Dovecot

From QNAPedia
Jump to navigation Jump to search

Dovecot

Using your local QNAP storage as a local E-Mail archive accessable via IMAP from local network or even via VPN from remote.

Authentication: local password of local pre-configured users

This instructions are based on QTS 5.0.1 on TS-453

Prerequisites

App Center archive extension

Via Web-UI: Enable QNAPclub in App Center as additional App archive

URL: https://www.qnapclub.eu/en/repo.xml

Entware

Install via App Center: Entware-std (version 1.03 on time of writing)

Installation

Login via SSH

Install via "opkg" required packages

opkg update
opkg install dovecot dovecot-utils

Configuration

System Users

Create for Dovecot required system users

useradd -r -c "Dovecot IMAP server" -M -d /opt/libexec/dovecot -s /sbin/nologin dovecot 
useradd -r -c "Dovecot's unauthorized user" -M -d /opt/libexec/dovecot -s /sbin/nologin dovenull

TLS Preparation

Create e.g. via XCA a local CA and issue server certificate for your QNAP system

Hint: configure additional "Subject Alternative Names" to match all possibilities like:

  • Internal IP address
  • Internal short hostname
  • Internal automatically assigned hostname, e.g. MY-QNAP.fritz.box

Store the created public part TLS Certificate of the server in PEM format into directory

/opt/etc/ssl/certs/

Store the private key of the TLS Certificate (without passphrase to be reboot-safe) of the server in PEM format into directory

/opt/etc/ssl/private/

Create local Dovecot configuration file

Replace "MY-QNAP-TLS.crt" and "MY-QNAP-TLS.key" with names used above

cat <<END >/opt/etc/dovecot/local.conf 
protocols = imap
 
ssl_cert = </opt/etc/ssl/certs/MY-QNAP-TLS.crt
ssl_key = </opt/etc/ssl/private/MY-QNAP-TLS.key
 
userdb {
  driver = passwd
}
 
passdb {
  driver = shadow
}
 
service imap-login {
	chroot =
}
END


Disable unusued configuration files

mv /opt/etc/dovecot/conf.d/10-ssl.conf /opt/etc/dovecot/conf.d/10-ssl.conf.unused
mv /opt/etc/dovecot/conf.d/10-auth.conf /opt/etc/dovecot/conf.d/10-auth.conf.unused

Maildir setup per user

Replace content of IMAP_USER_LIST to your users which should be allowed to use the QNAP storage as IMAP server

IMAP_USER_LIST="user1 user2 user3"

for u in $IMAP_USER_LIST; do
mkdir -p /share/homes/$u/Maildir/{cur,new,tmp}
chown -R $u /share/homes/$u/Maildir
done


Start Dovecot

/opt/etc/init.d/S90dovecot start

Troubleshooting

Logging

Unfortunately no log file is written (at least none were found so far)

Tracing

Stop dovecot

/opt/etc/init.d/S90dovecot stop

and run in foreground mode

/opt/sbin/dovecot -F -c /opt/etc/dovecot/dovecot.conf

in worst case, install "strace" via "opkg" and run in foreground using "strace"

strace /opt/sbin/dovecot -F -c /opt/etc/dovecot/dovecot.conf

Backup

Configuration

Include following directory into backup: /opt/etc/

User Data

Include following directory pattern into backup: /share/homes/*/Maildir/


Notes

The "Maildir" tree per user is portable and can be even accessed after copy to a Linux system using e.g. "mutt"


Usage

per client system or at least client e-mail program:

  • Import the generated CA used for issuing the server certificate (see above)

per client e-mail program:

  • Configure the QNAP storage as new mail server using one of the server name/IP addresses configured as "Subject Alternative Name" in the server certificate (hint: for small local setups: use IP address, this can also be used later in case of access via VPN).