Dovecot certificate

HardcoreGames · February 16, 2021, 4:46pm

So running

sudo apt-get dovecot

gets my mailbox more or less installed

so setting this up out of the box is not the same as apache2

any guides to get the mail working with SSL/TLS as appropriate so I can slug it out with snotmail

JuergenAuer · February 16, 2021, 4:53pm

Hi @HardcoreGames

if you have a certificate from your website, re-use the same certificate with your mail server.

Only thing. Use

certbot certificates

to see the symbolic links of your current certificate. Then use these links in your dovecot mail config file.

That's all.

Renew the website certificate + restart your mail server. Job done.

HardcoreGames · February 16, 2021, 7:40pm

I setup imap.hardocoregames.ca and smtp.hardcoregames.ca in expectation of setting up dovecot as a a mail server for accounts@hardcoregames.ca etc

JuergenAuer · February 16, 2021, 7:50pm

If you want to have such a too complicated and not required configuration, you know what you have to do.

HardcoreGames · February 16, 2021, 8:01pm

I am not to sure what certificate(s) I need at this stage.

I will post a full manual for Dovecot as I complete each stage

Osiris · February 16, 2021, 8:07pm

The certificate should contain the hostnames used by clients. I.e., what a user would type in their e-mail client and what a MTA would use to connect to found in the MX record of the domain.

HardcoreGames · February 16, 2021, 8:54pm

I am happy enough with spam@hardcoregames.ca etc I was considering a setup for a larger scale system down the road

for now using my existing domain and certificates are adequate

the target is Microsoft Outlook to send and receive messages

the lack of concise manuals is why I am making a post on my site so that the next contestant can spend 1/3 the time to get up and running

Osiris · February 16, 2021, 8:58pm

I have no idea what you mean by that.

What's wrong with Wiki has been closed ?

HardcoreGames · February 16, 2021, 9:05pm

Dovecot wiki is TL;DR so need to trim it down to be easier to digest

goal, SSL and TLS for the mail so Outlook will like it.

I recall Microsoft was annoyed as hell that Windows Server and Exchange was unable to compete with Solaris etc for performance with mail servers

Then Balmer with his famous comment that Linux is a cancer

Osiris · February 16, 2021, 9:06pm

I disagree. It's nicely partitioned in relevant paragraphs which by itself are quite short and to the point.

How is this relevant?

HardcoreGames · February 16, 2021, 9:15pm

I have discovered mail accounts with the domain are tied to the linux accounts

so this brings be back to an earlier conjecture that websites and email etc need a lot of deep thinking especially if I have 10 websites on the server

this muddy's the situation with a ton of websites, mail servers and so on

oz42 · February 17, 2021, 1:50pm

Debian 10? If yes:

Edit /etc/dovecot/local.conf:

ssl_min_protocol = TLSv1.2
ssl_cert = < /etc/letsencrypt/live/foo.bar.org/fullchain.pem
ssl_key = < /etc/letsencrypt/live/foo.bar.org/privkey.pem

service imap-login {
inet_listener imap {
address = 127.0.0.1, [::1]
port = 143
}
inet_listener imaps {
port = 993
address = *, [::]
}
}

HardcoreGames · February 17, 2021, 3:10pm

I am using Ubuntu 20.04 which is in the nominal ballpark

so the localhost will allow me to get messages on the LAN in Outlook etc

I was thinking of making the email a public facing server appliance, here is the entire config file in /etc/dovecot/dovecot.conf


## Dovecot configuration file

# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration

# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.

# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace  "

# Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }

# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var

# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol

# A comma separated list of IPs or hosts where to listen in for connections. 
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::

# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/

# Name of this instance. In multi-instance setup doveadm and other commands
# can use -i <instance_name> to select which instance is used (an alternative
# to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output.
#instance_name = dovecot

# Greeting message for clients.
#login_greeting = Dovecot ready.

# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =

# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets = 

# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =

# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no

# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes

# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server

# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ

##
## Dictionary server settings
##

# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".

dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}

# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf

# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf

system · March 19, 2021, 3:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.