如何部署Dovecot?

Dovecot

1 基础知识

1.1 邮件的基本概念

– MUA即Mail User Agent,接受用户指令并将邮件传送至邮件传输代理(如outlook express、foxmail属于邮件用户代理)
– MTA即Mail Transfer Agent,接收用户邮件并缓存队列中直至通过网络找到并投递给目标邮件传输代理(sendmail、postfix)
– MDA即Mail Deliver Agent,从本地邮件传输代理取得邮件并投递给本地最终用户(如procmail、dropmail)
– MRA即Mail Receive Agent,接受邮件用户代理的邮件接收请求,通常支持IMAP或POP3协议(如dovecot)
需要注意的是,查找目标邮件传输代理会利用域名的MX记录,例如查找will@cmdschool.org的传输代理,将通过该域名的MX记录查找,如下命令可以模拟该过程,

# nslookup
> set type=mx
> cmdschool.org
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
cmdschool.org   mail exchanger = 5 mxbiz1.qq.com.
cmdschool.org   mail exchanger = 10 mxbiz2.qq.com.

Authoritative answers can be found from:
>

1.2 Dovecot

1.2.1 Dovecot的简介

– Dovecot是重要的邮件接收代理程序(MRA即Mail Receive Agent)
– Dovecot是用于Linux/UNIX类系统的开源IMAP和POP3电子邮件服务器
– Dovecot注重安全性
– Dovecot适用于小型与大型邮件系统
– Dovecot设置简单、速度快、无需特殊管理且内存占用少

1.2.2 Dovecot的特点

– Dovecot是性能最好的IMAP服务器之一
– Dovecot支持标准的mbox和Maildir格式
– Dovecot具有良好的性能和兼容性
– Dovecot支持灵活且丰富的用户认证机制(支持不同的数据库和认证)
– Dovecot通过所有IMAP服务器标准合规性测试
– Dovecot无需设置即支持SMTP身份验证后端直接验证(Postfix 2.3+和Exim 4.64+)
– Dovecot支持自优化索引,索引包含用户查到好处的常用内容
– Dovecot支持从现有的IMAP和POP3服务器轻松迁移
– Dovecot支持自愈且能修复大部分问题(例如修复损坏的索引文件并记录日志)
– Dovecot支持自动解决IMAP和POP3客户端的常见错误且可选配
– Dovecot支持错误信息等对管理员非常友好且容易理解
– Dovecot支持基于安全设计且具有良好的漏洞修复应对机制
– Dovecot具有良好的文件系统兼容性
– Dovecot易于扩展,可通过插件添加新命令,修改程序、增加数据到索引或支持新的邮箱格式(例如配额和ACL支持)

1.2.3 Dovecot的兼容性

– 支持完整的IMAP4rev1和POP3、IPv6、SSL和TLS
– 支持常用的IMAP扩展,包括SORT、THREAD和IDLE
– 支持v1.2+完全支持共享邮箱(旧版本还支持管理员可配置的ACL文件)
– 支持Maildir++配额(硬文件系统配合可能会有兼容性问题)
– 支持Linux、Solaris、FreeBSD、OpenBSD、NetBSD和Mac OS x等系统

2 最佳实践

2.1 配置Senmail环境

本章基于Senmail环境配置,如果想更好地理解本章节,建议你先熟悉以下章节,

如何部署Sendmail?

2.2 安装配置dovecot

2.2.1 安装软件包

In mail0[1,2],

yum install -y dovecot

2.2.2 启动与设置自启动并获取状态

In mail0[1,2],

systemctl start dovecot.service
systemctl enable dovecot.service
systemctl status dovecot.service

服务启动后,建议你使用如下命令查看端口倾听状态,

netstat -antp | grep "dovecot"

可见如下显示,

tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      31210/dovecot
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      31210/dovecot
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      31210/dovecot
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      31210/dovecot
tcp6       0      0 :::143                  :::*                    LISTEN      31210/dovecot
tcp6       0      0 :::993                  :::*                    LISTEN      31210/dovecot
tcp6       0      0 :::995                  :::*                    LISTEN      31210/dovecot
tcp6       0      0 :::110                  :::*                    LISTEN      31210/dovecot

2.2.3 配置认证方式

In mail0[1,2],

grep '!include auth-' /etc/dovecot/conf.d/10-auth.conf

可通过如下命令确认开启的认证方式,

#!include auth-deny.conf.ext
#!include auth-master.conf.ext
!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

需要注意的是,
– 以上非注解配置为“auth-system.conf.ext”,即引用系统账号作为认证凭据
– Linux默认root用户不允许登录,你需要创建普通用户作为邮件账号
– 创建普通用户请使用如下命令创建,

useradd will
echo willpassword | passwd --stdin will

有时候安全起见,我们会使用如下命令拿掉用户的系统登录Shell(可选),

usermod -s /sbin/nologin will

当然,根据具体的需求,也可以重新加上系统登录Shell(可选),

usermod -s /bin/bash will

然后,设置邮件本地目录,

cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.default
vim /etc/dovecot/conf.d/10-mail.conf

以下参数修改如下,

mail_location = mbox:~/mail:INBOX=/var/mail/%u

根据以上配置,你还需要创建如下目录,

mkdir -p /home/will/mail/.imap/INBOX
chown will:will /home/will/mail/.imap/INBOX

比较优秀的方式是,我们使用自动定制用户登录脚本的方式让用户自动创建,

vim /etc/skel/.bash_profile

需要加入如下脚本命令,

if [ ! -d ~/mail/.imap/INBOX ];then
 mkdir -p ~/mail/.imap/INBOX
fi

配置完成后,请使用如下命令重启服务使配置生效,

systemctl restart dovecot.service

以上利用的知识是,
– CentOS默认邮件存于“/var/mail/”目录下
– 如果需要直接读取邮件目录下的邮件,可以使用如下命令,

cat /var/mail/${USER}

特定的用户,请先切换身份,例如读取“will”用户的邮件,

su - will
cat /var/mail/${USER}

2.2.4 配置防火墙端口

In mail0[1,2],

firewall-cmd --permanent --add-service pop3 --add-service imap
firewall-cmd --reload
firewall-cmd --list-all

2.2.5 调试程序(推荐)

cp /etc/dovecot/conf.d/10-logging.conf /etc/dovecot/conf.d/10-logging.conf.default
vim /etc/dovecot/conf.d/10-logging.conf

启用如下配置,

auth_verbose = yes
auth_verbose_passwords = no
auth_debug = yes
auth_debug_passwords = yes
mail_debug = yes
verbose_ssl = yes

修改完成后,需要重启服务使配置生效,

systemctl restart dovecot.service

然后,可以使用如下命令查看日志,

tail -f /var/log/maillog

另外,如果需要导出当前配置,请使用如下命令,

dovecot -n

输出的范例如下,

# 2.3.8 (9df20d2db): /etc/dovecot/dovecot.conf
# OS: Linux 4.18.0-147.el8.x86_64 x86_64 CentOS Linux release 8.1.1911 (Core)
# Hostname: mail01.cmdschool.org
first_valid_uid = 1000
mail_debug = yes
mail_location = /var/mail/%u
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_cipher_list = PROFILE=SYSTEM
ssl_key = # hidden, use -P to show it
userdb {
  driver = passwd
}

2.3 测试部署的服务

2.3.1 安装测试软件包

In Linux Client,

yum install -y telnet

2.3.2 通过IMAPI协议测试

In Linux Client,

telnet mail01.cmdschool.org 143

测试向导如下,

Trying 10.168.0.125...
Connected to mail01.cmdschool.org.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot ready.
a01 login will willpassword
a01 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY LITERAL+ NOTIFY SPECIAL-USE] Logged in
a02 list "" *
* LIST (\HasNoChildren) "/" INBOX
a02 OK List completed (0.001 + 0.000 secs).
a03 select INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 2 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1627011489] UIDs valid
* OK [UIDNEXT 3] Predicted next UID
a03 OK [READ-WRITE] Select completed (0.001 + 0.000 secs).
a04 search all
* SEARCH 1 2
a04 OK Search completed (0.001 + 0.000 secs).
a05 search new
* SEARCH
a05 OK Search completed (0.001 + 0.000 secs).
a06 fetch 1 full
* 1 FETCH (FLAGS (\Seen) INTERNALDATE "22-Jul-2021 04:01:45 -0400" RFC822.SIZE 1085 ENVELOPE ("Thu, 22 Jul 2021 04:01:41 -0400" "test eamil" ((NIL NIL "will" "mail02.cmdschool.org")) ((NIL NIL "will" "mail02.cmdschool.org")) ((NIL NIL "will" "mail02.cmdschool.org")) ((NIL NIL "will" "mail01.cmdschool.org")) NIL NIL NIL "") BODY ("text" "plain" ("charset" "us-ascii") NIL NIL "7bit" 19 1))
a06 OK Fetch completed (0.001 + 0.000 secs).
a07 fetch 2 rfc822
* 2 FETCH (RFC822 {1085}
Return-Path: 
Received: from mail02.cmdschool.org ([10.168.0.126])
        by mail01.cmdschool.org (8.15.2/8.15.2) with ESMTPS id 16M8avhb004248
        (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
        for ; Thu, 22 Jul 2021 04:36:58 -0400
Received: from mail02.cmdschool.org (localhost [127.0.0.1])
        by mail02.cmdschool.org (8.15.2/8.15.2) with ESMTPS id 16M8asmO002355
        (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
        for ; Thu, 22 Jul 2021 04:36:54 -0400
Received: (from will@localhost)
        by mail02.cmdschool.org (8.15.2/8.15.2/Submit) id 16M8asvf002354
        for will@mail01.cmdschool.org; Thu, 22 Jul 2021 04:36:54 -0400
From: will@mail02.cmdschool.org
Message-Id: 
Date: Thu, 22 Jul 2021 04:36:54 -0400
To: will@mail01.cmdschool.org
Subject: test eamil
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

it is only a test
)
a07 OK Fetch completed (0.001 + 0.000 secs).
a08 logout
* BYE Logging out
a08 OK Logout completed (0.001 + 0.000 secs).
Connection closed by foreign host.

2.3.3 通过邮件客户端测试

In Windows Client,
由于非本章重点,本章不再详述Windows客户端的配置,请自行参阅以下链接并下载客户端测试,
https://www.foxmail.com/
https://www.thunderbird.net/

参阅文档
=================

Dovecot官方主页
————-
https://www.dovecot.org/

Dovecot使用文档
————————
https://doc.dovecot.org/

参数配置,
https://wiki1.dovecot.org/MailLocation/Mbox
https://doc.dovecot.org/admin_manual/post_login_scripting/

没有评论

发表评论

Dovecot
如何使Dovecot用户名区分大小写?

1 前言 一个问题,一篇文章,一出故事。 笔者的Dovecot使用Linux系统的用户名和密码验证, …