appear soon on this wiki on how to do this. In the meantime, here are some good ones: this guide on the Linux howto database, and this guide on the Debian Administration website.
Accessing from Outside
You’ll also need to uncomment following line in /etc/dovecot/dovecot.conf:
However, this method may cause conflicts with other servers already listening on other ports. The alternative (and probably more desirable) method, then, is to enable the specific listening ports for the protocols that are intended to be used. For example, for IMAP/IMAPS and POP3/POP3S, add to the correct protocol imap and protocol pop3 sections:
protocol imap listen = *:143 ssl_listen = *:993 . >
protocol pop3 listen = *:110 ssl_listen = *:995 . >
Email Clients
Thunderbird
To use with Thunderbird, edit the file /etc/dovecot/dovecot.conf:
protocol imap . login_greeting_capability = yes imap_client_workarounds = tb-extra-mailbox-sep >
In Thunderbird, under ‘Server Settings’ -> Advanced, uncheck «Show only subscribed folders».
Note: The login_greeting_capability option is deprecated in later versions of Dovecot.
Related Articles
- POP3Aggregator — this guide explains how to set up an IMAP mail server with Dovecot that will download your mail from an external POP3 server, and allow you to access the mail using any IMAP-compatible email client.
See also
Releases
This guide has been tested on Ubuntu 10.04 (Lucid). This guide has been tested on Ubuntu 14.04 (Trusty).
Dovecot (последним исправлял пользователь cm-84 2019-04-03 20:07:17)
The material on this wiki is available under a free license, see Copyright / License for details
You can contribute to this wiki, see Wiki Guide for details
dovecot¶
Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It’s fast, simple to set up, requires no special administration and it uses very little memory.
OPTIONS¶
Dump all configuration settings to stdout and exit successfully. The same as doveconf -a.
-c config-file
Start dovecot with an alternative configuration.
Run dovecot in foreground, do not daemonize.
Dump non-default settings to stdout and exit successfully. The same as doveconf -n.
Prompt for the ssl key password for the configured ssl_key on startup.
—build-options
Show Dovecot’s build options and exit successfully.
Print a usage message to stdout and exit successfully.
Shows the current host.domain name of the system. If the domain lookup should fail for some reason, only the hostname will be shown.
Show Dovecot’s version and exit successfully.
COMMANDS¶
Force dovecot to reload its configuration.
Shutdown dovecot and all its child processes.
When shutdown_clients is set to no, existing sessions will continue to use the old settings, after a dovecot reload. Also all sessions will keep alive after a dovecot stop.
By default all active sessions will be shut down.
SIGNALS¶
Dovecot handles the following signals as described:
Force dovecot to reload its configuration.
Shutdown dovecot and all its child processes.
Shutdown dovecot and all its child processes.
Force dovecot to reopen all configured log files ( log_path, info_log_path and debug_log_path).
The signals ALARM and PIPE are ignored.
FILES¶
Dovecot’s main configuration file.
Dovecot’s LDAP authdb/userdb module configuration file.
Dovecot’s SQL authdb/userdb module configuration file.
Dovecot’s dict configuration with SQL-backend.
Configuration files of different authentication modules.
Configuration files of different services and settings.
Минимальный почтовый сервер на основе Postfix и Dovecot. Часть 1: Dovecot
- Создадим пользователя «vmail» для хранения почты, без «шелл» доступа, но с домашней папкой «/home/vmail».
auth_mechanisms = plain login
mail_gid = vmail mail_uid = vmail
Ограничение передачи пароля только после установки TLS соединения, выполняется в Dovecot по умолчанию и не требует дополнительных настроек. Так как мы будем использовать TLS, никаких других механизмов аутентификации нам не нужно, только PLAIN. Самоподписанный сертификат, в CentOS, создается при установке Dovecot в папке, /etc/pki/dovecot/certs/, воспользуемся пока им, для настройки TLS.
Хочу обратить ваше внимание на один важный момент. Нужно различать, механизм аутентификации от метода хранения аутентификационных данных. Хотя эти два понятия могут называться одинаково, это две разные вещи. Подробности здесь и здесь.
mail_location = maildir:~/Maildir
Формат почтовых ящиков Maildir выбран для упрощения перехода к классической системе, в случае необходимости, т.к. Postfix поддерживает Maildir. Но если вы не планируете возврат к классической системе, можно выбрать любой формат почтовых ящиков поддерживаемый Dovecot.
Мы использовали для этого файл, /etc/dovecot/users, имеющий формат стандартного файла паролей /etc/passwd.
Пример файла паролей (пароль обрезан):
user1@example1.com:2YT51xuhilbvb4vYRIb1oj1EvrKFszhf2MNw=. user3@example3.com:GdBv9GEE1rfFpd4+fzXS+UKh4x6gTpTaH4=.
Для безопасности, мы не храним пароли пользователей в открытом виде, а храним их подсоленные SHA512. Для заполнения файла «/etc/dovecot/users», будем использовать этот скрипт с двумя параметрами, именем пользователя и паролем пользователя.
#!/bin/sh echo $1:$(doveadm pw -s ssha512 -p $2). >> /etc/dovecot/users
service auth < unix_listener /var/spool/postfix/private/auth < group = postfix mode = 0660 user = postfix >unix_listener auth-userdb < mode = 0600 user = vmail >>
service lmtp < unix_listener /var/spool/postfix/private/dovecot-lmtp < group = postfix mode = 0600 user = postfix >user = vmail > protocol lmtp
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.16.2.el6.x86_64 x86_64 CentOS release 6.6 (Final) auth_mechanisms = plain login mail_gid = vmail mail_home = /home/vmail/%d/%n mail_location = maildir:~/Maildir mail_uid = vmail mbox_write_locks = fcntl passdb < args = scheme=ssha512 username_format=%u /etc/dovecot/users driver = passwd-file >service auth < unix_listener /var/spool/postfix/private/auth < group = postfix mode = 0660 user = postfix >unix_listener auth-userdb < mode = 0600 user = vmail >> service lmtp < unix_listener /var/spool/postfix/private/dovecot-lmtp < group = postfix mode = 0600 user = postfix >user = vmail > ssl_cert = protocol lmtp
Теперь достаточно добавлять имена и пароли пользователей в файл /etc/dovecot/users, и почтовые ящики будут созданы автоматически, после первой успешной аутентификации пользователя. Или, забегая вперед, после получения пользователем письма.
Часть 2: Postfix.