Small-Time Email with Exim and Dovecot

From Alpine Linux
Revision as of 14:50, 11 May 2022 by Dhorton (talk | contribs)
This material is work-in-progress ...

Do not follow instructions here until this notice is removed.
(Last edited by Dhorton on 11 May 2022.)

If you want a super-simple SMTP / IMAP setup for a home server, this is the guide for you. This document covers the minimum steps to get email delivery up and running on a small home network. You're not going to want to use this for any serious enterprise stuff, but for a small home LAN it works well.

Why would you do this?

My personal motivation for creating this small-time email setup was to deliver alerts from Monit so I would know when my system needed attention. You can use it for this or similar minimalist email needs. Just don't do anything crazy like exposing it to the internet.

Why Exim and Dovecot?

For an email server, Exim is easy to configure. Dovecot is a little more complex, but not insurmountable. Both are well documented.

Installing the Packages

The first step is to install Exim, Dovecot, and Mailx. (Mailx is used for testing.)

 apk add exim dovecot mailx

Configuring Exim

The next step is to get Exim working for delivering email to users on the system. This is a pretty simple configuration and there are only a few parameters to change in the delivered exim.conf file.

  1. Make a backup of /etc/exim/exim.conf
  2. Open /etc/exim/exim.conf in your favorite text editor.
  3. Make the changes stated below and save.

Find the lines that look like this:

 # group = mail
 # mode = 0660

They'll be under the heading of local_delivery:

When you find them, remove the comment (hash symbol). The local_delivery section should now look like this:

 local_delivery:
   driver = appendfile
   file = /var/mail/$local_part_data
   delivery_date_add
   envelope_to_add
   return_path_add
   group = mail
   mode = 0660

The only thing changed is the removal of the hash symbol from the last two lines.

Fixing Ownership and Permissions on /var/mail

As it stands, Exim will not be able to deliver messages to /var/mail, where the user mailboxes are stored. This is due to permissions.

To fix it, run these two commands:

 chgrp mail /var/mail
 chmod 2775 /var/mail

When you're done, verify it with ls -ld /var/mail. It should look something like this:

 $ ls -ld /var/mail/
 drwxrwsr-x    3 root     mail          4096 May 11 12:58 /var/mail/

Setting the group ownership to exim, lets exim write to users' mailboxes when new mail comes in.

Starting the Exim Service

Start Exim and configure it to start at boot time with the usual commands.

 service exim start
 rc-update add exim

Testing the Exim Setup

Log in a a regular user and try sending a test email to yourself. You can do this with the mail command, like this:

 mail -s Testing dave
 This is a test.
 .

This sends a test message to the user dave. (Obviously, you'll want to replace dave with your username.) The final . on the last line is important. It tells the mail command the message is done.

When the message is sent, check that you received it by running mail with no command-line parameters. If everything went well, it should look like the example below.

 $ mail
 Mail version 8.1 6/6/93.  Type ? for help.
 "/var/mail/dave": 1 messages
 >   1 dave@myserver.home      Wed May 11 03:51  27/847   "Testing"
 &

You can type the message number (1) to display the contents of the mail and then type q to quit the mail program.

Troubleshooting Mail Delivery

If the mail test fails, look int the directory /var/spool/exim/msglog. If there are files in here, they are stuck messages. The files are plain text. Display the contents to show any error messages. In most cases, the problem will be related to permissions on the /var/mail directory.

Configuring Dovecot

If everything is working with local delivery, it's time to set up IMAP using Dovecot.

The Dovecot package for Alpine comes with twenty configuration files in /etc/dovecot/conf.d. As a small-time email admin, you may feel overwhelmed. Don't worry, everything can be condensed down to a single config file of 13 lines.

First, make a backup copy of /etc/dovecot/dovecot.conf.

Next, create a new dovecot.conf that looks like this:

 listen = *
 log_path = /var/log/dovecot.log
 protocols = imap
 disable_plaintext_auth = no
 mail_privileged_group = mail
 mail_location = mbox:~/mail:INBOX=/var/mail/%u
 userdb {
   driver = passwd
 }
 passdb {
   driver = passwd-file
   args = scheme=sha512-crypt username_format=%n /etc/dovecot/passwd
 }

This config does not have the !include conf.d/*.conf that was in the original dovecot.conf, so those twenty files in conf.d are going to be ignored. Everything is now in this single dovecot.conf.

Starting the Dovecot Service

Start Dovecot and configure it to start at boot time with the usual commands.

 service dovecot start
 rc-update add dovecot

Creating a Dovecot User and Password

As it is configured, Dovecot does not use /etc/passwd for authentication. Technically, this can be done using Pluggable Authentication Modules (PAM), but PAM is not part of the base install of Alpine Linux. The next best thing is to use a separate password file for Dovecot and to use the same SHA512-Crypt hashing algorithm used in /etc/passwd.

The Dovecot configuration above specifies a password file of /etc/dovecot/passwd. The Dovecot password file looks like this:

 dave:{SHA512-CRYPT}$6$mQ1rxB0gZHqg8Tg9$nxZ8odJZ6xVpmOVpsnYfAo1i7SuoLDhsvoykieukWF9NyNBq.WwhDA7udcYxP1iEm/IzlBmnwz6/vOO3SX8gA.

There are two fields, username and password, separated by a colon. Notice the {SHA512-CRYPT} prefix to the password. This indicates the hashing algorithm.

You can create passwords with the doveadm command, like this:

 # doveadm pw -s sha512-crypt
 Enter new password:
 Retype new password:

The command will output the hashed password. You'll need to edit Dovecot's password file with a text editor and create the username/password pair by hand.

Testing the Dovecot Setup

To test IMAP, you'll need an email client. Personally, I've used Thunderbird on Windows and K-9 Mail on Android. The trickiest part is getting the email client to trust the self-signed certificates. Configuring email clients is beyond the scope of this document.

From the server side, the Dovecot log file can help you diagnose errors. The dovecot.conf file specifies the location of the log file.

 log_path = /var/log/dovecot.log


Work in progress. More to come.