CSUF LogoCSUF Site Navigation
optics.csufresno.edu

F14 E-Mail & Spam Dovecot

Department of Electrical and Computer Engineering
Associate Professor Gregory R. Kriehn
Forums
Wiki
F14 Dovecot

Dovecot acts as a secure IMAP and/or POP3 server for Linux. I find it useful to run on my server so that I can pull e-mail from it onto my laptop using the POP3 protocol whenever I am away from the university. Configuring Dovecot used to be simple, but with version 2 it has become very obtuse, so spend time examining the documentation at:

http://www.dovecot.org/

If you want to use SSL encryption when using POP3, you will have to pay for an SSL certificate, which is something that I am not willing to do. However, I am not willing to send in a password to my server using plain text authentication either, so I have chosen to use DIGEST-MD5 authentication.

NOTE: 
Before configuring Dovecot, be sure that you have poked a hole in Port 110 to allow for POP3 connections. See my Firewall page for details.

Configuration files are located in /etc/dovecot. The main configuration file is dovecot.conf, and other files are located in /etc/dovecot/conf.d. Start by editing the /etc/dovecot/dovecot.conf file. Scroll down to the Protocols section. Add the following:
protocols = pop3
Save and exit. Next move into the conf.d subdirectory and edit the following files:

conf.d/10-auth.conf

Add the following in the appropriate subsections:
disable_plaintext_auth = no
auth_mechanisms = digest-md5
Save and exit.

conf.d/10-logging.conf

Add the following in the appropriate subsections:
log_path = /var/log/dovecot/dovecot.log
Save and exit. Since the log file is going to be stored in /var/log/dovecot, create the directory:
~> sudo mkdir /var/log/dovecot
While we are at it, we may as well setup log rotation for the file as well. Create a /etc/logrotate.d/dovecot file using sudo and add the following:
/var/log/dovecot/dovecot.log {
        notifempty
        weekly
        missingok
        rotate 4
}
Save and exit.

conf.d/10-mail.conf

Since all of my mail is dumped to /var/mail/[user] on the server via fetchmail (see my fetchmail page), I want to add the following:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
Save and exit.

conf.d/10-master.conf

Add the following in the appropriate subsections:
service pop3-login{
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
  }
}
Save and exit.

conf.d/auth-system.conf.ext

Comment out the PAM authentication section. Under it, add the following:
#passdb {
#  driver = pam
#  args = dovecot
#}

passdb {
  driver = passwd-file
  args = scheme=plain-md5 username_format=%u /etc/dovecot/dovecot.password
}
userdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/dovecot.password
}
Save and exit.

Next, we need to setup a digest-md5 password. This can be done using the dovecotpw command:
~> doveadm pw -s digest-md5
Type in new password, and you will see a line similar to:
{DIGEST-MD5}45ef5304d32a4a91c9480e46377b0fa2
(Please note that I have used a dummy password here.) Next create a new /etc/dovecot/dovecot.password file using sudo and copy your password into the file:
[user]:{DIGEST-MD5}45ef5304d32a4a91c9480e46377b0fa2:[uid]:[gid]:[name]:[home]:[shell]
Substitute your username for [user], your user id for [uid], your group id for [gid], your full name for [name], your home directory location for [home], and your shell location for [shell]. Save and exit, and change the ownership and permissions of the file:
~> sudo chown root.dovecot /etc/dovecot/dovecot.password
~> sudo chmod o-r /etc/dovecot/dovecot.password

Setup Fail2Ban with Dovecot


To use Fail2Ban with Dovecot, see the Fail2Ban page.


Restart Dovecot Daemon

Restart Dovecot.
~> sudo service dovecot restart
If everything is setup properly, you should see something similar to:  
Stopping Dovecot Imap:                                     [  OK  ]
Starting Dovecot Imap:                                     [  OK  ]
Next, on a remote computer, pull up your E-mail client, such as evolution. Click on Edit -> Preferences, select the Account name you are using, and click Edit. Click on Receiving Email, and choose POP under from the pull down menu. Type in your Server name and Username, and make sure that No encryption is selected from the drop down menu for Security. Then select DIGEST-MD5 under Authentication Type and click OK, followed by Close. You should now be able to establish a POP connection back to the server, and pull down your E-Mail.