NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: imap configuration

On Thu, 26 Sep 2013, Steve Blinkhorn wrote:

I have the need to configure my mail servers to accept remote mail
from company smartphones, which will have unpredictable IP addresses
at any given time.

As I understand it, this is best done using port 587 and a suitably
configured imapd, but it is not clear to me whether stock imapd can
do the job.  I get the impression that I need to build something like
dovecot - but what is the difference between dovecot and dovecot2?

The primary difference is the version. :) If you're setting this up for
the first time, go with the current (dovecot2) stuff, the only reason I
can think of for going with the old one is if you have a legacy setup
that you're not ready to upgrade yet.

I guess this is all obvious once you know it, but if there's a "how to
get started with port 587" guide, that would be really helpful.

Personally, I'd go with port 993 (imaps), imap over ssl.  Though
double-checking, it seems that GNU TLS is an option as well.

It's been a few years since I set it up initially, but I don't remember
it being particularly difficult.  I installed it out of pkgsrc using
the default options, read through the default dovecot.conf and twiddled
things where it made sense, and started it up.  I think it's probably
harder to get the SSL stuff generated than it is to get dovecot itself

The default dovecot.conf has a pointer to a quick-start guide:

My notes on the SSL part:

Generating a new SSL cert (particularly for dovecot)

sh /usr/pkg/localshare/examples/openssl/ -newcert

Decrypt the key so it doesn't require a passwd:
openssl rsa -in newreq.pem -out unsec.pem

Edit newreq.pem and delete the cert, leave they key.

Move them into place:

mv /usr/pkg/etc/openssl/certs/dovecot.pem
mv newreq.pem /usr/pkg/etc/openssl/private/dovecot.pem

Make sure the files are properly protected

chmod 600 /usr/pkg/etc/openssl/certs/dovecot.pem
chmod 600 /usr/pkg/etc/openssl/private/dovecot.pem

restart dovecot


That will have you up and running with a self-signed cert, which will
throw warnings to your users depending on what clients they are running.
If you don't want to deal with that, you'll need to jump through the
additional hoops for getting a CA signed cert.

Since email isn't exactly e-commerce, you can probalby get away with one
of the free or cheap offerings, you probably don't need to fork out for
a $1000/year service.

Michael Parson
Austin, TX

Home | Main Index | Thread Index | Old Index