Dovecot

Wir installieren dovecot nur mit impa und sieve, ich bin der Meinung pop3 braucht niemand mehr heute. Sieve ist ganz coll, weil man damit schon serverseitig beim Posteingang Mails in Ordner sortieren kann.

apt install dovecot-imapd dovecot-lmtpd dovecot-sieve dovecot-mysql

Dovecot ist gar nicht so schwer zu konfigurieren, wie es aussieht. Also beherzt den ganzen Schrott wegwerfen.

rm -rf /etc/dovecot/*

Diffie Hellman Parameter für Dovecot erstellen.

openssl dhparam -out /etc/dovecot/dh4096.pem 4096

Jetzt kann man erstmal Kaffee trinken gehen. Das dauert.

Dann wird /etc/dovecot/dovecot.conf erstellt

#mail_debug = no
##
## Aktivierte Protokolle
##

protocols = imap lmtp sieve 

##
## TLS Config
## Quelle: https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d&guideline=5.4
##
ssl = yes
disable_plaintext_auth=no
ssl_cert = </etc/letsencrypt/live/mail.domain.tld/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.domain.tld/privkey.pem
ssl_dh = </etc/dovecot/dh4096.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = no


##
## Dovecot services
##

service imap-login {
    inet_listener imap {
        port = 143
    }
}

service managesieve-login {
    inet_listener sieve {
        port = 4190
    }
}

service lmtp {
     unix_listener lmtp {
     #mode = 0666
      } 
    user = vmail
}

service auth {
    ### Auth socket für LMTP-Dienst
    unix_listener auth-userdb {
        mode = 0660
        user = vmail
        group = vmail
    }
}


##
##  Protocol settings
##

protocol imap {
    mail_plugins = $mail_plugins imap_sieve
    mail_max_userip_connections = 50
    imap_idle_notify_interval = 29 mins
}

protocol lmtp {
    postmaster_address = postmaster@mail.domain.tld
    mail_plugins = $mail_plugins sieve notify push_notification
}


##
## Client authentication
##

disable_plaintext_auth = yes
auth_mechanisms = plain login
auth_username_format = %Lu

passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}

userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}


##
## Address tagging
##
recipient_delimiter = +


##
## Mail location
##

mail_uid = vmail
mail_gid = vmail
mail_privileged_group = vmail

mail_home = /var/vmail/%d/%n
mail_location = maildir:~/mail:LAYOUT=fs

##
## Mailbox configuration
##

namespace inbox {
    inbox = yes

    mailbox Junk {
        auto = subscribe
        special_use = \Junk
    }

    mailbox Trash {
        auto = subscribe
        special_use = \Trash
    }

    mailbox Drafts {
        auto = subscribe
        special_use = \Drafts
    }

    mailbox Sent {
        auto = subscribe
        special_use = \Sent
    }
}


##
## Mail plugins
##

plugin {
    sieve_plugins = sieve_imapsieve sieve_extprograms
    sieve_before = /var/vmail/sieve/global/spam-global.sieve
    sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve

    ###
    ### Spam learning
    ###
    # From elsewhere to Spam folder
    imapsieve_mailbox1_name = Junk
    imapsieve_mailbox1_causes = COPY
    imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve

    # From Spam folder to elsewhere
    imapsieve_mailbox2_name = *
    imapsieve_mailbox2_from = Junk
    imapsieve_mailbox2_causes = COPY
    imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve

    sieve_pipe_bin_dir = /usr/bin
    sieve_global_extensions = +vnd.dovecot.pipe

}

Und dann noch das /etc/dovecot/dovecot-sql.conf

driver=mysql
connect = "host=localhost dbname=vmail user=vmail password=DatenbankPasswort"

default_pass_scheme = BLF-CRYPT

password_query = SELECT username, domain, password FROM credentials WHERE username = '%Ln' AND domain = '%Ld';

user_query = SELECT 2000 AS uid, 2000 as gid, '/var/vmail/%Ld/%Ln' AS home;