« Dovecot » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
(→Debug) Balise : Révocation manuelle |
|||
Ligne 110 : | Ligne 110 : | ||
* [https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets Allow_nets extra field] | * [https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets Allow_nets extra field] | ||
= SASL client authentication = | = [https://help.ubuntu.com/community/PostfixDovecotSASL#Dovecot SASL client authentication] = | ||
Needed configuration to use {{boxx|dovecot}} with {{boxx|postfix}}. | Needed configuration to use {{boxx|dovecot}} with {{boxx|postfix}}. | ||
<filebox fn='/etc/dovecot/conf.d/10-master.conf'> | <filebox fn='/etc/dovecot/conf.d/10-master.conf'> |
Version du 30 août 2023 à 23:28
Liens
Commands
# display the current configuration dovecot -n |
Protocols
/etc/dovecot/dovecot.conf |
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol |
/usr/share/dovecot/protocols.d/imapd.protocol |
protocols = $protocols imap |
Mailboxes
/etc/dovecot/conf.d/10-mail.conf |
# use maildir mail_location = maildir:~/maildir |
Authentication
/etc/dovecot/conf.d/10-auth.conf |
# Disable plaintext authentications unless SSL/TLS is used or if you connect from localhost disable_plaintext_auth = yes # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey gss-spnego # NOTE: plain: envoie du mot de passe non-encrypté. Dans le cadre d'une connexion SSL/TLS ce n'est pas un problème. auth_mechanisms = plain |
System users
By default, dovecot use system users and their passwords to connect.
/etc/dovecot/conf.d/10-auth.conf |
# use system users !include auth-system.conf.ext |
/etc/dovecot/conf.d/auth-system.conf.ext |
passdb { driver = pam # use /etc/pam.d/imap for IMAP args = %s } userdb { driver = passwd } |
/etc/pam.d/imap |
# allow IMAP access only for users in /etc/imapusers file auth required pam_listfile.so item=user sense=allow file=/etc/imapusers onerr=fail |
/etc/imapusers |
user1 user2 |
Passwd-file
/etc/dovecot/conf.d/10-auth.conf |
# use non-system users with passwd-file !include auth-system.conf.ext |
/etc/dovecot/conf.d/auth-passwdfile.conf.ext |
passdb { driver = passwd-file args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users } |
/etc/dovecot/users |
# password only user:{SHA512-CRYPT}pass # password + user user:{SHA512-CRYPT}pass:1000:1000::/home/user::userdb_mail=maildir:~/maildir allow_nets=192.168.0.0/24 |
# generate an encrypted password doveadm pw -s SHA512-CRYPT # check the hash match the password doveadm pw -V -t '{SHA512-CRYPT}hash' # list available password schemes doveadm pw -l |
- How to make dovecot password independent of server password?
- How do I change Dovecot virtual user passwords?
- Password Schemes
- Allow_nets extra field
SASL client authentication
Needed configuration to use dovecot with postfix.
/etc/dovecot/conf.d/10-master.conf |
service auth { # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } } |
/etc/dovecot/conf.d/10-auth.conf |
# add the login authentication mechanism auth_mechanisms = plain login |
TLS
/etc/dovecot/conf.d/10-ssl.conf |
ssl = required ssl_cert = </etc/letsencrypt/live/domain.fr/fullchain.pem ssl_key = </etc/letsencrypt/live/domain.fr/privkey.pem |
IMAP
/etc/dovecot/conf.d/20-imap.conf |
protocol imap { mail_plugins = $mail_plugins imap_zlib # imap_zlib: reduce the bandwidth usage of IMAP } |
Test
# imap telnet localhost imap2 # OK * DOVECOT * READY A1 LOGIN username password # LOGGED IN A2 LIST "" "*" A3 EXAMINE INBOX A5 LOGOUT # imaps openssl s_client -connect mail.domain.fr:993 |
Debug
/etc/dovecot/conf.d/10-logging.conf |
# Log unsuccessful authentication attempts and the reasons why they failed. auth_verbose = yes # Even more verbose logging for debugging purposes. auth_debug = yes # In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. auth_debug_passwords = yes |
Log
- /var/log/mail.err
Application Android
- Blue Mail
Configuration
- Serveur IMAP: mail.domain.fr
- Sécurité: STARTTLS
- Authentification: PLAIN
- Port: 143
- Serveur SMTP: mail.domain.fr
- Sécurité: STARTTLS
- Port: 587
- Authentification: AUTOMATIC
UFW
# allow incoming IMAP (143) to fetch emails sudo ufw allow "Dovecot IMAP" # allow incoming SMTP (587) to submit emails sudo ufw allow "Postfix Submission" |
Installation
sudo apt install dovecot-imapd |