Setting up a new Dovecot server on FreeBSD with an OSX mail.app client

I have used Dovecot as my IMAP server since 2007. It has always been reliable and useful.

Recently, I wanted to move my IMAP server to one host to another. I am the only user on this IMAP server. Wait, not I’m not, there are some test accounts on here, mostly used to verify that IMAP is running properly, but that’s no my point. The point is: we’re not moving thousands of accounts, just mine.

For this, I am using:

  1. FreeBSD 11.2
  2. Dovecot 2.3.5.1
  3. Postfix 3.3.4
  4. macOS Mojave 10.14.4

I have installed Dovecot and Postfix in a jail. I like putting stuff in jails because it keeps things separated and clean. I can rebuilt a jail and not affect any other services provided by that host.

I will be glossing over most of what I have done and I’m just highlighting the issues I encountered because those wasted the most time.

The rsync

After enabling ssh between the two servers by allowing incoming ssh to the old Dovecot server, I ran this on the new server:

/usr/local/bin/rsync -e "ssh -6" \
  --recursive --delete -avzz --stats dan@myoldserver.example.org:/usr/home/dan/Maildir/ /usr/home/dan/Maildir

The -6 specifies to connect via IPv6, because I can. I like doing things over IPv6 because the more traffic, the more likely more providers are to provide IPv6.

The rsync took a few hours. Then I ran it again. You have to be careful to keep it in sync before you swap over your service or you will miss out on changes.

I didn’t have any trouble with the rsync, so including this section goes against my declared ‘wasted the most time’ goal.

Configuring mail.app on OSX

This was the hardest part. I will show you why.

Start in System Preference | Internet Accounts.

Click on the + sign in the lower left corner.

Click on Add Other Account from the right hand column.

Click on Mail account.

I entered my details and hit Sign In:

Add a Mail account
Add a Mail account

Then I got: Unable to verify account name or password. This is expected. OSX does not know how to validate my credentials, so now it is asking for more information, such as server names.

Enter server details
Enter server details

I filled in the details and hit Sign In again.

Unable to verify account name or password
Unable to verify account name or password

Oh. Unable to verify account name or password again.

What now. I had no idea how to fix this.

Much searching later, I found How to set up email in macOS Sierra Mail….

The solution: click on Next.

Damn. That was so in-my-face that I completely missed it. I thought this was a hard-block. It wasn’t.

Then I just followed my nose through the set up, and clicked save anyway when it said it could not connect.

Later, you can set the password for outgoing smtp via Preferences in Mail.

The passdb

After getting my OSX client configured, I started seeing these errors in /var/log/maillog:

Apr 11 22:57:21 mailjail2-x8dtu dovecot: imap(dan)<85879>: Error: 
open(/usr/home/dan/Maildir/dovecot.index.log) failed: Permission denied (euid=1123(FOO) 
egid=1123(FOO) missing +r perm: /usr/home/dan/Maildir/dovecot.index.log, we're not in group 
2101(dan), dir owned by 2101:2101 mode=0751)

I had copied /var/db/dovecot/dovecot.users, via ansible, from my old configuration. On this server, the user IDs differ. I must update that. I will also change the user login and the password, which is what I should have done first.

This is what I had (not really, but close):

dan:{SHA512-CRYPT}$6$no.the.password:1123:1123::/usr/home/dan

The Maildir directory looked like this:

 $ ls -ld ~/Maildir
drwxr-x--x  1344 dan  dan  1363 Apr 11 12:23 /usr/home/dan/Maildir

The account details looked like this:

$ id dan
uid=2101(dan) gid=2101(dan) groups=2101(dan),0(wheel)

There’s the issue. The passdb clearly says that dovecot should use UID 1123 and GID 1123. The file needs to be updated. I generated a new password hash via this command:

$ sudo doveadm pw -s SHA512-CRYPT
Enter new password: 
Retype new password: 
{SHA512-CRYPT}$6$this.is.not.the.real.password

Now my passdb entry looks like:

NewUserName:{SHA512-CRYPT}$6$this.is.not.the.real.password:2101:2101::/usr/home/dan

Notice that I have changed the login name to NewUserName and amended the UID and GID to match the output of id(1).

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top