1. Requirements
2. References
- Dovecot
- Dovecot2 WiKi
- Howto Setup a Mail Server with Virtual Users and Domains
- Heronovo - Dovecot (only in czech)
- Sieve filtry na serveru v režii Dovecotu a Roundcube (only in czech)
3. Dovecot2 installation
SSH to your FreeNAS, enter the jail, where postfix is installed, (jexec mail tcsh) and install dovecot. We have to build dovecot using portsnap and configure it with PostgreSQL support.
portsnap extract
cd /usr/ports/mail/dovecot2/
make config
# for dovecot2 configuration select:
# set PGSQL=on: PostgreSQL maps (uses DEFAULT_PGSQL_VER)
# set SSL=on: SSL protocol support
make install clean
- Note: If Postfix is already installed using installation how to you can skip this step and install only pigeonhole.
make install clean
To enable dovecot to starts automatically during start of the jail update the file '/etc/rc.conf'.
- Note: To start multiple instances of dovecot set 'dovecot_config' to a space separated list of configuration files.
4. Dovecot configuration
Create and secure the IMAPS SSL/TLS certificate (or use your existing one and store them to created directory).
cd /etc/ssl/dovecot
openssl req -new -x509 -nodes -out imap.example.com.cert -keyout imap.example.com.key -days 3650
chmod 640 /etc/ssl/dovecot/*
chgrp -R dovecot /etc/ssl/dovecot
Dovecot2 configuration is located at directory '/usr/local/etc/dovecot/conf.d'. First you have to copy files and directory from '/usr/local/etc/dovecot/example-config/' to the '/usr/local/etc/dovecot/' and update the files in the copied directory.
#remove '#' from the line !include conf.d/*.conf
protocols = imap sieve
listen = <ip_address>
#remove '#' from the line !auth-sql.conf.ext
#comment the line !include auth-system.conf.ext
disable_plaintext_auth = yes
auth_default_realm = example.com
Set directory where e-mail Maildirs will be created.
mail_location = maildir:/mnt/mail/%d/%n
mail_gid = mail
mail_uid = mailnull
mail_privileged_group = mail
first_valid_uid = 26
last_valid_uid = 26
first_valid_gid = 6
last_valid_gid = 6
maildir_copy_with_hardlinks = yes
auth_socket_path = /var/run/dovecot/auth-userdb
- Note: 'mail_location = maildir:/mnt/mail/%d/%n' should be the same as defined variable 'virtual_mailbox_base = /mnt/mail' in the file '/usr/local/etc/postfix/main.cf'. The same have to be applied for used 'uid' and 'gid'.
Disable imap without SSL and set smtp-auth for SASL verify for postfix.
service imap-login {
inet_listener imap {
port = 0
}
}
service auth {
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
# Auth process is run as this user.
#user = $default_internal_user
}
Set previously generated/stored SSL certificates.
# SSL certificates
ssl = yes
ssl_cert = </etc/ssl/dovecot/example.com.crt
ssl_key = </etc/ssl/dovecot/example.com.key
# SSL certificates for specific domain
#local_name test.example.com {
# ssl_cert = </etc/ssl/dovecot/imap.test.example.com.cert
# ssl_key = </etc/ssl/dovecot/imap.test.example.com.key
#}
Activate sieve plugin.
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
postmaster_address = postmaster@example.com
mail_plugins = $mail_plugins sieve
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
# log_path = /var/log/dovecot-lda-errors.log
# info_log_path = /var/log/dovecot-lda.log
}
Set ManageSieve protocol.
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service managesieve {
# Max. number of ManageSieve processes (connections)
#process_limit = 1024
}
protocol sieve {
mail_max_userip_connections = 10
# Explicitly specify the SIEVE and NOTIFY capability reported by the server before
# login. If left unassigned these will be reported dynamically according to what
# the Sieve interpreter supports by default (after login this may differ depending
# on the user).
# managesieve_sieve_capability =
# managesieve_notify_capability =
# log_path = /var/log/dovecot-sieve-errors.log
# info_log_path = /var/log/dovecot-sieve.log
}
Set sieve plugin.
plugin {
# Used by both the Sieve plugin and the ManageSieve protocol
sieve = /mnt/mail/%d/%n/.dovecot.sieve
sieve_dir = /mnt/mail/%d/%n/.sieve
sieve_extensions = +notify +imapflags
recipient_delimiter = +
}
Define users authorization usin PostgreSQL database.
passdb {
driver = sql
args = /usr/local/etc/dovecot/dovecot-sql.conf
}
userdb {
driver = static
args = /usr/local/etc/dovecot/dovecot-sql.conf
}
To enable SQL query in the database (e.g. for local delivery and user authorization) we have to allow access to database 'mail' used by postfix server. So, connect to PostgreSql installation and execute commands below.
createuser --pwprompt --encrypted --no-createrole --no-createdb dovecot
psql mail
ALTER ROLE mailman WITH USER dovecot;
GRANT SELECT ON mailbox,alias TO dovecot;
- Note: Don't forget to set up authentication file '/mnt/sql/pgsql/data/pg_hba.conf' for user 'dovecot' and reload configuration of PostgreSQL.
Create file with SQL query for user authorization.
driver = pgsql
connect = host= postgresql_ip_address_or_fqdn dbname=mail user=dovecot password=dovecot_sql_password
default_pass_scheme = BLF-CRYPT
password_query = \
SELECT username as user, password \
FROM mailbox WHERE username = '%u' AND active = true
user_query = \
SELECT concat('/mnt/mail/', mailbox.domain, '/', mailbox.local_part) as home, '26' as uid, '6' as gid \
FROM alias, mailbox WHERE alias.address='%u' and alias.goto=mailbox.username
5. Start and check dovecot service
Start dovecot service
Now you can test SSL IMAP connection by command:
Comments