From Indie IT Wiki
Jump to: navigation, search

Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.



sudo nano /etc/dovecot/conf.d/10-ssl.conf

ssl_protocols = !SSLv2 !SSLv3 TLSv1.1 TLSv1.2
sudo service dovecot restart

Standard IMAP Port 143

This will stop Dovecot from opening non secure port 143 and only use secure port 993...

sudo nano /etc/dovecot/dovecot.conf
     inet_listener imap {
        # address = *
        port = 0


sudo nano /etc/dovecot/dovecot.conf
     protocols = imaps

sudo nano /etc/dovecot/conf.d/10-master.conf
     inet_listener imap {
        port = 0

Then, restart the software...

sudo service dovecot restart
sudo /etc/init.d/dovecot restart


On Ubuntu Server

This will install the IMAP daemon for Dovecot, with a self-signed SSL certificate.

sudo aptitude install -v -y dovecot-imapd
(type in the fully qualified hostname of your server when prompted, and press return)

Change the configuration files...

listen = *
mail_location = maildir:~/.maildir
#!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
!include auth-passwdfile.conf.ext

Restart dovecot...

service dovecot restart

Let's Encrypt SSL Certificate and Dovecot

sudo nano /etc/dovecot/conf.d/10-ssl.conf
ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/

sudo systemctl restart dovecot
sudo dovecot restart

openssl s_client -CAfile /etc/letsencrypt/live/ -connect localhost:993 -quiet

SSL Secure Certificate Installation (Paid For)

Switch to root user...

sudo -i

Create directories...

mkdir -p /root/misc/ssl/2016/dovecot

Change to directory...

cd /root/misc/ssl/2016

Create your CSR, send to and wait for .zip file back.

Copy your Certificate and the 3 Root Certificates into 1 file...

cat domain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > dovecot/dovecot_STAR_domain_com.crt

Copy your Key file into 1 file...

cat domain_com.key > dovecot/dovecot_STAR_domain_com.key

Put the Certificate and Key files into the OpenSSL directories...

cp -av /root/misc/ssl/2016/dovecot/dovecot_STAR_domain_com.crt /etc/ssl/certs/
cp -av /root/misc/ssl/2016/dovecot/dovecot_STAR_domain_com.key /etc/ssl/private/

Edit the Dovecot configuration...

nano /etc/dovecot/conf.d/10-ssl.conf

ssl = yes
ssl_cert = </etc/ssl/certs/dovecot_STAR_domain_com.crt
ssl_key = </etc/ssl/private/dovecot_STAR_domain_com.key

Start the server...

service dovecot restart

SSL Certificate (Self Signed)

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem -keyout /etc/ssl/private/dovecot.pem

nano /etc/dovecot/conf.d/10-ssl.conf

HOWTO: Restrict To Localhost

sudo nano /etc/dovecot/conf.d/10-master.conf
service imap-login {
  inet_listener imap {
    address =

Thanks -

HOWTO: Delete All Dovecot Index Files

find /home/user/.maildir/ -type f -name 'dovecot.index*' -print -exec rm -rf {} \;

HOWTO: List User Mailbox Folders

sudo doveadm mailbox list -u

HOWTO: Count User Mailbox Folder Messages

doveadm mailbox status -u messages Drafts

HOWTO: Create Mailbox Folder

doveadm mailbox create -u Fish

HOWTO: Test Login Credentials Via Command Line

doveadm auth test username <password>
doveadm auth test <password>

HOWTO: Move Messages

doveadm move -u email@account DESTINATION mailbox SOURCE search query


doveadm move -u 2015 mailbox Sent BEFORE 1-Jan-2016 SINCE 1-Jan-2015


dovecot: auth-worker: Fatal: master: service(auth-worker): (core dumped)

For some reason, the PAM module is now broken. After turning on verbose auth logging, the reason was shown...

dovecot: auth-worker(4660): pam(user, pam_authenticate() failed: Authentication failure (password mismatch?)

Change the system authentication module to 'shadow' by commenting out the 'pam' option...

nano /etc/dovecot/conf.d/auth-system.conf.ext
#passdb {
  #driver = pam
  # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
  # [cache_key=<key>] [<service name>]
  #args = dovecot
passdb {
  driver = shadow
  # [blocking=no]
  #args =

Error: auth: pam_unix(dovecot:auth): authentication failure

auth: pam_unix(dovecot:auth): check pass; user unknown
auth: pam_unix(dovecot:auth): authentication failure; 

This is because you are sending login details which the Linux PAM Authentication system cannot understand, because you are using the 'passwd' style of auth login.

To fix, just comment out the 'system-auth' option from the Dovecot configuration file...

sudo nano /etc/dovecot/conf.d/10-auth.conf
     #!include auth-system.conf.ext

...and restart Dovecot.

sudo service dovecot restart

AfterLogic WebMail Speed Issue With Large Mailboxes

In static/js/app.js file, locate the following line:

setTimeout(_.bind(this.getAllFolderCounts, this, iAccountId), 2000);

and replace it with:

setTimeout(_.bind(this.executeCheckMail, this, iAccountId), 2000);

Note that app.js file isn't used by default - its minified version app.min.js is used. To change that, add the following item to the array defined in data/settings/config.php file:

'labs.use-app-min-js' => false,

Also, be sure to clear browser cache to apply changes.

The effect of the modification is that list of folders is still obtained, but folder stats are only retrieved for primary folders.

AfterLogic WebMail Lite Autoresponder Missing

Upgrade Error: invoke-rc.d: dangling symlink

find /etc/rc* -type l -iname '*dovecot*' -exec rm -iv {} \;
sudo apt-get -f install

Startup Script In Ubuntu Server

cd /etc/init.d/
sudo ln -s /lib/init/upstart-job dovecot
sudo update-rc.d dovecot defaults
sudo service dovecot start

HOWTO: Generate Encrypted Password For Users File

Dovecot version 1...

openssl passwd -crypt

Dovecot version 2...

doveadm pw -s CRYPT


Secure Dovecot

disable_plaintext_auth = yes
ssl = required

Test Secure Connection / Test SSL Certificate

openssl s_client -connect localhost:imaps -CApath /etc/ssl/certs
openssl s_client -connect server:imaps -CApath /etc/ssl/certs

Secure Dovecot Using TLS Encryption

Default Ports

110: pop
143: imap
995: pop3s
993: imaps

Fetchmail To MailScanner To Sendmail To Dovecot LDA To System User (+ Sieve)

Fetchmail > MailScanner > Sendmail > Procmail > Dovecot > Sieve

Just create a ~/.procmailrc file in your user's home directory...

:0 w

...and then check the server email logs for the entries...

Jul 30 16:56:47 server1 dovecot: lda(user): msgid=<>: saved mail to INBOX

dovecot: lda(sieve): sieve: msgid=<>: sent vacation response to <>

Postfix Dovecot Virtual Users

Fetchmail To MailScanner To Dovecot LDA To Virtual User

To be done, after the one below!


The /etc/mail/virtusertable file

Sendmail To Dovecot LDA

Local > Sendmail > Dovecot LDA > Virtual User Maildir

Following -

dovecot --version


sendmail -d0.1

Version 8.14.4

/etc/mail $ ls

access access.db aliases aliases.db authinfo authinfo.db helpfile local-host-names mailertable mailertable.db statistics trusted-users virtuserdomains


VERSIONID(`$Id:,v 1.2 2004/12/07 01:59:31 g2boojum Exp $')dnl
dnl DAEMON_OPTIONS(`Port=smtp,Addr=,Name=MTA')
dnl DAEMON_OPTIONS(`Port=smtp,Addr=,Name=MTA')
define(`ALIAS_FILE', `/etc/mail/aliases')
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')
dnl FEATURE(`virtusertable')
dnl MAILER(smtp)


Mdovecot, P=/usr/libexec/dovecot/dovecot-lda,
          A=/usr/libexec/dovecot/dovecot-lda -d $u



/etc/mail/mailertable dovecot:localhost


service auth {
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    group = vmail



-rw------- 1 vmail vmail  50K 2012-08-05 21:56 fetchmail.log
drwx------ 4 vmail vmail 4.0K 2012-08-05 17:30


-rwxr-xr-x 1 root root 23K 2012-08-05 15:27 /usr/libexec/dovecot/dovecot-lda

test message

echo "message" |mail -s "test" -v |sed 's/^/ /' Connecting to [] via relay...
220 ESMTP Sendmail 8.14.4/8.14.4; Thu, 9 Aug 2012 17:20:19 +0100
>>> EHLO Hello localhost.localdomain [], pleased to meet you
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<> SIZE=51
250 2.1.0 <>... Sender ok
>>> RCPT To:<>
>>> DATA
250 2.1.5 <>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
050 <>... Connecting to localhost via dovecot...
050 <>... Sent
250 2.0.0 q79GKJWt004166 Message accepted for delivery Sent (q79GKJWt004166 Message accepted for delivery)
Closing connection to []
>>> QUIT
221 2.0.0 closing connection


Aug  9 17:20:19 vmware-gentoo-server sendmail[4165]: q79GKJN9004165: from=root, size=51, class=0, nrcpts=1, msgid=<>, relay=root@localhost
Aug  9 17:20:19 vmware-gentoo-server sm-mta[4166]: q79GKJWt004166: from=<>, size=406, class=0, nrcpts=1, msgid=<>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain []
Aug  9 17:20:19 vmware-gentoo-server sm-mta[4166]: q79GKJWt004166: to=<>, ctladdr=<> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=dovecot, pri=30406, relay=localhost, dsn=2.0.0, stat=Sent
Aug  9 17:20:19 vmware-gentoo-server sendmail[4165]: q79GKJN9004165:, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30051, relay=[] [], dsn=2.0.0, stat=Sent (q79GKJWt004166 Message accepted for delivery)


Aug 09 17:20:19 lda( Info: msgid=<>: saved mail to INBOX


Aug 09 17:20:19 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Aug 09 17:20:19 auth: Debug: passwd-file /etc/dovecot/users: Read 4 users
Aug 09 17:20:19 auth: Debug: master in: USER 1 service=lda
Aug 09 17:20:19 auth: Debug: passwd-file( lookup: file=/etc/dovecot/users
Aug 09 17:20:19 auth: Debug: master out: USER 1 uid=1000 gid=1000 home=/home/vmail/

Virtual Users

Virtual Users + System Users


!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext


service auth {
  unix_listener auth-userdb {
    mode = 0666
    #user = 
    #group = 


passdb {
  driver = passwd-file
  args = scheme=CRYPT username_format=%u /etc/dovecot/users

userdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/users



drwxr-xr-x  4 vmail        vmail 4.0K 2012-09-20 17:58 vmail

total 88K
drwxr-xr-x  4 vmail vmail 4.0K 2012-09-20 17:58 .
drwxr-xr-x 72 root  root  4.0K 2012-09-14 15:52 ..
-rw-------  1 vmail vmail 1.6K 2012-09-20 18:06 .bash_history
-rw-r--r--  1 vmail vmail  127 2011-07-11 16:44 .bash_logout
-rw-r--r--  1 vmail vmail  193 2011-07-11 16:44 .bash_profile
-rw-r--r--  1 vmail vmail  606 2012-09-19 16:56 .bashrc
-rw-------  1 vmail vmail    8 2012-09-20 17:58
-rwx------  1 vmail vmail  524 2012-09-19 17:12 .fetchmailrc
-rw-------  1 vmail vmail   87 2012-09-20 17:12 .lesshst
drwx------  2 vmail vmail 4.0K 2011-07-07 11:20 .ssh
-rw-r--r--  1 vmail vmail  43K 2012-09-20 18:13 fetchmail.log
drwx------  3 vmail vmail 4.0K 2012-09-20 17:58

Fetchmail to Dovecot Deliver LDA to Virtual Users

Internet > Fetchmail > Dovecot LDA > Virtual User Maildir

This will show you how to fetch mail from the internet and deliver it to local virtual email users. This is like taking a backup of your IMAP folder. Again, I could not find a single web page on the internet which showed this, so I am writing it down now so that someone else doesn't spend 3 hours trying to figure it out. :-(

This example is using IMAP and keeping the emails in the internet server, but you could use POP and delete the emails on the server.

Install Fetchmail

emerge fetchmail

Create the Virtual Mail User

useradd -c "Virtual Mail User" -d /home/vmail -U -m vmail
passwd vmail

Create the Fetchmail config file for the user 'vmail' (created for the Virtual Users above) which will go and get then deliver the emails.

cd /home/vmail/
touch .fetchmailrc
chown vmail:vmail .fetchmailrc
chmod 0700 .fetchmailrc
nano .fetchmailrc

This is the magic config file. The Dovecot documentation showed dovecot-lda -f $FROM_ENVELOPE -d $DEST_USERNAME but I could not get this variable to work, so hard coded it instead... at least, for now.

set daemon 300
set logfile /home/vmail/fetchmail.log
set no bouncemail
set postmaster vmail
poll protocol imap
     username "" password "mypassword" fetchall keep
     mda "/usr/libexec/dovecot/dovecot-lda -d"
preconnect "date >> /home/vmail/fetchmail.log"

Create the user database file. To generate encrypted passwords, use doveadm:-

doveadm pw -s CRYPT

Your logs will now show something like the following:-

fetchmail: 12 messages (11 seen) for at
fetchmail: reading message of 12 (1426 header octets) (10 body octets) not flushed
Sat Aug  4 20:49:16 BST 2012
Aug 04 20:49:17 lda( Info: msgid=<>: saved mail to INBOX


This facility consists of 2 parts - the ManageSieve daemon and the Sieve plugins + scripts.

Add the relevant USE flags and re-install the package...

echo "net-mail/dovecot maildir managesieve sieve" >> /etc/portage/package.use
emerge -q dovecot

Uncomment the config file line to enable the ManageSieve daemon and port...

nano /etc/dovecot/conf.d/20-managesieve.conf
protocols = $protocols sieve
service managesieve-login {
  inet_listener sieve {
    port = 4190
nano /etc/dovecot/conf.d/15-lda.conf
protocol lda {
   # Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = sieve

Restart Dovecot...

/etc/init.d/dovecot restart

Check the port is open...

netstat -ntap |grep dovecot
tcp        0      0   *               LISTEN      32135/dovecot       
tcp        0      0  *               LISTEN      32135/dovecot

Then install the Out Of Office extension for Thunderbird below...

Sieve Examples

require ["fileinto","vacation"];
# rule:[Out of Office]
if false # true
        vacation :days 1 :addresses "" :subject "Out of Office" :from "" "I am out of the office, but will reply on my return.";
# rule:[Spam]
if allof (header :contains "subject" "{Spam}", not header :contains "from" "")
        fileinto "Spam";
# rule:[Fish]
if header :contains "subject" "Fish"
        fileinto "Test";

Vacation Sieve Out Of Office Plugin for Mozilla Thunderbird

Massive Example of Sieve -

Sieve Store And Copy Messages

require "vacation";
if header :contains "From" "" {
if header :contains "To" [ "" ] {
    redirect "";


    Sieve Settings
      Server Name:
             Port: 4190
   Authentication: Use login from IMAP Account
        User Name:
Secure Connection: false


    Sieve Settings
      Server Name:
             Port: 4190
   Authentication: Use login from IMAP Account
        User Name:
Secure Connection: false

Just create a ~/.procmailrc file in your user's home directory...

:0 w

...and then check the server email logs for the entry...

dovecot: lda(sieve): sieve: msgid=<>: sent vacation response to <>

Or, a global /etc/procmailrc for the whole server...

# Use maildir-style mailbox in user's home directory
# Log actions to file
# Log synopsis of messages
# Be verbose
# Pass to Dovecot for Sieve
:0 w