====== Dovecote IMAP Server Howto ======
This document describes how to set up the
"Dovecot" Imap server.
Debian: 8.5 (Jessie)\\
dovecot-imapd: 1:2.2.13-12~deb8u1
===== 1. Introduction =====
The Internet Message Access Protocol (IMAP) is an Internet standard protocol
used by e-mail clients to retrieve e-mail messages from a mail server over
a TCP/IP connection. IMAP is defined by RFC 3501.
((https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol))
Dovecot-imapd ((http://dovecot.org/))
is a secure IMAP server that supports mbox, maildir, dbox and mdbox mailboxes.
===== 2. Installation =====
==== 2.1 install dovecot-imapd ====
# apt-get install dovecot-imapd
===== 3. Configuration =====
==== 3.1 SSL Encryption ====
Dovecot allows for unencrypted imap sessions on localhost only.
So in most cases we have to setup SSL encryption.
Procedure:
* Generate a Certificate
* Enable SSL
* Restart dovecot
=== 3.1.1 Create SSL Certificate ===
To create a self-signed certificate the Debian dovecot-imapd package
is shipped with a shell script "mkcert.sh" and a template configuration
file "dovecot-openssl.cnf".
== 1. Copy both files to somewhere you can edit them e.g. "/etc/dovecot": ==
# cp /usr/share/dovecot/mkcert.sh /etc/dovecot
# cp /usr/share/dovecot/dovecot-openssl.cnf /etc/dovecot
== 2. Edit the configuration file with the proper "organizationalUnitName", "commonName" (CN) and "emailAddress". ==
* The CN must match the mailserver domain!
dovecot-openssl.cnf:
..
[ req_distinguished_name ]
organizationName = Dovecot mail server
#
# commonName (CN) must match mailserver domain!
#
organizationalUnitName = your_mail_serverdomain
commonName = your_mail_serverdomain
emailAddress = postmaster@your_mailserver_domain
..
== 3. Optionally extend certificate lifetime ==
In the "mkcert.sh" script the certificate lifetime is hardcoded as "-days 365".\\
Optionally this can be altered in a longer lifetime e.g. 10 years:
/etc/dovecot/mkcert.sh
..
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 3650 || exit 2
..
== 4. Run "mkcert.sh" ==
# cd /etc/dovecot
# ./mkcert.sh
Generating a 2048 bit RSA private key
................................+++
................................................+++
writing new private key to '/etc/dovecot/private/dovecot.pem'
-----
subject= /O=Dovecot mail server/OU=your_mail_serverdomain/CN=your_mail_serverdomain/emailAddress=postmaster@your_mail_serverdomain
SHA1 Fingerprint=FA:E0:EC:57:53:29:D0:DF:D5:F1:FB:05:03:B1:13:05:CD:34:6A:C5
Make sure that the key file isn't world readable:
# chmod 600 /etc/dovecot/private/dovecot.pem
# ls -l /etc/dovecot/private/
total 4
-rw------- 1 root root 1704 Jan 6 17:00 dovecot.pem
=== 3.1.2 Enable SSL ===
/etc/dovecot/conf.d/10-ssl.conf:
* ssl = yes
* ssl_cert =
# SSL/TLS support: yes, no, required.
#
# ssl = no
ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#
# Uncomment ssl_cert, ssl_key!!
ssl_cert =
=== 3.1.3 Restart Dovecot ===
# /etc/init.d/dovecot restart
===== 4. Mail client configuration =====
==== 4.1 Thunderbird ====
^ Account Settings: Incoming Server ^^
| Server Name: | your_mailserver.domain |
| Port: | 143 |
| User Name: | linux_user_name_here |
| Authentication method: | Normal password |
| Connection Security: | STARTTLS |
===== 5. Troubleshooting =====
===== 6. Documentation =====
^ Docs ^^
| Debian README | /usr/share/doc/dovecot-core/README.Debian.gz |
^ Links ^^
| Dovecot Wiki | http://wiki2.dovecot.org/ |
====== . ======
Copyright (c) 2018 Tux4u.be\\
Author: Marjan Waldorp; dovecot-imapd 2018-01-07