Dovecot server setup

From Smith family

Server setup
← Previous	Next →
MTA (Postfix)	MySQL config

This is all about the user-facing side of setting up a mail server. For information on setting up the server-facing side, see the Postfix server setup page. Also see the Webmail setup page.

The basic source for setting up Postfix and Dovecot is the Postfix virtual user howto on the Ubuntu wiki.

Contents 1 Dovecot configuration 2 Create virtual users 3 Testing Dovecot 4 Set up local delivery and sieve 5 See also

Dovecot configuration

• Install Dovecot

root@server:~# apt-get install dovecot dovecot-imapd whois

(whois is needed in a moment for creating passwords)

• Update the /etc/dovecot/dovecot.conf file.

base_dir = /var/run/dovecot/
protocols = imap imaps

log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot.info

login_dir = /var/run/dovecot/login
login_chroot = yes
login_user = dovecot

ssl_disable = no
ssl_cert_file = /etc/ssl/domain/certs/imap-cert.pem
ssl_key_file = /etc/ssl/domain/private/imap-key.pem

protocol imap {
  login_executable = /usr/lib/dovecot/imap-login
  mail_executable = /usr/lib/dovecot/imap
}

valid_chroot_dirs = /var/spool/vmail
default_mail_env = maildir:/home/vmail/%d/%n
disable_plaintext_auth = no

auth default {
   mechanisms = plain
   userdb passwd-file {
      args = /etc/dovecot/users
   }
   passdb passwd-file {
     args = /etc/dovecot/passwd
   }
   socket listen {
     master {
        path = /var/run/dovecot-auth-master
        mode = 0600
        user = vmail
        group = mail
        }
   }
}

auth_executable = /usr/lib/dovecot/dovecot-auth
auth_user = root
auth_verbose = yes

note that only the IMAP protocol is supported. Also, I don't really bother with IMAPS, as the firewall ensures that the only machines that can connect to Dovecot are on my LAN. If you want to access email remotely via IMAP, you may need to pay more attention to this (see the other resources below for details). Personally, I use a webmail system for accessing email off-site.

Create virtual users

The Dovecot configuration file above shows that the information on the virtual users is stored in the files /etc/dovecot/users and /etc/dovecot/passwd. Users are added to these files by the script /etc/dovecot/adddovecotuser:

#!/bin/bash

username=${1%%@*}
domain=${1#*@}

# create the user name in the user file
echo "$username@$domain::5000:5000::/home/vmail/$domain/$username/:/bin/false::" >> /etc/dovecot/users

# create the maildir directory structure
/usr/bin/maildirmake.dovecot /home/vmail/$domain/$username 5000:5000

# add the user to the Postfix virtual map file
echo $1 $domain/$username >> /etc/postfix/vmaps
postmap /etc/postfix/vmaps
postfix reload

and passwords are added with the /etc/dovecot/mkdovecotpasswd script

#!/bin/bash

echo "$1:`mkpasswd --hash=md5 $2`" >> /etc/dovecot/passwd

• Make these files executable:

root@server:~# chmod a+x /etc/dovecot/adddovecotusers
root@server:~# chmod a+x /etc/dovecot/mkdovecotpasswd

• To add a user, run

root@server:~# /etc/dovecot/adddovecotusers user1@domain1.com

• and then create their password

root@server:~# /etc/dovecot/mkdovecotpasswd user1@domain1.com password

(If you want to change a user's password, delete their line from /etc/dovecot/passwd before running the mkdovecotpasswd script again.)

• Once every virtual user has received at least one mail (and hence had their mailbox directory structure created), change the file ownerships on those directories so that Dovecot can manipulate them

root@server:~# chown -R vmail:vmail /home/vmail

• Ensure the changes are incorporated into Postfix and Dovecot

root@server:~# postfix reload
root@server:~# /etc/init.d/dovecot restart

• You now need to ensure that the Dovecot log files are included in the logrotatesystem. Create the file /etc/logrotate.d/dovecot

/var/log/dovecot*log {
       weekly
       missingok
       rotate 52
       compress
       delaycompress
       notifempty
       # Note the odd permissions: this is needed because deliver doesn't know what user it runs under
       create 666 root adm
       sharedscripts
}

/var/log/dovecot*info {
       weekly
       missingok
       rotate 52
       compress
       delaycompress
       notifempty
       # Note the odd permissions: this is needed because deliver doesn't know what user it runs under
       create 666 root adm
       sharedscripts
}

This should be picked up automatically the next time logrotate is run by cron.

Testing Dovecot

Type in a terminal

root@server:~# telnet mail.domain1.com 143

An output like the following will display in your terminal

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.

Type the following code segment in the prompt provided by the Dovecot IMAP server.

a login user1@domain1.com password
a logout

If you can log in, Final output should be something like this

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.
a login info@domain1.com password
a OK Logged in.
a logout
* BYE Logging out
a OK Logout completed.

You should now be able to log into the Dovecot server with your favourite email client.

IMAPS connections can be tested with openssl

root@server:~# openssl s_client -connect imap.domain.tld:993
<verbiage snipped>
* OK Dovecot ready.

and test the login as before.

Mail clients using IMAPS should connect to imap.domain.tld:993 using SSL encryption and PLAIN authentication.

Once IMAP and users are set up, you can use that as the basis for SASL authentication of SMTP users of Postfix. See the Postfix SASL notes for details.

Set up local delivery and sieve

The final stage is to incorporate Dovecot's local delivery agent, Deliver, into the mail delivery system. I want to do this because Deliver supports Sieve, which does server-side mail filtering. Note that the implementation of Sieve in Dovecot seems to be incomplete, as several rule types (e.g. regexp) don't work. See the Dovecot page on Postfix for details.

• Modify /etc/dovecot/dovecot.conf to include the configuration for Deliver

protocol lda {
   postmaster_address = postmaster@domain.tld
   auth_socket_path = /var/run/dovecot-auth-master
   mail_plugins = cmusieve
   log_path = /var/log/dovecot-deliver.log
   info_log_path = /var/log/dovecot-deliver.log
}

• Update /etc/postfix/main.cf to enable Dovecot as an LDA

dovecot_destination_recipient_limit = 1
mailbox_transport = dovecot
virtual_transport = dovecot

• Update /etc/postfix/master.cf

# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
# Use this line if you're not using dovecot's 'deliver' LDA
#  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
# use this line if using deliver and you want it to create new maildirs depending on extension
#  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${user}@${nexthop} -m ${extension}
# use this line if using deliver and arbitrary extensions go into the central inbox
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${user}@${nexthop}

• Create an an empty log file for deliver

root@server:~# touch /var/log/dovecot-deliver.log
root@server:~# chmod a+w /var/log/dovecot-deliver.log

• Ensure the changes are incorporated into Postfix and Dovecot

root@server:~# postfix reload
root@server:~# /etc/init.d/dovecot restart

• Now, create rule files for Deliver/Sieve to use. This should be in the base directory for the user's mail directory, e.g. /home/vmail/domain1.com/user1/.dovecot.sieve

require ["fileinto"];

# generally a clause is
# if header :contains ["From", "To", "CC", "Subject", <and so on>] 
#   ["part of address", "another string element", <and so on>
# If any of the elements match any of the header parts, the clause is triggered

   if header :contains ["To", "CC"] ["user1@domain1.com", "user2@domain2.com"] {
  fileinto "Folder 1";
} elsif header :contains ["From"] ["person@somewhere.com"] {
  fileinto "Folder 1.Subfolder 2";
}

• Ensure that all the folders referenced in the rules exist before you mention them in the .dovecot.sieve file. The first time Dovecot delivers mail to this user, it will create the .dovecot.sievec compiled file. If the rules file changes, Dovecot will recreate the compiled file automatically.

For more on Sieve rules, see the FastMail wiki which has a guide to basic Sieve and some examples, and a Sieve summary, including a comprehensive Sieve rule set.

And that should be email sorted out.

See also

Here are a few pages that are useful guides or provide background and context.

• Secure Virtual Mailserver HOWTO: Postfix + OpenLDAP + Dovecot + Jamm + SASL + SquirrelMail
• Virtual Domains, Postfix, Dovecot LDA, and LDAP
• Postfix and Dovecot on Ubuntu Dapper Drake
• dovecot-sieve with FreeBSD
• Dovecot LDA
• Rotating log files
• Enabling Secure IMAP and POP3 with Dovecot
• Linux imapd with SSL Howto
• Setting Up Email: A Postfix/Dovecot HOWTO
• Setting up Dovecot to use Postfix and Deliver