Dovecot ist ein sicherer und performanter IMAP/POP3-Server. Er ermöglicht den Zugriff auf E-Mails über Mail-Clients und arbeitet nahtlos mit Postfix zusammen.
Installation
# Debian/Ubuntu
apt install dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd
# RHEL/CentOS
dnf install dovecot
# Starten
systemctl enable dovecot
systemctl start dovecotGrundkonfiguration
Hauptkonfiguration
# /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
listen = *, ::
login_greeting = Mail Server ready.Authentifizierung
# /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login
# System-User verwenden
!include auth-system.conf.extMail-Location
# /etc/dovecot/conf.d/10-mail.conf
# Maildir-Format
mail_location = maildir:~/Maildir
# Oder mbox
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mailTLS-Verschlüsselung
# /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.example.de/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.example.de/privkey.pem
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yesIMAP-Konfiguration
# /etc/dovecot/conf.d/20-imap.conf
protocol imap {
mail_max_userip_connections = 20
imap_idle_notify_interval = 2 mins
}IMAP-Ports
# /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}POP3-Konfiguration
# /etc/dovecot/conf.d/20-pop3.conf
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}LMTP für Postfix
Dovecot-Seite
# /etc/dovecot/conf.d/10-master.conf
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}Postfix-Seite
# /etc/postfix/main.cf
mailbox_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:unix:private/dovecot-lmtpSASL für Postfix
# /etc/dovecot/conf.d/10-master.conf
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}Virtuelle User
SQL-Backend
# /etc/dovecot/conf.d/10-auth.conf
!include auth-sql.conf.ext# /etc/dovecot/conf.d/auth-sql.conf.ext
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}# /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=mail user=mail password=secret
password_query = \
SELECT email as user, password \
FROM users WHERE email='%u'
user_query = \
SELECT email as user, \
'/var/mail/vhosts/%d/%n' as home, \
'maildir:/var/mail/vhosts/%d/%n' as mail, \
5000 as uid, 5000 as gid \
FROM users WHERE email='%u'Passwd-File
# /etc/dovecot/conf.d/auth-passwdfile.conf.ext
passdb {
driver = passwd-file
args = scheme=SHA512-CRYPT /etc/dovecot/users
}
userdb {
driver = passwd-file
args = /etc/dovecot/users
}# /etc/dovecot/users
# Format: user:password:uid:gid:home
user@example.de:{SHA512-CRYPT}$6$...:5000:5000::/var/mail/vhosts/example.de/user::# Passwort-Hash generieren
doveadm pw -s SHA512-CRYPTQuota
# /etc/dovecot/conf.d/90-quota.conf
plugin {
quota = maildir:User quota
quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+100M
quota_grace = 10%%
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
protocol imap {
mail_plugins = $mail_plugins quota imap_quota
}
protocol lmtp {
mail_plugins = $mail_plugins quota
}Quota-Status-Service
# /etc/dovecot/conf.d/90-quota.conf
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}# /etc/postfix/main.cf
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340Sieve (Filterregeln)
apt install dovecot-sieve dovecot-managesieved# /etc/dovecot/conf.d/90-sieve.conf
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /var/lib/dovecot/sieve/global/
sieve_before = /var/lib/dovecot/sieve/before.sieve
}# /etc/dovecot/conf.d/20-lmtp.conf
protocol lmtp {
mail_plugins = $mail_plugins sieve
}Sieve-Beispiel
# ~/.dovecot.sieve
require ["fileinto", "mailbox"];
# Spam in Junk-Ordner
if header :contains "X-Spam-Status" "Yes" {
fileinto :create "Junk";
stop;
}
# Mailing-Listen
if header :contains "List-Id" "dev.example.de" {
fileinto :create "Lists.Dev";
stop;
}Logging
# /etc/dovecot/conf.d/10-logging.conf
log_path = /var/log/dovecot/dovecot.log
info_log_path = /var/log/dovecot/dovecot-info.log
debug_log_path = /var/log/dovecot/dovecot-debug.log
auth_verbose = yes
auth_debug = no
mail_debug = noIMAP-Namespaces
# /etc/dovecot/conf.d/10-mail.conf
namespace inbox {
inbox = yes
separator = /
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
}Firewall
# UFW
ufw allow 143/tcp # IMAP
ufw allow 993/tcp # IMAPS
ufw allow 110/tcp # POP3
ufw allow 995/tcp # POP3S
# firewalld
firewall-cmd --permanent --add-service=imap
firewall-cmd --permanent --add-service=imaps
firewall-cmd --permanent --add-service=pop3
firewall-cmd --permanent --add-service=pop3s
firewall-cmd --reloadTest und Debugging
# Konfiguration prüfen
doveconf -n
# Authentifizierung testen
doveadm auth test user@example.de password
# User-Info
doveadm user user@example.de
# Mailbox-Liste
doveadm mailbox list -u user@example.de
# IMAP-Verbindung testen
openssl s_client -connect mail.example.de:993Telnet-Test
# IMAP
telnet mail.example.de 143
a1 LOGIN user@example.de password
a2 LIST "" "*"
a3 SELECT INBOX
a4 LOGOUTWartung
# Quota prüfen
doveadm quota get -u user@example.de
# Index neu aufbauen
doveadm index -u user@example.de INBOX
# Mailbox reparieren
doveadm force-resync -u user@example.de '*'
# Alte Mails löschen
doveadm expunge -u user@example.de mailbox Trash savedbefore 30dZusammenfassung
| Datei | Funktion | |-------|----------| | /etc/dovecot/dovecot.conf | Hauptkonfiguration | | /etc/dovecot/conf.d/ | Modulare Konfiguration | | /var/log/dovecot/ | Logs |
| Port | Dienst | |------|--------| | 143 | IMAP (STARTTLS) | | 993 | IMAPS | | 110 | POP3 (STARTTLS) | | 995 | POP3S | | 4190 | ManageSieve |
| Befehl | Funktion | |--------|----------| | doveconf -n | Aktive Konfiguration | | doveadm auth test | Auth testen | | doveadm user | User-Info | | doveadm quota | Quota prüfen | | doveadm mailbox | Mailbox verwalten |
Fazit
Dovecot ist der Standard für IMAP/POP3 unter Linux. Die Integration mit Postfix über LMTP und SASL ist nahtlos. Sieve ermöglicht serverseitige Mailfilter. Virtuelle User mit SQL-Backend skalieren gut. TLS ist für sichere Verbindungen zwingend erforderlich.
