Dovecot server for pop and imap
Angel Bisamaza For Afnog 2010
�What is Dovecot?
High-performance POP and IMAP server Developed byTimo Sirainen Unlike say UW IMAP it wasn't written in the 80s Transparently index's mailbox contents (Why is this important?) Supports both mbox and maildir formats Capable of operating in an environment with minimal locking. (Why is this important) Graceful around failures (index repair for example)
�Let's install it the FreeBSD way
cd /usr/ports/mail/dovecot make Note all the options for databases!
It is typical for small applications to do authentication of users using the unix password file or PAM. Big mail installations can use an SQL database interface for the storage of user credentials.
Select Mysql options for this exercise
��FreeBSD install cont
make install Take a look at /usr/local/etc/rc.d/dovecot Edit /etc/rc.conf dovecot_enable="YES" Ok, now we could start it but we really need to configure it first. Look at /usr/local/etc/dovecot.conf
�Dovecot Configuration
Find the lines:
#ssl_cert_file = /etc/ssl/certs/dovecot.pem #ssl_key_file = /etc/ssl/private/dovecot.pem
Uncomment them, Then amend them to point at the certificate and keyfile that we created during the apache webserver tutorial. Disable plaintext authentication by altering:
disable_plaintext_auth = no Note: unencrypted connections can still be made from localhost!
�Dovecot Configuration 2
Note that the default listening services are:
protocols = imap imaps pop3 pop3s TCP listeners are on 110 143 993 and 995 If you need the unencrypted versions of the protocol for some reason (e.g. a webmail application) then you should firewall them off from the rest of your end users (end-user clients should never be be allowed to connect insecurely) Otherwise disable imap and pop3 remove managesieve
�Dovecot Configuration mailbox location
Locate the line:
mail_location = mbox:~/mail/:INBOX=/var/mail/%u Read the section above it... Replace it with: mail_location = maildir:~/Maildir
Ok we should have a sufficiently tuned dovecot to be able to start it. /usr/local/etc/rc.d/dovecot start
�Basic test
If everything works correctly you should be able to point an imap client towards your system at port 993. telnet to local host port 110 user afnog <enter> pass afnog <enter>
�Adding Mysql Authentication
Edit the dovecot config file and make the following changes. vi /usr/local/etc/dovecot.conf Comment the following to disable PAM Authentication. #passdb pam #args = session=yes dovecot #} Uncomment the following line passdb sql { args = /usr/local/etc/dovecot-sql.conf } Uncomment Static userdb static { args = uid=1001 gid=1001 home=/var/mail/%n
�Cont'd ...
Copy the following file: /usr/local/share/examples/dovecot/dovecot-sql.conf to /usr/local/etc/dovecot-sql.conf Edit dovecot-sql.conf with the following vi /usr/local/etc/dovecot-sql.conf Search for the following and make the changes as highlighted driver = mysql default_pass_scheme = PLAIN connect = host=127.0.0.1 dbname=radius user=root password=afnog Add the following at the end of the file password_query = SELECT value AS password FROM radcheck WHERE username = '%n'
�Test Installation
Test with users created in the Radius DB Note that the user must have received an email before for the home directory to be create Use the telnet option to test for authentication
