Artigos‎ > ‎Email‎ > ‎

Instruções da Comunidade Ubuntu sobre Dovecot e Postfix

Dovecot: https://help.ubuntu.com/community/Dovecot

Postfix: https://help.ubuntu.com/community/Postfix

Creating and Using a self signed SSL Certificates: http://www.debian-administration.org/articles/284

POP3 Aggregator : https://help.ubuntu.com/community/POP3Aggregator

MySQL Virtual Email (vmail) : https://help.ubuntu.com/community/MySQLVirtualEmail

Gmail Postfix Fetchmail : https://help.ubuntu.com/community/GmailPostfixFetchmail

Dovecot LDAP: https://help.ubuntu.com/community/DovecotLDAP


Dovecot versão 2.x


Execute os comandos para uma configuração básica:
sudo apt-get install dovecot-imapd

Inclua o usuario dovecot no grupo mail
sudo usermod -a -G  mail dovecot

E os usuários do sistema que utilizarão este serviço:
sudo usermod -a -G  mail aarvati

sudo mkdir -m 0770 /srv/vmail
sudo mkdir -m 0770 /srv/vmail/localhost
sudo mkdir -m 0770 /srv/vmail/localhost/public

ou sudo chmod -R 770 /srv/vmail/
sudo chown root:mail -R /srv/vmail/ 
ou sudo chgrp mail /srv/vmail

Força o grupo para todos os subdiretórios publicos:
chmod g+s  /srv/vmail/localhost/public

Habilitando os protocolos desejados (somente imaps):
sudo nano /usr/share/dovecot/protocols.d/imapd.protocol
protocols = $protocols imap

Alterando o armazenamento dos emails:
sudo nano /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
namespace {
  type = private
  separator = /
  prefix =
  #location defaults to mail_location.
  inbox = yes
}
namespace {
  type = public
  separator = /
  prefix = Public/
  location = maildir:/srv/vmail/localhost/public:CONTROL=~/Public:INDEX=~/Public
  inbox = no
  subscriptions = yes
    list = yes  # ou children?
}
mail_access_groups = mail
mail_privileged_group = mail
mail_plugins = acl


link:  http://wiki2.dovecot.org/PasswordDatabase/PAM 
Alterando a autenticação dos usuários:
sudo nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
#auth_ssl_require_client_cert = yes
#auth_ssl_username_from_cert = yes
auth_mechanisms = plain

e depois se for utilizar usuários do sistema local
sudo nano /etc/dovecot/conf.d/auth-system.conf.ext

passdb {
  driver = pam
  args = dovecot
}
userdb {
  driver = passwd
  args = home=/srv/vmail/localhost/%u
}

Alterando os protocolos de acesso a emails:
sudo nano /etc/dovecot/conf.d/10-master.conf 

service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
  service_count = 1
  #vsz_limit = 64M
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}


e depois o arquivo de cada protocolo:
sudo nano /etc/dovecot/conf.d/20-imap.conf 
protocol imap {
        mail_plugins = $mail_plugins imap_acl
  imap_client_workarounds =  tb-extra-mailbox-sep 
}

Alterando a encriptação:
sudo nano /etc/dovecot/conf.d/10-ssl.conf 
#ssl = yes
ssl=required
ssl_cert = </etc/ssl/CA/certs/imap.edifast.com.br.crt
ssl_key = </etc/ssl/CA/private/imap.edifast.com.br.key
#ssl_ca = </etc/ssl/CA/crl/cacrl.pem
#ssl_verify_client_cert = yes
#ssl_cert_username_field = commonName

The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required to exist. For a multi-level CA place the certificates in this order (The certificates and the CRLs have to be in PEM format):
Issuing CA cert
Issuing CA CRL
Intermediate CA cert
Intermediate CA CRL
Root CA cert
Root CA CRL

Incluindo plugin:
nano /etc/dovecot/conf.d/90-plugin.conf
plugin {
  #setting_name = value
  acl = vfile
}

Controle o acesso a pastas públicas através de arquivos dovecot-acl com a seguinte syntaxe:

l

lookup

Mailbox is visible in mailbox list. Mailbox can be subscribed to.

r

read

Mailbox can be opened for reading.

w

write

Message flags and keywords can be changed, except \Seen and \Deleted

s

write-seen

\Seen flag can be changed

t

write-deleted

\Deleted flag can be changed

i

insert

Messages can be written or copied to the mailbox

p

post

Messages can be posted to the mailbox by LDA, e.g. from Sieve scripts

e

expunge

Messages can be expunged

k

create

Mailboxes can be created (or renamed) directly under this mailbox (but not necessarily under its children, see ACL Inheritance section above) (renaming also requires delete rights)

x

delete

Mailbox can be deleted

a

admin

Administration rights to the mailbox (currently: ability to change ACLs for mailbox)


sudo nano /srv/vmail/localhost/public/dovecot-acl
user=aarvati rl

As permissões das pastas publicas devem ser do tipo:
sudo touch /srv/vmail/localhost/public/dovecot-shared
sudo chown -R root.mail  /srv/vmail/localhost/public
sudo find  /srv/vmail/localhost/public -type d -print0 | xargs -0 chmod 2770 
sudo find  /srv/vmail/localhost/public -type f -print0 | xargs -0 chmod 660

E as pastas publicas devem ser criadas com um Ponto na frente:
sudo mkdir -m 2770 /srv/vmail/localhost/public/.Operacional

Ajustando o log do sistema:
sudo nano /etc/dovecot/conf.d/10-logging.conf

Para reiniciar o dovecot
/etc/init.d/dovecot restart
sudo restart dovecot

Para verificar sua execução:
ps -A | grep dovecot

Verificar o que foi mudado nas configurações:
dovecot -n

Para conectar e testar a conexão:
openssl s_client -connect 127.0.0.1:993 -showcerts
E depois:
1 login user password
2 LIST "" *
3 subscribe Public/Operacional
3 logout

configure o CA local e crie os certificados com o script:
sudo /etc/ssl/CA/sign.sh svn.edifast.com.br senha casenha




Configurações da versão 1.x do dovecot abaixo:

#protocols = pop3 pop3s imap imaps
protocols = imaps
mail_location = maildir:/srv/dovecot/mailboxes/%u:LAYOUT=fs
ssl = yes 
ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem 
ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
listen = *
protocol imap { 
     listen = *:143 
     ssl_listen = *:993 
     login_greeting_capability = yes
     imap_client_workarounds = tb-extra-mailbox-sep 
     }



Comments