Small time IMAP server with Postfix and Dovecot. Apache too.

Jurjen Bokma

July 2009

A little vacation project: we need this small time (one or two users) IMAP server. It is going to receive mail via FetchMail only, and send through a smarthost. Oh, and we need webpages to be served from it, too.

Procedure 43.  The webpages: enabling UserDirs in Apache

  1.   apt-get install apache2 emacs
      (Emacs doesn't have anything to do with Apache, it's just that I use it for editing.)

  2. Edit /etc/apache2/sites-available/default and append (well, nearly append):

    Include /etc/apache2/mods-available/userdir.conf
    UserDir disabled
    UserDir enable jurjen folmer
    UserDir http

  3. cd /etc/apache/mods-enabled
    sudo ln -s ../mods-available/userdir.load ./

  4. Well, for good measure, we restart Apache:

    /etc/init.d/apache2 restart

As mentioned above, we want to receive mail through Fetchmail, we want to send outgoing mail to a smarthost, and we want to serve IMAP.

Procedure 44.  Mail configuration
  1. sudo apt-get install postfix dovecot-imapd fetchmail

  2. In /etc/postfix/,

    • set mydestination to only the names of the local host,

    • set relay_domains to the empty string

    • set relayhost to the local SMTP server and

    • set mynetworks to only the loopback

    Oh, and set mail_spool_directory to /var/spool/mail/, and don't forget the trailing slash: we want maildir-style mailboxes.

  3. Configure DoveCot: in /etc/dovecot/dovecot.conf, set




    , and

      mail_location = maildir:/var/spool/mail/%u:LAYOUT=fs

    The rest is default settings.

  4. Create a ~/.fetchmailrc that says something like:

    poll protocol imap port 993
    user "" with password "blah(versysecr3t)" is "johndoe" here ssl;

    Run fetchmail once manually, because fetching a lot of mail from a busy server may take a lot more than one minute.

    Then, as the appropriate user, with crontab -e, create a cron job that says:

      * * * * * fetchmail >>~/fetchmail.log 2>>~/fetchmail.err

    If you drive the mail admin mad with every-minute IMAP sessions, consider reducing the frequency.

Procedure 45.  Security
  1. With an AllowUsers line in /etc/ssh/sshd_config, disallow most users to connect via SSH.

  2. Create a decent firewall config that allows SSH from some hosts, IMAP from any, and that's it. If the machines allowed SSH change a lot, consider tarpitting.