Pages

Friday, December 9, 2011

IMAP server with dovecot

If you need an IMAP server then dovecot might be the right one for you. It is very easy to install and to configure. This article is a short description how to install and configure dovecot 2.0.16 in Slackware. This description should also work for Solaris. The features in this description are the following:

Compiling dovecot from source
Setup authentication for local users (/etc/passwd and /etc/shadow)
Setup dovecot for use with SSL
Using maildir instead of mailbox format
Simple procmail sample to redirect incoming mails

The domain will be example.com and the user info. Of course the Email address will be info@example.com then. Just keep that in mind. To start get the source first:

# cd /usr/src/
# wget http://www.dovecot.org/releases/2.0/dovecot-2.0.16.tar.gz

Then untar the source and change into the new directory:

# gzip -dc dovecot-2.0.16.tar.gz | tar xf -
# cd dovecot-2.0.16

Note for Solaris: before you continue make sure that your have /usr/sfw and /usr/ccs in your PATH variable:

# export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/sfw/bin:/usr/sfw/sbin:/usr/ccs/bin

Now run the configure script. In most cases it finds everything out of the box:

# ./configure --prefix=/opt/dovecot/2.0.16
...
Install prefix . : /opt/dovecot/2.0.16
File offsets ... : 64bit
I/O polling .... : epoll
I/O notifys .... : inotify
SSL ............ : yes (OpenSSL)
GSSAPI ......... : no
passdbs ........ : static passwd passwd-file shadow checkpassword
                 : -pam -bsdauth -sia -ldap -sql -vpopmail
userdbs ........ : static prefetch passwd passwd-file checkpassword nss
                 : -ldap -sql -vpopmail
SQL drivers .... :
                 : -pgsql -mysql -sqlite

Now compile the source and install the binaries:

# make && make install

When everything is done you should have dovecot installed in /opt/dovecot/2.0.16. Now go to /opt/dovecot and link the 2.0.16 directory to latest:

# cd /opt/dovecot
# ln -s 2.0.16 latest

Next go into the latest directory and create a couple of configuration files. The main configuration file is stored under /opt/dovecot/latest/etc/dovecot/, all other configuration files under /opt/dovecot/latest/etc/dovecot/conf.d. If the conf.d directory does not exist, create it:

# mkdir -p /opt/dovecot/latest/etc/dovecot/conf.d

dovecot.conf: the main configuration file, includes the protocols, IP, other configuration files etc.

# cd /opt/dovecot/latest/etc/dovecot
# vi dovecot.conf
!include conf.d/*.conf
protocols = imap
listen = 192.168.1.76
base_dir = /var/run/dovecot/
login_greeting = Dovecot at example.com

conf.d/10-auth.conf: how to authenticate and which authentication mechanism will be used. The real authentication mechanism is stored in another external file. Plain as authentication mechanism might not the best but we are configuring SSL later.

# cd /opt/dovecot/latest/etc/dovecot/conf.d
# vi 10-auth.conf
auth_mechanisms = plain
!include auth-system.conf.ext

conf.d/10-logging.conf: as the name already says - all about logging. With the following configuration logs will be stored in /var/log/dovecot.log, /var/log/dovecot.info and /var/log/maillog

# cd /opt/dovecot/latest/etc/dovecot/conf.d
# vi 10-logging.conf
log_path = syslog
info_log_path = /var/log/dovecot.info
debug_log_path = /var/log/dovecot.log
syslog_facility = mail
auth_verbose = yes
auth_verbose_passwords = plain
auth_debug = yes
auth_debug_passwords = yes
mail_debug = yes
verbose_ssl = yes
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_group_events = yes
  mail_log_fields = uid box msgid size
}
log_timestamp = "%b %d %H:%M:%S "
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
login_log_format = %$: %s
mail_log_prefix = "%s(%u): "
deliver_log_format = msgid=%m: %$

conf.d/10-mail.conf: where and how to store emails, in this case I have configured dovecot that it will store all emails in a user specific folder with the ability to create subfolders etc.

# cd /opt/dovecot/latest/etc/dovecot/conf.d
# vi 10-mail.conf
mail_location = maildir:/var/spool/dovecot/%u

conf.d/10-master.conf: users for dovecot itself

# cd /opt/dovecot/latest/etc/dovecot/conf.d
# vi 10-master.conf
default_login_user = dovenull
default_internal_user = dovecot

conf.d/10-ssl.conf: ssl encryption, which cert and key to use and the password

# cd /opt/dovecot/latest/etc/dovecot/conf.d
# vi 10-ssl.conf
ssl = yes
ssl_cert = </etc/ssl/certs/dovecot.cert
ssl_key = </etc/ssl/private/dovecot.key
ssl_key_password = It'satrap!

conf.d/auth-system.conf.ext: authenthication mechanism, where to find the users and their password. In this case all users from /etc/passwd with their passwords stored in /etc/shadow

# cd /opt/dovecot/latest/etc/dovecot/conf.d
# vi auth-system.conf.ext
passdb {
  driver = shadow
}
userdb {
  driver = passwd
}

A seen above in the configuration files you have to create two users first and a certificate:

# groupadd -g 92 dovecot
# useradd -d /var/spool/dovecot -m -g dovecot -s /bin/false -u 92 dovecot
# useradd -d /var/spool/dovecot -g dovecot -s /bin/false -u 93 dovenull
# chmod 777 /var/spool/dovecot/

With the above commands a unique group will be created for both users. Then the two users will be created with the home directory /var/spool/dovecot. This is the exact place where dovecot will store all user emails. You have to allow all users to read and write in this directory - this is why you have to set the rights to read/write for everyone. Next create the certificate:

dovecot.key:

# cd /etc/ssl
# openssl genrsa -des3 -out private/dovecot.key 1024
Generating RSA private key, 1024 bit long modulus
......................................++++++
..++++++
e is 65537 (0x10001)
Enter pass phrase for private/dovecot.key: It'satrap!
Verifying - Enter pass phrase for private/dovecot.key: It'satrap!

dovecot.csr:

# cd /etc/ssl
# openssl req -new -key private/dovecot.key -out certs/dovecot.csr
Enter pass phrase for private/dovecot.key: It'satrap!
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Ohio
Locality Name (eg, city) []:Cincinnati
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example
Organizational Unit Name (eg, section) []:Administration
Common Name (eg, YOUR name) []:Karellen
Email Address []:info@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:       
An optional company name []:

dovecot.cert:

# cd /etc/ssl
# openssl x509 -req -days 365 -in certs/dovecot.csr -signkey private/dovecot.key -out certs/dovecot.cert
Signature ok
subject=/C=US/ST=Ohio/L=Cincinnati/O=Example/OU=Administration/CN=Karellen/emailAddress=info@example.com
Getting Private key
Enter pass phrase for private/dovecot.key: It'satrap!

That should it be. Dovcot was compiled, configured, users were created and a certificate. Now try to run it:

# /opt/dovecot/latest/sbin/dovecot -c /opt/dovecot/latest/etc/dovecot/dovecot.conf

Check that it is running:

# pgrep -fl dove
9922 /opt/dovecot/latest/sbin/dovecot -c /opt/dovecot/latest/etc/dovecot/dovecot.conf
9923 dovecot/anvil
9924 dovecot/log
13660 dovecot/ssl-params

And take a look at the log files (which will be also necassary if dovecot does not start):

# cat /var/log/dovecot.info
...
Dec 08 17:37:56 master: Info: Dovecot v2.0.16 starting up (core dumps disabled)
...

Now configure a mail client like this:

Mailserver: your dovecot server, in my case 192.168.1.76
Port: 993
User: any real local user, eg. info
Password: the local password for the user

Remember to open port 993 in your firewall if necassary. After the first connection attempt you should get a warning about your self signed certificate. If possible click something like "Store permanently". After succesfull login you should see under /var/spool/dovecot a new directory - info. This directory is for the user info (or which user you have taken):

# ls -lah /var/spool/dovecot
...
drwx------  5 info    users   4.0K 2011-12-09 12:28 info/
...

It has the exact rights like /home/info. Meanwhile, dovecot should have create a few sub folders and some files:

# cd /var/spool/dovecot/info
# ls -lah
total 52K
drwx------ 5 info    users   4.0K 2011-12-09 12:28 ./
drwxrwxrwx 4 dovecot dovecot 4.0K 2011-12-08 16:50 ../
drwx------ 2 info    users   4.0K 2011-12-08 18:38 cur/
-rw------- 1 info    users     79 2011-12-08 18:37 dovecot-uidlist
-rw------- 1 info    users      8 2011-12-08 16:51 dovecot-uidvalidity
-r--r--r-- 1 info    users      0 2011-12-08 16:51 dovecot-uidvalidity.4ee0dce5
-rw------- 1 info    users    17K 2011-12-09 12:28 dovecot.index.cache
-rw------- 1 info    users   2.1K 2011-12-09 12:28 dovecot.index.log
drwx------ 2 info    users   4.0K 2011-12-09 14:20 tmp/

If you did it so far then you should be able to create folders inside your mail client.
Btw. to receive new emails for info@example.com you have to configure procmail like this:

# vi /etc/procmailrc
VERBOSE=on
LOGFILE=/var/log/procmail.log
DROPPRIVS=yes

:0
* ^TO.*info.*
/var/spool/dovecot/info/

If you have configured your mail server that it use procmail, then all incoming mail will run through procmail. If procmail find a suitable rule like the one above for the user info then the mail will be stored under /var/spool/dovecot/info/new, not under /var/mail/info.

2 comments:

  1. thanks for this howto. it works well. if using the slackbuilds.org slackbuild the conf.d folder should be copied to /etc/dovecot/conf.d and paths for the howto adjusted appropriately. you will also have to manually copy the dovecot-openssl.cnf and mkcert.sh files manually from the source documentation to the installed documentation folder.

    ReplyDelete
  2. You can also use dovecot-lda to deliver the local mail. this will allow you to use sieve for things like "out of office" functionality (filter). this requires a few config file changes, and updating sendmail.conf to user dovecot's deliver instead of procmail. (and checking that your dns mx record points to an actual ip, and is not a cname record (otherwise this stops dovecot-lda from working).)

    ReplyDelete