HannibalWiki

User Tools

Site Tools

You are here: start » picoenterprise » mailstore
Trace:
picoenterprise:mailstore

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
picoenterprise:mailstore [2013/12/18 12:53]
Luc Nieland created 		picoenterprise:mailstore [2017/04/02 18:21] (current)
Luc Nieland
Line 1: Line 1:
 +=====Dovecot IMAP-server (mail-store)=====
 +
 +This howto is based on Debian-8.
 +
 +
 +
 +Design assumptions.
 +  * the dovecot system is used as a blackbox, where only administrators have (shell) access.
 +  * dovecote data and config files are owned by dovecot:​dovecot.
 +  * the system is in a secure (dmz) network (ie. only port 993 is exposed to the public network. The lmtp and sievemanage ports are firewalled).
 +  * mail delivery from the MTA should be done by LMTP.
 +  * the application configuration is designed to be used as a microservice in a container (for example Docker). All variable-data and config-stuff is consolidated in /​var/​dovecot (which can be used as the persistent-storage volume).
 +  * Imap users+passwords are in a file (i.e. no LDAP) and separated from operatingsystem users.
 +  * the Sieve filterrules are created on a separate system (for example with roundcube) and pushed over the network.
 +
 +
 +
 +====Installation====
 +
 +Requirements:​
 +  * Debian-8
 +  * ssl/tls stuff (CA.cert , Site.cert , Site.key )
 +
 +
 +Software:
 +  apt-get install dovecot-core ​ dovecot-imapd ​ dovecot-lmtpd dovecot-sieve ​ dovecot-managesieved
 +
 +
 +The consolidated storage:
 +
 +  mkdir /​var/​dovecot/​
 +  mkdir /​var/​dovecot/​mail
 +  mkdir /​var/​dovecot/​sieve
 +  mkdir /​var/​dovecot/​conf
 +  #
 +  mv /​etc/​dovecot/​dovecot.conf /​etc/​dovecot/​dovecot.conf.DIST
 +  ln -s /​var/​dovecot/​conf/​dovecot.conf /​etc/​dovecot/​dovecot.conf
 +  #
 +  touch /​var/​dovecot/​conf/​dovecot.conf
 +  touch /​var/​dovecot/​conf/​users
 +  #
 +  chown -R dovecot:​dovecot ​ /​var/​dovecot
 +
 +
 +===Imap-users===
 +The IMAP-users are created by adding a line in the users file. It has two columns, separated by a colon. The first column is the username, the second line contans the sha512-crypt which can be generated by executing:
 +
 +  doveadm pw -s SHA512-CRYPT
 +
 +
 +The result in /​var/​dovecot/​conf/​users will be:
 +  ...
 +  fred:​{SHA512-CRYPT}$6$13gufAq3aelU5/​mi$o6ocrfdZBwrZavSmd3XJLzmJChihhnfW3ibz6qfqbinKpi59Eblfsw/​vYAM63L5Huu2BFZw3VSDaEPioUN.ki1
 +  ...
 +
 +
 +====Configuration====
 +
 +All configuration is in /​etc/​dovecot/​dovecot.conf
 +
 +<​code>​
 +# Dovecot version 2.2.13
 +# Debian-8.2 (x86_64)
 +
 +log_path = /​var/​log/​dovecot.log
 +
 +mail_location = maildir:/​var/​dovecot/​data/​%n/​mail
 +
 +auth_mechanisms = plain login
 +disable_plaintext_auth = no
 +
 +ssl_ca = </​var/​dovecot/​ssl/​CA.cert
 +ssl_cert = </​var/​dovecot/​ssl/​Site.cert
 +ssl_key = </​var/​dovecot/​ssl/​Site.key
 +
 +
 +# Default:
 +namespace inbox {
 +  inbox = yes
 +  location = 
 +     ​mailbox Mybox.Drafts {
 +       ​special_use = \Drafts
 +     }
 +     ​mailbox Mybox.Junk {
 +       ​special_use = \Junk
 +     }
 +     ​mailbox Mybox.Sent {
 +       ​special_use = \Sent
 +     }
 +     #​mailbox "​Mybox.Sent Messages"​ {
 +     # ​ special_use = \Sent
 +     #}
 +     ​mailbox Mybox.Trash {
 +       ​special_use = \Trash
 +     }
 +  prefix = 
 +}
 +
 +passdb {
 +  driver = passwd-file
 +  args = scheme=CRYPT username_format=%n /​var/​dovecot/​conf/​users
 +}
 +
 +first_valid_uid = 2
 +
 +userdb {
 +  # For static type, LDA verify the user's existence by lookup passdb
 +  #   ( http://​wiki2.dovecot.org/​UserDatabase/​Static )
 +  driver = static
 +  args = uid=dovecot gid=dovecot home=/​var/​dovecot/​data/​%n/​mail
 +}
 +
 +
 +protocols = "imap lmtp sieve"
 +
 +
 +protocol lmtp {
 +  mail_plugins = $mail_plugins sieve
 +}
 +
 +service managesieve-login {
 +  inet_listener sieve {
 +    address = 0.0.0.0
 +    port = 4190
 +  }
 +  service_count = 1
 +  process_min_avail = 1
 +}
 +
 +service managesieve {
 +}
 +
 +#protocol managesieve {
 +#  disable_plaintext_auth = no
 +#}
 +
 +protocol sieve {
 +}
 +
 +plugin {
 +  sieve =      /​var/​dovecot/​data/​%n/​managesieve/​.dovecot.sieve
 +  sieve_dir =  /​var/​dovecot/​data/​%n/​managesieve/​sieve
 +}
 +
 +
 +# ###############################​
 +service imap-login {
 +  inet_listener imap {
 +    port = 143
 +  }
 +  inet_listener imaps {
 +    port = 993
 +  }
 +}
 +
 +protocol imap {
 +  disable_plaintext_auth = no
 +}
 +
 +
 +service lmtp {
 +  inet_listener lmtp {
 +    address = 0.0.0.0
 +    port = 24
 +  }
 +  user = dovecot
 +}
 +
 +
 +service auth-worker {
 +  # Forbid to access /etc/shadow
 +  user = $default_internal_user
 +}
 +
 +service auth {
 +  unix_listener /​var/​dovecot/​sasl-private-auth {
 +    group = dovecot
 +    user = dovecot
 +    mode = 0666
 +  }
 +  # inet_listener saslauth {
 +  #  address = 0.0.0.0
 +  #   port = 12345
 +  #}
 +}
 +</​code>​
 +
 +
 +
 +====Literature====
 +http://​wiki2.dovecot.org/​
 +
 +
 +
 +
  
  
picoenterprise/mailstore.1387367631.txt.gz · Last modified: 2013/12/18 12:53 by Luc Nieland

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki