Dovecot
1- doas pkg_add dovecot
2- doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail3-
3-
doas chmod -R o-rx /etc/mail/
doas chown -R _smtpd:_dovecot /etc/mail/
4- doas nano /etc/dovecot/dovecot.conf , add the following lines at the bottom of the file:
protocols = imap pop3 lmtp
listen = 38.87.162.30, 2602:fccf:1:1030::
service lmtp {
user = vmail
}
#auth_verbose=yes
#auth_debug=yes
#auth_debug_passwords=yes
#mail_debug=yes
#auth_verbose_passwords=sha1
verbose_ssl=yes
5- doas nano /etc/dovecot/conf.d/10-auth.conf , first comment out auth-system.conf.ext
#!include auth-system.conf.ext
Then at the bottom of the file, add these lines:
passdb {
args = scheme=blf-crypt /etc/mail/passwd driver = passwd-file
}
userdb {
args = uid=vmail gid=vmail home=/var/vmail/%d/%n driver = static
}
6- doas nano /etc/dovecot/conf.d/10-mail.conf , edit:
mail_location = maildir:/var/vmail/%d/%n/Maildir
7- doas nano /etc/dovecot/conf.d/10-ssl.conf , make the changes to these lines:
ssl = yes
...
ssl_cert = </etc/ssl/domain-name.fullchain.pem
ssl_key = </etc/ssl/private/domain-name.key
8- add this login class to: doas nano /etc/login.conf
dovecot:\
:openfiles-cur=4096:\
:openfiles-max=8192:\
:tc=daemon:
9- Make sure to check /var/log/maillog:
$ openssl s_client -starttls imap -connect domain-name:143
10 - doas rcctl start dovecot : dovecot(ok)
11- Troubleshooting
Make sure to check /var/log/maillog:
$ openssl s_client -starttls imap -connect domain-name:143
DKIM
1-
doas groupadd -v _dkimsign
doas useradd -s /sbin/nologin -d /var/empty -g _dkimsign -G _smtpd _dkimsign
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
chmod og-rwx private.key
chmod og-wx public.key
chmod u-w public.key private.key
doas mkdir /etc/mail/dkim
doas mv private.key public.key /etc/mail/dkim/
doas chown -R _smtpd:_dovecot /etc/mail/dkim/
2- doas cat /etc/mail/dkim/public.key | awk '/-----/{if (NR!=1)print "";next}{printf $0}' -
3- doas nano /var/nsd/zones/master/almajd.host.ircnow.org
_adsp._domainkey 86400 IN TXT "dkim=discardable;"
mail._domainkey 86400 IN TXT "k=rsa; t=s; p=<public key>"
4-
doas nsd-control reload
doas rcctl restart unbound
doas rcctl restart nsd