Difference between revisions of "Dovecot"
m (→Notes: fixed Postfix link) |
|||
| (11 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | == | + | {{#set:page type=article}} |
| − | [[category:software]][[Dovecot]] is [[email server]] [[software]]. {{wikipedia|Dovecot (software)}} describes it as just a [[POP3]] and [[Internet Mail Access Protocol|IMAP]] server, but [[Ubuntu]] packages it as a "stack" which provides both [[Mail Transfer Agent|MTA]] and [[Mail Delivery Agent|MDA]] functionality. | + | {{#set:thing type=software}} |
| + | {{#set:architecture=server}} | ||
| + | {{#set:license=open source}} | ||
| + | [[category:software]] | ||
| + | ==About== | ||
| + | [[Dovecot]] is [[email server]] [[software]]. {{wikipedia|Dovecot (software)}} describes it as just a [[POP3]] and [[Internet Mail Access Protocol|IMAP]] server, but [[Ubuntu]] packages it as a "stack" which provides both [[Mail Transfer Agent|MTA]] and [[Mail Delivery Agent|MDA]] functionality. | ||
===Helper Binaries=== | ===Helper Binaries=== | ||
Dovecot includes a number of helper command-line binaries; existing documentation for these is hard to find. Typical locations for these commands are: | Dovecot includes a number of helper command-line binaries; existing documentation for these is hard to find. Typical locations for these commands are: | ||
| + | * /usr/lib/dovecot/ | ||
| + | ** used by [[Ubuntu]] | ||
| + | * /usr/libexec/dovecot/ | ||
* /usr/local/libexec/dovecot/ | * /usr/local/libexec/dovecot/ | ||
| − | |||
Binaries include: | Binaries include: | ||
* [[/deliver]]: can be used by [[Postfix]] when delivering mail to user mailboxes | * [[/deliver]]: can be used by [[Postfix]] when delivering mail to user mailboxes | ||
| + | ===SASL=== | ||
| + | '''SASL''' stands for [[Simple Authentication and Security Layer]]. | ||
| + | * [http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL Postfix and Dovecot SASL] (Dovecot wiki) | ||
| + | ===SSL=== | ||
| + | See [[Secure Sockets Layer]] for related information. | ||
| + | * [http://wiki.dovecot.org/SSL Dovecot SSL] | ||
| + | ** [http://wiki.dovecot.org/SSL/DovecotConfiguration Dovecot SSL configuration] | ||
| + | |||
| + | None of the documentation seems to mention the fact that many of these settings are in sub-files (see [[#Notes]], below), and your changes to dovecot.conf will be ignored if they are overridden in one of these files -- so edit that file instead. | ||
| + | * In theory, you should be able to create your own subfile and add these settings to it; I have not tested this. --[[User:Woozle|Woozle]] 14:08, 11 December 2010 (EST) | ||
| + | * In the server I just configured, the SSL settings were in "conf.d/01-dovecot-postfix.conf". Tentatively: '''ssl_cert_file''' should be set to the certificate you receive from the certificate signer (e.g. [[OptimumSSL]]), and '''ssl_key_file''' should be set to the private key you generated earlier (when you also generated the CSR). --[[User:Woozle|Woozle]] 14:08, 11 December 2010 (EST) | ||
| + | * This year, '''ssl_cert_file''' was the certificate as sent via email (2 certificates with some text between them); '''ssl_key_file''' was the key file I newly generated for the CSR for this certificate. (Possibly I could have re-used the one from last year, but I couldn't see any advantage to that, and I wasn't sure if it would even work.) Although explanations elsewhere might make you think that '''ssl_cert_file''' would need to be the server certificate plus the intermediate file, the intermediate file contained at least 2 or 3 certificates and '''ssl_cert_file''' only contained 2, one of which was the server certificate. So either some of those intermediate certificates are unnecessary or else I don't understand how this file works. --[[User:Woozle|Woozle]] 18:01, 17 February 2011 (EST) | ||
| + | ===Sample Configurations=== | ||
| + | * Woozle: | ||
| + | ** [[User:Woozle/files/dovecot/dovecot.conf|dovecot.conf]] | ||
| + | ** [[User:Woozle/files/dovecot/auth.d/01-dovecot-postfix.auth|auth.d/01-dovecot-postfix.auth]] | ||
==Notes== | ==Notes== | ||
For Ubuntu 10.04 (whatever version of dovecot that corresponds to), some of the settings in [[dovecot.conf]] have been pushed out to sub-files. When dovecot is paired with [[Postfix]], the files appear to be: | For Ubuntu 10.04 (whatever version of dovecot that corresponds to), some of the settings in [[dovecot.conf]] have been pushed out to sub-files. When dovecot is paired with [[Postfix]], the files appear to be: | ||
* auth.d/01-dovecot-postfix.auth | * auth.d/01-dovecot-postfix.auth | ||
* conf.d/01-dovecot-postfix.conf | * conf.d/01-dovecot-postfix.conf | ||
| + | |||
| + | There doesn't seem to be any official documentation on how these files are invoked, but the last comment in [https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/590408 this forum post] implies that these files are read first and then may be overridden by [[/dovecot.conf]] (or possibly they are only loaded if the corresponding settings are missing, but this seems like a more fragile approach and so less likely). | ||
| + | |||
| + | '''Warning''': Sometimes these files are totally not being looked at, and you have to paste their contents (...well, the auth.d/ one at least) into dovecot.conf. We really need to know what the mechanism is for loading these files. | ||
If you are experiencing an error where dovecot complains that it can't find [[cmusieve]] – like this: | If you are experiencing an error where dovecot complains that it can't find [[cmusieve]] – like this: | ||
Fatal: Plugin cmusieve not found from directory /usr/lib/dovecot/modules/lda | Fatal: Plugin cmusieve not found from directory /usr/lib/dovecot/modules/lda | ||
– then edit the 01-dovecot-postfix.conf file and change "cmusieve" to "sieve". --[[User:Woozle|Woozle]] 17:41, 23 May 2010 (UTC) | – then edit the 01-dovecot-postfix.conf file and change "cmusieve" to "sieve". --[[User:Woozle|Woozle]] 17:41, 23 May 2010 (UTC) | ||
| + | ===Debugging=== | ||
| + | See also:[[openssl]] | ||
| + | |||
| + | [https://wiki.dovecot.org/TestInstallation TestInstallation] has some good basic diagnostics. If the connection gives errors not described there, then you need to (a) confirm where the configuration is stored by running this:<source lang=bash>doveconf -n | head -n 1</source> (see [https://doc.dovecot.org/configuration_manual/quick_configuration/ Quick Configuration]). | ||
| + | |||
| + | ===Theories=== | ||
| + | "<u>auth default { socket listen { master { path =</u> ''filespec''" '''creates''' the socket (or provides the service, or however you want to describe it); a ''different'' part of dovecot tries to access that socket by default unless you override it with "<u>auth external { socket connect { master { path =</u> ''filespec''". '''Where is this documented??''' | ||
| + | ==Errors== | ||
| + | * [[Failed to initialize SSL server context: Can't load DH parameters]] - received when attempting to connect (I think) | ||
| + | * [[SSL routines:ssl3_get_record:wrong version number]] | ||
| + | * [[write:errno=104]] | ||
==Links== | ==Links== | ||
| Line 23: | Line 61: | ||
* [http://www.dovecot.org/ official site] | * [http://www.dovecot.org/ official site] | ||
** [http://wiki.dovecot.org/FrontPage wiki] | ** [http://wiki.dovecot.org/FrontPage wiki] | ||
| + | *** [https://doc.dovecot.org/configuration_manual/quick_configuration/ Quick Configuration] | ||
Latest revision as of 14:33, 23 October 2020
About
Dovecot is email server software. Wikipedia describes it as just a POP3 and IMAP server, but Ubuntu packages it as a "stack" which provides both MTA and MDA functionality.
Helper Binaries
Dovecot includes a number of helper command-line binaries; existing documentation for these is hard to find. Typical locations for these commands are:
- /usr/lib/dovecot/
- used by Ubuntu
- /usr/libexec/dovecot/
- /usr/local/libexec/dovecot/
Binaries include:
SASL
SASL stands for Simple Authentication and Security Layer.
- Postfix and Dovecot SASL (Dovecot wiki)
SSL
See Secure Sockets Layer for related information.
None of the documentation seems to mention the fact that many of these settings are in sub-files (see #Notes, below), and your changes to dovecot.conf will be ignored if they are overridden in one of these files -- so edit that file instead.
- In theory, you should be able to create your own subfile and add these settings to it; I have not tested this. --Woozle 14:08, 11 December 2010 (EST)
- In the server I just configured, the SSL settings were in "conf.d/01-dovecot-postfix.conf". Tentatively: ssl_cert_file should be set to the certificate you receive from the certificate signer (e.g. OptimumSSL), and ssl_key_file should be set to the private key you generated earlier (when you also generated the CSR). --Woozle 14:08, 11 December 2010 (EST)
- This year, ssl_cert_file was the certificate as sent via email (2 certificates with some text between them); ssl_key_file was the key file I newly generated for the CSR for this certificate. (Possibly I could have re-used the one from last year, but I couldn't see any advantage to that, and I wasn't sure if it would even work.) Although explanations elsewhere might make you think that ssl_cert_file would need to be the server certificate plus the intermediate file, the intermediate file contained at least 2 or 3 certificates and ssl_cert_file only contained 2, one of which was the server certificate. So either some of those intermediate certificates are unnecessary or else I don't understand how this file works. --Woozle 18:01, 17 February 2011 (EST)
Sample Configurations
Notes
For Ubuntu 10.04 (whatever version of dovecot that corresponds to), some of the settings in dovecot.conf have been pushed out to sub-files. When dovecot is paired with Postfix, the files appear to be:
- auth.d/01-dovecot-postfix.auth
- conf.d/01-dovecot-postfix.conf
There doesn't seem to be any official documentation on how these files are invoked, but the last comment in this forum post implies that these files are read first and then may be overridden by /dovecot.conf (or possibly they are only loaded if the corresponding settings are missing, but this seems like a more fragile approach and so less likely).
Warning: Sometimes these files are totally not being looked at, and you have to paste their contents (...well, the auth.d/ one at least) into dovecot.conf. We really need to know what the mechanism is for loading these files.
If you are experiencing an error where dovecot complains that it can't find cmusieve – like this:
Fatal: Plugin cmusieve not found from directory /usr/lib/dovecot/modules/lda
– then edit the 01-dovecot-postfix.conf file and change "cmusieve" to "sieve". --Woozle 17:41, 23 May 2010 (UTC)
Debugging
See also:openssl
TestInstallation has some good basic diagnostics. If the connection gives errors not described there, then you need to (a) confirm where the configuration is stored by running this:
doveconf -n | head -n 1
(see Quick Configuration).
Theories
"auth default { socket listen { master { path = filespec" creates the socket (or provides the service, or however you want to describe it); a different part of dovecot tries to access that socket by default unless you override it with "auth external { socket connect { master { path = filespec". Where is this documented??
Errors
- Failed to initialize SSL server context: Can't load DH parameters - received when attempting to connect (I think)
- SSL routines:ssl3_get_record:wrong version number
- write:errno=104