<-OpenSUSE-small-server (second edition - June 2011)

Dovecot

Dovecot is necessary to make the mail available from the outside of the server. It's an imap and pop3 server.

It is pretty hard to configure, and the doc in it's wiki is hard to find. But once the doc find, you have all the debugging tools available.

The main configuration is in /etc/dovecot/dovecot.conf and, of course, dovecot have to be initiated in the services run levels and is after that available as rcdovecot.

The base directory is /var/run/dovecot

See http://wiki.dovecot.org/MailServerOverview, http://wiki.dovecot.org/HowTo/SimpleVirtualInstall and http://wiki.dovecot.org/TestInstallation.

Notice we exit a telnet session with ". logout" (dot, espace, logout).

For imap (the only choice I used), you need to open the port 143 (imap) on the firewall. 110 for pop3 (you can type imap or pop3 in the YaST form field).

After installing on openSUSE, the user dovecot:dovecot already exists. Change in dovecot.conf the necessary protocols (pop3, pop3s, imap, imaps). begin with non crypted system, then try using ssh/ssl.

I used mail_location = mbox:~/mail:INBOX=/var/mail/%u as mail location. With this config for a, imap server, the INBOX is shared in /var/spool/mail (/var/mail is a link to /var/spool/mail) where it can be seen by other mail systems (like mailx), but the other imap folders are in the users home. Experienced users usually do not keep mails in INBOX, but filter them to various folders, but many unexperienced users do store all in INBOX. So you have to keep an eye to both / (where is /var located in my system) and in /home.

Usually, mailboxes are sort of MB, not GB, but in a near future, when most people will have fiber connections, sending Gb by mail could become currrent.

I just changed the config file for:

 protocols = imap pop3
 disable_plaintext_auth = no
 auth_verbose = yes
 mechanisms = login plain

Upgrade

Dovecot is installed through YaST, so should be updated automatically.

Move

Moving dovecot, I could keep the ssl certificate

 /etc/ssl/certs/dovecot.pm
 /etc/ssl/private/dovecot.pm

But I don't remember if they are used for non secured install :-(

Make Dovecot Secure (not yet setup)

This mean use TLS configuration from http://wiki.dovecot.org/SSL.

In Thunderbird I had to configure "pop3" (not pop3s), tls and no secured authentification. It's pop3 also in Dovecot.

This certificate creation have to be done each year (365 days) - done in August 13, 2009.

On my openSUSE 11.1, no automatic key was created, I had to do so manually, finding the script and the config file in /usr/share/doc/package/dovecot.

"Especially important field is the CN (Common Name) field, which should contain your server's host name"

There no use to import a key in the mail client, thunderbird (at least) imports it itself and ask if it's the good one. You can probably say "permanently" is you don't fear a man in the middle attack on your first connection.

For this to work, don't forget to open the firewall pop3s and/or imaps protocols (in YaST you can enter the protocol name, including in the advanced fields), add the relavant protocol also on the dovecot.config file and add also the location of the two key files (uncomment the path).

I had also to change the auth default from "PLAIN" to "login" (not sure it was necessary) and "ssl_disable = no". That last one may be the only relevant change in dovecot.conf.

auth default {
mechanisms = login