# dovecot
MDA
Access server emails with IMAP

# Installation
`dovecot-imapd` for IMAP on debian
 
# Configuration
Working configuration that authenticates local (unix) users and accessed via IMAPS with mTLS (client certificate auth)

`/etc/dovecot/dovecot.conf`
```sh
# Dovecot config
dovecot_config_version = 2.4.0
dovecot_storage_version = 2.4.0

# Only serve IMAP not POP3 or other
protocols = imap

# SSL options
ssl = required
ssl_server_cert_file = /etc/letsencrypt/live/ctq.ro/fullchain.pem
ssl_server_key_file = /etc/letsencrypt/live/ctq.ro/privkey.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED
ssl_server_prefer_ciphers = server
ssl_server_dh_file = /usr/share/dovecot/dh.pem

# Authentication
auth_mechanisms = plain login
auth_username_format = %{user | username }

# Client certs required for authentication
#protocol !smtp {
  #auth_ssl_require_client_cert = yes
  #auth_ssl_username_from_cert = yes
#}

# Client certificate verification for mTLS
ssl_server_ca_file = /etc/ssl/orion-ca/ca.crt
ssl_server_request_client_cert = yes


# Search for valid users in /etc/passwd
userdb users {
  driver = passwd
}

#Fallback: Use plain old PAM to find user passwords
passdb pam {
  driver = pam
}

# Allow postfix use of dovecot auth mechanism
service auth {
        unix_listener /var/spool/postfix/private/auth {
                mode = 0660
                user = postfix
                group = postfix
        }
}


# Mail storage location
# Each user has a mail folder in their /home
mail_driver = maildir
mail_path = ~/Mail
mail_inbox_path = ~/Mail/Inbox

# Inboxes
namespace inbox {
  inbox = yes

  mailbox Drafts {
    special_use = \Drafts
    auto = subscribe
  }

  mailbox Junk {
    special_use = \Junk
    auto = subscribe
    autoexpunge = 60d
  }

  mailbox Sent {
    special_use = \Sent
    auto = subscribe
  }

  mailbox Trash {
    special_use = \Trash
  }

  mailbox Archive {
    special_use = \Archive
  }
}
```

## Add users
Users in the `mail` group will be able to receive mail.
Add an existing user to the mail group with `usermod -a -G mail alice`
Add a new user with `useradd -m -G mail billy` and set their password with `passwd billy`.

For a mail-only user account, disable logging in with `usermod -s /usr/bin/false mailonlyuser`