Search Site:








Edit - To Do - AllRecentChanges

Recent Changes Printable View Page History Edit Page

This page is part of the EmailServer article.

Dovecot for POP3 and IMAP

Dovecot is an excellent and flexible POP3 and IMAP mail server. Its performance is outstanding and it can be setup to manage large amounts of emails.
Docevot is part of Fedora Core/RedHat/CentOS and we don't have to do too much to make it work, although setting encrypted communications takes a bit of work.

If you haven't got it on your system, you can build it from source or just use the ubiquitous yum:

# yum install dovecot
# chkconfig dovecot --levels 235 on

First, we need to tell Dovecot where to find our emails: as you remember, we told Postfix to use maildirs in the user directories instead of the default mbox.

Edit the /etc/dovecot.conf file so that only the following lines are uncommented:

protocols = imap imaps pop3 pop3s
listen = [::]
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
login_dir = /var/run/dovecot/login
login_greeting = Welcome to oBlue.
mail_location = maildir:/mail/%u
mail_full_filesystem_access = no
maildir_copy_with_hardlinks = yes
protocol imap {
imap_max_line_length = 65536
login_greeting_capability = no
imap_client_workarounds = outlook-idle
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
protocol lda {
postmaster_address =
auth default {
mechanisms = plain
passdb pam {
userdb passwd {
user = root
dict {
plugin {

Restart Dovecot (service dovecot restart) and test it right away, trying to get email from your test administrator account through POP3 and IMAP. Note that you must have sent email to that account first so Postfix could create the proper directory structure, otherwise you'll get and error when trying to access the IMAP folder that doesn't exist yet.

SSL for IMAP and POP

In the older article for Fedora Core 4 we used stunnel to encrypt our seucred POP and IMAP channels. You can access that article on the SecureAccess page where we still use stunnel for securing email we send to the server..

To change a bit, we're going to follow Dovecot standard configuration and allow it to use SSL directly for POP3S and IMAPS.

First, remove the existing cert files, we're going to replace them later:

# rm /etc/pki/dovecot/certs/dovecot.pem

Then edit the /etc/pki/dovecot/dovecot-openssl.cnf to look suitatble for your organisation:

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)
# State or Province Name (full name)
ST=Hong Kong
# Locality Name (eg. city)
# Organization (eg. company)
O=ACME Publishing Ltd
# Organizational Unit Name (eg. section)
OU=Main Office
# Common Name (* is also possible)
# E-mail contact

[ cert_type ]
nsCertType = server

Now all we need is to run the small script that the dovecot people have nicely provided to generate the key.

   # /usr/libexec/dovecot/

Note that you may need to change the path to the exact version on your system.

That's it, you should now be able to connect to the server after configuring your client to use SSL.

< Postfix | EmailServer | AmavisdNew >

Leave your comments below
Enter your comment (no links allowed): Author:

Edit Page - Page History - Printable View - Recent Changes - WikiHelp - Search - RSS -
Page last modified on Thursday 16 February 2012, at 07:13 GMT+8 - Viewed 8399 times