<p>
Dovecot is a mail delivery agent (MDA).
</p>
<p>
This tutorial shows how to configure Dovecot<br />
so that mail clients can access their mails over IMAP.
</p>

<h3>Installation</h3>
<p>
Packages for Dovecot are found in the official Debian repository:
</p>
<pre><code class="language-bash">apt install dovecot-imapd</code></pre>

<h3>Configuration</h3>
<p>
The login over IMAP needs to be enabled in the following file:
</p>
<dl class="file">
<dt><code class="filename">/etc/dovecot/conf.d/10-master.conf</code></dt>
<dd>
<pre class="file"><code class="language-plaintext">service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }

  #...
}
</code></pre>
</dd>
</dl>
<p>
SSL/TLS encryption is highly recommended when login credentials are transmitted<br />
over the internet. The SSL/TLS certificates are configured in the following file:
</p>
<dl class="file">
<dt><code class="filename">/etc/dovecot/conf.d/10-ssl.conf</code></dt>
<dd>
<pre class="file"><code class="language-plaintext">ssl_cert = &lt;/etc/letsencrypt/live/example.net/fullchain.pem
ssl_key = &lt;/etc/letsencrypt/live/example.net/privkey.pem
</code></pre>
</dd>
</dl>
<p>
Let&apos;s Encrypt certificates are valid for 90 days.<br />
<code>certbot</code> renews expired certificates automatically.<br />
Dovecot needs to reload the configuration after the certificate has been renewed.<br />
This is done automatically by placing an executable script as renewal hook:
</p>
<dl class="file">
<dt><code class="filename">/etc/letsencrypt/renewal-hooks/deploy/reload_dovecot.sh</code></dt>
<dd>
<pre class="file"><code class="language-bash">#!/bin/sh
systemctl reload dovecot.service
</code></pre>
</dd>
</dl>
<p>
The <code>maildir</code> format is often used to store mails.<br />
The location and the format of the mail storage is configured in the following file:
</p>
<dl class="file">
<dt><code class="filename">/etc/dovecot/conf.d/10-mail.conf</code></dt>
<dd>
<pre class="file"><code class="language-plaintext">mail_location = maildir:~/Maildir
</code></pre>
</dd>
</dl>

<h3>Authentication</h3>
<p>
The default configuration uses system accounts for authentication.<br />
To use a text file of user accounts for authentication,<br />
change the configuration in the following file:
</p>
<dl class="file">
<dt><code class="filename">/etc/dovecot/conf.d/10-auth.conf</code></dt>
<dd>
<pre class="file"><code class="language-plaintext">#!include auth-system.conf.ext
!include auth-passwdfile.conf.ext
</code></pre>
</dd>
</dl>
<p>
The file format for user accounts is essentially the same as for <code>/etc/passwd</code>.<br />
Fields in braces are not used by Dovecot.
</p>
<dl class="file">
<dt><code class="filename">/etc/dovecot/users</code></dt>
<dd>
<pre class="file"><code class="language-plaintext">username:crypted-password:uid:gid:(gecos):homedir:(shell):extra-fields
</code></pre>
</dd>
</dl>
<p>
To crypt a password, use the command line tool <code>mkpasswd</code>.<br />
It is part of the <code>whois</code> package.
</p>
<p>
Only Dovecot should be able to access the list of user accounts:
</p>
<pre><code class="language-bash">chown root:dovecot /etc/dovecot/users
chmod 640 /etc/dovecot/users
</code></pre>

<h3>External Links</h3>
<ul>
<li><a href="https://www.dovecot.org/" target="_blank">
https://www.dovecot.org/</a>
</li>
</ul>