This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
openbsd:mail:dovecot2 [2020/08/11 11:03] baytuch |
openbsd:mail:dovecot2 [2020/08/11 11:43] (current) baytuch |
||
---|---|---|---|
Line 19: | Line 19: | ||
<code> | <code> | ||
- | groupadd -ov -g 1100 mailman | + | doas groupadd -ov -g 1100 mailman |
- | useradd -v -d /var/spool/vmail -g 1100 -s /sbin/nologin -u 1100 -c "Mail man" mailman | + | doas useradd -v -d /var/spool/vmail -g 1100 -s /sbin/nologin -u 1100 -c "Mail man" mailman |
- | mkdir -p /var/spool/vmail | + | doas mkdir -p /var/spool/vmail |
- | chown mailman:mailman /var/spool/vmail | + | doas chown mailman:mailman /var/spool/vmail |
</code> | </code> | ||
Line 35: | Line 35: | ||
:openfiles-max=2048:\ | :openfiles-max=2048:\ | ||
:tc=daemon: | :tc=daemon: | ||
+ | </code> | ||
+ | |||
+ | ====== Generating encryption keys ====== | ||
+ | |||
+ | In this project, letters will be stored on the server disk in encrypted form. Therefore, you need to create encryption keys. | ||
+ | |||
+ | <code> | ||
+ | cd ~/ | ||
+ | openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem | ||
+ | openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem | ||
+ | doas mv ecprivkey.pem /etc/dovecot/ecprivkey.pem | ||
+ | doas mv ecpubkey.pem /etc/dovecot/ecpubkey.pem | ||
+ | doas chown _dovecot:_dovecot /etc/dovecot/ecprivkey.pem | ||
+ | doas chown _dovecot:_dovecot /etc/dovecot/ecpubkey.pem | ||
+ | doas chmod 600 /etc/dovecot/ecpubkey.pem | ||
+ | doas chmod 400 /etc/dovecot/ecprivkey.pem | ||
+ | </code> | ||
+ | |||
+ | |||
+ | ====== Config file for Dovecot ====== | ||
+ | |||
+ | <code> | ||
+ | doas touch /etc/dovecot/dovecot.conf | ||
</code> | </code> | ||
Line 99: | Line 122: | ||
ssl = yes | ssl = yes | ||
- | ssl_cert = </etc/ssl/grape.ircnow.org.fullchain.pem | + | ssl_cert = </etc/ssl/example.com.fullchain.pem |
- | ssl_key = </etc/ssl/private/grape.ircnow.org.key | + | ssl_key = </etc/ssl/private/example.com.key |
ssl_cipher_list = ALL:!LOW:!SSLv2 | ssl_cipher_list = ALL:!LOW:!SSLv2 | ||
Line 127: | Line 150: | ||
args = /etc/dovecot/users.txt | args = /etc/dovecot/users.txt | ||
} | } | ||
+ | </code> | ||
+ | |||
+ | ====== Quota exceeded notifications ====== | ||
+ | |||
+ | In this project, notifications will be sent to the user when the quota chapel is reached. For this feature to work, you need to create an additional script. | ||
+ | |||
+ | <code> | ||
+ | doas touch /usr/local/libexec/dovecot/quota-warning.sh | ||
+ | doas chmod +x /usr/local/libexec/dovecot/quota-warning.sh | ||
+ | </code> | ||
+ | |||
+ | /usr/local/libexec/dovecot/quota-warning.sh: | ||
+ | <code> | ||
+ | #!/bin/sh | ||
+ | |||
+ | cat << EOF | /usr/local/libexec/dovecot/dovecot-lda -d $2 -o "plugin/quota=maildir:User quota:noenforcing" | ||
+ | From: admin@example.com | ||
+ | Subject: Quota warning | ||
+ | |||
+ | Your mailbox is now $1% full. | ||
+ | EOF | ||
+ | </code> | ||
+ | |||
+ | ====== Create user file ====== | ||
+ | |||
+ | Next, you need to create a site with users, which will be used to authorize users in the system. | ||
+ | |||
+ | <code> | ||
+ | doas touch /etc/dovecot/users.txt | ||
+ | </code> | ||
+ | |||
+ | And we create our first user | ||
+ | |||
+ | <code> | ||
+ | doveadm pw -s BLF-CRYPT -u admin@example.com | ||
+ | <passwd> | ||
+ | </code> | ||
+ | |||
+ | /etc/dovecot/users.txt: | ||
+ | <code> | ||
+ | admin@example.com:{BLF-CRYPT}$2y$05$nigbXBiayNV/OaDAdS3aqOBlN.rcvkrOyfv6Y4QJl9RTT7jxA4sXC | ||
+ | </code> | ||
+ | |||
+ | ====== Restricting access to settings ====== | ||
+ | |||
+ | <code> | ||
+ | doas chmod 640 /etc/dovecot/dovecot.conf | ||
+ | doas chmod 640 /etc/dovecot/users.txt | ||
+ | </code> | ||
+ | |||
+ | ====== First start ====== | ||
+ | |||
+ | <code> | ||
+ | doas rcctl -d enable dovecot | ||
+ | doas rcctl -d start dovecot | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | doas rcctl -d start dovecot | ||
+ | doing _rc_parse_conf | ||
+ | doing _rc_quirks | ||
+ | dovecot_flags empty, using default >< | ||
+ | doing rc_check | ||
+ | dovecot | ||
+ | doing rc_start | ||
+ | doing _rc_wait start | ||
+ | doing rc_check | ||
+ | doing _rc_write_runfile | ||
+ | (ok) | ||
</code> | </code> |