Step 2: Install and Configure Dovecot

mailto:pboy@fedoraproject.org[Peter Boy] Version F38 Last review: 2023-03-xx

Perform an installation and configuration of dovecot and add to the postfix configuration to connect it to dovecot.

You are in the Fedora Server documentation staging area!

These documents are not approved yet and may be incomplete and/or incorrect. Take everything here with a grain of salt! You would probably prefer to study the published documentation.

Status of this document: Work in progress, version 0.2 (early state).

You may help us and comment using the ticket system - see button above

Goals: * Install Dovecot as part of a mail hub, that centrally stores mail. There are various diffefrent ways, e.g. store Mails in system users home directory or store mails in customers virtual machines or containers.

Preparing the environment

Before starting with installation and configuration you have to decide where to store the user’s mail and mailboxes. Because Dovecot operates here as a mail hub, it operates completely on its own system user account. It manages the mail users by itself and does’nt use user system accounts and home directories.

Suitable choices would be `/home/dovecot/, `/var/lib/dovecot/ or /srv/dovecot. We use the latter, which is the best match for FSH.

Installing the software

Install Dovecot

We need the packages dovecot and dovecot-pigeonhole. Dovecot is a mail delivery agent (LDA) that provides imap, pop3 and optionally submission for mail clients, which we don’t use here but leave it up to Postfix. The latter provides sieve and managesieve plug-ins.
```
[…]$ sudo -i
[…]# dnf install dovecot dovecot-pigeonhole
```

Create a directory to hold the mailboxes

[…]# mkdir /srv/dovecot
[…]# chown -R dovecot:dovecot  /srv/dovecot

Adjust SELinux labels

[…]# semanage fcontext -a -t mail_home_rw_t  -s system_u  "/srv/dovecot(/.*)?"
[…]# restorecon -R -vF /srv/dovecot

Configuring IMAP and POP3 capabilities

Fedora does not store configuration in a single, large configuration file. Instead, it creates a short base file and includes several smaller, function-specific configuration files located in a configuration directory (conf.d) in alphabetical order.

In order to be able to track changes more easily during updates, we will keep this structure. Initially, it generates a bit more work , but makes maintenance much easier later on.

Note, that in the installed default configuration, commented out key-value parameters indicate the default value. This does not apply to other parameters, e.g. for the inclusion of additional configuration files.

Overall configuration in master.conf

[…]# cp /etc/dovecot/conf.d/10-master.conf{,.f38}
[…]# vim /etc/dovecot/conf.d/10-master.conf

Modify the file according to the following steps. Mind: The commented out values indicate the default setting.

Check: IMAPs and POPs must be activated for the access of the mail clients (with the respective default ports). For security reasons, only IMAPs and POPs should be allowed.
```
service imap-login {
  inet_listener imap {
    #port = 143
    # disable non-ssl imap
    port = 0
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }
…
service pop3-login {
  inet_listener pop3 {
    #port = 110
    # disable non-ssl pop3
    port = 0
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
  }
}
```
Alternatively, the values can be left unchanged and the non-secure ports blocked in the firewall. However, the change avoids unintended side effects in Fierewall management.
Configure the connection to postfix. If Dovecot and Postfix are running on the same server, unix socket with lmtp protocol will be employed. Skip to the service lmtp section and adjust it.
```
service lmtp {
  #unix_listener
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
      mode = 0660
      group = postfix
      user = postfix
    }
}
```

Then activate the authorization service for the lmtp service

service auth {
  #…
  unix_listener auth-userdb {
    mode = 0666
    user = dovecot
   group = dovecot
  }

Finally, we allow postfix to delegate authentication to Dovecot

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

Specification of further details of authentication

[…]# cp /etc/dovecot/conf.d/10-auth.conf{,.f38}
[…]# vim /etc/dovecot/conf.d/10-auth.conf

In variation to the default configuration, user and user passwords are stored in a configuration file for the sake of simplicity. For this purpose, another file must be included that contains more details.

Modify the indicated section accordingly

#!include auth-system.conf.ext          # <== Modify this line (comment out)
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
!include auth-passwdfile.conf.ext       # <== Modify this line (comment in)
#!include auth-checkpassword.conf.ext
#!include auth-static.conf.ext

Specification of the details in the included specific configuration file

[…]# cp /etc/dovecot/conf.d/auth-passwdfile.conf.ext{,.f38}
[…]# vim /etc/dovecot/conf.d/auth-passwdfile.conf.ext

# Authentication for passwd-file users. Included from 10-auth.conf.
# …
passdb {
 driver = passwd-file
 args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users  # <== Modify
}

userdb {
 driver = static                                           # <== Modify
 #args = username_format=%u /etc/dovecot/users             # <== Modify

 # Default fields that can be overridden by passwd-file
 #default_fields = quota_rule=*:storage=1G

 default_fields = uid=dovecot gid=dovecot home=/srv/dovecot/mailboxes/%d/%n  # <== Insert

 # Override fields from passwd-file
 #override_fields = home=/home/virtual/%u
}

Configuring mailbox locations and namespaces

[…]# cp /etc/dovecot/conf.d/10-mail.conf{,.f38}
[…]# vim /etc/dovecot/conf.d/10-mail.conf

...
mail_location = maildir:/srv/dovecot/mailboxes/%d/%n:LAYOUT=Maildir++
...
mail_uid = dovecot
mail_gid = dovecot

mail_privileged_group = dovecot

Configuring Mailbox definitions

[…]# cp /etc/dovecot/conf.d/15-mailboxes.conf{,.f38}
[…]# vim /etc/dovecot/conf.d/15-mailboxes.conf

# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
namespace inbox {
  # These mailboxes are widely used and could perhaps be created automatically:
  mailbox Drafts {
    auto = subscribe             # <== Add
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe             # <== Add
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe             # <== Add
    special_use = \Trash
  }

  # For \Sent mailboxes there are two widely used names. We'll mark both of
  # them as \Sent. User typically deletes one of them if duplicates are created.
  mailbox Sent {
    auto = subscribe             # <== Add
    special_use = \Sent
  }
  ##mailbox "Sent Messages" {    # <== Mod
  ##  special_use = \Sent
  ##}

Configuring certificates

We use the certificates as initially created (see introduction), Let’s Encrypt in this case.

[…]# cp /etc/dovecot/conf.d/10-ssl.conf{,.f38}
[…]# vim /etc/dovecot/conf.d/10-ssl.conf

...
ssl = required            # <== Just check to be sure
...

##ssl_cert = </etc/pki/dovecot/certs/dovecot.pem     #<== Mod
##ssl_key = </etc/pki/dovecot/private/dovecot.pem    #<== Mod
ssl_cert = </etc/letsencrypt/live/mymailer.example.com/fullchain.pem    # <== Insert
ssl_key = </etc/letsencrypt/live/mymailer.example.com/privkey.pem       # <== Insert
...
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
ssl_prefer_server_ciphers = yes                          # <== add

Configuring various single configuration options

Add Sieve Plugin to IMAP protocol, modify section an the end of file

[…]# cp /etc/dovecot/conf.d/20-imap.conf{,.f38}
[…]# vim /etc/dovecot/conf.d/20-imap.conf

protocol imap {
 mail_plugins = $mail_plugins quota imap_quota imap_sieve   # <== mod
 mail_max_userip_connections = 20                           # <== mod
 imap_idle_notify_interval = 29 mins                        # <== add

Add Sieve Plugin to LMTP protocol, modify section an the end of file

[…]# cp /etc/dovecot/conf.d/20-lmtp.conf{,.f38}
[…]# vim /etc/dovecot/conf.d/20-lmtp.conf

protocol lmtp {
 mail_plugins = $mail_plugins sieve
 postmaster_address = postmaster@mymailer.example.com

Add POP3 procol workaround

[…]# cp /etc/dovecot/conf.d/20-pop3.conf{,.f38}
[…]# vim /etc/dovecot/conf.d/20-pop3.conf

pop3_client_workarounds = outlook-no-nuls oe-ns-eoh    # <== add

Configuring details of Sieve Functionality
1. Add the Sieve plugin to the plugin list
2. More to come (TBD)
Start Dovecot
```
[…]# systemctl  start  dovecot
```
Check for error and warning messages.

Setting up the Postfix – Dovecot connection

We configure Postfix to use ‚virtual mailboxes‘ as targets for incomming mail. We have to define the valid virtual-mailbox domain names and for each domain valid user names and their destination (dovecot in this installation) and alias names. The specification and assignments are defined in special map files.

Specify map files and their location

Open the Postfix main configuration file and skip to the end of the file (<esc> :G in vim)

[…]# vim /etc/postfix/main.cf

# ###############################################################
#
# Define and manage Postfix Virtual Mailboxes via local map files
#
# ###############################################################

virtual_mailbox_domains = hash:$config_directory/virtual_domains
virtual_mailbox_maps = hash:$config_directory/virtual_mailboxes/[domain01]_users
		        hash:$config_directory/virtual_mailboxes/[domain02]_users
virtual_alias_maps = hash:$config_directory/virtual_mailboxes/[domain01]_aliases
		      hash:$config_directory/virtual_mailboxes/[domain02]_aliases

# ###############################################################
# Dovecot is used as Mail Storage for virtual mailbox domains
# (all virtual domains using the same Dovecot Backend here)
# Mail delivery to Dovecot via lmtp Unix socket
# Cave: synchronize with dovecot configuration!
# ###############################################################
virtual_transport = lmtp:unix:private/dovecot-lmtp

<save&quit>

Create directory to store virtual users and aliases
```
mkdir /etc/postfix/virtual_mailboxes
```

Create a virtual domain list template file

[…]# vim /etc/postfix/virtual_domains
# (virtual) virtual domain list
# After any modification use
# postmap /etc/postfix/virtualdomains
# to rebuild the database
#[domain01]            OK
#[domain01]            OK
#

Create a user and alias mapping template file for each virtual domain

[…]# vim /etc/postfix/virtual_mailboxes/[domain01]_users
# (virtual) users of domain example.com, managed by dovecot
# After any modification use
# postmap /etc/postfix/virtual_mailboxes/[domain01]_users
# to rebuild the database
#
#user01@example.com          dovecot

[…]# vim /etc/postfix/virtual_mailboxes/[domain01]_aliases
# (virtual) aliases of domain example.com, managed by dovecot
# After any modification use
# postmap /etc/postfix/virtual_mailboxes/[domain01]_aliases
# to rebuild the database
#root				root@localhost
abuse@[domain01].tld		postmaster@[domain01].tld
postmaster@[domain01].tld	webmaster@[domain01].tld
hostmaster@[domain01].tld	webmaster@[domain01].tld
webmaster@[domain01].tld	root@[domain01].tld

root@[domain01].tld		realroot@example02.com

Done!

You may either perform the dovecot related tests now or directly continue with the next step.

Want to help? Learn how to contribute to Fedora Docs ›