Introduction to Dovecot

I host a number of websites and users on my home webserver. I previously used the University of Washing IMAP server. It worked for a while but updates became less frequent and more modern features such as indexing were never implemented well. I instead have moved to the Dovecot IMAP server and have been very pleased with its speed and robustness.

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.

Features

Some of the most notable features of Dovecot include:

  • Dovecot is among the highest performing IMAP servers while still supporting the standard mbox and Maildir formats. The mailboxes are transparently indexed, which gives Dovecot its good performance while still providing full compatibility with existing mailbox handling tools.
  • Dovecot is standards compliant. Dovecot v1.1 passes all IMAP server standard compliancy tests while most other servers fail many of them.
  • Dovecot's indexes are self-optimizing. They contain exactly what the user's client commonly needs, no more and no less.
  • Dovecot is self-healing. It tries to fix most of the problems it notices by itself, such as broken index files. The problems are however logged so the administrator can later try to figure out what caused them.
  • Dovecot tries to be admin-friendly. Common error messages are made as easily understandable as possible. Any crash, no matter how it happened, is considered a bug that will be fixed.
  • Dovecot allows mailboxes and their indexes to be modified by multiple computers at the same time, while still performing well. This means that Dovecot works with NFS and clustered filesystems.
  • Dovecot's user authentication is extremely flexible and feature rich, supporting many different authentication databases and mechanisms.
  • Postfix 2.3+ and Exim 4.64+ users can do SMTP authentication directly against Dovecot's authentication backend without having to configure it separately.
  • Dovecot supports easy migration from many existing IMAP and POP3 servers, allowing the change to be transparent to existing users.
  • Dovecot supports workarounds for several bugs in IMAP and POP3 clients. Since the workarounds may cause the protocol exchange to be slightly less optimal, you can enable only the workarounds you need.
  • Dovecot's design and implementation is highly focused on security. Rather than taking the traditional road of just fixing vulnerabilities whenever someone happens to report them, I offer 1000 EUR of my own money to the first person to find a security hole from Dovecot.
  • Dovecot is easily extensible. Plugins can add new commands, modify existing behavior, add their own data into index files or even add support for new mailbox formats. For example quota and ACL support are completely implemented as plugins.
  • Installation

    As I use FreeBSD for my home system, I installed this from the ports tree as such. You should enable MANAGESIEVE support when you run the config step:

    cd /usr/ports/mail/dovecot
    sudo make config
    sudo make install clean
    cd /usr/ports/mail/dovecot-sieve
    sudo make install clean
    

    And you should now have dovecot installed, but not running. You now need to configure the software. On FreeBSD, an example is stored at /usr/local/share/examples/dovecot/dovecot.conf. You can copy the default version from /usr/local/share/examples/dovecot/dovecot.conf into /usr/local/etc and edit it to suit your server. At the end, I will include my full configuration file. Add dovecot_enable="YES" to your /etc/rc.conf file. Execute the following to start dovecot:

    sudo /usr/local/etc/rc.d/dovecot start
    

    If you need assistance testing the server, then please refer to my article on the IMAP Protocol. In there I show how to test authentication and receiving emails through IMAP.

    Dovecot as the LDA

    Dovecot LDA, called deliver, is a local delivery agent which takes mail from an MTA such as Sendmail and delivers it to a user's mailbox. The advantage of using Dovecot instead of the native MTA's is that Dovecot will udpate its index files with all incoming emails, thus speeding up end users email.

    Note: I use sendmail by default due to familiarity more than anything else so the examples from here below will be with that in mind.

    Now you have to configure your MTA to use it. For Sendmail, this was a bit tricky and took my quite a bit of trial and error. This is also because Dovecot was in the process of changing to its own sieve engine as the default while I was implementing this. I edited my host's .mc file in /etc/mail and added these lines to it:

    FEATURE(`local_procmail', `/usr/local/libexec/dovecot/deliver',`deliver -d $u')
    MODIFY_MAILER_FLAGS(`LOCAL', `-f')
    MAILER(procmail)
    

    Make sure you put that right before the MAILER(local) line or it will not work. After that, rebuild your config and restart sendmail as follows:

    cd /etc/mail
    sudo make install restart
    

    If all goes well, you now have Sendmail delivering email through dovecot as its LDA. At this point, I recommend that you open up several web mail clients and start sending test mails. If they don't deliver, don't fret. What happens is that if sendmail cannot deliver the emails, they simply queue up. Remove the 3 lines above and restart sendmail and they will be delivered with nothing lost. E-Mail me if you get stuck or run into any problems here.

    Sieve Plugin

    The Dovecot Sieve plugin provides mail filtering facilities at time of final message delivery using the Sieve (RFC 5228) language. By writing Sieve scripts, users can customize how messages are delivered, e.g. whether they are forwarded or stored in special folders. The Sieve language is meant to be simple, extensible and system independent. And, unlike most other mail filtering script languages, it does not allow users to execute arbitrary programs. This allows users to route emails based on subject lines or from lines, forward emails, and even reply back automatically with an out of office email.

    In order to enable sieve, you must add the following lines to your dovecot.conf configuration file:

    ##
    ## LDA specific settings
    ##                      
    
    protocol lda {
      # Address to use when sending rejection mails.
      postmaster_address = postmaster@yourdomain.com
    
      # Hostname to use in various parts of sent mails, eg. in Message-Id.
      # Default is the system's real hostname.                            
      #hostname =                                                         
    
      # Support for dynamically loadable plugins. mail_plugins is a space separated
      # list of plugins to load.                                                   
      mail_plugins = sieve                                                         
      #mail_plugin_dir = /usr/local/lib/dovecot/lda                                
    
      # If user is over quota, return with temporary failure instead of
      # bouncing the mail.                                             
      #quota_full_tempfail = no                                        
    
      # Format to use for logging mail deliveries. You can use variables:
      #  %$ - Delivery status message (e.g. "saved to INBOX")            
      #  %m - Message-ID                                                 
      #  %s - Subject                                                    
      #  %f - From address                                               
      #deliver_log_format = msgid=%m: %$                                 
    
      # Binary to use for sending mails.
      sendmail_path = /usr/sbin/sendmail
    
      # Subject: header to use for rejection mails. You can use the same variables
      # as for rejection_reason below.                                            
      #rejection_subject = Rejected: %s                                           
    
      # Human readable error message for rejection mails. You can use variables:
      #  %n = CRLF, %r = reason, %s = original subject, %t = recipient          
      #rejection_reason = Your message to <%t> was automatically rejected:%n%r  
    
      # UNIX socket path to master authentication server to find users.
      #auth_socket_path = /var/run/dovecot/auth-master                 
    }

    That enables Dovecot to act as an LDA.

    Manage Sieve

    ManageSieve service is used to manage a user's Sieve script collection. It has the following advantages over doing it directly via filesystem:

    • No need to let users log in via FTP/SFTP/etc, which could be difficult especially with virtual users.
    • ManageSieve is a standard protocol (although still a draft), so users can manage their scripts using (hopefully) user-friendly ManageSieve clients. Many webmails already include a ManageSieve client.
    • Scripts are compiled before they are installed, which guarantees that the uploaded script is valid. This prevents a user from inadvertently installing a broken Sieve script.

    On Freebsd, you should have previously selected the MANAGESIEVE option when installing Dovecot. This automatically installs the managesieve plugin for you. Linux users can go to http://wiki.dovecot.org/ManageSieve/Install for instructions on installing/compiling into their systems.

    To configure ManageSieve, you need to add the following lines, probably near where you put your sieve options, to your dovecot.conf file:

    ##
    ## ManageSieve specific settings
    ##                              
    
    protocol managesieve {
      # Login executable location.
      #login_executable = /usr/local/libexec/dovecot/managesieve-login
    
      # ManageSieve executable location. See IMAP's mail_executable above for 
      # examples how this could be changed.                                   
      #mail_executable = /usr/local/libexec/dovecot/managesieve               
    
      # Maximum ManageSieve command line length in bytes. This setting is 
      # directly borrowed from IMAP. But, since long command lines are very
      # unlikely with ManageSieve, changing this will not be very useful.  
      #managesieve_max_line_length = 65536                                 
    
      # ManageSieve logout format string:
      #  %i - total number of bytes read from client
      #  %o - total number of bytes sent to client  
      #managesieve_logout_format = bytes=%i/%o      
    
      # If, for some inobvious reason, the sieve_storage remains unset, the 
      # ManageSieve daemon uses the specification of the mail_location to find out 
      # where to store the sieve files (see explaination in README.managesieve).   
      # The example below, when uncommented, overrides any global mail_location    
      # specification and stores all the scripts in '~/mail/sieve' if sieve_storage 
      # is unset. However, you should always use the sieve_storage setting.         
      # mail_location = mbox:~/mail                                                 
    
      # To fool ManageSieve clients that are focused on timesieved you can
      # specify the IMPLEMENTATION capability that the dovecot reports to clients 
      # (default: "dovecot").                                                     
      #managesieve_implementation_string = Cyrus timsieved v2.2.13                
    }

    Additionally, you need to edit the protocols option to include managesieve as well:

    # Protocols we want to be serving: imap imaps pop3 pop3s managesieve
    # If you only want to use dovecot-auth, you can set this to "none".
    protocols = imap imaps managesieve
    

    Here is my complete dovecot.conf that you can view and use as you like. Sometimes it helps to have the whole example.

    Now you can restart your dovecot and have everything running as needed.

    sudo /usr/local/etc/rc.d/dovecot restart
    

    Troubleshooting

    http://wiki.dovecot.org/ManageSieve/Troubleshooting has some great information on troubleshooting ManageSieve.

    http://networking.ringofsaturn.com/Protocols/imap.php is an article I wrote on the IMAP protocol and includes telnet command line options you can run to test out any IMAP server.

    }