OPS335 Dovecot
Contents
Configuration for IMAP and POP3
- Edit the configuration file /etc/dovecot/dovecot.conf, and add the following line to the bottom of the file, or uncomment the same line in /etc/dovecot/conf.d/10-mail.conf:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
- Change the access permission of user mail box in /var/mail from 660 to 600 with the following command:
chmod 600 /var/mail/*
Testing POP3 port 110
- Login to your POP3 server as a regular user.
- telnet 192.168.122.184 110
The following is a typical successful POP3 session:
[rchan@f16 ~]$ telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. USER ops335 +OK PASS seneca99 +OK Logged in. LIST +OK 2 messages: 1 750 2 796 . QUIT +OK Logging out. Connection closed by foreign host.
In the above POP3 session, Four POP3 commands were used to verify that the POP3 server was running properly, they are: USER, PASS, LIST, and QUIT.
- USER: Followed by the user/owner name of the mail box
- PASS: Password associated with the user name
- LIST: Give a list of the email in the user's mail box and the size (in bytes) of each email.
- QUIT: Terminate the POP3 session.
Note that the user name and password were send in clear text to the POP3 server. In this sample session, both the POP3 server and the POP3 client (done manually using telnet) were on the same system.
Testing POP3 port 995
- Login to a Linux machine with network connectivity to your POP3 server.
- Run the command "openssl s_client -connect 192.168.122.184:995" to establish a secure POP3 session to your POP3 server running on 192.168.122.184.
- The following is a successfuly POP3s session:
The following is a sample POP3S session:
[root@rchan ~]# openssl s_client -connect 192.168.122.184:995
CONNECTED(00000003)
depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = postmaster@example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = postmaster@example.com
verify return:1
---
Certificate chain
0 s:/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com
i:/OU=IMAP server/CN=imap.example.com /emailAddress=postmaster@example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICQzCCAaygAwIBAgIJALcfdK9YtAnqMA0GCSqGSIb3DQEBBQUAMFgxFDASBgNV
BAsTC0lNQVAgc2VydmVyMRkwFwYDVQQDExBpbWFwLmV4YW1wbGUuY29tMSUwIwYJ
KoZIhvcNAQkBFhZwb3N0bWFzdGVyQGV4YW1wbGUuY29tMB4XDTEyMDIxNDEwMDQz
MloXDTEzMDIxMzEwMDQzMlowWDEUMBIGA1UECxMLSU1BUCBzZXJ2ZXIxGTAXBgNV
BAMTEGltYXAuZXhhbXBsZS5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0ZXJA
ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJbfvmamYddy
rmic5sUDpw0nil+D3Z9wAno4vcynmdhX/6w0Ds3fOEcDT7sWzo4bU3Sg/cKoPn0q
P3Qcd9M/zOoAdbZjPBxz0N5r6A8iIx353QfWQyJ1GeS1efD+5mgCkOlYWgmluhFU
Gylf6uuzKXtyGHKULAmBk0D6OBIue1dfAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE
AwIGQDANBgkqhkiG9w0BAQUFAAOBgQBSEZ2galIzSGai0nu4dE6ItQkOy7KI+64j
h5CFDY9J+xED9GScNHaMa4IrvESAwWlGxI92JJhaUtB9jaW+Ft08uY65uoY2M+0u
l3yRtJ7Yf/WxF90teShgqWqOr2SFLT0MfA2UoLWKRuhP/dBhLRkn8XEQ1yVUKN/4
YJM9ytydtA==
-----END CERTIFICATE-----
subject=/OU=IMAP server/CN=imap.example.com /emailAddress=postmaster@example.com
issuer=/OU=IMAP server/CN=imap.example.com /emailAddress=postmaster@example.com
---
No client certificate CA names sent
---
SSL handshake has read 1301 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 7D2FAD3059BB443857C4FC5766F55E2AF58DC0612E884A12918C84F409C63C85
Session-ID-ctx:
Master-Key: 897A5BB65CA9542E502FAFCDEF3918C13BC6C42721BD60443311D1FDD7DA691C0DDA17FB284ADA74083D1ADB2A2B4265
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - 06 ef d1 c5 22 bb 33 30-8f 6a de 1e 5f 7b 03 55 ....".30.j.._{.U
0010 - 30 d3 3b 67 21 ed 34 1a-dd 50 43 25 fe 45 16 b7 0.;g!.4..PC%.E..
0020 - 5b d3 0f 9b f8 59 04 b6-3a 6c 2c 8b 13 4f c8 54 [....Y..:l,..O.T
0030 - 77 fa e1 3f 47 f9 fc 3a-72 f8 4e 21 e1 e9 b3 3d w..?G..:r.N!...=
0040 - 08 be d5 83 50 91 48 d7-03 09 f7 2b ae a7 81 9c ....P.H....+....
0050 - 23 53 48 a2 38 06 69 3c-a8 c3 4b 16 e2 e8 15 eb #SH.8.i<..K.....
0060 - 13 8d 83 b0 13 cb ac 98-76 25 da 69 fd 2a 64 aa ........v%.i.*d.
0070 - 2c dd 1a e5 e2 61 4c 9a-93 d6 d8 1b 56 be 44 00 ,....aL.....V.D.
0080 - 53 bd 28 b1 5a c4 5d 42-df 67 89 89 56 65 aa 95 S.(.Z.]B.g..Ve..
0090 - 10 29 cc 18 be 52 b8 c8-eb 7e 74 46 9e be 57 39 .)...R...~tF..W9
Compression: 1 (zlib compression) Start Time: 1329218719 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- +OK OPS335 Dovecot ready. USER ops335 +OK PASS seneca99 +OK Logged in. LISt +OK 1 messages: 1 722 . QUIT DONE
Testing IMAP port 143
- Login to your IMAP server as a regular user.
- telnet 192.168.122.184 143
The following is a typical successful IMAP session:
[rchan@f16 ~]$ telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
t0001 login ops335 seneca99
t0001 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
t0002 select inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 2 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1329189595] UIDs valid
* OK [UIDNEXT 3] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
t0002 OK [READ-WRITE] Select completed.
t0003 fetch 1 body[text]
* 1 FETCH (BODY[TEXT] {15}
Test message.
)
t0003 OK Fetch completed.
t0004 fetch 2 body[text]
* 2 FETCH (BODY[TEXT] {61}
This is the 2nd message.
for test dovecot pop3/imap server
)
t0004 OK Fetch completed.
t0005 close
t0005 OK Close completed.
t0006 logout
* BYE Logging out
t0006 OK Logout completed.
Connection closed by foreign host.
In the above IMAP session, five IMAP commands were used to verify that the IMAP server was running properly, they five IMAP commands are: login, select, fetch, close, and logout. Notice that each command was preceded by a tag, i.e. t0001, t0002, etc. The tag was used by the IMAP client to match the responses from the IMAP sever with the command sent.
- login: to provide the user name and password for the IMAP server to authenticate the mail box user.
- select: to open a mailbox (or mail folder).
- fetch: to download a message in the mailbox.
- close: close the mailbox and removes all messages that are marked for deletion.
- logout: close the IMAP connection.
Note that the user name and password were also send in clear text to the IMAP server. In this sample session, both the IMAP server and the IMAP client (done manually using telnet) were on the same system.
Testing IMAP port 993
- Login to a Linux system which has network connectivity to your IMAP server.
- Run the command "openssl s_client -connect 192.168.122.184:993" to establish a secure connection to your IMAP server running on 192.168.122.184.
- The following is a successful IMAPs session:
[root@f14host conf.d]# openssl s_client -connect 192.168.122.184:993
CONNECTED(00000003)
depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = postmaster@example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 OU = IMAP server, CN = imap.example.com, emailAddress = postmaster@example.com
verify return:1
---
Certificate chain
0 s:/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com
i:/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICQzCCAaygAwIBAgIJAIqa1Dj3KJcWMA0GCSqGSIb3DQEBBQUAMFgxFDASBgNV
BAsTC0lNQVAgc2VydmVyMRkwFwYDVQQDExBpbWFwLmV4YW1wbGUuY29tMSUwIwYJ
KoZIhvcNAQkBFhZwb3N0bWFzdGVyQGV4YW1wbGUuY29tMB4XDTEyMDIwOTAwMTgw
NFoXDTEzMDIwODAwMTgwNFowWDEUMBIGA1UECxMLSU1BUCBzZXJ2ZXIxGTAXBgNV
BAMTEGltYXAuZXhhbXBsZS5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0ZXJA
ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/p6PaA9DyW
x17ccTonKVsWG9H2Tio6Tg36KoRPJJqegwMyhyOf11viE1fA247xJHe1YP/P5fr9
gK3OXvwfnlR/WQhwsN6q//XSO3W598WYRtoGUfSWSLM8YsWVU5/uMNL36avJDP8B
9DFkdX+MYRI6f0bKgxFX4clOVUJa+7ARAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE
AwIGQDANBgkqhkiG9w0BAQUFAAOBgQBk9ObMMK5xZSar6r5ZgHM/+xbUrsMaEtXa
ASwCJ5v9LGxsMzpkQtUHRPKxuMIbMYzhvmGNyDtCLKI3WpwnFH7yVt3eDXAYATLH
JJmyO9sHd7Q9CT5EQdjedDgKRa8z6dKzpGiXpKJv7kwQ4kjiyXCf+7iwk1hMlP9W
E0kwkwTJxg==
-----END CERTIFICATE-----
subject=/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com
issuer=/OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com
---
No client certificate CA names sent
---
SSL handshake has read 1301 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 04950A9F03AE841C7EF605358EA9F8FE54D8FDDC30B061BB666CC3BE0A0AFF69
Session-ID-ctx:
Master-Key: 35E07181CB2EC3CB8FCD659D6FDD15C462333F9A7F196AC9E7E970AC0A952E426A8775992EE9AED6B699279694F238CC
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - bb 8b c0 2e 4d b2 ef 0e-12 59 a1 c0 8e 04 06 29 ....M....Y.....)
0010 - 51 8e 69 b3 96 15 09 16-0f d9 69 8b 7e 5d 8c 49 Q.i.......i.~].I
0020 - f7 57 e9 09 9e fb a3 61-3c ca 3c 5e d3 34 11 ae .W.....a<.<^.4..
0030 - a7 57 f1 80 e7 11 b0 b9-99 3b 7c 8b fd ed b7 37 .W.......;|....7
0040 - 8c 65 1a 58 31 1e bd 7a-23 91 29 03 fe 49 fc 7f .e.X1..z#.)..I..
0050 - 77 7b e8 f8 c9 c4 eb fc-4c eb f8 b1 85 ae 13 6a w{......L......j
0060 - 7f a0 c3 f6 b1 0b f3 9f-25 bd 8d ef 14 53 5f a1 ........%....S_.
0070 - 97 db 4d e1 7c 60 1c 15-94 38 b9 71 d8 41 8c 4c ..M.|`...8.q.A.L
0080 - 81 1f 83 2d 3c b2 a4 98-09 ee c0 d8 e9 39 3d 73 ...-<........9=s
0090 - 9c 6a 65 96 ae 7c 6d 9a-11 a3 01 03 6a 6b d3 ff .je..|m.....jk..
Compression: 1 (zlib compression)
Start Time: 1329263161
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
t0010 login ops335 seneca99
t0010 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
t0020 select inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 2 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1329189595] UIDs valid
* OK [UIDNEXT 3] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
t0020 OK [READ-WRITE] Select completed.
t0040 fetch 1 body[text]
* 1 FETCH (BODY[TEXT] {15}
Test message.
)
t0040 OK Fetch completed.
t0050 close
t0050 OK Close completed.
t0060 logout
* BYE Logging out
t0060 OK Logout completed.
closed
