211.3. Managing Remote E-Mail Delivery Weight: 2

211.3 Managing Remote E-Mail Delivery
Weight: 2
Description: Candidates should be able to install and configure POP and IMAP daemons.
Key Knowledge Areas:
Dovecot IMAP and POP3 configuration and administration
Basic TLS configuration for Dovecot
Awareness of Courier
Terms and Utilities:
/etc/dovecot/
dovecot.conf
doveconf
doveadm
POP3 and IMAP are two famous protocols which are used to let us check our mail box remotly. There some deamons which seat beside Mail servers(MTAs) and provide these two protocols such as:
Courier
Dovecot
POP3 vs IMAP
POP3 (Post Office Protocol)
IMAP(Internet Message Access Protocol)
Downloads e-mails(could be configured to leave a copy on server)
e-mails stay on the server
Mails are stored on the clients
Clients read e-mail remotely
The main advantage of IMAP over POP3 is the ability to keep the original e-mail stored on the mail server and the ability to access the same account from multiple locations. Unlike POP3 where e-mail is downloaded to the computer or device checking for mail and completely removed from the mail server, IMAP simply downloads a copy of the e-mail. This is much more convenient as the e-mail account can be set up on multiple computers and devices using IMAP and the original e-mail will always remain on the mail server.
Another advantage of IMAP over POP3 is that , In cases where a mobile phone or personal computer was configured to be the primary means of checking e-mail and malfunctions, is lost, stolen, or totally inoperable, the e-mails will not be lost.
Although POP3 client can be configured to leave a copy of e-mail on server but, if one were to set up an e-mail account on a mobile phone as POP3, the phone would download all e-mails, removing them from the server. If one were to then check the webmail or home computer for the same e-mail account, there would be no mails viewable as they have already been download by the mobile phone.
On the other hand, with IMAP as all e-mailes are kept on the server, if server crashs no one from client would have a local copy of e-mails even and administrator should have a storng backup plan for that. Keeping all e-mails on the sever has another disadvantage and it might cause mail server ran out of space!
Courier
Courier is one of the oldest MTAs in the open source world and consequently it includes a sutie of softwares. As a server Courier provides ESMTP, IMAP, POP3, SMAP, webmail, and mailing list services with individual components.
Parts of Courier, such as the maildrop filtering system, the webmail and IMAP server, can also be installed as independent packages which can be used with other mail servers. It is best known for its IMAP server component.
Courier-IMAP is a particularly popular combination with Qmail, Exim, and Postfix servers that are configured to use maildirs.
Here we use Ubuntu to have a quick look at courier, (Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ) :
1
[email protected]:~# apt-cache search courier | grep courier
2
courier-authdaemon - Courier authentication daemon
3
courier-authlib - Courier authentication library
4
courier-authlib-dev - Development libraries for the Courier authentication library
5
courier-authlib-ldap - LDAP support for the Courier authentication library
6
courier-authlib-mysql - MySQL support for the Courier authentication library
7
courier-authlib-pipe - External authentication support for the Courier authentication library
8
courier-authlib-postgresql - PostgreSQL support for the Courier authentication library
9
courier-authlib-sqlite - LDAP support for the Courier authentication library
10
courier-authlib-userdb - userdb support for the Courier authentication library
11
courier-base - Courier mail server - base system
12
courier-doc - Courier mail server - additional documentation
13
courier-faxmail - Courier mail server - Fax<->mail gateway
14
courier-filter-perl - purely Perl-based mail filter framework for the Courier MTA
15
courier-imap - Courier mail server - IMAP server
16
courier-imap-ssl - Courier mail server - IMAP over SSL
17
courier-ldap - Courier mail server - LDAP support
18
courier-maildrop - Courier mail server - mail delivery agent
19
courier-mlm - Courier mail server - mailing list manager
20
courier-mta - Courier mail server - ESMTP daemon
21
courier-mta-ssl - Courier mail server - ESMTP over SSL
22
courier-pcp - Courier mail server - PCP server
23
courier-pop - Courier mail server - POP3 server
24
courier-pop-ssl - Courier mail server - POP3 over SSL
25
courier-ssl - Courier mail server - SSL/TLS Support
26
courier-webadmin - Courier mail server - web-based administration frontend
27
couriergraph - Mail statistics RRDtool frontend for Courier-{POP,IMAP}
28
couriergrey - Mail filter interface of Courier-MTA to support greylisting
29
libcourier-unicode-dev - Courier Unicode library (development files and headers)
30
libcourier-unicode1 - Courier Unicode library (shared runtime library)
31
mysqmail-courier-logger - real-time logging system in MySQL - Courier traffic-logger
32
​
33
[email protected]:~# apt-get install courier-imap courier-pop
Copied!
during installtion if it ask for configuring web-based Administration say "no" and lets make our hands dirty with the command line:
1
 ┌───────────────────────┤Configuring courier-base ├────────────────────────┐
2
 │                                                                           │ 
3
 │ Courier uses several configuration files in /etc/courier. Some of these   │ 
4
 │ files can be replaced by a subdirectory whose contents are concatenated   │ 
5
 │ and treated as a single, consolidated, configuration file.                │ 
6
 │                                                                           │ 
7
 │ The web-based administration provided by the courier-webadmin package     │ 
8
 │ relies on configuration directories instead of configuration files. If    │ 
9
 │ you agree, any directories needed for the web-based administration tool   │ 
10
 │ will be created unless there is already a plain file in place.            │ 
11
 │                                                                           │ 
12
 │ Create directories for web-based administration?                          │ 
13
 │                                                                           │ 
14
 │                    <Yes>                      <<<No>>>
Copied!
it makse two configuration files:
1
[email protected]:~# cd /etc/courier/
2
[email protected]:/etc/courier# ls -l
3
total 28
4
-rw-rw---- 1 daemon daemon  3678 Apr  5  2016 authdaemonrc
5
-rw-r--r-- 1 root   root   14386 Apr  5  2016 imapd
6
-rw-r--r-- 1 root   root    3739 Apr  5  2016 pop3d
7
drwxr-xr-x 2 daemon daemon  4096 May 27 04:23 shared
Copied!
Lets take a look at imapd configuration file:
1
  [email protected]:/etc/courier# cat imapd 
2
##VERSION: $Id: imapd.dist.in 159 2011-11-14 02:07:00Z mrsam $
3
#
4
# imapd created from imapd.dist by sysconftool
5
#
6
# Do not alter lines that begin with ##, they are used when upgrading
7
# this configuration.
8
#
9
#  Copyright 1998 - 2008 Double Precision, Inc.  See COPYING for
10
#  distribution information.
11
#
12
#  This configuration file sets various options for the Courier-IMAP server
13
#  when used with the couriertcpd server.
14
#  A lot of the stuff here is documented in the manual page for couriertcpd.
15
#
16
#  NOTE - do not use \ to split long variable contents on multiple lines.
17
#  This will break the default imapd.rc script, which parses this file.
18
#
19
##NAME: ADDRESS:0
20
#
21
#  Address to listen on, can be set to a single IP address.
22
#
23
# ADDRESS=127.0.0.1
24
​
25
ADDRESS=0
26
​
27
##NAME: PORT:1
28
#
29
#  Port numbers that connections are accepted on.  The default is 143,
30
#  the standard IMAP port.
31
#
32
#  Multiple port numbers can be separated by commas.  When multiple port
33
#  numbers are used it is possible to select a specific IP address for a
34
#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
35
#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
36
#  The previous ADDRESS setting is a default for ports that do not have
37
#  a specified IP address.
38
​
39
PORT=143
40
​
41
##NAME: AUTHSERVICE:0
42
#
43
#  It's possible to authenticate using a different 'service' parameter
44
#  depending on the connection's port.  This only works with authentication
45
#  modules that use the 'service' parameter, such as PAM.  Example:
46
#
47
#  AUTHSERVICE143=imap
48
#  AUTHSERVICE993=imaps
49
​
50
##NAME: MAXDAEMONS:0
51
#
52
#  Maximum number of IMAP servers started
53
#
54
​
55
MAXDAEMONS=40
56
​
57
##NAME: MAXPERIP:0
58
#
59
#  Maximum number of connections to accept from the same IP address
60
​
61
MAXPERIP=20
62
​
63
##NAME: PIDFILE:0
64
#
65
#  File where couriertcpd will save its process ID
66
#
67
​
68
PIDFILE=/var/run/courier/imapd.pid
69
​
70
##NAME: TCPDOPTS:0
71
#
72
# Miscellaneous couriertcpd options that shouldn't be changed.
73
#
74
​
75
TCPDOPTS="-nodnslookup -noidentlookup"
76
​
77
##NAME: LOGGEROPTS:0
78
#
79
# courierlogger(1) options.                                        
80
#
81
​
82
LOGGEROPTS="-name=imapd"
83
​
84
##NAME: DEFDOMAIN:0
85
#
86
# Optional default domain. If the username does not contain the         
87
# first character of DEFDOMAIN, then it is appended to the username.
88
# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended
89
# only if the username does not contain any character from DOMAINSEP.
90
# You can set different default domains based on the the interface IP
91
# address using the -access and -accesslocal options of couriertcpd(1).
92
​
93
#DEFDOMAIN="@example.com"
94
​
95
##NAME: IMAP_CAPABILITY:1
96
#
97
# IMAP_CAPABILITY specifies what most of the response should be to the
98
# CAPABILITY command.
99
#
100
# If you have properly configured Courier to use CRAM-MD5, CRAM-SHA1, or
101
# CRAM-SHA256 authentication (see INSTALL), set IMAP_CAPABILITY as follows:
102
#
103
# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
104
#
105
​
106
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
107
​
108
##NAME: KEYWORDS_CAPABILITY:0
109
#
110
# IMAP_KEYWORDS=1 enables custom IMAP keywords.  Set this option to 0 to
111
# disable custom keywords.
112
#
113
# IMAP_KEYWORDS=2 also enables custom IMAP keywords, but uses a slower
114
# algorithm. Use this setting if keyword-related problems occur when
115
# multiple IMAP clients are updating keywords on the same message.
116
​
117
IMAP_KEYWORDS=1
118
​
119
##NAME: ACL_CAPABILITY:0
120
#
121
# IMAP_ACL=1 enables IMAP ACL extension. Set this option to 0 to
122
# disable ACL capabilities announce.
123
​
124
IMAP_ACL=1
125
​
126
##NAME: SMAP1_CAPABILITY:0
127
#
128
# EXPERIMENTAL
129
#
130
# To enable the experimental "Simple Mail Access Protocol" extensions,
131
# uncomment the following setting.
132
#
133
# SMAP_CAPABILITY=SMAP1
134
​
135
##NAME: IMAP_CAPABILITY_ORIG:2
136
#
137
# For use by webadmin
138
​
139
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
140
​
141
##NAME: IMAP_PROXY:0
142
#
143
# Enable proxying.  See README.proxy
144
​
145
IMAP_PROXY=0
146
​
147
##NAME: PROXY_HOSTNAME:0
148
#
149
# Override value from gethostname() when checking if a proxy connection is
150
# required.
151
#
152
# PROXY_HOSTNAME=
153
​
154
##NAME: IMAP_PROXY_FOREIGN:0
155
#
156
# Proxying to non-Courier servers.  Re-sends the CAPABILITY command after
157
# logging in to the remote server.  May not work with all IMAP clients.
158
​
159
IMAP_PROXY_FOREIGN=0
160
​
161
##NAME: IMAP_IDLE_TIMEOUT:0
162
#
163
# This setting controls how often
164
# the server polls for changes to the folder, in IDLE mode (in seconds).
165
​
166
IMAP_IDLE_TIMEOUT=60
167
​
168
##NAME: IMAP_MAILBOX_SANITY_CHECK:0
169
#
170
# Sanity check -- make sure home directory and maildir's ownership matches
171
# the IMAP server's effective uid and gid
172
​
173
IMAP_MAILBOX_SANITY_CHECK=1
174
​
175
##NAME: IMAP_CAPABILITY_TLS:0
176
#
177
# The following setting will advertise SASL PLAIN authentication after
178
# STARTTLS is established.  If you want to allow SASL PLAIN authentication
179
# with or without TLS then just comment this out, and add AUTH=PLAIN to
180
# IMAP_CAPABILITY
181
​
182
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
183
​
184
##NAME: IMAP_TLS_ORIG:0
185
#
186
# For use by webadmin
187
​
188
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
189
​
190
##NAME: IMAP_DISABLETHREADSORT:0
191
#
192
# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
193
# server side sorting and threading.
194
#
195
# Those capabilities will still be advertised, but the server will reject
196
# them.  Set this option if you want to disable all the extra load from
197
# server-side threading and sorting.  Not advertising those capabilities
198
# will simply result in the clients reading the entire folder, and sorting
199
# it on the client side.  That will still put some load on the server.
200
# advertising these capabilities, but rejecting the commands, will stop this
201
# silliness.
202
#
203
​
204
IMAP_DISABLETHREADSORT=0
205
​
206
##NAME: IMAP_CHECK_ALL_FOLDERS:0
207
#
208
# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
209
# mail in every folder.  Not all IMAP clients use the IMAP's new mail
210
# indicator, but some do.  Normally new mail is checked only in INBOX,
211
# because it is a comparatively time consuming operation, and it would be
212
# a complete waste of time unless mail filters are used to deliver
213
# mail directly to folders.
214
#
215
# When IMAP clients are used which support new mail indication, and when
216
# mail filters are used to sort incoming mail into folders, setting
217
# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
218
# mail in folders.  Note that this will result in slightly more load on the
219
# server.
220
#
221
​
222
IMAP_CHECK_ALL_FOLDERS=0
223
​
224
##NAME: IMAP_OBSOLETE_CLIENT:0
225
#
226
# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
227
# what \\HasNoChildren really means.
228
​
229
IMAP_OBSOLETE_CLIENT=0
230
​
231
##NAME: IMAP_UMASK:0
232
#
233
# IMAP_UMASK sets the umask of the server process.  The value of IMAP_UMASK is
234
# simply passed to the "umask" command.  The default value is 022.
235
#
236
# This feature is mostly useful for shared folders, where the file permissions
237
# of the messages may be important.
238
​
239
IMAP_UMASK=022
240
​
241
##NAME: IMAP_ULIMITD:0
242
#
243
# IMAP_ULIMITD sets the maximum size of the data segment of the server
244
# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
245
# command (or ulimit -v).  The argument to ulimi sets the upper limit on the
246
# size of the data segment of the server process, in kilobytes.  The default
247
# value of 65536 sets a very generous limit of 64 megabytes, which should
248
# be more than plenty for anyone.
249
#
250
# This feature is used as an additional safety check that should stop
251
# any potential denial-of-service attacks that exploit any kind of
252
# a memory leak to exhaust all the available memory on the server.
253
# It is theoretically possible that obscenely huge folders will also
254
# result in the server running out of memory when doing server-side
255
# sorting (by my calculations you have to have at least 100,000 messages
256
# in a single folder, for that to happen).
257
​
258
IMAP_ULIMITD=131072
259
​
260
##NAME: IMAP_USELOCKS:0
261
#
262
# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent
263
# multiple access to the same folder.  This incurs slight additional
264
# overhead.  Concurrent multiple access will still work without this setting,
265
# however occasionally a minor race condition may result in an IMAP client
266
# downloading the same message twice, or a keyword update will fail.
267
#
268
# IMAP_USELOCKS=1 is strongly recommended when shared folders are used.
269
​
270
IMAP_USELOCKS=1
271
​
272
##NAME: IMAP_SHAREDINDEXFILE:0
273
#
274
# The index of all accessible folders.  Do not change this setting unless
275
# you know what you're doing.  See README.sharedfolders for additional
276
# information.
277
​
278
IMAP_SHAREDINDEXFILE=/etc/courier/shared/index
279
​
280
##NAME: IMAP_ENHANCEDIDLE:0
281
#
282
# If Courier was compiled with the File Alteration Monitor, setting
283
# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple
284
# clients may open the same folder concurrently, and receive updates to
285
# folder contents in realtime.  See the imapd(8) man page for additional
286
# information.
287
#
288
# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included
289
# in the IMAP_CAPABILITY list.
290
#
291
​
292
IMAP_ENHANCEDIDLE=0
293
​
294
##NAME: IMAP_TRASHFOLDERNAME:0
295
#
296
# The name of the magic trash Folder.  For MSOE compatibility,
297
# you can set IMAP_TRASHFOLDERNAME="Deleted Items".
298
#
299
# IMPORTANT:  If you change this, you must also change IMAP_EMPTYTRASH
300
​
301
IMAP_TRASHFOLDERNAME=Trash
302
​
303
##NAME: IMAP_EMPTYTRASH:0
304
#
305
# The following setting is optional, and causes messages from the given
306
# folder to be automatically deleted after the given number of days.
307
# IMAP_EMPTYTRASH is a comma-separated list of folder:days.  The default
308
# setting, below, purges 7 day old messages from the Trash folder.
309
# Another useful setting would be:
310
#
311
# IMAP_EMPTYTRASH=Trash:7,Sent:30
312
#
313
# This would also delete messages from the Sent folder (presumably copies
314
# of sent mail) after 30 days.  This is a global setting that is applied to
315
# every mail account, and is probably useful in a controlled, corporate
316
# environment.
317
#
318
# Important: the purging is controlled by CTIME, not MTIME (the file time
319
# as shown by ls).  It is perfectly ordinary to see stuff in Trash that's
320
# a year old.  That's the file modification time, MTIME, that's displayed.
321
# This is generally when the message was originally delivered to this
322
# mailbox.  Purging is controlled by a different timestamp, CTIME, which is
323
# changed when the file is moved to the Trash folder (and at other times too).
324
#
325
# You might want to disable this setting in certain situations - it results
326
# in a stat() of every file in each folder, at login and logout.
327
#
328
​
329
IMAP_EMPTYTRASH=Trash:7
330
​
331
##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0
332
#
333
# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This
334
# effectively allows an undo of message deletion by fishing the deleted
335
# mail from trash.  Trash can be manually expunged as usually, and mail
336
# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
337
#
338
# NOTE: shared folders are still expunged as usual.  Shared folders are
339
# not affected.
340
#
341
​
342
IMAP_MOVE_EXPUNGE_TO_TRASH=0
343
​
344
##NAME: IMAP_LOG_DELETIONS:0
345
#
346
#
347
# Set IMAP_LOG_DELETIONS to log all message deletions to syslog.
348
#
349
# IMAP_LOG_DELETIONS=1
350
​
351
##NAME: IMAPDEBUGFILE:0
352
#
353
# IMAPDEBUGFILE="imaplog.dat"
354
#
355
# Generate diagnostic logging of IMAP commands.
356
#
357
# Set this globally, restart the server. Touch this file in an account's
358
# maildir directory, and Courier-IMAP will append all IMAP commands received
359
# for new sessions for this account. NOTE: existing IMAP sessions are not
360
# affected, only new IMAP logins.
361
​
362
​
363
##NAME: OUTBOX:0
364
#
365
# The next set of options deal with the "Outbox" enhancement.
366
# Uncomment the following setting to create a special folder, named
367
# INBOX.Outbox
368
#
369
# OUTBOX=.Outbox
370
​
371
##NAME: SENDMAIL:0
372
#
373
# If OUTBOX is defined, mail can be sent via the IMAP connection by copying
374
# a message to the INBOX.Outbox folder.  For all practical matters,
375
# INBOX.Outbox looks and behaves just like any other IMAP folder.  If this
376
# folder doesn't exist it must be created by the IMAP mail client, just
377
# like any other IMAP folder.  The kicker: any message copied or moved to
378
# this folder is will be E-mailed by the Courier-IMAP server, by running
379
# the SENDMAIL program.  Therefore, messages copied or moved to this
380
# folder must be well-formed RFC-2822 messages, with the recipient list
381
# specified in the To:, Cc:, and Bcc: headers.  Courier-IMAP relies on
382
# SENDMAIL to read the recipient list from these headers (and delete the Bcc:
383
# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the
384
# message piped on standard input.  $SENDER will be the return address
385
# of the message, which is set by the authentication module.
386
#
387
# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.
388
#
389
​
390
SENDMAIL=/usr/sbin/sendmail
391
​
392
##NAME: HEADERFROM:0
393
#
394
# For administrative and oversight purposes, the return address, $SENDER
395
# will also be saved in the X-IMAP-Sender mail header.  This header gets
396
# added to the sent E-mail (but it doesn't get saved in the copy of the
397
# message that's saved in the folder)
398
#
399
# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive
400
# the magic OUTBOX treatment.  Therefore advance LARTing is in order for
401
# _all_ of your lusers, until every one of them is aware of this.  Otherwise if
402
# OUTBOX is left at its default setting - a folder name that might be used
403
# accidentally - some people may be in for a rude surprise.  You can redefine
404
# the name of the magic folder by changing OUTBOX, above.  You should do that
405
# and pick a less-obvious name.  Perhaps brand it with your organizational
406
# name ( OUTBOX=.WidgetsAndSonsOutbox )
407
​
408
HEADERFROM=X-IMAP-Sender
409
​
410
##NAME: OUTBOX_MULTIPLE_SEND:0
411
#
412
# Remove the following comment to allow a COPY of more than one message to
413
# the Outbox, at a time.
414
#
415
# OUTBOX_MULTIPLE_SEND=1
416
​
417
##NAME: IMAPDSTART:0
418
#
419
# IMAPDSTART is not used directly.  Rather, this is a convenient flag to
420
# be read by your system startup script in /etc/rc.d, like this:
421
#
422
#  . /etc/courier/imapd
423
#
424
#  case x$IMAPDSTART in
425
#  x[yY]*)
426
#        /usr/lib/courier/imapd.rc start
427
#        ;;
428
#  esac
429
#
430
# The default setting is going to be NO, so you'll have to manually flip
431
# it to yes.
432
​
433
IMAPDSTART=YES
434
​
435
##NAME: MAILDIRPATH:0
436
#
437
# MAILDIRPATH - directory name of the maildir directory.
438
#
439
MAILDIRPATH=Maildir
Copied!
ADDRESS=0 says that our server will listed on all configured IP Addresses. PORT=143 defines the IMAP standard port number. The Only place that we need to configure for basic setup is MAILDIRPATCH .
MAILDIRPATH=mail/inbox
define the same setting in pop3d file for POP3 protocol.
1
[email protected]:/etc/courier# cat pop3d | grep -v "^#"
2
​
3
PIDFILE=/var/run/courier/pop3d.pid
4
​
5
​
6
MAXDAEMONS=40
7
​
8
​
9
MAXPERIP=4
10
​
11
​
12
POP3AUTH=""
13
​
14
​
15
POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
16
​
17
​
18
POP3AUTH_TLS=""
19
​
20
​
21
POP3AUTH_TLS_ORIG="LOGIN PLAIN"
22
​
23
​
24
POP3_PROXY=0
25
​
26
​
27
PORT=110
28
​
29
​
30
ADDRESS=0
31
​
32
​
33
​
34
TCPDOPTS="-nodnslookup -noidentlookup"
35
​
36
​
37
LOGGEROPTS="-name=pop3d"
38
​
39
​
40
​
41
​
42
POP3DSTART=YES
43
​
44
​
45
​
46
MAILDIRPATH=mail/inbox
Copied!
and do not forget to restart teh services:
1
[email protected]:/etc/courier# systemctl restart courier-imap.service 
2
[email protected]:/etc/courier# systemctl restart courier-pop.service
Copied!
time to check the result with an e-mail client, we used Mozilla thunder bird here:
check it with both imap and pop3 and make sure it is working.
Dovecot 
​
Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind.Timo Sirainen originated Dovecot and first released it in July 2002. Dovecot developers primarily aim to produce a lightweight, fast and easy-to-set-up open-source mailserver.
Primary purpose of dovecot is to act as mail storage server. Mail is delivered to the server using some MDA and stored for later access with MUA. Dovecot can also act as mail proxy server, forwarding connection to another mail server, or act as a lightweight MUA in order to retrieve and manipulate mail on remote server for e.g. mail migration.
According to Openemailsurvey Dovecot has an installed base of more than 3 million email servers and a global market share of 68% of all IMAP servers. While Dovecot software can be used commercially without any license fees, a commercial version is also available as Dovecot Pro. The commercial version is provided by Dovecot Oy along with support and enterprise add-ons such as the object storage and full-text search plugins. Since March 2015, Dovecot Oy has been part of the Open-Xchange Family.
good news about dovecot is that it supports both mail store formats, mbox and maildir.
1
[email protected]:~# apt-cache search dovecot | grep dovecot
2
dovecot-core - secure POP3/IMAP server - core files
3
dovecot-dbg - secure POP3/IMAP server - debug symbols
4
dovecot-dev - secure POP3/IMAP server - header files
5
dovecot-imapd - secure POP3/IMAP server - IMAP daemon
6
dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
7
dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
8
dovecot-sieve - secure POP3/IMAP server - Sieve filters support
9
argonaut-dovecot - Argonaut (client-module for dovecot)
10
dovecot-antispam - Dovecot plugins for training spam filters
11
dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
12
dovecot-ldap - secure POP3/IMAP server - LDAP support
13
dovecot-lmtpd - secure POP3/IMAP server - LMTP server
14
dovecot-lucene - secure POP3/IMAP server - Lucene support
15
dovecot-metadata-plugin - Experimental IMAP METADATA Extension for Dovecot
16
dovecot-mysql - secure POP3/IMAP server - MySQL support
17
dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
18
dovecot-solr - secure POP3/IMAP server - Solr support
19
dovecot-sqlite - secure POP3/IMAP server - SQLite support
20
fusiondirectory-plugin-dovecot - dovecot plugin for FusionDirectory
21
fusiondirectory-plugin-dovecot-schema - LDAP schema for FusionDirectory dovecot plugin
22
mysqmail-dovecot-logger - real-time logging system in MySQL - Dovecot traffic-logger
Copied!
dovecot has a long list of packages but here we just focus on packages for e-mail access.( Do not forget to remove any other e-mail access software before devecot installation inorder to avoid confilicts apt-get purge courier* ).
1
[email protected]:~# apt-get install dovecot-imapd dovecot-pop3d
Copied!
for providing secure imap and pop3 dovecot generates its own self-signed certificate during installation proccess.
/etc/dovecot/
The configuration of Dovecot can be found in /etc/dovecot.conf
1
[email protected]:~# cd /etc/dovecot/
2
[email protected]:/etc/dovecot# ls -l
3
total 36
4
drwxr-xr-x 2 root root    4096 May 28 00:00 conf.d
5
-rw-r--r-- 1 root root    4401 Feb 27 11:17 dovecot.conf
6
-rw-r----- 1 root dovecot 1507 Mar 16  2016 dovecot-dict-auth.conf.ext
7
-rw-r----- 1 root dovecot  852 Mar 16  2016 dovecot-dict-sql.conf.ext
8
-rw-r----- 1 root dovecot 5612 Mar 16  2016 dovecot-sql.conf.ext
9
drwxr-xr-x 2 root root    4096 Feb 27 11:28 private
10
-rw-r--r-- 1 root root     121 Feb 27 11:29 README
11
​
12
[email protected]:/etc/dovecot# tree
13
.
14
├── conf.d
15
│   ├── 10-auth.conf
16
│   ├── 10-director.conf
17
│   ├── 10-logging.conf
18
│   ├── 10-mail.conf
19
│   ├── 10-master.conf
20
│   ├── 10-ssl.conf
21
│   ├── 10-tcpwrapper.conf
22
│   ├── 15-lda.conf
23
│   ├── 15-mailboxes.conf
24
│   ├── 20-imap.conf
25
│   ├── 20-pop3.conf
26
│   ├── 90-acl.conf
27
│   ├── 90-plugin.conf
28
│   ├── 90-quota.conf
29
│   ├── auth-checkpassword.conf.ext
30
│   ├── auth-deny.conf.ext
31
│   ├── auth-dict.conf.ext
32
│   ├── auth-master.conf.ext
33
│   ├── auth-passwdfile.conf.ext
34
│   ├── auth-sql.conf.ext
35
│   ├── auth-static.conf.ext
36
│   ├── auth-system.conf.ext
37
│   └── auth-vpopmail.conf.ext
38
├── dovecot.conf
39
├── dovecot-dict-auth.conf.ext
40
├── dovecot-dict-sql.conf.ext
41
├── dovecot-sql.conf.ext
42
├── private
43
└── README
44
​
45
2 directories, 28 files
Copied!
it is consist of the mail configuration file dovecot.conf and many other configuration files in conf.d directory which are included.
1
[email protected]:/etc/dovecot# grep include dovecot.conf 
2
!include_try /usr/share/dovecot/protocols.d/*.protocol
3
# Most of the actual configuration gets included below. The filenames are
4
!include conf.d/*.conf
5
# A config file can also tried to be included without giving an error if
6
!include_try local.conf
Copied!
please note that !include means "include" and the "!" doesn't make negative meaning. That how dovecot's include syntax is! and the main configureation file:
dovecot.conf
1
[email protected]:/etc/dovecot# cat dovecot.conf 
2
## Dovecot configuration file
3
​
4
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
5
​
6
# "doveconf -n" command gives a clean output of the changed settings. Use it
7
# instead of copy&pasting files when posting to the Dovecot mailing list.
8
​
9
# '#' character and everything after it is treated as comments. Extra spaces
10
# and tabs are ignored. If you want to use either of these explicitly, put the
11
# value inside quotes, eg.: key = "# char and trailing whitespace  "
12
​
13
# Most (but not all) settings can be overridden by different protocols and/or
14
# source/destination IPs by placing the settings inside sections, for example:
15
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
16
​
17
# Default values are shown for each setting, it's not required to uncomment
18
# those. These are exceptions to this though: No sections (e.g. namespace {})
19
# or plugin settings are added by default, they're listed only as examples.
20
# Paths are also just examples with the real defaults being based on configure
21
# options. The paths listed here are for configure --prefix=/usr
22
# --sysconfdir=/etc --localstatedir=/var
23
​
24
# Enable installed protocols
25
!include_try /usr/share/dovecot/protocols.d/*.protocol
26
​
27
# A comma separated list of IPs or hosts where to listen in for connections. 
28
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
29
# If you want to specify non-default ports or anything more complex,
30
# edit conf.d/master.conf.
31
#listen = *, ::
32
​
33
# Base directory where to store runtime data.
34
#base_dir = /var/run/dovecot/
35
​
36
# Name of this instance. In multi-instance setup doveadm and other commands
37
# can use -i <instance_name> to select which instance is used (an alternative
38
# to -c <config_path>). The instance name is also added to Dovecot processes
39
# in ps output.
40
#instance_name = dovecot
41
​
42
# Greeting message for clients.
43
#login_greeting = Dovecot ready.
44
​
45
# Space separated list of trusted network ranges. Connections from these
46
# IPs are allowed to override their IP addresses and ports (for logging and
47
# for authentication checks). disable_plaintext_auth is also ignored for
48
# these networks. Typically you'd specify your IMAP proxy servers here.
49
#login_trusted_networks =
50
​
51
# Space separated list of login access check sockets (e.g. tcpwrap)
52
#login_access_sockets = 
53
​
54
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
55
# proxying. This isn't necessary normally, but may be useful if the destination
56
# IP is e.g. a load balancer's IP.
57
#auth_proxy_self =
58
​
59
# Show more verbose process titles (in ps). Currently shows user name and
60
# IP address. Useful for seeing who are actually using the IMAP processes
61
# (eg. shared mailboxes or if same uid is used for multiple accounts).
62
#verbose_proctitle = no
63
​
64
# Should all processes be killed when Dovecot master process shuts down.
65
# Setting this to "no" means that Dovecot can be upgraded without
66
# forcing existing client connections to close (although that could also be
67
# a problem if the upgrade is e.g. because of a security fix).
68
#shutdown_clients = yes
69
​
70
# If non-zero, run mail commands via this many connections to doveadm server,
71
# instead of running them directly in the same process.
72
#doveadm_worker_count = 0
73
# UNIX socket or host:port used for connecting to doveadm server
74
#doveadm_socket_path = doveadm-server
75
​
76
# Space separated list of environment variables that are preserved on Dovecot
77
# startup and passed down to all of its child processes. You can also give
78
# key=value pairs to always set specific settings.
79
#import_environment = TZ
80
​
81
##
82
## Dictionary server settings
83
##
84
​
85
# Dictionary can be used to store key=value lists. This is used by several
86
# plugins. The dictionary can be accessed either directly or though a
87
# dictionary server. The following dict block maps dictionary names to URIs
88
# when the server is used. These can then be referenced using URIs in format
89
# "proxy::<name>".
90
​
91
dict {
92
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
93
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
94
}
95
​
96
# Most of the actual configuration gets included below. The filenames are
97
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
98
# in filenames are intended to make it easier to understand the ordering.
99
!include conf.d/*.conf
100
​
101
# A config file can also tried to be included without giving an error if
102
# it's not found:
103
!include_try local.conf
Copied!
for configuring dovecot we go through conf.d directory:
1
[email protected]:/etc/dovecot# cd conf.d/
2
[email protected]:/etc/dovecot/conf.d# ls
3
10-auth.conf        15-mailboxes.conf            auth-dict.conf.ext
4
10-director.conf    20-imap.conf                 auth-master.conf.ext
5
10-logging.conf     20-pop3.conf                 auth-passwdfile.conf.ext
6
10-mail.conf        90-acl.conf                  auth-sql.conf.ext
7
10-master.conf      90-plugin.conf               auth-static.conf.ext
8
10-ssl.conf         90-quota.conf                auth-system.conf.ext
9
10-tcpwrapper.conf  auth-checkpassword.conf.ext  auth-vpopmail.conf.ext
10
15-lda.conf         auth-deny.conf.ext
Copied!
We just need to define which directory mails are stored in 10-mail.conf file (For configuring dovecot inorder to allow special mail clients like outlook modify 20-pop3.conf or 20-imap.conf which are not part of LPIC exam) :
1
[email protected]:/etc/dovecot/conf.d# cat 10-mail.conf | grep mail_location
2
# path given in the mail_location setting.
3
#   mail_location = maildir:~/Maildir
4
#   mail_location = mbox:~/mail:INBOX=/var/mail/%u
5
#   mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
6
mail_location = mbox:~/mail:INBOX=/var/mail/%u
7
  # mail_location, which is also the default for it.
Copied!
set mail_location value to mail_location = maildir:~/mail/inbox .
dovecot does not have seperate services for imap and pop3, it has just one deamon and we need tor restart that inorder to our changes take effect:
1
[email protected]:/etc/dovecot/conf.d# systemctl restart dovecot.s
2
dovecot.service  dovecot.socket   
3
[email protected]:/etc/dovecot/conf.d# systemctl restart dovecot.service
Copied!
to make wheather dovecot is working properly:
1
[email protected]:/etc/dovecot/conf.d# lsof -i | grep dovecot
2
dovecot   9805     root   24u  IPv4  55915      0t0  TCP *:pop3 (LISTEN)
3
dovecot   9805     root   25u  IPv6  55916      0t0  TCP *:pop3 (LISTEN)
4
dovecot   9805     root   36u  IPv4  55951      0t0  TCP *:imap2 (LISTEN)
5
dovecot   9805     root   37u  IPv6  55952      0t0  TCP *:imap2 (LISTEN)
6
​
7
[email protected]:/etc/dovecot/conf.d# netstat -tulpen | grep 143
8
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      0          55951       9805/dovecot    
9
tcp6       0      0 :::143                  :::*                    LISTEN      0          55952       9805/dovecot    
10
udp6       0      0 :::60143                :::*                                111        17792       745/avahi-daemon: r
11
[email protected]:/etc/dovecot/conf.d# netstat -tulpen | grep 110
12
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      0          55915       9805/dovecot    
13
tcp6       0      0 :::110                  :::*                    LISTEN      0          55916       9805/dovecot
Copied!
okey this time we use tell to test what we have done :
1
[email protected]:~$ telnet localhost 110
2
Trying 127.0.0.1...
3
Connected to localhost.
4
Escape character is '^]'.
5
+OK Dovecot ready.
6
user user1
7
+OK
8
pass [email protected]?
9
+OK Logged in.
10
list
11
+OK 1 messages:
12
1 452
13
.
14
retr 1
15
+OK 452 octets
16
Return-Path: <[email protected]>
17
X-Original-To: [email protected]
18
Delivered-To: [email protected]
19
Received: by server1.localdomain (Postfix, from userid 1002)
20
    id F0D9BC0E16; Sun, 27 May 2018 04:08:02 -0700 (PDT)
21
Subject: test maildir
22
To: <[email protected]>
23
X-Mailer: mail (GNU Mailutils 2.99.99)
24
Message-Id: <[email protected]>
25
Date: Sun, 27 May 2018 04:08:02 -0700 (PDT)
26
From: [email protected]
27
​
28
Hi there test maildir!
29
..
30
.
31
quit
32
+OK Logging out.
33
Connection closed by foreign host.
Copied!
doveconf
doveconf reads and parses Dovecot's configuration files and converts them into a simpler format used by the rest of Dovecot. :
1
[email protected]:/etc/dovecot/conf.d# doveconf | less
Copied!
Most of them are defualt values but some of them are customized values. -n Show only settings with non-default values.
1
[email protected]:/etc/dovecot/conf.d# doveconf -n
2
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
3
# Pigeonhole version 0.4.13 (7b14904)
4
# OS: Linux 4.10.0-28-generic x86_64 Ubuntu 16.04.3 LTS 
5
mail_location = maildir:~/mail/inbox
6
namespace inbox {
7
  inbox = yes
8
  location = 
9
  mailbox Drafts {
10
    special_use = \Drafts
11
  }
12
  mailbox Junk {
13
    special_use = \Junk
14
  }
15
  mailbox Sent {
16
    special_use = \Sent
17
  }
18
  mailbox "Sent Messages" {
19
    special_use = \Sent
20
  }
21
  mailbox Trash {
22
    special_use = \Trash
23
  }
24
  prefix = 
25
}
26
passdb {
27
  driver = pam
28
}
29
protocols = " imap pop3"
30
ssl = no
31
userdb {
32
  driver = passwd
33
}
Copied!
Basic TLS Configuration for dovecot
Dovecot is now automatically configured to use SSL. It uses the package ssl-cert which provides a self signed certificate. Wecan edit the file /etc/dovecot/conf.d/10-ssl.conf .
1
[email protected]:/etc/dovecot/conf.d# cat 10-ssl.conf 
2
##
3
## SSL settings
4
##
5
​
6
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
7
ssl = no
8
​
9
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
10
# dropping root privileges, so keep the key file unreadable by anyone but
11
# root. Included doc/mkcert.sh can be used to easily generate self-signed
12
# certificate, just make sure to update the domains in dovecot-openssl.cnf
13
#ssl_cert = </etc/dovecot/dovecot.pem
14
#ssl_key = </etc/dovecot/private/dovecot.pem
15
​
16
# If key file is password protected, give the password here. Alternatively
17
# give it when starting dovecot with -p parameter. Since this file is often
18
# world-readable, you may want to place this setting instead to a different
19
# root owned 0600 file by using ssl_key_password = <path.
20
#ssl_key_password =
21
​
22
# PEM encoded trusted certificate authority. Set this only if you intend to use
23
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
24
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
25
#ssl_ca = 
26
​
27
# Require that CRL check succeeds for client certificates.
28
#ssl_require_crl = yes
29
​
30
# Directory and/or file for trusted SSL CA certificates. These are used only
31
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
32
# directory is usually /etc/ssl/certs in Debian-based systems and the file is
33
# /etc/pki/tls/cert.pem in RedHat-based systems.
34
#ssl_client_ca_dir =
35
#ssl_client_ca_file =
36
​
37
# Request client to send a certificate. If you also want to require it, set
38
# auth_ssl_require_client_cert=yes in auth section.
39
#ssl_verify_client_cert = no
40
​
41
# Which field from certificate to use for username. commonName and
42
# x500UniqueIdentifier are the usual choices. You'll also need to set
43
# auth_ssl_username_from_cert=yes.
44
#ssl_cert_username_field = commonName
45
​
46
# DH parameters length to use.
47
#ssl_dh_parameters_length = 1024
48
​
49
# SSL protocols to use
50
#ssl_protocols = !SSLv2
51
​
52
# SSL ciphers to use
53
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
54
​
55
# Prefer the server's order of ciphers over client's.
56
#ssl_prefer_server_ciphers = no
57
​
58
# SSL crypto device to use, for valid values run "openssl engine"
59
#ssl_crypto_device =
60
​
61
# SSL extra options. Currently supported options are:
62
#   no_compression - Disable compression.
63
#ssl_options =
Copied!
By default the certificate is created to /etc/ssl/certs/dovecot.pem and the private key file is created to /etc/ssl/private/dovecot.pem.We can edit following lines if we want to set up a custom certificate:
1
ssl_cert = </etc/dovecot/dovecot.pem
2
ssl_key = </etc/dovecot/private/dovecot.key
Copied!
We can get the SSL certificate from a Certificate Issuing Authority or we can create self signed SSL certificate. Once we create the certificate, we will have a key file and a certificate file that we want to make known in the config shown above.
1
[email protected]:/etc/dovecot/conf.d# openssl req -new -x509 -days 1000 -nodes -out "/etc/dovecot/dovecot.pem" -keyout "/etc/dovecot/private/dovecot.key"
2
Generating a 2048 bit RSA private key
3
.......+++
4
..........................................................................................................................................................+++
5
writing new private key to '/etc/dovecot/private/dovecot.key'
6
-----
7
You are about to be asked to enter information that will be incorporated
8
into your certificate request.
9
What you are about to enter is what is called a Distinguished Name or a DN.
10
There are quite a few fields but you can leave some blank
11
For some fields there will be a default value,
12
If you enter '.', the field will be left blank.
13
-----
14
Country Name (2 letter code) [AU]:us
15
State or Province Name (full name) [Some-State]:wc
16
Locality Name (eg, city) []:
17
Organization Name (eg, company) [Internet Widgits Pty Ltd]:mycompany    
18
Organizational Unit Name (eg, section) []:IT
19
Common Name (e.g. server FQDN or YOUR name) []:example.com
20
Email Address []:[email protected]
21
​
22
[email protected]:/etc/dovecot/conf.d# ls -l ../private/
23
total 8
24
-rw-r--r-- 1 root root 1704 May 28 05:06 dovecot.key
25
​
26
[email protected]:/etc/dovecot/conf.d# cd ..
27
[email protected]:/etc/dovecot# ls -l | grep pem
28
-rw-r--r-- 1 root root    1359 May 28 05:06 dovecot.pem
Copied!
Now lets edit 10-ssl.conf and restart dovecot daemon:
1
[email protected]:/etc/dovecot/conf.d# vim 10-ssl.conf 
2
[email protected]:/etc/dovecot/conf.d# systemctl restart dovecot.service 
3
[email protected]:/etc/dovecot/conf.d# lsof -i | grep dovecot
4
dovecot   12447     root   24u  IPv4  76973      0t0  TCP *:pop3 (LISTEN)
5
dovecot   12447     root   25u  IPv6  76974      0t0  TCP *:pop3 (LISTEN)
6
dovecot   12447     root   26u  IPv4  76975      0t0  TCP *:pop3s (LISTEN)
7
dovecot   12447     root   27u  IPv6  76976      0t0  TCP *:pop3s (LISTEN)
8
dovecot   12447     root   38u  IPv4  77011      0t0  TCP *:imap2 (LISTEN)
9
dovecot   12447     root   39u  IPv6  77012      0t0  TCP *:imap2 (LISTEN)
10
dovecot   12447     root   40u  IPv4  77013      0t0  TCP *:imaps (LISTEN)
11
dovecot   12447     root   41u  IPv6  77014      0t0  TCP *:imaps (LISTEN)
Copied!
now lets get connected our server over pop3s(995) and imaps(993) protocols using open ssl utility:
1
[email protected]:~$ openssl s_client -connect server1:995
2
CONNECTED(00000003)
3
depth=0 C = us, ST = wc, O = mycompany, OU = IT, CN = example.com, emailAddress = [email protected]
4
verify error:num=18:self signed certificate
5
verify return:1
6
depth=0 C = us, ST = wc, O = mycompany, OU = IT, CN = example.com, emailAddress = [email protected]
7
verify return:1
8
---
9
Certificate chain
10
 0 s:/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]
11
   i:/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]
12
---
13
Server certificate
14
-----BEGIN CERTIFICATE-----
15
MIIDvTCCAqWgAwIBAgIJAKrWQnuBHvkFMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNV
16
BAYTAnVzMQswCQYDVQQIDAJ3YzESMBAGA1UECgwJbXljb21wYW55MQswCQYDVQQL
17
DAJJVDEUMBIGA1UEAwwLZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE25vd2hl
18
cmVAZXhhbXBsZS5jb20wHhcNMTgwNTI4MTIwNjIzWhcNMjEwMjIxMTIwNjIzWjB1
19
MQswCQYDVQQGEwJ1czELMAkGA1UECAwCd2MxEjAQBgNVBAoMCW15Y29tcGFueTEL
20
MAkGA1UECwwCSVQxFDASBgNVBAMMC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkB
21
FhNub3doZXJlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
22
CgKCAQEAwhqQgpNxEU4iNkuhFJYYiMAK01asA5vlsNdQmuCDNs71mrjM+t2fhkmn
23
9ryHayFyPnMd10zGv4kSRdgkeLVoSCdeaRczTk87RAtsWfYuXDzWazqh1Tbv0749
24
zjKBMY0ki4MOpVVblzF+pBFJ3l8jdPOHDih+FFMBj7pm2SAmm2cmUGzmj4Au/Y5M
25
lvDQV8983JT2eCn47D8ey+UCja6KUg8wJJjtBqjTcCrfov1riIjlyOM7huow3dQM
26
VaNPyt9aXiCQ+m3lWNd7BUarqai/8GwQmXkUsfndvu3Q5IFX7remubH1BK9aCJX8
27
t2kyuL4ElXCld01peMRJRG748Xa9+wIDAQABo1AwTjAdBgNVHQ4EFgQUWNFnSS6j
28
Oruv4TK1Hxjs09ULtEwwHwYDVR0jBBgwFoAUWNFnSS6jOruv4TK1Hxjs09ULtEww
29
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAC0BOT/hkt4qbTTyfcC9z
30
AiUNI1xyvTi/l47JdJKbpjEeLlzNGT6utkKae3nKQqH1yltNM4I/SAmjPoXWIs0O
31
FTHDEXHIj35Kx0DeTTpWwbM1MGAV63s4KJjGp7x9k0kRH39huNvFb1TvBITH3eRe
32
n9qBuSZCqbDjJeqwB4jX3F8TKc6yRDXGQdCEzKsuunsLBlnfLWVMqI6DYv5wC+Vv
33
nKM53v0XxovruavC+wj4vWXBhkRAEyLIaFwvhmmSgLeNum7glEg3zpnbqJ8Iig6n
34
wpWA+WCVObEdhx51vYEK9eLCfmWGYFngzln89tw1bnuwVUlPh781yzOPiDketssj
35
zg==
36
-----END CERTIFICATE-----
37
subject=/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]
38
issuer=/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]
39
---
40
No client certificate CA names sent
41
Peer signing digest: SHA512
42
Server Temp Key: ECDH, P-256, 256 bits
43
---
44
SSL handshake has read 1620 bytes and written 431 bytes
45
---
46
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
47
Server public key is 2048 bit
48
Secure Renegotiation IS supported
49
Compression: NONE
50
Expansion: NONE
51
No ALPN negotiated
52
SSL-Session:
53
    Protocol  : TLSv1.2
54
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
55
    Session-ID: D0A06B58F454B0BBC44CBDB1CCFC42900C990B89990BFB9A5148EEEF0380AA66
56
    Session-ID-ctx: 
57
    Master-Key: 0BFBCB27898F18D36E1E7D305B817B4D2062124EC780EFCF569C0156CD4B4950D4B2C119CC143B4AA04E9FCCEBC9F25F
58
    Key-Arg   : None
59
    PSK identity: None
60
    PSK identity hint: None
61
    SRP username: None
62
    TLS session ticket lifetime hint: 300 (seconds)
63
    TLS session ticket:
64
    0000 - c1 4e 34 72 29 86 bd 08-ae 4a de 43 72 43 90 01   .N4r)....J.CrC..
65
    0010 - 25 5a fc 1e 0d 18 7b 80-ac fd 36 d5 d9 99 26 c6   %Z....{...6...&.
66
    0020 - 18 bc 3a 95 91 24 dc d3-1e 37 ba 24 72 5e 7a fc   ..:..$...7.$r^z.
67
    0030 - 77 e0 80 2d 7a 19 5c b9-9a f9 1d eb dd 09 40 fc   w..-z.\[email protected]
68
    0040 - 46 73 11 80 aa c5 e3 97-07 ac bd 5d 61 d5 02 af   Fs.........]a...
69
    0050 - 9a 05 c9 01 16 bf 40 28-dd 85 6e ef 14 6a 12 df   [email protected](..n..j..
70
    0060 - 7b 44 bd 2e 89 f9 f0 a6-2f b1 e1 8e 39 55 a3 af   {D....../...9U..
71
    0070 - 8c 5b 85 ed 78 aa e0 70-2a a8 02 bc a3 48 dd 92   .[..x..p*....H..
72
    0080 - c5 4b 4c 42 43 7b 6b 1a-24 02 a8 eb e1 17 76 60   .KLBC{k.$.....v`
73
    0090 - 49 27 bf 15 92 94 06 6c-6f 77 e7 95 a8 66 ed a6   I'.....low...f..
74
​
75
    Start Time: 1527510044
76
    Timeout   : 300 (sec)
77
    Verify return code: 18 (self signed certificate)
78
---
79
+OK Dovecot ready.
80
^C
81
[email protected]:~$ openssl s_client -connect server1:imaps
82
CONNECTED(00000003)
83
depth=0 C = us, ST = wc, O = mycompany, OU = IT, CN = example.com, emailAddress = [email protected]
84
verify error:num=18:self signed certificate
85
verify return:1
86
depth=0 C = us, ST = wc, O = mycompany, OU = IT, CN = example.com, emailAddress = [email protected]
87
verify return:1
88
---
89
Certificate chain
90
 0 s:/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]
91
   i:/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]
92
---
93
Server certificate
94
-----BEGIN CERTIFICATE-----
95
MIIDvTCCAqWgAwIBAgIJAKrWQnuBHvkFMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNV
96
BAYTAnVzMQswCQYDVQQIDAJ3YzESMBAGA1UECgwJbXljb21wYW55MQswCQYDVQQL
97
DAJJVDEUMBIGA1UEAwwLZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE25vd2hl
98
cmVAZXhhbXBsZS5jb20wHhcNMTgwNTI4MTIwNjIzWhcNMjEwMjIxMTIwNjIzWjB1
99
MQswCQYDVQQGEwJ1czELMAkGA1UECAwCd2MxEjAQBgNVBAoMCW15Y29tcGFueTEL
100
MAkGA1UECwwCSVQxFDASBgNVBAMMC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkB
101
FhNub3doZXJlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
102
CgKCAQEAwhqQgpNxEU4iNkuhFJYYiMAK01asA5vlsNdQmuCDNs71mrjM+t2fhkmn
103
9ryHayFyPnMd10zGv4kSRdgkeLVoSCdeaRczTk87RAtsWfYuXDzWazqh1Tbv0749
104
zjKBMY0ki4MOpVVblzF+pBFJ3l8jdPOHDih+FFMBj7pm2SAmm2cmUGzmj4Au/Y5M
105
lvDQV8983JT2eCn47D8ey+UCja6KUg8wJJjtBqjTcCrfov1riIjlyOM7huow3dQM
106
VaNPyt9aXiCQ+m3lWNd7BUarqai/8GwQmXkUsfndvu3Q5IFX7remubH1BK9aCJX8
107
t2kyuL4ElXCld01peMRJRG748Xa9+wIDAQABo1AwTjAdBgNVHQ4EFgQUWNFnSS6j
108
Oruv4TK1Hxjs09ULtEwwHwYDVR0jBBgwFoAUWNFnSS6jOruv4TK1Hxjs09ULtEww
109
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAC0BOT/hkt4qbTTyfcC9z
110
AiUNI1xyvTi/l47JdJKbpjEeLlzNGT6utkKae3nKQqH1yltNM4I/SAmjPoXWIs0O
111
FTHDEXHIj35Kx0DeTTpWwbM1MGAV63s4KJjGp7x9k0kRH39huNvFb1TvBITH3eRe
112
n9qBuSZCqbDjJeqwB4jX3F8TKc6yRDXGQdCEzKsuunsLBlnfLWVMqI6DYv5wC+Vv
113
nKM53v0XxovruavC+wj4vWXBhkRAEyLIaFwvhmmSgLeNum7glEg3zpnbqJ8Iig6n
114
wpWA+WCVObEdhx51vYEK9eLCfmWGYFngzln89tw1bnuwVUlPh781yzOPiDketssj
115
zg==
116
-----END CERTIFICATE-----
117
subject=/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]
118
issuer=/C=us/ST=wc/O=mycompany/OU=IT/CN=example.com/[email protected]
119
---
120
No client certificate CA names sent
121
Peer signing digest: SHA512
122
Server Temp Key: ECDH, P-256, 256 bits
123
---
124
SSL handshake has read 1620 bytes and written 431 bytes
125
---
126
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
127
Server public key is 2048 bit
128
Secure Renegotiation IS supported
129
Compression: NONE
130
Expansion: NONE
131
No ALPN negotiated
132
SSL-Session:
133
    Protocol  : TLSv1.2
134
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
135
    Session-ID: 672B814EC50284C0E1B16695F8EF916A60C401202FC5A07D9CCF65ACD345907F
136
    Session-ID-ctx: 
137
    Master-Key: D53E09634329068C8274A4CCB95D6419742B703861BDE2088D450CA17B3B5FBE0EF78827E763E1AE10B448DAA86C0B92
138
    Key-Arg   : None
139
    PSK identity: None
140
    PSK identity hint: None
141
    SRP username: None
142
    TLS session ticket lifetime hint: 300 (seconds)
143
    TLS session ticket:
144
    0000 - 6e 24 dc ee 37 da dd 26-96 bc 0b be 67 11 ad 00   n$..7..&....g...
145
    0010 - 93 b6 7e 27 fd 0f 29 41-86 81 4a 4d 0c e8 c4 7a   ..~'..)A..JM...z
146
    0020 - 77 bb be d1 8b e1 fd b5-5d 57 c0 2f a4 cd 17 68   w.......]W./...h
147
    0030 - ce ba 7b 51 f7 f0 63 39-29 3b b6 3d ae 95 b9 9d   ..{Q..c9);.=....
148
    0040 - 76 b7 f1 a7 fc 57 9c ce-32 a0 90 b5 a3 f5 ed 21   v....W..2......!
149
    0050 - 29 6d 3b 82 57 b5 8e aa-30 04 d2 3e 70 4e 66 21   )m;.W...0..>pNf!
150
    0060 - f0 ec cf d6 c6 6b 0f 22-d1 c9 9b c2 48 63 fb af   .....k."....Hc..
151
    0070 - 4b dd 32 c5 14 cb ef 84-8a 2a 9d a3 ef ea de c8   K.2......*......
152
    0080 - c6 8c 43 2e de 9a a2 7b-77 12 14 e9 30 62 5b da   ..C....{w...0b[.
153
    0090 - 01 3e f5 ce 1c b0 f6 e9-78 fc ac 41 a4 90 13 0f   .>......x..A....
154
​
155
    Start Time: 1527510164
156
    Timeout   : 300 (sec)
157
    Verify return code: 18 (self signed certificate)
158
---
159
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
Copied!
doveadm
doveadm is the Dovecot administration tool. It can be used to manage various parts of Dovecot, as well as access users' mailboxes.Execute doveadm help, for a command usage listing.
1
[email protected]:/etc/dovecot/conf.d# doveadm help
2
usage: doveadm [-Dv] [-f <formatter>] <command> [<args>]
3
​
4
  altmove      [-u <user>|-A] [-S <socket_path>] [-r] <search query>
5
  auth         cache|login|lookup|test
6
  backup       [-u <user>|-A] [-S <socket_path>] [-fPRU] [-l <secs>] [-r <rawlog path>] [-m <mailbox>] [-g <mailbox_guid>] [-n <namespace> | -N] [-x <exclude>] [-s <state>] -d|<dest>
7
  batch        [-u <user>|-A] [-S <socket_path>] <sep> <cmd1> [<sep> <cmd2> [..]]
8
  config       [doveconf parameters]
9
  copy         [-u <user>|-A] [-S <socket_path>] <destination> [user <source user>] <search query>
10
  deduplicate  [-u <user>|-A] [-S <socket_path>] [-m] <search query>
11
  dict         get|inc|iter|set|unset
12
  director     add|down|dump|flush|kick|map|move|remove|ring|status|up|update
13
  dump         [-t <type>] <path>
14
  exec         <binary> [binary parameters]
15
  expunge      [-u <user>|-A] [-S <socket_path>] [-m] <search query>
16
  fetch        [-u <user>|-A] [-S <socket_path>] <fields> <search query>
17
  flags        add|remove|replace
18
  force-resync [-u <user>|-A] [-S <socket_path>] <mailbox mask>
19
  fs           copy|delete|get|iter|iter-dirs|metadata|put|stat
20
  help         <cmd>
21
  import       [-u <user>|-A] [-S <socket_path>] [-s] <source mail location> <dest parent mailbox> <search query>
22
  index        [-u <user>|-A] [-S <socket_path>] [-q] [-n <max recent>] <mailbox mask>
23
  instance     list|remove
24
  kick         [-a <anvil socket path>] <user mask>[|]<ip/bits>
25
  log          errors|find|reopen|test
26
  mailbox      create|delete|list|metadata|mutf7|rename|status|subscribe|unsubscribe
27
  mount        add|list|remove
28
  move         [-u <user>|-A] [-S <socket_path>] <destination> [user <source user>] <search query>
29
  penalty      [-a <anvil socket path>] [<ip/bits>]
30
  proxy        kick|list
31
  purge        [-u <user>|-A] [-S <socket_path>] 
32
  pw           [-l] [-p plaintext] [-r rounds] [-s scheme] [-t hash] [-u user] [-V]
33
  reload       
34
  replicator   add|dsync-status|remove|replicate|status
35
  save         [-u <user>|-A] [-S <socket_path>] [-m mailbox]
36
  search       [-u <user>|-A] [-S <socket_path>] <search query>
37
  sis          deduplicate|find
38
  stats        dump|reset|top
39
  stop         
40
  sync         [-u <user>|-A] [-S <socket_path>] [-1fPRU] [-l <secs>] [-r <rawlog path>] [-m <mailbox>] [-g <mailbox_guid>] [-n <namespace> | -N] [-x <exclude>] [-s <state>] -d|<dest>
41
  user         [-a <userdb socket path>] [-x <auth info>] [-f field] [-u] <user mask> [...]
42
  who          [-a <anvil socket path>] [-1] [<user mask>] [<ip/bits>]
43
  zlibconnect  <host> [<port>]
Copied!
try man doveadm too !
that's all!