Linux on Keep It Simple, Stupid

dovecot configuration

Mon, 06 Apr 2026 12:31:00 +0000

authentication mechanism and password scheme
- link
- authentication mechanism -> how password is transferred from cilent from server; passwd scheme: how password is stored in server.
plain and plaintext
- auth_mechanisms = plain
- disable_plaintext_auth = yes
- plain is one protocol of authentication mechanism, password is plaintext; “disable_plaintext_auth=yes” means ssl/tls is mandatory.
service
- service = 一个独立运行的 Dovecot 功能组件
  - service imap-login # IMAP 登录
  - service imap # IMAP 邮件操作
  - service pop3-login # POP3 登录
  - service pop3 # POP3 邮件收取
  - service auth # 账号密码验证
  - service lda # 本地邮件投递
- 只有被 Dovecot 启用的协议 / 功能，对应的 service 才会真正运行
  - /etc/dovecot/dovecot.conf
  - protocols = imap pop3 lmtp
  - 写了 imap → 启动 imap-login + imap, 写了 pop3 → 启动 pop3-login + pop3,没写的协议 → 对应的 service 完全不运行
namespace

Mon, 06 Apr 2026 10:26:00 +0000

hostname hongy19.net is used on listen, not key words in configuration file
table
- man page
- table could be file or db
- table could be list or mapping
- credential in a relay context
  - the credentials are a mapping of labels and username:password pairs, format: label1 user:password
  - passwords are not encrypted (smtpctl encrypt subcommand.)
- table examples
  - table users file:/etc/smtpd/users
  - table creds file:/etc/smtpd/creds
  - table domainemail {hongy19 = hongy19@hongy19.net}
relay
- action “outbound” relay host smtps://smtp2go@mail.smtp2go.com:465 auth mail-from “@hongy19.net -> doesn’t work for smtp2go
- action “outbound” relay host smtps://smtp2go@mail.smtp2go.com:465 pki hongy19.net auth mail-from “@hongy19.net” -> work for smtp2go
- action “outbound” relay host smtp+tls://smtp2go@mail.smtp2go.com:587 auth mail-from “@hongy19.net” -> work for smtp2go

Sun, 05 Apr 2026 14:52:00 +0000

I plan to move Archlinux at vultr to Ubuntu at Tencent.

firewall at Tencent,
- no need to convert iptables to ufw since Tencent cloud has firewall
- “在轻量数据库中，支持配置防火墙规则来控制访问权限，进行网络隔离以增强安全性。如果不配置防火墙规则，则表示不限制访问数据库的来源，未经授权的访问也可连接数据库。如果配置防火墙规则，限制了来源、协议以及端口，例如：配置来源为172.1.4.12、协议为TCP、端口为45，访问策略为允许，则表示仅允许来源为172.1.4.12，来自 TCP 协议且端口号为45的应用访问轻量数据库。”
- open Tencent firewall port: 80, 443; 25,465,587; 993
- Tencent not support send smtp email but it is Ok to receive email, see link
letsencrypt;
- sudo tar -cpzvf letsencrypt_archive.tar.gz -C /etc letsencrypt
- “-C /etc”: Change directory to /etc first (so the archive contains letsencrypt/ instead of full /etc/letsencrypt/ path)
- sudo tar -xzvpf letsencrypt_archive.tar.gz -C /etc
- sudo apt install certbot python3-certbot-nginx
- dpkg -L certbot
- sudo vim /usr/lib/systemd/system/certbot.service
- add “ExecStartPost=/bin/systemctl reload nginx.service ; /bin/systemctl restart smtpd ; /bin/systemctl restart dovecot” and sudo systemctl daemon-reload
nginx