Gebruikershulpmiddelen

Site-hulpmiddelen


linux:network:mail:dovecot-imapd

Dovecote IMAP Server Howto

This document describes how to set up the “Dovecot” Imap server.

Debian: 8.5 (Jessie)
dovecot-imapd: 1:2.2.13-12~deb8u1

1. Introduction

The Internet Message Access Protocol (IMAP) is an Internet standard protocol used by e-mail clients to retrieve e-mail messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 3501. 1)

Dovecot-imapd 2) is a secure IMAP server that supports mbox, maildir, dbox and mdbox mailboxes.

2. Installation

2.1 install dovecot-imapd

# apt-get install dovecot-imapd

3. Configuration

3.1 SSL Encryption

Dovecot allows for unencrypted imap sessions on localhost only. So in most cases we have to setup SSL encryption.

Procedure:

  • Generate a Certificate
  • Enable SSL
  • Restart dovecot

3.1.1 Create SSL Certificate

To create a self-signed certificate the Debian dovecot-imapd package is shipped with a shell script “mkcert.sh” and a template configuration file “dovecot-openssl.cnf”.

1. Copy both files to somewhere you can edit them e.g. "/etc/dovecot":
# cp /usr/share/dovecot/mkcert.sh /etc/dovecot
# cp /usr/share/dovecot/dovecot-openssl.cnf /etc/dovecot
2. Edit the configuration file with the proper "organizationalUnitName", "commonName" (CN) and "emailAddress".
  • The CN must match the mailserver domain!

dovecot-openssl.cnf:

..
[ req_distinguished_name ]
organizationName = Dovecot mail server
#
# commonName (CN) must match mailserver domain!
#
organizationalUnitName = your_mail_serverdomain
commonName = your_mail_serverdomain
emailAddress = postmaster@your_mailserver_domain
..
3. Optionally extend certificate lifetime

In the “mkcert.sh” script the certificate lifetime is hardcoded as “-days 365”.
Optionally this can be altered in a longer lifetime e.g. 10 years:

/etc/dovecot/mkcert.sh

..
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 3650 || exit 2
..
4. Run "mkcert.sh"
# cd /etc/dovecot

# ./mkcert.sh

Generating a 2048 bit RSA private key
................................+++
................................................+++
writing new private key to '/etc/dovecot/private/dovecot.pem'
-----

subject= /O=Dovecot mail server/OU=your_mail_serverdomain/CN=your_mail_serverdomain/emailAddress=postmaster@your_mail_serverdomain
SHA1 Fingerprint=FA:E0:EC:57:53:29:D0:DF:D5:F1:FB:05:03:B1:13:05:CD:34:6A:C5

Make sure that the key file isn't world readable:

# chmod 600 /etc/dovecot/private/dovecot.pem

# ls -l /etc/dovecot/private/
total 4
-rw------- 1 root root 1704 Jan  6 17:00 dovecot.pem

3.1.2 Enable SSL

/etc/dovecot/conf.d/10-ssl.conf:

  • ssl = yes
  • ssl_cert = </etc/dovecot/dovecot.pem
  • ssl_key = </etc/dovecot/private/dovecot.pem
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
#
# ssl = no
ssl = yes

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#
# Uncomment ssl_cert, ssl_key!!
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
..

3.1.3 Restart Dovecot

# /etc/init.d/dovecot restart

4. Mail client configuration

4.1 Thunderbird

Account Settings: Incoming Server
Server Name: your_mailserver.domain
Port: 143
User Name: linux_user_name_here
Authentication method: Normal password
Connection Security: STARTTLS

5. Troubleshooting

6. Documentation

Docs
Debian README /usr/share/doc/dovecot-core/README.Debian.gz
Links
Dovecot Wiki http://wiki2.dovecot.org/

.

Copyright © 2018 Tux4u.be
Author: Marjan Waldorp; dovecot-imapd 2018-01-07

linux/network/mail/dovecot-imapd.txt · Laatst gewijzigd: 2018/12/30 17:17 (Externe bewerking)