OPS335 Dovecot
Contents
Configuration for IMAP and POP3
- Edit the configuration file /etc/dovecot/dovecot.conf, and add the following line to the bottom of the file, or uncomment the same line in /etc/dovecot/conf.d/10-mail.conf:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
- Change the access permission of user mail box in /var/mail from 660 to 600 with the following command:
chmod 600 /var/mail/*
Testing POP3 port 110
- Login to your POP3 server as a regular user.
- telnet 192.168.122.184 110
The following is a typical successful POP3 session:
[rchan@f16 ~]$ telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. USER ops335 +OK PASS seneca99 +OK Logged in. LIST +OK 2 messages: 1 750 2 796 . QUIT +OK Logging out. Connection closed by foreign host.
In the above POP3 session, Four POP3 commands were used to verify that the POP3 server was running properly, they are: USER, PASS, LIST, and QUIT.
- USER: Followed by the user/owner name of the mail box
- PASS: Password associated with the user name
- LIST: Give a list of the email in the user's mail box and the size (in bytes) of each email.
- QUIT: Terminate the POP3 session.
Note that the user name and password were send in clear text to the POP3 server. In this sample session, both the POP3 server and the POP3 client (done manually using telnet) were on the same system.
Testing POP3 port 995
- Login to a Linux machine with network connectivity to your POP3 server.
- Run the command "openssl s_client -connect 192.168.122.184:995" to establish a secure POP3 session to your POP3 server running on 192.168.122.184.
- The following is a successfuly POP3s session:
The following is a sample POP3S session:
[root@rchan ~]# openssl s_client -connect 192.168.122.184:995 CONNECTED(00000003) depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = postmaster@example.com verify error:num=18:self signed certificate verify return:1 depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = postmaster@example.com verify return:1 --- Certificate chain 0 s:/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com i:/OU=IMAP server/CN=imap.example.com /emailAddress=postmaster@example.com --- Server certificate -----BEGIN CERTIFICATE----- MIICQzCCAaygAwIBAgIJALcfdK9YtAnqMA0GCSqGSIb3DQEBBQUAMFgxFDASBgNV BAsTC0lNQVAgc2VydmVyMRkwFwYDVQQDExBpbWFwLmV4YW1wbGUuY29tMSUwIwYJ KoZIhvcNAQkBFhZwb3N0bWFzdGVyQGV4YW1wbGUuY29tMB4XDTEyMDIxNDEwMDQz MloXDTEzMDIxMzEwMDQzMlowWDEUMBIGA1UECxMLSU1BUCBzZXJ2ZXIxGTAXBgNV BAMTEGltYXAuZXhhbXBsZS5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0ZXJA ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJbfvmamYddy rmic5sUDpw0nil+D3Z9wAno4vcynmdhX/6w0Ds3fOEcDT7sWzo4bU3Sg/cKoPn0q P3Qcd9M/zOoAdbZjPBxz0N5r6A8iIx353QfWQyJ1GeS1efD+5mgCkOlYWgmluhFU Gylf6uuzKXtyGHKULAmBk0D6OBIue1dfAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE AwIGQDANBgkqhkiG9w0BAQUFAAOBgQBSEZ2galIzSGai0nu4dE6ItQkOy7KI+64j h5CFDY9J+xED9GScNHaMa4IrvESAwWlGxI92JJhaUtB9jaW+Ft08uY65uoY2M+0u l3yRtJ7Yf/WxF90teShgqWqOr2SFLT0MfA2UoLWKRuhP/dBhLRkn8XEQ1yVUKN/4 YJM9ytydtA== -----END CERTIFICATE----- subject=/OU=IMAP server/CN=imap.example.com /emailAddress=postmaster@example.com issuer=/OU=IMAP server/CN=imap.example.com /emailAddress=postmaster@example.com --- No client certificate CA names sent --- SSL handshake has read 1301 bytes and written 311 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 7D2FAD3059BB443857C4FC5766F55E2AF58DC0612E884A12918C84F409C63C85 Session-ID-ctx: Master-Key: 897A5BB65CA9542E502FAFCDEF3918C13BC6C42721BD60443311D1FDD7DA691C0DDA17FB284ADA74083D1ADB2A2B4265 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - 06 ef d1 c5 22 bb 33 30-8f 6a de 1e 5f 7b 03 55 ....".30.j.._{.U 0010 - 30 d3 3b 67 21 ed 34 1a-dd 50 43 25 fe 45 16 b7 0.;g!.4..PC%.E.. 0020 - 5b d3 0f 9b f8 59 04 b6-3a 6c 2c 8b 13 4f c8 54 [....Y..:l,..O.T 0030 - 77 fa e1 3f 47 f9 fc 3a-72 f8 4e 21 e1 e9 b3 3d w..?G..:r.N!...= 0040 - 08 be d5 83 50 91 48 d7-03 09 f7 2b ae a7 81 9c ....P.H....+.... 0050 - 23 53 48 a2 38 06 69 3c-a8 c3 4b 16 e2 e8 15 eb #SH.8.i<..K..... 0060 - 13 8d 83 b0 13 cb ac 98-76 25 da 69 fd 2a 64 aa ........v%.i.*d. 0070 - 2c dd 1a e5 e2 61 4c 9a-93 d6 d8 1b 56 be 44 00 ,....aL.....V.D. 0080 - 53 bd 28 b1 5a c4 5d 42-df 67 89 89 56 65 aa 95 S.(.Z.]B.g..Ve.. 0090 - 10 29 cc 18 be 52 b8 c8-eb 7e 74 46 9e be 57 39 .)...R...~tF..W9
Compression: 1 (zlib compression) Start Time: 1329218719 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- +OK OPS335 Dovecot ready. USER ops335 +OK PASS seneca99 +OK Logged in. LISt +OK 1 messages: 1 722 . QUIT DONE
Testing IMAP port 143
- Login to your IMAP server as a regular user.
- telnet 192.168.122.184 143
The following is a typical successful IMAP session:
[rchan@f16 ~]$ telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. t0001 login ops335 seneca99 t0001 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in t0002 select inbox * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 2 EXISTS * 0 RECENT * OK [UIDVALIDITY 1329189595] UIDs valid * OK [UIDNEXT 3] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest t0002 OK [READ-WRITE] Select completed. t0003 fetch 1 body[text] * 1 FETCH (BODY[TEXT] {15} Test message. ) t0003 OK Fetch completed. t0004 fetch 2 body[text] * 2 FETCH (BODY[TEXT] {61} This is the 2nd message. for test dovecot pop3/imap server ) t0004 OK Fetch completed. t0005 close t0005 OK Close completed. t0006 logout * BYE Logging out t0006 OK Logout completed. Connection closed by foreign host.
In the above IMAP session, five IMAP commands were used to verify that the IMAP server was running properly, they five IMAP commands are: login, select, fetch, close, and logout. Notice that each command was preceded by a tag, i.e. t0001, t0002, etc. The tag was used by the IMAP client to match the responses from the IMAP sever with the command sent.
- login: to provide the user name and password for the IMAP server to authenticate the mail box user.
- select: to open a mailbox (or mail folder).
- fetch: to download a message in the mailbox.
- close: close the mailbox and removes all messages that are marked for deletion.
- logout: close the IMAP connection.
Note that the user name and password were also send in clear text to the IMAP server. In this sample session, both the IMAP server and the IMAP client (done manually using telnet) were on the same system.
Testing IMAP port 993
- Login to a Linux system which has network connectivity to your IMAP server.
- Run the command "openssl s_client -connect 192.168.122.184:993" to establish a secure connection to your IMAP server running on 192.168.122.184.
- The following is a successful IMAPs session:
[root@f14host conf.d]# openssl s_client -connect 192.168.122.184:993 CONNECTED(00000003) depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = postmaster@example.com verify error:num=18:self signed certificate verify return:1 depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = postmaster@example.com verify return:1 --- Certificate chain 0 s:/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com i:/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com --- Server certificate -----BEGIN CERTIFICATE----- MIICQzCCAaygAwIBAgIJAIqa1Dj3KJcWMA0GCSqGSIb3DQEBBQUAMFgxFDASBgNV BAsTC0lNQVAgc2VydmVyMRkwFwYDVQQDExBpbWFwLmV4YW1wbGUuY29tMSUwIwYJ KoZIhvcNAQkBFhZwb3N0bWFzdGVyQGV4YW1wbGUuY29tMB4XDTEyMDIwOTAwMTgw NFoXDTEzMDIwODAwMTgwNFowWDEUMBIGA1UECxMLSU1BUCBzZXJ2ZXIxGTAXBgNV BAMTEGltYXAuZXhhbXBsZS5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0ZXJA ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/p6PaA9DyW x17ccTonKVsWG9H2Tio6Tg36KoRPJJqegwMyhyOf11viE1fA247xJHe1YP/P5fr9 gK3OXvwfnlR/WQhwsN6q//XSO3W598WYRtoGUfSWSLM8YsWVU5/uMNL36avJDP8B 9DFkdX+MYRI6f0bKgxFX4clOVUJa+7ARAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE AwIGQDANBgkqhkiG9w0BAQUFAAOBgQBk9ObMMK5xZSar6r5ZgHM/+xbUrsMaEtXa ASwCJ5v9LGxsMzpkQtUHRPKxuMIbMYzhvmGNyDtCLKI3WpwnFH7yVt3eDXAYATLH JJmyO9sHd7Q9CT5EQdjedDgKRa8z6dKzpGiXpKJv7kwQ4kjiyXCf+7iwk1hMlP9W E0kwkwTJxg== -----END CERTIFICATE----- subject=/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com issuer=/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com --- No client certificate CA names sent --- SSL handshake has read 1301 bytes and written 311 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 04950A9F03AE841C7EF605358EA9F8FE54D8FDDC30B061BB666CC3BE0A0AFF69 Session-ID-ctx: Master-Key: 35E07181CB2EC3CB8FCD659D6FDD15C462333F9A7F196AC9E7E970AC0A952E426A8775992EE9AED6B699279694F238CC Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - bb 8b c0 2e 4d b2 ef 0e-12 59 a1 c0 8e 04 06 29 ....M....Y.....) 0010 - 51 8e 69 b3 96 15 09 16-0f d9 69 8b 7e 5d 8c 49 Q.i.......i.~].I 0020 - f7 57 e9 09 9e fb a3 61-3c ca 3c 5e d3 34 11 ae .W.....a<.<^.4.. 0030 - a7 57 f1 80 e7 11 b0 b9-99 3b 7c 8b fd ed b7 37 .W.......;|....7 0040 - 8c 65 1a 58 31 1e bd 7a-23 91 29 03 fe 49 fc 7f .e.X1..z#.)..I.. 0050 - 77 7b e8 f8 c9 c4 eb fc-4c eb f8 b1 85 ae 13 6a w{......L......j 0060 - 7f a0 c3 f6 b1 0b f3 9f-25 bd 8d ef 14 53 5f a1 ........%....S_. 0070 - 97 db 4d e1 7c 60 1c 15-94 38 b9 71 d8 41 8c 4c ..M.|`...8.q.A.L 0080 - 81 1f 83 2d 3c b2 a4 98-09 ee c0 d8 e9 39 3d 73 ...-<........9=s 0090 - 9c 6a 65 96 ae 7c 6d 9a-11 a3 01 03 6a 6b d3 ff .je..|m.....jk.. Compression: 1 (zlib compression) Start Time: 1329263161 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. t0010 login ops335 seneca99 t0010 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in t0020 select inbox * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 2 EXISTS * 0 RECENT * OK [UIDVALIDITY 1329189595] UIDs valid * OK [UIDNEXT 3] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest t0020 OK [READ-WRITE] Select completed. t0040 fetch 1 body[text] * 1 FETCH (BODY[TEXT] {15} Test message. ) t0040 OK Fetch completed. t0050 close t0050 OK Close completed. t0060 logout * BYE Logging out t0060 OK Logout completed. closed