hamwaves.com
;

Dovecot SSL Configuration

Serge Y. Stroobandt

Copyright 2022, licensed under Creative Commons BY-NC-SA

  1. Home
  2. Information Technology
  3. Servers
  4. Dovecot SSL Configuration

This document is still under construction.

Server account testing

$ sudo doveadm log errors

$ tail /var/log/mail.err

$ sudo doveadm user serge
    field    value
    uid      1000
    gid      1000
    home    /home/serge
    mail    maildir:~/Mail
    system_groups_user    serge

$ sudo doveadm auth test serge

DH parameters

Diffie‑Hellman parameters

$ sudo doveadm log errors
    Oct 09 15:00:02 Warning: config: please set ssl_dh=</etc/dovecot/dh.pem
    Oct 09 15:00:02 Warning: config: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem

$ cd /usr/share/dovecot/

$ sudo su
root@c2550:/home/etc/dovecot/dovecot.current# dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
    272+0 records in
    272+0 records out
    272 bytes copied, 0.00161711 s, 168 kB/s
root@c2550:/home/etc/dovecot/dovecot.current# exit
    exit

SSL certificate creation

$ cd /etc/dovecot/ssl/

$ sudo rm *

$ cd /usr/share/dovecot/

$ sudo vim dovecot-openssl.cnf

$ sudo vim mkcert.sh

    $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 3650 || exit 2

$ sudo ./mkcert.sh

HTTPS certificate publishing

$ sudo vim /etc/dovecot/conf.d/10-master.conf
service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }
  inet_listener https {
    port = 443
    ssl = yes
  }
$ sudo service dovecot restart

Client account testing

$ openssl s_client -connect c2550:imaps

$ telnet c2550 imaps
a LOGIN serge <password>

Thunderbird

$ cd ~/.thunderbird/5usajp37.default
$ gvim cert_override.txt
5
Creative Commons Licence
This work is licensed under a Creative Commons Attribution‑NonCommercial‑ShareAlike 4.0 International License.
Other licensing available on request.
GNU GPL v3
Unless otherwise stated, all originally authored software on this site is licensed under the terms of GNU GPL version 3.
cookie
This static web site has no backend database.
Hence, no personal data is collected and GDPR compliance is met.
Moreover, this domain does not set any first party cookies.

All Google ads shown on this web site are, irrespective of your location,
restricted in data processing to meet compliance with the CCPA and GDPR.
However, Google AdSense may set third party cookies for traffic analysis and
use JavaScript to obtain a unique set of browser data.
Your browser can be configured to block third party cookies.
Furthermore, installing an ad blocker like EFF's Privacy Badger
will block the JavaScript of ads.
Google's ad policies can be found here.
This page employs a Python Bottle server‑side script.
This page includes an open-source client-side script, written in Python and
transcoded by Brython to make it run as secure JavaScript in the browser.
Static XHTML generated from Markdown by Pandoc and
the GNU/Linux make, sed and gpp commands.
LaTeXmath markup rendered with MathJax.
BibTeX references are best read with JabRef.
Unattended CSS typesetting with Prince.
This work is published at https://hamwaves.com/dovecot.ssl/en/.
profile for Serge Stroobandt on Stack Exchange, a network of free, community-driven Q&A sites
GnuPG
Use my OpenPGP public key to encrypt messages for:

echo c2VyZ2VAc3Ryb29iYW5kdC5jb20K |base64 -d
Last update: Tuesday, October 11, 2022.