edpibu/blog
1
Fork 0
Code Issues Activity
blog/content/docs/server/services/dovecot.md

4.3 KiB
Raw Blame History

title weight
Serveur mail 1

Serveur mail

Installation

Installer les paquets dovecot, postfix et pigeonhole (sieve).

Configuration

Dovecot

Créer la configuration :

mkdir /etc/dovecot
cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot

# /etc/dovecot/dovecot.conf
protocols = imap lmtp sieve
!include conf.d/*.conf

Paramètres DH:

openssl dhparam -out /etc/dovecot/dh.pem 4096

# /etc/dovecot/conf.d/10-ssl.conf
ssl_dh = </etc/dovecot/dh.pem

Pigeonhole

# /etc/dovecot/conf.d/20-lmtp.conf
protocol lmtp {
  mail_plugins = $mail_plugins sieve
}

Exemple de configuration dans /usr/share/doc/dovecot/example-config/conf.d/90-sieve.conf.

# /etc/dovecot/conf.d/90-sieve.conf
plugin {
  sieve = file:~/.config/sieve/filters;active=~/.config/sieve/dovecot.sieve 
}

Managesieve

# /etc/dovecot/conf.d/20-managesieve.conf
service managesieve-login {
}

service managesieve {
}

protocol sieve {
}

Postfix

Aliases

# /etc/postfix/aliases
root:           edpibu

postalias /etc/postfix/aliases

# /etc/postfix/main.cf
# Alias
virtual_alias_maps = hash:/etc/postfix/virtual

# /etc/postfix/virtual
contact@edgarpierre.fr                         edpibu

Delivery

# /etc/postfix/main.cf
myhostname = edgarpierre.fr
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = host

Auth

# /etc/postfix/main.cf
# Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth

SMTPS

# /etc/postfix/master.cf
# SMTPS
smtps   inet    n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

DKIM, DMARC

Installer opendkim, opendmarc.

Opendkim

Exemple de configuration : /usr/share/doc/opendkim/opendkim.conf.sample.

# /etc/opendkim/opendkim.conf
Domain edgarpierre.fr
KeyFile /etc/opendkim/live/edgarpierre.fr/mail.private
Selector mail

Socket unix:/run/opendkim/opendkim.socket
Syslog yes

UMask 002

opendkim-genkey -r -s mail -d edgarpierre.fr

Opendmarc

# /etc/opendmarc/opendmarc.conf
Socket unix:/run/opendmarc/opendmarc.socket
UMask 002

# opendmarc.service
[Service]
Group=postfix
RuntimeDirectory=opendmarc

Postfix

# /etc/postfix/main.cf
# DKIM, DMARC
smtpd_milters = unix:/run/opendkim/opendkim.socket, unix:/run/opendmarc/opendmarc.socket
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

DNS

Enregistrement DNS pour DKIM dans /etc/opendkim/live/edgarpierre.fr/mail.txt.

_dmarc                 IN TXT    "v=DMARC1; p=none; rua=mailto:postmaster@edgarpierre.fr; ruf=mailto:forensic@edgarpierre.fr; fo=1;"
mail._domainkey        IN TXT    ( "v=DKIM1;k=rsa;s=email;p=...;" )

Certificat SSL

Postfix

# /etc/postfix/main.cf
# TLS
# - sending
smtp_tls_security_level = may
# - receiving
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/edgarpierre.fr/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/edgarpierre.fr/privkey.pem
# https://weakdh.org/sysadmin.html
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem

Connexion

IMAP

Paramètre Valeur
Hôte imap.edgarpierre.fr
Port 993
Sécurité SSL/TLS
Authentification Mot de passe

SMTP

Paramètre Valeur
Hôte smtp.edgarpierre.fr
Port 465
Sécurité SSL/TLS
Authentification Mot de passe