This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
openbsd:mail:dovecot2 [2020/08/10 22:46] baytuch created |
openbsd:mail:dovecot2 [2020/08/11 11:11] baytuch |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Initial preparation ====== | ||
+ | |||
+ | First of all, you need to install the application package. Next, you need to delete the standard settings files, since we will not use them in this project. | ||
+ | |||
+ | Installing the package: | ||
+ | <code> | ||
+ | doas pkg_add -v dovecot | ||
+ | </code> | ||
+ | |||
+ | Deleting standard configuration files: | ||
+ | <code> | ||
+ | cd /etc/dovecot/ | ||
+ | doas rm -rf * | ||
+ | </code> | ||
+ | |||
+ | ====== Postman creation ====== | ||
+ | |||
+ | For the safe operation of the mail system, you need to create an additional user. We also create a folder for storing user mailboxes. | ||
+ | |||
+ | <code> | ||
+ | groupadd -ov -g 1100 mailman | ||
+ | useradd -v -d /var/spool/vmail -g 1100 -s /sbin/nologin -u 1100 -c "Mail man" mailman | ||
+ | mkdir -p /var/spool/vmail | ||
+ | chown mailman:mailman /var/spool/vmail | ||
+ | </code> | ||
+ | |||
+ | ====== Setting service limits ====== | ||
+ | |||
+ | By default, resource limits are set for system services. But they are not enough for normal operation of the mail service, so you need to specify an additional value. | ||
+ | |||
+ | /etc/login.conf: | ||
+ | <code> | ||
+ | dovecot:\ | ||
+ | :openfiles-cur=1024:\ | ||
+ | :openfiles-max=2048:\ | ||
+ | :tc=daemon: | ||
+ | </code> | ||
+ | |||
+ | ====== Generating encryption keys ====== | ||
+ | |||
+ | In this project, letters will be stored on the server disk in encrypted form. Therefore, you need to create encryption keys. | ||
+ | |||
+ | <code> | ||
+ | cd ~/ | ||
+ | openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem | ||
+ | openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem | ||
+ | doas mv ecprivkey.pem /etc/dovecot/ecprivkey.pem | ||
+ | doas mv ecpubkey.pem /etc/dovecot/ecpubkey.pem | ||
+ | doas chown _dovecot:_dovecot /etc/dovecot/ecprivkey.pem | ||
+ | doas chown _dovecot:_dovecot /etc/dovecot/ecpubkey.pem | ||
+ | doas chmod 600 /etc/dovecot/ecpubkey.pem | ||
+ | doas chmod 400 /etc/dovecot/ecprivkey.pem | ||
+ | </code> | ||
+ | |||
+ | |||
+ | ====== Config file for Dovecot ====== | ||
+ | |||
+ | <code> | ||
+ | doas touch /etc/dovecot/dovecot.conf | ||
+ | </code> | ||
+ | |||
<code> | <code> | ||
# Dovecot configuration file for my project | # Dovecot configuration file for my project | ||
Line 61: | Line 122: | ||
ssl = yes | ssl = yes | ||
- | ssl_cert = </etc/ssl/grape.ircnow.org.fullchain.pem | + | ssl_cert = </etc/ssl/example.com.fullchain.pem |
- | ssl_key = </etc/ssl/private/grape.ircnow.org.key | + | ssl_key = </etc/ssl/private/example.com.key |
ssl_cipher_list = ALL:!LOW:!SSLv2 | ssl_cipher_list = ALL:!LOW:!SSLv2 | ||