Category:Dovecot

Dovecot is an open source IMAP and POP3 server for Linux systems, written with security primarily in mind. Although it's written in C, it uses several coding techniques to avoid most of the common pitfalls.


 * For more information see: http://www.dovecot.org/

Installing Dovecot 2.0
Installing Dovecot is pretty straightforward, it's a c based program so gcc is used to compile it.

Prerequisite
yum -y install gcc gettext-devel

Method 1: Download Source Tar file
First Download the latest source code from: http://dovecot.org/download.html. Then run: ./configure --prefix=/usr/local --with-mysql make echo $?

make install echo $?

Method 2: From Mercurial source repository
mkdir -p /var/src/ cd /var/src/ hg clone http://hg.dovecot.org/dovecot-2.0/ cd /var/src/dovecot-2.0

./autogen.sh ./configure --prefix=/usr/local --with-mysql

make echo $?

make install echo $? hg pull && hg update
 * To update Dovecot 2.0 when using Mercurial:

Compiling Configuration Options
The below will compile Dovecot with support for TLS/SSL & compressed messages.

Compiling with mySQL Support ./configure --prefix=/usr --with-ssl=openssl --with-mysql --with-zlib Compiling with LDAP Support ./configure --prefix=/usr --with-ssl=openssl --with-ldap --with-zlib Compiling with SQLite Support ./configure --prefix=/usr --with-ssl=openssl --with-sqlite --with-zlib

Initial Setup of Dovecot When Compiled from Source
To keep everything simple and in your /etc/ directory run: mv /usr/local/etc/dovecot.conf /etc/dovecot.conf ln -s /etc/dovecot.conf /usr/local/etc/dovecot.conf Also make sure that the correct user and groups exist in /etc/passwd and /etc/group. echo "virtualmail:x:1000:1000:virtualmail:/var/spool/virtualmailboxes:/sbin/nologin" >> /etc/passwd echo "virtualmail:x:1000:" >> /etc/group Using the below init file, create a new file named /etc/init.d/dovecot, then run the following: chmod 755 /etc/init.d/dovecot /sbin/chkconfig --add dovecot /sbin/chkconfig dovecot on /sbin/chkconfig --list dovecot

Dovecot INIT File
# # # . /etc/init.d/functions test -x /usr/local/sbin/dovecot || exit 0 RETVAL=0 prog="Dovecot Imap" start { echo -n $"Starting $prog: " daemon /usr/local/sbin/dovecot RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/dovecot echo } stop { echo -n $"Stopping $prog: " killproc /usr/local/sbin/dovecot RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/dovecot echo } case "$1" in  start) 	start 	;;   stop) stop ;;  reload|restart) 	stop 	start 	RETVAL=$? 	;;   condrestart) if [ -f /var/lock/subsys/dovecot ]; then stop start fi ;;  status) 	status /usr/local/sbin/dovecot 	RETVAL=$? 	;;   *) echo $"Usage: $0 {condrestart|start|stop|restart|reload|status}" exit 1 esac exit $RETVAL
 * 1) !/bin/bash
 * 1) 	/etc/rc.d/init.d/dovecot
 * 1) Starts the dovecot daemon
 * 1) chkconfig: - 65 35
 * 2) description: Dovecot Imap Server
 * 3) processname: dovecot
 * 4) Source function library.

Self-signed SSL Certificates
Self-signed SSL certificates are the easiest way to get your SSL server working. However unless you take some action to prevent it, this is at the cost of security:


 * The first time the client connects to the server, it sees the certificate and asks the user whether to trust it. The user of course doesn't really bother verifying the certificate's fingerprint, so a man-in-the-middle attack can easily bypass all the SSL security, steal the user's password and so on.
 * If the client was lucky enough not to get attacked the first time it connected, the following connections will be secure as long as the client had permanently saved the certificate. Some clients do this, while others have to be manually configured to accept the certificate.

The only way to be fully secure is to import the SSL certificate to client's (or operating system's) list of trusted CA certificates prior to first connection. See SSL/CertificateClientImporting how to do it for different clients.

Building Dovcot's Self-Signed Certificates
Dovecot includes a script to build self-signed SSL certificates using OpenSSL. First you need to find the dovecot-openssl.cnf file. The best way on Fedora to do this is via the locate command. locate dovecot-openssl.cnf Mine was located at /etc/pki/dovecot/dovecot-openssl.cnf. Now that you have found the file you need to add your server information to it, like this. [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=US ST=MN L=SaintPaul O=mattrude.com OU=IMAP server CN=*.mattrude.com emailAddress=post@mattrude.com [ cert_type ] nsCertType = server
 * Configuring the Certificate Config File
 * 1) country (2 letter code)
 * 1) State or Province Name (full name)
 * 1) Locality Name (eg. city)
 * 1) Organization (eg. company)
 * 1) Organizational Unit Name (eg. section)
 * 1) Common Name (*.example.com is also possible)
 * 1) E-mail contact

/usr/libexec/dovecot/mkcert.sh And now restart Dovecot /sbin/service dovecot restart
 * Build the Certificates

Testing your SSL Certificates
openssl s_client -ssl2 -connect mail.mattrude.com:993

Doveadm
Dovecot's administration utility can be used to manage various parts of Dovecot, as well as access users' mailboxes. Here's a list of some commonly used commands.

Doveadm - Expunge
The expunge command delete's messages from user's mailboxes, by criteria. This is useful mostly for house keeping tasks — such as deleting old messages from the users trash folder. When using dbox mailbox format, the messages are not deleted, but instead, the refcount is reduced by one for each message. To test which messages a given search query would match, you can use doveadm fetch or doveadm search commands. doveadm expunge -u matt mailbox Trash savedbefore 7d
 * Expunge (delete) all messages older then 7 days in matt's Trash folder

Doveadm - Purge
The doveadm purge command is used to remove all messages with refcount=0 from a user's mail storage. The refcount of a message is decreased to 0 when the user (or some administration utility) has expunged all instances of a message from all mailboxes.

When you purge a dbox mailbox, you will be rebuilding the mailboxes without the already deleted mail in it. Purging dose not delete, undeleted mail and is safe to run on users mailboxes. doveadm purge -u matt
 * Purge all deleted items in user matt's mailbox:

Doveadm - Quota
The quota get and quota recalc commands are only available when the global mail_plugins setting contains the quota plugin. doveadm quota get -u matt doveadm quota get -A |grep "STORAGE" doveadm quota recalc -u matt doveadm quota recalc -A
 * List current quota status for a user (-u) or all users (-A):
 * List the quota storage value for ALL users:
 * Rebuild a single user's quota values:
 * Rebuild ALL users's quota values:

Doveadm - Fetch
Doveadm Fetch will display the actule message, or part of the message, depending on what you ask for. doveadm fetch -u matt hdr subject Milly
 * To view the header of all emails with the subject of Milly, in the user matts mailbox:

Doveadm - Search
doveadm search -A mailbox Trash |awk '{print $1}' |sort |uniq -c doveadm search -u matt mailbox INBOX savedbefore 30d doveadm search -u matt mailbox "*" savedbefore 30d
 * To view the number of messages, by user, in their Trash folder:
 * Show all messages older then 30 days in user matt's Inbox:
 * Show all messages older then 30 days for user matt, in any folder:

Dsync
Dsync is Dovecot's mailbox synchronization utility. It can be used for several different use cases: Two-way synchronization of mailboxes in different servers (via ssh), creating backups of mails to a remote server, and convert mailboxes from/to different mailbox formats.

Backing up a Users mailbox
dsync -u user -o mail_location=mdbox:/var/mailboxes/newmailbox mirror mdbox:/var/mailboxes/oldmailbox In the above example, the user being backed up is user, we are coping the mailbox to /var/mailboxes/newmailbox, and creating it in the mdbox format. The orignal mailbox lives at /var/mailboxes/oldmailbox and also happen to be in the mdbox format.

Dovecot's Quota Plugin
The below assumes your using mdbox so dirsize or dict:sql will be the fastest. Since we already have sql setup, were going to go with that.
 * http://wiki2.dovecot.org/Quota

Enabling the Quota Plugin mail_plugins = $mail_plugins quota protocol imap { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins imap_quota } plugin { # SQL backend: quota = dict:User quota::proxy::quota quota_rule = *:storage=1024M:messages=100000 quota_rule2 = Trash:storage=+20%% quota_rule3 = Junk:storage=+20%% } dict { quota = mysql:/etc/dovecot/dovecot-dict-mysql.conf } The dovecot-dict-mysql.conf file should containe something like this connect = host=localhost dbname=postfix user=postfix password=postfix map { pattern = priv/quota/storage table = quota username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota username_field = username value_field = messages } And lastly, add the following table to your email servers database in mySQL. CREATE TABLE quota (  username varchar(100) not null,   bytes bigint not null default 0,   messages integer not null default 0,   primary key (username) );

Dovecot's Expire Plugin

 * http://wiki2.dovecot.org/Plugins/Expire

Dovecot's Trash Plugin

 * http://wiki2.dovecot.org/Plugins/Trash

Dovecot's Zlib Plugin

 * http://wiki2.dovecot.org/Plugins/Zlib

Dovecot's AntiSpam Plugin
The Dovecot Antispam plugin will allow users to indicate Spam messages by moving them into their Junk folder. Unlike Dovecot's other plugins, Antispam is an external plugin you must download and install separately.

The Dovecot Antispam plugin has internally four types of folders. Different actions are programmed when you move the mail from one folder to the other. The following table describes the actions depending on the source and destination folders.

Downloading & Compiling the Plugin
hg clone http://hg.dovecot.org/dovecot-antispam-plugin cd dovecot-antispam-plugin

./autogen.sh ./configure --prefix=/usr make make install

Configuring Dovecot's AntiSpam Plugin
protocol imap { mail_plugins = $mail_plugins antispam }

Troubleshooting Dovecot
See: http://bobpeers.com/technical/telnet_imap.php telnet mail.example.com 143 openssl s_client -connect mail.example.com:993 . login . list "" "*" . select Save
 * Connectiong into Dovecot with telnet
 * Connecting into Dovecot using a SSL connection
 * Logging In
 * Listing Imap Directories
 * Selecting an Imap Directory