linux:network:mail:dovecot-imapd
Inhoud
Dovecote IMAP Server Howto
This document describes how to set up the “Dovecot” Imap server.
Debian: 8.5 (Jessie)
dovecot-imapd: 1:2.2.13-12~deb8u1
1. Introduction
The Internet Message Access Protocol (IMAP) is an Internet standard protocol used by e-mail clients to retrieve e-mail messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 3501. 1)
Dovecot-imapd 2) is a secure IMAP server that supports mbox, maildir, dbox and mdbox mailboxes.
2. Installation
2.1 install dovecot-imapd
# apt-get install dovecot-imapd
3. Configuration
3.1 SSL Encryption
Dovecot allows for unencrypted imap sessions on localhost only. So in most cases we have to setup SSL encryption.
Procedure:
- Generate a Certificate
- Enable SSL
- Restart dovecot
3.1.1 Create SSL Certificate
To create a self-signed certificate the Debian dovecot-imapd package is shipped with a shell script “mkcert.sh” and a template configuration file “dovecot-openssl.cnf”.
1. Copy both files to somewhere you can edit them e.g. "/etc/dovecot":
# cp /usr/share/dovecot/mkcert.sh /etc/dovecot # cp /usr/share/dovecot/dovecot-openssl.cnf /etc/dovecot
2. Edit the configuration file with the proper "organizationalUnitName", "commonName" (CN) and "emailAddress".
- The CN must match the mailserver domain!
dovecot-openssl.cnf:
.. [ req_distinguished_name ] organizationName = Dovecot mail server # # commonName (CN) must match mailserver domain! # organizationalUnitName = your_mail_serverdomain commonName = your_mail_serverdomain emailAddress = postmaster@your_mailserver_domain ..
3. Optionally extend certificate lifetime
In the “mkcert.sh” script the certificate lifetime is hardcoded as “-days 365”.
Optionally this can be altered in a longer lifetime e.g. 10 years:
/etc/dovecot/mkcert.sh
.. $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 3650 || exit 2 ..
4. Run "mkcert.sh"
# cd /etc/dovecot # ./mkcert.sh Generating a 2048 bit RSA private key ................................+++ ................................................+++ writing new private key to '/etc/dovecot/private/dovecot.pem' ----- subject= /O=Dovecot mail server/OU=your_mail_serverdomain/CN=your_mail_serverdomain/emailAddress=postmaster@your_mail_serverdomain SHA1 Fingerprint=FA:E0:EC:57:53:29:D0:DF:D5:F1:FB:05:03:B1:13:05:CD:34:6A:C5
Make sure that the key file isn't world readable:
# chmod 600 /etc/dovecot/private/dovecot.pem # ls -l /etc/dovecot/private/ total 4 -rw------- 1 root root 1704 Jan 6 17:00 dovecot.pem
3.1.2 Enable SSL
/etc/dovecot/conf.d/10-ssl.conf:
- ssl = yes
- ssl_cert = </etc/dovecot/dovecot.pem
- ssl_key = </etc/dovecot/private/dovecot.pem
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> # # ssl = no ssl = yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf # # Uncomment ssl_cert, ssl_key!! ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem ..
3.1.3 Restart Dovecot
# /etc/init.d/dovecot restart
4. Mail client configuration
4.1 Thunderbird
| Account Settings: Incoming Server | |
|---|---|
| Server Name: | your_mailserver.domain |
| Port: | 143 |
| User Name: | linux_user_name_here |
| Authentication method: | Normal password |
| Connection Security: | STARTTLS |
5. Troubleshooting
6. Documentation
| Docs | |
|---|---|
| Debian README | /usr/share/doc/dovecot-core/README.Debian.gz |
| Links | |
|---|---|
| Dovecot Wiki | http://wiki2.dovecot.org/ |
.
Copyright © 2018 Tux4u.be
Author: Marjan Waldorp; dovecot-imapd 2018-01-07
linux/network/mail/dovecot-imapd.txt · Laatst gewijzigd: 2018/12/30 17:17 (Externe bewerking)
Paginahulpmiddelen
