How Can We Help?

Installing Dovecot IMAP Server

You are here:
< All Topics

These are my notes for installing and configuring Dovecot IMAP Server on a postfix emailserver system running Linux Ubuntu 20 LTS.


Install Dovecot Packages


Enter the following command to install Dovecot core package and the IMAP daemon package on Ubuntu server.

apt install -y dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd


If you use POP3 to fetch emails, then also install the dovecot-pop3d package.


sudo apt install dovecot-pop3d


Check Dovecot version:


dovecot –version


Enabling IMAP/POP3 Protocol


Edit the main config file. 


sudo nano /etc/dovecot/dovecot.conf


Add the following line to enable IMAP protocol.


protocols = imap


If you use POP3 to fetch emails, then also add POP3 protocol.


protocols = imap pop3


Configuring Mailbox Location


By default, Postfix and Dovecot use mbox format to store emails. Each user’s emails are stored in a single file /var/mail/username. You can run the following command to find the mail spool directory.



postconf mail_spool_directory



root@gemini:/etc/apache2/sites-enabled# postconf mail_spool_directory
mail_spool_directory = /var/mail



However, it is more usual to use the Maildir format to store email messages.


The config file for mailbox location is /etc/dovecot/conf.d/10-mail.conf.


nano /etc/dovecot/conf.d/10-mail.conf


The default configuration uses mbox mail format.


mail_location = mbox:~/mail:INBOX=/var/mail/%u


Change it to the following to make Dovecot use the Maildir format. Email messages will be stored under the Maildir directory under each user’s home directory.


mail_location = maildir:~/Maildir


We need to add the following line in the file. (On Ubuntu 18.04 and 20.04, this line is already in the file.)


mail_privileged_group = mail


Save and close the file. Then add dovecot to the mail group so that Dovecot can read the INBOX.


adduser dovecot mail


root@gemini:~# adduser dovecot mail
Adding user `dovecot’ to group `mail’ …
Adding user dovecot to group mail



Using Dovecot to Deliver Email to Message Store


Although we configured Dovecot to store emails in Maildir format, by default, Postfix uses its built-in local delivery agent (LDA) to move inbound emails to the message store (inbox, sent, trash, Junk, etc), and this is by default saved in mbox format.


We need to configure Postfix to pass incoming emails to Dovecot, via the LMTP protocol, which is a simplified version of SMTP, so incoming emails will saved in Maildir format by Dovecot.


LMTP allows for a more scalable and reliable mail system. It also allows use of the sieve plugin to filter inbound messages to different folders.


Install the Dovecot LMTP Server


apt install dovecot-lmtpd


Edit the Dovecot main configuration file.


nano /etc/dovecot/dovecot.conf


Add lmtp to the supported protocols.


protocols = imap lmtp


Save and close the file. Then edit the Dovecot 10-master.conf file.


nano /etc/dovecot/conf.d/10-master.conf


Change the lmtp service definition to the following.


service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix


Next, edit the Postfix main configuration file.


nano /etc/postfix/


Add the following lines to the end of the file.


The first line tells Postfix to deliver incoming emails to local message store via the Dovecot LMTP server.


The second line disables SMTPUTF8 in Postfix, because Dovecot-LMTP doesn’t support this email extension.


mailbox_transport = lmtp:unix:private/dovecot-lmtp

smtputf8_enable = no


Save and close the file.


Configure the Dovecot Authentication Mechanism


Edit the authentication config file.


nano /etc/dovecot/conf.d/10-auth.conf


Uncomment the following line.


disable_plaintext_auth = yes


This will disable plaintext authentication when there’s no SSL/TLS encryption.


Then find the following line:


#auth_username_format = %Lu



Uncomment it and change its value to %n.

auth_username_format = %n



By default, when Dovecot tries to find or deliver emails for a user, it uses the full email address.


Since in this part, we only set up canonical mailbox users (using OS users as mailbox users), Dovecot can’t find the mailbox user in full domain format (


So we need to set auth_username_format = %n to drop the domain part, then Dovecot should be able to find the mailbox user. This also allows us to use the full email address ( to log in.


ubuntu dovecot auth_username_format


Next, find the following line.


auth_mechanisms = plain


This line only enables the PLAIN authentication mechanism. LOGIN is another authentication mechanism you probably want to add to support older email clients.


auth_mechanisms = plain login


Save and close the file.


Configuring SSL/TLS Encryption


Next, edit SSL/TLS config file.


nano /etc/dovecot/conf.d/10-ssl.conf


Change ssl = yes to ssl = required to enforce encryption.


ssl = required


Then find the following lines.


ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.key


By default, Dovecot uses a self-signed TLS certificate. Replace them with the following values, which specify the location of your Let’s Encrypt TLS certificate and private key. Don’t leave out the < character, this is necessary.


ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/


ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/

Next, find the following line.

#ssl_prefer_server_ciphers = no

It’s good practice to use the server order of ciphers over that of clients, so uncomment this line and change the value to yes.


ssl_prefer_server_ciphers = yes

We can also disable inscure SSLv3, TLSv1 and TLSv1.1 by adding the following line.

ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1

Note: If using Dovecot version 2.3.x or above (as in Ubuntu 20.04), then you should add the following line instead.

This forces Dovecot to use TLSv1.2 or TLSv1.3.

Please don’t add this line if you use Dovecot version 2.2.x. ssl_min_protocol = TLSv1.2

Save and close the file.

Configuring SASL Authentication

Edit the following file.

nano /etc/dovecot/conf.d/10-master.conf


Change service auth section to the following so that Postfix can find the Dovecot authentication server.

Please be careful about the syntax.

Every opening bracket should be terminated by a closing bracket.

service auth

{ unix_listener /var/spool/postfix/private/auth

{ mode = 0660 user = postfix group = postfix }


Save and close the file.

Auto-create Sent and Trash Folder


Edit the below config file.

nano /etc/dovecot/conf.d/15-mailboxes.conf

To auto-create a folder, simply add the following line in the mailbox section.

auto = create


mailbox Trash


auto = create special_use = \Trash



Some common folders you will want to create includes:


Drafts, Junk, Trash and Sent.


The Sent folder will be created under the user’s home directory when the user send the first email.


The Trash folder will be created when the user deletes an email for the first time, etc.



After you save and close all above config files, restart Postfix and Dovecot.

systemctl restart postfix dovecot


Dovecot will be listening on port 143 (IMAP) and 993 (IMAPS),


as can be seen with:


ss -lnpt | grep dovecot


If there’s a configuration error, dovecot will fail to restart, so it’s a good idea to check if Dovecot is running with the following command.


systemctl status dovecot


root@gemini:/etc/dovecot/conf.d# systemctl status postfix


● postfix.service – Postfix Mail Transport Agent Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)


Active: active (exited) since Wed 2022-03-09 20:34:54 UTC; 4s ago Process: 190752 ExecStart=/bin/true (code=exited, status=0/SUCCESS)


Main PID: 190752 (code=exited, status=0/SUCCESS)


Mar 09 20:34:54 gemini systemd[1]: Starting Postfix Mail Transport Agent… Mar 09 20:34:54 gemini systemd[1]: Finished Postfix Mail Transport Agent.


root@gemini:/etc/dovecot/conf.d# systemctl status dovecot


● dovecot.service – Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)


Active: active (running) since Wed 2022-03-09 20:34:51 UTC; 11s ago Docs: man:dovecot(1)


Main PID: 189907 (dovecot) Tasks: 4 (limit: 2274) Memory: 6.5M CGroup: /system.slice/dovecot.service ├─189907 /usr/sbin/dovecot -F ├─189921 dovecot/anvil ├─189922 dovecot/log └─189923 dovecot/config Mar 09 20:34:51


gemini systemd[1]: Started Dovecot IMAP/POP3 email server. Mar 09 20:34:51 gemini dovecot[189907]:

doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf
Mar 09 20:34:51 gemini dovecot[189907]: doveconf:


Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:97: ssl_protocols has been replaced by ssl_min_protocol


Mar 09 20:34:51 gemini dovecot[189907]: master: Dovecot v2.3.7.2 (3c910f64b) starting up for imap, lmtp (core dumps disabled)


Mar 09 20:34:51 gemini dovecot[189922]: config: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf


Mar 09 20:34:51 gemini dovecot[189922]: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:97: ssl_protocols has been replaced by ssl_min_protocol




root@gemini:/etc/postfix# systemctl restart postfix
root@gemini:/etc/postfix# ss -lnpt | grep dovecot
LISTEN 0 100* users:((“dovecot”,pid=192085,fd=35))
LISTEN 0 100* users:((“dovecot”,pid=192085,fd=37))
LISTEN 0 100 [::]:143 [::]:* users:((“dovecot”,pid=192085,fd=36))
LISTEN 0 100 [::]:993 [::]:* users:((“dovecot”,pid=192085,fd=38))


Create Virtual Mail Box Domains



The configuration file instructs postfix to look for email domains in the /etc/postfix/virtual_mailbox_domains file. Create the file:



$ sudo nano /etc/postfix/virtual_mailbox_domains


Add the information below to the file and replace with your domain name. #domain


Use the postmap command to change /etc/postfix/virtual_mailbox_domains to a format recognizable by Postfix. Run this command every time you edit the file, for instance, after adding more domains to the file.



$ sudo postmap /etc/postfix/virtual_mailbox_domains


Edit the /etc/postfix/ configuration file to enable the SMTP service.



$ sudo nano /etc/postfix/


Find the entry below.



#submission inet n – y – – smtpd

Remove the pound symbol at the beginning of the line.



submission inet n – y – – smtpd

Save and close the file.



Configure Dovecot to use secure authentication. Edit the Dovecot 10-auth.conf file.


$ sudo nano /etc/dovecot/conf.d/10-auth.conf

Find the entry below.


# disable_plaintext_auth = yes

Uncomment the setting above by removing the # character to disable plain text authorization.


disable_plaintext_auth = yes


Find the entry below.


auth_mechanisms = plain

Change the authentication mechanisms from plain to plain login.


auth_mechanisms = plain login

Disable the Dovecot default authentication behavior that requires users to have a system account to use the email service. Find the line:


!include auth-system.conf.ext

Add a pound symbol at the beginning of the line to comment it out.


#!include auth-system.conf.ext

Find the line:


#!include auth-passwdfile.conf.ext

Remove the # symbol at the beginning to enable Dovecot to use a password file.


!include auth-passwdfile.conf.ext


Save and close the file.


Edit the Dovecot password file, auth-passwdfile.conf.ext.


$ sudo nano /etc/dovecot/conf.d/auth-passwdfile.conf.ext


The file looks similar to the one shown below.


passdb {

driver = passwd-file

args = scheme=CRYPT username_format=%u /etc/dovecot/users



userdb {
driver = passwd-file
args = username_format=%u /etc/dovecot/users



Make the changes to the file, as shown below.


passdb {
driver = passwd-file
args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users


userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n


Save and close the file.


Create the /etc/dovecot/dovecot-users password file. This file is a plain text database that holds email users on your server.



nano /etc/dovecot/dovecot-users


Add the users that you want to use the email service to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace with your domain name.{plain}EXAMPLE_PASSWORD{plain}EXAMPLE_PASSWORD{plain}EXAMPLE_PASSWORD


Save and close the file.


Configure Dovecot to Use the SSL Certificate. Open the /etc/dovecot/conf.d/10-ssl.conf file.


$ sudo nano /etc/dovecot/conf.d/10-ssl.conf
Find the line:


ssl = yes
Change the ssl value from yes to required.


ssl = required
Locate the two entries below.


#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem
Change the two entries above and make sure they are pointing to the SSL certificate for your domain. For instance, if you are using the Let’s Encrypt certificate, your entries will be similar to those shown below. Replace with your domain name.


ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/
Save and close the file.
Restart the postfix and dovecot services to use the new settings.


$ sudo service postfix restart
$ sudo service dovecot restart


root@gemini:/etc/postfix# echo “This is a test email.” | mail -s “Test email” -r


The final thing to set up is forwarding, so you’ll get emails sent to root on the system at your personal, external email address.


To configure Postfix so that system-generated emails will be sent to your email address, you need to edit the /etc/aliases file.


sudo nano /etc/aliases


The full contents of the file on a default installation of Ubuntu 16.04 are as follows:


# See man 5 aliases for format
postmaster: root


With that setting, system generated emails are sent to the root user. What you want to do is edit it so that those emails are rerouted to your email address.


To accomplish that, edit the file so that it reads:




# See man 5 aliases for format
postmaster: root
root: your_email_address


Replace your_email_address with your personal email address. When finished, save and close the file. For the change to take effect, run the following command:


sudo newaliases


You may now test that it works by sending an email to the root account using:


echo “This is the body of the email” | mail -s “This is the subject line” root


root@gemini:/# cat /etc/aliases
# See man 5 aliases for format
postmaster: root
root@gemini:/# newaliases


You should receive the email at your email address. If not, check your spam folder.


Table of Contents