Use Dovecot for POP3/IMAP services

Traditionally, if you wanted to set up POP3 or IMAP services on your Linux system, you would use Courier-IMAP, uw-imap, or cyrus-imapd. Vincent Danen introduces a lesser-known, but increasingly popular IMAP/POP3 server called Dovecot.

Dovecot is a high performance, secure, and fully standards-compliant IMAP/POP3 server. It also boasts a much simpler configuration setup than other IMAP servers and has a broad variety of authentication mechanisms. It also supports SSL and TLS encryption.

Many distributions are now available with Dovecot included; it may not be the default IMAP/POP3 server, but it is usually a simple install command away.

Once you have installed Dovecot, the configuration file will most likely be /etc/dovecot.conf. Many of the defaults are likely sufficient and will require little changes unless you need specific locations for the mail spool, whether to change default authentication options, and so forth.

By default, Dovecot will only act as an IMAP server, but it can act as a POP3 server as well. To do this, edit /etc/dovecot.conf and look for the protocols section:

protocols = pop3

This would tell Dovecot to act as a pure POP3 server. If you want to provide the full gambit of POP3 and IMAP, with both the regular and SSL variants, use:

protocols = pop3 pop3s imap imaps

To use SSL, you will need to appropriately set the ssl_cert_file and ssl_key_file settings, and set ssl_disable to no. The simplest way to get these certificates is to use the script that Dovecot comes with. On Mandriva Linux, this file is stored in /usr/share/doc/dovecot/. There is also a dovecot-openssl.cnf file that you will want to edit to set the SSL certificate options. Depending on where you wish to store the certificate and key file, you may want to edit as well, or change the SSLDIR variable to override the location:

# cd /usr/share/doc/dovecot
# vim dovecot-openssl.cnf
# mkdir -p /etc/ssl/dovecot/{certs,private}
# SSLDIR=/etc/ssl/dovecot sh
Generating a 1024 bit RSA private key
writing new private key to '/etc/ssl/dovecot/private/dovecot.pem'
subject= /C=CA/ST=Alberta/L=Edmonton/O=Foo Company/OU=IMAP server/
SHA1 Fingerprint=9A:23:B8:B4:0E:16:06:11:B2:FE:4E:49:C8:A8:C2:87:D8:79:1B:82

Next, edit /etc/dovecot.conf again and set the following:

ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/certs/dovecot.pem
ssl_key_file = /etc/ssl/dovecot/private/dovecot.pem

Now restart dovecot and it will authenticate against the system for users, using PAM. Dovecot does support virtual users as well, which makes it quite versatile. More information on configuring Dovecot and all the other features it provides is available on the Dovecot wiki.

Get the PDF version of this tip here.

Delivered each Tuesday, TechRepublic's free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!


Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks