Dovecot: Unterschied zwischen den Versionen
K Textersetzung - „Kategorie:(.*):(.*)“ durch „Kategorie:/$1/$2“ |
K Textersetzung - „== Syntax ==“ durch „== Aufruf ==“ |
||
(9 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
'''topic''' | '''topic''' - Beschreibung | ||
== Beschreibung == | == Beschreibung == | ||
Zeile 136: | Zeile 136: | ||
* File: /etc/dovecot/conf.d/auth-sql.conf.ext | * File: /etc/dovecot/conf.d/auth-sql.conf.ext | ||
{| | {| class="wikitable" \n|- | ||
|- | |||
|| | || | ||
|| ... | || ... | ||
Zeile 165: | Zeile 164: | ||
{| | {| class="wikitable" \n|- | ||
|- | |||
|| | || | ||
|| ... | || ... | ||
Zeile 205: | Zeile 203: | ||
File: /etc/dovecot/conf.d/10-master.conf | File: /etc/dovecot/conf.d/10-master.conf | ||
{| | {| class="wikitable" \n|- | ||
|- | |||
|| | || | ||
|| ... | || ... | ||
Zeile 236: | Zeile 233: | ||
File: /etc/dovecot/conf.d/10-master.conf | File: /etc/dovecot/conf.d/10-master.conf | ||
{| | {| class="wikitable" \n|- | ||
|- | |||
|| | || | ||
|| ... | || ... | ||
Zeile 255: | Zeile 251: | ||
File: /etc/dovecot/conf.d/10-master.conf | File: /etc/dovecot/conf.d/10-master.conf | ||
{| | {| class="wikitable" \n|- | ||
|- | |||
|| | || | ||
|| ... | || ... | ||
Zeile 279: | Zeile 274: | ||
In the service auth-worker section, uncomment the user line and set it to vmail:* File: /etc/dovecot/conf.d/10-master.conf | In the service auth-worker section, uncomment the user line and set it to vmail:* File: /etc/dovecot/conf.d/10-master.conf | ||
{| | {| class="wikitable" \n|- | ||
|- | |||
|| | || | ||
|| ... | || ... | ||
Zeile 295: | Zeile 289: | ||
# File: /etc/dovecot/conf.d/10-ssl.conf | # File: /etc/dovecot/conf.d/10-ssl.conf | ||
{| | {| class="wikitable" \n|- | ||
|- | |||
|| | || | ||
|| ... | || ... | ||
Zeile 311: | Zeile 304: | ||
== Anwendungen == | == Anwendungen == | ||
== | == Aufruf == | ||
=== Optionen === | === Optionen === | ||
=== Parameter === | === Parameter === | ||
=== | === Umgebung === | ||
=== | === Rückgabewert === | ||
== Konfiguration == | == Konfiguration == | ||
=== Dateien === | === Dateien === | ||
Zeile 349: | Zeile 342: | ||
== Dokumentation == | == Dokumentation == | ||
=== RFC === | === RFC === | ||
=== Man- | === Man-Page === | ||
=== Info-Pages === | === Info-Pages === | ||
== Siehe auch == | == Siehe auch == | ||
Zeile 363: | Zeile 356: | ||
# [http://www.admin-magazin.de/Das-Heft/2012/02/Eigener-Mailserver-mit-Postfix-und-Dovecot/ Eigener Mailserver mit Postfix und Dovecot] (ADMIN-Magazin) | # [http://www.admin-magazin.de/Das-Heft/2012/02/Eigener-Mailserver-mit-Postfix-und-Dovecot/ Eigener Mailserver mit Postfix und Dovecot] (ADMIN-Magazin) | ||
== Literatur == | == Literatur == | ||
# [[Peer Heinlein]]: ''Dovecot – POP3/IMAP-Server für Unternehmen und ISPs'', Open Source Press, 2014, ISBN 978-3-95539-074-7 | # [[Peer Heinlein]]: ''Dovecot – POP3/IMAP-Server für Unternehmen und ISPs'', Open Source Press, 2014, ISBN 978-3-95539-074-7 | ||
[[Kategorie:Freie Software]] | [[Kategorie:Freie Software]] | ||
[[Kategorie: | [[Kategorie:E-Mail/Server]] | ||
[[Kategorie:IMAP]] | [[Kategorie:IMAP]] | ||
[[Kategorie:POP3]] | [[Kategorie:POP3]] |
Aktuelle Version vom 12. November 2024, 18:37 Uhr
topic - Beschreibung
Beschreibung
Dovecot ist für kleine (200 Mailboxen) bis größere Netzwerke (über 1000 Mailboxen) ausgelegt.
- Der Server kann mit den Mailboxformaten maildir und mbox umgehen und ist dazu vollständig kompatibel zum älteren Courier-IMAP-Server und der alten UW-IMAP-Referenz-Server-Software für das IMAP-Protokoll.
- Die E-Mail-Daten sind leicht zu migrieren oder in E-Mail-Programmen nutzbar, Computerbenutzer können sich direkt auf dem Dovecot-Mailserver einloggen.[1]
Ab der Version 1.0a4 ist außerdem ein Dovecot-eigenes Format namens dbox in Bearbeitung, welches für Hochleistungsanwendungen gedacht ist.
- Bisher bietet dbox keine Kompatibilität zu anderer Software, daher kann auf im dbox-Format gespeicherte Mails nur über Dovecot zugegriffen werden, d. h.
- von E-Mail-Programmen (MUA) mittels IMAP und POP3 und von MTAs aus durch Benutzung der Zustellungskomponenten in Dovecot.
Dovecot unterstützt unter anderem folgende Merkmale:
- IMAP4rev1
- THREAD-, IDLE- und SORT-Erweiterung
- POP3
- LMTP als Protokoll zur E-Mail-Zustellung
- Sieve
- TLS/SSL
- IPv6
- Maildir++ Quota
- Postfix und exim (ab Version 4) können mit Dovecot zusammenarbeiten
{{#if: | {{{Name}}} | {{#invoke:WLink|getArticleBase}} }} | ||
---|---|---|
|
{{#if: {{#invoke:Wikidata|claim|P154}} | | ||
[[Datei:{{#invoke:Wikidata|claim|P154}}|150px]]
}} }}{{#if: | | ||
{{{Screenshot}}}{{#if: | {{{Beschreibung}}} }}| }} | ||
Basisdaten
{{#if: | | ||
Maintainer |
{{#if: {{#invoke:Wikidata|claim|P126}} | | |
Maintainer | claim|P126|parameter=link|references=ja|list=, }}
}} }}{{#if: Timo Sirainen | | |
Entwickler |
{{#if: {{#invoke:Wikidata|claim|P178}} | | |
Entwickler | claim|P178|parameter=link|references=ja|list=, }}
}} }}{{#if: | | |
Erscheinungsjahr |
{{#if: {{#invoke:Wikidata|claim|P577}} | | |
Erscheinungsjahr | claim|P577|references=ja|list=, }} |
{{#if: {{#invoke:Wikidata|claim|P571}} | | |
Erscheinungsjahr | claim|P571|references=ja|list=, }}
}} }} }}{{#ifeq: | KEINE_ANGABE || {{#if: | | |
Aktuelle Version | () }} |
{{#if: {{#invoke:Wikidata|claim|P348|P548|!Q3295609,Q51930650,Q2122918,Q21727724,Q1072356}} | |
Aktuelle Version | claim|P348|P548|!Q3295609,Q51930650,Q2122918,Q21727724,Q1072356|references=ja}} {{#if: {{#invoke:Wikidata|claim|P348|P548|!Q3295609,Q51930650,Q2122918,Q21727724,Q1072356|qualifier=P577}} | ({{#invoke:Wikidata|claim|P348|P548|!Q3295609,Q51930650,Q2122918,Q21727724,Q1072356|qualifier=P577}}) }}}}}} }}{{#if: | | |
Aktuelle Vorabversion | ({{{AktuelleVorabVersionFreigabeDatum}}}) }} }}{{#if: | | |
Ausführungsumgebung |
{{#if: | | |
Betriebssystem |
{{#if: {{#invoke:Wikidata|claim|P306}} | | |
Betriebssystem | claim|P306|parameter=link|references=ja|list=, }}
}} }} }}{{#if: | | |
Programmiersprache |
{{#if: {{#invoke:Wikidata|claim|P277}} | | |
Programmiersprache | claim|P277|parameter=link|references=ja|list=, }}
}} }}{{#if: Mailserver (Mail Delivery Agent) | | |
Kategorie | Mailserver (Mail Delivery Agent)
}}{{#if: | | |
Lizenz |
{{#if: {{#invoke:Wikidata|claim|P275}} | | |
Lizenz | claim|P275|parameter=link|references=ja|list=, }}
}} }}{{#if: 0 | | |
deutschsprachig | faculty|0}} | ja | nein }}
}}{{#if: | | |
Sonstiges | {{{Sonstiges}}} }}{{#if: www.dovecot.org | |
|
www.dovecot.org |
{{#if: {{#invoke:Wikidata|claim|P856|notdeprecated=1}} | | ||
{{#invoke: WLink | formatURL | {{#invoke:Wikidata|claim|P856|parameter=link|notdeprecated=1}}}}
}} }}{{#if: | | ||
Dateien | [[c:Category:Created with {{{Dateien}}}|{{{Dateien}}}]]
}} |
Dovecot ( für Taubenschlag) ist eine Mailserver Software-Suite.
- Sie ist als Mail Delivery Agent (MDA) und für die Netzwerkprotokolle POP3 und IMAP gestaltet.
Die Software-Suite arbeitet unter Unix, BSD und unixoiden Systemen wie Linux.[2] Sie ist Open Source mit gemeinfreien Teilen und anderen unter LGPL oder MIT-Lizenz neben eigenständigen Lizenzen.[3] Im März 2015 gab Open-Xchange den Zusammenschluss mit Dovecot OY, der Firma von Timo Sirainen, bekannt.
- Dadurch könne man auch großen E-Mail-Providern einen kompletten Applikationsstack aus einer Hand anbieten.[4]
Installation
Dovecot
Dovecot is a POP3 and IMAP server, which provides email clients with access to emails on the server.
- It also acts as the Local Delivery Agent (LDA), which takes email from Postfix (or other MTA / mail server software) and stores them.
When Dovecot was installed in previous steps, additional Dovecot modules (including dovecot-antispam, dovecot-solr, dovecot-ldap, and dovecot-sieve) were also installed.
- These modules help Dovecot with a range of functions like spam filtering, user directory management, enabling a full text search, and mail filtering.
Configuring Dovecot
- edit configuration files to use IMAP (and POP3)
- add our domain details
- configure user authentication
- force users to use SSL
- when they connect so that their passwords are never sent to the server in plain text
- Copy all of the configuration files so you can easily revert back to them if needed
# cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig # cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig # cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig # cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig # cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig # cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig
- Edit the /etc/dovecot/dovecot.conf file.
- Add protocols = imap pop3 lmtp to the # Enable installed protocols section of the file.
- In addition, add the line post_master_address = postmaster at example.com, replacing example.com with your domain.
File: /etc/dovecot/dovecot.conf ## Dovecot configuration file ... # Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol protocols = imap pop3 lmtp postmaster_address = postmaster at example.com [...]
- Edit the /etc/dovecot/conf.d/10-mail.conf
This file controls how Dovecot interacts with the server’s file system to store and retrieve messages.
- Modify the following variables within the configuration file:
- /etc/dovecot/conf.d/10-mail.conf
[...] mail_location = maildir:/var/mail/vhosts/%d/%n/ [...] mail_privileged_group = mail
- Create the /var/mail/vhosts/ directory
and a subdirectory for your domain, replacing example.com with your domain name
# mkdir -p /var/mail/vhosts/example.com
This directory will serve as storage for mail sent to your domain.
- Create the vmail group with ID 5000.
- Add a new user vmail to the vmail group.
- This system user will read mail from the server.
# groupadd -g 5000 vmail # useradd -g vmail -u 5000 vmail -d /var/mail
Change the owner of the /var/mail/ folder and its contents to belong to vmail:
# chown -R vmail:vmail /var/mail
- Edit the user authentication file, located in /etc/dovecot/conf.d/10-auth.conf.
- Uncomment the following variables and replace with the file excerpt’s example values:
- /etc/dovecot/conf.d/10-auth.conf
[...] disable_plaintext_auth = yes [...] auth_mechanisms = plain login [...] !include auth-system.conf.ext [...] !include auth-sql.conf.ext
Note For reference, view a complete 10-auth.conffile.* Edit the /etc/dovecot/conf.d/auth-sql.conf.ext file with authentication and storage information.
- Ensure your file contains the following lines.
- Make sure the passdb section is uncommented, that the userdb section that uses the static driver is uncommented and updated with the right argument.
- Then comment out the userdb section that uses the sql driver:
- File: /etc/dovecot/conf.d/auth-sql.conf.ext
...
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } ... #userdb { # driver = sql # args = /etc/dovecot/dovecot-sql.conf.ext #} ... userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n } ... |
- Update the /etc/dovecot/dovecot-sql.conf.ext file with your MySQL connection information.
- Uncomment the following variables and replace the values with the excerpt example.
- Replace dbname, user and password with your own MySQL database values:
- File: /etc/dovecot/dovecot-sql.conf.ext
...
driver = mysql ... connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailuserpass ... default_pass_scheme = SHA512-CRYPT ... password_query = SELECT email as user, password FROM virtual_users WHERE email='%u'; ... |
The password_query variable uses email addresses listed in the virtual_users table as the username credential for an email account.
To use an alias as the username:# Add the alias as the source and destination email address to the virtual_aliases table.
- Change the /etc/dovecot/dovecot-sql.conf.ext file’s password_query value to password_query = SELECT email as user, password FROM virtual_users WHERE email=(SELECT destination FROM virtual_aliases WHERE source = '%u');
Note
For reference, view a complete dovecot-sql.conf.extfile.* Change the owner and group of the /etc/dovecot/ directory to vmail and dovecot:
# chown -R vmail:dovecot /etc/dovecot* Change the permissions on the /etc/dovecot/ directory to be recursively read, write, and execute for the owner of the directory:
# chmod -R o-rwx /etc/dovecot* Edit the service settings file /etc/dovecot/conf.d/10-master.conf:
Note
When editing the file, be careful not to remove any opening or closing curly braces.
- If there’s a syntax error, Dovecot will crash silently.
- You can check /var/log/upstart/dovecot.log to debug the error.
Here is an example of a complete 10-master.conf file.
Disable unencrypted IMAP and POP3 by setting the protocols' ports to 0.
- Uncomment the port and ssl variables:
File: /etc/dovecot/conf.d/10-master.conf
...
service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } ... } ... service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 ssl = yes } } ... |
Find the service lmtp section of the file and use the configuration shown below:
File: /etc/dovecot/conf.d/10-master.conf
...
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { #mode = 0666i mode = 0600 user = postfix group = postfix } ... } |
Locate service auth and configure it as shown below:
File: /etc/dovecot/conf.d/10-master.conf
...
service auth { ... unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } ... user = dovecot } ... |
In the service auth-worker section, uncomment the user line and set it to vmail:* File: /etc/dovecot/conf.d/10-master.conf
...
service auth-worker { ... user = vmail } |
Save the changes to the /etc/dovecot/conf.d/10-master.conf file.* Edit /etc/dovecot/conf.d/10-ssl.conf file to require SSL and to add the location of your domain’s SSL certificate and key.
- Replace example.com with your domain:
- File: /etc/dovecot/conf.d/10-ssl.conf
...
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = required ... ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_key = </etc/letsencrypt/live/example.com/privkey.pem |
- Restart Dovecot to enable all configurations:
# systemctl restart dovecot
Anwendungen
Aufruf
Optionen
Parameter
Umgebung
Rückgabewert
Konfiguration
Dateien
Sicherheit
Sicherheit
Das Hauptaugenmerk bei der Programmierung wird auf die Sicherheit gelegt.
Damit steht Dovecot in der Tradition von qmail.[6]
Das Dovecot-Programm-Paket ist darüber hinaus in drei Komponenten aufgeteilt:[1]
- Dovecot-Kern – u. a.
- mit dem Mail Delivery Agent (MDA)
- Dovecot-imapd – der Daemon für das Internet Message Access Protocol (IMAP)
- Dovecot-pop3d – der Daemon für das POP-Internet-E-Mail-Protokoll
Zur Kern-Komponente können die beiden anderen Komponenten optional hinzu installiert werden.
- Für einen reinen Dovecot-IMAP-Server braucht Dovecot-pop3d beispielsweise nicht installiert zu werden, was indirekt auch die Sicherheit erhöht.
Im November 2016 hatte das deutsche IT-Sicherheitsunternehmen Cure 53 im Auftrag der Mozilla Foundation einen Sicherheitsaudit für das Dovecot-Paket durchgeführt und infolge dessen drei Schwachstellen aufdecken können, welche jedoch von den Sicherheitsexperten der Firma Cure 53 als weniger kritisch eingestuft worden sind.[7]
Dokumentation
RFC
Man-Page
Info-Pages
Siehe auch
Links
Projekt
Weblinks
Literatur
- Peer Heinlein: Dovecot – POP3/IMAP-Server für Unternehmen und ISPs, Open Source Press, 2014, ISBN 978-3-95539-074-7