This is an old revision of the document!
First of all, you need to install the application package. Next, you need to delete the standard settings files, since we will not use them in this project.
Installing the package:
doas pkg_add -v dovecot
Deleting standard configuration files:
cd /etc/dovecot/ doas rm -rf *
For the safe operation of the mail system, you need to create an additional user. We also create a folder for storing user mailboxes.
groupadd -ov -g 1100 mailman useradd -v -d /var/spool/vmail -g 1100 -s /sbin/nologin -u 1100 -c "Mail man" mailman mkdir -p /var/spool/vmail chown mailman:mailman /var/spool/vmail
By default, resource limits are set for system services. But they are not enough for normal operation of the mail service, so you need to specify an additional value.
/etc/login.conf:
dovecot:\ :openfiles-cur=1024:\ :openfiles-max=2048:\ :tc=daemon:
In this project, letters will be stored on the server disk in encrypted form. Therefore, you need to create encryption keys.
cd ~/ openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem doas mv ecprivkey.pem /etc/dovecot/ecprivkey.pem doas mv ecpubkey.pem /etc/dovecot/ecpubkey.pem doas chown _dovecot:_dovecot /etc/dovecot/ecprivkey.pem doas chown _dovecot:_dovecot /etc/dovecot/ecpubkey.pem doas chmod 600 /etc/dovecot/ecpubkey.pem doas chmod 400 /etc/dovecot/ecprivkey.pem
# Dovecot configuration file for my project protocols = imap lmtp mail_plugins = $mail_plugins quota mail_crypt service imap-login { inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 ssl = yes } user = _dovecot group = _dovecot executable = /usr/local/libexec/dovecot/imap-login } service auth { user = _dovecot group = _dovecot executable = /usr/local/libexec/dovecot/auth } service lmtp { unix_listener lmtp { mode = 0600 user = mailman group = mailman } executable = /usr/local/libexec/dovecot/lmtp } service quota-warning { executable = script /usr/local/libexec/dovecot/quota-warning.sh unix_listener quota-warning { mode = 0600 user = mailman group = mailman } } plugin { mail_crypt_global_private_key = </etc/dovecot/ecprivkey.pem mail_crypt_global_public_key = </etc/dovecot/ecpubkey.pem mail_crypt_save_version = 2 quota = maildir:User quota quota_rule = *:storage=100M quota_rule2 = Trash:storage=+10M quota_max_mail_size = 10M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u } quota_full_tempfail = yes ssl = yes ssl_cert = </etc/ssl/grape.ircnow.org.fullchain.pem ssl_key = </etc/ssl/private/grape.ircnow.org.key ssl_cipher_list = ALL:!LOW:!SSLv2 mail_location = maildir:/var/spool/vmail/%d/%n mail_uid = 1100 mail_gid = 1100 valid_chroot_dirs = /var/spool/vmail log_path = /var/log/dovecot.err info_log_path = /var/log/dovecot.info log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Dovecot ready. disable_plaintext_auth = no auth_verbose = yes auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain passdb { driver = passwd-file args = /etc/dovecot/users.txt }