Certification Objective 12.02-Reception with Dovecot


Once you've installed the Dovecot package, it's easy to configure. All you need to do is add the appropriate directive in the Dovecot configuration file and make sure it starts the next time you start Linux. If you use a secure incoming e-mail protocol such as POP3S or IMAPS, you'll want to configure an appropriate certificate as well.

The process has changed significantly relative to RHEL 4. But first, let's review the POP3 and IMAP protocols.

POP

The Post Office Protocol (POP) is one of the major mail delivery protocols. It includes some basic commands that allow you or an e-mail client to send and retrieve messages. A mail service can be configured to be a central depository for incoming mail messages from any other MTA service. Client applications then download the mail messages from the POP server for processing at the local host.

The current version of POP is known as POP3.

On the Job 

You can configure user accounts that are designed to service only POP user accounts, where users log in and receive mail only and no interactive service is provided. Just set up the appropriate mail client in the login configuration sequence for a given user.

IMAP

The IMAP (Internet Message Access Protocol) is the other major mail delivery protocol. While POP downloads all e-mail to the client, an IMAP server maintains all mail messages on the server, as a database. IMAP is commonly used by businesses that service users who log in from different locations. It's also the most common mail delivery protocol for Web-based mail services.

The current version of IMAP is known as IMAP4.

Configuration File

Now that you've reviewed the protocols, let's start configuring Dovecot. The main configuration file, /etc/dovecot.conf, is well commented. As the file is nearly 1000 lines long, this section focuses on a few key directives. The first thing to note is this comment:

 # Default values are shown after each value, it's not required to # uncomment any of the lines. 

The protocols you select depend on what's specified during your exam. As suggested earlier, IMAPS and POP3S are secure versions of IMAP and POP3. Normally, you should not activate a protocol unless you intend to use it; otherwise, you're opening up a potential security hole:

 #protocols = imap imaps pop3 pop3s 

If you have multiple network cards (or multiple IP addresses on your network card), you'll want to specify an IP address where the server listens for connections. You can do so by activating the following directives with appropriate IP addresses. If you use nonstandard ports, you can specify them here as well. Here are two examples:

 #listen = 192.168.0.22:10110 #ssl listen = 192.168.0.23:10943 

If you want POP3S or IMAP4S support, you'll want to retain this directive (pay attention-it's a double-negative; in other words, this directive tells Dovecot that it should not disable SSL protocols):

 #ssl_disable = no 

For secure support, you'll also need certificates and keys. The default locations are shown as commented. I'll describe how you can create your own certificate shortly:

 #ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem #ssl_key_file = /etc/pki/dovecot/private/dovecot.pem 

Part of the way down the file, you can specify the location where e-mail is stored, with the mail_location directive (this is the successor to the old default_mail_env setting). You should specify a location; otherwise Dovecot will have problems with users who don't yet have a dedicated directory. Some suggestions are listed in the comments of the configuration file. Naturally, this depends on the default mail directories associated with your users' preferred e-mail programs.

Activating Dovecot

Activating Dovecot is a straightforward process and should already be familiar to you. I repeat it here because you probably won't get credit for your work if your system does not activate Dovecot (or any other required service) when you boot Linux. The commands should be familiar; while alternatives are available, the following commands start Dovecot and make sure that it starts when you reboot Linux into four different runlevels (2, 3, 4, and 5):

 # service dovecot on # chkconfig dovecot on 

And to make sure that you didn't make a mistake, you can confirm that Dovecot is active and will boot in desired runlevels with the following commands:

 # service dovecot status # chkconfig --list dovecot 

Dovecot Secure Certificates

There have been changes in the way Dovecot certificates are created. As shown in the configuration file, certificates are now stored in two /etc/pki/dovecot subdirectories. To create your own certificate, you'll need to modify the dovecot-openssl.cnf file in /etc/pki/dovecot. As described in Table 12-3, the directives are straightforward and are normally set to defaults that you would not want to use. Everything you need to activate is in the [req_dn] stanza.

Table 12-3: Directives in dovecot-openssl.cnf for Your Own SSL Certificate

Directive

Description

C

Country code; use the standard two-letter code for your country as defined

ST

State or province name; if you're in the USA, use the two-letter postal code for your state

L

Name of your locality (city or town)

O

Name of your organization or company

OU

Name of the group within your organization

CN

Common or FQDN of your IMAP server

emailAddress

Administrative e-mail address for the server

nsCertType

Normally specifies a server

You'll have to delete (or move) the default certificates, both named dovecot.pem, in the following directories:

 /etc/pki/dovecot/certs /etc/pki/dovecot/private 

Make sure the associated script, mkcert.sh, in the /usr/share/doc/dovecot-versionnum/examples/ directory is executable, and then run it:

 # /usr/share/doc/dovecot-versionnum/examples/mkcert.sh 



RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302)
Linux Patch Management: Keeping Linux Systems Up To Date
ISBN: 0132366754
EAN: 2147483647
Year: 2004
Pages: 227
Authors: Michael Jang

Similar book on Amazon
Linux Quick Fix Notebook
Linux Quick Fix Notebook
Self-Service Linux: Mastering the Art of Problem Determination
Self-Service Linux: Mastering the Art of Problem Determination
RHCSA/RHCE Red Hat Linux Certification Study Guide (Exams EX200 & EX300), 6th Edition (Certification Press)
RHCSA/RHCE Red Hat Linux Certification Study Guide (Exams EX200 & EX300), 6th Edition (Certification Press)
Security Strategies in Linux Platforms and Applications (Information Systems Security & Assurance)
Security Strategies in Linux Platforms and Applications (Information Systems Security & Assurance)

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net