This is an old revision of the document!
First of all, you need to install the application package. Next, you need to delete the standard settings files, since we will not use them in this project.
Installing the package:
doas pkg_add -v dovecot
Deleting standard configuration files:
cd /etc/dovecot/ doas rm -rf *
For the safe operation of the mail system, you need to create an additional user. We also create a folder for storing user mailboxes.
groupadd -ov -g 1100 mailman useradd -v -d /var/spool/vmail -g 1100 -s /sbin/nologin -u 1100 -c "Mail man" mailman mkdir -p /var/spool/vmail chown mailman:mailman /var/spool/vmail
By default, resource limits are set for system services. But they are not enough for normal operation of the mail service, so you need to specify an additional value.
/etc/login.conf:
dovecot:\ :openfiles-cur=1024:\ :openfiles-max=2048:\ :tc=daemon:
In this project, letters will be stored on the server disk in encrypted form. Therefore, you need to create encryption keys.
cd ~/ openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem doas mv ecprivkey.pem /etc/dovecot/ecprivkey.pem doas mv ecpubkey.pem /etc/dovecot/ecpubkey.pem doas chown _dovecot:_dovecot /etc/dovecot/ecprivkey.pem doas chown _dovecot:_dovecot /etc/dovecot/ecpubkey.pem doas chmod 600 /etc/dovecot/ecpubkey.pem doas chmod 400 /etc/dovecot/ecprivkey.pem
# Dovecot configuration file for my project
protocols = imap lmtp
mail_plugins = $mail_plugins quota mail_crypt
service imap-login {
inet_listener imap {
address = *
port = 143
}
inet_listener imaps {
address = *
port = 993
ssl = yes
}
user = _dovecot
group = _dovecot
executable = /usr/local/libexec/dovecot/imap-login
}
service auth {
user = _dovecot
group = _dovecot
executable = /usr/local/libexec/dovecot/auth
}
service lmtp {
unix_listener lmtp {
mode = 0600
user = mailman
group = mailman
}
executable = /usr/local/libexec/dovecot/lmtp
}
service quota-warning {
executable = script /usr/local/libexec/dovecot/quota-warning.sh
unix_listener quota-warning {
mode = 0600
user = mailman
group = mailman
}
}
plugin {
mail_crypt_global_private_key = </etc/dovecot/ecprivkey.pem
mail_crypt_global_public_key = </etc/dovecot/ecpubkey.pem
mail_crypt_save_version = 2
quota = maildir:User quota
quota_rule = *:storage=100M
quota_rule2 = Trash:storage=+10M
quota_max_mail_size = 10M
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below %u
}
quota_full_tempfail = yes
ssl = yes
ssl_cert = </etc/ssl/grape.ircnow.org.fullchain.pem
ssl_key = </etc/ssl/private/grape.ircnow.org.key
ssl_cipher_list = ALL:!LOW:!SSLv2
mail_location = maildir:/var/spool/vmail/%d/%n
mail_uid = 1100
mail_gid = 1100
valid_chroot_dirs = /var/spool/vmail
log_path = /var/log/dovecot.err
info_log_path = /var/log/dovecot.info
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_greeting = Dovecot ready.
disable_plaintext_auth = no
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain
passdb {
driver = passwd-file
args = /etc/dovecot/users.txt
}