Dovecot

From Edgar BV Wiki
Jump to navigation Jump to search

version 2

apt-get -t squeeze-backports --no-install-recommends install dovecot-common dovecot-core dovecot-imapd dovecot-pop3d


in /etc/dovecot/dovecot.conf

listen = *, ::
base_dir = /var/run/dovecot/

in /etc/dovecot/conf.d/

10-logging.conf

log_path = /var/log/mail/dovecot.err
info_log_path = /var/log/mail/dovecot.info

10-mail.conf

mail_location = maildir:~/Maildir
mmap_disable = yes
dotlock_use_excl = yes
mail_fsync = always
mail_nfs_storage = yes
mail_nfs_index = yes
maildir_copy_with_hardlinks = yes
mail_privileged_group = mail

10-mail.conf also find "namespace inbox" and uncomment out

separator = /

10-ssl.conf

ssl = yes
ssl_cert = </etc/letsencrypt/live/mail.edgarbv.com-0001/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.edgarbv.com-0001/privkey.pem

depreciated

10-auth.conf

disable_plaintext_auth = no

10-ssl.conf ensure SSLv3 is off

ssl_protocols = !SSLv2 !SSLv3

authenticating using an external server

auth-system-conf.ext

This allows you to authenticate a user from a remote IMAP server

passdb {
  driver = imap
  args = host=192.168.0.112
}

But you still need the UID / GID etc, so you need to find a way to get it to read the userdb, so also add

userdb {
  driver = passwd-file
  args = /etc/dovecotauth/passwd
}

and link /etc/dovecot/dovecotauth/passwd from the other server using NFS

You need at lease one passdb and one userdb. If you have more than each, dovecot runs through them in that order.

Use the doveadm command to administer and test. Useful are:

user / userdb queries

doveadm user USERNAME

auth / passdb queries

doveadm auth USERNAME


In order to get all users >= 1000 from a password file, run this script:

#!/bin/bash

cat /dev/null > /export/tripmail/ghostpasswd
cat /etc/passwd | while read a; do

        uid=`echo $a | cut -d":" -f 3`
        eval uid2=$uid

        if [ $uid2 -gt 999 ]; then
                echo $a > /export/tripmail/ghostpasswd
        fi
done

Administration / Doveadm

Find out information on mailboxes using search queries:

doveadm search -u razor mailbox INBOX unseen

You can find out about the different query types here

Look at the indexes for a folder:

doveadm index -u razor INBOX

More information here

These are the index files that dovecot generates for each folder:

dovecot.index: Main index file
dovecot.index.cache: Cached mailbox data
dovecot.index.log: Transaction log file
dovecot.index.log.2: .log file is rotated to .log.2 file when it grows too large. 

They can all be deleted safely, they will be regenerated automatically. Large mailboxes take longer :) More information here

after installation

Logging:

log_path = /var/log/mail/dovecot.err
info_log_path = /var/log/mail/dovecot.info
touch /var/log/mail/dovecot.err
touch /var/log/mail/dovecot.info

in /etc/logrotate.d/rsyslog add

/var/log/mail/dovecot.err
/var/log/mail/dovecot.info

to the rest of the mail lines

Create a maildir for www-data manually (dovecot has no permissions to create in /var/www)

mkdir /var/www/Maildir
chown www-data /var/www/Maildir

To test:

telnet localhost 110
telnet localhost 143

and from another machine:

telnet IPADDRESS 110
telnet IPADDRESS 143
<pre>
mutt -f imap://username@localhost
mutt -f pop://username@localhost

or to open a user's maildir:

mutt -m maildir -f ~user/Maildir

OBSOLETE version 1 (up to Debian Squeeze)

Check the following is set, or dovecot won't let people POP / IMAP in

protocols = imap imaps pop3 pop3s

We need to set it to listen on all interfaces, so uncomment

listen = *

Because we're allowing plaintext auth we need to change

disable_plaintext_auth = no

To set Dovecot to save files in Maildir format and then also use directories to store folders (instead of foldername.mail in one big folder), set NB the documentation says you should use an extra :layout=fs but that breaks just about everything and this way everything is put into subfolders starting with .

mail_location = maildir:~/Maildir

Ensure the following is set for performance

maildir_copy_with_hardlinks = yes

Because we're using NFS for mail storage we need to check:

mmap_disable = yes
dotlock_use_excl = yes # MUST CHECK THIS ONE
mail_nfs_storage = yes
mail_nfs_index = yes