IRCNow

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
openbsd:mail:dovecot2 [2020/08/10 22:46]
baytuch created
openbsd:mail:dovecot2 [2020/08/11 11:43] (current)
baytuch
Line 1: Line 1:
 +====== Initial preparation ======
 +
 +First of all, you need to install the application package. Next, you need to delete the standard settings files, since we will not use them in this project.
 +
 +Installing the package:
 +<​code>​
 +doas pkg_add -v dovecot
 +</​code>​
 +
 +Deleting standard configuration files:
 +<​code>​
 +cd /​etc/​dovecot/​
 +doas rm -rf *
 +</​code>​
 +
 +====== Postman creation ======
 +
 +For the safe operation of the mail system, you need to create an additional user. We also create a folder for storing user mailboxes.
 +
 +<​code>​
 +doas groupadd -ov -g 1100 mailman
 +doas useradd -v -d /​var/​spool/​vmail -g 1100 -s /​sbin/​nologin -u 1100 -c "Mail man" mailman
 +doas mkdir -p /​var/​spool/​vmail
 +doas chown mailman:​mailman /​var/​spool/​vmail
 +</​code>​
 +
 +====== Setting service limits ======
 +
 +By default, resource limits are set for system services. But they are not enough for normal operation of the mail service, so you need to specify an additional value.
 +
 +/​etc/​login.conf:​
 +<​code>​
 +dovecot:\
 + :​openfiles-cur=1024:​\
 + :​openfiles-max=2048:​\
 + :​tc=daemon:​
 +</​code>​
 +
 +====== Generating encryption keys ======
 +
 +In this project, letters will be stored on the server disk in encrypted form. Therefore, you need to create encryption keys.
 +
 +<​code>​
 +cd ~/
 +openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem
 +openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem
 +doas mv ecprivkey.pem /​etc/​dovecot/​ecprivkey.pem
 +doas mv ecpubkey.pem /​etc/​dovecot/​ecpubkey.pem
 +doas chown _dovecot:​_dovecot /​etc/​dovecot/​ecprivkey.pem
 +doas chown _dovecot:​_dovecot /​etc/​dovecot/​ecpubkey.pem
 +doas chmod 600 /​etc/​dovecot/​ecpubkey.pem
 +doas chmod 400 /​etc/​dovecot/​ecprivkey.pem
 +</​code>​
 +
 +
 +====== Config file for Dovecot ======
 +
 +<​code>​
 +doas touch /​etc/​dovecot/​dovecot.conf
 +</​code>​
 +
 <​code>​ <​code>​
 # Dovecot configuration file for my project # Dovecot configuration file for my project
Line 61: Line 122:
  
 ssl = yes ssl = yes
-ssl_cert = </​etc/​ssl/​grape.ircnow.org.fullchain.pem +ssl_cert = </​etc/​ssl/​example.com.fullchain.pem 
-ssl_key = </​etc/​ssl/​private/​grape.ircnow.org.key+ssl_key = </​etc/​ssl/​private/​example.com.key
 ssl_cipher_list = ALL:​!LOW:​!SSLv2 ssl_cipher_list = ALL:​!LOW:​!SSLv2
  
Line 89: Line 150:
   args = /​etc/​dovecot/​users.txt   args = /​etc/​dovecot/​users.txt
 } }
 +</​code>​
 +
 +====== Quota exceeded notifications ======
 +
 +In this project, notifications will be sent to the user when the quota chapel is reached. For this feature to work, you need to create an additional script.
 +
 +<​code>​
 +doas touch /​usr/​local/​libexec/​dovecot/​quota-warning.sh
 +doas chmod +x /​usr/​local/​libexec/​dovecot/​quota-warning.sh
 +</​code>​
 +
 +/​usr/​local/​libexec/​dovecot/​quota-warning.sh:​
 +<​code>​
 +#!/bin/sh
 +
 +cat << EOF | /​usr/​local/​libexec/​dovecot/​dovecot-lda -d $2 -o "​plugin/​quota=maildir:​User quota:​noenforcing"​
 +From: admin@example.com
 +Subject: Quota warning
 +
 +Your mailbox is now $1% full.
 +EOF
 +</​code>​
 +
 +====== Create user file ======
 +
 +Next, you need to create a site with users, which will be used to authorize users in the system.
 +
 +<​code>​
 +doas touch /​etc/​dovecot/​users.txt
 +</​code>​
 +
 +And we create our first user
 +
 +<​code>​
 +doveadm pw -s BLF-CRYPT -u admin@example.com
 +<​passwd>​
 +</​code>​
 +
 +/​etc/​dovecot/​users.txt: ​
 +<​code> ​                                                                                                         ​
 +admin@example.com:​{BLF-CRYPT}$2y$05$nigbXBiayNV/​OaDAdS3aqOBlN.rcvkrOyfv6Y4QJl9RTT7jxA4sXC
 +</​code>​
 +
 +====== Restricting access to settings ======
 +
 +<​code>​
 +doas chmod 640 /​etc/​dovecot/​dovecot.conf
 +doas chmod 640 /​etc/​dovecot/​users.txt
 +</​code>​
 +
 +====== First start ======
 +
 +<​code>​
 +doas rcctl -d enable dovecot
 +doas rcctl -d start dovecot
 +</​code>​
 +
 +<​code>​
 +doas rcctl -d start dovecot ​                    
 +doing _rc_parse_conf
 +doing _rc_quirks
 +dovecot_flags empty, using default ><
 +doing rc_check
 +dovecot
 +doing rc_start
 +doing _rc_wait start
 +doing rc_check
 +doing _rc_write_runfile
 +(ok)
 </​code>​ </​code>​