Dovecot
Dovecot is an implementation of the IMAP and POP3 mail retrieval protocols. It is typically installed alongside a mail transfer server such as Sendmail, Postfix or qmail. It was designed to be very secure both in terms of quality of the code and the encryption methods it can apply to the mail protocols.
Contents |
Origins
Dovecot is a relative newcomer to the mail services arena, only appearing in July 2002. Despite this short life it is very mature and fully featured. It was designed to be light on system resources while being quick to respond to requests and simple to setup. It is available from the Ports system.
Features
Dovecot supports both IMAP (the Internet Mail Access Protocol) and POP3 (the Post Office Protocol version 3) as well as various SSL (Secure Socket Layer) methods to encrypt data running over them.
It was also designed to be secure. The code is produced to be clean and free from potential exploits (while this sounds like an obvious and possibly expected requirement for programs, search the internet for Sendmail and you will realise that even long-standing code can be extremely exploitable). It also uses various methods to secure and optionally encrypt data by the following options:
Authentication Methods
- APOP;
- Cram-MD5;
- Digest-MD5;
- Login;
- Plain text (usually default on POP3, not secure at all);
- SSL.
Authentication Sources
- BSD authentication;
- Custom password file;
- Default PAM service (dovecot);
- External program;
- LDAP;
- Other (Dovecot);
- PAM service;
- PostgreSQL;
- SQL database;
- Unix passwd (password) file;
- Unix shadow file;
- VPOPMail library.
Security Enhancements
Dovecot can, when using local account-based authentication, specify which UIDs between a set range can be authenticated. This is set using a minimum / maximum value. Typically the minimum value is set to a UID above the system and service account range while the maximum can be left blank for all remaining accounts beyond the minimum setting. In the same way local groups can be contained within the minimum / maximum range as well as additional secondary groups.
Similar to most other key FreeBSD services Dovecot can be run chroot in its own directory.
The network interface (or interfaces) with which Dovecot will listen to can also be selected and whether it is uses IPv4 or IPv6.