[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
howtos:network_services:postfix_dovecot_mysql:dovecot [2015/02/16 06:05 (UTC)] – intermediate save astrogeekhowtos:network_services:postfix_dovecot_mysql:dovecot [2015/04/01 21:22 (UTC)] (current) – Fix Dovecot connection string. denydias
Line 1: Line 1:
 +====== Installing The Dovecot MDA ======
  
-===== Installing The Dovecot MDA ===== +This page is supplemental to main article: [[howtos:network_services:postfix_dovecot_mysql|Creating a Virtual Mail Server with Postfix, Dovecot and MySQL]]
-<note important>This article is under construction and not complete! Please return later...</note>+
  
 Dovecot is a popular and secure mail delivery agent, or MDA, which can be configured to work alongside the postfix MTA. Dovecot is a popular and secure mail delivery agent, or MDA, which can be configured to work alongside the postfix MTA.
Line 38: Line 38:
 <code>installpkg {path-to/}dovecot-2.2.13-x86_64-1_SBo.tgz</code> <code>installpkg {path-to/}dovecot-2.2.13-x86_64-1_SBo.tgz</code>
  
-===== Configuring The Dovecot MDA =====+====== Configuring The Dovecot MDA ======
  
 You should become familiar with the [[http://wiki2.dovecot.org/FrontPage|dovecot documentation]] in order to properly configure your installation. You will also find a local copy of the complete documentation installed with the package in /usr/doc/dovecot-2.2.13/wiki/ (adjust for you version number if necessary). You should become familiar with the [[http://wiki2.dovecot.org/FrontPage|dovecot documentation]] in order to properly configure your installation. You will also find a local copy of the complete documentation installed with the package in /usr/doc/dovecot-2.2.13/wiki/ (adjust for you version number if necessary).
Line 65: Line 65:
 We will work from top to bottom of the copied file list to perform configuration. We will work from top to bottom of the copied file list to perform configuration.
  
-Open the file, /etc/dovecot.dovecot.conf and make the following changes:+Open the file, /etc/dovecot/dovecot.conf and make the following changes:
 <code> <code>
 vi /etc/dovecot/dovecot.conf vi /etc/dovecot/dovecot.conf
Line 78: Line 78:
 </code> </code>
  
-Next, configure the database access and password query parameters for dovecot:+Next, configure the database access parameters and password query for dovecot:
  
 <code> <code>
 vi /etc/dovecot/dovecot-sql.conf.ext vi /etc/dovecot/dovecot-sql.conf.ext
-... uncomment and set the following lines as shown ...+# Uncomment and set the following lines as shown #
 driver = mysql driver = mysql
-connect = host=localhost dbname=mailserver user=mailuser pass+connect = "host=localhost dbname=mailserver user=mailuser password={your mailuser password}"
 default_pass_scheme = SHA512-CRYPT default_pass_scheme = SHA512-CRYPT
 password_query = SELECT email as user, password FROM virtual_users WHERE email='%u'; password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
 </code> </code>
  
-Next, configure dovecot authentication methods:+Next, we configure the authentication methods to be used by dovecot. We will restrict it to use only secure authentication by the settings here and in the included auth-sql.conf.ext file, excluding other methods.
  
 <code> <code>
 vi /etc/dovecot/conf.d/10-auth.conf vi /etc/dovecot/conf.d/10-auth.conf
-... uncomment this line, we only allow secure authentication ...+# Uncomment this line - no plain text authentication! #
 disable_plaintext_auth = yes disable_plaintext_auth = yes
-... add "login" to auth_mechanisms+ 
 +# Plain is inside SSL, add "login" for MUA user/pass authentication #
 auth_mechanisms = plain login auth_mechanisms = plain login
-... comment out this line, we are not using file based auth ...+ 
 +# Comment out this line, no file based auth #
 #!include auth-system.conf.ext #!include auth-system.conf.ext
-... uncomment this line to allow SQL based auth ...+ 
 +# Uncomment this line to allow SQL based auth #
 !include auth-sql.conf.ext !include auth-sql.conf.ext
 </code> </code>
  
-Next, set the filesystem paths and permission for virtual mail. The virtual user's mail boxes will be at /var/vmail/vhosts/DOMAIN/USER. Dovecot will perform the substitutions for %d and %n at runtime.+Set the filesystem path for virtual mail. The virtual user's mail boxes will be at /var/vmail/vhosts/DOMAIN/USER. Dovecot will perform the substitutions for %d and %n at runtime.
  
 <code> <code>
-vi /etc/dovecot/conf.d/1--mail.conf +vi /etc/dovecot/conf.d/10-mail.conf 
-... uncomment and set the mail_location path ... + 
-mail_location =maildir:/var/vmail/vhosts/%d/%n +# Uncomment and set the mail_location path # 
-... uncomment and set the mail_priviledged_group ... +mail_location = maildir:/var/vmail/vhosts/%d/%n
-mail_privileged_group = mail+
 </code> </code>
  
-Now we set the configuration for the dovecot master process:+Set the configuration for the dovecot master process:
 <code> <code>
 vi /etc/dovecot/conf.d/10-master.conf vi /etc/dovecot/conf.d/10-master.conf
-... find the "service imap-login" section and set port to 0, this forces secure imap login ...+ 
 +# Find the "service imap-login" section and set port to 0 to disable insecure imap login #
 service imap-login { service imap-login {
      inet_listener imap {      inet_listener imap {
-          #port = 143 
            port = 0            port = 0
         }         }
         ...         ...
 } }
-... find the "service pop3-login" section and set port to 0, this forces secure pop3 login...+ 
 +# Find the "service pop3-login" section and set port to 0 to disable insecure pop3 login #
 service pop3-login { service pop3-login {
   inet_listener pop3 {   inet_listener pop3 {
-      #port = 110 
        port = 0        port = 0
         }         }
         ...         ...
 } }
-... find the "service lmtp" section and make the following changes ...+ 
 +# Find the "service lmtp" section and make the following changes #
 service lmtp { service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp {
Line 141: Line 144:
     ...     ...
 } }
-... find the "service auth" section and make the following changes ...+ 
 +# Find the "service auth" section, set postfix handler for SASL, db auth user/perms #
 service auth { service auth {
     unix_listener /var/spool/postfix/private/auth {     unix_listener /var/spool/postfix/private/auth {
Line 154: Line 158:
   user = dovecot   user = dovecot
 } }
-... find the "service auth-worker" section and make the following changes ...+ 
 +# Find the "service auth-worker" section, run auth processes as unpriv user #
 service auth-worker { service auth-worker {
   user = vmail   user = vmail
Line 160: Line 165:
 </code> </code>
  
-Next we set up the SSL configuration to use the certificates created earlier:+Next we set up the SSL configuration so it is mandatory and uses the certificates created earlier:
  
 <code> <code>
 vi /etc/dovecot/conf.d/10-ssl.conf vi /etc/dovecot/conf.d/10-ssl.conf
-... uncomment as necessary and make the following changes ...+ 
 +# Uncomment as necessary and make the following changes #
 ssl = required ssl = required
 ssl_cert = </etc/ssl/localcerts/dove.pem ssl_cert = </etc/ssl/localcerts/dove.pem
Line 174: Line 180:
 <code> <code>
 vi /etc/dovecot/conf.d/auth-sql.conf.ext vi /etc/dovecot/conf.d/auth-sql.conf.ext
-... find the "passdb" section and configure as follows ...+ 
 +# Find the "passdb" section and configure as follows #
 passdb { passdb {
     driver = sql     driver = sql
     args = /etc/dovecot/dovecot-sql.conf.ext     args = /etc/dovecot/dovecot-sql.conf.ext
 } }
-... find the "userdb" section and configure as follows ...+ 
 +# Find the "userdb" section and configure as follows #
 userdb { userdb {
       driver = static       driver = static
Line 186: Line 194:
 </code> </code>
  
-Now we want to further secure the installation by making all dovecot configutation files owned by vmail and accessible by the dovecot group, and restricting all others access.+Now we want to further secure the installation by making all dovecot configutation files owned by the non--privledged vmail user, and accessible by the dovecot group, with no access by others.
  
 <code> <code>
Line 192: Line 200:
 chmod -R o-rwx /etc/dovecot chmod -R o-rwx /etc/dovecot
 </code> </code>
 +
 [[howtos:network_services:postfix_dovecot_mysql|Return to main article page]] [[howtos:network_services:postfix_dovecot_mysql|Return to main article page]]
 +====== Sources ======
 +  * Based primarily on [[http://wiki2.dovecot.org/|Dovecot documentation]]
 +  * Originally written by [[wiki:user:astrogeek | astrogeek]]
 {{tag>howtos dovecot postfix mysql}} {{tag>howtos dovecot postfix mysql}}

Trace:

howtos:network_services:postfix_dovecot_mysql:dovecot ()