I use Dovecot as my IMAP/IMAPS server – it has always worked very reliably for me.
First, this file needs to include sslcerts.sls to make sure that the certificates are installed. Dovecot starts as root so it doesn’t need any special groups to get access to the key.
Once the packages are installed there is a bit of configuration to set up:
- Configure the system to use Maildir format;
- Get rid of any configuration to use mbox format;
- Ensure that SSL is turned on and that the ssl_cert and ssl_key values are set correctly;
- Ensure that SSL isn’t turned off.
# Ensure we have the SSL certs available include: - sslcerts # Installs and configures the Dovecot IMAP server dovecot-core: pkg: - installed dovecot-imapd: pkg: - installed dovecot-sieve: pkg: - installed # Set the mailbox location - required /etc/dovecot/conf.d/10-mail.conf-A: file.blockreplace: - name: /etc/dovecot/conf.d/10-mail.conf - marker_start: '# ------- SALTSTACK DOVECOT START -------' - marker_end: '# ------- SALTSTACK DOVECOT END -------' - prepend_if_not_found: True - content: 'mail_location = maildir:~/Maildir' /etc/dovecot/conf.d/10-mail.conf-B: file.comment: - name: /etc/dovecot/conf.d/10-mail.conf - regex: '^mail_location = mbox.*$' # Use the central SSL cert and key /etc/dovecot/conf.d/10-ssl.conf-A: file.blockreplace: - name: /etc/dovecot/conf.d/10-ssl.conf - marker_start: '# ------- SALTSTACK DOVECOT START -------' - marker_end: '# ------- SALTSTACK DOVECOT END -------' - prepend_if_not_found: True - require: - sls: sslcerts - content: 'ssl = yes ssl_cert = </etc/ssl/certs/info.river-innovations.com.cert ssl_key = </etc/ssl/private/info.river-innovations.com.key' /etc/dovecot/conf.d/10-ssl.conf-B: file.comment: - name: /etc/dovecot/conf.d/10-ssl.conf - regex: '^ssl = no.*$'