# /usr/libexec/dovecot/mkcert.sh

Now all we need is to run the small script that the dovecot people have nicely provided to generate the key.

(:source:)

(:source lang=bash:)

    imap_max_line_length = 65536
    login_greeting_capability = no
    imap_client_workarounds = outlook-idle

    pop3_uidl_format = %08Xu%08Xv
    pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

    postmaster_address = postmaster@example.com

    mechanisms = plain
    passdb pam {
    }
    userdb passwd {
    }
    user = root

Now all we need is to run the small script that the dovecot people have nicely provided to generate the key.\\

1. /usr/share/doc/dovecot-1.0.7/examples/mkcert.sh

Note that you may need to change the path to the exact version on your system.

Edit the /etc/dovecot.conf file so that only the following lines are uncommented:

listen = [::]

login_dir = /var/run/dovecot/login login_greeting = Welcome to oBlue. mail_location = maildir:/mail/%u mail_full_filesystem_access = no maildir_copy_with_hardlinks = yes

  imap_max_line_length = 65536
  login_greeting_capability = no
  imap_client_workarounds = outlook-idle

  pop3_uidl_format = %08Xu%08Xv
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

protocol lda {

  postmaster_address = postmaster@example.com

} auth default {

  mechanisms = plain
  passdb pam {
  }
  userdb passwd {
  }
  user = root

} dict { } plugin { }

Dovecot is an excellent and flexible POP3 and IMAP mail server. Its performance is outstanding and it can be setup to manage large amounts of emails.\\

Docevot is part of Fedora Core/RedHat/CentOS and we don't have to do too much to make it work, although setting encrypted communications takes a bit of work.

First, we need to tell Dovecot where to find our emails: as you remember, we told Postfix to use maildirs in the user directories instead of the default mbox.

You can access that article on the SecureAccess page where we still use stunnel for securing email we send to the server..

That's it, you should now be able to connect to the server after configuring your client to use SSL.

protocols = imap imaps pop3 pop3s

ssl_disable = no ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem ssl_key_file = /etc/pki/dovecot/private/dovecot.pem

(:source lang=bash:)

(:source lang=:)

protocol imap {

 imap_max_line_length = 65536
 login_greeting_capability = yes
 imap_client_workarounds = outlook-idle netscape-eoh

} protocol pop3 {

 pop3_uidl_format = %08Xu%08Xv
 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

}

In the older article for Fedora Core 4 we used stunnel to encrypt our seucred POP and IMAP channels. You can still access that article here?.

To change a bit, we're going to follow Dovecot standard configuration and allow it to use SSL directly for POP3S and IMAPS.

First, remove the existing cert files, we're going to replace them later: (:source:)

1. rm /etc/pki/dovecot/certs/dovecot.pem
2. rm /etc/pki/dovecot/private/dovecot.pem

(:sourcend:)

Then edit the /etc/pki/dovecot/dovecot-openssl.cnf to look suitatble for your organisation: (:source:) [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ]

1. country (2 letter code)

C=HK

1. State or Province Name (full name)

ST=Hong Kong

1. Locality Name (eg. city)

L=Central

1. Organization (eg. company)

O=ACME Publishing Ltd

1. Organizational Unit Name (eg. section)

OU=Main Office

1. Common Name (*.example.com is also possible)

CN=mail.example.com

1. E-mail contact

emailAddress=postmaster@example.com [ cert_type ] nsCertType = server (:sourcend:)

Now we need to correct the small script that the dovecot people have nicely provided to generate the key.
Edit /usr/share/doc/dovecot-1.0/examples/mkcert.sh and change the following line: (:source lang=bash:) ... SSLDIR=${SSLDIR-/etc/pki/dovecot} ... (:sourcend:) Now all we need is to run it. (:source lang=bash:)

1. /usr/share/doc/dovecot-1.0/examples/mkcert.sh

(:sourcend:)

We will disuss how to easily secure access to your email through encrypted channels in the SecureAccess Chapter.

This page is part of the EmailServer article.

Dovecot for POP3 and IMAP

Dovecot is a good and flexible POP3 and IMAP mail server. It is very performing and can manage large amounts of emails.
Docevot is part of Fedora Core 4 and we don't have to do too much to make it work, although setting encrypted communications takes a bit of work.

If you haven't got it on your system, you can build it from source or just use the ubiquitous yum: (:source lang=:)

1. yum install dovecot
2. chkconfig dovecot --levels 235 on

(:sourcend:)

First, we need to tell Dovecot where to fin our emails: as you remember, we told Postfix to use maildirs in the user directories instead of the default mbox.

Edit the /etc/dovecot.conf file and modify the following lines: (:source:) default_mail_env = maildir:/mail/%u/email client_workarounds = oe6-fetch-no-newmail outlook-idle outlook-pop3-no-nuls mailbox_check_interval = 20 mail_full_filesystem_access = no maildir_copy_with_hardlinks = yes (:sourcend:)

Restart Dovecot (service dovecot restart) and test it right away, trying to get email from your test administrator account through POP3 and IMAP. Note that you must have sent email to that account first so Postfix could create the proper directory structure, otherwise you'll get and error when trying to access the IMAP folder that doesn't exist yet.

SSL for IMAP and POP

...ToDo...

< Postfix | EmailServer | AmavisdNew >

(:comments:)