Section 7.7. Configuring IMAP and POP3 Email

7.7. Configuring IMAP and POP3 Email

Having mail delivered to the system mailboxes in /var/spool/mail is fineas long as the users are using an MUA running on the Fedora system. If a user is running his MUA on another systemEvolution on another Fedora system in the local network, or perhaps Outlook on a Windows machinethen the user needs IMAP or POP3 access to the remote mailbox.

7.7.1. How Do I Do That?

Fedora's Dovecot server provides IMAP and POP3 access.

When freshly installed, Dovecot will not successfully start. Dovecot requires security certificates to enable encrypted communications. There are three solutions to this problem:

Buy a certificate

A certificate is signed by a certificate authority (CA), whotheoreticallyis trusted by both the client and server. The CA certifies that the parties to whom certificates are issued are who they say they are, therefore eliminating the possibility of a malicious party between the client and the server masquerading as the server.

Buying a certificate is not covered in this lab.

Create your own certificate

Because there is no way to verify the authenticity of the certificate (whether unsigned or self-signed) with a third party, most client programs will present a warning dialog every time a certificate of this type is encountered. However, the connection will still be encrypted.

Disable encryption

In all caseswhether encryption is disabled or notDovecot will accept unencrypted connections. If you are in a secure environment (for example, where the only client connecting to the Dovecot server is SquirrelMail on the local machine, or connections are made over a reasonably secure LAN such as a wired home network), you may decide to forgo encryption altogether.

7.7.1.1. Creating your own certificate

First, edit the file /etc/pki/dovecot/dovecot-openssl.cnf and find the CN= and emailAddress= lines:

[ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) #C=FI # State or Province Name (full name) #ST= # Locality Name (eg. city) #L=Helsinki # Organization (eg. company) #O=Dovecot # Organizational Unit Name (eg. section) OU=IMAP server # Common Name (*.example.com is also possible) CN=imap.example.com # E-mail contact emailAddress=postmaster@example.com [ cert_type ] nsCertType = server

Edit these two lines to contain the hostname of the system and the mail administrator's email address:

# Common Name (*.example.com is also possible) CN=bluesky.fedorabook.com # E-mail contact emailAddress=postmaster@fedorabook.com

Then generate the certificates:

# SSLDIR=/etc/pki/dovecot /usr/share/doc/dovecot-1.0/examples/mkcert.sh                

7.7.1.2. Disabling Encryption

To disable encryption, edit /etc/dovecot.conf and locate the ssl_disable line:

# Disable SSL/TLS support. #ssl_disable = no

Uncomment this line and change the value to yes:

# Disable SSL/TLS support. ssl_disable = yes

7.7.1.3. Starting Dovecot

Start the dovecot service using the Services tool or from the command line:

# service dovecot start                

If you are going to use IMAP or POP3 remotely, you will need to open some ports in your firewall. For IMAP, open ports for the IMAP and IMAPS services (TCP ports 143 and 220); for POP3, open the POP3 and POP3S ports (TCP ports 110 and 995). On the other hand, if you will be using the IMAP and POP3 services only with local applications such as SquirrelMail or local MTAs such as Evolution, you should close the IMAP and POP3 ports on your firewall.

7.7.2. How Does It Work?

Dovecot enables MUAs to access mailboxes over a network connection using the POP3 or IMAP protocols. POP3 is primarily used to fetch mail from a mailbox so that it can be used elsewhere; IMAP is used to manipulate email messages and folders while leaving them on the server.

Like SMTP, POP3 is a human-readable protocol, and you can use telnet to manually conduct a POP3 session to see how it works:

$ telnet bluesky.fedorabook.com pop3 Trying 172.16.97.102... Connected to 172.16.97.102 (172.16.97.102). Escape character is '^]'. +OK Dovecot ready. USER chris +OK PASS bigsecret +OK Logged in. LIST +OK 2 messages: 1 615 2 609 . RETR 1 +OK 616 octets Return-Path: <root@localhost.localdomain> Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])         by localhost.localdomain (8.13.5/8.13.5) with ESMTP id k232Hf26026693         for <chris@localhost.localdomain>; Thu, 2 Mar 2006 21:17:41 -0500 Received: (from root@localhost)         by localhost.localdomain (8.13.5/8.13.5/Submit) id k232HfOb026692         for chris; Thu, 2 Mar 2006 21:17:41 -0500 Date: Thu, 2 Mar 2006 21:17:41 -0500 From: Jason Smith <root@localhost.localdomain> Message-Id: <200603030217.k232HfOb026692@localhost.localdomain> To: chris@localhost.localdomain Subject: Book Cover Nice! . QUIT +OK Logging out.

IMAP is also human-readable, but a bit more complex.

In its default configuration, Dovecot uses the input mailboxes in /var/spool/mail as the IMAP INBOX folder and the POP3 data source. This ensures that other applications (such as a local MUA like Evolution) can be used to access the same messages.

7.7.3. What About...

7.7.3.1. ...IMAP folders other than the INBOX?

Dovecot creates these in the user's home directory.

7.7.4. Where Can I Learn More?

• The Dovecot web site: http://dovecot.org

• The Dovecot Wiki: http://wiki.dovecot.org

• Documentation in /usr/share/doc/dovecot*

• The manpages for openssl, the library that handles encryption for dovecot