Table of Contents

Ubuntu - Email - Install Dovecot

Dovecot is an IMAP server.

It takes responsibility for connecting your email client (Thunderbird, etc.) to your mail box.

Dovecot is configured to provide authentication (username and password) support to Postfix that is used when an authorized user goes to send email via Postfix.

NOTE: Your email client will connect to Dovecot using a protocol called IMAP (or POP).

Dovecot provides access to your mailboxes and when you are reading your email you are using Dovecot.

When you to go send mail from your email client, it connects directly to Postfix using a protocol called SMTP. Dovecot is not needed here.

However, before you can be allowed to access your email you need to prove that you are authorized to access it. This is referred to as authentication. To support this, Dovecot provides support for authentication.

In the earlier simpler days of the Internet before Spam, authentication was not required to send email. However these days you also need to authenticate yourself to prove that you are authorized to send mail. Sending mail is handled by Postfix, but rather than building authentication into Postfix as well, Postfix is instead configured to use Dovecot for authentication when sending email.

Install Dovecot

sudo apt install dovecot

Configuring Dovecot

The configuration files for Dovecot are usually found in /etc/dovecot.

NOTE: It is recommended to leave the default configuration alone and just adding your modifications into local.conf.

This file is read last and so any settings it contains will override the same settings that are contained in the default configuration.

Basic Configuration

The first part of the configuration specifies which protocols to support (IMAP and/or POP3) and where the mailboxes can be found:

/etc/dovecot/local.conf
#protocols = imap pop3
protocols = imap
 
mail_location = maildir:~/mail

Transport Layer Security (SSL)

This assumes that you have already created an certificate using OpenSSL. The one I am using is named ssl-mail-cert:

/etc/dovecot/local.conf
...
# TLS/SSL protocols to use (avoid older SSL protocols)
ssl_protocols = !SSLv2  !SSLv3
 
# SSL ciphers to use
ssl_cipher_list = ALL:!ADH:!EXPORT:!SSLv2:!aNULL:!eNULL:RC4+RSA:+HIGH:-MEDIUM:-LOW
ssl_prefer_server_ciphers = yes
 
# SSL certificate
ssl=required
ssl_cert = </etc/pki/tls/certs/ssl-mail-cert.crt
ssl_key = </etc/pki/tls/private/ssl-mail-cert.key

Authentication

The following is used to configure authentication:

/etc/dovecot/local.conf
...
auth_mechanisms = plain
passdb {
    driver = passwd-file
    args = /etc/dovecot/passwd
}
userdb {
    driver = static
    args = uid=vmail gid=vmail home=/home/vmail/%d/%n allow_all_users=yes
}
service auth {
    unix_listener auth-client {
        path = /var/spool/postfix/private/auth
        mode = 0660
        user = postfix
        group = postfix
    }
    user = root
}

NOTE:

  • auth_mechanisms specifies the various forms in which the password can be passed to Dovecot (there may be more than one specified).
    • Using plain is fine because it will only be passed through an SSL tunnel, and so will not be exposed.
  • passdb specifies password database, in this case /etc/dovecot/passwd. It takes the form:
    /etc/dovecot/passwd
    peter@sharewiz.net:{PLAIN}5Eu6f9AKe2vN
peter@abcd.com:{PLAIN}L2YoWQ6JdSCo
admin@sharewiz.net:{PLAIN}M2ydCc4ZwA1s
    • Each consists of the email for each of the virtual mail boxes (much match values given to Postfix in the virtual_mailbox_maps file).
    • After the email address there is a colon and then a specification of how the password is encoded enclosed in braces.
    • Finally there is the encoded password. Of course, if the encoding is specified as PLAIN, there is no encoding and the password is given directly. However it is more secure it you do encode the passwords. To do so, run: 
      doveadm pw -s SSHA
      • SSHA employs a salted SSH1 hash, but there are many others available.
  • userdb specifies parameters used when creating the virtual mailboxes.
  • service auth specifies the parameters for a socket that is created to allow Postfix to communicate with Dovecot to support authentication.
    • The path is the location of the socket (the last part of this path should be specified to Postfix in smtpd_sasl_path.

Configuring Dovecot as the Local Delivery Agent

The following is sufficient to configure the Dovecot LDA:

/etc/dovecot/local.conf
...
protocol lda {
    postmaster_address = admin@sharewiz.net
}

Firewall Configuration

Open firewall ports:

Running Dovecot

Start Dovecot using: 

systemctl start dovecot

If Dovecot is already running, and you have changed a configuration file, you can get Dovecot to reread these files using: 

systemctl reload dovecot

You can stop Dovecot with: 

systemctl stop dovecot

You can get Dovecot status with: 

systemctl status dovecot

Once Dovecot is running, you should configure your email client and confirm that you can both view the mailboxes and you can send messages.

Once Dovecot is running properly, you can enable it so that it starts automatically when the server starts using: 

systemctl enable dovecot

Configuring Email Client

To configure Thunderbird to use your new Postfix/Dovecot email system 

IMAP server: sharewiz.net
    Port: 993
    Security: SSL/TLS
    Authentication Method: normal password
    Username: peter@sharewiz.net
SMTP server: sharewiz.net
    Port: 587
    Security: STARTTLS
    Authentication Method: normal password
    Username: peter@sharewiz.net

To configure Mutt to use your new Postfix/Dovecot email system: 

set spoolfile=imaps://sharewiz.net:993/INBOX
set folder=imaps://sharewiz,net:993/
set smtp_url=smtp://peter@sharewiz.net:587
#               ^ do not use smtps here

# Alternative ways of giving username and password.
set imap_user="peter@sharewiz.net"
set imap_pass="`abraxas -q work-email-fallback`"
set smtp_pass=$imap_pass
set smtp_authenticators="plain"