Step 2: Install and Configure Dovecot

mailto:pboy@fedoraproject.org[Peter Boy] Версія F38 Last review: 2023-03-xx
Perform an installation and configuration of dovecot and add to the postfix configuration to connect it to dovecot.

You are in the Fedora Server documentation staging area!

These documents are not approved yet and may be incomplete and/or incorrect. Take everything here with a grain of salt! You would probably prefer to study the published documentation.

Status of this document: Work in progress, version 0.2 (early state).

You may help us and comment using the ticket system - see button above

Goals: * Install Dovecot as part of a mail hub, that centrally stores mail. There are various diffefrent ways, e.g. store Mails in system users home directory or store mails in customers virtual machines or containers.

Preparing the environment

Before starting with installation and configuration you have to decide where to store the user’s mail and mailboxes. Because Dovecot operates here as a mail hub, it operates completely on its own system user account. It manages the mail users by itself and does’nt use user system accounts and home directories.

Suitable choices would be `/home/dovecot/, `/var/lib/dovecot/ or /srv/dovecot. We use the latter, which is the best match for FSH.

Installing the software

  1. Install Dovecot

    We need the packages dovecot and dovecot-pigeonhole. Dovecot is a mail delivery agent (LDA) that provides imap, pop3 and optionally submission for mail clients, which we don’t use here but leave it up to Postfix. The latter provides sieve and managesieve plug-ins.

    […]$ sudo -i
    […]# dnf install dovecot dovecot-pigeonhole
  2. Create a directory to hold the mailboxes

    […]# mkdir /srv/dovecot
    […]# chown -R dovecot:dovecot  /srv/dovecot
  3. Adjust SELinux labels

    […]# semanage fcontext -a -t mail_home_rw_t  -s system_u  "/srv/dovecot(/.*)?"
    […]# restorecon -R -vF /srv/dovecot

Configuring IMAP and POP3 capabilities

Fedora does not store configuration in a single, large configuration file. Instead, it creates a short base file and includes several smaller, function-specific configuration files located in a configuration directory (conf.d) in alphabetical order.

In order to be able to track changes more easily during updates, we will keep this structure. Initially, it generates a bit more work , but makes maintenance much easier later on.

Note, that in the installed default configuration, commented out key-value parameters indicate the default value. This does not apply to other parameters, e.g. for the inclusion of additional configuration files.

  1. Overall configuration in master.conf

    […]# cp /etc/dovecot/conf.d/10-master.conf{,.f38}
    […]# vim /etc/dovecot/conf.d/10-master.conf

    Modify the file according to the following steps. Mind: The commented out values indicate the default setting.

    1. Check: IMAPs and POPs must be activated for the access of the mail clients (with the respective default ports). For security reasons, only IMAPs and POPs should be allowed.

      service imap-login {
        inet_listener imap {
          #port = 143
          # disable non-ssl imap
          port = 0
        }
        inet_listener imaps {
          #port = 993
          #ssl = yes
        }
      …
      service pop3-login {
        inet_listener pop3 {
          #port = 110
          # disable non-ssl pop3
          port = 0
        }
        inet_listener pop3s {
          #port = 995
          #ssl = yes
        }
      }

      Alternatively, the values can be left unchanged and the non-secure ports blocked in the firewall. However, the change avoids unintended side effects in Fierewall management.

    2. Configure the connection to postfix. If Dovecot and Postfix are running on the same server, unix socket with lmtp protocol will be employed. Skip to the service lmtp section and adjust it.

      service lmtp {
        #unix_listener
        unix_listener /var/spool/postfix/private/dovecot-lmtp {
            mode = 0660
            group = postfix
            user = postfix
          }
      }
    3. Then activate the authorization service for the lmtp service

      service auth {
        #…
        unix_listener auth-userdb {
          mode = 0666
          user = dovecot
         group = dovecot
        }
    4. Finally, we allow postfix to delegate authentication to Dovecot

        # Postfix smtp-auth
        unix_listener /var/spool/postfix/private/auth {
          mode = 0666
          user = postfix
          group = postfix
        }
  2. Specification of further details of authentication

    […]# cp /etc/dovecot/conf.d/10-auth.conf{,.f38}
    […]# vim /etc/dovecot/conf.d/10-auth.conf

    In variation to the default configuration, user and user passwords are stored in a configuration file for the sake of simplicity. For this purpose, another file must be included that contains more details.

    Modify the indicated section accordingly

    #!include auth-system.conf.ext          # <== Modify this line (comment out)
    #!include auth-sql.conf.ext
    #!include auth-ldap.conf.ext
    !include auth-passwdfile.conf.ext       # <== Modify this line (comment in)
    #!include auth-checkpassword.conf.ext
    #!include auth-static.conf.ext
  3. Specification of the details in the included specific configuration file

    […]# cp /etc/dovecot/conf.d/auth-passwdfile.conf.ext{,.f38}
    […]# vim /etc/dovecot/conf.d/auth-passwdfile.conf.ext
    
    # Authentication for passwd-file users. Included from 10-auth.conf.
    # …
    passdb {
     driver = passwd-file
     args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users  # <== Modify
    }
    
    userdb {
     driver = static                                           # <== Modify
     #args = username_format=%u /etc/dovecot/users             # <== Modify
    
     # Default fields that can be overridden by passwd-file
     #default_fields = quota_rule=*:storage=1G
    
     default_fields = uid=dovecot gid=dovecot home=/srv/dovecot/mailboxes/%d/%n  # <== Insert
    
     # Override fields from passwd-file
     #override_fields = home=/home/virtual/%u
    }
  4. Configuring mailbox locations and namespaces

    […]# cp /etc/dovecot/conf.d/10-mail.conf{,.f38}
    […]# vim /etc/dovecot/conf.d/10-mail.conf
    
    ...
    mail_location = maildir:/srv/dovecot/mailboxes/%d/%n:LAYOUT=Maildir++
    ...
    mail_uid = dovecot
    mail_gid = dovecot
    
    mail_privileged_group = dovecot
  5. Configuring Mailbox definitions

    […]# cp /etc/dovecot/conf.d/15-mailboxes.conf{,.f38}
    […]# vim /etc/dovecot/conf.d/15-mailboxes.conf
    
    # NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
    namespace inbox {
      # These mailboxes are widely used and could perhaps be created automatically:
      mailbox Drafts {
        auto = subscribe             # <== Add
        special_use = \Drafts
      }
      mailbox Junk {
        auto = subscribe             # <== Add
        special_use = \Junk
      }
      mailbox Trash {
        auto = subscribe             # <== Add
        special_use = \Trash
      }
    
      # For \Sent mailboxes there are two widely used names. We'll mark both of
      # them as \Sent. User typically deletes one of them if duplicates are created.
      mailbox Sent {
        auto = subscribe             # <== Add
        special_use = \Sent
      }
      ##mailbox "Sent Messages" {    # <== Mod
      ##  special_use = \Sent
      ##}
  6. Configuring certificates

    We use the certificates as initially created (see introduction), Let’s Encrypt in this case.

    […]# cp /etc/dovecot/conf.d/10-ssl.conf{,.f38}
    […]# vim /etc/dovecot/conf.d/10-ssl.conf
    
    ...
    ssl = required            # <== Just check to be sure
    ...
    
    ##ssl_cert = </etc/pki/dovecot/certs/dovecot.pem     #<== Mod
    ##ssl_key = </etc/pki/dovecot/private/dovecot.pem    #<== Mod
    ssl_cert = </etc/letsencrypt/live/mymailer.example.com/fullchain.pem    # <== Insert
    ssl_key = </etc/letsencrypt/live/mymailer.example.com/privkey.pem       # <== Insert
    ...
    # Prefer the server's order of ciphers over client's.
    #ssl_prefer_server_ciphers = no
    ssl_prefer_server_ciphers = yes                          # <== add
  7. Configuring various single configuration options

    1. Add Sieve Plugin to IMAP protocol, modify section an the end of file

      […]# cp /etc/dovecot/conf.d/20-imap.conf{,.f38}
      […]# vim /etc/dovecot/conf.d/20-imap.conf
      
      protocol imap {
       mail_plugins = $mail_plugins quota imap_quota imap_sieve   # <== mod
       mail_max_userip_connections = 20                           # <== mod
       imap_idle_notify_interval = 29 mins                        # <== add
    2. Add Sieve Plugin to LMTP protocol, modify section an the end of file

      […]# cp /etc/dovecot/conf.d/20-lmtp.conf{,.f38}
      […]# vim /etc/dovecot/conf.d/20-lmtp.conf
      
      protocol lmtp {
       mail_plugins = $mail_plugins sieve
       postmaster_address = postmaster@mymailer.example.com
    3. Add POP3 procol workaround

      […]# cp /etc/dovecot/conf.d/20-pop3.conf{,.f38}
      […]# vim /etc/dovecot/conf.d/20-pop3.conf
      
      pop3_client_workarounds = outlook-no-nuls oe-ns-eoh    # <== add
  8. Configuring details of Sieve Functionality

    1. Add the Sieve plugin to the plugin list

    2. More to come (TBD)

  9. Start Dovecot

    […]# systemctl  start  dovecot

    Check for error and warning messages.

Setting up the Postfix – Dovecot connection

We configure Postfix to use ‚virtual mailboxes‘ as targets for incomming mail. We have to define the valid virtual-mailbox domain names and for each domain valid user names and their destination (dovecot in this installation) and alias names. The specification and assignments are defined in special map files.

  1. Specify map files and their location

    Open the Postfix main configuration file and skip to the end of the file (<esc> :G in vim)

    […]# vim /etc/postfix/main.cf
    
    # ###############################################################
    #
    # Define and manage Postfix Virtual Mailboxes via local map files
    #
    # ###############################################################
    
    virtual_mailbox_domains = hash:$config_directory/virtual_domains
    virtual_mailbox_maps = hash:$config_directory/virtual_mailboxes/[domain01]_users
    		        hash:$config_directory/virtual_mailboxes/[domain02]_users
    virtual_alias_maps = hash:$config_directory/virtual_mailboxes/[domain01]_aliases
    		      hash:$config_directory/virtual_mailboxes/[domain02]_aliases
    
    # ###############################################################
    # Dovecot is used as Mail Storage for virtual mailbox domains
    # (all virtual domains using the same Dovecot Backend here)
    # Mail delivery to Dovecot via lmtp Unix socket
    # Cave: synchronize with dovecot configuration!
    # ###############################################################
    virtual_transport = lmtp:unix:private/dovecot-lmtp
    
    <save&quit>
  2. Create directory to store virtual users and aliases

    mkdir /etc/postfix/virtual_mailboxes
  3. Create a virtual domain list template file

    […]# vim /etc/postfix/virtual_domains
    # (virtual) virtual domain list
    # After any modification use
    # postmap /etc/postfix/virtualdomains
    # to rebuild the database
    #[domain01]            OK
    #[domain01]            OK
    #
  4. Create a user and alias mapping template file for each virtual domain

    […]# vim /etc/postfix/virtual_mailboxes/[domain01]_users
    # (virtual) users of domain example.com, managed by dovecot
    # After any modification use
    # postmap /etc/postfix/virtual_mailboxes/[domain01]_users
    # to rebuild the database
    #
    #user01@example.com          dovecot
    
    […]# vim /etc/postfix/virtual_mailboxes/[domain01]_aliases
    # (virtual) aliases of domain example.com, managed by dovecot
    # After any modification use
    # postmap /etc/postfix/virtual_mailboxes/[domain01]_aliases
    # to rebuild the database
    #root				root@localhost
    abuse@[domain01].tld		postmaster@[domain01].tld
    postmaster@[domain01].tld	webmaster@[domain01].tld
    hostmaster@[domain01].tld	webmaster@[domain01].tld
    webmaster@[domain01].tld	root@[domain01].tld
    
    root@[domain01].tld		realroot@example02.com

Done!

You may either perform the dovecot related tests now or directly continue with the next step.

+