Learn Linux Series (#9) - e-mail server (Dovecot)

First, we install Dovecot and openssl (if this package has not been installed before, because we will use it to encrypt connection data, etc.).
zypper in dovecot21 openssl
it is worth to create a backup copy of the configuration file:
cd /etc/dovecot
cp dovecot.conf dovecot.conf.backup
We create the initial configuration file by pattern:
doveconf -n > dovecot.conf-new
mv dovecot.conf-new dovecot.conf (do not create a file right away dovecot.conf: doveconf -n > dovecot.conf, because there will be errors regarding the lack of SSL certificates).
We edit the file (vi /etc/dovecot/dovecot.conf) and set / add the following options:
mail_location = maildir:~/Maildir #location of mailboxes
With this setting of mail_location, we delete or comment on the entire namespace inbox section (marked in black, because in this case we will not need it):
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = Drafts
}
mailbox Junk {
special_use = Junk
}
mailbox Sent {
special_use = Sent
}
mailbox "Sent Messages" {
special_use = Sent
}
mailbox Trash {
special_use = Trash
}
prefix =
}
login_greeting = My POP3 / IMAP server #information presented by dovecot after logging in (establishing the session) POP3
listen = * # listen on all network interfaces
protocols = "imap pop3" # serviced mail protocols
ssl = yes # enable ssl encryption
ssl_cert = # path to the certificate - do not forget about the beginning of the entry with the majority sign "<" otherwise you will see the following warnings in the logs: "Can not load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert = </ etc / dovecot / ssl / certyfikat.pem) "
ssl_key = # path to the key - note do not forget the beginning of the entry with the majority sign "<"
disable_plaintext_auth = yes # disable logging in with plain text (plain text - unencrypted).
Save the above configuration. Now, we will create a certificate and a key to which the above-mentioned configuration indicates.
mkdir /etc/dovecot/ssl
cd /etc/dovecot/ssl
openssl req -new -x509 -nodes -out certificate.pem -keyout key.pem -days 365
Enter your domain details, in particular pay attention to the option
"Common Name", which is intended to indicate the name of your domain.
Country Name (2 letter code) [AU]: EN # country
State or Province Name (full name) [Some-State]: Texas # province
Locality Name (eg, city) []: Glasgow # city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Utopian-io # name of our company
Organizational Unit Name (eg, section) []: Programming # section / department of the company
Common Name (e.g. server FQDN or YOUR name) []: utopian.io # domain name
Email Address []: vitusc@utopian.io # e-mail address for contacts regarding the certificate
We check the correctness of key generation with the command:
openssl rsa -in klucz.pem -check
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
If you see such a message, we acknowledge that the key has been generated correctly.
Now check the certificate information:
openssl x509 -noout -text -in certyfikat.pem
the message should appear:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16436464367657346376 (0xcf48ed216ab49e87)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=EN, ST=Texas, L=Glasgow, O=Utopian-io, OU=Programing, CN=utopian.io/emailAddress=vitusc@utopian.io
Validity
Not Before: Mar 20 15:54:17 2018 GMT
Not After : Mar 19 15:54:17 2022 GMT
Subject: C=EN, ST=Texas, L=Glasgow, O=Utopian-io, OU=Programing, CN=utopian.io/emailAddress=vitusc@utopian.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
[...]
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
[...]
X509v3 Authority Key Identifier:
[...]
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
[...]
It looks like everything is OK. So we start Dovecot and add it to autostart:
service dovecot start
service dovecot status
chkconfig dovecot on
Let's try to send a message using SMTP
telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
ehlo utopian.io
250-mail.utopian.io
250-PIPELINING
250-SIZE
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: vitusc@utopian.io
250 2.1.0 Ok
rcpt to: test@utopian.io
250 2.1.5 Ok
data
354 End data with.
Subject: Shipping test #enter
We're testing sending #enter messages
. # remember to put a full stop at the end of the message
250 2.0.0 Ok: queued as 2E23E1C0F15 #Announcement added to the delivery queue with ID 2E23E1C0F15
quit
221 2.0.0 Bye
Connection closed by foreign host.
openssl s_client -connect localhost:995
[...] +OK Dovecot ready.
user test
+OK
pass test
+OK Logged in.
stat
+OK 1 486
list
+OK 1 messages:
1 486
.TEST TEST TEST!
retr 1 # shows the content of the ID 1 message
+OK 486 octets
Return-Path:
X-Original-To: test@utopian.io
Delivered-To: test@utopian.io
Received: from utopian.io (localhost [IPv6:::1])
by mail.utopian.io with ESMTP id 2E23E1C0F15
for ; Mon, 3 Aug 2015 12:57:13 +0200 (CEST)
Subject: Shipping test
Message-Id: <20150803105723.2E23E1C0F15@mail.utopian.io>
Date: Mon, 3 Aug 2015 12:57:13 +0200 (CEST)
From: vitusc@utopian.io
.TEST TEST TEST!
quit
+OK Logging out.
closed