If you just want to get Dovecot running with typical configuration in a typical environment, here's what you'll have to do:
Prebuilt packages usually install the configuration files into /etc/dovecot/. You'll find the correct path by running:
doveconf -n | head -n 1
It's a good idea to read through all the config files and see what settings you might want to change.
Installing from sources
If you compiled and installed Dovecot from sources, Dovecot has installed only a /usr/local/etc/dovecot/README file, which contains the path to the installed example configuration files, usually /usr/local/share/doc/dovecot/example-config. Copy them to etc/:
cp -r /usr/local/share/doc/dovecot/example-config/* /usr/local/etc/dovecot/
Split configuration files
The default configuration starts from dovecot.conf, which contains an !include conf.d/*.conf statement to read the rest of the configuration. The idea is that the settings are nicely grouped into different files to make it easier for new admins to scan through related settings. It doesn't matter which config file you add which setting. In the production system it's often easier to just have a single dovecot.conf file, which you can create easily using
doveconf -n > dovecot.conf
Hints about writing configuration files
- Usually it does not matter in which file you write the setting, however, later settings replace earlier ones. If you use the same section multiple times, the settings are merged together.
Boolean settings in the plugin section interprete any value as true, even 0, no and false.
To read the content of a file, for instance for the SSL certificate option, prefix the filename with a <, e.g.:
ssl_cert = </etc/ssl/certs/imap.pem
auth required pam_unix.so account required pam_unix.so
You can let Dovecot do its automatic mail location detection, but if that doesn't work, you can set the location manually in mail_location setting. See MailLocation for more information.
Make sure that all software accessing the mboxes are using the same locking methods in the same order. The order is important to prevent deadlocking. From Dovecot's side you can change these from mbox_read_locks and mbox_write_locks settings. See MboxLocking for more information.
If you're using /var/mail/ directory for INBOXes, you may need to set mail_privileged_group = mail so Dovecot can create dotlocks there.
For better performance you may want to set mbox_very_dirty_syncs = yes option.
For better performance you may want to set maildir_very_dirty_syncs = yes option.
Check imap_client_workarounds and pop3_client_workarounds and see if you want to enable more of them than the defaults.
SSL and Plaintext Authentication
If you intend to use SSL, set ssl_cert and ssl_key settings. Otherwise set ssl = no. Easiest way to get SSL certificates built is to use Dovecot's doc/mkcert.sh script. See SSL.
By default disable_plaintext_auth = yes, which means that Dovecot will fail the authentication if the client doesn't use SSL (or use non-plaintext authentication). This is recommended in most situations, since it prevents leaking passwords. However, if you don't offer SSL for some reason, you'll probably want to set disable_plaintext_auth = no.
If you're using NFS or some other remote filesystem that's shared between multiple computers, you should read NFS.