Dovecot
------
Copy all of the configuration files so you can easily revert back to them if needed:
cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig
Edit the /etc/dovecot/dovecot.conf file. Add protocols = imap pop3 lmtp to the # Enable installed protocols section of the file:
dovecot.conf
1
2
3
4
5
6
7
## Dovecot configuration file ... # Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol protocols = imap pop3 lmtp ... postmaster_address=postmaster at example.com
Edit the /etc/dovecot/conf.d/10-mail.conf file. This file controls how Dovecot interacts with the server’s file system to store and retrieve messages:
Modify the following variables within the configuration file:
10-mail.conf
1
2
3
4
5
... mail_location = maildir:/var/mail/vhosts/%d/%n/ ... mail_privileged_group = mail ...
Create the /var/mail/vhosts/ directory and a subdirectory for your domain. Replace example.com with your domain name:
sudo mkdir -p /var/mail/vhosts/example.com
This directory will serve as storage for mail sent to your domain.
Create the vmail group with ID 5000. Add a new user vmail to the vmail group. This system user will read mail from the server.
sudo groupadd -g 5000 vmail sudo useradd -g vmail -u 5000 vmail -d /var/mail
Change the owner of the /var/mail/ folder and its contents to belong to vmail:
sudo chown -R vmail:vmail /var/mail
Edit the user authentication file, located in /etc/dovecot/conf.d/10-auth.conf. Uncomment the following variables and replace with the file excerpt’s example values:
10-auth.conf
1
2
3
4
5
6
7
8
9
... disable_plaintext_auth = yes ... auth_mechanisms = plain login ... !include auth-system.conf.ext ... !include auth-sql.conf.ext ...
Note
For reference, view a complete 10-auth.conf file.
Edit the /etc/dovecot/conf.d/auth-sql.conf.ext file with authentication and storage information. Ensure your file contains the following lines. Make sure the passdb section is uncommented, that the userdb section that uses the static driver is uncommented and update with the right argument, and comment out the userdb section that uses the sql driver:
auth-sql.conf.ext
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
... passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } ... #userdb {# driver = sql# args = /etc/dovecot/dovecot-sql.conf.ext#} ... userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n } ...
Update the /etc/dovecot/dovecot-sql.conf.ext file with your MySQL connection information. Uncomment the following variables and replace the values with the excerpt example. Replace dbname, user and password with your own MySQL database values:
dovecot-sql.conf.ext
1
2
3
4
5
6
7
8
9
... driver = mysql ... connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailuserpass ... default_pass_scheme = SHA512-CRYPT ... password_query = SELECT email as user, password FROM virtual_users WHERE email='%u'; ...
The password_query variable uses email addresses listed in the virtual_users table as the username credential for an email account.
To use an alias as the username:
Add the alias as the source and destination email address to the virtual_aliases table.
Change the /etc/dovecot/dovecot-sql.conf.ext file’s password_query value to password_query = SELECT email as user, password FROM virtual_users WHERE email=(SELECT destination FROM virtual_aliases WHERE source = '%u');
Note
For reference, view a complete dovecot-sql.conf.extfile.
Change the owner and group of the /etc/dovecot/ directory to vmail and dovecot:
sudo chown -R vmail:dovecot /etc/dovecot
Change the permissions on the /etc/dovecot/ directory to be recursively read, write, and execute for the owner of the directory:
sudo chmod -R o-rwx /etc/dovecot
Edit the service settings file /etc/dovecot/conf.d/10-master.conf:
Note
When editing the file, be careful not to remove any opening or closing curly braces. If there’s a syntax error, Dovecot will crash silently. You can check /var/log/upstart/dovecot.log to debug the error.
Here is an example of a complete 10-master.conf file.
Disable unencrypted IMAP and POP3 by setting the protocols’ ports to 0. Uncomment the port and ssl variables:
10-master.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
... service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } ... } ... service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 ssl = yes }} ...
Find the service lmtp section of the file and use the configuration shown below:
10-master.conf
1
2
3
4
5
6
7
8
9
10
... service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { #mode = 0666i mode = 0600 user = postfix group = postfix } ... }
Locate service auth and configure it as shown below:
10-master.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
... service auth { ... unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } ... user = dovecot } ...
In the service auth-worker section, uncomment the user line and set it to vmail:
10-master.conf
1
2
3
4
5
... service auth-worker { ... user = vmail }
Save the changes to the /etc/dovecot/conf.d/10-master.conf file.
Edit /etc/dovecot/conf.d/10-ssl.conf file to require SSL and to add the location of your domain’s SSL certificate and key. Replace example.com with your domain:
10-ssl.conf
1
2
3
4
5
6
... # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>ssl = required ... ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
Restart Dovecot to enable all configurations:
sudo systemctl restart dovecot
---------