With the release of Debian 13 I wanted to upgrade my server, which ran my email and site. Unfortunately due to the changes to Dovecot’s configuration, I couldn’t get authentication working for my email.
OS Update
The upgrade should have been quite straightforward: Use the newer version in sources.list, then run apt update && apt full-upgrade.
Debian’s side was very smooth, it asked me a couple of times about config files and I asked it to keep the current ones for software like nginx and fail2ban.
Dovecot
Towards the end of the upgrade it wanted me to change Dovecot’s configuration. Again as these had quite a few changes to them, I didn’t want to overwrite them. However as there were quite a few changes, upon systemd restarting Dovecot it failed.
To summarise, here were some of the changes
- Version number needs to be at the top of the config file
- The SSL certs don’t need an < before them in the filepath. Otherwise you will get an error saying the file path is too long.
- Changes to the autentication config:
passdb {
driver = pam
}
is now
passdb pam {
}
After changing my file to try and get it to work with 2.4, I would get an error from email clients (Thunderbird, Outlook, Gmail on Android) saying I still couldn’t log in. On the server side, it was saying the authentication had failed with no specific reason.
I tried to search for this issue but nothing really came up - ironically Debian 13 is using a newer version of Dovecot than Arch or Ubuntu, anyway.
Because I didn’t know how long the server would be down for, I set the DNS to point to a server ran by Mythic Beasts, which also host my domain (see below). My plan was to reinstall Dovecot and make sure that everything was configured properly - but unfortunately this didn’t work.
Managed Setup
Setting up the new server was very straightforward. There are plans if you just want the emails redirected, or if you want to host a site in addition to an unlimited number of emails. It only costs £2.00 per month for the hosted email only package.
There is also a checklist to see if you set up the DNS correctly, and if your domain is also hosted by them it’s really easy to set up DMARC / SPF.
Once set up, you can login with your email client as normal. Access via SFTP/SCP is also possible to setup Exim forwarding rules, in addition to accessing the Maildir used by dovecot and the website files if you go for that option.
If you pay extra, you can also login with SSH but I think this is more useful if you manage a site. I tried to login with SSH without paying for the fun of it, it connected but it didn’t give me a shell.
Transferring Emails
As I said, it’s possible to view your emails with an SFTP client. I used WinSCP on my laptop to do this, but ended up doing this on a Debian 13 partition I already set up, just on the off chance that Windows caused any trouble.
Since all the Dovecot files are in a binary form, touching these isn’t a good idea, so I had to recreate my folders (though I only had seven). I was using Nautilus to connect over SFTP, which confused me because the Maildir++ structure starts the folders with a full stop, making them invisible by default!
Once the folders were created it was very easy to copy the emails over inside the respective cur/ folders, I could see them reappear in Thunderbird instantly.
Lastly I had to adjust the folder rules (they were disabled when I logged in before creating the folders) and sort the account on my phone. The interface to change the server address in Gmail is broken, so I had to remove it and add it again.
Overall
To be fair this is something I managed to bring upon myself, which was rather annoying but I am glad that I don’t have to worry about it. Even though I could have set up Mailcow or even Dovecot/Postfix on my Ubuntu server from Hetzner, the latter would’ve still needed updating and administration.