FreeBSD email server - Part 3: IMAP and SASL with Dovecot
Welcome to the second part of my FreeBSD email server series. In this series, I will guide you through setting up your own email service. Be sure to read the previous parts before trying to continue on this part in case you have not done so yet.
This part will guide you through setting up Dovecot. This service will deal with the SASL authentication to your email server and making your email boxes accessible via IMAP. While this guide does not cover POP3 functionality, Dovecot can handle this as well.
Just like the Postfix setup, Dovecot has quite a few configuration options to set before it will work as expected in this setup. If you have questions after reading the full guide, please find me on IRC. You can find details on how to do so on my homepage.
Dovecot will also be installed from the ports tree from FreeBSD. As this guide assumes you are working through them in order, explanation of acquiring the ports tree will be omitted here.
You can start the installation procedure with the following commands.
Again, like with the Postfix installation, leave the default options on and add
PGSQL option so Dovecot can use PostgreSQL as the database back-end.
Enable the Dovecot service for rcinit.
To start of with Dovecot configuration, copy over the sample files first.
Now you can start editing a number of pesky files. The file names of the
headings all appear relative to
Here you only have to set which protocols you want to enable. Set them as follows.
master.cf configuration file indicates which sockets Dovecot should use
and provide and as which user its processes should be ran. Keep the defaults as
they are, with the exception of the following two blocks.
This will enable imaps, IMAP over SSL, and disable plain IMAP.
This will instruct Dovecot to provide a service for authentication and
the local mail transport protocol. This is required to deliver the email
files into the correct email box location in the file system.
Here you have to enable SSL and provide the correct paths to your SSL key in order for Dovecot to work with them.
The mail.conf location instructs Dovecot which location to appoint for storing
the email files.
%d expands to the domain name, while
%n expands to the
local part of the email address.
Make sure the location set by
mail_home exists and is owned by
This file deals with the authentication provided by Dovecot. Mostly, which mechanisms should be supported and what mechanism should be used to get the actual credentials to check against. Make sure the following options are set as given
Also, make sure
!include auth-system.conf.ext is commented out. It is not
commented out by default, so you will have to do this manually. In addition,
you have to uncomment
This is the file included from
10-auth.conf. It instructs Dovecot to use SQL as
the driver for the password and user back-ends.
The final configuration file entails the queries which should be used to get the
required information about the users. Make sure to update the
password and possibly
other parameters used to connect to the database. You may have to update the
well, as this has to be identical to the
As a side note, if you are following this tutorial on a machine that does
not support Blowfish in the default glib, which is nearly every GNU+Linux
setup, you can not use
BLF-CRYPT as the
default_pass_scheme. You will
have to settle for the
SHA-512 scheme instead.
After this part, you should be left with a functioning email server that provides IMAP over a secure connection. While this is great on itself, for actual use in the wild, you should setup some additional services. Therefore, in the next part, we will deal with practices that "authenticate" your emails as legit messages. Be sure to read up on it!