DOCSLIB.ORG

Dovecot: Secure IMAP Email Server

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Dovecot: Secure IMAP Email Server NDLUG Dovecot: Secure IMAP Email Server February 2, 2006 Why Run An Email Server? ● Control resource allocation – Limited storage on regular email account (50 megabytes at ND) – Unlimited on your own computer ● Do filtering and sorting – Spam filtering: Bogofilter (Bayesian Filter) – Sort mail into folders: Procmail ● Access email from everywhere ● Have a local mail archive ● It©s freaking sweet A Tale of Two Email Services ● POP3 ● IMAP – Ubiquitous – Access inbox from different – Download whole messages machines from server to local – Faster startup times (only machine download headers) – Minimum use of connect – Messages remain on the time server – Minimum use of server – Subscription Folders resources General NIX Email Setup 1Fetchmail/Getmail queries pop email server 2Messages sent to procmail for sorting 3Bogofilter checks to see if emails are spam 4Messages are saved to local inbox ex: /home/user/mail Dovecot Email Server ● POP and IMAP server ● Compatible with UW-IMAP and Courier-IMAP ● Integration with /etc/passwd ● Fast and efficient ● Fail safe ● TLS/SSL Support ● www.dovecot.org Installation ● Ubuntu Linux – sudo apt-get install dovecot-imapd (IMAP) – sudo apt-get install dovecot-pop3d (POP3) ● NetBSD – cd /usr/pkgsrc/mail/dovecot; sudo make install clean ● Arch Linux – sudo pacman -S dovecot IMAP Configuration dovecot.conf: protocols = imaps # Use IMAPS Port ssl_disable = no # Enable SSL ssl_cert_file = /etc/ssl/certs/dovecot.pem # Server Certificate ssl_key_file = /etc/ssl/private/dovecot.pem # Server Key login = imap # Allow IMAP Login default_mail_env = mbox:/home/%u/mail:INBOX=/home/%u/mail/Inbox # Local mail location auth = default # Use default auth_mechanisms = plain # Use Plain Text Login auth_userdb = passwd # Use /etc/passwd auth_passdb = pam # Use PAM auth_user = root # Process Owner Notes ● If you want to use SSL (i.e. IMAPS), you need to generate your own SSL certificates – Dovecot comes with a script mkcert.sh to aid this – You can reuse any certificates that you already have ● You can run Dovecot as a non-root user (AFS?) ● Both MBOX and Maildir mail format are supported (dbox and possibly SQL DB in the future) ● SMTP is handled by another program: sendmail, msmtp ● RTFM or Wiki .
Load more

Recommended publications
  • Oldschool E-Mail Setup Eine Freakshow
    Oldschool E-mail Setup Eine Freakshow [email protected] Chemnitzer Linuxtage, 2016 (Screenshot GMX vor >15 Jahren: Waybackmachine zu www.gmx.net) (Screenshot GMX heute) (Screenshot Gmail heute) Lösungen? ● Claws ● Mutt ● Eudora ● Netscape Navigator ● Evolution ● Opera M2 ● GMX ● Outlook ● Gnus ● SquirrelMail ● Hotmail ● The Bat! ● Hushmail ● Thunderbird ● KMail ● … Flußgrafik Email Netz MTA MRA MDA MUA MSA MTA Netz Hipster! ● KISS ● YAGNI ● DRY ● NIH ● Divide And Conquer ● Everything is a file ● No vendor lock-in ● Mißtraue Autoritäten – fördere Dezentralisierung Netz Netz Emails Client, den ich Remote verwenden kann Leicht erweiterbar Emails lokal Filter Offenes Format Adressen Netz Netz Abholen Transportformat? Pull Subject 1 Email = 1 File Keine Spuren X-List-ID Mit Hierarchien am Server Beliebige Einfaches Suchen Header Verlässliches Suchen Verarbeitung mit Unix Tools Client, den ich Remote verwenden kann Leicht erweiterbar Emails lokal Filter Offenes Format Adressen Netz Netz Abholen Transportformat? Pull Subject 1 Email = 1 File Keine Spuren X-List-ID Mit Hierarchien am Server Beliebige Einfaches Suchen Header Verlässliches Suchen Verarbeitung mit Unix Tools mbox Maildir mh Client, den ich Remote verwenden kann Leicht erweiterbar Emails lokal Filter Offenes Format Adressen Netz Netz Abholen Transportformat? Pull Subject 1 Email = 1 File Keine Spuren X-List-ID Mit Hierarchien am Server Beliebige Einfaches Suchen Header Verlässliches Suchen Verarbeitung mit Unix Tools mbox Maildir mh tmp 1439306571.1269_0.elvis ~/Post/Technik/Wikitech new 1448267819.5940_0.spencer ... 1457079728.2000_0.spencer:2, cur 1456839383.9873_0.nepomuk:2,SR 1457166567.23654_0.spencer:2,S ... Client, den ich Remote verwenden kann Leicht erweiterbar Filter Adressen Netz Netz Abholen Pull Subject Maildir Keine Spuren X-List-ID am Server Beliebige Header Client, den ich Remote verwenden kann Leicht erweiterbar Filter Adressen Netz Netz Abholen Pull Subject Maildir Keine Spuren X-List-ID am Server Beliebige Header fetchmail getmail mpop ..
    [Show full text]
  • Cyrus Mail Server 2 Table of Contents
    Univention Corporate Server Cyrus mail server 2 Table of Contents 1. Introduction ........................................................................................................................ 4 2. Installation ......................................................................................................................... 5 3. Management of the mail server data ....................................................................................... 6 3.1. Management of mail domains ..................................................................................... 6 3.2. Assignment of e-mail addresses to users ........................................................................ 6 3.3. Management of mailing lists ....................................................................................... 7 3.4. Management of mail groups ........................................................................................ 7 3.5. Management of shared IMAP folders ........................................................................... 8 3.6. Mail quota ............................................................................................................... 9 4. Spam detection and filtering ................................................................................................ 10 5. Identification of viruses and malware .................................................................................... 11 6. Identification of Spam sources with DNS-based Blackhole Lists (DNSBL) ...................................
    [Show full text]
  • Sysinfotools Maildir Converter
    SysInfoTools MailDir Converter SysInfoTools MailDir Converter Table of Contents 1. SysInfotools MailDir Converter .................................................................................. 2 2. Overview ................................................................................................................... 2 3. Getting Started .......................................................................................................... 3 Installation procedure ............................................................................................... 4 4. Order and Activation .................................................................................................. 4 How to Order ............................................................................................................ 4 How to Activate ......................................................................................................... 4 5. Using SysInfoTools MailDir Converter ....................................................................... 5 Understanding the User Interface .............................................................................. 6 Button Used .............................................................................................................. 6 How to use MailDir Converter Tool ............................................................................ 7 6. Uninstall the Software .............................................................................................. 13 7. Legal Notice ...........................................................................................................
    [Show full text]
  • Release Notes for Debian 7.0 (Wheezy), Kfreebsd 64-Bits PC
    Release Notes for Debian 7.0 (wheezy), kFreeBSD 64-bits PC The Debian Documentation Project (http://www.debian.org/doc/) November 20, 2018 Release Notes for Debian 7.0 (wheezy), kFreeBSD 64-bits PC This document is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. The license text can also be found at http://www.gnu.org/licenses/gpl-2.0.html and /usr/ share/common-licenses/GPL-2 on Debian. ii Contents 1 Introduction 1 1.1 Reporting bugs on this document . 1 1.2 Contributing upgrade reports . 1 1.3 Sources for this document . 2 2 What’s new in Debian 7.0 3 2.1 Supported architectures . 3 2.2 What’s new for kFreeBSD? . 4 2.3 What’s new in the distribution? . 4 2.3.1 CDs, DVDs and BDs . 5 2.3.2 Multiarch . 5 2.3.3 Dependency booting . 5 2.3.4 systemd . 5 2.3.5 Multimedia . 5 2.3.6 Hardened security . 6 2.3.7 AppArmor .
    [Show full text]
  • Ispmail Tutorial for Debian Lenny
    6.10.2015 ISPmail tutorial for Debian Lenny ISPmail tutorial for Debian Lenny Add new comment 223533 reads This tutorial is for the former stable version "Debian Lenny". If you are using "Debian Squeeze" then please follow the new tutorial. A spanish translation of this tutorial is also available ­ courtesy of José Ramón Magán Iglesias. What this tutorial is about You surely know the internet service providers that allow you to rent a domain and use it to receive emails. If you have a computer running Debian which is connected to the internet permanently you can do that yourself. You do not even need to have a fixed IP address thanks to dynamic DNS services like dyndns.org. All you need is this document, a cup of tea and a little time. When you are done your server will be able to... receive and store emails for your users from other mail servers let your users retrieve the email through IMAP and POP3 ­ even with SSL to encrypt to connection receive and forward ("relay") email for your users if they are authenticated offer a webmail interface to read emails in a web browser detect most spam emails and filter them out or tag them License/Copyright This tutorial book is copyrighted 2009 Christoph Haas (email@christoph­haas.de). It can be used freely under the terms of the GNU General Public License. Don't forget to refer to this URL when using it. Thank you. Changelog 17.6.09: Lenny tutorial gets published. 19.6.09: The page on SPF checks is temporarily offline.
    [Show full text]
  • School and Email Systems
    Email system survey: Top 50 US Colleges US Note Email system Server queried Greeting News School ranking 1 Harvard University Mail2World imap.college.harvard.edu OK Mail2World IMAP4 Server 2.5 ready Sun Java SMS imap.princeton.edu OK [CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS CHILDREN BINARY LANGUAGE XSENDER X-NETSCAPE XSERVERINFO Princeton University 1 AUTH=PLAIN] Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-5.05 (built Feb 16 2006)) Unknown mail.yale.edu OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN] pantheon-po14.its.yale.edu IMAP4rev1 2002.336 at Mon, 26 Jul 2010 14:10:23 Yale University 3 -0400 (EDT) Dovecot imap-server.its.caltech.edu OK Dovecot ready. Cyrus mail.alumni.caltech.edu OK posteaux1.caltech.edu Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-10.el4_8.4 server ready 4 California Institute of Technology Dovecot imap.gps.caltech.edu OK dovecot ready. Dovecot theory.caltech.edu OK dovecot ready. 4 Massachusetts Institute of Technology Unable to find a server to query (username.mail.mit.edu)Unknown 4 Stanford University Zimbra zm01.stanford.edu OK zm01.stanford.edu Zimbra IMAP4rev1 server ready Zimbra mailbox.zimbra.upenn.edu OK mailbox.zimbra.upenn.edu Zimbra IMAP4rev1 service ready 4 University of Pennsylvania Exchange 2010 webmail.wharton.upenn.edu OK The Microsoft Exchange IMAP4 service is ready. Dovecot imap.nevis.columbia.edu OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. Lotus Domino equinox.law.columbia.edu OK Domino IMAP4
    [Show full text]
  • The Bioinformatics Lab SS11 Mail / DNS Antonia Stank 20.06.2011
    The bioinformatics lab SS11 Mail / DNS Antonia Stank 20.06.2011 1 Introduction The Domain Name System (DNS) is a one of the most important systems in the network. It is a hierarchical naming system which is built on a distributed database for computers, services or any resource connected to the Internet. The DNS can also be used in a private or local network. The main service of a DNS is that it serves as a kind of “phone book” for the internet or local network by translating user-friendly hostnames into specific IP addresses. For example it is much easier to remember the internet address: www.google.de than the corresponding IP address 209.85.148.99. So it can translate names to numbers and vice versa and helps therefore to connect on a specific IP address without knowing the number. An e-mail-server or just mail server is a server which can handle the mail traffic. It is necessary for sending, receiving, forwarding and saving mails. An Internet Message Access Protocol (IMAP) server is a server that provides the usage of the most prevalent IMAP protocol. There is also another common protocol which is the so called Post Office Protocol (POP). The advantage of the IMAP is that it allows an e-mail client access to a remote mail server. The e-mail clients using IMAP leave the mails on the server until they are explicitly deleted by the user. This and some other advantages make it possible to allow multiple clients to have access to the same mailbox.
    [Show full text]
  • Postfix Catch All and Mutt
    Postfix Catch All and Mutt End goal: having postfix saving all of the emails for a domain to a single “mailbox” in maildir format, and being able to send email using mutt (or similar). Specifics to my setup I'm not going to open port 25 on my server, I'm going through Net7's spam filter, which will then forward to my server on port 8025. So I need to open port 8025. The rule was already there for port 25, I just need to edit the thing. Make Postfix listen to another port There is always the plan of using iptables to redirect the traffic. You can do it in Postfix as well. Open master.cf and find this line: smtp inet n - - - - smtpd The smtp word up front is actually a port. You can replace it with this line: 8025 inet n - - - - smtpd If you restart Postfix and check with netstat it should be listening to another port. Setting up Maildir delivery By default Postfix will output emails to a single file in /var/mail/. I'd rather have the Maildir format which separates emails into different files that I can individually move and/or delete. I'm going off the rails here trying out things. Looks like we're going to need these configuration options in main.cf: home_mailbox = Maildir/ mailbox_command = Make sure mailbox_command isn't set somewhere else in the file. Reload Postfix. We should be able to test that this is working using a known user on the system. You can telnet-test like so: EHLO test MAIL FROM:<[email protected]> RCPT TO:<william> DATA Test.
    [Show full text]
  • Efficient Spam Filtering System Based on Smart Cooperative Subjective and Objective Methods*
    Int. J. Communications, Network and System Sciences, 2013, 6, 88-99 http://dx.doi.org/10.4236/ijcns.2013.62011 Published Online February 2013 (http://www.scirp.org/journal/ijcns) Efficient Spam Filtering System Based on Smart * Cooperative Subjective and Objective Methods Samir A. Elsagheer Mohamed1,2 1College of Computer, Qassim University, Qassim, KSA 2Electrical Engineering Department, Faculty of Engineering, Aswan University, Aswan, Egypt Email: [email protected], [email protected] Received September 17, 2012; revised January 16, 2013; accepted January 25, 2013 ABSTRACT Most of the spam filtering techniques are based on objective methods such as the content filtering and DNS/reverse DNS checks. Recently, some cooperative subjective spam filtering techniques are proposed. Objective methods suffer from the false positive and false negative classification. Objective methods based on the content filtering are time con- suming and resource demanding. They are inaccurate and require continuous update to cope with newly invented spammer’s tricks. On the other side, the existing subjective proposals have some drawbacks like the attacks from mali- cious users that make them unreliable and the privacy. In this paper, we propose an efficient spam filtering system that is based on a smart cooperative subjective technique for content filtering in addition to the fastest and the most reliable non-content-based objective methods. The system combines several applications. The first is a web-based system that we have developed based on the proposed technique. A server application having extra features suitable for the enter- prises and closed work groups is a second part of the system. Another part is a set of standard web services that allow any existing email server or email client to interact with the system.
    [Show full text]
  • Webfaction User Guide
    WebFaction User Guide WebFaction is a service of Paragon Internet Group Limited CONTENTS 1 Introduction 3 1.1 Services..................................................3 1.2 The Complete System..........................................4 2 The Control Panel 5 2.1 Log in to the Control Panel.......................................5 2.2 Change Your Control Panel Password..................................5 2.3 What to Do About a Lost Password...................................6 2.4 Two-Step Login.............................................6 3 Finding Details About Your Server9 3.1 Finding Your Server’s Name.......................................9 3.2 Finding Your Server’s Operating System................................9 3.3 Finding Your Server’s IP Address.................................... 10 4 Accessing Your Data 11 4.1 Connecting with SSH.......................................... 11 4.2 Connecting with FTP........................................... 14 4.3 Changing Your FTP or SSH Password.................................. 14 4.4 Additional Users............................................. 15 4.5 Backups................................................. 16 5 Accounts 17 5.1 Plans and Services............................................ 17 5.2 Communicating with WebFaction.................................... 18 5.3 Payments................................................. 19 5.4 Affiliate Program............................................. 23 5.5 Canceling Your Account......................................... 24 6 Domains 25 6.1 Getting
    [Show full text]
  • Implementing POP3 and IMAP4 Using Dovecot
    Implementing POP3 and IMAP4 Using Dovecot AfNOG 2017 Scalable Internet Services (SS-E) Nairobi, Kenya Presented by Kevin Chege (Built on materials developed by Joel Jaeggli) What is POP3 § POP3 stands for Post Office Protocol ver 3 § Described in RFC1913 § Runs on TCP Port 110 as a client server function § Allows for a maildrop service (similar to the post box mail service ) hence the name § By design its limited in features to download and delete email from server § Security was also limited to using APOP (md5 hash for authentication § RFC 2449 proposed POP3 extensions which included SASL Mechanism, Expiry, Pipelining, etc. § RFC 2595 describes using TLS with POP3 also known as POP3s and runs on port 995 What is IMAP4? § Internet Message Access Protocol version 4 § Described in RFC 1730 § Runs on TCP Port 143 as client-server function § More advanced in features compared to POP3 § IMAP4 stores mail on server and copies can be transferred to the client on request. § By default only the message headers are sent to the client, the rest of the message is accessed on opening the email. § Allows client to access and manipulate email residing on a server, creation of folders, filters, etc. § RFC 1731 describes the IMAP Authentication Mechanisms § RFC 2595 describes using TLS with IMAP4 running on TCP port 993 Mail Storage Formats § Mailbox Format (Mbox) § Defined in RFC 4155 § All messages in an Mbox mailbox are concatenated and stored as a plain text in a single file § Mails are stored in RFC822 format with a blank space separating each message (2 spaces as each message has one space) and “From” determining start of next message.
    [Show full text]
  • New CS Email Server and Clients Tutorials
    New CS Email Server and Clients Tutorials Revision 1.2 Yung-Chuan Lee Computer Information Specialist Department of Computer Science January 2010 2.Background Several improvements have been incorporated when constructing the new mail server. First of all, the new email server provides secure SMTP/POP3/IMAP services. A free and legit certificate was obtained from ipsCA (Certificate Authority) to enable SSL/TLS connections. The new Webmail also uses SSL connections to enhance the security and privacy. Secondly, spam filter and mail scanner are setup to reduce spams and possible virus/trojan/worms infections. This active filtering and scanning are designed at STMP server level to prevent malicious emails before accepting them. With such configuration, the new email server only consumes a fraction of CPU resource and is very prompt. Furthermore, because of this improvement, CS emails is not rerouted to SIU server for spam filtering anymore. This eliminates the dependency to external server as well simplify troubleshooting process. The email format has been switched to MailDir. This renders each email in a single file instead of all emails in one big spool file, and it further improves both mail server and webmail performance. Instead of centralized email spool on the server, each userʼs emails are now stored under MailDir folder in their Linux home directory to enhance user accounts and files management as well improve file security. Webmail system is switched from OpenWebmail to Squirrelmail. Squirrelmail provides plug-able modules to enable more functionalities while keeping its core system simple and fast. To prevent malicious attacks, our webmail has configured to temporary block an user and an IP when too many login attempts failed.
    [Show full text]