Rob's web

POP3 and IMAP

In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server.

POP version 3 (POP3) is the version in common use.

In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 3501.

IMAP was designed with the goal of permitting complete management of an email box by multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them. An IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned the port number 993.

Virtually all modern e-mail clients and servers support IMAP, which along with the earlier POP3 (Post Office Protocol) are the two most prevalent standard protocols for email retrieval. Many webmail service providers such as Gmail, Outlook.com and Yahoo! Mail also provide support for both IMAP and POP3.

Installation

# dnf install dovecot dovecot-mysql

Configuration

# cd /etc/dovecot
# ll
drwxr-xr-x. 2 root root 4096 17 nov 02:28 conf.d
-rw-r--r--. 1 root root 4380 30 apr  2018 dovecot.conf

dovecot.conf doesn't need editing.

Several files must be edited.

# cd /etc/dovecot/conf.d
ll
-rw-r--r--. 1 root root  5253 Aug 24 16:42 10-auth.conf
-rw-r--r--. 1 root root  1781 Aug  6  2021 10-director.conf
-rw-r--r--. 1 root root  3757 Aug  6  2021 10-logging.conf
-rw-r--r--. 1 root root 17836 Aug 24 16:53 10-mail.conf
-rw-r--r--. 1 root root  3562 Aug 25 19:37 10-master.conf
-rw-r--r--. 1 root root  1585 Aug  6  2021 10-metrics.conf
-rw-r--r--. 1 root root  3658 Aug 24 17:02 10-ssl.conf
-rw-r--r--. 1 root root  1657 Aug  6  2021 15-lda.conf
-rw-r--r--. 1 root root  3111 Aug  6  2021 15-mailboxes.conf
-rw-r--r--. 1 root root  4520 Aug  6  2021 20-imap.conf
-rw-r--r--. 1 root root  1367 Aug  6  2021 20-lmtp.conf
-rw-r--r--. 1 root root  4066 Aug  6  2021 20-pop3.conf
-rw-r--r--. 1 root root  4299 Aug  6  2021 20-submission.conf
-rw-r--r--. 1 root root   676 Aug  6  2021 90-acl.conf
-rw-r--r--. 1 root root   292 Aug  6  2021 90-plugin.conf
-rw-r--r--. 1 root root  2596 Aug  6  2021 90-quota.conf
-rw-r--r--. 1 root root   499 Aug  6  2021 auth-checkpassword.conf.ext
-rw-r--r--. 1 root root   489 Aug  6  2021 auth-deny.conf.ext
-rw-r--r--. 1 root root   343 Aug  6  2021 auth-dict.conf.ext
-rw-r--r--. 1 root root   924 Aug  6  2021 auth-ldap.conf.ext
-rw-r--r--. 1 root root   561 Aug  6  2021 auth-master.conf.ext
-rw-r--r--. 1 root root   515 Aug  6  2021 auth-passwdfile.conf.ext
-rw-r--r--. 1 root root   806 Aug 24 16:47 auth-sql.conf.ext
-rw-r--r--. 1 root root   611 Aug  6  2021 auth-static.conf.ext
-rw-r--r--. 1 root root  2182 Aug  6  2021 auth-system.conf.ext

Edit 10-auth.conf

# cd /etc/dovecot/conf.d
# vi 10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-sql.conf.ext

Edit auth-sql.conf.ext

# vi auth-sql.conf.ext
passdb {
  driver = sql
  args = /etc/dovecot/conf.d/dovecot-sql.conf.ext
}
userdb {
  driver = static
  args = uid=vmail gid=vmail home=/svr/mail/vhosts/%d/%n
}

Edit dovecot-sql.conf.ext

# vi dovecot-sql.conf.ext
driver = mysql
connect = "host=127.0.0.1 dbname=:mail user=vmail password=YourPasswordHere"
default_pass_scheme = SHA512-CRYPT
password_query = SELECT Email as User, password FROM users WHERE Email='%u';

Edit 10-logging.conf

# vi 10-logging.conf

log_path = /var/log/dovecot.log

Edit 10-mail.conf

# vi 10-mail.conf
mail_location = maildir:/srv/mail/vhosts/%d/%n
namespace inbox {
  inbox = yes
}
mail_privileged_group = mail
mbox_write_locks = fcntl

Edit 10-master.conf

# vi 10-master.conf
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
   mode = 0600
   user = postfix
   group = postfix
  }
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
  unix_listener auth-userdb {
   mode = 0600
   user = vmail
  }
  user = dovecot
}
service auth-worker {
  user = vmail
}
service dict {
  unix_listener dict {
  }
}

Edit 10-ssl.conf

# vi 10-ssl.conf
ssl = required
ssl_cert = </etc/pki/tls/certs/example.com_fc.pem
ssl_key = </etc/pki/tls/private/example.com.key

Indien we quota willen instellen dienen we 90-quota.conf aan te passen. Standaard is ongelimiteerd.

To display the configuration type:

# doveconf
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# OS: Linux 5.14.0-427.31.1.el9_4.x86_64 x86_64 Rocky Linux release 9.4 (Blue Onyx) xfs
# Hostname: server.example.com
# NOTE: Send doveconf -n output instead when asking for help.
auth_anonymous_username = anonymous
...
...
version_ignore = no
#

Starting

# systemctl start dovecot
# systemctl enable dovecot

Firewall

firewall-cmd --permanent --add-port=143/tcp
firewall-cmd --permanent --add-port=993/tcp
firewall-cmd --permanent --add-port=110/tcp
firewall-cmd --permanent --add-port=995/tcp
firewall-cmd --reload

Testing

username and password without the quotes.

imap

# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready.
a login "username" "password"
a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES....] Logged in
b select inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1725737012] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
b OK [READ-WRITE] Select completed (0.019 + 0.000 + 0.018 secs).
c list "" *
* LIST (\HasNoChildren) "." INBOX
c OK List completed (0.024 + 0.000 + 0.023 secs).
d lsub "" *
d OK Lsub completed (0.001 + 0.000 secs).
e logout
* BYE Logging out
e OK Logout completed.
#
# openssl s_client -connect imap.example.com:993
CONNECTED(00000003)
depth=0 CN = *.robkalmeijer.nl
verify error:num=20:unable to get local issuer certificate
verify return:1
....
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login "username" "password"
.....
e logout
* BYE Logging out
e OK Logout completed.
#
# openssl s_client -connect imap.example.com:143 -starttls imap
....
read R BLOCK
a login "username" "password"
.....
e logout
* BYE Logging out
e OK Logout completed.
#

pop3

# telnet localhost 110
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user info@example.com
+OK
pass my-password
+OK logged in.
list
+OK 1 messages:
1 738
.
quit
+OK Logging out.
Connection closed by foreign host.
#
# openssl s_client -connect pop3.example.com:995
CONNECTED(00000003)
.....
---
read R BLOCK
+OK Dovecot ready.
.....
# openssl s_client -connect pop3.example.com:110 -starttls pop3
CONNECTED(00000003)
.....
---
read R BLOCK
+OK Dovecot ready.
.....

When the above works you can continue to setup postfix. Dovecot is now available for authentication postfix users.

Links