Previous Page
Next Page

7.7. Configuring IMAP and POP3 Email

Having mail delivered to the system mailboxes in /var/spool/mail is fineas long as the users are using an MUA running on the Fedora system. If a user is running his MUA on another systemEvolution on another Fedora system in the local network, or perhaps Outlook on a Windows machinethen the user needs IMAP or POP3 access to the remote mailbox.

7.7.1. How Do I Do That?

Fedora's Dovecot server provides IMAP and POP3 access.

When freshly installed, Dovecot will not successfully start. Dovecot requires security certificates to enable encrypted communications. There are three solutions to this problem:

Buy a certificate

A certificate is signed by a certificate authority (CA), whotheoreticallyis trusted by both the client and server. The CA certifies that the parties to whom certificates are issued are who they say they are, therefore eliminating the possibility of a malicious party between the client and the server masquerading as the server.

Buying a certificate is not covered in this lab.

Create your own certificate

Because there is no way to verify the authenticity of the certificate (whether unsigned or self-signed) with a third party, most client programs will present a warning dialog every time a certificate of this type is encountered. However, the connection will still be encrypted.

Disable encryption

In all caseswhether encryption is disabled or notDovecot will accept unencrypted connections. If you are in a secure environment (for example, where the only client connecting to the Dovecot server is SquirrelMail on the local machine, or connections are made over a reasonably secure LAN such as a wired home network), you may decide to forgo encryption altogether. Creating your own certificate

First, edit the file /etc/pki/dovecot/dovecot-openssl.cnf and find the CN= and emailAddress= lines:

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)

# State or Province Name (full name)

# Locality Name (eg. city)

# Organization (eg. company)

# Organizational Unit Name (eg. section)
OU=IMAP server

# Common Name (* is also possible)

# E-mail contact

[ cert_type ]
nsCertType = server

Edit these two lines to contain the hostname of the system and the mail administrator's email address:

# Common Name (* is also possible)

# E-mail contact

Then generate the certificates:

# SSLDIR=/etc/pki/dovecot /usr/share/doc/dovecot-1.0/examples/
        Disabling Encryption

To disable encryption, edit /etc/dovecot.conf and locate the ssl_disable line:

# Disable SSL/TLS support.
#ssl_disable = no

Uncomment this line and change the value to yes:

# Disable SSL/TLS support.
ssl_disable = yes Starting Dovecot

Start the dovecot service using the Services tool or from the command line:

# service dovecot start

If you are going to use IMAP or POP3 remotely, you will need to open some ports in your firewall. For IMAP, open ports for the IMAP and IMAPS services (TCP ports 143 and 220); for POP3, open the POP3 and POP3S ports (TCP ports 110 and 995).

On the other hand, if you will be using the IMAP and POP3 services only with local applications such as SquirrelMail or local MTAs such as Evolution, you should close the IMAP and POP3 ports on your firewall.

7.7.2. How Does It Work?

Dovecot enables MUAs to access mailboxes over a network connection using the POP3 or IMAP protocols. POP3 is primarily used to fetch mail from a mailbox so that it can be used elsewhere; IMAP is used to manipulate email messages and folders while leaving them on the server.

Like SMTP, POP3 is a human-readable protocol, and you can use telnet to manually conduct a POP3 session to see how it works:

$ telnet pop3
Connected to (
Escape character is '^]'.
+OK Dovecot ready.
USER chris
PASS bigsecret
+OK Logged in.
+OK 2 messages:
1 615
2 609
+OK 616 octets
Return-Path: <root@localhost.localdomain>
Received: from localhost.localdomain (localhost.localdomain [])
        by localhost.localdomain (8.13.5/8.13.5) with ESMTP id k232Hf26026693
        for <chris@localhost.localdomain>; Thu, 2 Mar 2006 21:17:41 -0500
Received: (from root@localhost)
        by localhost.localdomain (8.13.5/8.13.5/Submit) id k232HfOb026692
        for chris; Thu, 2 Mar 2006 21:17:41 -0500
Date: Thu, 2 Mar 2006 21:17:41 -0500
From: Jason Smith <root@localhost.localdomain>
Message-Id: <200603030217.k232HfOb026692@localhost.localdomain>
To: chris@localhost.localdomain
Subject: Book Cover

+OK Logging out.

IMAP is also human-readable, but a bit more complex.

In its default configuration, Dovecot uses the input mailboxes in /var/spool/mail as the IMAP INBOX folder and the POP3 data source. This ensures that other applications (such as a local MUA like Evolution) can be used to access the same messages.

7.7.3. What About... ...IMAP folders other than the INBOX?

Dovecot creates these in the user's home directory.

7.7.4. Where Can I Learn More?

Previous Page
Next Page