Step 2: Install and Configure Dovecot
Perform an installation and configuration of dovecot and add to the postfix configuration to connect it to dovecot.
You are in the Fedora Server documentation staging area! These documents are not approved yet and may be incomplete and/or incorrect. Take everything here with a grain of salt! You would probably prefer to study the published documentation. Status of this document: Work in progress, version 0.2 (early state). You may help us and comment using the ticket system - see button above |
Goals: * Install Dovecot as part of a mail hub, that centrally stores mail. There are various diffefrent ways, e.g. store Mails in system users home directory or store mails in customers virtual machines or containers.
Preparing the environment
Before starting with installation and configuration you have to decide where to store the user’s mail and mailboxes. Because Dovecot operates here as a mail hub, it operates completely on its own system user account. It manages the mail users by itself and does’nt use user system accounts and home directories.
Suitable choices would be `/home/dovecot/, `/var/lib/dovecot/ or
/srv/dovecot
. We use the latter, which is the best match for FSH.
Installing the software
-
Install Dovecot
We need the packages
dovecot
anddovecot-pigeonhole
.Dovecot
is a mail delivery agent (LDA) that provides imap, pop3 and optionally submission for mail clients, which we don’t use here but leave it up to Postfix. The latter provides sieve and managesieve plug-ins.[…]$ sudo -i […]# dnf install dovecot dovecot-pigeonhole
-
Create a directory to hold the mailboxes
[…]# mkdir /srv/dovecot […]# chown -R dovecot:dovecot /srv/dovecot
-
Adjust SELinux labels
[…]# semanage fcontext -a -t mail_home_rw_t -s system_u "/srv/dovecot(/.*)?" […]# restorecon -R -vF /srv/dovecot
Configuring IMAP and POP3 capabilities
Fedora does not store configuration in a single, large configuration file. Instead, it creates a short base file and includes several smaller, function-specific configuration files located in a configuration directory (conf.d) in alphabetical order.
In order to be able to track changes more easily during updates, we will keep this structure. Initially, it generates a bit more work , but makes maintenance much easier later on.
Note, that in the installed default configuration, commented out key-value parameters indicate the default value. This does not apply to other parameters, e.g. for the inclusion of additional configuration files.
-
Overall configuration in master.conf
[…]# cp /etc/dovecot/conf.d/10-master.conf{,.f38} […]# vim /etc/dovecot/conf.d/10-master.conf
Modify the file according to the following steps. Mind: The commented out values indicate the default setting.
-
Check: IMAPs and POPs must be activated for the access of the mail clients (with the respective default ports). For security reasons, only IMAPs and POPs should be allowed.
service imap-login { inet_listener imap { #port = 143 # disable non-ssl imap port = 0 } inet_listener imaps { #port = 993 #ssl = yes } … service pop3-login { inet_listener pop3 { #port = 110 # disable non-ssl pop3 port = 0 } inet_listener pop3s { #port = 995 #ssl = yes } }
Alternatively, the values can be left unchanged and the non-secure ports blocked in the firewall. However, the change avoids unintended side effects in Fierewall management.
-
Configure the connection to postfix. If Dovecot and Postfix are running on the same server, unix socket with lmtp protocol will be employed. Skip to the service lmtp section and adjust it.
service lmtp { #unix_listener unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0660 group = postfix user = postfix } }
-
Then activate the authorization service for the lmtp service
service auth { #… unix_listener auth-userdb { mode = 0666 user = dovecot group = dovecot }
-
Finally, we allow postfix to delegate authentication to Dovecot
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }
-
-
Specification of further details of authentication
[…]# cp /etc/dovecot/conf.d/10-auth.conf{,.f38} […]# vim /etc/dovecot/conf.d/10-auth.conf
In variation to the default configuration, user and user passwords are stored in a configuration file for the sake of simplicity. For this purpose, another file must be included that contains more details.
Modify the indicated section accordingly
#!include auth-system.conf.ext # <== Modify this line (comment out) #!include auth-sql.conf.ext #!include auth-ldap.conf.ext !include auth-passwdfile.conf.ext # <== Modify this line (comment in) #!include auth-checkpassword.conf.ext #!include auth-static.conf.ext
-
Specification of the details in the included specific configuration file
[…]# cp /etc/dovecot/conf.d/auth-passwdfile.conf.ext{,.f38} […]# vim /etc/dovecot/conf.d/auth-passwdfile.conf.ext # Authentication for passwd-file users. Included from 10-auth.conf. # … passdb { driver = passwd-file args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users # <== Modify } userdb { driver = static # <== Modify #args = username_format=%u /etc/dovecot/users # <== Modify # Default fields that can be overridden by passwd-file #default_fields = quota_rule=*:storage=1G default_fields = uid=dovecot gid=dovecot home=/srv/dovecot/mailboxes/%d/%n # <== Insert # Override fields from passwd-file #override_fields = home=/home/virtual/%u }
-
Configuring mailbox locations and namespaces
[…]# cp /etc/dovecot/conf.d/10-mail.conf{,.f38} […]# vim /etc/dovecot/conf.d/10-mail.conf ... mail_location = maildir:/srv/dovecot/mailboxes/%d/%n:LAYOUT=Maildir++ ... mail_uid = dovecot mail_gid = dovecot mail_privileged_group = dovecot
-
Configuring Mailbox definitions
[…]# cp /etc/dovecot/conf.d/15-mailboxes.conf{,.f38} […]# vim /etc/dovecot/conf.d/15-mailboxes.conf # NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. namespace inbox { # These mailboxes are widely used and could perhaps be created automatically: mailbox Drafts { auto = subscribe # <== Add special_use = \Drafts } mailbox Junk { auto = subscribe # <== Add special_use = \Junk } mailbox Trash { auto = subscribe # <== Add special_use = \Trash } # For \Sent mailboxes there are two widely used names. We'll mark both of # them as \Sent. User typically deletes one of them if duplicates are created. mailbox Sent { auto = subscribe # <== Add special_use = \Sent } ##mailbox "Sent Messages" { # <== Mod ## special_use = \Sent ##}
-
Configuring certificates
We use the certificates as initially created (see introduction), Let’s Encrypt in this case.
[…]# cp /etc/dovecot/conf.d/10-ssl.conf{,.f38} […]# vim /etc/dovecot/conf.d/10-ssl.conf ... ssl = required # <== Just check to be sure ... ##ssl_cert = </etc/pki/dovecot/certs/dovecot.pem #<== Mod ##ssl_key = </etc/pki/dovecot/private/dovecot.pem #<== Mod ssl_cert = </etc/letsencrypt/live/mymailer.example.com/fullchain.pem # <== Insert ssl_key = </etc/letsencrypt/live/mymailer.example.com/privkey.pem # <== Insert ... # Prefer the server's order of ciphers over client's. #ssl_prefer_server_ciphers = no ssl_prefer_server_ciphers = yes # <== add
-
Configuring various single configuration options
-
Add Sieve Plugin to IMAP protocol, modify section an the end of file
[…]# cp /etc/dovecot/conf.d/20-imap.conf{,.f38} […]# vim /etc/dovecot/conf.d/20-imap.conf protocol imap { mail_plugins = $mail_plugins quota imap_quota imap_sieve # <== mod mail_max_userip_connections = 20 # <== mod imap_idle_notify_interval = 29 mins # <== add
-
Add Sieve Plugin to LMTP protocol, modify section an the end of file
[…]# cp /etc/dovecot/conf.d/20-lmtp.conf{,.f38} […]# vim /etc/dovecot/conf.d/20-lmtp.conf protocol lmtp { mail_plugins = $mail_plugins sieve postmaster_address = postmaster@mymailer.example.com
-
Add POP3 procol workaround
[…]# cp /etc/dovecot/conf.d/20-pop3.conf{,.f38} […]# vim /etc/dovecot/conf.d/20-pop3.conf pop3_client_workarounds = outlook-no-nuls oe-ns-eoh # <== add
-
-
Configuring details of Sieve Functionality
-
Add the Sieve plugin to the plugin list
-
More to come (TBD)
-
-
Start Dovecot
[…]# systemctl start dovecot
Check for error and warning messages.
Setting up the Postfix – Dovecot connection
We configure Postfix to use ‚virtual mailboxes‘ as targets for incomming mail. We have to define the valid virtual-mailbox domain names and for each domain valid user names and their destination (dovecot in this installation) and alias names. The specification and assignments are defined in special map files.
-
Specify map files and their location
Open the Postfix main configuration file and skip to the end of the file (<esc> :G in vim)
[…]# vim /etc/postfix/main.cf # ############################################################### # # Define and manage Postfix Virtual Mailboxes via local map files # # ############################################################### virtual_mailbox_domains = hash:$config_directory/virtual_domains virtual_mailbox_maps = hash:$config_directory/virtual_mailboxes/[domain01]_users hash:$config_directory/virtual_mailboxes/[domain02]_users virtual_alias_maps = hash:$config_directory/virtual_mailboxes/[domain01]_aliases hash:$config_directory/virtual_mailboxes/[domain02]_aliases # ############################################################### # Dovecot is used as Mail Storage for virtual mailbox domains # (all virtual domains using the same Dovecot Backend here) # Mail delivery to Dovecot via lmtp Unix socket # Cave: synchronize with dovecot configuration! # ############################################################### virtual_transport = lmtp:unix:private/dovecot-lmtp <save&quit>
-
Create directory to store virtual users and aliases
mkdir /etc/postfix/virtual_mailboxes
-
Create a virtual domain list template file
[…]# vim /etc/postfix/virtual_domains # (virtual) virtual domain list # After any modification use # postmap /etc/postfix/virtualdomains # to rebuild the database #[domain01] OK #[domain01] OK #
-
Create a user and alias mapping template file for each virtual domain
[…]# vim /etc/postfix/virtual_mailboxes/[domain01]_users # (virtual) users of domain example.com, managed by dovecot # After any modification use # postmap /etc/postfix/virtual_mailboxes/[domain01]_users # to rebuild the database # #user01@example.com dovecot […]# vim /etc/postfix/virtual_mailboxes/[domain01]_aliases # (virtual) aliases of domain example.com, managed by dovecot # After any modification use # postmap /etc/postfix/virtual_mailboxes/[domain01]_aliases # to rebuild the database #root root@localhost abuse@[domain01].tld postmaster@[domain01].tld postmaster@[domain01].tld webmaster@[domain01].tld hostmaster@[domain01].tld webmaster@[domain01].tld webmaster@[domain01].tld root@[domain01].tld root@[domain01].tld realroot@example02.com
Done!
You may either perform the dovecot related tests now or directly continue with the next step.
+
Want to help? Learn how to contribute to Fedora Docs ›