Postfix/Dovecot Setup

• Back to Geary

Here's how to set up an Ubuntu 12.04 server with Postfix and Dovecot, for testing Geary.

Logs

Postfix by default logs to /var/log/mail.log and /var/log/mail.err.

Dovecot by default logs to the syslog, which by default goes to /var/log/syslog.

Check those places if something goes wrong.

Dovecot

See also: Ubuntu Wiki: Dovecot

Install

• We're just using the IMAP server:

sudo apt-get install dovecot-imapd

Basic Setup

• Allow Dovecot to accept authentication details on the local network without SSL. In /etc/dovecot/dovecot.conf find the line with login_trusted_networks and set it to your local network. For example:

login_trusted_networks = 192.168.1.0/24

You can also just tell it to never require SSL for authentication by setting disable_plaintext_auth = no in /etc/dovecot/conf.d/10-auth.conf.

• Tell Dovecot where Postfix is going to deliver mail by default. In /etc/dovecot/conf.d/10-mail.conf, these are the settings that matter:

mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
mail_access_groups = mail

That's the default for Ubuntu's Postfix package; alternately you could set up Maildir or something else entirely by editing the Postfix configuration, but that's outside the scope here.

SASL Auth

• Postfix is going to need an auth backend (see below), handily supplied by Dovecot. I stuck these options in /etc/dovecot/dovecot.conf because I couldn't find a better place for them:

auth default {
  mechanisms = plain login
  socket listen {
    client {
      path = /var/spool/postfix/private/auth-client
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

• You also for some reason have to edit /etc/dovecot/conf.d/10-auth.conf again and set:

auth_mechanisms = plain login

SSL (Optional)

• To enable SSL, you should be able to just edit /etc/dovecot/conf.d/10-ssl.conf and set ssl like:

ssl = yes

Everything else should already be good to go.

Subfolders with mbox

Dovecot does not support child folders with mbox. However, it can be configured to support subfolders by tweaking some naming rules. More information can be found here: http://wiki2.dovecot.org/MboxChildFolders. The instructions I followed are under Maildir++ layout.

Final Steps

• Restart dovecot:

sudo service dovecot restart

• Let's test things out (where <host> is the hostname):

telnet <host> imap

You should see something like:

Trying <host>...
Connected to <host>.
Escape character is '^]'.
+OK [...] dovecot ready.

Next, issue the following commands in telnet:

. login <user> <pass>
. list "" "*"
. status inbox (messages)

Hopefully everything looks ok here.

Postfix

See also: Ubuntu Wiki: Postfix

Install

• If you didn't already have the package:

sudo apt-get install postfix

• If you already had the package:

sudo dpkg-reconfigure postfix

• At the prompts, select "internet site" and set the domain to whatever you want, henceforth test.example.com. Defaults are fine otherwise.

SMTP Auth

• Postfix won't allow SMTP auth out of the box. We'll enable it using the Dovecot SASL auth we set up earlier. Edit /etc/postfix/main.cf and make sure these settings are as such:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

SSL/TLS (Optional)

• You can also generate your own certificate, but we're going to use the preexisting ssl-cert-snakeoil.pem. In /etc/postfix/main.cf again:

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

Final Steps

• Restart postfix:

sudo service postfix restart

• Let's test out our setup:

telnet <host> smtp

You should see something like:

Trying <host>...
Connected to test.example.com.
Escape character is '^]'.
220 test ESMTP Postfix (Ubuntu)

Let's try authorizing and sending an email. Note you'll need your base64-encoded username and password, which can be found with printf '<user or pass>' | base64:

ehlo test
auth login <base64-user>
<base64-pass>
mail from: <user>@test.example.com
rcpt to: <user>@test.example.com
data
Subject: test

test
.
quit

You should be able to log in and see the test message now.

Good luck!