Difference between revisions of "Dovecot"

From ArchWiki
Jump to: navigation, search
(Configuration)
(Major rewrite)
Line 1: Line 1:
 
[[Category:Mail Server]]
 
[[Category:Mail Server]]
  
The goal of this article is to setup dovecot, using PAM auth over SSL. It requires an SMTP server already working. You can follow the [[Sendmail]] guide to set up sendmail as your SMTP server.
+
This article describes how to set up a mail server suitable for personal or small office use.
  
 
[http://www.dovecot.org/ Dovecot] is an open source [[Wikipedia:IMAP|IMAP]] and [[Wikipedia:POP3|POP3]] server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver.  For more detailed information, please see the official [http://wiki2.dovecot.org/ Dovecot Wiki].
 
[http://www.dovecot.org/ Dovecot] is an open source [[Wikipedia:IMAP|IMAP]] and [[Wikipedia:POP3|POP3]] server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver.  For more detailed information, please see the official [http://wiki2.dovecot.org/ Dovecot Wiki].
Line 7: Line 7:
 
==Installation==
 
==Installation==
  
[[pacman|Install]] the package {{Pkg|dovecot}} and {{Pkg|pam}} from the [[Official Repositories|official repositories]].
+
[[pacman|Install]] the packages {{Pkg|dovecot}} and {{Pkg|pam}} from the [[Official Repositories|official repositories]].
  
==Create the SSL certificate==
+
==Configuration==
 +
 
 +
===Assumptions===
 +
 
 +
* The server uses [[Wikipedia:Pluggable authentication module|PAM]] to authenticate the user.
 +
* It uses [[Wikipedia:Transport_Layer_Security|SSL]] to encrypt the authentication password.
 +
* It uses the common [[Wikipedia:Maildir|Maildir]] format to store the mail in the user's home directory.
 +
*  A [[Wikipedia:Message transfer agent|MTA]] has already been set up to deliver mail, see the [[Sendmail]] guide for information on how to set up [[Wikipedia:Sendmail|sendmail]] as a [[Wikipedia:SMTP|SMTP]] server.
 +
 
 +
===Create the SSL certificate===
  
 
The {{Pkg|dovecot}} package contains a script to generate the server SSL certificate.
 
The {{Pkg|dovecot}} package contains a script to generate the server SSL certificate.
Line 20: Line 29:
 
The certificate/key pair is created as {{ic|/etc/ssl/certs/dovecot.pem}} and {{ic|/etc/ssl/private/dovecot.pem}}.
 
The certificate/key pair is created as {{ic|/etc/ssl/certs/dovecot.pem}} and {{ic|/etc/ssl/private/dovecot.pem}}.
  
==Configuration==
+
===PAM Authentication===
 
+
{{Accuracy|This section needs to be updated to reflect the new directory structure of the configuration files.}}
+
  
 
* To configure the server to use PAM for authentication, create {{ic|/etc/pam.d/dovecot}} with the following content:
 
* To configure the server to use PAM for authentication, create {{ic|/etc/pam.d/dovecot}} with the following content:
Line 30: Line 37:
 
}}
 
}}
  
* Check the correct path where you mail is stored. Normally is {{ic|/var/spool/mail}}.
+
===Dovecot configuration===
* Edit the {{ic|/etc/dovecot/dovecot.conf}}. Be sure you set the path of {{ic|ssl_cert}}, {{ic|ssl_key}} and {{ic|mail_location}} correctly:
+
 
{{hc|/etc/dovecot/dovecot.conf|<nowiki>
+
* Copy the dovecot.conf and conf.d configuration files from {{ic|/usr/share/doc/dovecot/example-config}} to {{ic|/etc/dovecot}}:
listen = *
+
{{bc|
disable_plaintext_auth=yes
+
# cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot
ssl = yes
+
# cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
ssl_cert = </etc/ssl/certs/server.crt
+
}}
ssl_key = </etc/ssl/private/server.key
+
 
 +
The default configuration is ok for most systems, but make sure to read through the configuration files to see what options are available.  See the [http://wiki2.dovecot.org/QuickConfiguration quick configuration guide] and [http://wiki2.dovecot.org/#Dovecot_configuration dovecot configuration] for more instructions.
  
mail_access_groups=mail
+
By default dovecot will try to detect what mail storage system is in use on the system. To use the Maildir format edit {{ic|/etc/dovecot/conf.d/10-mail.conf}} to set {{ic|1=mail_location = maildir:~/Maildir}}.
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
+
passdb {
+
  driver = pam
+
}
+
protocols = imap pop3
+
service auth {
+
  user = root
+
}
+
service imap-login {
+
  chroot = login
+
  user = dovecot
+
}
+
service pop3-login {
+
  chroot = login
+
  user = dovecot
+
}
+
userdb {
+
  driver = passwd
+
}
+
</nowiki>}}
+
* Change permissions for the {{ic|mail_location}} directory:
+
{{bc|chmod 0600 /var/spool/mail/*}}
+
  
 
==Start the server==
 
==Start the server==
Start, and optionally, enable for autostart on boot, the {{ic|dovecot.service}} daemon.
 
  
Read [[Daemon]] for more information.
+
Use the standard [[systemd]] syntax to control the {{ic|dovecot.service}} [[daemon]].

Revision as of 09:43, 2 January 2013


This article describes how to set up a mail server suitable for personal or small office use.

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver. For more detailed information, please see the official Dovecot Wiki.

Installation

Install the packages dovecot and pam from the official repositories.

Configuration

Assumptions

  • The server uses PAM to authenticate the user.
  • It uses SSL to encrypt the authentication password.
  • It uses the common Maildir format to store the mail in the user's home directory.
  • A MTA has already been set up to deliver mail, see the Sendmail guide for information on how to set up sendmail as a SMTP server.

Create the SSL certificate

The dovecot package contains a script to generate the server SSL certificate.

  • Copy the configuration file from the sample file: # cp /etc/ssl/dovecot-openssl.cnf{.sample,} .
  • Edit /etc/ssl/dovecot-openssl.cnf to configure the certificate.
  • Execute # /usr/lib/dovecot/mkcert.sh to generate the certificate.

The certificate/key pair is created as /etc/ssl/certs/dovecot.pem and /etc/ssl/private/dovecot.pem.

PAM Authentication

  • To configure the server to use PAM for authentication, create /etc/pam.d/dovecot with the following content:
/etc/pam.d/dovecot
auth    required        pam_unix.so nullok
account required        pam_unix.so 

Dovecot configuration

  • Copy the dovecot.conf and conf.d configuration files from /usr/share/doc/dovecot/example-config to /etc/dovecot:
# cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot
# cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot

The default configuration is ok for most systems, but make sure to read through the configuration files to see what options are available. See the quick configuration guide and dovecot configuration for more instructions.

By default dovecot will try to detect what mail storage system is in use on the system. To use the Maildir format edit /etc/dovecot/conf.d/10-mail.conf to set mail_location = maildir:~/Maildir.

Start the server

Use the standard systemd syntax to control the dovecot.service daemon.