Complete Virtual Mail Server/Dovecot to Database
From Gentoo Wiki
Jump to:navigation
Jump to:search
Note
This article is part of the Complete Virtual Mail Server series, and may require previous parts to have been read or followed.
This article is part of the Complete Virtual Mail Server series, and may require previous parts to have been read or followed.
Dovecot will be used to provide IMAP services.
To use POP3, which is explicitly discouraged, see Complete Virtual Mail Server/POP3.
Installing Dovecot
USE flags
net-mail/dovecot has a few USE flags that need to be examined.
USE flags for net-mail/dovecot An IMAP and POP3 server written with security primarily in mind
argon2
|
Add support for ARGON2 password schemes |
caps
|
Use Linux capabilities library to control privilege |
doc
|
Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally |
kerberos
|
Add kerberos support |
ldap
|
Add LDAP support (Lightweight Directory Access Protocol) |
lua
|
Enable Lua scripting support |
lucene
|
Add lucene full text search (FTS) support using dev-cpp/clucene |
lz4
|
Enable support for lz4 compression (as implemented in app-arch/lz4) |
managesieve
|
Add managesieve protocol support |
mysql
|
Add mySQL Database support |
pam
|
Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip |
postgres
|
Add support for the postgresql database |
rpc
|
Add support for NFS quotas |
selinux
|
!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur |
sieve
|
Add sieve support |
solr
|
Add solr full text search (FTS) support |
sqlite
|
Add support for sqlite - embedded sql database |
static-libs
|
Build static versions of dynamic libraries as well |
stemmer
|
Add libstemmer support (for FTS) |
suid
|
Enable setuid root program(s) |
systemd
|
Enable use of systemd-specific libraries and features like socket activation or session tracking |
tcpd
|
Add support for TCP wrappers |
textcat
|
Add libtextcat language guessing support for full text search (FTS) |
unwind
|
Add support for call stack unwinding and function name resolution |
zstd
|
Enable support for ZSTD compression |
Regarding the database flags, only choose the desired database backend. Other flags may be activated if their functionality is desired.
Emerge
root #emerge --ask net-mail/dovecotConfiguring dovecot
FILE
/etc/dovecot/dovecot.confenable imapprotocols = imap
FILE
/etc/dovecot/conf.d/10-mail.confmailbox setupmail_location = maildir:%h
namespace inbox {
inbox = yes
}
mail_uid = 5000
mail_gid = 5000
mailbox_list_index = yes
mailbox_idle_check_interval = 30 secs
maildir_copy_with_hardlinks = yes
FILE
/etc/dovecot/conf.d/10-ssl.confTLS setupssl = yes
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
Configuring the authentication mechanism
PostgreSQL
FILE
/etc/dovecot/conf.d/10-auth.confAuthentication setupdisable_plaintext_auth = yes
auth_default_realm = example.com
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_failure_delay = 2 secs
auth_mechanisms = plain login
!include auth-sql.conf.ext
FILE
/etc/dovecot/dovecot-sql.conf.extConnection with postgresdriver = pgsql
connect = host=localhost dbname=postfix user=postfix password=secret
default_pass_scheme = CRYPT
password_query = \
SELECT local_part AS username, domain, password FROM mailbox WHERE local_part = '%n' AND domain = '%d'
user_query = \
SELECT local_part AS user, CONCAT('/var/vmail/',maildir) AS home FROM mailbox WHERE local_part = '%n' AND domain = '%d'
Access permissions
Permissions must be set correctly, as the files can contain sensitive password information:
root #chmod 660 /etc/dovecot/dovecot-sql.conf.extTesting authentication
Dovecot includes a simple testing utility. It requires a valid username as parameter.
To perform some basic tests, start dovecot:
root #rc-service dovecot startRun the auth utility with the testuser:
root #dovecot auth login testuserpassdb: testuser auth succeeded extra fields: user=testuser@example.com original_user=testuser userdb extra fields: testuser home=/var/vmail/example.com/testuser/ auth_mech=PLAIN
Testing IMAP
Dovecot should be started:
root #rc-service dovecot startOnce started, telnet could be used to identify initial problems. Once logging in with telnet works, a mail client can be used:
user $telnet example.com 143Trying 127.0.0.1... Connected to example.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 1 LOGIN testuser secret 1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in 1 LOGOUT * BYE Logging out 1 OK LOGOUT completed (0.001 + 0.000 secs). Connection closed by foreign host.
If testing works properly, add dovecot to the default runlevel:
root #rc-update add dovecot default