Dovecot is a mail delivery agent (MDA).

This tutorial shows how to configure Dovecot 2.4 on Debian 13
so that mail clients can access their mails over IMAP.

Installation

Packages for Dovecot are found in the official Debian repository:

apt install dovecot-imapd

Configuration

The login over IMAP needs to be enabled in the following file:

/etc/dovecot/conf.d/10-master.conf

service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }

  #...
}

SSL/TLS encryption is highly recommended when login credentials are transmitted
over the internet. The SSL/TLS certificates are configured in the following file:

/etc/dovecot/conf.d/10-ssl.conf

ssl_server_cert_file = /etc/letsencrypt/live/example.net/fullchain.pem
ssl_server_key_file = /etc/letsencrypt/live/example.net/privkey.pem

Let's Encrypt certificates are valid for 90 days.
certbot renews expired certificates automatically.
Dovecot needs to reload the configuration after the certificate has been renewed.
This is done automatically by placing an executable script as renewal hook:

/etc/letsencrypt/renewal-hooks/deploy/reload_dovecot.sh

#!/bin/sh
systemctl reload dovecot.service

The maildir format is often used to store mails.
The location and the format of the mail storage is configured in the following file:

/etc/dovecot/conf.d/10-mail.conf

#mail_driver = mbox
#mail_home = /home/%{user|username}
#mail_path = %{home}/mail
#mail_inbox_path = /var/mail/%{user}
mail_driver = maildir
mail_path = ~/Maildir

Authentication

The default configuration uses system accounts for authentication.
To use a text file of user accounts for authentication,
change the configuration in the following files:

/etc/dovecot/conf.d/10-auth.conf

#!include auth-system.conf.ext
!include auth-passwdfile.conf.ext

/etc/dovecot/conf.d/auth-passwdfile.conf.ext

passdb passwd-file {
  default_password_scheme = crypt
  auth_username_format = %{user}
  passwd_file_path = /etc/dovecot/users
}
userdb passwd-file {
  auth_username_format=%{user}
  passwd_file_path = /etc/dovecot/users
}

The file format for user accounts is essentially the same as for /etc/passwd.
Fields in braces are not used by Dovecot.

/etc/dovecot/users

username:crypted-password:uid:gid:(gecos):homedir:(shell):extra-fields

To crypt a password, use the command line utility doveadm pw.

Only Dovecot should be able to access the list of user accounts:

chown root:dovecot /etc/dovecot/users
chmod 640 /etc/dovecot/users

External Links

• https://www.dovecot.org/