Dovecot

From Gentoo Linux Wiki

Wikipedia has an article on:

Dovecot (software)

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Although it's written in C, it uses several coding techniques to avoid most of the common pitfalls. Dovecot can work with standard mbox, Maildir, and its own experimental native high-performance dbox formats. It is fully compatible with UW IMAP and Courier IMAP servers' implementation of them, as well as mail clients accessing the mailboxes directly. Dovecot also includes a Mail delivery agent (called Local delivery agent in Dovecot's documentation), with optional Sieve filtering support. Full details about Dovecot can be found at its website http://www.dovecot.org/.

[edit] Introduction

[edit] Features

Dovecot is best used to access mailboxes using either POP3 or IMAP. It can also incorporate a whole host of features, such as:

• Virtual users with...
  • Exim
  • OpenLDAP
  • PostgreSQL
  • Postfix
• POP before SMTP
• SSL / TLS
• SASL
• NFS
• ACLs

[edit] Install

This setup will provide a IMAP server, both as regular and secure. Add the following entries to /etc/portage/package.use:

net-mail/dovecot pop3d

If you need a SSL-encrypted IMAP server, you first need to ensure that you have Dovecot compiled with SSL support. For this to happen, Dovecot needs to be compiled with the ssl USE flag.

Add the following to /etc/portage/package.use:

net-mail/dovecot ssl pop3d

Install Dovecot using emerge -av dovecot.

Enable the USE flag fam for Dovecot if you want an immediate notification of new mails in your mailbox (IDLE support) for your mail clients.

Configure Dovecot by executing emerge --config dovecot.

[edit] Configure

The following configuration is foung in /etc/dovecot/dovecot.conf. To ensure that no other users can access your Dovecot configuration where the key is stored, run chmod 600 /etc/dovecot/dovecot.conf.

The default value Dovecot listens on is [::]. If you are experiencing that you cannot access your mail server and the port is not used, it might help to change the value of listen to *.

# listen = [::]
listen = *

[edit] Protocols

In the first section of the file, you need to specify the protocols that you want enabled. You probably have one or both of "imap" or "pop3" already enabled. You need to add the secure version of the protocols you use to this list. For example, if you use both, this would be:

protocols = imap pop3 imaps pop3s

To enable IMAP:

protocols = imap
...
disable_plaintext_auth = no
...
ssl_disable = yes

To use IMAPS:

protocols = imap imaps
...
disable_plaintext_auth = yes
...
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/server.pem
ssl_key_file = /etc/ssl/dovecot/server.key

See Dovecot TLS for how to create SSL certificates for Dovecot. To use POP3, add pop3 to the protocols variable. If you'd like to use POP3 with SSL (POP3S), add pop3s. You can also combine protocols.

[edit] Location for mailbox

Set the mail_location variable.

mail_location = maildir:~/.maildir

[edit] Using MySQL authorization

The following are sample configurations for Dovecot. Again, note that you'll need to substitute in the correct UID and GID values.

WARNING: ntp-client and Dovecot often do not work well together! ntp-client will abruptly shift the date, which can cause Dovecot to kill itself during the boot process to avoid random errors caused by the date shift. Use ntpd instead, and possibly add ntpd to the "after" section of /etc/init.d/dovecot to make sure ntpd is started up before Dovecot.

driver = mysql
connect = dbname=postfix user=postfix host=localhost password=postfix
default_pass_scheme = PLAIN
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 97 AS uid, 97 AS gid FROM mailbox WHERE username  = '%u'

auth_verbose = yes
mail_debug = yes

base_dir = /var/run/dovecot/
listen = *
shutdown_clients = yes
log_path = /var/log/mail.log
info_log_path = /var/log/mail.log
log_timestamp = "%b %d %H:%M:%S "
syslog_facility = mail
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
login_chroot = yes
login_user = postmaster
login_process_per_connection = yes
login_processes_count = 2
login_max_processes_count = 128
login_max_connections = 256
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_log_format = %$: %s
default_mail_env = maildir:/var/spool/postfix/virtual/%d/%n
first_valid_uid = 97 # REMEBER THIS MUST BE CHANGED TO YOUR UID FOR "postfix" FROM /etc/passwd
pop3_uidl_format = %08Xu%08Xv
auth default {
        mechanisms = PLAIN
        userdb sql {
                args = /etc/dovecot/dovecot-mysql.conf
        }
        passdb sql {
                args = /etc/dovecot/dovecot-mysql.conf
        }
        user = root
        count = 2

}
mail_extra_groups = mail
mail_debug = yes

[edit] Using vpopmail Authorization

Please see this qmail-howto for information on using Dovecot with net-mail/vpopmail.

[edit] Debugging

These settings may also be desirable:

mail_debug = yes
...
verbose_proctitle = yes

[edit] Logging

If you do not want Dovecot to log to the syslog, you can specify a log path:

log_path = /var/log/dovecot.log
# If you want everything in one file, just don't specify info_log_path
info_log_path = /var/log/dovecot-info.log

The error messages will go to file specified by log_path, while everything else goes to info_log_path. If you do this, make sure you're really looking at the log_path file for error messages, since the "Starting up" message is written to info_log_path file.

[edit] logrotate

If you have logrotate installed, you can use this script to rotate your logs. Note, that it requires you to have changed from syslog to an external log file. Save the below script as /etc/logrotate.d/dovecot:

/var/log/dovecot*.log {
  missingok
  notifempty
  delaycompress
  sharedscripts
  postrotate
    /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true
  endscript
}

[edit] Test the server

This will add Dovecot to the default runlevel.

rc-update add dovecot default

You can start Dovecot with: /etc/init.d/dovecot start.

[edit] Troubleshooting

Make sure you see the Dovecot starting up message in your log file (/var/log/mail.log). Try logging in with telnet (in the telnet-bsd package) telnet localhost 143. It should reply with the * OK Dovecot ready. message. If not, it's not running for some reason. Probably some configuration mistake, see log file for errors. Try to log in with login testuser@domain.tld yourpass. You should see the x OK Logged in. message. If not, authentication failed for some reason. You can look at the error in /var/log/mail.log. To logout, run logout.

[edit] See also

• Dovecot website
• Dovecot Wiki
• Mail server using Postfix and Dovecot
• Dovecot TLS