Gernot Walzl

Dovecot

Dovecot is a mail delivery agent (MDA).

This tutorial shows how to configure Dovecot
so that mail clients can access their mails over IMAP.

Installation

Packages for Dovecot are found in the official Debian repository:

apt install dovecot-imapd

Configuration

The login over IMAP needs to be enabled in the following file:

/etc/dovecot/conf.d/10-master.conf
service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }

  #...
}

SSL/TLS encryption is highly recommended when login credentials are transmitted
over the internet. The SSL/TLS certificates are configured in the following file:

/etc/dovecot/conf.d/10-ssl.conf
ssl_cert = </etc/letsencrypt/live/example.net/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.net/privkey.pem

Let's Encrypt certificates are valid for 90 days.
certbot renews expired certificates automatically.
Dovecot needs to reload the configuration after the certificate has been renewed.
This is done automatically by placing an executable script as renewal hook:

/etc/letsencrypt/renewal-hooks/deploy/reload_dovecot.sh
#!/bin/sh
systemctl reload dovecot.service

The maildir format is often used to store mails.
The location and the format of the mail storage is configured in the following file:

/etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir

Authentication

The default configuration uses system accounts for authentication.
To use a text file of user accounts for authentication,
change the configuration in the following file:

/etc/dovecot/conf.d/10-auth.conf
#!include auth-system.conf.ext
!include auth-passwdfile.conf.ext

The file format for user accounts is essentially the same as for /etc/passwd.
Fields in braces are not used by Dovecot.

/etc/dovecot/users
username:crypted-password:uid:gid:(gecos):homedir:(shell):extra-fields

To crypt a password, use the command line tool mkpasswd.
It is part of the whois package.

Only Dovecot should be able to access the list of user accounts:

chown root:dovecot /etc/dovecot/users
chmod 640 /etc/dovecot/users

External Links

CONTENT.html 2022-05-22 3.3 KB