summaryrefslogtreecommitdiffstats
path: root/doc/wiki/BasicConfiguration.txt
blob: a03590b6e7b508299d2ba9974888cbc84c3ba8b4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
Basic Configuration
===================

This page tells you the basics that you'll need to get a working Dovecot
installation.

Find Dovecot configuration file location using:

---%<-------------------------------------------------------------------------
doveconf -n | head -n1
---%<-------------------------------------------------------------------------

Your configuration file doesn't exist if you installed Dovecot from sources.
The config directory should contain a 'README' file pointing to an example
configuration, which you can use as your basic configuration. For example:

---%<-------------------------------------------------------------------------
cp -r /usr/share/doc/dovecot/example-config/* /etc/dovecot/
---%<-------------------------------------------------------------------------

The default configuration starts from 'dovecot.conf', which contains an
'!include conf.d/*.conf' statement to read the rest of the configuration. This
split of configuration files isn't a requirement to use, and it doesn't really
matter which .conf file you add any particular setting, just as long as it
isn't overridden in another file. You can verify with 'doveconf -n' that
everything looks as you intended.

Authentication
--------------

By default Dovecot is set up to use system user authentication. If you're
planning on using system users, you can simply skip this section and read <PAM>
[PasswordDatabase.PAM.txt] (or <bsdauth> [PasswordDatabase.BSDAuth.txt]) for
configuring it.

If you're planning on using virtual users, it's easier to first create a simple
passwd-like file to make sure that the authentication will work. Later when you
know Dovecot is working, you can do it differently (see <VirtualUsers.txt>).

Run as your own non-root user:

---%<-------------------------------------------------------------------------
echo "$USER:{PLAIN}password:$UID:$GID::$HOME" > users
sudo mv users /etc/dovecot/

# If SELinux is enabled:
restorecon -v /etc/dovecot/users
---%<-------------------------------------------------------------------------

You can (and should) replace the "password" with whatever password you wish to
use, but don't use any important password here as we'll be logging in with
insecure plaintext authentication until <SSL.txt> is configured.

(Remark: $GID is not set per default on <OpenSuse.txt> systems, replace by 'id
-g')

If you used the example configuration files, switch to passwd-file by modifying
'conf.d/10-auth.conf':

---%<-------------------------------------------------------------------------
# Add '#' to comment out the system user login for now:

# Remove '#' to use passwd-file:
!include auth-passwdfile.conf.ext
---%<-------------------------------------------------------------------------

In 'conf.d/auth-passwdfile.conf.ext' you should have:

---%<-------------------------------------------------------------------------
passdb {
  driver = passwd-file
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
}
userdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/users
}
---%<-------------------------------------------------------------------------

Verify with 'doveconf -n passdb userdb' that the output looks like above (and
there are no other passdbs or userdbs).

Plaintext Authentication
------------------------

To allow any Authentication without SSL, disable SSL in the
'conf.d/10-ssl.conf' file. This has to be done because Dovecot (now) uses SSL
as default. You probably want to switch this back to "yes" or other options
afterward.

---%<-------------------------------------------------------------------------
ssl = no
---%<-------------------------------------------------------------------------

Until SSL is configured, allow plaintext authentication in the
'conf.d/10-auth.conf' file. You probably want to switch this back to "yes"
afterward.

---%<-------------------------------------------------------------------------
disable_plaintext_auth = no
---%<-------------------------------------------------------------------------

If you didn't use the temporary passwd-file created above, don't do this if you
don't want your password to be sent in clear to network. Instead get SSL
configuration working and connect to Dovecot only using SSL.

Mail Location
-------------

Set the 'mail_location' in 'conf.d/10-mail.conf' as determined by the
instructions in <FindMailLocation.txt>.

mbox
----

If you're using mboxes, it's important to have locking configuration correct.
See <MboxLocking.txt> for more information.

If you're using '/var/mail/' or '/var/spool/mail/' directory for INBOXes, you
may need to give Dovecot additional permissions so it can create dotlock files
there. A failure to do so will result in errors like these:

---%<-------------------------------------------------------------------------
open(/var/mail/.temp.host.1234.abcdefg) failed: Permission denied
file_lock_dotlock() failed with mbox file /var/mail/user: Permission denied
---%<-------------------------------------------------------------------------

From here on I'm assuming the INBOX directory is '/var/mail'.

First check what the permissions of '/var/mail' are:

---%<-------------------------------------------------------------------------
# ls -ld /var/mail
drwxrwxrwt 2 root mail 47 2006-01-07 20:44 /var/mail/
---%<-------------------------------------------------------------------------

In this case everyone has write access there and the directory is marked
sticky. This allows Dovecot to create the dotlock files, so you don't need to
do anything.

---%<-------------------------------------------------------------------------
# ls -ld /var/mail
drwxrwxr-- 2 root mail 47 2006-01-07 20:44 /var/mail/
---%<-------------------------------------------------------------------------

In this case only the root and the 'mail' group has write permission to the
directory. You'll need to give Dovecot's mail processes ability to use this
group by changing 'conf.d/10-mail.conf':

---%<-------------------------------------------------------------------------
mail_privileged_group = mail
---%<-------------------------------------------------------------------------

Note: Specifying the privileged user must be done as shown. Simply adding
'dovecot' user to the 'mail' group does /*not*/ grant write permission.

(This file was created from the wiki on 2019-06-19 12:42)