Server administration Setting Up a Mail Server from Scratch – Part 4: Dovecot Configuration

[D•Jass]

Dovecot Configuration​

Dovecot provides IMAP and POP3 access to mailboxes, handles authentication (SASL) for Postfix, and delivers messages via LDA/LMTP.

4.1. File: /etc/dovecot/dovecot.conf​

Set up the base configuration:

Enable required protocols
protocols = imap pop3 lmtp

Listen on all IPv4 and IPv6 addresses
listen = *, ::

Path to Dovecot log
log_path = /var/log/dovecot.log

Log level (info, debug)
log_debug = yes

4.2. File: /etc/dovecot/conf.d/10-auth.conf​

Authentication settings:

Disallow plaintext logins unless using TLS
disable_plaintext_auth = yes

Allowed authentication mechanisms
auth_mechanisms = plain login

Include SQL auth config
!include auth-sql.conf.ext

4.3. File: /etc/dovecot/conf.d/auth-sql.conf.ext​

Define how Dovecot fetches user credentials and account information:

passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}

userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir
}

%d – domain (after @)
%n – username (before @)

4.4. File: /etc/dovecot/dovecot-sql.conf.ext​

Connection parameters and SQL query for password validation.
Important: Replace StrongPostfixPass with the actual password for postfix_admin.

driver = mysql
connect = "host=127.0.0.1 dbname=postfix_accounts user=postfix_admin password=StrongPostfixPass"
default_pass_scheme = SHA512-CRYPT
password_query = SELECT Email as user, PasswordHash as password FROM accounts_table WHERE Email='%u' AND IsActive = TRUE;

4.5. File: /etc/dovecot/conf.d/10-mail.conf​

Define mailbox format and location:

mail_location = maildir:/home/vmail/%d/%n/Maildir

Optional access group for permissions
mail_access_groups = vmail

4.6. File: /etc/dovecot/conf.d/10-master.conf​

Configure sockets for communication with Postfix (SASL + LMTP):

service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}

service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}

service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}

Ensure /var/spool/postfix/private/ exists and is accessible to Postfix.

4.7. File: /etc/dovecot/conf.d/10-ssl.conf​

Configure SSL/TLS:

ssl = required
ssl_cert = /etc/postfix/ssl/fullchain.pem
ssl_key = /etc/postfix/ssl/privkey.pem

Use the same certificate files as for Postfix.

4.8. Creating the vmail User and Group​

This system user owns and manages all mailboxes.

groupadd -g 6000 vmail
useradd -g vmail -u 6000 vmail -d /home/vmail -s /usr/sbin/nologin -m

Create base mail directory
mkdir -p /home/vmail/example.com

Set permissions (700 for extra security if needed)
chown -R vmail:vmail /home/vmail
chmod -R 770 /home/vmail

4.9. Restarting Dovecot​

Apply all changes:

systemctl restart dovecot

Check logs for errors:

tail -f /var/log/dovecot.log