Dovecot

Dovecot

configuration > server > email > dovecot

Dovecot ist ein IMAP Server. Er kann von Postfix aber auch als SMTP Authentifizierungsserver genutzt werden, wodurch eine einheitliche Konfiguration möglich wird. Mit dovecot -a lässt sich herausfinden was in dovecot hinein kompiliert wurde. Es kann daher passieren, dass der Befehl nichts zurück gibt. Über die FreeBSD Ports kann man sich eine eigene Version kompilieren:

cd /usr/ports/mail/postfix-current/
make config   # in diesem Schritt dovecot2 aktivieren!
make
make install  # ggf. make reinstall anstattdessen

Die Einrichtung ist gut im Dovecot-Wiki beschrieben

postfix

installation

pkg install icu gmake
cd /usr/ports/mail/postfix-current/

installation

pkg install dovecot2 ;# less good documented but newer version of dovecot

first configuration steps

cd /usr/local/etc/dovecot/
mkdir conf.d && cd conf.d/

cp ../example-config/conf.d/10-auth.conf .
cp ../example-config/conf.d/auth-passwdfile.conf.ext .
cp ../example-config/conf.d/10-mail.conf .
cp ../example-config/conf.d/10-master.conf .
cp ../example-config/conf.d/10-ssl.conf .

create a ssl certificate

mkdir /usr/local/etc/ssl
cd /usr/local/etc/ssl
openssl genrsa -rand -genkey -out dovecot.key 4096
chmod 640 dovecot.key
openssl req -new -x509 -days 365 -key dovecot.key -out dovecot.crt -sha256

sieve

Sieve is a server side mail message filter. Here comes how to set it up.

pkg install dovecot-pigeonhole ;# sieve support for dovecot2 (name misleading!)

copy required configuration files in place...

# /usr/local/etc/dovecot/conf.d/
cp /usr/local/share/doc/dovecot-pigeonhole/example-config/conf.d/20-managesieve.conf .
cp /usr/local/share/doc/dovecot-pigeonhole/example-config/conf.d/90-sieve.conf .
cp ../example-config/conf.d/20-lmtp.conf .
mkdir -p /var/lib/dovecot/sieve.d/

you copied the default config. modify these values (uncomment):

# 20-managesieve.conf
# ...
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
# ...
service managesieve {
  # Max. number of ManageSieve processes (connections)
  process_limit = 1024
}
# ...
# 20-managesieve.conf
# ...
sieve_before = /var/lib/dovecot/sieve.d/
# ...
sieve_extensions = +vnd.dovecot.filter
# ...
sieve_plugins = sieve_extprograms
# /var/lib/dovecot/sieve.d/spamassassin.sieve
require [ "vnd.dovecot.filter" ];
filter "spamc" [ "--no-safe-fallback" ];

Restart dovecot and compile your sieve rules:

service dovecot restart
sievec /var/lib/dovecot/sieve.d/spamassassin.sieve

if you get this message you forgot to restart dovecot:

$ sievec /var/lib/dovecot/sieve.d/spamassassin.sieve
spamassassin: line 1: error: require command: unknown Sieve capability `vnd.dovecot.filter'.
spamassassin: line 2: error: unknown command 'filter' (only reported once at first occurrence).
spamassassin: error: validation failed.
sievec(root): Error: failed to compile sieve script '/var/lib/dovecot/sieve.d/spamassassin.sieve'

Here comes, what sieve will actually do for you: it is going to move mails containing ***Spam*** in the subject to a specific folder called Junk. So please change test.de/max according to your specific mail address:

# /var/mail/vhosts/test.de/max/.dovecot.sieve
require "fileinto";
if header :comparator "i;ascii-casemap" :contains "Subject" "***Spam***"  {
        fileinto "Junk";
        stop;
}

spamassassin

installation

pkg install spamassassin spamass-rules

add spamd to /etc/rc.conf:

# /etc/rc.conf
spamd_enable="YES"               # enable spamassassin spam blocker
sa-update -D
spamassassin --lint   ;# check rules (optional)
sa-compile            ;# compile
spamd -D

service sa-spamd start

debugging

tail -f "/var/log/maillog"     ;# dovecot logs here by default via syslog
tail -f "/var/log/dovecot.log" ;# postfix logs here by default
tail -f "/var/log/messages"    ;# postfix logs here by default

postqueue -p                   ;# shows postfix queue
postsuper -d ALL               ;# deletes all mails form queue

telnet -4 <domain> 25
openssl s_client -ign_eof -crlf -starttls smtp -connect <domain>:587 ;# also deactivates openssl renegotiation 
top