Dovecot POP3/IMAP server

The next article is about how to install and setup dovecot server.

Start a new terminal then install the dovecot server:

yum install dovecot

In the /etc directory edit the dovecot.conf file and add those changes as below here:

#you must add pop3 and pop3s to get these protocols work
protocols = imap imaps pop3 pop3s

#this part depend on what mail server you are using for eg.: Postfix, Sendmail
mail_location = mbox:~/mail:INBOX=/var/mail/%u

#you should add the mail group to the privileged user group otherwise dovecot wont be able to read the mailbox file
mail_privileged_group = mail

#You need to setup the uidl part otherwise the POP3 clients can’t follow of what messages they’ve downloaded from the server.
#More hints here: http://wiki2.dovecot.org/POP3Server
pop3_uidl_format = %08Xu%08Xv

#this part need for outlook to get it work. More hints here: http://wiki2.dovecot.org/Clients
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

#we need this part to reach the server with plain text authentication. Use basic pop3 authentication only just a secure environment! Otherwise use the secure SSL authentication.
#When you use the basic plain text authentication method, all the data travels unencrypted on your network. So the login details and the password could be catched by anyone.
#Use the encrypted SSL connection to secure the whole data travels. In the outlook thick the ” This server requires an encrypted connection(SSL) box”.
#After that the outlook will use SSL authentication method and every part of the communication will be secure.
#If you check the login details of the maillog file, you will see at the and of the line TLS
#I will show examples about this further below
disable_plaintext_auth = no

To get the SSL working you need to fill this part of the dovecot.conf:

ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/private/dovecot.key
ssl_disable = no

Save the dovecot.conf and close it. We are set.

Start the service:

service dovecot start

Then test the pop3 server.

tail -F /var/log/maillog

This below is a basic plain text login method 110 port used:

Jan 22 00:11:04 ldapproxy dovecot: pop3-login: Login: user=<aaa>, method=PLAIN, rip=192.168.0.5, lip=192.168.0.30
Jan 22 00:11:04 ldapproxy dovecot: POP3(aaa): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jan 22 00:11:05 ldapproxy sendmail[8564]: p0M0B5XT008564: from=<aaa@opensourcetechnology.co.uk>, size=407,, nrcpts=1, msgid=<201101220011.p0M0B5XT008564@ldapproxy.localdomain>, proto=ESMTP, daemon=MTA, relay=[192.168.0.5]
Jan 22 00:11:05 ldapproxy sendmail[8566]: p0M0B5XT008564: to=<aaa@opensourcetechnology.co.uk>, ctladdr=<aaa@opensourcetechnology.co.uk> (505/505), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30693, dsn=2.0.0, stat=Sent

and this is how the Wireshark captured the login name and the password of the whole process:

pop3-nosecure1

Then change the authentication method in the outlook to use the SSL. (port 995)

The maillog will look like this one:

Jan 22 00:23:38 ldapproxy dovecot: pop3-login: Login: user=<aaa>, method=PLAIN, rip=192.168.0.5, lip=192.168.0.30, TLS
Jan 22 00:23:38 ldapproxy dovecot: POP3(aaa): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jan 22 00:23:38 ldapproxy sendmail[9010]: p0M0NcNf009010: from=<aaa@opensourcetechnology.co.uk>, size=407,, nrcpts=1, msgid=<201101220023.p0M0NcNf009010@ldapproxy.localdomain>, proto=ESMTP, daemon=MTA, relay=[192.168.0.5]
Jan 22 00:23:38 ldapproxy sendmail[9011]: p0M0NcNf009010: to=<aaa@opensourcetechnology.co.uk>, ctladdr=<aaa@opensourcetechnology.co.uk> (505/505), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30693, dsn=2.0.0, stat=Sent

Have you noticed that the TLS at the and of the line? The whole communication was encrypted!
Take a look the Wireshark’s captured data. The whole process was encrypted.

pop31

To test your dovecot server locally without any pop3 client just start telnet:

[root@ldapproxy etc]# telnet 192.168.0.30 110

Trying 192.168.0.30…
Connected to 192.168.0.30 (192.168.0.30).
Escape character is ‘^]’.
+OK Dovecot ready.
user aaa
+OK
pass 123456
+OK Logged in.
list
+OK 1 messages:
1 743
.

retr 1
+OK 599 octets
Return-Path: <root@ldapproxy.localdomain>
Received: from ldapproxy.localdomain (localhost.localdomain [127.0.0.1])
by ldapproxy.localdomain (8.13.8/8.13.8) with ESMTP id p0O07gY3032579
for <aaa@ldapproxy.localdomain>; Mon, 24 Jan 2011 00:07:42 GMT
Received: (from root@localhost)
by ldapproxy.localdomain (8.13.8/8.13.8/Submit) id p0O07gRw032578
for aaa; Mon, 24 Jan 2011 00:07:42 GMT
Date: Mon, 24 Jan 2011 00:07:42 GMT
From: root <root@ldapproxy.localdomain>
Message-Id: <201101240007.p0O07gRw032578@ldapproxy.localdomain>
To: aaa@ldapproxy.localdomain
Subject: test

test
quit
.

More references and hints here: http://wiki2.dovecot.org/http://wiki.dovecot.org/MainConfig
And troubleshoot here: http://wiki.dovecot.org/QuestionsAndAnswers

 
Show Buttons
Hide Buttons