Edit - To Do - AllRecentChanges
| Recent Changes Printable View Page History Edit Page |
This page is part of the EmailServer article.
Dovecot for POP3 and IMAP
Dovecot is a good and flexible POP3 and IMAP mail server. It is very performing and can manage large amounts of emails.
Docevot is part of Fedora Core 4 and we don't have to do too much to make it work, although setting encrypted communications takes a bit of work.
If you haven't got it on your system, you can build it from source or just use the ubiquitous yum:
# chkconfig dovecot --levels 235 on
First, we need to tell Dovecot where to fin our emails: as you remember, we told Postfix to use maildirs in the user directories instead of the default mbox.
Edit the /etc/dovecot.conf file and modify the following lines:
ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
protocol imap {
imap_max_line_length = 65536
login_greeting_capability = yes
imap_client_workarounds = outlook-idle netscape-eoh
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
default_mail_env = maildir:/mail/%u/email
mail_full_filesystem_access = no
Restart Dovecot (service dovecot restart) and test it right away, trying to get email from your test administrator account through POP3 and IMAP.
Note that you must have sent email to that account first so Postfix could create the proper directory structure, otherwise you'll get and error when trying to access the IMAP folder that doesn't exist yet.
SSL for IMAP and POP
In the older article for Fedora Core 4 we used stunnel to encrypt our seucred POP and IMAP channels. You can access that article on the SecureAccess page where we still use stunnel for securing email we send to the server..
To change a bit, we're going to follow Dovecot standard configuration and allow it to use SSL directly for POP3S and IMAPS.
First, remove the existing cert files, we're going to replace them later:
Then edit the /etc/pki/dovecot/dovecot-openssl.cnf to look suitatble for your organisation:
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
# country (2 letter code)
C=HK
# State or Province Name (full name)
ST=Hong Kong
# Locality Name (eg. city)
L=Central
# Organization (eg. company)
O=ACME Publishing Ltd
# Organizational Unit Name (eg. section)
OU=Main Office
# Common Name (*.example.com is also possible)
CN=mail.example.com
# E-mail contact
emailAddress=postmaster@example.com
[ cert_type ]
nsCertType = server
Now we need to correct the small script that the dovecot people have nicely provided to generate the key.
Edit /usr/share/doc/dovecot-1.0/examples/mkcert.sh and change the following line:
SSLDIR=${SSLDIR-/etc/pki/dovecot}
...
Now all we need is to run it.
That's it, you should now be able to connect to the server after configuring your client to use SSL.
< Postfix | EmailServer | AmavisdNew >