Gernot Walzl


Dovecot is a mail delivery agent (MDA).

This tutorial shows how to configure Dovecot
so that mail clients can access their mails over IMAP.


Packages for Dovecot are found in the official Debian repository:

apt install dovecot-imapd


The login over IMAP needs to be enabled in the following file:

service imap-login {
  inet_listener imap {
    #port = 143
  inet_listener imaps {
    port = 993
    ssl = yes


SSL/TLS encryption is highly recommended when login credentials are transmitted
over the internet. The SSL/TLS certificates are configured in the following file:

ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/

Let's Encrypt certificates are valid for 90 days.
certbot renews expired certificates automatically.
Dovecot needs to reload the configuration after the certificate has been renewed.
This is done automatically by placing an executable script as renewal hook:

systemctl reload dovecot.service

The maildir format is often used to store mails.
The location and the format of the mail storage is configured in the following file:

mail_location = maildir:~/Maildir


The default configuration uses system accounts for authentication.
To use a text file of user accounts for authentication,
change the configuration in the following file:

#!include auth-system.conf.ext
!include auth-passwdfile.conf.ext

The file format for user accounts is essentially the same as for /etc/passwd.
Fields in braces are not used by Dovecot.


To crypt a password, use the command line tool mkpasswd.
It is part of the whois package.

Only Dovecot should be able to access the list of user accounts:

chown root:dovecot /etc/dovecot/users
chmod 640 /etc/dovecot/users

External Links

CONTENT.html 2022-05-22 3.3 KB