Dovecot

De Banane Atomic
Aller à la navigationAller à la recherche

Liens

Commands

Bash.svg
# display the current configuration
dovecot -n

Protocols

/etc/dovecot/dovecot.conf
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
/usr/share/dovecot/protocols.d/imapd.protocol
protocols = $protocols imap

Mailboxes

/etc/dovecot/conf.d/10-mail.conf
# use maildir
mail_location = maildir:~/maildir

Authentication

/etc/dovecot/conf.d/10-auth.conf
# Disable plaintext authentications unless SSL/TLS is used or if you connect from localhost
disable_plaintext_auth = yes

# Space separated list of wanted authentication mechanisms:
#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey gss-spnego
# NOTE: plain: envoie du mot de passe non-encrypté. Dans le cadre d'une connexion SSL/TLS ce n'est pas un problème.
auth_mechanisms = plain

System users

By default, dovecot use system users and their passwords to connect.

/etc/dovecot/conf.d/10-auth.conf
# use system users
!include auth-system.conf.ext
/etc/dovecot/conf.d/auth-system.conf.ext
passdb {
  driver = pam
  # use /etc/pam.d/imap for IMAP
  args = %s
}

userdb {
  driver = passwd
}
/etc/pam.d/imap
# allow IMAP access only for users in /etc/imapusers file
auth    required        pam_listfile.so item=user sense=allow file=/etc/imapusers onerr=fail
/etc/imapusers
user1
user2

Passwd-file

/etc/dovecot/conf.d/10-auth.conf
# use non-system users with passwd-file
!include auth-system.conf.ext
/etc/dovecot/conf.d/auth-passwdfile.conf.ext
passdb {
  driver = passwd-file
  args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users
}

userdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/users
}
/etc/dovecot/users
# password only
user:{SHA512-CRYPT}pass

# password + user
user:{SHA512-CRYPT}pass:1000:1000::/home/user::userdb_mail=maildir:~/maildir allow_nets=192.168.0.0/24
Bash.svg
# generate an encrypted password 
doveadm pw -s SHA512-CRYPT

# check the hash match the password
doveadm pw -V -t '{SHA512-CRYPT}hash'

# list available password schemes
doveadm pw -l

SASL client authentication

Needed configuration to use dovecot with postfix.

/etc/dovecot/conf.d/10-master.conf
service auth {
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
}
/etc/dovecot/conf.d/10-auth.conf
# add the login authentication mechanism
auth_mechanisms = plain login

TLS

/etc/dovecot/conf.d/10-ssl.conf
ssl = required

ssl_cert = </etc/letsencrypt/live/domain.fr/fullchain.pem
ssl_key = </etc/letsencrypt/live/domain.fr/privkey.pem

IMAP

/etc/dovecot/conf.d/20-imap.conf
protocol imap {
  mail_plugins = $mail_plugins imap_zlib
  # imap_zlib: reduce the bandwidth usage of IMAP
}

Test

Bash.svg
# imap
telnet localhost imap2
# OK * DOVECOT * READY
A1 LOGIN username password
# LOGGED IN
A2 LIST "" "*"
A3 EXAMINE INBOX
A5 LOGOUT

# imaps
openssl s_client -connect mail.domain.fr:993

Debug

/etc/dovecot/conf.d/10-logging.conf
# Log unsuccessful authentication attempts and the reasons why they failed.
auth_verbose = yes

# Even more verbose logging for debugging purposes.
auth_debug = yes

# In case of password mismatches, log the passwords and used scheme so the
# problem can be debugged. Enabling this also enables auth_debug.
auth_debug_passwords = yes

Log

  • /var/log/mail.err

Application Android

  • Blue Mail

Configuration

  • Serveur IMAP: mail.domain.fr
  • Sécurité: STARTTLS
  • Authentification: PLAIN
  • Port: 143
  • Serveur SMTP: mail.domain.fr
  • Sécurité: STARTTLS
  • Port: 587
  • Authentification: AUTOMATIC

UFW

Bash.svg
# allow incoming IMAP (143) to fetch emails
sudo ufw allow "Dovecot IMAP"

# allow incoming SMTP (587) to submit emails
sudo ufw allow "Postfix Submission"

Installation

Bash.svg
sudo apt install dovecot-imapd