Certification Objective 12.02-Reception with Dovecot

Once you've installed the Dovecot package, it's easy to configure. All you need to do is add the appropriate directive in the Dovecot configuration file and make sure it starts the next time you start Linux. If you use a secure incoming e-mail protocol such as POP3S or IMAPS, you'll want to configure an appropriate certificate as well.

The process has changed significantly relative to RHEL 4. But first, let's review the POP3 and IMAP protocols.


The Post Office Protocol (POP) is one of the major mail delivery protocols. It includes some basic commands that allow you or an e-mail client to send and retrieve messages. A mail service can be configured to be a central depository for incoming mail messages from any other MTA service. Client applications then download the mail messages from the POP server for processing at the local host.

The current version of POP is known as POP3.

On the Job 

You can configure user accounts that are designed to service only POP user accounts, where users log in and receive mail only and no interactive service is provided. Just set up the appropriate mail client in the login configuration sequence for a given user.


The IMAP (Internet Message Access Protocol) is the other major mail delivery protocol. While POP downloads all e-mail to the client, an IMAP server maintains all mail messages on the server, as a database. IMAP is commonly used by businesses that service users who log in from different locations. It's also the most common mail delivery protocol for Web-based mail services.

The current version of IMAP is known as IMAP4.

Configuration File

Now that you've reviewed the protocols, let's start configuring Dovecot. The main configuration file, /etc/dovecot.conf, is well commented. As the file is nearly 1000 lines long, this section focuses on a few key directives. The first thing to note is this comment:

 # Default values are shown after each value, it's not required to # uncomment any of the lines. 

The protocols you select depend on what's specified during your exam. As suggested earlier, IMAPS and POP3S are secure versions of IMAP and POP3. Normally, you should not activate a protocol unless you intend to use it; otherwise, you're opening up a potential security hole:

 #protocols = imap imaps pop3 pop3s 

If you have multiple network cards (or multiple IP addresses on your network card), you'll want to specify an IP address where the server listens for connections. You can do so by activating the following directives with appropriate IP addresses. If you use nonstandard ports, you can specify them here as well. Here are two examples:

 #listen = #ssl listen = 

If you want POP3S or IMAP4S support, you'll want to retain this directive (pay attention-it's a double-negative; in other words, this directive tells Dovecot that it should not disable SSL protocols):

 #ssl_disable = no 

For secure support, you'll also need certificates and keys. The default locations are shown as commented. I'll describe how you can create your own certificate shortly:

 #ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem #ssl_key_file = /etc/pki/dovecot/private/dovecot.pem 

Part of the way down the file, you can specify the location where e-mail is stored, with the mail_location directive (this is the successor to the old default_mail_env setting). You should specify a location; otherwise Dovecot will have problems with users who don't yet have a dedicated directory. Some suggestions are listed in the comments of the configuration file. Naturally, this depends on the default mail directories associated with your users' preferred e-mail programs.

Activating Dovecot

Activating Dovecot is a straightforward process and should already be familiar to you. I repeat it here because you probably won't get credit for your work if your system does not activate Dovecot (or any other required service) when you boot Linux. The commands should be familiar; while alternatives are available, the following commands start Dovecot and make sure that it starts when you reboot Linux into four different runlevels (2, 3, 4, and 5):

 # service dovecot on # chkconfig dovecot on 

And to make sure that you didn't make a mistake, you can confirm that Dovecot is active and will boot in desired runlevels with the following commands:

 # service dovecot status # chkconfig --list dovecot 

Dovecot Secure Certificates

There have been changes in the way Dovecot certificates are created. As shown in the configuration file, certificates are now stored in two /etc/pki/dovecot subdirectories. To create your own certificate, you'll need to modify the dovecot-openssl.cnf file in /etc/pki/dovecot. As described in Table 12-3, the directives are straightforward and are normally set to defaults that you would not want to use. Everything you need to activate is in the [req_dn] stanza.

Table 12-3: Directives in dovecot-openssl.cnf for Your Own SSL Certificate




Country code; use the standard two-letter code for your country as defined


State or province name; if you're in the USA, use the two-letter postal code for your state


Name of your locality (city or town)


Name of your organization or company


Name of the group within your organization


Common or FQDN of your IMAP server


Administrative e-mail address for the server


Normally specifies a server

You'll have to delete (or move) the default certificates, both named dovecot.pem, in the following directories:

 /etc/pki/dovecot/certs /etc/pki/dovecot/private 

Make sure the associated script, mkcert.sh, in the /usr/share/doc/dovecot-versionnum/examples/ directory is executable, and then run it:

 # /usr/share/doc/dovecot-versionnum/examples/mkcert.sh 

RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302)
Linux Patch Management: Keeping Linux Systems Up To Date
ISBN: 0132366754
EAN: 2147483647
Year: 2004
Pages: 227
Authors: Michael Jang

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net