Setting up dovecot with imap and tls: Difference between revisions

From Alpine Linux
(Adding some short notes on howto add/remove users)
m (→‎General: SSL -> TLS)
 
(6 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= Dovecot on 1.9 =
== General ==
== General ==
Dovecot should be configured to let users fetch their mail through ssl<BR>
Dovecot should be configured to let users fetch their mail through TLS. The aim is also to be able to fetch mail with your favorite email-client or mobile devices eg. mobile phones.
The aim is also to be able to fetch mail with your favorite email-client or mobile devices eg. mobile phones.


Have a look at [[Hosting_services_on_Alpine#Mail]] for various alternatives and instructions
Have a look at [[Hosting_services_on_Alpine#Mail]] for various alternatives and instructions.


== Initial Setup ==
== Initial Setup ==
This document is referring to [[Setting_up_postfix_with_virtual_domains]].<BR>
This document is referring to [[Setting_up_postfix_with_virtual_domains]]. You would benefit if you start by reading/following those instructions before you continue with these instructions.
You would benefit if you start by reading/following those instructions before you continue with these instructions.


== Dovecot ==
== Dovecot ==


=== Install ===
=== Install ===
apk_add dovecot
 
{{Cmd|apk add dovecot}}


=== Prepare ===
=== Prepare ===
Line 20: Line 17:


==== Certificates ====
==== Certificates ====
During the installation of Dovecot some default certificates were generated, which we will replace.
We want to keep things clean, so we create a dovecot folder for it's certs/keys
We want to keep things clean, so we create a dovecot folder for it's certs/keys
mkdir /etc/ssl/dovecot
 
{{Cmd|mkdir /etc/ssl/dovecot}}
 
Now we start creating the certs
Now we start creating the certs
openssl genrsa 512/1024 > server.pem
 
openssl req -new -key server.pem -days 365 -out request.pem  # You will get prompted for various information that is added the the file
{{Cmd|cd /etc/ssl/dovecot
openssl genrsa 2048 > server.key
openssl genrsa 1024 > server.pem   # Choose 512 or 1024 as key length
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem
openssl req -new -key server.pem -out request.pem  # You will get prompted for various information that is added the the file
openssl genrsa 2048 > server.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem}}


=== Configuration ===
=== Configuration ===
For now I just dump whatever I have.
For now I just dump whatever I have.
I will clean up these notes soon.
I will clean up these notes soon.


Line 76: Line 79:
==== /etc/dovecot/dovecot-users ====
==== /etc/dovecot/dovecot-users ====
The uid/gid number below '1000' should match your 'vmail' account (the account that owns '/var/spool/mail/vhosts')
The uid/gid number below '1000' should match your 'vmail' account (the account that owns '/var/spool/mail/vhosts')
<pre>
 
user1@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::
user1@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::
user2@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::
user2@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::
</pre>


==== /etc/dovecot/dovecot-passwd ====
==== /etc/dovecot/dovecot-passwd ====
To generate the passwords you can use the dovecotpw command.<BR>
To generate the passwords you can use the dovecotpw command. The output can be used to create a password for your 'dovecot-passwd'
The output can be used to create a password for your 'dovecot-passwd'
 
dovecotpw -s MD5-CRYPT  
{{Cmd|dovecotpw -s MD5-CRYPT}}
or
{{Cmd|doveadm pw -s MD5-CRYPT}}
 
The /etc/dovecot/passwd file should look like this:
The /etc/dovecot/passwd file should look like this:
  user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
  user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
  user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
  user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
Line 91: Line 97:
=== Start dovecot ===
=== Start dovecot ===
It's time to start. Hopefully it works!
It's time to start. Hopefully it works!
/etc/init.d/dovecot start
 
{{Cmd|rc-service dovecot start}}


=== Debugging ===
=== Debugging ===
In case something goes wrong you should have a look in your syslog.<BR>
In case something goes wrong you should have a look in your syslog. Personally I use to tail the logfile while debugging
Personally I use to tail the logfile while debugging
 
tail -f /var/log/dovecot
{{Cmd|tail -f /var/log/dovecot}}


=== Adding/Removing users ===
=== Adding/Removing users ===
Line 103: Line 110:
* [[#.2Fetc.2Fdovecot.2Fdovecot-passwd|/etc/dovecot/dovecot-passwd]]
* [[#.2Fetc.2Fdovecot.2Fdovecot-passwd|/etc/dovecot/dovecot-passwd]]
Nothing else should be needed.
Nothing else should be needed.
[[Category:Mail]]

Latest revision as of 09:58, 21 January 2024

General

Dovecot should be configured to let users fetch their mail through TLS. The aim is also to be able to fetch mail with your favorite email-client or mobile devices eg. mobile phones.

Have a look at Hosting_services_on_Alpine#Mail for various alternatives and instructions.

Initial Setup

This document is referring to Setting_up_postfix_with_virtual_domains. You would benefit if you start by reading/following those instructions before you continue with these instructions.

Dovecot

Install

apk add dovecot

Prepare

The upcoming configuration is going to need some certificates.

Certificates

During the installation of Dovecot some default certificates were generated, which we will replace. We want to keep things clean, so we create a dovecot folder for it's certs/keys

mkdir /etc/ssl/dovecot

Now we start creating the certs

cd /etc/ssl/dovecot openssl genrsa 1024 > server.pem # Choose 512 or 1024 as key length openssl req -new -key server.pem -out request.pem # You will get prompted for various information that is added the the file openssl genrsa 2048 > server.key openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem

Configuration

For now I just dump whatever I have.

I will clean up these notes soon.

/etc/dovecot/dovecot.conf

## These settings varies from the default configuration ##
base_dir = /var/run/dovecot/
protocols = imap imaps
listen = *
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/server.pem
ssl_key_file = /etc/ssl/dovecot/server.key
ssl_parameters_regenerate = 168
verbose_ssl = yes
login_chroot = yes
login_greeting = Dovecot ready.
mail_location = maildir:/var/spool/mail/vhosts/%d/%n
mail_privileged_group = mail
mail_debug = no
verbose_proctitle = no
valid_chroot_dirs = /var/spool/mail
protocols lda {     # This line is not changed - it's here to help you know where to make edits
  postmaster_address = postmaster@example.net
}     # This line is not changed - it's here to help you know where to make edits
auth_verbose = yes
auth_debug = yes
auth_worker_max_count = 30
auth default {     # This line is not changed - it's here to help you know where to make edits
  mechanism = plain login digest-md5
  passdb passwd-file {
    args = /etc/dovecot/dovecot-passwd
  }
  userdb passwd-file {
    args = /etc/dovecot/dovecot-users
  }
  socket listen {
    path = /var/spool/postfix/private/auth
    user = postfix
    group = postfix
    mode = 0660
  }
}     # This line is not changed - it's here to help you know where to make edits

/etc/dovecot/dovecot-users

The uid/gid number below '1000' should match your 'vmail' account (the account that owns '/var/spool/mail/vhosts')

user1@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::
user2@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::

/etc/dovecot/dovecot-passwd

To generate the passwords you can use the dovecotpw command. The output can be used to create a password for your 'dovecot-passwd'

dovecotpw -s MD5-CRYPT

or

doveadm pw -s MD5-CRYPT

The /etc/dovecot/passwd file should look like this:

user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0

Start dovecot

It's time to start. Hopefully it works!

rc-service dovecot start

Debugging

In case something goes wrong you should have a look in your syslog. Personally I use to tail the logfile while debugging

tail -f /var/log/dovecot

Adding/Removing users

To add or remove users you need to edit the following files (they are described above):

Nothing else should be needed.