Dovecot

From Docunext Technology Wiki

Contents 1 Dovecot Summary 2 Example Configurations 3 Dovecot Authentication and Authorization 3.1 Authentication Mechanisms 3.2 Password Storage Schemes 3.3 User and Password Storage 4 Dovecot AUTH Mechanisms 4.1 Chroot 5 Really Awesome Dovecot Features / Plugins 6 See Also 7 Links

Dovecot Summary

Dovecot is a POP3 and IMAP server, similar to Courier. It supports both mbox and maildir storage formats. I've never used it, but I've heard good things.

I'm interested in trying it out as LDA in conjunction with Postfix, as well as a SASL authentication system for Postfix.

Example Configurations

• Dovecot IMAP Server and LDA for Postfix
• Dovecot IMAP Proxy for a Mail Gateway
• Dovecot SASL Authentication Service for Postfix

Dovecot Authentication and Authorization

Email security is very important! Email contains lots of private information, so quality POP and IMAP servers take security seriously, and so does Dovecot.

Authentication Mechanisms

Dovecot supports SSL connections which can securely employ the plain and login authentication mechanisms, but it also supports the CRAM-MD5 authentication mechanism for nominally secure authentication, with limitations.

Password Storage Schemes

To keep the stored passwords secure, Dovecot can work with passwords that are stored crypt, md5-crypt, md5 hash, and even plain text (though personally I would not use that). Depending upon the authentication mechanism, i.e. whether it is plaintext or not, there are other password hashing schemes that are supported, such as SHA.

User and Password Storage

Furthermore, since there are many other network based services which rely upon secure authentication and authorization, sysadmins often integrate them to leverage one storage system, instead of many silos which all require maintenance.

Thankfully, Dovecot supports a bewildering amount of authentication storage systems, for example:

• MySQL
• PAM
• Dovecot LDAP
• Vpopmail

I'm trying it out as an IMAP based authentication system for Postfix SASL:

auth default {
  mechanisms = plain
  passdb passwd-file {
    args = username_format=%u /etc/dovecot/imap.passwd
  }
  userdb prefetch {
  }
}

Since I'm only authenticating the user and not accessing a Maildir or anything, I use the prefetch userdb option.

I have also used LDAP and found it to work really well.

Dovecot AUTH Mechanisms

Looks like either LOGIN or CRAM-MD5 / HMAC-MD5 are good to use.

• http://wiki.dovecot.org/HowTo/CRAM-MD5

By storing a password in the CRAM-MD5 scheme for Dovecot, either PLAIN or CRAM-MD5 authentication mechanisms will work.

NOTE: As of 20100926, I have re-confirmed that it is possible to use CRAM-MD5 authentication with LDAP, as long as dovecotpw is used to create the password. I'm trying to find an equivalent way of generating CRAM-MD5 password hashes, but so far I haven't had any luck!

Chroot

addgroup --system dovecotauth
adduser --system --no-create-home --shel /bin/false --ingroup dovecotauth --disabled-password --disabled-login dovecotauth

Really Awesome Dovecot Features / Plugins

• Dovecot Post Login Scripting
• Dovecot Proxying
• Dovecot Antispam
• Dovecot Master Password

See Also

• IMAP
• Postfix
• Courier
• GMail
• My Email Services Configurations
• Converting from Courier IMAP to Dovecot IMAP
• Dovecot and Spamassassin
• Dovecot deliver

Links

• http://www.informedemail.com
• http://www.dovecot.org/
• http://www.lxtreme.nl/index.pl/docs/linux/dovecot_postfix_pam
• http://wiki.dovecot.org/LDA