Dovecot is a mail delivery agent (MDA).
This tutorial shows how to configure Dovecot
so that mail clients can access their mails over IMAP.
Packages for Dovecot are found in the official Debian repository:
apt install dovecot-imapd
The login over IMAP needs to be enabled in the following file:
/etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
#...
}
SSL/TLS encryption is highly recommended when login credentials are transmitted
over the internet. The SSL/TLS certificates are configured in the following file:
/etc/dovecot/conf.d/10-ssl.conf
ssl_cert = </etc/letsencrypt/live/example.net/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.net/privkey.pem
Let's Encrypt certificates are valid for 90 days.
certbot
renews expired certificates automatically.
Dovecot needs to reload the configuration after the certificate has been renewed.
This is done automatically by placing an executable script as renewal hook:
/etc/letsencrypt/renewal-hooks/deploy/reload_dovecot.sh
#!/bin/sh
systemctl reload dovecot.service
The maildir
format is often used to store mails.
The location and the format of the mail storage is configured in the following file:
/etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
The default configuration uses system accounts for authentication.
To use a text file of user accounts for authentication,
change the configuration in the following file:
/etc/dovecot/conf.d/10-auth.conf
#!include auth-system.conf.ext
!include auth-passwdfile.conf.ext
The file format for user accounts is essentially the same as for /etc/passwd
.
Fields in braces are not used by Dovecot.
/etc/dovecot/users
username:crypted-password:uid:gid:(gecos):homedir:(shell):extra-fields
To crypt a password, use the command line tool mkpasswd
.
It is part of the whois
package.
Only Dovecot should be able to access the list of user accounts:
chown root:dovecot /etc/dovecot/users
chmod 640 /etc/dovecot/users