[Dovecot] Setting up a local shared mailbox
One: I have never set up an IMAP server before, so I thought I would ask first before blindly stumbling around. The problem I am want to solve is this: my wife and I have a "joint" email account that we both want to access (we also have our own personal accounts, but that's beside the point.) I posed the question to my local LUG, and several suggested setting up a local IMAP server so that we can both access it through KMail. Would you concur? If so, is there a tutorial or something similar that gives instructions for setting up dovecot locally? As I said, I've never set up an IMAP server before, and I'm not really sure how to go about it. (I'm running Debian Sid, so the packages are already installed, but I don't know what additional steps need to be taken.) Thanks for your help, :Peter
On Thu, Sep 11, 2003 at 10:27:25AM -0500, Peter Clark wrote:
One: I have never set up an IMAP server before, so I thought I would ask first before blindly stumbling around. The problem I am want to solve is this: my wife and I have a "joint" email account that we both want to access (we also have our own personal accounts, but that's beside the point.) I posed the question to my local LUG, and several suggested setting up a local IMAP server so that we can both access it through KMail. Would you concur? If so, is there a tutorial or something similar that gives instructions for setting up dovecot locally? As I said, I've never set up an IMAP server before, and I'm not really sure how to go about it. (I'm running Debian Sid, so the packages are already installed, but I don't know what additional steps need to be taken.)
I just finished doing the same thing, and there really isn't any documentation specific to this. Read the documentation on the dovecot web site. Also, Timo has set up a Wiki at http://dovecot.procontrol.fi/dovewiki Immediately above the word "MoinMoinWiki" is a link to the contents. The troubleshooting section may be helpful. Any one can contribute a new topic or edit an existing one, so someone who solved problems not currently documented could add to the troubleshooting guide or even write a guide to setting up dovecot for your specific needs. Hint. Hint. Wink. Wink. Nudge. Nudge.
What you want to do is very easy if you avoid all the mistakes I made. Most of my mistakes involved the interaction between Dovecot and LDAP. If you use the passwd file for authentication, it becomes much easier. (I.e. there are fewer opportunities for making mistakes.) Post questions and people will try to answer them.
Here's a rough outline of my system:
This is handled on a FreeBSD box.
getmail imports mail from various POP3 accounts with a couple of ISPs. getmail runs under a postoffice account (normal Unix user) that runs mail-related cron jobs and performs other mail-admin tasks. POP3-to- IMAP accounts are 1-to-1; e.g. mail at the POP3 account wibble@isp.net is imported to /var/mail/wibble/inbox.
All accounts are virtual; none of the accounts are mentioned in passwd. I use LDAP to store account names and passwords, but there are other solutions. The easiest is probably 'static' (see Timo's documentation).
Each account has a directory in /var/mail; e.g. the account wibble has its mail in /var/mail/wibble. The directories in /var/mail are all owned by the postoffice account. I don't know what the Linux equivalent of /var/mail would be.
I'm using the mbox format for mailboxes, because the mailboxes were already in that format when I imported them to Dovecot. I found a script for converting them to maildir, but I'm busy and mbox works, and I may never get around to it.
Outgoing mail goes directly from the MUA to the outside account. Since every /var/mail/wibble corresponds to a wibble@isp.net, I don't need to do anything except set up the MUA to send outgoing mail to the SMTP server at the ISP, exactly as you are probably doing now.
We offer no services on the Internet, so the firewall and hosts.allow file both refuse connection attempts from outside the LAN. This makes security relatively easy.
Bob Hall
On Thursday 11 September 2003 03:28 pm, Bob Hall wrote:
I just finished doing the same thing, and there really isn't any documentation specific to this. Read the documentation on the dovecot web site. Also, Timo has set up a Wiki at http://dovecot.procontrol.fi/dovewiki This was helpful, especially the "cheat sheet." Here's my setup: base_dir = /var/run/dovecot/ protocols = imap imap_listen = * ssl_disable = yes login_chroot = yes login = imap login_executable = /usr/lib/dovecot/imap-login login_user = dovecot verbose_proctitle = yes valid_chroot_dirs = /var/mail default_mail_env = maildir:/var/mail/theclarks imap_executable = /usr/lib/dovecot/imap auth = default auth_mechanisms = plain auth_userdb = passwd auth_passdb = pam auth_executable = /usr/lib/dovecot/dovecot-auth auth_user = root auth_verbose = yes
Almost everything works fine, although I'm concerned about 'imap_listen = *'. Is there any way to restrict this to just localhost? I tried 'imap_listen = localhost', but that didn't seem to work. (Ditto with 127.0.0.1). (The other problem is that KMail doesn't indicate new messages in the folder, so the only way to see if there are new messages is to click on the folder itself, but that's off-topic, I suppose.) Suggestions? :Peter
Oh what a tangled web they weave who try a new word to conceive!
On Fri, Sep 12, 2003 at 11:54:56AM -0500, Peter Clark wrote:
auth_passdb = pam auth_user = root
I thought you didn't need to be root to authenticate with PAM? If you can do this as dovecot-auth, it will be more secure.
Almost everything works fine, although I'm concerned about 'imap_listen = *'. Is there any way to restrict this to just localhost? I tried 'imap_listen = localhost', but that didn't seem to work. (Ditto with 127.0.0.1). (The other
If you set it to localhost, then you can only access mail from the one machine. I was under the impression that you were trying to access mail from more than one machine on your LAN. If not, then I'm not sure what IMAP is doing for you.
I haven't tried setting it to the loopback interface. I did set it to the LAN interface, but that eliminated loopback. Since I want both, I set it back to *. That means that it's also listening on the Internet interface, but the firewall and permissions are both blocking any connections there, so we're probably pretty secure.
Regarding the cheatsheet: I got the idea from McKusick's site at www.mostgraveconcern.com. It seems to be a good way of packing the maximum info into the minimum space. Sort of like an extra-terse man page. A series of cheatsheets for specific implementations might be the fastest, easiest way of supplementing the existing documentation. Since it consists only of the config files without comments, perhaps other people could edit their files and contribute them? Particularly for unusual setups?
Also, if you find a solution to a specific problem, please consider adding it to the troubleshooting guide on the Wiki.
Bob Hall
On Friday 12 September 2003 01:42 pm, Bob Hall wrote:
On Fri, Sep 12, 2003 at 11:54:56AM -0500, Peter Clark wrote:
auth_passdb = pam auth_user = root
I thought you didn't need to be root to authenticate with PAM? If you can do this as dovecot-auth, it will be more secure. Hey, I don't know. :) I'll try, though.
Almost everything works fine, although I'm concerned about 'imap_listen = *'. Is there any way to restrict this to just localhost? I tried 'imap_listen = localhost', but that didn't seem to work. (Ditto with 127.0.0.1). (The other
If you set it to localhost, then you can only access mail from the one machine. I was under the impression that you were trying to access mail from more than one machine on your LAN. If not, then I'm not sure what IMAP is doing for you. No, it's one machine. My "desktop" is vt7, my wife's is vt8. We both want to access the same maildir that is our common account (while keeping our own accounts separate--my wife doesn't want to wade through the 100 emails I get daily). The LUG members in my area recommended IMAP, rather than trying to symlink it. If you think it would be better to symlink it, please say so. And BTW, "localhost" doesn't work, even on one machine.
Also, if you find a solution to a specific problem, please consider adding it to the troubleshooting guide on the Wiki. Will do. :Peter
Oh what a tangled web they weave who try a new word to conceive!
On Friday, Sep 12, 2003, at 21:42 Europe/Helsinki, Bob Hall wrote:
On Fri, Sep 12, 2003 at 11:54:56AM -0500, Peter Clark wrote:
auth_passdb = pam auth_user = root
I thought you didn't need to be root to authenticate with PAM? If you can do this as dovecot-auth, it will be more secure.
I think PAM always requires roots.
Timo Sirainen wrote:
On Friday, Sep 12, 2003, at 21:42 Europe/Helsinki, Bob Hall wrote:
On Fri, Sep 12, 2003 at 11:54:56AM -0500, Peter Clark wrote:
auth_passdb = pam auth_user = root
I thought you didn't need to be root to authenticate with PAM? If you can do this as dovecot-auth, it will be more secure.
I think PAM always requires roots.
The process authenticating via PAM needs whatever access rights are required to read the password database.
Anyone who uses PAM to authenticate out of /etc/shadow (or the equivalent) will inevitably end up with the authentication daemon running as root.
If you tell PAM to authenticate via:
- LDAP
- any SQL database
- SMB (aka ask a Windows or Samba box)
- winbind (aka ask a WinNT, Win2k, or Win2k3 domain controller) then the ability to open a TCP, UDP, or unix domain socket is the only access required.
Note that the above list of PAM authentication mechanisms is by no means complete.
--
Phil Brutsche phil@brutsche.us
On Friday, Sep 12, 2003, at 19:54 Europe/Helsinki, Peter Clark wrote:
Almost everything works fine, although I'm concerned about 'imap_listen = *'. Is there any way to restrict this to just localhost? I tried 'imap_listen = localhost', but that didn't seem to work. (Ditto with 127.0.0.1).
That should work. What do you mean by it didn't work? Does Dovecot start? Is there anything in log files (/var/log/mail.log)? Can you "telnet localhost imap2"? Does "netstat -l" show that it's listening there?
participants (4)
-
Bob Hall
-
Peter Clark
-
Phil Brutsche
-
Timo Sirainen