From c455896ae9e69e2498742ff795e7886dee1ffa23 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Fri, 5 Feb 2021 09:55:25 +0100
Subject: Move source files into src

---
 ...-freebsd-mailserver-part-3-dovecot-imap-sasl.md | 223 ---------------------
 1 file changed, 223 deletions(-)
 delete mode 100644 _posts/2016-10-31-freebsd-mailserver-part-3-dovecot-imap-sasl.md

(limited to '_posts/2016-10-31-freebsd-mailserver-part-3-dovecot-imap-sasl.md')

diff --git a/_posts/2016-10-31-freebsd-mailserver-part-3-dovecot-imap-sasl.md b/_posts/2016-10-31-freebsd-mailserver-part-3-dovecot-imap-sasl.md
deleted file mode 100644
index cbb476b..0000000
--- a/_posts/2016-10-31-freebsd-mailserver-part-3-dovecot-imap-sasl.md
+++ /dev/null
@@ -1,223 +0,0 @@
----
-title: "FreeBSD email server - Part 3: Dovecot, IMAP and SASL"
-date: 2016-10-31 07:57:50
-tags: Tutorial FreeBSD Email Dovecot IMAP SASL
-layout: post
----
-
-Welcome to the second part of my FreeBSD email server series. In this series, I
-will guide you through setting up your own email service. Be sure to read the
-previous parts before trying to continue on this part in case you have not done
-so yet.
-
-This part will guide you through setting up [Dovecot][dovecot]. This service
-will deal with the SASL authentication to your email server and making your email
-boxes accessible via IMAP. While this guide does not cover POP3 functionality,
-Dovecot can handle this as well.
-
-Just like the Postfix setup, Dovecot has quite a few configuration options to
-set before it will work as expected in this setup. If you have questions after
-reading the full guide, please find me on IRC. You can find details on how to
-do so on [my homepage][home].
-
-## Installing Dovecot
-Dovecot will also be installed from the ports tree from FreeBSD. As this guide
-assumes you are working through them in order, explanation of acquiring the
-ports tree will be omitted here.
-
-You can start the installation procedure with the following commands.
-
-{% highlight sh %}
-cd /usr/ports/mail/dovecot2
-make configure install
-{% endhighlight %}
-
-Again, like with the Postfix installation, leave the default options on and add
-the `PGSQL` option so Dovecot can use PostgreSQL as the database back-end.
-
-## Enabling Dovecot
-Enable the Dovecot service for rcinit.
-
-{% highlight sh %}
-echo 'dovecot_enable="YES"' >> /etc/rc.conf.local
-{% endhighlight %}
-
-## Configuring Dovecot
-To start of with Dovecot configuration, copy over the sample files first.
-
-{% highlight sh %}
-cp -r /usr/local/etc/dovecot/example-config/* /usr/local/etc/dovecot/.
-{% endhighlight %}
-
-Now you can start editing a number of pesky files. The file names of the
-headings all appear relative to `/usr/local/etc/dovecot`.
-
-### dovecot.conf
-Here you only have to set which protocols you want to enable. Set them as
-follows.
-
-{% highlight ini %}
-protocols = imap lmtp
-{% endhighlight %}
-
-### conf.d/10-master.cf
-The `master.cf` configuration file indicates which sockets Dovecot should use
-and provide and as which user its processes should be ran. Keep the defaults as
-they are, with the exception of the following two blocks.
-
-#### service imap-login
-This will enable imaps, IMAP over SSL, and disable plain IMAP.
-
-{% highlight ini %}
-service-imap-login {
-    inet_listener imap {
-        port = 0
-    }
-
-    inet_listener imaps {
-        port = 993
-        ssl = yes
-    }
-}
-{% endhighlight %}
-
-#### services
-This will instruct Dovecot to provide a service for authentication and `lmtp`
-the **local mail transport protocol**. This is required to deliver the email
-files into the correct email box location in the file system.
-
-{% highlight ini %}
-service auth {
-    unix_listener auth-userdb {
-        mode = 0600
-        user = postfix
-        group = postfix
-    }
-
-    unix_listener /var/spool/postfix/private/auth {
-        mode = 0666
-        user = postfix
-        group = postfix
-    }
-
-    user = dovecot
-}
-
-service lmtp {
-    unix_listener /var/spool/postfix/private/dovecot-lmtp {
-        mode = 0600
-        user = postfix
-        group = postfix
-    }
-}
-
-service auth-worker {
-    user = postfix
-}
-{% endhighlight %}
-
-### conf.d/10-ssl.conf
-Here you have to enable SSL and provide the correct paths to your SSL key in
-order for Dovecot to work with them.
-
-{% highlight ini %}
-ssl = required
-ssl_cert = < /usr/local/etc/letsencrypt/live/domain.tld/fullchain.pem
-ssl_key = < /usr/local/etc/letsencrypt/live/domain.tld/privkey.pem
-{% endhighlight %}
-
-### conf.d/10-mail.conf
-The mail.conf location instructs Dovecot which location to appoint for storing
-the email files. `%d` expands to the domain name, while `%n` expands to the
-local part of the email address.
-
-{% highlight ini %}
-mail_home = /srv/mail/%d/%n
-mail_location = maildir:~/Maildir
-{% endhighlight %}
-
-Make sure the location set by `mail_home` exists and is owned by `postfix`!
-
-{% highlight sh %}
-mkdir -p /srv/mail
-chown postfix:postfix /srv/mail
-{% endhighlight %}
-
-### conf.d/10-auth.conf
-This file deals with the authentication provided by Dovecot. Mostly, which
-mechanisms should be supported and what mechanism should be used to get the
-actual credentials to check against.  Make sure the following options are set
-as given
-
-{% highlight ini %}
-disable_plaintext_auth = yes
-auth_mechanisms = plain 
-{% endhighlight %}
-
-Also, make sure `!include auth-system.conf.ext` is commented **out**. It is not
-commented out by default, so you will have to do this manually. In addition,
-you have to uncomment `!include auth-sql.conf.ext`.
-
-### conf.d/auth-sql.conf.ext
-This is the file included from `10-auth.conf`. It instructs Dovecot to use SQL as
-the driver for the password and user back-ends.
-
-{% highlight ini %}
-passdb {
-    driver = sql
-    args = /usr/local/etc/dovecot/dovecot-sql-conf.ext
-}
-
-userdb {
-    driver = prefetch
-}
-
-userdb {
-    driver = sql
-    args = /usr/local/etc/dovecot/dovecot-sql-conf.ext
-}
-{% endhighlight %}
-
-### dovecot-sql.conf.ext
-The final configuration file entails the queries which should be used to get the
-required information about the users. Make sure to update the `password` and possibly
-other parameters used to connect to the database. You may have to update the `125` as
-well, as this has to be identical to the `UID` of `postfix`.
-
-As a side note, if you are following this tutorial on a machine that does
-**not** support Blowfish in the default glib, which is nearly every GNU+Linux
-setup, you **can not** use `BLF-CRYPT` as the `default_pass_scheme`. You will
-have to settle for the `SHA-512` scheme instead.
-
-{% highlight ini %}
-driver = pgsql
-connect = host=127.1 dbname=mail user=postfix password=incredibly-secret!
-default_pass_scheme = BLF-CRYPT
-password_query = \
-    SELECT \
-        local AS user, \
-        password, \
-        '/srv/mail/%d/%n' AS userdb_home, \
-        125 AS userdb_uid, \
-        125 AS userdb_gid \
-    FROM users \
-    WHERE local='%n' AND domain='%d';
-
-user_query = \
-    SELECT \
-        '/srv/mail/%d/%n' AS home \
-        125 AS uid, \
-        125 AS gid \
-    FROM users \
-    WHERE local='%n' AND domain='%d';
-{% endhighlight %}
-
-## Conclusion
-After this part, you should be left with a functioning email server that
-provides IMAP over a secure connection. While this is great on itself, for
-actual use in the wild, you should setup some additional services. Therefore,
-in the next part, we will deal with practices that "authenticate" your emails
-as legit messages. Be sure to read up on it!
-
-[dovecot]: http://dovecot.org/
-[home]: {{ "/" | prepend: site.baseurl }}
-- 
cgit v1.1