Dovecot

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver. For more detailed information, please see the official Dovecot documentation.

This article describes how to set up Dovecot for personal or small office use.

Due to breaking changes in Dovecot's configuration format in version 2.4, Arch Linux offers both the latest release and one from the 2.3 line. The latter will not receive any new features or bug fixes, other than critical security updates.

Install the dovecot package for the most recent Dovecot version, or dovecot23 for the legacy 2.3 line.

Dovecot configuration is stored in /etc/dovecot/dovecot.conf. An example file is shipped with the package.

On top of that, the developers translated legacy examples to 2.4 syntax and offer them on GitHub. The examples are provided in hope they are helpful, but the archive is not expected to be kept up to date.

dovecot_config_version must be set and it has to be the first setting in the configuration file. dovecot_storage_version also has to be set. The values of these settings should match actually used configuration syntax, names, and formats of files created by Dovecot itself.

User authentication is managed through the passdb filters.

To enable PAM passdb driver:

passdb pam {
    # Additional PAM-specific settings here, if needed.
}

The associated PAM configuration is included in /etc/pam.d/dovecot.

See passdb documentation for other drivers and the list of their settings.

To accept TLS connections, you need to obtain a certificate. This section assumes you already own one, together with the private key. Both must be in the PEM format.

First, generate parameters required for Diffie-Hellman key exchange:

$ openssl dhparam -out dhparams.pem 4096

This operation may take some time. The output goes to dhparams.pem.

Finally, configure Dovecot to use all three files:

ssl_server {
    cert_file = /path/to/fullchain.pem
    key_file = /path/to/privkey.pem
    dh_file = /path/to/dhparams.pem
}

By default Dovecot does not index the full message content, which will result in slow response times for IMAP SEARCH queries for bigger mailboxes. There is a number of FTS backends^{[dead link 2025-08-15—HTTP 404]} Dovecot can be hooked up to.

Dovecot needs a plugin for the chosen search backend. The solr plugin is included in dovecot but solr itself is not the easiest to set up. There are packages for Xapian (dovecot-fts-xapian) and Elasticsearch (dovecot-fts-elastic).

Start/enable dovecot.service.

Generate hashes with non-default hash functions:

$ doveadm pw -s SHA512-CRYPT -p "password"

Ensure that the column in the database is large enough. A warning will be emitted if it is too small.

Remember to set the password password scheme:

dovecot-sql.conf

default_pass_scheme = SHA512-CRYPT

If you cannot receive emails with multiple recipients and there is something like this is your logs:

mail postfix/pipe[663]: 72A62733: to=<user2@example.com>, relay=dovecot, delay=495, delays=495/0.01/0/0.08, dsn=4.3.5, status=deferred (mail system configuration error)
mail postfix/pipe[663]: 72A62733: to=<user1@example.com>, relay=dovecot, delay=495, delays=495/0.01/0/0.06, dsn=4.3.5, status=deferred (mail system configuration error)
mail postfix/pipe[1614231]: warning: pipe flag `D' requires dovecot_destination_recipient_limit = 1

Add dovecot_destination_recipient_limit = 1 to /etc/postfix/main.cf and reload postfix.

Dovecot 2.4 has introduced changes to the configuration files format and variable names. You need to translate your 2.3 configuration to make it compatible with 2.4. See #Configuration for more information.

As a temporary solution dovecot23 may be installed instead of dovecot.