summaryrefslogtreecommitdiffstats
path: root/doc/wiki/BasicConfiguration.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/wiki/BasicConfiguration.txt')
-rw-r--r--doc/wiki/BasicConfiguration.txt157
1 files changed, 157 insertions, 0 deletions
diff --git a/doc/wiki/BasicConfiguration.txt b/doc/wiki/BasicConfiguration.txt
new file mode 100644
index 0000000..a03590b
--- /dev/null
+++ b/doc/wiki/BasicConfiguration.txt
@@ -0,0 +1,157 @@
+Basic Configuration
+===================
+
+This page tells you the basics that you'll need to get a working Dovecot
+installation.
+
+Find Dovecot configuration file location using:
+
+---%<-------------------------------------------------------------------------
+doveconf -n | head -n1
+---%<-------------------------------------------------------------------------
+
+Your configuration file doesn't exist if you installed Dovecot from sources.
+The config directory should contain a 'README' file pointing to an example
+configuration, which you can use as your basic configuration. For example:
+
+---%<-------------------------------------------------------------------------
+cp -r /usr/share/doc/dovecot/example-config/* /etc/dovecot/
+---%<-------------------------------------------------------------------------
+
+The default configuration starts from 'dovecot.conf', which contains an
+'!include conf.d/*.conf' statement to read the rest of the configuration. This
+split of configuration files isn't a requirement to use, and it doesn't really
+matter which .conf file you add any particular setting, just as long as it
+isn't overridden in another file. You can verify with 'doveconf -n' that
+everything looks as you intended.
+
+Authentication
+--------------
+
+By default Dovecot is set up to use system user authentication. If you're
+planning on using system users, you can simply skip this section and read <PAM>
+[PasswordDatabase.PAM.txt] (or <bsdauth> [PasswordDatabase.BSDAuth.txt]) for
+configuring it.
+
+If you're planning on using virtual users, it's easier to first create a simple
+passwd-like file to make sure that the authentication will work. Later when you
+know Dovecot is working, you can do it differently (see <VirtualUsers.txt>).
+
+Run as your own non-root user:
+
+---%<-------------------------------------------------------------------------
+echo "$USER:{PLAIN}password:$UID:$GID::$HOME" > users
+sudo mv users /etc/dovecot/
+
+# If SELinux is enabled:
+restorecon -v /etc/dovecot/users
+---%<-------------------------------------------------------------------------
+
+You can (and should) replace the "password" with whatever password you wish to
+use, but don't use any important password here as we'll be logging in with
+insecure plaintext authentication until <SSL.txt> is configured.
+
+(Remark: $GID is not set per default on <OpenSuse.txt> systems, replace by 'id
+-g')
+
+If you used the example configuration files, switch to passwd-file by modifying
+'conf.d/10-auth.conf':
+
+---%<-------------------------------------------------------------------------
+# Add '#' to comment out the system user login for now:
+
+# Remove '#' to use passwd-file:
+!include auth-passwdfile.conf.ext
+---%<-------------------------------------------------------------------------
+
+In 'conf.d/auth-passwdfile.conf.ext' you should have:
+
+---%<-------------------------------------------------------------------------
+passdb {
+ driver = passwd-file
+ args = scheme=CRYPT username_format=%u /etc/dovecot/users
+}
+userdb {
+ driver = passwd-file
+ args = username_format=%u /etc/dovecot/users
+}
+---%<-------------------------------------------------------------------------
+
+Verify with 'doveconf -n passdb userdb' that the output looks like above (and
+there are no other passdbs or userdbs).
+
+Plaintext Authentication
+------------------------
+
+To allow any Authentication without SSL, disable SSL in the
+'conf.d/10-ssl.conf' file. This has to be done because Dovecot (now) uses SSL
+as default. You probably want to switch this back to "yes" or other options
+afterward.
+
+---%<-------------------------------------------------------------------------
+ssl = no
+---%<-------------------------------------------------------------------------
+
+Until SSL is configured, allow plaintext authentication in the
+'conf.d/10-auth.conf' file. You probably want to switch this back to "yes"
+afterward.
+
+---%<-------------------------------------------------------------------------
+disable_plaintext_auth = no
+---%<-------------------------------------------------------------------------
+
+If you didn't use the temporary passwd-file created above, don't do this if you
+don't want your password to be sent in clear to network. Instead get SSL
+configuration working and connect to Dovecot only using SSL.
+
+Mail Location
+-------------
+
+Set the 'mail_location' in 'conf.d/10-mail.conf' as determined by the
+instructions in <FindMailLocation.txt>.
+
+mbox
+----
+
+If you're using mboxes, it's important to have locking configuration correct.
+See <MboxLocking.txt> for more information.
+
+If you're using '/var/mail/' or '/var/spool/mail/' directory for INBOXes, you
+may need to give Dovecot additional permissions so it can create dotlock files
+there. A failure to do so will result in errors like these:
+
+---%<-------------------------------------------------------------------------
+open(/var/mail/.temp.host.1234.abcdefg) failed: Permission denied
+file_lock_dotlock() failed with mbox file /var/mail/user: Permission denied
+---%<-------------------------------------------------------------------------
+
+From here on I'm assuming the INBOX directory is '/var/mail'.
+
+First check what the permissions of '/var/mail' are:
+
+---%<-------------------------------------------------------------------------
+# ls -ld /var/mail
+drwxrwxrwt 2 root mail 47 2006-01-07 20:44 /var/mail/
+---%<-------------------------------------------------------------------------
+
+In this case everyone has write access there and the directory is marked
+sticky. This allows Dovecot to create the dotlock files, so you don't need to
+do anything.
+
+---%<-------------------------------------------------------------------------
+# ls -ld /var/mail
+drwxrwxr-- 2 root mail 47 2006-01-07 20:44 /var/mail/
+---%<-------------------------------------------------------------------------
+
+In this case only the root and the 'mail' group has write permission to the
+directory. You'll need to give Dovecot's mail processes ability to use this
+group by changing 'conf.d/10-mail.conf':
+
+---%<-------------------------------------------------------------------------
+mail_privileged_group = mail
+---%<-------------------------------------------------------------------------
+
+Note: Specifying the privileged user must be done as shown. Simply adding
+'dovecot' user to the 'mail' group does /*not*/ grant write permission.
+
+(This file was created from the wiki on 2019-06-19 12:42)