Small time IMAP server with Postfix and Dovecot. Apache too.

Jurjen Bokma

July 2009


A little vacation project: we need this small time (one or two users) IMAP server. It is going to receive mail via FetchMail only, and send through a smarthost. Oh, and we need webpages to be served from it, too.

Procedure 36.  The webpages: enabling UserDirs in Apache

  1.   apt-get install apache2 emacs
      (Emacs doesn't have anything to do with Apache, it's just that I use it for editing.)

  2. Edit /etc/apache2/sites-available/default and append (well, nearly append):

    Include /etc/apache2/mods-available/userdir.conf
    
    UserDir disabled
    UserDir enable jurjen folmer
    UserDir http
    
    </VirtualHost>
    	

  3. cd /etc/apache/mods-enabled
    sudo ln -s ../mods-available/userdir.load ./

  4. Well, for good measure, we restart Apache:

    /etc/init.d/apache2 restart

As mentioned above, we want to receive mail through Fetchmail, we want to send outgoing mail to a smarthost, and we want to serve IMAP.

Procedure 37.  Mail configuration
  1. sudo apt-get install postfix dovecot-imapd fetchmail

  2. In /etc/postfix/main.cf,

    • set mydestination to only the names of the local host,

    • set relay_domains to the empty string

    • set relayhost to the local SMTP server and

    • set mynetworks to only the loopback

    Oh, and set mail_spool_directory to /var/spool/mail/, and don't forget the trailing slash: we want maildir-style mailboxes.

  3. Configure DoveCot: in /etc/dovecot/dovecot.conf, set

      protocols=imaps
          

    ,

      disable_plaintext_auth=no
          

    , and

      mail_location = maildir:/var/spool/mail/%u:LAYOUT=fs
          

    The rest is default settings.

  4. Create a ~/.fetchmailrc that says something like:

    poll your.imapserver.com protocol imap port 993
    user "usermail@your.imapserver.com" with password "blah(versysecr3t)" is "johndoe" here ssl;
    	

    Run fetchmail once manually, because fetching a lot of mail from a busy server may take a lot more than one minute.

    Then, as the appropriate user, with crontab -e, create a cron job that says:

      * * * * * fetchmail >>~/fetchmail.log 2>>~/fetchmail.err
    	

    If you drive the mail admin mad with every-minute IMAP sessions, consider reducing the frequency.

Procedure 38.  Security
  1. With an AllowUsers line in /etc/ssh/sshd_config, disallow most users to connect via SSH.

  2. Create a decent firewall config that allows SSH from some hosts, IMAP from any, and that's it. If the machines allowed SSH change a lot, consider tarpitting.