Dovecot Raw 

[TOC]

*   Written for CentOS 7.1, Dovecot 2.2.10.
*   Users are system users (in `/etc/aliases`)
*   Mailbox style is `Maildir` (in their home folders.)
*   Certificates are [Comodo PositiveSSLs from
    NameCheap](https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx)

Pre-Flight
----------

Getting your mail is not something which can always be done via telnet
(insecure) or SSH (e.g. in the case of virtual accounts.)[^1]
[Dovecot](http://www.dovecot.org/) allows you to get your mail using the
POP3 and/or IMAP protocols.

### On SSL

*   The Dovecot instance will use POP3S and IMAPS in addition to POP3
    and IMAP. When TLS properly implemented/initiated with the latter
    pair, there's really no reason why the former would be required.
    Seems to be [some](http://wiki.dovecot.org/SSL)
    [debate](https://support.google.com/mail/answer/1074635?hl=en&uls=en)
    about this.
*   The Comodo certificates were chosen since they would [work with
    Gmail](http://www.tomsguide.com/us/Gmail-SSL-POP3-Certificate-Self-Signed,news-16468.html)
    and most other MUAs.

Installation
------------

    yum install dovecot  
    systemctl enable dovecot

Configuration
-------------

Turn off SSL (for now) in `/etc/dovecot/conf.d/10-ssl.conf`.

    ssl = no

### Initial Configuration

Edit `/etc/dovecot/dovecot.conf` and set the protocols you want to serve

    protocols = imap pop3

Listen on IPv4 and IPv6 interfaces

    listen = *, ::

Location for run time data

    base_dir = /var/run/dovecot/

Now, in `/etc/dovecot/conf.d/10-mail.conf`, tell Dovecot where to find
the messages

    mail_location = maildir:~/Maildir

Start the service and make sure it's running

    [root@example ~]# systemctl start dovecot  
    [root@example ~]# netstat -tulpn | grep dovecot  
    tcp   0      0 0.0.0.0:110      0.0.0.0:*         LISTEN      7183/dovecot  
    tcp   0      0 0.0.0.0:143      0.0.0.0:*         LISTEN      7183/dovecot  
    tcp   0      0 :::110           :::*              LISTEN      7183/dovecot  
    tcp   0      0 :::143           :::*              LISTEN      7183/dovecot

### Testing

You can now telnet to either ports 110 ([POP3](http://www.anta.net/misc/telnet-troubleshooting/pop.shtml)) 
or 143 ([IMAP](http://www.anta.net/misc/telnet-troubleshooting/imap.shtml)).
The syntaxes differ quite a bit.

Make sure firewall is poked :)

### Securing

Now we use TLS with the POP3 and IMAP ports. All authentication and
message transfer will be done only over a secure connection.

Edit `/etc/dovecot/conf.d/10-ssl.conf` to mandate SSL

    ssl = required

And configure the certificates and keys you will use

    ssl_cert =