How to install and configure Dovecot

Dovecot, an open-source and free mail server focused on security, comes installed on most Linux distros, but it is simple to install with yum:

$ yum install -y dovecot

Once the installation is complete, you can enable the service and start it with systemctl:

$ systemctl enable dovecot
$ systemctl start dovecot

Now we can work on configuring the service. Just like Postfix, there are lots of different configuration options. We will cover a few crucial options as well as ones that I personally encountered when troubleshooting and maintaining services.

Configuring Dovecot

The main configuration file is located at /etc/dovecot/dovecot.conf. There are three Dovecot configuration options we will cover: listen, protocols, and mail_location.

listen

The listen configuration option sets the IP addresses where you want the service to listen. Usually, you use an asterisk (*) here as your value, which is a wildcard meaning all IPv4 addresses. For IPv6 addresses, you would use a double colon (::). Here's how to add both:

listen = *, ::

protocols

The protocols configuration option allows you to specify which protocols you would like to support, such as IMAP and POP3. Usually, LMTP is listed here as well, which stands for the Local Mail Transfer Protocol:

protocols = imap, pop3, lmtp

mail_location

The mail_location configuration option sets where the mail is picked up from. By default, this setting is empty, which means that Dovecot attempts to locate your mail automatically. The format of the mailbox location specification option is as follows:

mailbox-format : <path> [ : key = <value> … ]

Securing Dovecot

Dovecot can be secured just like any other service. It comes with self-signed SSL certificates in the file /etc/dovecot/conf.d/10-ssl.conf. When connecting to the service for the first time, you will receive a warning message because they are self-signed and not CA certificates.

To complete the setup, you need to make sure that the ports are open in the firewall. Open the following ports for the service:

• 25 (default SMTP)
• 143 (default IMAP)
• 993 (SSL/TLS IMAP)
• 995 (SSL/TLS POP3)

With firewalld, we can open these ports as follows:

$ firewall-cmd --permanent --add-port=110/tcp --add-port=995/tcp
$ firewall-cmd --permanent --add-port=143/tcp --add-port=993/tcp
$ firewall-cmd --reload

Troubleshooting Dovecot

If you are not sure why something is happening with the service, that’s when troubleshooting comes into play. Dovecot’s mail log is usually located in /var/log/dovecot.log. (Checking the default mail log, /var/log/mail.log, may not have enough details.) You can tail the mail logs actively with tail -f /var/log/dovecot.log. Viewing the logs always provides a view into the server and service’s behavior.

One thing I learned as a system administrator is that the server logs will tell you what the server is trying to do based on how you have it set up. Based on that information, you can figure out what issue the service is having. Mailing issues can be a pain because delays can happen through middlemen that are not related to the server at all, and diagnosing these issues can take not just time, but a trained eye coming from experience.

Wrapping up

Learning where things are, the way to install services, how they function together, and how to identify problems in the logs can help in the long run when maintaining the environment. (And keeping the boss and customers happy.)