Disclaimer

This information HAS errors and is made available WITHOUT ANY WARRANTY OF ANY KIND and without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. It is not permissible to be read by anyone who has ever met a lawyer or attorney. Use is confined to Engineers with more than 370 course hours of engineering.
If you see an error contact:
+1(785) 841 3089
inform@xtronics.com

IMAP

IMAP - Internet Message Access Protocol

dovecot-imapd

If you get an expired cert error -

In order to regenerate the self-signed SSL certificate for dovecot, you have to remove both the old certificate and the old key, and then reconfigure the package dovecot-common.

For example, in a standard installation:

First, create this file as /etc/dovecot/mkcert.sh (the one in Debian Stable as of  2020-09-07 (1:2.3.4.1-5+deb10u3)  has wrong paths)

#!/bin/sh

# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.

umask 077
OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}

CERTDIR=/etc/dovecot/private
KEYDIR=/etc/dovecot/private

CERTFILE=$CERTDIR/dovecot.pem
KEYFILE=$KEYDIR/dovecot.key

if [ ! -d $CERTDIR ]; then
  echo "$CERTDIR directory doesn't exist"
  exit 1
fi

if [ ! -d $KEYDIR ]; then
  echo "$KEYDIR directory doesn't exist"
  exit 1
fi

if [ -f $CERTFILE ]; then
  echo "$CERTFILE already exists, won't overwrite"
  exit 1
fi

if [ -f $KEYFILE ]; then
  echo "$KEYFILE already exists, won't overwrite"
  exit 1
fi

$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
chmod 0600 $KEYFILE
echo
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2


$ cd /etc/dovecot
$ chmod u+w mkcert.sh
$ cp  /usr/share/dovecot/dovecot-openssl.cnf .
## Edit the above file to reflect your uses

$ rm /etc/ssl/certs/dovecot.pem /etc/ssl/private/dovecot.pem
$ ./mkcert


Virtual user - not system password

You can use the doveadm utility that comes with Dovecot:

$ doveadm pw
Enter new password: 
Retype new password: 
{CRYPT}1cElWVzS3.EVg

The string needs to be put in  /etc/dovecot/users

in this form - one per line ( you would think the script would do this for you.. 


user:{CRYPT}1cElWVzS3.EVg:UID:GUI::/home/user:

One needs the whole bit - it won't look it up from /etc/passwd..

Dovecot as a SASL

conf.d/10-master.conf

Note it is auth-client 

service auth {...
#SASL
unix_listener auth-client {
 mode = 0660
 user = mail|
 }
...
}


conf.d/10-auth.conf

auth_mechanisms = plain login

exim.conf --Create authenticators for Dovecot:

dovecot_login:
driver = dovecot
 public_name = LOGIN
 server_socket = /var/run/dovecot/auth-client
# setting server_set_id might break several headers in mails sent by authenticated smtp. So be careful.
 server_set_id = $auth1


dovecot_plain:
 driver = dovecot
 public_name = PLAIN
 server_socket = /var/run/dovecot/auth-client
 server_set_id = $auth1




wiki Index