Difference between revisions of "Dovecot"

From ArchWiki
Jump to: navigation, search
(Sieve)
(23 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
[[Category:Mail Server]]
 
[[Category:Mail Server]]
Dovecot is an IMAP and POP3 server.
 
  
The goal of this article is to setup dovecot, using PAM auth over SSL. It requires an SMTP server already working. You can follow the [[Sendmail]] guide to set up sendmail as your SMTP server.
+
This article describes how to set up a mail server suitable for personal or small office use.
 +
 
 +
[http://www.dovecot.org/ Dovecot] is an open source [[Wikipedia:IMAP|IMAP]] and [[Wikipedia:POP3|POP3]] server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver.  For more detailed information, please see the official [http://wiki2.dovecot.org/ Dovecot Wiki].
  
 
==Installation==
 
==Installation==
[[pacman|Install]] the package {{Pkg|dovecot}} and {{Pkg|pam}} from the [[Official Repositories|official repositories]].
 
  
==Create SSL certs==
+
[[pacman|Install]] the packages {{Pkg|dovecot}} and {{Pkg|pam}} from the [[Official Repositories|official repositories]].
  
The {{Pkg|dovecot}} package contains a script to create your SSL certificate and key.  Before you run this script, create your settings file.
+
==Configuration==
  
{{bc|
+
===Assumptions===
cp /etc/ssl/dovecot-openssl.cnf{.sample,}
+
vim /etc/ssl/dovecot-openssl.cnf
+
}}
+
  
Then execute the script.
+
* Each mail account served by Dovecot, has a local user account defined on the server.
 +
* The server uses [[Wikipedia:Pluggable authentication module|PAM]] to authenticate the user against the local user database (/etc/passwd).
 +
* [[Wikipedia:Transport_Layer_Security|SSL]] is used to encrypt the authentication password.
 +
* The common [[Wikipedia:Maildir|Maildir]] format is used to store the mail in the user's home directory.
 +
*  A [[Wikipedia:Mail delivery agent|MDA]] has already been set up to deliver mail to the local users.
  
{{bc|
+
===Create the SSL certificate===
/usr/lib/dovecot/mkcert.sh
+
}}
+
  
The cert/key pair is created under /etc/ssl/certs and /etc/ssl/private.
+
The {{Pkg|dovecot}} package contains a script to generate the server SSL certificate.
  
==Configuration==
+
* Copy the configuration file from the sample file: {{ic|# cp /etc/ssl/dovecot-openssl.cnf{.sample,} }}.
* Create the {{ic|/etc/pam.d/dovecot}} file, and put the following:
+
* Edit {{ic|/etc/ssl/dovecot-openssl.cnf}} to configure the certificate.
{{bc|
+
 
 +
* Execute {{ic|# /usr/lib/dovecot/mkcert.sh}} to generate the certificate.
 +
 
 +
The certificate/key pair is created as {{ic|/etc/ssl/certs/dovecot.pem}} and {{ic|/etc/ssl/private/dovecot.pem}}.
 +
 
 +
===PAM Authentication===
 +
 
 +
* To configure PAM for dovecot, create {{ic|/etc/pam.d/dovecot}} with the following content:
 +
{{hc|/etc/pam.d/dovecot|
 
auth    required        pam_unix.so nullok
 
auth    required        pam_unix.so nullok
 
account required        pam_unix.so  
 
account required        pam_unix.so  
 
}}
 
}}
* Check the correct path where you mail is stored. Normally is {{ic|/var/spool/mail}}.
 
* Edit the {{ic|/etc/dovecot/dovecot.conf}}. Be sure you set the path of {{ic|ssl_cert}}, {{ic|ssl_key}} and {{ic|mail_location}} correctly:
 
{{hc|/etc/dovecot/dovecot.conf|<nowiki>
 
listen = *
 
disable_plaintext_auth=yes
 
ssl = yes
 
ssl_cert = </etc/ssl/certs/server.crt
 
ssl_key = </etc/ssl/private/server.key
 
  
mail_access_groups=mail
+
===Dovecot configuration===
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
+
 
passdb {
+
* Copy the dovecot.conf and conf.d/* configuration files from {{ic|/usr/share/doc/dovecot/example-config}} to {{ic|/etc/dovecot}}:
   driver = pam
+
{{bc|
 +
# cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot
 +
# cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
 +
}}
 +
 
 +
The default configuration is ok for most systems, but make sure to read through the configuration files to see what options are available.  See the [http://wiki2.dovecot.org/QuickConfiguration quick configuration guide] and [http://wiki2.dovecot.org/#Dovecot_configuration dovecot configuration] for more instructions.
 +
 
 +
By default dovecot will try to detect what mail storage system is in use on the system. To use the Maildir format edit {{ic|/etc/dovecot/conf.d/10-mail.conf}} to set {{ic|1=mail_location = maildir:~/Maildir}}.
 +
 
 +
===Sieve===
 +
 
 +
[http://en.wikipedia.org/wiki/Sieve_%28mail_filtering_language%29 Sieve] is a programming language that can be used to create filters for email on mail server.
 +
 
 +
* Install pigeonhole
 +
* Add "sieve" to "protocols" in dovecot.conf (and the lines from the next points)
 +
<pre>
 +
protocols = imap pop3 sieve
 +
</pre>
 +
* Add minimal 80-sieve.conf
 +
<pre>
 +
service managesieve-login {
 +
   inet_listener sieve {
 +
    port = 4190
 +
  }
 
}
 
}
protocols = imap pop3
+
 
service auth {
+
service managesieve {
  user = root
+
 
}
 
}
service imap-login {
+
 
  chroot = login
+
protocol sieve {
  user = dovecot
+
 
}
 
}
service pop3-login {
+
</pre>
  chroot = login
+
* Add "sieve" to "mail_plugins" in "protocol lda" section
   user = dovecot
+
<pre>
 +
protocol lda {
 +
   mail_plugins = sieve
 
}
 
}
userdb {
+
</pre>
   driver = passwd
+
* Specify sieve storage location in "plugin" section:
 +
<pre>
 +
plugin {
 +
   sieve=/var/mail/%u/dovecot.sieve
 +
  sieve_dir=/var/mail/%u/sieve
 
}
 
}
</nowiki>}}
+
</pre>
* Change permissions for the {{ic|mail_location}} directory:
+
 
{{bc|chmod 0600 /var/spool/mail/*}}
+
{{Note| Nowadays it is recommended to use LMTP instead of LDA. Nevertheless can the Dovecot LDA still be used for small mailservers. More information can be found in the [http://wiki2.dovecot.org/LMTP Dovecot Wiki]}}
 +
 
 +
* Ensure that your MTA uses dovecot for delivery. For example: postfix's main.cf and dovecot-lda:
 +
  mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
 +
 
 +
==Starting the server==
 +
 
 +
Use the standard [[systemd]] syntax to control the {{ic|dovecot.service}} [[daemon]].
 +
# systemctl start dovecot.service
  
==Start the server==
+
To have it start on boot
{{bc|/etc/rc.d/dovecot start}}
+
# systemctl enable dovecot.service

Revision as of 18:04, 25 August 2013


This article describes how to set up a mail server suitable for personal or small office use.

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver. For more detailed information, please see the official Dovecot Wiki.

Installation

Install the packages dovecot and pam from the official repositories.

Configuration

Assumptions

  • Each mail account served by Dovecot, has a local user account defined on the server.
  • The server uses PAM to authenticate the user against the local user database (/etc/passwd).
  • SSL is used to encrypt the authentication password.
  • The common Maildir format is used to store the mail in the user's home directory.
  • A MDA has already been set up to deliver mail to the local users.

Create the SSL certificate

The dovecot package contains a script to generate the server SSL certificate.

  • Copy the configuration file from the sample file: # cp /etc/ssl/dovecot-openssl.cnf{.sample,} .
  • Edit /etc/ssl/dovecot-openssl.cnf to configure the certificate.
  • Execute # /usr/lib/dovecot/mkcert.sh to generate the certificate.

The certificate/key pair is created as /etc/ssl/certs/dovecot.pem and /etc/ssl/private/dovecot.pem.

PAM Authentication

  • To configure PAM for dovecot, create /etc/pam.d/dovecot with the following content:
/etc/pam.d/dovecot
auth    required        pam_unix.so nullok
account required        pam_unix.so 

Dovecot configuration

  • Copy the dovecot.conf and conf.d/* configuration files from /usr/share/doc/dovecot/example-config to /etc/dovecot:
# cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot
# cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot

The default configuration is ok for most systems, but make sure to read through the configuration files to see what options are available. See the quick configuration guide and dovecot configuration for more instructions.

By default dovecot will try to detect what mail storage system is in use on the system. To use the Maildir format edit /etc/dovecot/conf.d/10-mail.conf to set mail_location = maildir:~/Maildir.

Sieve

Sieve is a programming language that can be used to create filters for email on mail server.

  • Install pigeonhole
  • Add "sieve" to "protocols" in dovecot.conf (and the lines from the next points)
protocols = imap pop3 sieve
  • Add minimal 80-sieve.conf
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}

service managesieve {
}

protocol sieve {
}
  • Add "sieve" to "mail_plugins" in "protocol lda" section
protocol lda {
  mail_plugins = sieve
}
  • Specify sieve storage location in "plugin" section:
plugin {
  sieve=/var/mail/%u/dovecot.sieve
  sieve_dir=/var/mail/%u/sieve
}
Note: Nowadays it is recommended to use LMTP instead of LDA. Nevertheless can the Dovecot LDA still be used for small mailservers. More information can be found in the Dovecot Wiki
  • Ensure that your MTA uses dovecot for delivery. For example: postfix's main.cf and dovecot-lda:
 mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"

Starting the server

Use the standard systemd syntax to control the dovecot.service daemon.

# systemctl start dovecot.service

To have it start on boot

# systemctl enable dovecot.service