Dovecot

dovecot(1) is an IMAP and POP3 mail user agent. It also supports LMTP.

Contents

  1. Dovecot
    1. Installation
    2. Configuration
      1. Default Folder
      2. Encryption
      3. Local Users
      4. Virtual Users
      5. LMTP
    3. See also

Installation

Most Linux and BSD distributions offer a dovecot package.

For systemd-capable systems, start and enable dovecot.service.

For BSD distributions, try: 

service dovecot start

Configuration

dovecot(1) is primarily configured in /etc/dovecot/dovecot.conf (or /usr/local/etc/dovecot/dovecot.conf for BSDs).

A basic configuration looks like: 

protocols = imap pop3
pop3_uidl_format = %g
ssl = no
disable_plaintext_auth = no

log_path = /var/log/dovecot.log
mail_location = maildir:~/Maildir

auth_verbose = yes
auth_mechanisms = plain
passdb {
  driver = pam
}
userdb {
  driver = passwd
  args = blocking=no
  override_fields = uid=vmail gid=vmail
}

For almost any configuration, it is necessary to have a vmail system user. 

sudo groupadd -g 5000 vmail
sudo useradd -u 5000 -g vmail -s /usr/bin/nologin -d /var/vmail -m vmail

sudo touch /var/log/dovecot.log
sudo chown vmail:vmail /var/log/dovecot.log

To test a configuration file, try dovecot -n.

Default Folder

By default, dovecot(1) expects several folders to exist. This can propogate confusing error messages. dovecot(1) can be configured to automatically create them as needed. 

namespace inbox {
  mailbox Drafts {
    special_use = \Drafts
    auto = create
  }
  mailbox Junk {
    special_use = \Junk
    auto = create
  }
  mailbox Trash {
    special_use = \Trash
    auto = create
  }
  mailbox Sent {
    special_use = \Sent
    auto = create
  }
}

Encryption

ssl = yes
disable_plaintext_auth = yes
ssl_key = </usr/local/etc/letsencrypt/live/mail.example.com/privkey.pem
ssl_cert = </usr/local/etc/letsencrypt/live/mail.example.com/fullchain.pem

Local Users

The basic configuration for using local user authentication is: 

passdb {
  driver = pam
}

This causes /etc/pam.d/dovecot to be used. This should look like: 

auth      required        pam_unix.so nullok
account   required        pam_unix.so

If a different service file should be read, specify that service name like: 

passdb {
  driver = pam
  args = foobar
}

If a protocol-dependent service file should be read, i.e. /etc/pam.d/imap for IMAP and /etc/pam.d/pop for POP, try: 

passdb {
  driver = pam
  args = %s
}

Virtual Users

To handle mail for virtual users who do not correspond to local users, try: 

mail_home = /var/vmail/%n
mail_location = maildir:~/mail

passdb {
  driver = passwd-file
  args = /etc/dovecot/passwd
}
userdb {
  driver = static
  args = uid=vmail gid=vmail home=/home/vmail/%n
}

%n is substituted with the user part of the recipient address. %d would be substituted with the domain part, if there is one. %u would be substitued with the entire address.

The passwd-file file should look like: 

alice:{PLAIN}pass::::::
bob:{PLAIN}secret::::::
[email protected]:{PLAIN}hello123::::::
[email protected]:{SSHA256}ZpgszeowIcHdoxe3BNqvUTtPxFd6fMsyQxEWyY0Qlobaacjk

The {SSHA256}-encrypted password would be created by interactively running doveadm pw -s ssha256.

LMTP

To also use dovecot(1) as an LMTP server, try: 

protocols = imap pop3 lmtp

service lmtp {
   inet_listener lmtp {
      address = 127.0.0.1
      port = 24
   }
  }
}

If this is not configured, dovecot(1) is not going to deliver mail for users. It falls on the external SMTP server to handle it, even though it is using dovecot(1) for authentication.

See also

dovecot(1)

Dovecot manual

CategoryRicottone

Dovecot (last edited 2023-06-21 03:09:20 by DominicRicottone)