« Dovecot » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
(→Debug) |
|||
Ligne 187 : | Ligne 187 : | ||
# problem can be debugged. Enabling this also enables auth_debug. | # problem can be debugged. Enabling this also enables auth_debug. | ||
auth_debug_passwords = yes | auth_debug_passwords = yes | ||
# Enable mail process debugging. This can help you figure out why Dovecot | |||
# isn't finding your mails. | |||
mail_debug = yes | |||
</filebox> | </filebox> | ||
Version du 2 septembre 2023 à 16:24
Liens
Description
Dovecot is a POP/IMAP (Post Office Protocol / Interactive Message Access Protocol) server.
Commands
# display the current configuration dovecot -n |
Protocols
/etc/dovecot/dovecot.conf |
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol |
/usr/share/dovecot/protocols.d/imapd.protocol |
protocols = $protocols imap |
Mailboxes
- mbox: store all the emails in a unique file
- maildir: store emails in directories
/etc/dovecot/conf.d/10-mail.conf |
# use maildir for virtual users mail_location = maildir:/var/mail/%u # use maildir for system users mail_location = maildir:~/maildir |
Postfix and Dovecot LMTP
Ensure to have installed dovecot-lmtp |
/etc/postfix/main.cf |
virtual_transport=lmtp:unix:private/lmtp |
Authentication
/etc/dovecot/conf.d/10-auth.conf |
# Disable plaintext authentications unless SSL/TLS is used or if you connect from localhost disable_plaintext_auth = yes # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey gss-spnego # NOTE: plain: envoie du mot de passe non-encrypté. Dans le cadre d'une connexion SSL/TLS ce n'est pas un problème. auth_mechanisms = plain |
System users
By default, dovecot use system users and their passwords to connect.
/etc/dovecot/conf.d/10-auth.conf |
# use system users !include auth-system.conf.ext |
/etc/dovecot/conf.d/auth-system.conf.ext |
passdb { driver = pam # use /etc/pam.d/imap for IMAP args = %s } userdb { driver = passwd } |
/etc/pam.d/imap |
# allow IMAP access only for users in /etc/imapusers file auth required pam_listfile.so item=user sense=allow file=/etc/imapusers onerr=fail |
/etc/imapusers |
user1 user2 |
Passwd-file
/etc/dovecot/conf.d/10-auth.conf |
# use non-system users with passwd-file !include auth-passwdfile.conf.ext |
/etc/dovecot/conf.d/auth-passwdfile.conf.ext |
passdb { driver = passwd-file args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users } |
/etc/dovecot/users |
# password only user:{SHA512-CRYPT}pass # user:password:uid:gid:(gecos):home:(shell):extra_fields user:{SHA512-CRYPT}pass:1000:1000::/home/user::userdb_mail=maildir:~/maildir allow_nets=::1,127.0.0.0/8,192.168.0.0/24,local |
# generate an encrypted password doveadm pw -s SHA512-CRYPT # check the hash match the password doveadm pw -V -t '{SHA512-CRYPT}hash' # list available password schemes doveadm pw -l |
- How to make dovecot password independent of server password?
- How do I change Dovecot virtual user passwords?
- Password Schemes
- Allow_nets extra field
Virtual Users
SASL client authentication
Needed configuration to use dovecot with postfix.
/etc/dovecot/conf.d/10-master.conf |
service auth { # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } } |
/etc/dovecot/conf.d/10-auth.conf |
# add the login authentication mechanism auth_mechanisms = plain login |
TLS
/etc/dovecot/conf.d/10-ssl.conf |
ssl = required ssl_cert = </etc/letsencrypt/live/domain.fr/fullchain.pem ssl_key = </etc/letsencrypt/live/domain.fr/privkey.pem |
IMAP Compression
/etc/dovecot/conf.d/20-imap.conf |
protocol imap { mail_plugins = $mail_plugins imap_zlib # imap_zlib: reduce the bandwidth usage of IMAP } |
Test
# imap telnet localhost imap2 # OK * DOVECOT * READY A1 LOGIN username password # LOGGED IN A2 LIST "" "*" A3 EXAMINE INBOX A5 LOGOUT # imaps openssl s_client -connect mail.domain.fr:993 |
Debug
/etc/dovecot/conf.d/10-logging.conf |
# Log unsuccessful authentication attempts and the reasons why they failed. auth_verbose = yes # Even more verbose logging for debugging purposes. auth_debug = yes # In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. auth_debug_passwords = yes # Enable mail process debugging. This can help you figure out why Dovecot # isn't finding your mails. mail_debug = yes |
Log
- /var/log/mail.err
Application Android
- Blue Mail
Configuration
- Serveur IMAP: mail.domain.fr
- Sécurité: STARTTLS
- Authentification: PLAIN
- Port: 143
- Serveur SMTP: mail.domain.fr
- Sécurité: STARTTLS
- Port: 587
- Authentification: AUTOMATIC
UFW
# allow incoming IMAP (143) to fetch emails sudo ufw allow "Dovecot IMAP" # allow incoming SMTP (587) to submit emails sudo ufw allow "Postfix Submission" |
Installation
sudo apt install dovecot-imapd dovecot-lmtpd |