Monday, July 11, 2011

Dovecot

一,Mail Retrieval Protocols
Post Office Protocol
All data,including passwords,is passed in cleartext over TCP port 110
Use POP3s to provide SSL encryption of data over TCP port 995
Internet Mail Access Protocol
All data,including passwords,is passwd in cleartext over TCP port 143
Use IMAP to provide SSL encryption of data over TCP port 993
Dovecot supports POP3,POP3s,IMAP,and IMAPs
二,Service Profile:Dovecot
type:systemV-managed service
package:dovecot
daemon:/usr/sbin/dovecot
scritp:/etc/init.d/dovecot
ports:110(pop),995(pop3s),143(imap),993(imaps)
configuration:/etc/devecot.conf
Related:procmail,fetchmail,openssl
三,Dovecot Configuration
Listens on all IPv6 and IPv4 interfaces by default
Specify protocols in /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
Make a private key and self-signed certificate before using SSL
1,confirm system time to avoid date issues
2,review /etc/dovecot.conf for key and cert locations
3,Run make -C /etc/pki/tls/certs dovecot.pem
creates a single PEM file containing both the key and the cert
4,copy the new PEM file to both locations
verifying POP Operation
Verify server operation
Graphical:Thunderbird and Evolution
Text-mode:mutt and Fetchmail
mutt -f pop://user@server[:port]
mutt -f pops://user@server[:port]
Can also use telnet(POP3) or openssl s_client(POP3s)
identify problems with certificate date or permissions
verifying IMAP Operation
Verify server operation
Graphical:Thunderbird and Evolution
Text-mode:mutt and Fetchmail
mutt -f imap://user@server[:port]
mutt -f imaps://user@server[:port]
Can also use telnet(POP3) or openssl s_client(POP3s)
identify problems with certificate date or permissions
[root@station10 ~]# yum install -y dovecot
/etc/doveot.conf
protocols = imap imaps pop3 pop3s
[root@station10 ~]# date
Wed Oct 22 09:46:59 CST 2008
[root@station10 ~]#
2,
[root@station10 ~]# find /etc/ -name dovecot.pem -exec rm {} ;
3,
[root@station10 ~]# make -C /etc/pki/tls/certs dovecot.pem
make: Entering directory `/etc/pki/tls/certs’
umask 77 ;
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ;
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ;
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ;
cat $PEM1 > dovecot.pem ;
echo “” >> dovecot.pem ;
cat $PEM2 >> dovecot.pem ;
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
……++++++
…………………++++++
writing new private key to ‘/tmp/openssl.h10778′
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:China
Locality Name (eg, city) [Newbury]:Guangdong
Organization Name (eg, company) [My Company Ltd]:Example,Inc.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:station10.example.com
Email Address []:root@station10.example.com
make: Leaving directory `/etc/pki/tls/certs’
[root@station10 ~]#
4,:
[root@station10 ~]# find /etc/pki/ -name dovecot.pem -ls
99026 8 -rw——- 1 root root 2182 Oct 22 09:50 /etc/pki/tls/certs/dovecot.pem
[root@station10 ~]#
5,:
[root@station10 ~]# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
#ssl_key_password =
[root@station10 ~]#
6,:
[root@station10 ~]# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/certs/dovecot.pem
#ssl_key_password =
[root@station10 ~]#
7,:
[root@station10 ~]# service dovecot status
dovecot is stopped
[root@station10 ~]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@station10 ~]# chkconfig dovecot on
[root@station10 ~]#
8,:
[root@station10 ~]# netstat -tulpn | grep dovecot
tcp 0 0 :::993 :::* LISTEN 10848/dovecot
tcp 0 0 :::995 :::* LISTEN 10848/dovecot
tcp 0 0 :::110 :::* LISTEN 10848/dovecot
tcp 0 0 :::143 :::* LISTEN 10848/dovecot
[root@station10 ~]#
9,:
[root@station10 ~]# echo ‘this is a test’ | mail -s test root
[root@station10 ~]# mutt -f pop://root@station10.example.com

Oct 22 10:02:19 station10 dovecot: Logins with UID 0 not permitted (user root)
Oct 22 10:02:19 station10 dovecot: pop3-login: Internal login failure: user=, method=PLAIN, rip=::ffff:192.168.0.10, lip=::ffff:192.168.0.10, secured
/etc/dovcot.conf:
# Note that denying root logins is hardcoded to dovecot binary and can’t
# be done even if first_valid_uid is set to 0.

[root@station10 ~]# useradd student
[root@station10 ~]# passwd student
Changing password for user student.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@station10 ~]# echo ‘this is a test’ | mail -s test student
[root@station10 ~]#

[root@station10 ~]# mutt -f pop://student@station10.example.com
,ok.

mutt -f pops://student@station10.example.com
mutt -f imap://student@station10.example.com
mutt -f imaps://student@station10.example.com