Weight: 2
Description: Candidates should be able to install and configure POP and IMAP daemons.
Key Knowledge Areas:
Dovecot IMAP and POP3 configuration and administration
Basic TLS configuration for Dovecot
Awareness of Courier
Terms and Utilities:
/etc/dovecot/
dovecot.conf
doveconf
doveadm
POP3 and IMAP are two famous protocols which are used to let us check our mail box remotly. There some deamons which seat beside Mail servers(MTAs) and provide these two protocols such as:
Courier
Dovecot
POP3 (Post Office Protocol) | IMAP(Internet Message Access Protocol) |
Downloads e-mails(could be configured to leave a copy on server) | e-mails stay on the server |
Mails are stored on the clients | Clients read e-mail remotely |
The main advantage of IMAP over POP3 is the ability to keep the original e-mail stored on the mail server and the ability to access the same account from multiple locations. Unlike POP3 where e-mail is downloaded to the computer or device checking for mail and completely removed from the mail server, IMAP simply downloads a copy of the e-mail. This is much more convenient as the e-mail account can be set up on multiple computers and devices using IMAP and the original e-mail will always remain on the mail server.
Another advantage of IMAP over POP3 is that , In cases where a mobile phone or personal computer was configured to be the primary means of checking e-mail and malfunctions, is lost, stolen, or totally inoperable, the e-mails will not be lost.
Although POP3 client can be configured to leave a copy of e-mail on server but, if one were to set up an e-mail account on a mobile phone as POP3, the phone would download all e-mails, removing them from the server. If one were to then check the webmail or home computer for the same e-mail account, there would be no mails viewable as they have already been download by the mobile phone.
On the other hand, with IMAP as all e-mailes are kept on the server, if server crashs no one from client would have a local copy of e-mails even and administrator should have a storng backup plan for that. Keeping all e-mails on the sever has another disadvantage and it might cause mail server ran out of space!
Courier is one of the oldest MTAs in the open source world and consequently it includes a sutie of softwares. As a server Courier provides ESMTP, IMAP, POP3, SMAP, webmail, and mailing list services with individual components.
Parts of Courier, such as the maildrop filtering system, the webmail and IMAP server, can also be installed as independent packages which can be used with other mail servers. It is best known for its IMAP server component.
Courier-IMAP is a particularly popular combination with Qmail, Exim, and Postfix servers that are configured to use maildirs.
Here we use Ubuntu to have a quick look at courier, (Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ) :
[email protected]:~# apt-cache search courier | grep couriercourier-authdaemon - Courier authentication daemoncourier-authlib - Courier authentication librarycourier-authlib-dev - Development libraries for the Courier authentication librarycourier-authlib-ldap - LDAP support for the Courier authentication librarycourier-authlib-mysql - MySQL support for the Courier authentication librarycourier-authlib-pipe - External authentication support for the Courier authentication librarycourier-authlib-postgresql - PostgreSQL support for the Courier authentication librarycourier-authlib-sqlite - LDAP support for the Courier authentication librarycourier-authlib-userdb - userdb support for the Courier authentication librarycourier-base - Courier mail server - base systemcourier-doc - Courier mail server - additional documentationcourier-faxmail - Courier mail server - Fax<->mail gatewaycourier-filter-perl - purely Perl-based mail filter framework for the Courier MTAcourier-imap - Courier mail server - IMAP servercourier-imap-ssl - Courier mail server - IMAP over SSLcourier-ldap - Courier mail server - LDAP supportcourier-maildrop - Courier mail server - mail delivery agentcourier-mlm - Courier mail server - mailing list managercourier-mta - Courier mail server - ESMTP daemoncourier-mta-ssl - Courier mail server - ESMTP over SSLcourier-pcp - Courier mail server - PCP servercourier-pop - Courier mail server - POP3 servercourier-pop-ssl - Courier mail server - POP3 over SSLcourier-ssl - Courier mail server - SSL/TLS Supportcourier-webadmin - Courier mail server - web-based administration frontendcouriergraph - Mail statistics RRDtool frontend for Courier-{POP,IMAP}couriergrey - Mail filter interface of Courier-MTA to support greylistinglibcourier-unicode-dev - Courier Unicode library (development files and headers)libcourier-unicode1 - Courier Unicode library (shared runtime library)mysqmail-courier-logger - real-time logging system in MySQL - Courier traffic-logger[email protected]:~# apt-get install courier-imap courier-pop
during installtion if it ask for configuring web-based Administration say "no" and lets make our hands dirty with the command line:
┌───────────────────────┤Configuring courier-base ├────────────────────────┐│ ││ Courier uses several configuration files in /etc/courier. Some of these ││ files can be replaced by a subdirectory whose contents are concatenated ││ and treated as a single, consolidated, configuration file. ││ ││ The web-based administration provided by the courier-webadmin package ││ relies on configuration directories instead of configuration files. If ││ you agree, any directories needed for the web-based administration tool ││ will be created unless there is already a plain file in place. ││ ││ Create directories for web-based administration? ││ ││ <Yes> <<<No>>>
it makse two configuration files:
[email protected]:~# cd /etc/courier/[email protected]:/etc/courier# ls -ltotal 28-rw-rw---- 1 daemon daemon 3678 Apr 5 2016 authdaemonrc-rw-r--r-- 1 root root 14386 Apr 5 2016 imapd-rw-r--r-- 1 root root 3739 Apr 5 2016 pop3ddrwxr-xr-x 2 daemon daemon 4096 May 27 04:23 shared
Lets take a look at imapd configuration file:
[email protected]:/etc/courier# cat imapd##VERSION: $Id: imapd.dist.in 159 2011-11-14 02:07:00Z mrsam $## imapd created from imapd.dist by sysconftool## Do not alter lines that begin with ##, they are used when upgrading# this configuration.## Copyright 1998 - 2008 Double Precision, Inc. See COPYING for# distribution information.## This configuration file sets various options for the Courier-IMAP server# when used with the couriertcpd server.# A lot of the stuff here is documented in the manual page for couriertcpd.## NOTE - do not use \ to split long variable contents on multiple lines.# This will break the default imapd.rc script, which parses this file.###NAME: ADDRESS:0## Address to listen on, can be set to a single IP address.## ADDRESS=127.0.0.1ADDRESS=0##NAME: PORT:1## Port numbers that connections are accepted on. The default is 143,# the standard IMAP port.## Multiple port numbers can be separated by commas. When multiple port# numbers are used it is possible to select a specific IP address for a# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1# The previous ADDRESS setting is a default for ports that do not have# a specified IP address.PORT=143##NAME: AUTHSERVICE:0## It's possible to authenticate using a different 'service' parameter# depending on the connection's port. This only works with authentication# modules that use the 'service' parameter, such as PAM. Example:## AUTHSERVICE143=imap# AUTHSERVICE993=imaps##NAME: MAXDAEMONS:0## Maximum number of IMAP servers started#MAXDAEMONS=40##NAME: MAXPERIP:0## Maximum number of connections to accept from the same IP addressMAXPERIP=20##NAME: PIDFILE:0## File where couriertcpd will save its process ID#PIDFILE=/var/run/courier/imapd.pid##NAME: TCPDOPTS:0## Miscellaneous couriertcpd options that shouldn't be changed.#TCPDOPTS="-nodnslookup -noidentlookup"##NAME: LOGGEROPTS:0## courierlogger(1) options.#LOGGEROPTS="-name=imapd"##NAME: DEFDOMAIN:0## Optional default domain. If the username does not contain the# first character of DEFDOMAIN, then it is appended to the username.# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended# only if the username does not contain any character from DOMAINSEP.# You can set different default domains based on the the interface IP# address using the -access and -accesslocal options of couriertcpd(1).#DEFDOMAIN="@example.com"##NAME: IMAP_CAPABILITY:1## IMAP_CAPABILITY specifies what most of the response should be to the# CAPABILITY command.## If you have properly configured Courier to use CRAM-MD5, CRAM-SHA1, or# CRAM-SHA256 authentication (see INSTALL), set IMAP_CAPABILITY as follows:## IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"#IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"##NAME: KEYWORDS_CAPABILITY:0## IMAP_KEYWORDS=1 enables custom IMAP keywords. Set this option to 0 to# disable custom keywords.## IMAP_KEYWORDS=2 also enables custom IMAP keywords, but uses a slower# algorithm. Use this setting if keyword-related problems occur when# multiple IMAP clients are updating keywords on the same message.IMAP_KEYWORDS=1##NAME: ACL_CAPABILITY:0## IMAP_ACL=1 enables IMAP ACL extension. Set this option to 0 to# disable ACL capabilities announce.IMAP_ACL=1##NAME: SMAP1_CAPABILITY:0## EXPERIMENTAL## To enable the experimental "Simple Mail Access Protocol" extensions,# uncomment the following setting.## SMAP_CAPABILITY=SMAP1##NAME: IMAP_CAPABILITY_ORIG:2## For use by webadminIMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"##NAME: IMAP_PROXY:0## Enable proxying. See README.proxyIMAP_PROXY=0##NAME: PROXY_HOSTNAME:0## Override value from gethostname() when checking if a proxy connection is# required.## PROXY_HOSTNAME=##NAME: IMAP_PROXY_FOREIGN:0## Proxying to non-Courier servers. Re-sends the CAPABILITY command after# logging in to the remote server. May not work with all IMAP clients.IMAP_PROXY_FOREIGN=0##NAME: IMAP_IDLE_TIMEOUT:0## This setting controls how often# the server polls for changes to the folder, in IDLE mode (in seconds).IMAP_IDLE_TIMEOUT=60##NAME: IMAP_MAILBOX_SANITY_CHECK:0## Sanity check -- make sure home directory and maildir's ownership matches# the IMAP server's effective uid and gidIMAP_MAILBOX_SANITY_CHECK=1##NAME: IMAP_CAPABILITY_TLS:0## The following setting will advertise SASL PLAIN authentication after# STARTTLS is established. If you want to allow SASL PLAIN authentication# with or without TLS then just comment this out, and add AUTH=PLAIN to# IMAP_CAPABILITYIMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"##NAME: IMAP_TLS_ORIG:0## For use by webadminIMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"##NAME: IMAP_DISABLETHREADSORT:0## Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -# server side sorting and threading.## Those capabilities will still be advertised, but the server will reject# them. Set this option if you want to disable all the extra load from# server-side threading and sorting. Not advertising those capabilities# will simply result in the clients reading the entire folder, and sorting# it on the client side. That will still put some load on the server.# advertising these capabilities, but rejecting the commands, will stop this# silliness.#IMAP_DISABLETHREADSORT=0##NAME: IMAP_CHECK_ALL_FOLDERS:0## Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new# mail in every folder. Not all IMAP clients use the IMAP's new mail# indicator, but some do. Normally new mail is checked only in INBOX,# because it is a comparatively time consuming operation, and it would be# a complete waste of time unless mail filters are used to deliver# mail directly to folders.## When IMAP clients are used which support new mail indication, and when# mail filters are used to sort incoming mail into folders, setting# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new# mail in folders. Note that this will result in slightly more load on the# server.#IMAP_CHECK_ALL_FOLDERS=0##NAME: IMAP_OBSOLETE_CLIENT:0## Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean# what \\HasNoChildren really means.IMAP_OBSOLETE_CLIENT=0##NAME: IMAP_UMASK:0## IMAP_UMASK sets the umask of the server process. The value of IMAP_UMASK is# simply passed to the "umask" command. The default value is 022.## This feature is mostly useful for shared folders, where the file permissions# of the messages may be important.IMAP_UMASK=022##NAME: IMAP_ULIMITD:0## IMAP_ULIMITD sets the maximum size of the data segment of the server# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"# command (or ulimit -v). The argument to ulimi sets the upper limit on the# size of the data segment of the server process, in kilobytes. The default# value of 65536 sets a very generous limit of 64 megabytes, which should# be more than plenty for anyone.## This feature is used as an additional safety check that should stop# any potential denial-of-service attacks that exploit any kind of# a memory leak to exhaust all the available memory on the server.# It is theoretically possible that obscenely huge folders will also# result in the server running out of memory when doing server-side# sorting (by my calculations you have to have at least 100,000 messages# in a single folder, for that to happen).IMAP_ULIMITD=131072##NAME: IMAP_USELOCKS:0## Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent# multiple access to the same folder. This incurs slight additional# overhead. Concurrent multiple access will still work without this setting,# however occasionally a minor race condition may result in an IMAP client# downloading the same message twice, or a keyword update will fail.## IMAP_USELOCKS=1 is strongly recommended when shared folders are used.IMAP_USELOCKS=1##NAME: IMAP_SHAREDINDEXFILE:0## The index of all accessible folders. Do not change this setting unless# you know what you're doing. See README.sharedfolders for additional# information.IMAP_SHAREDINDEXFILE=/etc/courier/shared/index##NAME: IMAP_ENHANCEDIDLE:0## If Courier was compiled with the File Alteration Monitor, setting# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple# clients may open the same folder concurrently, and receive updates to# folder contents in realtime. See the imapd(8) man page for additional# information.## IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included# in the IMAP_CAPABILITY list.#IMAP_ENHANCEDIDLE=0##NAME: IMAP_TRASHFOLDERNAME:0## The name of the magic trash Folder. For MSOE compatibility,# you can set IMAP_TRASHFOLDERNAME="Deleted Items".## IMPORTANT: If you change this, you must also change IMAP_EMPTYTRASHIMAP_TRASHFOLDERNAME=Trash##NAME: IMAP_EMPTYTRASH:0## The following setting is optional, and causes messages from the given# folder to be automatically deleted after the given number of days.# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default# setting, below, purges 7 day old messages from the Trash folder.# Another useful setting would be:## IMAP_EMPTYTRASH=Trash:7,Sent:30## This would also delete messages from the Sent folder (presumably copies# of sent mail) after 30 days. This is a global setting that is applied to# every mail account, and is probably useful in a controlled, corporate# environment.## Important: the purging is controlled by CTIME, not MTIME (the file time# as shown by ls). It is perfectly ordinary to see stuff in Trash that's# a year old. That's the file modification time, MTIME, that's displayed.# This is generally when the message was originally delivered to this# mailbox. Purging is controlled by a different timestamp, CTIME, which is# changed when the file is moved to the Trash folder (and at other times too).## You might want to disable this setting in certain situations - it results# in a stat() of every file in each folder, at login and logout.#IMAP_EMPTYTRASH=Trash:7##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0## Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This# effectively allows an undo of message deletion by fishing the deleted# mail from trash. Trash can be manually expunged as usually, and mail# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.## NOTE: shared folders are still expunged as usual. Shared folders are# not affected.#IMAP_MOVE_EXPUNGE_TO_TRASH=0##NAME: IMAP_LOG_DELETIONS:0### Set IMAP_LOG_DELETIONS to log all message deletions to syslog.## IMAP_LOG_DELETIONS=1##NAME: IMAPDEBUGFILE:0## IMAPDEBUGFILE="imaplog.dat"## Generate diagnostic logging of IMAP commands.## Set this globally, restart the server. Touch this file in an account's# maildir directory, and Courier-IMAP will append all IMAP commands received# for new sessions for this account. NOTE: existing IMAP sessions are not# affected, only new IMAP logins.##NAME: OUTBOX:0## The next set of options deal with the "Outbox" enhancement.# Uncomment the following setting to create a special folder, named# INBOX.Outbox## OUTBOX=.Outbox##NAME: SENDMAIL:0## If OUTBOX is defined, mail can be sent via the IMAP connection by copying# a message to the INBOX.Outbox folder. For all practical matters,# INBOX.Outbox looks and behaves just like any other IMAP folder. If this# folder doesn't exist it must be created by the IMAP mail client, just# like any other IMAP folder. The kicker: any message copied or moved to# this folder is will be E-mailed by the Courier-IMAP server, by running# the SENDMAIL program. Therefore, messages copied or moved to this# folder must be well-formed RFC-2822 messages, with the recipient list# specified in the To:, Cc:, and Bcc: headers. Courier-IMAP relies on# SENDMAIL to read the recipient list from these headers (and delete the Bcc:# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the# message piped on standard input. $SENDER will be the return address# of the message, which is set by the authentication module.## DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.#SENDMAIL=/usr/sbin/sendmail##NAME: HEADERFROM:0## For administrative and oversight purposes, the return address, $SENDER# will also be saved in the X-IMAP-Sender mail header. This header gets# added to the sent E-mail (but it doesn't get saved in the copy of the# message that's saved in the folder)## WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive# the magic OUTBOX treatment. Therefore advance LARTing is in order for# _all_ of your lusers, until every one of them is aware of this. Otherwise if# OUTBOX is left at its default setting - a folder name that might be used# accidentally - some people may be in for a rude surprise. You can redefine# the name of the magic folder by changing OUTBOX, above. You should do that# and pick a less-obvious name. Perhaps brand it with your organizational# name ( OUTBOX=.WidgetsAndSonsOutbox )HEADERFROM=X-IMAP-Sender##NAME: OUTBOX_MULTIPLE_SEND:0## Remove the following comment to allow a COPY of more than one message to# the Outbox, at a time.## OUTBOX_MULTIPLE_SEND=1##NAME: IMAPDSTART:0## IMAPDSTART is not used directly. Rather, this is a convenient flag to# be read by your system startup script in /etc/rc.d, like this:## . /etc/courier/imapd## case x$IMAPDSTART in# x[yY]*)# /usr/lib/courier/imapd.rc start# ;;# esac## The default setting is going to be NO, so you'll have to manually flip# it to yes.IMAPDSTART=YES##NAME: MAILDIRPATH:0## MAILDIRPATH - directory name of the maildir directory.#MAILDIRPATH=Maildir
ADDRESS=0
says that our server will listed on all configured IP Addresses. PORT=143
defines the IMAP standard port number. The Only place that we need to configure for basic setup is MAILDIRPATCH
.
MAILDIRPATH=mail/inbox
define the same setting in pop3d
file for POP3 protocol.
[email protected]:/etc/courier# cat pop3d | grep -v "^#"PIDFILE=/var/run/courier/pop3d.pidMAXDAEMONS=40MAXPERIP=4POP3AUTH=""POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"POP3AUTH_TLS=""POP3AUTH_TLS_ORIG="LOGIN PLAIN"POP3_PROXY=0PORT=110ADDRESS=0TCPDOPTS="-nodnslookup -noidentlookup"LOGGEROPTS="-name=pop3d"POP3DSTART=YESMAILDIRPATH=mail/inbox
and do not forget to restart teh services:
[email protected]:/etc/courier# systemctl restart courier-imap.service[email protected]:/etc/courier# systemctl restart courier-pop.service
time to check the result with an e-mail client, we used Mozilla thunder bird here:
check it with both imap and pop3 and make sure it is working.
Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind.Timo Sirainen originated Dovecot and first released it in July 2002. Dovecot developers primarily aim to produce a lightweight, fast and easy-to-set-up open-source mailserver.
Primary purpose of dovecot is to act as mail storage server. Mail is delivered to the server using some MDA and stored for later access with MUA. Dovecot can also act as mail proxy server, forwarding connection to another mail server, or act as a lightweight MUA in order to retrieve and manipulate mail on remote server for e.g. mail migration.
According to Openemailsurvey Dovecot has an installed base of more than 3 million email servers and a global market share of 68% of all IMAP servers. While Dovecot software can be used commercially without any license fees, a commercial version is also available as Dovecot Pro. The commercial version is provided by Dovecot Oy along with support and enterprise add-ons such as the object storage and full-text search plugins. Since March 2015, Dovecot Oy has been part of the Open-Xchange Family.
good news about dovecot is that it supports both mail store formats, mbox and maildir.
[email protected]:~# apt-cache search dovecot | grep dovecotdovecot-core - secure POP3/IMAP server - core filesdovecot-dbg - secure POP3/IMAP server - debug symbolsdovecot-dev - secure POP3/IMAP server - header filesdovecot-imapd - secure POP3/IMAP server - IMAP daemondovecot-managesieved - secure POP3/IMAP server - ManageSieve serverdovecot-pop3d - secure POP3/IMAP server - POP3 daemondovecot-sieve - secure POP3/IMAP server - Sieve filters supportargonaut-dovecot - Argonaut (client-module for dovecot)dovecot-antispam - Dovecot plugins for training spam filtersdovecot-gssapi - secure POP3/IMAP server - GSSAPI supportdovecot-ldap - secure POP3/IMAP server - LDAP supportdovecot-lmtpd - secure POP3/IMAP server - LMTP serverdovecot-lucene - secure POP3/IMAP server - Lucene supportdovecot-metadata-plugin - Experimental IMAP METADATA Extension for Dovecotdovecot-mysql - secure POP3/IMAP server - MySQL supportdovecot-pgsql - secure POP3/IMAP server - PostgreSQL supportdovecot-solr - secure POP3/IMAP server - Solr supportdovecot-sqlite - secure POP3/IMAP server - SQLite supportfusiondirectory-plugin-dovecot - dovecot plugin for FusionDirectoryfusiondirectory-plugin-dovecot-schema - LDAP schema for FusionDirectory dovecot pluginmysqmail-dovecot-logger - real-time logging system in MySQL - Dovecot traffic-logger
dovecot has a long list of packages but here we just focus on packages for e-mail access.( Do not forget to remove any other e-mail access software before devecot installation inorder to avoid confilicts apt-get purge courier*
).
[email protected]:~# apt-get install dovecot-imapd dovecot-pop3d
for providing secure imap and pop3 dovecot generates its own self-signed certificate during installation proccess.
The configuration of Dovecot can be found in /etc/dovecot.conf
[email protected]:~# cd /etc/dovecot/[email protected]:/etc/dovecot# ls -ltotal 36drwxr-xr-x 2 root root 4096 May 28 00:00 conf.d-rw-r--r-- 1 root root 4401 Feb 27 11:17 dovecot.conf-rw-r----- 1 root dovecot 1507 Mar 16 2016 dovecot-dict-auth.conf.ext-rw-r----- 1 root dovecot 852 Mar 16 2016 dovecot-dict-sql.conf.ext-rw-r----- 1 root dovecot 5612 Mar 16 2016 dovecot-sql.conf.extdrwxr-xr-x 2 root root 4096 Feb 27 11:28 private-rw-r--r-- 1 root root 121 Feb 27 11:29 README[email protected]:/etc/dovecot# tree.├── conf.d│ ├── 10-auth.conf│ ├── 10-director.conf│ ├── 10-logging.conf│ ├── 10-mail.conf│ ├── 10-master.conf│ ├── 10-ssl.conf│ ├── 10-tcpwrapper.conf│ ├── 15-lda.conf│ ├── 15-mailboxes.conf│ ├── 20-imap.conf│ ├── 20-pop3.conf│ ├── 90-acl.conf│ ├── 90-plugin.conf│ ├── 90-quota.conf│ ├── auth-checkpassword.conf.ext│ ├── auth-deny.conf.ext│ ├── auth-dict.conf.ext│ ├── auth-master.conf.ext│ ├── auth-passwdfile.conf.ext│ ├── auth-sql.conf.ext│ ├── auth-static.conf.ext│ ├── auth-system.conf.ext│ └── auth-vpopmail.conf.ext├── dovecot.conf├── dovecot-dict-auth.conf.ext├── dovecot-dict-sql.conf.ext├── dovecot-sql.conf.ext├── private└── README2 directories, 28 files
it is consist of the mail configuration file dovecot.conf
and many other configuration files in conf.d
directory which are included.
[email protected]:/etc/dovecot# grep include dovecot.conf!include_try /usr/share/dovecot/protocols.d/*.protocol# Most of the actual configuration gets included below. The filenames are!include conf.d/*.conf# A config file can also tried to be included without giving an error if!include_try local.conf
please note that !include
means "include" and the "!" doesn't make negative meaning. That how dovecot's include syntax is! and the main configureation file:
[email protected]:/etc/dovecot# cat dovecot.conf## Dovecot configuration file# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration# "doveconf -n" command gives a clean output of the changed settings. Use it# instead of copy&pasting files when posting to the Dovecot mailing list.# '#' character and everything after it is treated as comments. Extra spaces# and tabs are ignored. If you want to use either of these explicitly, put the# value inside quotes, eg.: key = "# char and trailing whitespace "# Most (but not all) settings can be overridden by different protocols and/or# source/destination IPs by placing the settings inside sections, for example:# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }# Default values are shown for each setting, it's not required to uncomment# those. These are exceptions to this though: No sections (e.g. namespace {})# or plugin settings are added by default, they're listed only as examples.# Paths are also just examples with the real defaults being based on configure# options. The paths listed here are for configure --prefix=/usr# --sysconfdir=/etc --localstatedir=/var# Enable installed protocols!include_try /usr/share/dovecot/protocols.d/*.protocol# A comma separated list of IPs or hosts where to listen in for connections.# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.# If you want to specify non-default ports or anything more complex,# edit conf.d/master.conf.#listen = *, ::# Base directory where to store runtime data.#base_dir = /var/run/dovecot/# Name of this instance. In multi-instance setup doveadm and other commands# can use -i <instance_name> to select which instance is used (an alternative# to -c <config_path>). The instance name is also added to Dovecot processes# in ps output.#instance_name = dovecot# Greeting message for clients.#login_greeting = Dovecot ready.# Space separated list of trusted network ranges. Connections from these# IPs are allowed to override their IP addresses and ports (for logging and# for authentication checks). disable_plaintext_auth is also ignored for# these networks. Typically you'd specify your IMAP proxy servers here.#login_trusted_networks =# Space separated list of login access check sockets (e.g. tcpwrap)#login_access_sockets =# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do# proxying. This isn't necessary normally, but may be useful if the destination# IP is e.g. a load balancer's IP.#auth_proxy_self =# Show more verbose process titles (in ps). Currently shows user name and# IP address. Useful for seeing who are actually using the IMAP processes# (eg. shared mailboxes or if same uid is used for multiple accounts).#verbose_proctitle = no# Should all processes be killed when Dovecot master process shuts down.# Setting this to "no" means that Dovecot can be upgraded without# forcing existing client connections to close (although that could also be# a problem if the upgrade is e.g. because of a security fix).#shutdown_clients = yes# If non-zero, run mail commands via this many connections to doveadm server,# instead of running them directly in the same process.#doveadm_worker_count = 0# UNIX socket or host:port used for connecting to doveadm server#doveadm_socket_path = doveadm-server# Space separated list of environment variables that are preserved on Dovecot# startup and passed down to all of its child processes. You can also give# key=value pairs to always set specific settings.#import_environment = TZ#### Dictionary server settings### Dictionary can be used to store key=value lists. This is used by several# plugins. The dictionary can be accessed either directly or though a# dictionary server. The following dict block maps dictionary names to URIs# when the server is used. These can then be referenced using URIs in format# "proxy::<name>".dict {#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext}# Most of the actual configuration gets included below. The filenames are# first sorted by their ASCII value and parsed in that order. The 00-prefixes# in filenames are intended to make it easier to understand the ordering.!include conf.d/*.conf# A config file can also tried to be included without giving an error if# it's not found:!include_try local.conf
for configuring dovecot we go through conf.d directory:
[email protected]:/etc/dovecot# cd conf.d/[email protected]:/etc/dovecot/conf.d# ls10-auth.conf 15-mailboxes.conf auth-dict.conf.ext10-director.conf 20-imap.conf auth-master.conf.ext10-logging.conf 20-pop3.conf auth-passwdfile.conf.ext10-mail.conf 90-acl.conf auth-sql.conf.ext10-master.conf 90-plugin.conf auth-static.conf.ext10-ssl.conf 90-quota.conf auth-system.conf.ext10-tcpwrapper.conf auth-checkpassword.conf.ext auth-vpopmail.conf.ext15-lda.conf auth-deny.conf.ext
We just need to define which directory mails are stored in 10-mail.conf file (For configuring dovecot inorder to allow special mail clients like outlook modify 20-pop3.conf or 20-imap.conf which are not part of LPIC exam) :
[email protected]:/etc/dovecot/conf.d# cat 10-mail.conf | grep mail_location# path given in the mail_location setting.# mail_location = maildir:~/Maildir# mail_location = mbox:~/mail:INBOX=/var/mail/%u# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%nmail_location = mbox:~/mail:INBOX=/var/mail/%u# mail_location, which is also the default for it.
set mail_location value to mail_location = maildir:~/mail/inbox
.
dovecot does not have seperate services for imap and pop3, it has just one deamon and we need tor restart that inorder to our changes take effect:
[email protected]:/etc/dovecot/conf.d# systemctl restart dovecot.sdovecot.service dovecot.socket[email protected]:/etc/dovecot/conf.d# systemctl restart dovecot.service
to make wheather dovecot is working properly:
[email protected]:/etc/dovecot/conf.d# lsof -i | grep dovecotdovecot 9805 root 24u IPv4 55915 0t0 TCP *:pop3 (LISTEN)dovecot 9805 root 25u IPv6 55916 0t0 TCP *:pop3 (LISTEN)dovecot 9805 root 36u IPv4 55951 0t0 TCP *:imap2 (LISTEN)dovecot 9805 root 37u IPv6 55952 0t0 TCP *:imap2 (LISTEN)[email protected]:/etc/dovecot/conf.d# netstat -tulpen | grep 143tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 0 55951 9805/dovecottcp6 0 0 :::143 :::* LISTEN 0 55952 9805/dovecotudp6 0 0 :::60143 :::* 111 17792 745/avahi-daemon: r[email protected]:/etc/dovecot/conf.d# netstat -tulpen | grep 110tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 0 55915 9805/dovecottcp6 0 0 :::110 :::* LISTEN 0 55916 9805/dovecot
okey this time we use tell to test what we have done :
[email protected]:~$ telnet localhost 110Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.+OK Dovecot ready.user user1+OKpass [email protected]?+OK Logged in.list+OK 1 messages:1 452.retr 1+OK 452 octetsReturn-Path: <[email protected]>X-Original-To: [email protected]Delivered-To: [email protected]Received: by server1.localdomain (Postfix, from userid 1002)id F0D9BC0E16; Sun, 27 May 2018 04:08:02 -0700 (PDT)Subject: test maildirTo: <[email protected]>X-Mailer: mail (GNU Mailutils 2.99.99)Message-Id: <[email protected]>Date: Sun, 27 May 2018 04:08:02 -0700 (PDT)From: [email protected]Hi there test maildir!...quit+OK Logging out.Connection closed by foreign host.
doveconf reads and parses Dovecot's configuration files and converts them into a simpler format used by the rest of Dovecot. :
[email protected]:/etc/dovecot/conf.d# doveconf | less
Most of them are defualt values but some of them are customized values. -n
Show only settings with non-default values.
[email protected]:/etc/dovecot/conf.d# doveconf -n# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf# Pigeonhole version 0.4.13 (7b14904)# OS: Linux 4.10.0-28-generic x86_64 Ubuntu 16.04.3 LTSmail_location = maildir:~/mail/inboxnamespace inbox {inbox = yeslocation =mailbox Drafts {special_use = \Drafts}mailbox Junk {special_use = \Junk}mailbox Sent {special_use = \Sent}mailbox "Sent Messages" {special_use = \Sent}mailbox Trash {special_use = \Trash}prefix =}passdb {driver = pam}protocols = " imap pop3"ssl = nouserdb {driver = passwd}
Dovecot is now automatically configured to use SSL. It uses the package ssl-cert which provides a self signed certificate. Wecan edit the file /etc/dovecot/conf.d/10-ssl.conf .
[email protected]:/etc/dovecot/conf.d# cat 10-ssl.conf#### SSL settings### SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>ssl = no# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before# dropping root privileges, so keep the key file unreadable by anyone but# root. Included doc/mkcert.sh can be used to easily generate self-signed# certificate, just make sure to update the domains in dovecot-openssl.cnf#ssl_cert = </etc/dovecot/dovecot.pem#ssl_key = </etc/dovecot/private/dovecot.pem# If key file is password protected, give the password here. Alternatively# give it when starting dovecot with -p parameter. Since this file is often# world-readable, you may want to place this setting instead to a different# root owned 0600 file by using ssl_key_password = <path.#ssl_key_password =# PEM encoded trusted certificate authority. Set this only if you intend to use# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)#ssl_ca =# Require that CRL check succeeds for client certificates.#ssl_require_crl = yes# Directory and/or file for trusted SSL CA certificates. These are used only# when Dovecot needs to act as an SSL client (e.g. imapc backend). The# directory is usually /etc/ssl/certs in Debian-based systems and the file is# /etc/pki/tls/cert.pem in RedHat-based systems.#ssl_client_ca_dir =#ssl_client_ca_file =# Request client to send a certificate. If you also want to require it, set# auth_ssl_require_client_cert=yes in auth section.#ssl_verify_client_cert = no# Which field from certificate to use for username. commonName and# x500UniqueIdentifier are the usual choices. You'll also need to set# auth_ssl_username_from_cert=yes.#ssl_cert_username_field = commonName# DH parameters length to use.#ssl_dh_parameters_length = 1024# SSL protocols to use#ssl_protocols = !SSLv2# SSL ciphers to use#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL# Prefer the server's order of ciphers over client's.#ssl_prefer_server_ciphers = no# SSL crypto device to use, for valid values run "openssl engine"#ssl_crypto_device =# SSL extra options. Currently supported options are:# no_compression - Disable compression.#ssl_options =
By default the certificate is created to /etc/ssl/certs/dovecot.pem and the private key file is created to /etc/ssl/private/dovecot.pem.We can edit following lines if we want to set up a custom certificate:
ssl_cert = </etc/dovecot/dovecot.pemssl_key = </etc/dovecot/private/dovecot.key
We can get the SSL certificate from a Certificate Issuing Authority or we can create self signed SSL certificate. Once we create the certificate, we will have a key file and a certificate file that we want to make known in the config shown above.
[email protected]:/etc/dovecot/conf.d# openssl req -new -x509 -days 1000 -nodes -out "/etc/dovecot/dovecot.pem" -keyout "/etc/dovecot/private/dovecot.key"Generating a 2048 bit RSA private key.......+++..........................................................................................................................................................+++writing new private key to '/etc/dovecot/private/dovecot.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:usState or Province Name (full name) [Some-State]:wcLocality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:mycompanyOrganizational Unit Name (eg, section) []:ITCommon Name (e.g. server FQDN or YOUR name) []:example.comEmail Address []:[email protected][email protected]:/etc/dovecot/conf.d# ls -l ../private/total 8-rw-r--r-- 1 root root 1704 May 28 05:06 dovecot.key[email protected]:/etc/dovecot/conf.d# cd ..[email protected]:/etc/dovecot# ls -l | grep pem-rw-r--r-- 1 root root 1359 May 28 05:06 dovecot.pem
Now lets edit 10-ssl.conf and restart dovecot daemon:
[email protected]:/etc/dovecot/conf.d# vim 10-ssl.conf[email protected]:/etc/dovecot/conf.d# systemctl restart dovecot.service[email protected]:/etc/dovecot/conf.d# lsof -i | grep dovecotdovecot 12447 root 24u IPv4 76973 0t0 TCP *:pop3 (LISTEN)dovecot 12447 root 25u IPv6 76974 0t0 TCP *:pop3 (LISTEN)dovecot 12447 root 26u IPv4 76975 0t0 TCP *:pop3s (LISTEN)dovecot 12447 root 27u IPv6 76976 0t0 TCP *:pop3s (LISTEN)dovecot 12447 root 38u IPv4 77011 0t0 TCP *:imap2 (LISTEN)dovecot 12447 root 39u IPv6 77012 0t0 TCP *:imap2 (LISTEN)dovecot 12447 root 40u IPv4 77013 0t0 TCP *:imaps (LISTEN)dovecot 12447 root 41u IPv6 77014 0t0 TCP *:imaps (LISTEN)
now lets get connected our server over pop3s(995) and imaps(993) protocols using open ssl utility:
[email protected]:~$ openssl s_client -connect server1:995CONNECTED(00000003)depth=0 C = us, ST = wc, O = mycompany, OU = IT, CN = example.com, emailAddress = [email protected]verify error:num=18:self signed certificateverify return:1depth=0 C = us, ST = wc, O = mycompany, OU = IT, CN = example.com, emailAddress = [email protected]verify return:1---Certificate chain0 s:/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]i:/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]---Server certificate-----BEGIN CERTIFICATE-----MIIDvTCCAqWgAwIBAgIJAKrWQnuBHvkFMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJ3YzESMBAGA1UECgwJbXljb21wYW55MQswCQYDVQQLDAJJVDEUMBIGA1UEAwwLZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE25vd2hlcmVAZXhhbXBsZS5jb20wHhcNMTgwNTI4MTIwNjIzWhcNMjEwMjIxMTIwNjIzWjB1MQswCQYDVQQGEwJ1czELMAkGA1UECAwCd2MxEjAQBgNVBAoMCW15Y29tcGFueTELMAkGA1UECwwCSVQxFDASBgNVBAMMC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkBFhNub3doZXJlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhqQgpNxEU4iNkuhFJYYiMAK01asA5vlsNdQmuCDNs71mrjM+t2fhkmn9ryHayFyPnMd10zGv4kSRdgkeLVoSCdeaRczTk87RAtsWfYuXDzWazqh1Tbv0749zjKBMY0ki4MOpVVblzF+pBFJ3l8jdPOHDih+FFMBj7pm2SAmm2cmUGzmj4Au/Y5MlvDQV8983JT2eCn47D8ey+UCja6KUg8wJJjtBqjTcCrfov1riIjlyOM7huow3dQMVaNPyt9aXiCQ+m3lWNd7BUarqai/8GwQmXkUsfndvu3Q5IFX7remubH1BK9aCJX8t2kyuL4ElXCld01peMRJRG748Xa9+wIDAQABo1AwTjAdBgNVHQ4EFgQUWNFnSS6jOruv4TK1Hxjs09ULtEwwHwYDVR0jBBgwFoAUWNFnSS6jOruv4TK1Hxjs09ULtEwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAC0BOT/hkt4qbTTyfcC9zAiUNI1xyvTi/l47JdJKbpjEeLlzNGT6utkKae3nKQqH1yltNM4I/SAmjPoXWIs0OFTHDEXHIj35Kx0DeTTpWwbM1MGAV63s4KJjGp7x9k0kRH39huNvFb1TvBITH3eRen9qBuSZCqbDjJeqwB4jX3F8TKc6yRDXGQdCEzKsuunsLBlnfLWVMqI6DYv5wC+VvnKM53v0XxovruavC+wj4vWXBhkRAEyLIaFwvhmmSgLeNum7glEg3zpnbqJ8Iig6nwpWA+WCVObEdhx51vYEK9eLCfmWGYFngzln89tw1bnuwVUlPh781yzOPiDketssjzg==-----END CERTIFICATE-----subject=/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]issuer=/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]---No client certificate CA names sentPeer signing digest: SHA512Server Temp Key: ECDH, P-256, 256 bits---SSL handshake has read 1620 bytes and written 431 bytes---New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384Server public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONENo ALPN negotiatedSSL-Session:Protocol : TLSv1.2Cipher : ECDHE-RSA-AES256-GCM-SHA384Session-ID: D0A06B58F454B0BBC44CBDB1CCFC42900C990B89990BFB9A5148EEEF0380AA66Session-ID-ctx:Master-Key: 0BFBCB27898F18D36E1E7D305B817B4D2062124EC780EFCF569C0156CD4B4950D4B2C119CC143B4AA04E9FCCEBC9F25FKey-Arg : NonePSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 300 (seconds)TLS session ticket:0000 - c1 4e 34 72 29 86 bd 08-ae 4a de 43 72 43 90 01 .N4r)....J.CrC..0010 - 25 5a fc 1e 0d 18 7b 80-ac fd 36 d5 d9 99 26 c6 %Z....{...6...&.0020 - 18 bc 3a 95 91 24 dc d3-1e 37 ba 24 72 5e 7a fc ..:..$...7.$r^z.0030 - 77 e0 80 2d 7a 19 5c b9-9a f9 1d eb dd 09 40 fc w..-z.\[email protected]0040 - 46 73 11 80 aa c5 e3 97-07 ac bd 5d 61 d5 02 af Fs.........]a...0050 - 9a 05 c9 01 16 bf 40 28-dd 85 6e ef 14 6a 12 df [email protected](..n..j..0060 - 7b 44 bd 2e 89 f9 f0 a6-2f b1 e1 8e 39 55 a3 af {D....../...9U..0070 - 8c 5b 85 ed 78 aa e0 70-2a a8 02 bc a3 48 dd 92 .[..x..p*....H..0080 - c5 4b 4c 42 43 7b 6b 1a-24 02 a8 eb e1 17 76 60 .KLBC{k.$.....v`0090 - 49 27 bf 15 92 94 06 6c-6f 77 e7 95 a8 66 ed a6 I'.....low...f..Start Time: 1527510044Timeout : 300 (sec)Verify return code: 18 (self signed certificate)---+OK Dovecot ready.^C[email protected]:~$ openssl s_client -connect server1:imapsCONNECTED(00000003)depth=0 C = us, ST = wc, O = mycompany, OU = IT, CN = example.com, emailAddress = [email protected]verify error:num=18:self signed certificateverify return:1depth=0 C = us, ST = wc, O = mycompany, OU = IT, CN = example.com, emailAddress = [email protected]verify return:1---Certificate chain0 s:/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]i:/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]---Server certificate-----BEGIN CERTIFICATE-----MIIDvTCCAqWgAwIBAgIJAKrWQnuBHvkFMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJ3YzESMBAGA1UECgwJbXljb21wYW55MQswCQYDVQQLDAJJVDEUMBIGA1UEAwwLZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE25vd2hlcmVAZXhhbXBsZS5jb20wHhcNMTgwNTI4MTIwNjIzWhcNMjEwMjIxMTIwNjIzWjB1MQswCQYDVQQGEwJ1czELMAkGA1UECAwCd2MxEjAQBgNVBAoMCW15Y29tcGFueTELMAkGA1UECwwCSVQxFDASBgNVBAMMC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkBFhNub3doZXJlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhqQgpNxEU4iNkuhFJYYiMAK01asA5vlsNdQmuCDNs71mrjM+t2fhkmn9ryHayFyPnMd10zGv4kSRdgkeLVoSCdeaRczTk87RAtsWfYuXDzWazqh1Tbv0749zjKBMY0ki4MOpVVblzF+pBFJ3l8jdPOHDih+FFMBj7pm2SAmm2cmUGzmj4Au/Y5MlvDQV8983JT2eCn47D8ey+UCja6KUg8wJJjtBqjTcCrfov1riIjlyOM7huow3dQMVaNPyt9aXiCQ+m3lWNd7BUarqai/8GwQmXkUsfndvu3Q5IFX7remubH1BK9aCJX8t2kyuL4ElXCld01peMRJRG748Xa9+wIDAQABo1AwTjAdBgNVHQ4EFgQUWNFnSS6jOruv4TK1Hxjs09ULtEwwHwYDVR0jBBgwFoAUWNFnSS6jOruv4TK1Hxjs09ULtEwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAC0BOT/hkt4qbTTyfcC9zAiUNI1xyvTi/l47JdJKbpjEeLlzNGT6utkKae3nKQqH1yltNM4I/SAmjPoXWIs0OFTHDEXHIj35Kx0DeTTpWwbM1MGAV63s4KJjGp7x9k0kRH39huNvFb1TvBITH3eRen9qBuSZCqbDjJeqwB4jX3F8TKc6yRDXGQdCEzKsuunsLBlnfLWVMqI6DYv5wC+VvnKM53v0XxovruavC+wj4vWXBhkRAEyLIaFwvhmmSgLeNum7glEg3zpnbqJ8Iig6nwpWA+WCVObEdhx51vYEK9eLCfmWGYFngzln89tw1bnuwVUlPh781yzOPiDketssjzg==-----END CERTIFICATE-----subject=/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]issuer=/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]---No client certificate CA names sentPeer signing digest: SHA512Server Temp Key: ECDH, P-256, 256 bits---SSL handshake has read 1620 bytes and written 431 bytes---New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384Server public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONENo ALPN negotiatedSSL-Session:Protocol : TLSv1.2Cipher : ECDHE-RSA-AES256-GCM-SHA384Session-ID: 672B814EC50284C0E1B16695F8EF916A60C401202FC5A07D9CCF65ACD345907FSession-ID-ctx:Master-Key: D53E09634329068C8274A4CCB95D6419742B703861BDE2088D450CA17B3B5FBE0EF78827E763E1AE10B448DAA86C0B92Key-Arg : NonePSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 300 (seconds)TLS session ticket:0000 - 6e 24 dc ee 37 da dd 26-96 bc 0b be 67 11 ad 00 n$..7..&....g...0010 - 93 b6 7e 27 fd 0f 29 41-86 81 4a 4d 0c e8 c4 7a ..~'..)A..JM...z0020 - 77 bb be d1 8b e1 fd b5-5d 57 c0 2f a4 cd 17 68 w.......]W./...h0030 - ce ba 7b 51 f7 f0 63 39-29 3b b6 3d ae 95 b9 9d ..{Q..c9);.=....0040 - 76 b7 f1 a7 fc 57 9c ce-32 a0 90 b5 a3 f5 ed 21 v....W..2......!0050 - 29 6d 3b 82 57 b5 8e aa-30 04 d2 3e 70 4e 66 21 )m;.W...0..>pNf!0060 - f0 ec cf d6 c6 6b 0f 22-d1 c9 9b c2 48 63 fb af .....k."....Hc..0070 - 4b dd 32 c5 14 cb ef 84-8a 2a 9d a3 ef ea de c8 K.2......*......0080 - c6 8c 43 2e de 9a a2 7b-77 12 14 e9 30 62 5b da ..C....{w...0b[.0090 - 01 3e f5 ce 1c b0 f6 e9-78 fc ac 41 a4 90 13 0f .>......x..A....Start Time: 1527510164Timeout : 300 (sec)Verify return code: 18 (self signed certificate)---* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
doveadm is the Dovecot administration tool. It can be used to manage various parts of Dovecot, as well as access users' mailboxes.Execute doveadm help, for a command usage listing.
[email protected]:/etc/dovecot/conf.d# doveadm helpusage: doveadm [-Dv] [-f <formatter>] <command> [<args>]altmove [-u <user>|-A] [-S <socket_path>] [-r] <search query>auth cache|login|lookup|testbackup [-u <user>|-A] [-S <socket_path>] [-fPRU] [-l <secs>] [-r <rawlog path>] [-m <mailbox>] [-g <mailbox_guid>] [-n <namespace> | -N] [-x <exclude>] [-s <state>] -d|<dest>batch [-u <user>|-A] [-S <socket_path>] <sep> <cmd1> [<sep> <cmd2> [..]]config [doveconf parameters]copy [-u <user>|-A] [-S <socket_path>] <destination> [user <source user>] <search query>deduplicate [-u <user>|-A] [-S <socket_path>] [-m] <search query>dict get|inc|iter|set|unsetdirector add|down|dump|flush|kick|map|move|remove|ring|status|up|updatedump [-t <type>] <path>exec <binary> [binary parameters]expunge [-u <user>|-A] [-S <socket_path>] [-m] <search query>fetch [-u <user>|-A] [-S <socket_path>] <fields> <search query>flags add|remove|replaceforce-resync [-u <user>|-A] [-S <socket_path>] <mailbox mask>fs copy|delete|get|iter|iter-dirs|metadata|put|stathelp <cmd>import [-u <user>|-A] [-S <socket_path>] [-s] <source mail location> <dest parent mailbox> <search query>index [-u <user>|-A] [-S <socket_path>] [-q] [-n <max recent>] <mailbox mask>instance list|removekick [-a <anvil socket path>] <user mask>[|]<ip/bits>log errors|find|reopen|testmailbox create|delete|list|metadata|mutf7|rename|status|subscribe|unsubscribemount add|list|removemove [-u <user>|-A] [-S <socket_path>] <destination> [user <source user>] <search query>penalty [-a <anvil socket path>] [<ip/bits>]proxy kick|listpurge [-u <user>|-A] [-S <socket_path>]pw [-l] [-p plaintext] [-r rounds] [-s scheme] [-t hash] [-u user] [-V]reloadreplicator add|dsync-status|remove|replicate|statussave [-u <user>|-A] [-S <socket_path>] [-m mailbox]search [-u <user>|-A] [-S <socket_path>] <search query>sis deduplicate|findstats dump|reset|topstopsync [-u <user>|-A] [-S <socket_path>] [-1fPRU] [-l <secs>] [-r <rawlog path>] [-m <mailbox>] [-g <mailbox_guid>] [-n <namespace> | -N] [-x <exclude>] [-s <state>] -d|<dest>user [-a <userdb socket path>] [-x <auth info>] [-f field] [-u] <user mask> [...]who [-a <anvil socket path>] [-1] [<user mask>] [<ip/bits>]zlibconnect <host> [<port>]
try man doveadm
too !
that's all!