This is an old revision of the document!
Installing and Configuring The Dovecot MDA
The dovecot package will create a mostly empty configuration directory at /etc/dovecot.
cat /etc/dovecot/README Configuration files go to this directory. See example configuration files in /usr/doc/dovecot-2.2.13/example-config/
So we will create the necessary structure and copy the necessary example config files to the working location.
mkdir /etc/dovecot/conf.d cp /usr/doc/dovecot-2.2.13/example-config/dovecot.conf /etc/dovecot/. cp /usr/doc/dovecot-2.2.13/example-config/dovecot-sql.conf.ext /etc/dovecot/. cp /usr/doc/dovecot-2.2.13/example-config/conf.d/10-auth.conf /etc/dovecot/conf.d/. cp /usr/doc/dovecot-2.2.13/example-config/conf.d/10-mail.conf /etc/dovecot/conf.d/. cp /usr/doc/dovecot-2.2.13/example-config/conf.d/10-master.conf /etc/dovecot/conf.d/. cp /usr/doc/dovecot-2.2.13/example-config/conf.d/10-ssl.conf /etc/dovecot/conf.d/. cp /usr/doc/dovecot-2.2.13/example-config/conf.d/auth-sql.conf.ext /etc/dovecot/conf.d/.
We will work from top to bottom of the copied file list to perform configuration.
Open the file, /etc/dovecot.dovecot.conf and make the following changes:
vi /etc/dovecot/dovecot.conf ... uncomment the following line ... protocols = imap pop3 lmtp ... set postmaster_address to your admin address postmaster_address = me@my-domain.com ... Add following line commented, uncomment to see SSL errors ... #verbose_ssl = yes
Next, configure the database access and password query parameters for dovecot:
vi /etc/dovecot/dovecot-sql.conf.ext ... uncomment and set the following lines as shown ... driver = mysql connect = host=localhost dbname=mailserver user=mailuser pass default_pass_scheme = SHA512-CRYPT password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
Next, configure dovecot authentication methods:
vi /etc/dovecot/conf.d/10-auth.conf ... uncomment this line, we only allow secure authentication ... disable_plaintext_auth = yes ... add "login" to auth_mechanisms auth_mechanisms = plain login ... comment out this line, we are not using file based auth ... #!include auth-system.conf.ext ... uncomment this line to allow SQL based auth ... !include auth-sql.conf.ext
Next, set the filesystem paths and permission for virtual mail. The virtual user's mail boxes will be at /var/vmail/vhosts/DOMAIN/USER. Dovecot will perform the substitutions for %d and %n at runtime.
vi /etc/dovecot/conf.d/1--mail.conf ... uncomment and set the mail_location path ... mail_location =maildir:/var/vmail/vhosts/%d/%n ... uncomment and set the mail_priviledged_group ... mail_privileged_group = mail
Now we set the configuration for the dovecot master process:
vi /etc/dovecot/conf.d/10-master.conf ... find the "service imap-login" section and set port to 0, this forces secure imap login ... service imap-login { inet_listener imap { #port = 143 port = 0 } ... } ... find the "service pop3-login" section and set port to 0, this forces secure pop3 login... service pop3-login { inet_listener pop3 { #port = 110 port = 0 } ... } ... find the "service lmtp" section and make the following changes ... service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } ... } ... find the "service auth" section and make the following changes ... service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } ... find the "service auth-worker" section and make the following changes ... service auth-worker { user = vmail }
Next we set up the SSL configuration to use the certificates created earlier:
vi /etc/dovecot/conf.d/10-ssl.conf ... uncomment as necessary and make the following changes ... ssl = required ssl_cert = </etc/ssl/localcerts/dove.pem ssl_key = </etc/ssl/private/dove.key
Finally, configure authentication and user data paths for dovecot access:
vi /etc/dovecot/conf.d/auth-sql.conf.ext ... find the "passdb" section and configure as follows ... passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } ... find the "userdb" section and configure as follows ... userdb { driver = static args = uid=vmail gid=vmail home=/var/vmail/vhosts/%d/%n }
Now we want to further secure the installation by making all dovecot configutation files owned by vmail and accessible by the dovecot group, and restricting all others access.
chown -R vmail:dovecot /etc/dovecot chmod -R o-rwx /etc/dovecot