Un peu de configuration

Autoriser le «PLAINTEXT»

Avant de vouloir plonger profond, essayons simplement de voir s'il est possible de rendre dovecot plus optimiste (candide ?) vis à vis de l'espèce humaine. Avec un peu de flair, nous pouvons commencer par nous intéresser au fichier /etc/dovecot/conf.d/10-auth.conf. Il dit:

##
## Authentication processes
##

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
#disable_plaintext_auth = yes

# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
#auth_cache_size = 0
# Time to live for cached data. After TTL expires the cached record is no
# longer used, *except* if the main database lookup returns internal failure.
# We also try to handle password changes automatically: If user's previous
# authentication was successful, but this one wasn't, the cache isn't used.
# For now this works only with plaintext authentication.
#auth_cache_ttl = 1 hour
# TTL for negative hits (user not found, password mismatch).
# 0 disables caching them completely.
#auth_cache_negative_ttl = 1 hour

# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
# Many clients simply use the first one listed here, so keep the default realm
# first.
#auth_realms =

# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm = 

# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

# Username character translations before it's looked up from databases. The
# value contains series of from -> to characters. For example "#@/@" means
# that '#' and '/' characters are translated to '@'.
#auth_username_translation =

# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
#auth_username_format = %Lu

# If you want to allow master users to log in by specifying the master
# username within the normal username string (ie. not using SASL mechanism's
# support for it), you can specify the separator character here. The format
# is then . UW-IMAP uses "*" as the
# separator, so that could be a good choice.
#auth_master_user_separator =

# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous

# Maximum number of dovecot-auth worker processes. They're used to execute
# blocking passdb and userdb queries (eg. MySQL and PAM). They're
# automatically created and destroyed as needed.
#auth_worker_max_count = 30

# Host name to use in GSSAPI principal names. The default is to use the
# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
# entries.
#auth_gssapi_hostname =

# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file.
#auth_krb5_keytab = 

# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. 
#auth_use_winbind = no

# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth

# Time to delay before replying to failed authentications.
#auth_failure_delay = 2 secs

# Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no

# Take the username from client's SSL certificate, using 
# X509_NAME_get_text_by_NID() which returns the subject's DN's
# CommonName. 
#auth_ssl_username_from_cert = no

# Space separated list of wanted authentication mechanisms:
#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
#   gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain

##
## Password and user databases
##

#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# 
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# 

#!include auth-deny.conf.ext
#!include auth-master.conf.ext

!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

Il faut s'y faire, la documentation est essentiellement fournie sous forme de commentaires dans les fichiers de configuration. Nous trouvons tout de même la ligne commentée, disable_plaintext_auth = yes qui représente le paramètre par défaut. Si nous décommentons cette ligne et mettons l'option à no, après rechargement de la configuration (dovecot reload), depuis un nœud distant nous obtenons cette fois-ci:

telnet cyrus.nain-t.net 143

Trying 192.168.60.115...
Connected to 192.168.60.115.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.

Bien. Allons un peu plus loin:

10 LOGIN prof epikoi

10 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL
CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC
ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE] Logged in

20 LIST "*" "*"

* LIST (\HasNoChildren) "/" INBOX
20 OK List completed.

# Où ça a de fortes chances de se gâter...

30 EXAMINE INBOX
30 NO [SERVERBUG] Internal error occurred. Refer to server log for more information. [2016-05-28 19:12:17]
Et voilà! Que s'est-il passé? Nous avons pourtant bien vu qu'il y avait un massage dans ~/Maildir/new/.

Peut-être que dovecot ne cherche pas le lieu de stockage des messages au bon endroit ?

Faire le point

Il y a avec dovecot un outil qui peut rendre bien des services, il s'agit de doveconf. Cet outil permet d'afficher la configuration de dovecot, avec quelques critères de filtrage si nécessaire, car utilisé tout seul cet outil renvoie:

# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.4 
# NOTE: Send doveconf -n output instead when asking for help.
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = no
auth_debug_passwords = no
auth_default_realm = 
auth_failure_delay = 2 secs
auth_gssapi_hostname = 
auth_krb5_keytab = 
auth_master_user_separator = 
auth_mechanisms = plain
auth_proxy_self = 
auth_realms = 
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation = 
auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path = 
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config = 
director_doveadm_port = 0
director_mail_servers = 
director_servers = 
director_user_expire = 15 mins
director_username_hash = %u
disable_plaintext_auth = no
dotlock_use_excl = yes
doveadm_allowed_commands = 
doveadm_password = 
doveadm_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 1
first_valid_uid = 500
hostname = 
imap_capability = 
imap_client_workarounds = 
imap_id_log = 
imap_id_send = name *
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imap_metadata = no
imap_urlauth_host = 
imap_urlauth_logout_format = in=%i out=%o
imap_urlauth_port = 143
imapc_features = 
imapc_host = 
imapc_list_prefix = 
imapc_master_user = 
imapc_max_idle_time = 29 mins
imapc_password = 
imapc_port = 143
imapc_rawlog_dir = 
imapc_ssl = no
imapc_ssl_verify = yes
imapc_user = 
import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS
info_log_path = 
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header = 
libexec_dir = /usr/lib/dovecot
listen = *, ::
lmtp_address_translate = 
lmtp_proxy = no
lmtp_rcpt_check_quota = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = syslog
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets = 
login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>
login_trusted_networks = 
mail_access_groups = 
mail_always_cache_fields = 
mail_attachment_dir = 
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_attribute_dict = 
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot = 
mail_debug = no
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid = 
mail_home = 
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib/dovecot/modules
mail_plugins = 
mail_prefetch_count = 0
mail_privileged_group = 
mail_save_crlf = no
mail_shared_explicit_inbox = no
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid = 
mailbox_idle_check_interval = 30 secs
mailbox_list_index = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_empty_new = no
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
master_user_separator = 
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = fcntl dotlock
mdbox_preallocate_space = no
mdbox_purge_preserve_alt = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 2 M
mmap_disable = no
namespace inbox {
  disabled = no
  hidden = no
  ignore_on_failure = no
  inbox = yes
  list = yes
  location = 
  mailbox Drafts {
    auto = no
    driver = 
    special_use = \Drafts
  }
  mailbox Junk {
    auto = no
    driver = 
    special_use = \Junk
  }
  mailbox Sent {
    auto = no
    driver = 
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    auto = no
    driver = 
    special_use = \Sent
  }
  mailbox Trash {
    auto = no
    driver = 
    special_use = \Trash
  }
  prefix = 
  separator = 
  subscriptions = yes
  type = private
}
passdb {
  args = 
  default_fields = 
  deny = no
  driver = pam
  master = no
  name = 
  override_fields = 
  pass = no
  result_failure = continue
  result_internalfail = continue
  result_success = return-ok
  skip = never
}
pop3_client_workarounds = 
pop3_deleted_flag = 
pop3_enable_last = no
pop3_fast_size_lookups = no
pop3_lock_session = no
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_no_flag_updates = no
pop3_reuse_xuidl = no
pop3_save_uidl = no
pop3_uidl_duplicates = allow
pop3_uidl_format = %08Xu%08Xv
pop3c_host = 
pop3c_master_user = 
pop3c_password = 
pop3c_port = 110
pop3c_quick_received_date = no
pop3c_rawlog_dir = 
pop3c_ssl = no
pop3c_ssl_verify = yes
pop3c_user = %u
postmaster_address = 
protocols = " imap pop3"
quota_full_tempfail = no
recipient_delimiter = +
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
replication_dsync_parameters = -d -N -l 30 -U
replication_full_sync_interval = 1 days
replication_max_conns = 10
replicator_host = replicator
replicator_port = 0
sendmail_path = /usr/sbin/sendmail
service aggregator {
  chroot = .
  client_limit = 0
  drop_priv_before_exec = no
  executable = aggregator
  extra_groups = 
  fifo_listener replication-notify-fifo {
    group = 
    mode = 0600
    user = 
  }
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener replication-notify {
    group = 
    mode = 0600
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service anvil {
  chroot = empty
  client_limit = 0
  drop_priv_before_exec = no
  executable = anvil
  extra_groups = 
  group = 
  idle_kill = 4294967295 secs
  privileged_group = 
  process_limit = 1
  process_min_avail = 1
  protocol = 
  service_count = 0
  type = anvil
  unix_listener anvil-auth-penalty {
    group = 
    mode = 0600
    user = 
  }
  unix_listener anvil {
    group = 
    mode = 0600
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service auth-worker {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = auth -w
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 1
  type = 
  unix_listener auth-worker {
    group = 
    mode = 0600
    user = $default_internal_user
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service auth {
  chroot = 
  client_limit = 0
  drop_priv_before_exec = no
  executable = auth
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener auth-client {
    group = 
    mode = 0600
    user = $default_internal_user
  }
  unix_listener auth-login {
    group = 
    mode = 0600
    user = $default_internal_user
  }
  unix_listener auth-master {
    group = 
    mode = 0600
    user = 
  }
  unix_listener auth-userdb {
    group = 
    mode = 0666
    user = $default_internal_user
  }
  unix_listener login/login {
    group = 
    mode = 0666
    user = 
  }
  unix_listener token-login/tokenlogin {
    group = 
    mode = 0666
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service config {
  chroot = 
  client_limit = 0
  drop_priv_before_exec = no
  executable = config
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = config
  unix_listener config {
    group = 
    mode = 0600
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service dict {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = dict
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener dict {
    group = 
    mode = 0600
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service director {
  chroot = .
  client_limit = 0
  drop_priv_before_exec = no
  executable = director
  extra_groups = 
  fifo_listener login/proxy-notify {
    group = 
    mode = 00
    user = 
  }
  group = 
  idle_kill = 4294967295 secs
  inet_listener {
    address = 
    port = 0
    reuse_port = no
    ssl = no
  }
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener director-admin {
    group = 
    mode = 0600
    user = 
  }
  unix_listener director-userdb {
    group = 
    mode = 0600
    user = 
  }
  unix_listener login/director {
    group = 
    mode = 00
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service dns_client {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = dns-client
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener dns-client {
    group = 
    mode = 0666
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service doveadm {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = doveadm-server
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 1
  type = 
  unix_listener doveadm-server {
    group = 
    mode = 0600
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service imap-login {
  chroot = login
  client_limit = 0
  drop_priv_before_exec = no
  executable = imap-login
  extra_groups = 
  group = 
  idle_kill = 0
  inet_listener imap {
    address = 
    port = 143
    reuse_port = no
    ssl = no
  }
  inet_listener imaps {
    address = 
    port = 993
    reuse_port = no
    ssl = yes
  }
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = imap
  service_count = 1
  type = login
  user = $default_login_user
  vsz_limit = 18446744073709551615 B
}
service imap-urlauth-login {
  chroot = token-login
  client_limit = 0
  drop_priv_before_exec = no
  executable = imap-urlauth-login
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = imap
  service_count = 1
  type = login
  unix_listener imap-urlauth {
    group = 
    mode = 0666
    user = 
  }
  user = $default_login_user
  vsz_limit = 18446744073709551615 B
}
service imap-urlauth-worker {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = imap-urlauth-worker
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 1024
  process_min_avail = 0
  protocol = imap
  service_count = 1
  type = 
  unix_listener imap-urlauth-worker {
    group = 
    mode = 0600
    user = $default_internal_user
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service imap-urlauth {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = imap-urlauth
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 1024
  process_min_avail = 0
  protocol = imap
  service_count = 1
  type = 
  unix_listener token-login/imap-urlauth {
    group = 
    mode = 0666
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service imap {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = imap
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 1024
  process_min_avail = 0
  protocol = imap
  service_count = 1
  type = 
  unix_listener login/imap {
    group = 
    mode = 0666
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service indexer-worker {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = indexer-worker
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 10
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener indexer-worker {
    group = 
    mode = 0600
    user = $default_internal_user
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service indexer {
  chroot = 
  client_limit = 0
  drop_priv_before_exec = no
  executable = indexer
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener indexer {
    group = 
    mode = 0666
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service ipc {
  chroot = empty
  client_limit = 0
  drop_priv_before_exec = no
  executable = ipc
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener ipc {
    group = 
    mode = 0600
    user = 
  }
  unix_listener login/ipc-proxy {
    group = 
    mode = 0600
    user = $default_login_user
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service lmtp {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = lmtp
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = lmtp
  service_count = 0
  type = 
  unix_listener lmtp {
    group = 
    mode = 0666
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service log {
  chroot = 
  client_limit = 0
  drop_priv_before_exec = no
  executable = log
  extra_groups = 
  group = 
  idle_kill = 4294967295 secs
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = log
  unix_listener log-errors {
    group = 
    mode = 0600
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service pop3-login {
  chroot = login
  client_limit = 0
  drop_priv_before_exec = no
  executable = pop3-login
  extra_groups = 
  group = 
  idle_kill = 0
  inet_listener pop3 {
    address = 
    port = 110
    reuse_port = no
    ssl = no
  }
  inet_listener pop3s {
    address = 
    port = 995
    reuse_port = no
    ssl = yes
  }
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = pop3
  service_count = 1
  type = login
  user = $default_login_user
  vsz_limit = 18446744073709551615 B
}
service pop3 {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = pop3
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 1024
  process_min_avail = 0
  protocol = pop3
  service_count = 1
  type = 
  unix_listener login/pop3 {
    group = 
    mode = 0666
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service replicator {
  chroot = 
  client_limit = 0
  drop_priv_before_exec = no
  executable = replicator
  extra_groups = 
  group = 
  idle_kill = 4294967295 secs
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener replicator-doveadm {
    group = 
    mode = 00
    user = $default_internal_user
  }
  unix_listener replicator {
    group = 
    mode = 0600
    user = $default_internal_user
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service ssl-params {
  chroot = 
  client_limit = 0
  drop_priv_before_exec = no
  executable = ssl-params
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = startup
  unix_listener login/ssl-params {
    group = 
    mode = 0666
    user = 
  }
  unix_listener ssl-params {
    group = 
    mode = 0666
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service stats {
  chroot = empty
  client_limit = 0
  drop_priv_before_exec = no
  executable = stats
  extra_groups = 
  fifo_listener stats-mail {
    group = 
    mode = 0600
    user = 
  }
  group = 
  idle_kill = 4294967295 secs
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener stats {
    group = 
    mode = 0600
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service tcpwrap {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = tcpwrap
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
shutdown_clients = yes
ssl = no
ssl_ca = 
ssl_cert = 
ssl_cert_username_field = commonName
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_client_ca_dir = 
ssl_client_ca_file = 
ssl_client_cert = 
ssl_client_key = 
ssl_crypto_device = 
ssl_dh_parameters_length = 1024
ssl_key = 
ssl_key_password = 
ssl_parameters_regenerate = 0
ssl_prefer_server_ciphers = no
ssl_protocols = !SSLv2
ssl_require_crl = yes
ssl_verify_client_cert = no
state_dir = /var/lib/dovecot
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_session_min_time = 15 mins
stats_user_min_time = 1 hours
submission_host = 
syslog_facility = mail
userdb {
  args = 
  default_fields = 
  driver = passwd
  name = 
  override_fields = 
  result_failure = continue
  result_internalfail = continue
  result_success = return-ok
  skip = never
}
valid_chroot_dirs = 
verbose_proctitle = no
verbose_ssl = no
version_ignore = no

Impressionnant !

Soyons plus modestes, en utilisant le paramètre -n. Cette option permet de n'afficher que les paramètres qui n'ont pas leur valeur par défaut. Bien entendu c'est man doveconf qui nous l'apprend.

doveconf -n

# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.4 
disable_plaintext_auth = no
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
protocols = " imap pop3"
ssl = no
userdb {
  driver = passwd
}
Voilà. dovecot cherche le stockage sous la forme mbox dans le répertoire /var/mail, ce n'est plus notre cas depuis que nous avons dit à postfix d'utiliser le format Maildir. Mais où et comment modifier ce paramètre ? Le wiki de dovecot nous apprend que le paramètre est:

mail_location = maildir:~/Maildir

Mais où faut-il aller pour le modifier ? Là est la question, avec cette multitude de fichiers…

La méthode de fourmi

Chercher et trouver le bon fichier.

C'est en réalité assez simple en utilisant la commande grep:

grep -r mail_location /etc/dovecot/conf.d

Il s'agit ici de 10-mail.conf qui contient, perdu dans un flot de commentaires, le bon paramètre que nous modifions.

Après rechargement de la configuration:

doveconf -n

# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.4 
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
...

La méthode «vite fait»

Il aurait aussi bien suffi de créer un fichier /etc/dovecot/local.conf et d'y mettre dedans ladite modification. Autrement dit, dovecot peut se configurer de diverses manières, suivant les préférences de son administrateur.

Donc...

La méthode rapide, en utilisant le fichier /etc/dovecot/local.conf peut ici paraître facile et rapide, deux caractéristiques magiques dans notre société avancée.

En effet, bien que nous ayons toujours dans /etc/dovecot/conf.d/10-mail.conf la ligne:

mail_location = mbox:~/mail:INBOX=/var/mail/%u

Du fait que /etc/dovecot/local.conf contienne:

mail_location = maildir:~/Maildir

fait que cette option écrase la précédente. Cette méthode n'est pas à conseiller si l'on désire garder un système de configuration cohérent