Dovecot debian package ====================== Please refer to http://wiki2.dovecot.org for the full documentation of this package and its configuration. Note that the default value for mbox_write_locks differs between Debian and upstream Dovecot: Debian: mbox_write_locks = "fnctl dotlock" Dovecot: mbox_write_locks = "dotlock fnctl" dovenull group -------------- Upstream recommends that for securities sake, the dovenull user should belong to its own private group to which no one else belongs. Prior to 2.2.9-1, the dovenull user was in the nogroup group which contains other users. This has been rectified for new installs but upgraders should make the change themselves like this: # addgroup --system --group dovenull # usermod -g dovenull dovenull Setting up SSL certificates --------------------------- In order to use TLS or the IMAP over SSL (imaps) and POP3 over SSL (pop3s) protocols you need a digital document that verifies the identity of your server called an SSL certificate. The easiest way to get one of these is to buy one from one of the many commercial Certification Authorities (CAs.). But you can also be your own CA and create your own SSL certificate. In fact this package used to generate one for you but this turned out to be buggy and so now we leave it up to you. The certificate will have two pieces, a public part and a private part. The first step is to create a secure directory for the private part: # install -d -o root -g root -m0700 /etc/dovecot/private ... next copy two files mkcert.sh and dovecot-openssl.cnf from /usr/share/dovecot/ to somewhere you can edit them. Make openssl.cnf writable and mkcert.sh executable. Edit dovecot-openssl.cnf to give relevant parameters for your certificate. Run mkcert.sh. It should create a certificate for you and install it in the right place. Then make sure your certificate has the right permissions: # chown root:dovecot /etc/dovecot/dovecot.pem # chmod 0644 /etc/dovecot/dovecot.pem # chown root:dovecot /etc/dovecot/private/dovecot.pem # chmod 0600 /etc/dovecot/private/dovecot.pem ...finally edit /etc/dovecot/conf.d/10-ssl.conf to enable ssl. You can find out more about this topic on the dovecot wiki at: http://wiki2.dovecot.org/SSL Upgrading from 1.2 (squeeze) to 2.0 (wheezy) -------------------------------------------- * If you are upgrading from 1.2.15 in stable, be aware that a lot of settings have changed. Dovecot v2.0 can still use most of the v1.x configuration files, but it logs a lot of warnings at startup. A quick and easy way to convert your old config file to v2.0 format is: doveconf -n -c dovecot-1.conf > dovecot-2.conf This command logs a warning about each obsolete setting it converts to the new format. You can either go through the warnings to figure out what changes exactly were done, or you can simply trust doveconf and replace your old config with the newly generated one. * The biggest problem reported so far is due to an unfortunate packaging error in earlier versions of the 2.1.7 packages that left several files in /etc/dovecot/conf.d unmarked as conf files. This meant that dpkg didn't give them its usual protection against the overwriting of user changes and silently changed them to them to the package defaults even if you made your own local modifications. This was fixed in -3. Who is affected by this bug? + if you are upgrading to this version from 1.2.15 in stable you are not affected. + if you are upgrading from 2.1.7 -3 or higher, you are not affected. + if you are upgrading from 2.1.7 -2 or -1 from unstable, testing, or backports, you might be affected. If you are affected, check all the files in /etc/dovecot/conf.d carefully and remerge your local changes. Sorry for the inconvenience; this should not happen again. If you want to be absolutely sure nothing will happen to your configuration you can add it to /etc/dovecot/local.conf which is completely untouched by the dovecot package. * In conf.d/10-mail.conf, the default mail_location is set by default to mbox:~/mail:INBOX=/var/mail/%u This has to be set because Dovecots auto-detection of mailboxes fails when a user has no mail. I tried to provide a reasonable default but advanced users will certainly want to change this. People affected by the conf file bug mentioned above should also check that it is set to the right values. Related to this, you might see an error in the logs about dovecot not being able to chgrp certain files. This is because the default user mailboxes in Debian belong to group mail which dovecot is not part of (nor should be.) The Debian package has been patched so that the error will not be fatal but for a more permanent solution, see here: http://wiki2.dovecot.org/Errors/ChgrpNoPerm for some discussion. Or you can set mail_location (and the equivalent settings in your MDA) so that mailboxes are in the users home directory. Users bitten by the conf file bug or who did not have mail_location set at all may have found that mailbox detection worked anyway so they often ask me why it is necessary for the package to set it at all. Strictly speaking, it is not but we are trying to make the package plug-and-play for first time users while keeping things flexible for more advanced users and this is the best compromise that can be made. * Another file whose presence may cause problems is /etc/dovecot/conf.d/15-mailboxes.conf which defines mailboxes. By default this requires a "namespace inbox" section in /etc/dovecot/conf.d/10-mail.conf. Either add that namespace or comment out the contents of this file. * It was pointed out in bug #608719 that dovecots generated x.509 certificates should not be kept in /etc/ssl/certs. As of this version they are now created in /etc/dovecot on new installs. If you have an existing install, you can keep your certificates where they are or move them yourself. 1. Move /etc/ssl/certs/dovecot.pem to /etc/dovecot 2. Create a directory called /etc/dovecot/private owned by root:root with 0700 permissions. 3. Move /etc/ssl/private/dovecot.pem to /etc/dovecot/private 4. In /etc/dovecot/conf.d/10-ssl.conf make sure you have these lines: ssl_cert =