This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revision Both sides next revision | ||
|
openbsd:mail:dovecot2 [2020/08/10 22:46] baytuch created |
openbsd:mail:dovecot2 [2020/08/11 11:11] baytuch |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Initial preparation ====== | ||
| + | |||
| + | First of all, you need to install the application package. Next, you need to delete the standard settings files, since we will not use them in this project. | ||
| + | |||
| + | Installing the package: | ||
| + | <code> | ||
| + | doas pkg_add -v dovecot | ||
| + | </code> | ||
| + | |||
| + | Deleting standard configuration files: | ||
| + | <code> | ||
| + | cd /etc/dovecot/ | ||
| + | doas rm -rf * | ||
| + | </code> | ||
| + | |||
| + | ====== Postman creation ====== | ||
| + | |||
| + | For the safe operation of the mail system, you need to create an additional user. We also create a folder for storing user mailboxes. | ||
| + | |||
| + | <code> | ||
| + | groupadd -ov -g 1100 mailman | ||
| + | useradd -v -d /var/spool/vmail -g 1100 -s /sbin/nologin -u 1100 -c "Mail man" mailman | ||
| + | mkdir -p /var/spool/vmail | ||
| + | chown mailman:mailman /var/spool/vmail | ||
| + | </code> | ||
| + | |||
| + | ====== Setting service limits ====== | ||
| + | |||
| + | By default, resource limits are set for system services. But they are not enough for normal operation of the mail service, so you need to specify an additional value. | ||
| + | |||
| + | /etc/login.conf: | ||
| + | <code> | ||
| + | dovecot:\ | ||
| + | :openfiles-cur=1024:\ | ||
| + | :openfiles-max=2048:\ | ||
| + | :tc=daemon: | ||
| + | </code> | ||
| + | |||
| + | ====== Generating encryption keys ====== | ||
| + | |||
| + | In this project, letters will be stored on the server disk in encrypted form. Therefore, you need to create encryption keys. | ||
| + | |||
| + | <code> | ||
| + | cd ~/ | ||
| + | openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem | ||
| + | openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem | ||
| + | doas mv ecprivkey.pem /etc/dovecot/ecprivkey.pem | ||
| + | doas mv ecpubkey.pem /etc/dovecot/ecpubkey.pem | ||
| + | doas chown _dovecot:_dovecot /etc/dovecot/ecprivkey.pem | ||
| + | doas chown _dovecot:_dovecot /etc/dovecot/ecpubkey.pem | ||
| + | doas chmod 600 /etc/dovecot/ecpubkey.pem | ||
| + | doas chmod 400 /etc/dovecot/ecprivkey.pem | ||
| + | </code> | ||
| + | |||
| + | |||
| + | ====== Config file for Dovecot ====== | ||
| + | |||
| + | <code> | ||
| + | doas touch /etc/dovecot/dovecot.conf | ||
| + | </code> | ||
| + | |||
| <code> | <code> | ||
| # Dovecot configuration file for my project | # Dovecot configuration file for my project | ||
| Line 61: | Line 122: | ||
| ssl = yes | ssl = yes | ||
| - | ssl_cert = </etc/ssl/grape.ircnow.org.fullchain.pem | + | ssl_cert = </etc/ssl/example.com.fullchain.pem |
| - | ssl_key = </etc/ssl/private/grape.ircnow.org.key | + | ssl_key = </etc/ssl/private/example.com.key |
| ssl_cipher_list = ALL:!LOW:!SSLv2 | ssl_cipher_list = ALL:!LOW:!SSLv2 | ||