Dovecot configuration

This page describes in short how to configure Dovecot.

If you are upgrading your Dovecot installation from v1.1.x to v1.2.x or v1.x to v2.x, you should also read Upgrading in the Dovecot wiki.

Dovecot v1.x

This setup uses two configuration files. dovecot.conf, the MainConfig of the Dovecot server and dovecot-sql.conf, containing the settings for passdb and userdb lookups. For more details see also AuthDatabase/SQL in the Dovecot wiki.

dovecot.conf

The following configuration example can be used as complete configuration file. You can also adjust your existing settings. Use dovecot -n | head -n 1 to locate your dovecot.conf.

Note

Please modify the postmaster_address to meet your specific needs.

# all your other settings
#disable_plaintext_auth = no
mail_location = maildir:~/Maildir
first_valid_uid = 70000
first_valid_gid = 70000
protocol lda {
  postmaster_address = postmaster@YOUR-DOMAIN.TLD
  # uncomment this to use server side filtering (Dovecot v1.0.x/v1.1.x)
  #mail_plugins = cmusieve
  # uncomment this to use server side filtering (Dovecot v1.2.x)
  #mail_plugins = sieve
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}
# uncomment this to use the ManageSieve protocol, if supported by your installation
#protocol managesieve {
#  # only valid with Dovecot v1.0.x/v1.1.x.
#  # see also: http://wiki.dovecot.org/ManageSieve/Configuration#v1.0.2BAC8-v1.1
#  sieve = ~/.dovecot.sieve
#  sieve_storage = ~/sieve
#}
auth default {
  mechanisms = cram-md5 login plain
  passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }
  userdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }
  user = doveauth
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
    }
    client {
      path = /var/spool/postfix/private/dovecot-auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}
# uncomment this if you use the ManageSieve protocol with Dovecot v1.2.x
#plugin {
#  # Sieve and ManageSieve settings
#  # see also: http://wiki.dovecot.org/ManageSieve/Configuration#v1.2
#  sieve = ~/.dovecot.sieve
#  sieve_dir = ~/sieve
#}

dovecot-sql.conf

This lines contains all information that are required by Dovecot to access the database and to do the lookups in passdb and userdb.

driver = pgsql
connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
default_pass_scheme = CRAM-MD5
password_query = SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls
user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')

Dovecot v2.x

Beginning with Dovecot version 2.0 the configuration was split into multiple files. It isn’t required to use multiple configuration files. dovecot.conf is still the most important configuration file. Use the command doveconf -n | head -n 1 to locate your dovecot.conf. You could put all settings in your dovecot.conf. You can also include multiple files into your dovecot.conf.

I personally prefer it to comment out most of the dovecot.conf and include only my local.conf, which contains all the necessary settings. You can download my local.conf and use it in your setup.

If you want to use multiple configuration files, you have to apply the following settings to the configuration files mentioned down below. Everything that isn’t mentioned, was commented out.

dovecot.conf

protocols = imap lmtp
# uncomment if your users should be able to manage their sieve scripts
#protocols = imap lmtp sieve

# uncomment if you want to use the quota plugin
#dict {
#  quota = pgsql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext
#}

See also dovecot-dict-sql.conf.ext below.

Warning

Adjust the paths of the dovecot-dict-sql.conf.ext (above) and dovecot-sql.conf.ext (below) files to suit your needs.

conf.d/10-auth.conf

auth_mechanisms = plain login cram-md5
passdb {
  driver = sql
  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
}
userdb {
  driver = sql
  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
}
#!include auth-system.conf.ext

See also dovecot-sql.conf.ext below.

conf.d/10-mail.conf

first_valid_gid = 70000
first_valid_uid = 70000
mail_access_groups = dovemail
mail_location = maildir:~/Maildir

# uncomment if you want to use the quota plugin
#mail_plugins = quota

conf.d/10-master.conf

# if you don't want to use secure imap, you have to disable the imaps listener
##service imap-login {
##  inet_listener imaps {
##    port = 0
##  }
##}

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    user = postfix
    group = postfix
    mode = 0600
  }
}

service auth {
  user = doveauth
  unix_listener auth-userdb {
  }
  unix_listener /var/spool/postfix/private/dovecot-auth {
    user = postfix
    group = postfix
    mode = 0600
  }
}

service auth-worker {
  unix_listener auth-worker {
    user = doveauth
    group = $default_internal_user
    mode = 0660
  }
  user = doveauth
}

service dict {
  unix_listener dict {
    group = dovemail
    mode = 0660
  }
}

conf.d/10-ssl.conf

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
#ssl = yes

ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem

# if you want to disable SSL/TLS, you have set 'ssl = no' and disable the
# imaps listener in conf.d/10-master.conf

conf.d/15-lda.conf

Note

Please modify the postmaster_address to meet your specific needs.

postmaster_address = postmaster@YOUR-DOMAIN.TLD
recipient_delimiter = +
protocol lda {
  # uncomment if you want to use the quota plugin
  #mail_plugins = $mail_plugins
  # uncomment if you want to use the quota and sieve plugins
  #mail_plugins = $mail_plugins sieve
}

conf.d/20-imap.conf

protocol imap {
  # uncomment if you want to use the quota plugin
  #mail_plugins = $mail_plugins imap_quota
}

conf.d/20-lmtp.conf

protocol lmtp {
  # uncomment if you want to use the quota plugin
  #mail_plugins = $mail_plugins
  # uncomment if you want to use the quota and sieve plugins
  #mail_plugins = $mail_plugins sieve
}

conf.d/90-quota.conf

# uncomment if you want to use the quota plugin
#plugin {
#  quota = dict:user:%{uid}:proxy::quota
#  quota_rule = *:storage=0:messages=0
#  quota_rule2 = Trash:storage=+100M
#}

conf.d/90-sieve.conf

# uncomment if you want to use sieve (and maybe managesieve)
#plugin {
#  recipient_delimiter = +
#  sieve = ~/.dovecot.sieve
#  sieve_dir = ~/sieve
#}

dovecot-sql.conf.ext

This file was referenced above in the passdb and userdb sections of conf.d/10-auth.conf.

driver = pgsql
connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS

password_query = \
 SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls

# uncomment this user_query if you want to use the quota plugin
#user_query = \
# SELECT home, uid, gid, mail, quota_rule FROM dovecotquotauser('%Ln', '%Ld')

# otherwise uncomment the following user_query
#user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')

iterate_query = \
 SELECT local_part AS username, domain_name.domainname AS domain \
   FROM users \
        LEFT JOIN domain_data USING (gid) \
        LEFT JOIN domain_name USING (gid)

dovecot-dict-sql.conf.ext

If you want to use the quota plugin add this lines to your dovecot-dict-sql.conf.ext. This file was referenced in the dict section of dovecot.conf.

connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
map {
  pattern = priv/quota/storage
  table = userquota
  username_field = uid
  value_field = bytes
}
map {
  pattern = priv/quota/messages
  table = userquota
  username_field = uid
  value_field = messages
}