Tag/tag.png

Needs Updating
This article needs updating to include the latest versions of Ubuntu. More info...

Please see this mail about some reasons why this page needs to be updated.


Introduction

Dovecot is a Mail Delivery Agent, written with security primarily in mind. It supports the major mailbox formats: mbox or Maildir. It is a simple and easy to install MDA. This guide explains how to set it up as an IMAP or POP3 server.

To configure Dovecot to use LDAP for user authentication see DovecotLDAP

NOTE: Dovecot will NOT work in an encrypted directory/folder. Dovecot would just complain about permissions and wont work. One answer is to create a 2nd user account that has an unencrypted home directory. We have not tested this solution on a separate home partition, but most probably the outcome would be the same.

Installation

The installation is extremely simple, just install the at least one of the following packages:

  • dovecot-imapd
  • dovecot-pop3d

For example, using apt-get:

sudo apt-get install dovecot-imapd dovecot-pop3d

Configuration

To configure dovecot, you edit the file /etc/dovecot/dovecot.conf. There are a couple of choices which you need to make.

Choice of Protocols

The choice is broadly between two protocols: IMAP and POP3. POP3 is useful when e-mail is checked from only one computer. It is best for people who download their email and then work off-line. IMAP is the better choice when you would like to check your mail from multiple computers (at work and home, for example). IMAP has the added benefit of accessing folders on the server, allowing you to organize your e-mail, and access it from anywhere. For more information, see the wikipedia articles on POP3 and IMAP. IMAPS and POP3S are more secure than the simple IMAP and POP3 because they use SSL encryption to connect.

Once you have chosen, amend the following line in the file /etc/dovecot/dovecot.conf:

protocols = pop3 pop3s imap imaps

This enables those protocols when dovecot is started. Note: if you like, you can enable all the above protocols, or you can choose to enable just one or any number of them. In addition, add the following line in the "protocol pop3" section in the /etc/dovecot/dovecot.conf:

pop3_uidl_format = %08Xu%08Xv

Choice of Mailboxes

Recent Ubuntu releases (any since 2008)

Dovecot currently supports maildir and mbox formats. They are the most commonly used mailbox formats. They both have their own benefits, discussed here.

If you have trouble figuring out what you are using, it's most likely mbox. Maildir mails are almost always stored in ~/Maildir/ directory, which contains cur/, new/ and tmp/ subdirectories. In maildir each mail is stored in a separate file, while with the mbox format one file contains all mails in the mailbox. Files in /var/mail/ are nearly always mbox files, one for each user.

Maildir is better overall because it is more scalable and can't get corrupted so easily. So, if you have trouble figuring out what you should be using and have a choice, choose maildir.

To configure Dovecot for your mailbox format use (for maildir):

mail_location = maildir:~/Maildir

or, for mbox;

mail_location = mbox:~/mail:INBOX=/var/mail/%u

Note: You will also need to configure your MTA to transfer the incoming mail to this type of mailbox. (If you installed Postfix with instructions from the previous wiki, then choose mbox.)

Setting up Maildir

Recent Ubuntu releases (any since 2008)

Do these steps ONLY if you want Maildir. This setup will put the Maildir in each user's home directory.

If you are using Postfix as your MTA, then add the following line to your /etc/postfix/main.cf file:

home_mailbox = Maildir/

Edit /etc/dovecot/dovecot.conf:

mail_location = maildir:/home/%u/Maildir

If !include conf.d/*.conf is uncommented in /etc/dovecot/dovecot.conf, it is necessary to set mail_location in /etc/dovecot/conf.d/10-mail.conf or comment the line out. 10-mail.conf will override the mail_location in dovecot.conf. If you choose to set the mail_location in 10-mail.conf, you have to change it to:

mail_location = maildir:~/Maildir

If you want to see the config Dovecot is currently using (including the mail_location), use

dovecot -n

It's a good idea to pre-create the Maildir for future users:

sudo maildirmake.dovecot /etc/skel/Maildir
sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
sudo maildirmake.dovecot /etc/skel/Maildir/.Templates

Then, for an existing user:

sudo cp -r /etc/skel/Maildir /home/myuser/
sudo chown -R myuser:usergroup /home/myuser/Maildir
sudo chmod -R 700 /home/myuser/Maildir

Test

Start dovecot:

/etc/init.d/dovecot start

Or in newer versions (as of Ubuntu 12.10) you need to use the upstart equivalent:

start dovecot

To check that it is running, type the command

ps -A | grep dovecot

You should see the dovecot service running. If you have enabled imap, or pop3, you can also try to log in with the commands

telnet localhost pop3

or

telnet localhost imap2

If you see something like the following, the installation has been successful.

matt@kalliope:~$ telnet localhost pop3
Trying localhost...
Connected to localhost.
Escape character is '^]'.
+OK dovecot ready.

To test IMAPS (port 993), openSSL can be used:

openssl s_client -connect mail.domain.ext:993

If the server returns an "OK * DOVECOT * READY" message, you can login with:

A1 LOGIN username password

The server should return a "LOGGED IN" confirmation. To list the different folders and check if they're accessible, run:

A2 LIST "" "*"
A3 EXAMINE INBOX

If no error is returned, IMAP SSL is functioning correctly. If a server error is returned, examine "/var/log/mail.err".

Authentication

If you've gotten this far, dovecot is working but may still have to be configured so that users can login to check their mail. The simplest login method is sending the user login info in plain text and allowing access only to users that already have UNIX access (ie. in /etc/passwd) to the machine dovecot is running on. Allowing access only to users that already have UNIX access is the dovecot default, nothing has to be done to configure this. Also, plain text logins are enabled by default when using secure protocols. To enable plain text logins when not using a secure protocol, put the following line in /etc/dovecot/dovecot.conf:

disable_plaintext_auth = no

If you are using the secure protocols imaps or pop3s, plain text logins is not a problem, because the transfer is done via an encrypted connection. If you are using simply imap or pop3, and will be connecting to the server from outside your local computer or home network, it is a good idea to configure more secure authentication. For further details about how to do this, see this page on the dovecot website.

SSL

To configure Dovecot to use SSL, edit the file /etc/dovecot/dovecot.conf and amend the following lines (in some cases you may simply have to remove the # symbol from the beginning of the line):

ssl = yes

ssl_cert_file = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key_file = </etc/ssl/private/ssl-cert-snakeoil.key

The cert and key files are created automatically by Dovecot when you install it. (The keys mentioned above are actually the ones created by Postfix, however, but are suitable for use by Dovecot as well). Please note, that these keys are not signed and will give "bad signature" errors when connecting from a client. To avoid this, you can use commercial certificates, or even better, you can use your own SSL certificates. Hopefully, a guide will appear soon on this wiki on how to do this. In the meantime, here are some good ones: this guide on the Linux howto database, and this guide on the Debian Administration website.

Accessing from Outside

In order to access your mail server from another computer, you'll have to configure your firewall or router to allow connections to the server on the necessary ports:

  • IMAP - 143
  • IMAPS - 993
  • POP3 - 110
  • POP3S - 995

You'll also need to uncomment following line in /etc/dovecot/dovecot.conf:

listen = *

However, this method may cause conflicts with other servers already listening on other ports. The alternative (and probably more desirable) method, then, is to enable the specific listening ports for the protocols that are intended to be used. For example, for IMAP/IMAPS and POP3/POP3S, add to the correct protocol imap and protocol pop3 sections:

protocol imap {
     listen = *:143
     ssl_listen = *:993
     ...
     }

protocol pop3 {
     listen = *:110
     ssl_listen = *:995
     ...
     }

Email Clients

Thunderbird

To use with Thunderbird, edit the file /etc/dovecot/dovecot.conf:

protocol imap {
 ...
login_greeting_capability = yes
imap_client_workarounds = tb-extra-mailbox-sep
}

In Thunderbird, under 'Server Settings' -> Advanced, uncheck "Show only subscribed folders".

Note: The login_greeting_capability option is deprecated in later versions of Dovecot.

Related Articles

  • POP3Aggregator - this guide explains how to set up an IMAP mail server with Dovecot that will download your mail from an external POP3 server, and allow you to access the mail using any IMAP-compatible email client.

See also

Releases

This guide has been tested on Ubuntu 10.04 (Lucid). This guide has been tested on Ubuntu 14.04 (Trusty).


CategoryEmail

Dovecot (last edited 2019-04-03 20:07:17 by cm-84)