These are my notes for installing and configuring Dovecot IMAP Server on a postfix emailserver system running Linux Ubuntu 20 LTS.
Install Dovecot Packages
Enter the following command to install Dovecot core package and the IMAP daemon package on Ubuntu server.
apt install -y dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd
If you use POP3 to fetch emails, then also install the dovecot-pop3d package.
sudo apt install dovecot-pop3d
Check Dovecot version:
dovecot –version
Enabling IMAP/POP3 Protocol
Edit the main config file.
sudo nano /etc/dovecot/dovecot.conf
Add the following line to enable IMAP protocol.
protocols = imap
If you use POP3 to fetch emails, then also add POP3 protocol.
protocols = imap pop3
Configuring Mailbox Location
By default, Postfix and Dovecot use mbox format to store emails. Each user’s emails are stored in a single file /var/mail/username. You can run the following command to find the mail spool directory.
postconf mail_spool_directory
root@gemini:/etc/apache2/sites-enabled# postconf mail_spool_directory
mail_spool_directory = /var/mail
root@gemini:/etc/apache2/sites-enabled#
However, it is more usual to use the Maildir format to store email messages.
The config file for mailbox location is /etc/dovecot/conf.d/10-mail.conf.
nano /etc/dovecot/conf.d/10-mail.conf
The default configuration uses mbox mail format.
mail_location = mbox:~/mail:INBOX=/var/mail/%u
Change it to the following to make Dovecot use the Maildir format. Email messages will be stored under the Maildir directory under each user’s home directory.
mail_location = maildir:~/Maildir
We need to add the following line in the file. (On Ubuntu 18.04 and 20.04, this line is already in the file.)
mail_privileged_group = mail
Save and close the file. Then add dovecot to the mail group so that Dovecot can read the INBOX.
adduser dovecot mail
root@gemini:~# adduser dovecot mail
Adding user `dovecot’ to group `mail’ …
Adding user dovecot to group mail
Done.
root@gemini:~#
Using Dovecot to Deliver Email to Message Store
Although we configured Dovecot to store emails in Maildir format, by default, Postfix uses its built-in local delivery agent (LDA) to move inbound emails to the message store (inbox, sent, trash, Junk, etc), and this is by default saved in mbox format.
We need to configure Postfix to pass incoming emails to Dovecot, via the LMTP protocol, which is a simplified version of SMTP, so incoming emails will saved in Maildir format by Dovecot.
LMTP allows for a more scalable and reliable mail system. It also allows use of the sieve plugin to filter inbound messages to different folders.
Install the Dovecot LMTP Server
apt install dovecot-lmtpd
Edit the Dovecot main configuration file.
nano /etc/dovecot/dovecot.conf
Add lmtp to the supported protocols.
protocols = imap lmtp
Save and close the file. Then edit the Dovecot 10-master.conf file.
nano /etc/dovecot/conf.d/10-master.conf
Change the lmtp service definition to the following.
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
Next, edit the Postfix main configuration file.
nano /etc/postfix/main.cf
Add the following lines to the end of the file.
The first line tells Postfix to deliver incoming emails to local message store via the Dovecot LMTP server.
The second line disables SMTPUTF8 in Postfix, because Dovecot-LMTP doesn’t support this email extension.
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no
Save and close the file.
Configure the Dovecot Authentication Mechanism
Edit the authentication config file.
nano /etc/dovecot/conf.d/10-auth.conf
Uncomment the following line.
disable_plaintext_auth = yes
This will disable plaintext authentication when there’s no SSL/TLS encryption.
Then find the following line:
#auth_username_format = %Lu
Uncomment it and change its value to %n.
auth_username_format = %n
By default, when Dovecot tries to find or deliver emails for a user, it uses the full email address.
Since in this part, we only set up canonical mailbox users (using OS users as mailbox users), Dovecot can’t find the mailbox user in full domain format (username@your-domain.com).
So we need to set auth_username_format = %n to drop the domain part, then Dovecot should be able to find the mailbox user. This also allows us to use the full email address (username@your-domain.com) to log in.
ubuntu dovecot auth_username_format
Next, find the following line.
auth_mechanisms = plain
This line only enables the PLAIN authentication mechanism. LOGIN is another authentication mechanism you probably want to add to support older email clients.
auth_mechanisms = plain login
Save and close the file.
Configuring SSL/TLS Encryption
Next, edit SSL/TLS config file.
nano /etc/dovecot/conf.d/10-ssl.conf
Change ssl = yes to ssl = required to enforce encryption.
ssl = required
Then find the following lines.
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.key
By default, Dovecot uses a self-signed TLS certificate. Replace them with the following values, which specify the location of your Let’s Encrypt TLS certificate and private key. Don’t leave out the < character, this is necessary.
ssl_cert = </etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.your-domain.com/privkey.pem
ssl_cert = </etc/letsencrypt/live/mail.kevwells.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.kevwells.com/privkey.pem
Next, find the following line.
#ssl_prefer_server_ciphers = no
It’s good practice to use the server order of ciphers over that of clients, so uncomment this line and change the value to yes.
ssl_prefer_server_ciphers = yes
We can also disable inscure SSLv3, TLSv1 and TLSv1.1 by adding the following line.
ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1
Note: If using Dovecot version 2.3.x or above (as in Ubuntu 20.04), then you should add the following line instead.
This forces Dovecot to use TLSv1.2 or TLSv1.3.
Please don’t add this line if you use Dovecot version 2.2.x. ssl_min_protocol = TLSv1.2
Save and close the file.
Configuring SASL Authentication
Edit the following file.
nano /etc/dovecot/conf.d/10-master.conf
Change service auth section to the following so that Postfix can find the Dovecot authentication server.
Please be careful about the syntax.
Every opening bracket should be terminated by a closing bracket.
service auth
{ unix_listener /var/spool/postfix/private/auth
{ mode = 0660 user = postfix group = postfix }
}
Save and close the file.
Auto-create Sent and Trash Folder
Edit the below config file.
nano /etc/dovecot/conf.d/15-mailboxes.conf
To auto-create a folder, simply add the following line in the mailbox section.
auto = create
Example:
mailbox Trash
{
auto = create special_use = \Trash
}
Some common folders you will want to create includes:
Drafts, Junk, Trash and Sent.
The Sent folder will be created under the user’s home directory when the user send the first email.
The Trash folder will be created when the user deletes an email for the first time, etc.
After you save and close all above config files, restart Postfix and Dovecot.
systemctl restart postfix dovecot
Dovecot will be listening on port 143 (IMAP) and 993 (IMAPS),
as can be seen with:
ss -lnpt | grep dovecot
If there’s a configuration error, dovecot will fail to restart, so it’s a good idea to check if Dovecot is running with the following command.
systemctl status dovecot
root@gemini:/etc/dovecot/conf.d# systemctl status postfix
● postfix.service – Postfix Mail Transport Agent Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2022-03-09 20:34:54 UTC; 4s ago Process: 190752 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 190752 (code=exited, status=0/SUCCESS)
Mar 09 20:34:54 gemini systemd[1]: Starting Postfix Mail Transport Agent… Mar 09 20:34:54 gemini systemd[1]: Finished Postfix Mail Transport Agent.
root@gemini:/etc/dovecot/conf.d# systemctl status dovecot
● dovecot.service – Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-03-09 20:34:51 UTC; 11s ago Docs: man:dovecot(1) http://wiki2.dovecot.org/
Main PID: 189907 (dovecot) Tasks: 4 (limit: 2274) Memory: 6.5M CGroup: /system.slice/dovecot.service ├─189907 /usr/sbin/dovecot -F ├─189921 dovecot/anvil ├─189922 dovecot/log └─189923 dovecot/config Mar 09 20:34:51
gemini systemd[1]: Started Dovecot IMAP/POP3 email server. Mar 09 20:34:51 gemini dovecot[189907]:
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf
Mar 09 20:34:51 gemini dovecot[189907]: doveconf:
Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:97: ssl_protocols has been replaced by ssl_min_protocol
Mar 09 20:34:51 gemini dovecot[189907]: master: Dovecot v2.3.7.2 (3c910f64b) starting up for imap, lmtp (core dumps disabled)
Mar 09 20:34:51 gemini dovecot[189922]: config: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf
Mar 09 20:34:51 gemini dovecot[189922]: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:97: ssl_protocols has been replaced by ssl_min_protocol
root@gemini:/etc/dovecot/conf.d#
root@gemini:/etc/postfix# systemctl restart postfix
root@gemini:/etc/postfix# ss -lnpt | grep dovecot
LISTEN 0 100 0.0.0.0:143 0.0.0.0:* users:((“dovecot”,pid=192085,fd=35))
LISTEN 0 100 0.0.0.0:993 0.0.0.0:* users:((“dovecot”,pid=192085,fd=37))
LISTEN 0 100 [::]:143 [::]:* users:((“dovecot”,pid=192085,fd=36))
LISTEN 0 100 [::]:993 [::]:* users:((“dovecot”,pid=192085,fd=38))
root@gemini:/etc/postfix#
Create Virtual Mail Box Domains
The main.cf configuration file instructs postfix to look for email domains in the /etc/postfix/virtual_mailbox_domains file. Create the file:
$ sudo nano /etc/postfix/virtual_mailbox_domains
Add the information below to the file and replace example.com with your domain name.
example.com #domain
Use the postmap command to change /etc/postfix/virtual_mailbox_domains to a format recognizable by Postfix. Run this command every time you edit the file, for instance, after adding more domains to the file.
$ sudo postmap /etc/postfix/virtual_mailbox_domains
Edit the /etc/postfix/master.cf configuration file to enable the SMTP service.
$ sudo nano /etc/postfix/master.cf
Find the entry below.
…
#submission inet n – y – – smtpd
…
Remove the pound symbol at the beginning of the line.
…
submission inet n – y – – smtpd
…
Save and close the file.
Configure Dovecot to use secure authentication. Edit the Dovecot 10-auth.conf file.
$ sudo nano /etc/dovecot/conf.d/10-auth.conf
Find the entry below.
# disable_plaintext_auth = yes
Uncomment the setting above by removing the # character to disable plain text authorization.
disable_plaintext_auth = yes
Find the entry below.
auth_mechanisms = plain
Change the authentication mechanisms from plain to plain login.
auth_mechanisms = plain login
Disable the Dovecot default authentication behavior that requires users to have a system account to use the email service. Find the line:
!include auth-system.conf.ext
Add a pound symbol at the beginning of the line to comment it out.
#!include auth-system.conf.ext
Find the line:
#!include auth-passwdfile.conf.ext
Remove the # symbol at the beginning to enable Dovecot to use a password file.
!include auth-passwdfile.conf.ext
Save and close the file.
Edit the Dovecot password file, auth-passwdfile.conf.ext.
$ sudo nano /etc/dovecot/conf.d/auth-passwdfile.conf.ext
The file looks similar to the one shown below.
passdb {
driver = passwd-file
args = scheme=CRYPT username_format=%u /etc/dovecot/users
}
userdb {
driver = passwd-file
args = username_format=%u /etc/dovecot/users
…
}
Make the changes to the file, as shown below.
passdb {
driver = passwd-file
args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
}
Save and close the file.
Create the /etc/dovecot/dovecot-users password file. This file is a plain text database that holds email users on your server.
nano /etc/dovecot/dovecot-users
Add the users that you want to use the email service to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace example.com with your domain name.
admin@example.com:{plain}EXAMPLE_PASSWORD
info@example.com:{plain}EXAMPLE_PASSWORD
billing@example.com:{plain}EXAMPLE_PASSWORD
Save and close the file.
Configure Dovecot to Use the SSL Certificate. Open the /etc/dovecot/conf.d/10-ssl.conf file.
$ sudo nano /etc/dovecot/conf.d/10-ssl.conf
Find the line:
ssl = yes
Change the ssl value from yes to required.
ssl = required
Locate the two entries below.
#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem
Change the two entries above and make sure they are pointing to the SSL certificate for your domain. For instance, if you are using the Let’s Encrypt certificate, your entries will be similar to those shown below. Replace example.com with your domain name.
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
Save and close the file.
Restart the postfix and dovecot services to use the new settings.
$ sudo service postfix restart
$ sudo service dovecot restart
root@gemini:/etc/postfix# echo “This is a test email.” | mail -s “Test email” -r kevin@kevwells.com kevin@kevwells.com
root@gemini:/etc/postfix#
The final thing to set up is forwarding, so you’ll get emails sent to root on the system at your personal, external email address.
To configure Postfix so that system-generated emails will be sent to your email address, you need to edit the /etc/aliases file.
sudo nano /etc/aliases
The full contents of the file on a default installation of Ubuntu 16.04 are as follows:
/etc/aliases
# See man 5 aliases for format
postmaster: root
With that setting, system generated emails are sent to the root user. What you want to do is edit it so that those emails are rerouted to your email address.
To accomplish that, edit the file so that it reads:
/etc/aliases
# See man 5 aliases for format
postmaster: root
root: your_email_address
Replace your_email_address with your personal email address. When finished, save and close the file. For the change to take effect, run the following command:
sudo newaliases
You may now test that it works by sending an email to the root account using:
echo “This is the body of the email” | mail -s “This is the subject line” root
root@gemini:/# cat /etc/aliases
# See man 5 aliases for format
postmaster: root
root: kevin@kevwells.com
root@gemini:/#
root@gemini:/# newaliases
root@gemini:/#
You should receive the email at your email address. If not, check your spam folder.