Dovecotのインストールと設定

yumを使ってDovecotをインストールします。

yum -y install dovecot

Dovecotの設定を行います。

vi /etc/dovecot/dovecot.conf

# Protocols we want to be serving.
#protocols = imap pop3 lmtp
protocols = imap #POP3を使わずIMAPだけ使う。

認証設定ファイルを修正します。

vi /etc/dovecot/conf.d/10-auth.conf

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
#disable_plaintext_auth = yes
disable_plaintext_auth = no

# Space separated list of wanted authentication mechanisms:
#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
#   gss-spnego
# NOTE: See also disable_plaintext_auth setting.
#auth_mechanisms = plain
auth_mechanisms = plain login

Maildir形式に変更します。

vi /etc/dovecot/conf.d/10-mail.conf

  # See doc/wiki/Variables.txt for full list. Some examples:
  #
  # mail_location = maildir:~/Maildir
  mail_location = maildir:~/Maildir     #コメントを外す
  # mail_location = mbox:~/mail:INBOX=/var/mail/%u
  # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n

SSLを有効にします。

vi /etc/dovecot/conf.d/10-ssl.conf

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
# plain imap and pop3 are still allowed for local connections
#ssl = required
ssl = required

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_cert = </etc/letsencrypt/live/mail.astermark.com/fullchain.pem
#ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_key = </etc/letsencrypt/live/mail.astermark.com/privkey.pem

SSLを使わないIMAPを無効化し、PostfixがDovecotの認証を使えるようにします。

vi /etc/dovecot/conf.d/10-master.conf

#    inet_listener imap {
#      #port = 143
#    }
#    inet_listener imaps {
#      #port = 993
#      #ssl = yes
#    }
    inet_listener imap {
      port = 0
    }
    inet_listener imaps {
      port = 993
      ssl = yes
    }

#    # Postfix smtp-auth
#    unix_listener /var/spool/postfix/private/auth {
#      mode = 0666
#    }
    # Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
      mode = 0660
      user = postfix
      group = postfix
    }