pavement

Dovecot

From FreeBSDwiki
Jump to: navigation, search

Dovecot is an implementation of the IMAP and POP3 mail retrieval protocols. It is typically installed alongside a mail transfer server such as Sendmail, Postfix or qmail. It was designed to be very secure both in terms of quality of the code and the encryption methods it can apply to the mail protocols.

Contents

Origins

Dovecot is a relative newcomer to the mail services arena, only appearing in July 2002. Despite this short life it is very mature and fully featured. It was designed to be light on system resources while being quick to respond to requests and simple to setup. It is available from the Ports system.

Features

Dovecot supports both IMAP (the Internet Mail Access Protocol) and POP3 (the Post Office Protocol version 3) as well as various SSL (Secure Socket Layer) methods to encrypt data running over them.

Both of these protocols allow remote (either on the LAN or over the internet) clients to access emails stored by the SMTP mail retrieval server. Please see the separate articles regarding these protocols for more details.

It was also designed to be secure. The code is produced to be clean and free from potential exploits (while this sounds like an obvious and possibly expected requirement for programs, search the internet for Sendmail and you will realise that even long-standing code can be extremely exploitable). It also uses various methods to secure and optionally encrypt data by the following options:

Authentication Methods

  • APOP;
  • Cram-MD5;
  • Digest-MD5;
  • Login;
  • Plain text (usually default on POP3, not secure at all);
  • SSL.

Authentication Sources

  • BSD authentication;
  • Custom password file;
  • Default PAM service (dovecot);
  • External program;
  • LDAP;
  • Other (Dovecot);
  • PAM service;
  • PostgreSQL;
  • SQL database;
  • Unix passwd (password) file;
  • Unix shadow file;
  • VPOPMail library.

Security Enhancements

Dovecot can, when using local account-based authentication, specify which UIDs between a set range can be authenticated. This is set using a minimum / maximum value. Typically the minimum value is set to a UID above the system and service account range while the maximum can be left blank for all remaining accounts beyond the minimum setting. In the same way local groups can be contained within the minimum / maximum range as well as additional secondary groups.

Similar to most other key FreeBSD services Dovecot can be run chroot in its own directory.

The network interface (or interfaces) with which Dovecot will listen to can also be selected and whether it is uses IPv4 or IPv6.

Mail Formats

Dovecot is capable of handling various mail formats:

  • Inbox (and folders) in ~/Maildir (Maildir format);
  • Inbox under /var/mail (mbox format);
  • Inbox in ~/mail;
  • Inbox in ~/Maildir, folders in ~/mail;
  • Other location (Dovecot).

See Also

There are a number of alternative services that provide POP3 and IMAP protocols on FreeBSD:

  • bincimap - a lightweight IMAP service using Maildir formats;
  • Courier-IMAP - a long standing project that provides primarily IMAP but also has POP3 support;
  • Cyrus IMAP - a long standing project that provides IMAP and designed to scale from small offices to large corporations, maintained by CMU;
  • dkimap4 - a standards compliant IMAP4 implementation that uses the DBOX mail format;

Links

The Dovecot project website.

Personal tools