Dovecot — Installation and Basic Configuration

Dovecot is an open-source IMAP and POP3 server for Linux. When Postfix handles sending and receiving mail between servers, Dovecot is what lets mail clients (Outlook, Thunderbird, mobile apps) actually retrieve messages from the mailbox.

Scope: local system users, PAM authentication, single domain.

Prerequisites

• Postfix installed and configured
• Root or sudo access
• A valid FQDN resolving to the server

Install Dovecot

Ubuntu 20.04 / 22.04 / 24.04

On Ubuntu, Dovecot is split into separate packages per protocol. Install the core plus whichever protocols you need:

sudo apt update
sudo apt install dovecot-core dovecot-imapd dovecot-pop3d -y

RHEL 8 / Rocky / AlmaLinux 8

sudo dnf install dovecot -y
sudo systemctl enable --now dovecot

RHEL 9 / Rocky / AlmaLinux 9

sudo dnf install dovecot -y
sudo systemctl enable --now dovecot

On Ubuntu, the service starts and enables automatically after install. On RHEL-based distros, enable --now is needed.

Config File Layout

All Dovecot configuration lives under /etc/dovecot/. The main file pulls in everything under conf.d/:

/etc/dovecot/
├── dovecot.conf          # Top-level; sets protocols and includes conf.d/
└── conf.d/
    ├── 10-auth.conf      # Authentication mechanisms
    ├── 10-mail.conf      # Mail location and storage format
    ├── 10-master.conf    # Service sockets and listeners
    ├── 10-ssl.conf       # TLS settings
    ├── 20-imap.conf      # IMAP-specific settings
    └── 20-pop3.conf      # POP3-specific settings

Check active (non-default) settings at any time:

doveconf -n

Step 1 — Enable Protocols

Edit /etc/dovecot/dovecot.conf and set the protocols line. Enable only what you need:

# IMAP only
protocols = imap

# POP3 only
protocols = pop3

# Both
protocols = imap pop3

Step 2 — Set Mail Location

Edit /etc/dovecot/conf.d/10-mail.conf. Find the mail_location line, uncomment it, and set your mailbox format and path.

For Maildir format (recommended — one file per message):

mail_location = maildir:~/Maildir

For mbox format (single file per folder):

mail_location = mbox:~/mail:INBOX=/var/mail/%u

Maildir is generally preferred. Use mbox only if your setup requires it.

Step 3 — Authentication

Edit /etc/dovecot/conf.d/10-auth.conf.

By default, Dovecot uses PAM against local system users — no changes are needed for a basic setup. Verify these two lines are in place:

disable_plaintext_auth = yes
auth_mechanisms = plain login

disable_plaintext_auth = yes means Dovecot rejects plaintext passwords unless the connection is TLS-encrypted. This is the secure default — do not change it unless you have a specific reason.

Step 4 — TLS

Edit /etc/dovecot/conf.d/10-ssl.conf.

TLS is enabled by default on both Ubuntu and RHEL-based packages. The default configuration ships with a self-signed certificate. For a basic setup verify:

ssl = required

To use your own certificate (recommended for production):

ssl = required
ssl_cert = </etc/pki/tls/certs/dovecot.pem      # RHEL / Rocky / AlmaLinux
ssl_key  = </etc/pki/tls/private/dovecot.key    # RHEL / Rocky / AlmaLinux

ssl = required
ssl_cert = </etc/ssl/certs/dovecot.pem           # Ubuntu
ssl_key  = </etc/ssl/private/dovecot.key         # Ubuntu

The < before each path is intentional Dovecot syntax — it reads the file contents inline. Do not omit it.

Step 5 — Create a Mailbox for a User

This example uses a user named jbloggs. Use an existing system user or create a new one.

Create the user if needed:

sudo useradd jbloggs
sudo passwd jbloggs

Create the Maildir structure for that user:

sudo mkdir -p /home/jbloggs/Maildir/{cur,new,tmp}
sudo chown -R jbloggs:jbloggs /home/jbloggs/Maildir

Step 6 — Open Firewall Ports if you are using the OS firewall.

Ubuntu 20.04 / 22.04 / 24.04

sudo ufw allow 143/tcp    # IMAP
sudo ufw allow 993/tcp    # IMAPS
sudo ufw allow 110/tcp    # POP3
sudo ufw allow 995/tcp    # POP3S

RHEL 8 / 9 — Rocky / AlmaLinux

sudo firewall-cmd --permanent --add-service=imap
sudo firewall-cmd --permanent --add-service=imaps
sudo firewall-cmd --permanent --add-service=pop3
sudo firewall-cmd --permanent --add-service=pop3s
sudo firewall-cmd --reload

Step 7 — Start and Verify

sudo systemctl restart dovecot
sudo systemctl status dovecot

Verify the config has no errors:

doveconf -n

Check logs if something is wrong:

# Ubuntu
sudo tail -f /var/log/mail.log

# RHEL / Rocky / AlmaLinux
sudo journalctl -u dovecot -f

Connect Dovecot to Postfix

For mail clients to authenticate against Dovecot's SASL when submitting mail through Postfix, add the following to /etc/postfix/main.cf:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

Then add the auth socket in /etc/dovecot/conf.d/10-master.conf under the service auth block:

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

Restart both services after this change:

sudo systemctl restart dovecot
sudo systemctl restart postfix

Mail Client Settings

Authentication: Normal password (PLAIN or LOGIN over TLS)

Unencrypted ports 143 (IMAP) and 110 (POP3) are only usable with STARTTLS. Dovecot rejects plaintext credentials on unencrypted connections by default.

Distro Differences at a Glance

Notes

• chkconfig and iptables are not used on any of the distros covered here. systemctl manages services; firewall-cmd or ufw manages firewall rules.
• CentOS 7 reached end of life in June 2024 and is no longer covered.
• TLS is enabled and disable_plaintext_auth = yes by default on all distros listed. Do not disable either without a specific reason.
• For a fresh config on RHEL-based distros: removing /etc/dovecot/ before running dnf reinstall dovecot will restore the default config files. Running dnf reinstall dovecot alone will not reset them.

Use the Feedback tab to make any comments or ask questions. You can also start a conversation with us.