Setting up dovecot with imap and tls: Difference between revisions
m (Zcrayfish moved page Setting up dovecot with imap and ssl to Setting up dovecot with imap and tls: SSL -> TLS) |
GrumpyMeow (talk | contribs) m (Minor fixes to make things more clear) |
||
Line 17: | Line 17: | ||
==== Certificates ==== | ==== Certificates ==== | ||
During the installation of Dovecot some default certificates were generated, which we will replace. | |||
We want to keep things clean, so we create a dovecot folder for it's certs/keys | We want to keep things clean, so we create a dovecot folder for it's certs/keys | ||
Line 23: | Line 24: | ||
Now we start creating the certs | Now we start creating the certs | ||
{{Cmd|openssl genrsa | {{Cmd|cd /etc/ssl/dovecot | ||
openssl req -new -key server.pem | openssl genrsa 1024 > server.pem # Choose 512 or 1024 as key length | ||
openssl req -new -key server.pem -out request.pem # You will get prompted for various information that is added the the file | |||
openssl genrsa 2048 > server.key | openssl genrsa 2048 > server.key | ||
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem}} | openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem}} |
Revision as of 09:35, 21 January 2024
General
Dovecot should be configured to let users fetch their mail through SSL. The aim is also to be able to fetch mail with your favorite email-client or mobile devices eg. mobile phones.
Have a look at Hosting_services_on_Alpine#Mail for various alternatives and instructions.
Initial Setup
This document is referring to Setting_up_postfix_with_virtual_domains. You would benefit if you start by reading/following those instructions before you continue with these instructions.
Dovecot
Install
apk add dovecot
Prepare
The upcoming configuration is going to need some certificates.
Certificates
During the installation of Dovecot some default certificates were generated, which we will replace. We want to keep things clean, so we create a dovecot folder for it's certs/keys
mkdir /etc/ssl/dovecot
Now we start creating the certs
cd /etc/ssl/dovecot openssl genrsa 1024 > server.pem # Choose 512 or 1024 as key length openssl req -new -key server.pem -out request.pem # You will get prompted for various information that is added the the file openssl genrsa 2048 > server.key openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem
Configuration
For now I just dump whatever I have.
I will clean up these notes soon.
/etc/dovecot/dovecot.conf
## These settings varies from the default configuration ## base_dir = /var/run/dovecot/ protocols = imap imaps listen = * disable_plaintext_auth = no ssl_disable = no ssl_cert_file = /etc/ssl/dovecot/server.pem ssl_key_file = /etc/ssl/dovecot/server.key ssl_parameters_regenerate = 168 verbose_ssl = yes login_chroot = yes login_greeting = Dovecot ready. mail_location = maildir:/var/spool/mail/vhosts/%d/%n mail_privileged_group = mail mail_debug = no verbose_proctitle = no valid_chroot_dirs = /var/spool/mail protocols lda { # This line is not changed - it's here to help you know where to make edits postmaster_address = postmaster@example.net } # This line is not changed - it's here to help you know where to make edits auth_verbose = yes auth_debug = yes auth_worker_max_count = 30 auth default { # This line is not changed - it's here to help you know where to make edits mechanism = plain login digest-md5 passdb passwd-file { args = /etc/dovecot/dovecot-passwd } userdb passwd-file { args = /etc/dovecot/dovecot-users } socket listen { path = /var/spool/postfix/private/auth user = postfix group = postfix mode = 0660 } } # This line is not changed - it's here to help you know where to make edits
/etc/dovecot/dovecot-users
The uid/gid number below '1000' should match your 'vmail' account (the account that owns '/var/spool/mail/vhosts')
user1@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false:: user2@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::
/etc/dovecot/dovecot-passwd
To generate the passwords you can use the dovecotpw command. The output can be used to create a password for your 'dovecot-passwd'
dovecotpw -s MD5-CRYPT
The /etc/dovecot/passwd file should look like this:
user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0 user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
Start dovecot
It's time to start. Hopefully it works!
rc-service dovecot start
Debugging
In case something goes wrong you should have a look in your syslog. Personally I use to tail the logfile while debugging
tail -f /var/log/dovecot
Adding/Removing users
To add or remove users you need to edit the following files (they are described above):
Nothing else should be needed.