Tag: let’s do dovecot

Posted on in Linux, Server

Let’s do Dovecot slowly and properly – Part 3: LMTP

So far I have had a pretty clear division of labour between Postfix and Dovecot. Postfix accepts mail from other MTAs and puts it into my maildir. Dovecot accepts my client’s inquiries and hands it the mail it finds in same maildir. I muddied the waters a bit when I started asking Dovecot to serve as authenticator for SMTP but those waters are about to get a fair bit murkier. Postfix will now relinquish the job of actually delivering the mail to maildirs and instead hand it over to a Dovecot service.

Why? Postfix has done a fine job of it so far, has it not? Yes, but Postfix is not a very sophisticated mailman. It shoves my mail in the mailbox/maildir that I tell it to based on virtual_mailbox_base and virtual_mailbox_maps but that’s all it can do. If I want to set up filtering rules or other intelligent processing of mail delivery, I am going to need to insert another step, namely using the Local Mail Transfer Protocol or LMTP for short. In essence, LMTP is the protocol that allows Postfix and Dovecot to actually talk to one another, rather than one just leaving messages for the other on the kitchen counter. Insert your own old-married-couple joke here.

(more…)
Posted on in Linux, Server

Let’s do Dovecot slowly and properly: Part 2 – Proper authentication

In part 1 we set up the very most basic dovecot install we could get away with. In this part we will try to redeem it a bit by improving the security of the the authentication mechanism and the storage of passwords on the server. In other words we will make it much harder to snoop on our communications with the imap server and decrease the overall likelihood of somebody learning our password, including anybody with access – legitimate or otherwise – to our server.

(more…)

Posted on in Linux, Server

Let’s do Dovecot slowly and properly – Part 1: PLAIN as day

This post follows up on the fifth installment in my Let’s do Postfix series. We’re not really done setting up Postfix but a) it’s about time we had a better way of accessing incoming mail than ssh’ing into our server and using cat to read and b) we are at a juncture where the two will soon start depending on (SASL) and interacting with (LMTP) each other

This tutorial presumes knowledge of Postfix and the setup we’re aiming for is one that complements the Postfix one that we’ve set up in previous installments. As with the Postfix series I want to arrive at a working setup from the very first post but knowing full well that it’s not an ideal or final setup. The advantage (over importing somebody else’s full featured setup) is that we’ll actually understand what we have on our hands (and it’s shortcomings). This makes it a lot easier to build and improve upon it and fix it should the need arises.

A note on safety: The setup we’ll end up with today is not going to be confidential in any way, shape, or form. It will expose both the contents of the account’s emails and whatever password you choose to the entire internet. Therefore you should obviously use either a test account or a brand new one that has nothing important on it yet. As for passwords you should pick one for testing that you have not used nor intend to use for any non-testing purposes. That said, un-confidential is not the same as unsafe. Any public facing service is a potential attack vector but this setup is – to the best of my knowledge – no more of one than a more properly confidential setup.

(more…)

Posted on in Linux, Server

Setting up Postfix and Dovecot Slowly and Properly

Back in 2015 I embarked on an ambitious plan to blog my entire way through setting up my own selfhosted email server. I got a fair bit in (5 posts) before the setting up got ahead of the blogging and I lost track of scribbled notes and halfwritten posts. Moving to a fresh Ubuntu 18.04 install I decided to move as many services as possible to containers, including my email setup and so, rather than just copy paste my old config files I dug into the basics of email setup again.

(more…)