User Tools

Site Tools


dovecot

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
dovecot [2021/02/11 13:11] admindovecot [2023/12/13 19:30] (current) admin
Line 13: Line 13:
 <code>openssl dhparam -out /etc/dovecot/dh4096.pem 4096</code> <code>openssl dhparam -out /etc/dovecot/dh4096.pem 4096</code>
  
 +Dann wird /etc/dovecot/dovecot.conf erstellt
  
-<del>Dann wird in der /etc/dovecot/dovecot.conf der Eintrag "listen" geändert. anstatt+<code> 
 +#mail_debug = no 
 +## 
 +## Aktivierte Protokolle 
 +##
  
-<code>listen *, ::</code>+protocols imap lmtp sieve 
  
-trägt man dort seine IPv4 und v6 Adressen ein.+## 
 +## TLS Config 
 +## Quelle: https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d&guideline=5.4 
 +## 
 +ssl = yes 
 +disable_plaintext_auth=no 
 +ssl_cert = </etc/letsencrypt/live/mail.domain.tld/fullchain.pem 
 +ssl_key = </etc/letsencrypt/live/mail.domain.tld/privkey.pem 
 +ssl_dh = </etc/dovecot/dh4096.pem 
 +ssl_min_protocol = TLSv1.2 
 +ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 
 +ssl_prefer_server_ciphers = no
  
-Dann geht es weiter in das Verzeichnis /etc/dovecot/conf.d/. Dort wird zuerst die Datei 10-auth.conf angepasst. Auf Plaintext, da wir ja eine TLS Verschlüsselung haben, es da also keine Gefahr gibt+ 
-Folgende Zeilen anpassen: +## 
-<code>disable_plaintext_auth = no+## Dovecot services 
 +## 
 + 
 +service imap-login { 
 +    inet_listener imap { 
 +        port = 143 
 +    } 
 +
 + 
 +service managesieve-login { 
 +    inet_listener sieve { 
 +        port = 4190 
 +    } 
 +
 + 
 +service lmtp { 
 +     unix_listener lmtp { 
 +     #mode = 0666 
 +      }  
 +    user = vmail 
 +
 + 
 +service auth 
 +    ### Auth socket für LMTP-Dienst 
 +    unix_listener auth-userdb { 
 +        mode = 0660 
 +        user = vmail 
 +        group = vmail 
 +    } 
 +
 + 
 + 
 +## 
 +##  Protocol settings 
 +## 
 + 
 +protocol imap { 
 +    mail_plugins = $mail_plugins quota imap_quota imap_sieve 
 +    mail_max_userip_connections = 50 
 +    imap_idle_notify_interval = 29 mins 
 +
 + 
 +protocol lmtp { 
 +    postmaster_address = postmaster@mail.domain.tld 
 +    mail_plugins = $mail_plugins sieve notify push_notification 
 +
 + 
 + 
 +## 
 +## Client authentication 
 +## 
 + 
 +disable_plaintext_auth = yes
 auth_mechanisms = plain login auth_mechanisms = plain login
 +auth_username_format = %Lu
 +
 +passdb {
 +    driver = sql
 +    args = /etc/dovecot/dovecot-sql.conf
 +}
 +
 +userdb {
 +    driver = sql
 +    args = /etc/dovecot/dovecot-sql.conf
 +}
 +
 +
 +##
 +## Address tagging
 +##
 +recipient_delimiter = +
 +
 +
 +##
 +## Mail location
 +##
 +
 +mail_uid = vmail
 +mail_gid = vmail
 +mail_privileged_group = vmail
 +
 +mail_home = /var/vmail/%d/%n
 +mail_location = maildir:~/mail:LAYOUT=fs
 +
 +##
 +## Mailbox configuration
 +##
 +
 +namespace inbox {
 +    inbox = yes
 +
 +    mailbox Junk {
 +        auto = subscribe
 +        special_use = \Junk
 +    }
 +
 +    mailbox Trash {
 +        auto = subscribe
 +        special_use = \Trash
 +    }
 +
 +    mailbox Drafts {
 +        auto = subscribe
 +        special_use = \Drafts
 +    }
 +
 +    mailbox Sent {
 +        auto = subscribe
 +        special_use = \Sent
 +    }
 +}
 +
 +
 +##
 +## Mail plugins
 +##
 +
 +plugin {
 +    sieve_plugins = sieve_imapsieve sieve_extprograms
 +    sieve_before = /var/vmail/sieve/global/spam-global.sieve
 +    sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve
 +
 +    ###
 +    ### Spam learning
 +    ###
 +    # From elsewhere to Spam folder
 +    imapsieve_mailbox1_name = Junk
 +    imapsieve_mailbox1_causes = COPY
 +    imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve
 +
 +    # From Spam folder to elsewhere
 +    imapsieve_mailbox2_name = *
 +    imapsieve_mailbox2_from = Junk
 +    imapsieve_mailbox2_causes = COPY
 +    imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
 +
 +    sieve_pipe_bin_dir = /usr/bin
 +    sieve_global_extensions = +vnd.dovecot.pipe
 +
 +    quota = maildir:User quota
 +    quota_exceeded_message = Benutzer %u hat das Speichervolumen überschritten. / User %u has exhausted allowed storage space.
 +}
 +
 </code> </code>
  
-Dann im selben Verzeichnis die Datei 10-ssl.conf anpassen, und dort unsere Letsencrypt Zertifikate eintragen.+Und dann noch das /etc/dovecot/dovecot-sql.conf
  
 <code> <code>
-ssl required +driver=mysql 
-ssl_cert </etc/acme.sh/mail.mysystems.tld/fullchain.pem +connect "host=localhost dbname=vmail user=vmail password=DatenbankPasswort" 
-ssl_key </etc/letsencrypt/live/mail.example.com/privkey.pem + 
-ssl_dh </etc/dovecot/dh4096.pem +default_pass_scheme BLF-CRYPT 
-ssl_min_protocol = TLSv1.2 + 
-ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 +password_query = SELECT username, domain, password FROM credentials WHERE username '%Ln' AND domain = '%Ld'; 
-ssl_prefer_server_ciphers = no</code></del>+ 
 +user_query = SELECT 2000 AS uid, 2000 as gid, '/var/vmail/%Ld/%Ln' AS home; 
 +</code>
dovecot.txt · Last modified: 2023/12/13 19:30 by admin

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki