Certification Objective 12.02-Reception with Dovecot
Once you've installed the Dovecot package, it's easy to configure. All you need to do is add the appropriate directive in the Dovecot configuration file and make sure it starts the next time you start Linux. If you use a secure incoming e-mail protocol such as POP3S or IMAPS, you'll want to configure an appropriate certificate as well.
The process has changed significantly relative to RHEL 4. But first, let's review the POP3 and IMAP protocols.
POP
The Post Office Protocol (POP) is one of the major mail delivery protocols. It includes some basic commands that allow you or an e-mail client to send and retrieve messages. A mail service can be configured to be a central depository for incoming mail messages from any other MTA service. Client applications then download the mail messages from the POP server for processing at the local host.
The current version of POP is known as POP3.
| On the Job | You can configure user accounts that are designed to service only POP user accounts, where users log in and receive mail only and no interactive service is provided. Just set up the appropriate mail client in the login configuration sequence for a given user. |
IMAP
The IMAP (Internet Message Access Protocol) is the other major mail delivery protocol. While POP downloads all e-mail to the client, an IMAP server maintains all mail messages on the server, as a database. IMAP is commonly used by businesses that service users who log in from different locations. It's also the most common mail delivery protocol for Web-based mail services.
The current version of IMAP is known as IMAP4.
Configuration File
Now that you've reviewed the protocols, let's start configuring Dovecot. The main configuration file, /etc/dovecot.conf, is well commented. As the file is nearly 1000 lines long, this section focuses on a few key directives. The first thing to note is this comment:
# Default values are shown after each value, it's not required to # uncomment any of the lines.
The protocols you select depend on what's specified during your exam. As suggested earlier, IMAPS and POP3S are secure versions of IMAP and POP3. Normally, you should not activate a protocol unless you intend to use it; otherwise, you're opening up a potential security hole:
#protocols = imap imaps pop3 pop3s
If you have multiple network cards (or multiple IP addresses on your network card), you'll want to specify an IP address where the server listens for connections. You can do so by activating the following directives with appropriate IP addresses. If you use nonstandard ports, you can specify them here as well. Here are two examples:
#listen = 192.168.0.22:10110 #ssl listen = 192.168.0.23:10943
If you want POP3S or IMAP4S support, you'll want to retain this directive (pay attention-it's a double-negative; in other words, this directive tells Dovecot that it should not disable SSL protocols):
#ssl_disable = no
For secure support, you'll also need certificates and keys. The default locations are shown as commented. I'll describe how you can create your own certificate shortly:
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem #ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
Part of the way down the file, you can specify the location where e-mail is stored, with the mail_location directive (this is the successor to the old default_mail_env setting). You should specify a location; otherwise Dovecot will have problems with users who don't yet have a dedicated directory. Some suggestions are listed in the comments of the configuration file. Naturally, this depends on the default mail directories associated with your users' preferred e-mail programs.
Activating Dovecot
Activating Dovecot is a straightforward process and should already be familiar to you. I repeat it here because you probably won't get credit for your work if your system does not activate Dovecot (or any other required service) when you boot Linux. The commands should be familiar; while alternatives are available, the following commands start Dovecot and make sure that it starts when you reboot Linux into four different runlevels (2, 3, 4, and 5):
# service dovecot on # chkconfig dovecot on
And to make sure that you didn't make a mistake, you can confirm that Dovecot is active and will boot in desired runlevels with the following commands:
# service dovecot status # chkconfig --list dovecot
Dovecot Secure Certificates
There have been changes in the way Dovecot certificates are created. As shown in the configuration file, certificates are now stored in two /etc/pki/dovecot subdirectories. To create your own certificate, you'll need to modify the dovecot-openssl.cnf file in /etc/pki/dovecot. As described in Table 12-3, the directives are straightforward and are normally set to defaults that you would not want to use. Everything you need to activate is in the [req_dn] stanza.
| Directive | Description |
|---|---|
| C | Country code; use the standard two-letter code for your country as defined |
| ST | State or province name; if you're in the USA, use the two-letter postal code for your state |
| L | Name of your locality (city or town) |
| O | Name of your organization or company |
| OU | Name of the group within your organization |
| CN | Common or FQDN of your IMAP server |
| emailAddress | Administrative e-mail address for the server |
| nsCertType | Normally specifies a server |
You'll have to delete (or move) the default certificates, both named dovecot.pem, in the following directories:
/etc/pki/dovecot/certs /etc/pki/dovecot/private
Make sure the associated script, mkcert.sh, in the /usr/share/doc/dovecot-versionnum/examples/ directory is executable, and then run it:
# /usr/share/doc/dovecot-versionnum/examples/mkcert.sh
EAN: 2147483647
Pages: 227