Dirk Mueller
d3afb37c47
- Add information about the interaction with Apparmor to README.SUSE OBS-URL: https://build.opensuse.org/request/show/712163 OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot?expand=0&rev=14
71 lines
2.5 KiB
Plaintext
71 lines
2.5 KiB
Plaintext
SSL support in dovecot:
|
||
-----------------------
|
||
|
||
SSL is disabled pr. default, to enable create an SSL certificate, and modify
|
||
the dovecot configuration file accordingly.
|
||
|
||
The easiest way to generate certificates is editing
|
||
|
||
"/usr/share/doc/packages/dovecot/dovecot-openssl.cnf"
|
||
|
||
and running
|
||
|
||
"/usr/share/doc/packages/dovecot/mkcert.sh"
|
||
|
||
to create the needed SSL certificate. afterwards set "ssl_disable"
|
||
in "/etc/dovecot/dovecot.conf" to "no".
|
||
|
||
*This only affects 13.1 and newer as well as SLE 12 and newer:*
|
||
|
||
In the past mkcert.sh create certificates into
|
||
|
||
/etc/ssl/certs/dovecot.pem
|
||
/etc/ssl/private/dovecot.pem
|
||
|
||
The script and documentation is now patched to use the following paths:
|
||
|
||
/etc/ssl/private/dovecot.crt
|
||
/etc/ssl/private/dovecot.pem
|
||
|
||
/etc/ssl/certs/ is maintained by p11kit on newer distros and should not
|
||
be used for service certificates. For your own certificate authority
|
||
certificates either create your own ca-certificates-yourname package or
|
||
install them into /etc/pki/trust/anchors/ and run
|
||
update-ca-certificates.
|
||
|
||
This documentation is provided for older distributions so you can
|
||
prepare your system before upgrading to the newer distros.
|
||
|
||
Modules location:
|
||
-----------------
|
||
|
||
Since the libexec dir is /usr/lib(64) when conforming to FHS as SUSE LINUX
|
||
does, the modules should go to /usr/lib(64)/dovecot/modules/{imap,pop3}.
|
||
|
||
|
||
Configuration:
|
||
--------------
|
||
Since SLE12 there is no cyrus-imap support. The new imap server is dovecot.
|
||
|
||
Changes in autoyast.
|
||
<postfix_mda> may have following values: "local" | "procmail"
|
||
|
||
There is no yast support for dovecot configuration.
|
||
|
||
If you want to deliver local mails to dovecot follow this steps:
|
||
1. Set MAIL_CREATE_CONFIG to "no" in /etc/sysconfig/mail to prohibit yast2 to override your configuration.
|
||
2. Set mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" in /etc/postfix/main.cf
|
||
3. Set mail_location = maildir:~/Maildir or to your prefered value in /etc/dovecot/conf.d/10-mail.conf
|
||
4. Set a normal user as alias for root in /etc/aliases
|
||
5. Execute following comands:
|
||
postalias /etc/aliases
|
||
systemctl restart postfix
|
||
systemctl enable dovecot
|
||
systemctl start dovecot
|
||
|
||
Apparmor-related issues
|
||
-----------------------
|
||
|
||
There is an AppArmor policy in effect for all SUSE distributions limiting dovecot’s behaviour. If you want to have your mail storage somewhere else than in
|
||
~/Maildir/, ~/mail/, ~/Mail/, /var/vmail/, /var/mail/, or /var/spool/mail/ you need to edit /etc/apparmor.d/tunables/dovecot file to include appropriate directories (you always want to leave /var/mail and /var/spool/mail present).
|