Sign in Subscribe

Dovecot IMAP server tutorial

Dovecot IMAP server tutorial
Photo by Kelly Sikkema / Unsplash

Dovecot is an open source IMAP and POP3 server.

What is an IMAP/POP3 server?

Both Internet Message Access Protocol (IMAP) and Post Office Protocol Version 3 (POP3) are Internet standard protocols used by email clients to retrieve email. An IMAP server typically listens on port number 143 and IMAP over SSL/TLS (IMAPS) is assigned the port number 993. POP3 listens on port 110 and POP3 over TLS listens on port 995.

Difference between IMAP & POP3

When an email client connects to a server using POP, it grabs all the mail on the server. It then stores every mail locally on your device, so you can access it via client. Finally, it deletes the mails from the email server before disconnecting. This means that the messages only exist on the device you downloaded them to.

Clients using IMAP leave messages on the server until the user explicitly deletes them. This and other characteristics of IMAP operation allow multiple clients to manage the same mailbox. Mails are fetched and cached locally.

Install packages

  apt install dovecot-core dovecot-ldap dovecot-lmtpd dovecot-sieve \
  dovecot-managesieved dovecot-imapd dovecot-pop3d
  • LMTP(Local Mail Transfer Protocol) is resposible for delivering mails to mailbox
  • Sieve and Managesieve packages installs packages required by dovecot to use sieve filter language. More info on sieve can be found in sieve.info.
  • Dovecot also supports Full text search with which we can search through the entrie mail including attachments. Required packages or configuration is not mentioned in this guide.

Configure Dovecot

Dovecot configuration is fairly straightforward as it requires minimal changes to default config. Each service, be it LMTP or LDAP, has a separate config file. This improves readability and ease of configuration. The files in /etc/dovecot which we use to configure dovecot are listed below.

  /etc/dovecot
  |-- conf.d
  |   |-- 10-auth.conf
  |   |-- 10-logging.conf
  |   |-- 10-mail.conf
  |   |-- 10-master.conf
  |   |-- 10-ssl.conf
  |   |-- 15-mailboxes.conf
  |   |-- 20-imap.conf
  |   |-- 20-lmtp.conf
  |   |-- 20-managesieve.conf
  |   |-- 90-plugin.conf
  |   |-- 90-quota.conf
  |   |-- 90-sieve.conf
  |   |-- auth-ldap.conf.ext
  |-- dovecot.conf
  |-- dovecot-ldap.conf.ext

Enable AUTH and LMTP service

  • All dovecot services are managed through the service configuration file 10-master.conf
  • postfix user and group is configured to own both lmtp and auth service. This is done so that postfix service can access both services.
  • LMTP, mail delivery service, by default runs on port 24 and is used to deliver mails to mailbox. We will change that to a unix socket
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
  }
}

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0600
    user = postfix
    group = postfix
  }
}
  • Authentication is configured in 10-auth.conf. Dovecot supports multiple user databases such as LDAP, MySQL, Static etc. and can use system users(users in /etc/passwd file) etc. We will use LDAP in this tutorial

Replacing the default configuration with one written below is enough to get started.

disable_plaintext_auth = yes
# username is converted to lowercase
auth_username_format = %Lu
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_mechanisms = plain login

## Password and user databases
## We can add multiple files under this
## in case the first file fails to authenticate,
## dovecot will check the next file in list
!include auth-ldap.conf.ext

Configure LDAP User Database

  • As mentioned in 10-auth.conf, LDAP is our user DB. /etc/dovecot/dovecot-ldap.conf contains LDAP config.
hosts = localhost
auth_bind = yes
auth_bind_userdn = uid=%n,ou=users,dc=example,dc=in
base = dc=example,dc=in
scope = subtree
# We link homeDirectory attr in LDAP to home in dovecot
user_attrs = homeDirectory=home
# By default, dovecot reads quota attribute in bytes. Uncomment following in such case
# user_attrs = homeDirectory=home,mailQuota=quota_rule=*:bytes=%$
# In case you want to read mail quota attribute in MB, uncomment following.
# user_attrs = homeDirectory=home,mailQuota=quota_rule=*:storage=%$M
user_filter = (&(objectClass=inetOrgPerson)(mail=%s))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=inetOrgPerson)(mail=%s))
  • With user_attrs and pass_attrs, we can take values from LDAP and use them in dovecot user and password databases. We can retrieve linked user attributes using doveadm.
$ doveadm user test
field   value
uid     111
gid     119
home    /home/test
mail    maildir:/home/test/Maildir
username_format test
  • More info about Dovecot LDAP configuration can be found in link.

Configure LMTP

  • Mail is delivered to mailbox with Local Mail Transfer Protocol (LMTP). 20-lmtp.conf is the configuration file for LMTP.
# If quota plugin is used remove uncomment following parameter.
# lmtp_rcpt_check_quota = yes
lmtp_add_received_header = yes
protocol lmtp {
  # Without quota plugin uncomment following
  mail_plugins = $mail_plugins sieve
  # With quota plugin uncomment following
  # mail_plugins = $mail_plugins quota sieve
}

Configure Mailbox

  • Mailbox root folder, /home in this case, must be owned by the user set in mail_uid, mail_gid parmas. This ensures that dovecot can create folders and store mails in root folder.
  • Following files contains mailbox related configuration options
    • 10-mail.conf: Mail directory format, owner, group configuration options etc are present.
    • 15-mailboxes.conf: Each Mailbox in user directory is configured. We can subscribe/enable both default and custom folders, can create additional folders etc for users.

10-mail.conf

  • Mailbox format is set to maildir. Dovecot supports multuple mailbox formats
  • Mailbox location, owner(file permission on system) are set
  • dovecot user and group is set as owner of all the mailboxes
  • UserDB can also be used to set mail location
# 10-mail.conf
mail_location = maildir:/home/%n/Maildir/
# In this case dovecot will use home value mentioned in user db(LDAP)
#mail_location = maildir:%{userdb:home}/Maildir

namespace inbox {
  inbox = yes
}

mail_uid = dovecot
mail_gid = dovecot
first_valid_uid = dovecot
mail_privileged_group = dovecot

15-mailboxes.conf

  • Mailboxes which needs to be subscribed automatically are configured in this file.

auto param configures whether folders should be created and subscribed. It has 3 possible values:
no : Never created automatically
create : Automatically created, but no automatic subscription
subscribe : Automatically created and subscribed

# 15-mailboxes.conf
# auto:
#   Indicates whether the mailbox with this name is automatically created
#   implicitly when it is first accessed. The user can also be automatically
#   subscribed to the mailbox after creation. The following values are
#   defined for this setting:
#
#     no        - Never created automatically.
#     create    - Automatically created, but no automatic subscription.
#     subscribe - Automatically created and subscribed.
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.

namespace inbox {
  # These mailboxes are widely used and could perhaps be created automatically:
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }

  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    auto = subscribe
    special_use = \Sent
  }
}

Configure TLS

  • TLS is used to secure IMAP or POP3 connection. 10-ssl.conf is the TLS configuration file.
ssl = yes
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
ssl_min_protocol = TLSv1.3
  • Once TLS is set up, IMAPS & POP3S can be enabled in 10-master.conf.
inet_listener imaps {
  port = 993
  ssl = yes
}
inet_listener pops {
  port = 995
  ssl = yes
}

Configure Logging

  • log_path parameter is configured in 10-logging.conf. It can have 3 possible values:
    • syslog: logs to syslog
    • /dev/stderr: logs to stderr
    • /some/path/to/dovecot.log: Dovecot log at user defined location
  • Syslog is generally preferred as underlying OS takes care of logs, rotations and such
  • More info about logging verbosity can be found in link
log_path=syslog
# mail_debug=false
# auth_debug=false
# auth_verbose=false

Configure sieve

  • Seive is a language for email filtering
  • It is an internet standard, hence it is not tied to any particular operating system or mail architecture
  • Sieve filter examples can be found in Pigeonhole Sieve examples
  • Sieve specifications can be found in link
  • Enable using 20-managesieve.conf
protocols = $protocols sieve
service managesieve-login {
 inet_listener sieve {
    port = 4190
  }
}
service managesieve {
    process_limit = 1024 
}
  • Configure sieve filter location in 90-sieve.conf
  • Following config will create a sieve folder for each user and the rules will be stored in .dovecot.sieve file
plugin {
  sieve = file:/home/%n/sieve;active=/home/%n/sieve/.dovecot.sieve
  }
  • Inorder to enable sieve plugin add sieve to mail_plugins param in 20-lmtp.conf
mail_plugins = $mail_plugins sieve

A Dovecot server with IMAP(S), POP3(S) have been set up with LMTP for mail delivery and Sieve for mail filtering.