This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 41 and 42
Revision 41 as of 2012-07-29 19:53:43
Size: 3357
Editor: 77-56-107-63
Comment: make it clear what dovecot does or does not do
Revision 42 as of 2012-07-31 11:05:19
Size: 3518
Editor: TimoSirainen
Comment: previous text sounded like ssl=yes would be same as disable_plaintext_auth=yes
Deletions are marked like this. Additions are marked like this.
Line 43: Line 43:
If SSL is enabled, Dovecot will reject non-SSL authentication attempts. This is recommended in most situations. However, if you don't offer SSL for some reason, you'll probably want to set `disable_plaintext_auth = no`. By default `disable_plaintext_auth = yes`, which means that Dovecot will fail the authentication if the client doesn't use SSL (or use [[Authentication/Mechanisms|non-plaintext authentication]]). This is recommended in most situations, since it prevents leaking passwords. However, if you don't offer SSL for some reason, you'll probably want to set `disable_plaintext_auth = no`.

Quick Configuration

If you just want to get Dovecot running with typical configuration in a typical environment, here's what you'll have to do:

Configuration file

If you compiled and installed Dovecot from sources, Dovecot has installed only a /usr/local/etc/dovecot/README file, which contains the path to the installed example configuration files, usually /usr/local/share/doc/dovecot/example-config. Copy the dovecot.conf file and conf.d directory from the example-config directory into /usr/local/etc/dovecot/. Prebuilt packages usually install the configuration files directly into /etc/dovecot/.
You'll find the path by running doveconf -n | head -n 1.
It's a good idea to read through all the files and see what settings you might want to change.

The default configuration starts from dovecot.conf, which contains an !include conf.d/*.conf statement to read the rest of the configuration. This split of configuration files isn't a requirement to use, and it doesn't really matter which .conf file you add any particular setting, just as long as it isn't overridden in another file. You can verify with doveconf -n that everything looks as you intended.

Authentication

You'll probably be using PAM authentication. See the PAM page for how to configure it. A typical configuration with Linux would be to create /etc/pam.d/dovecot which contains:

auth    required        pam_unix.so
account required        pam_unix.so

If you're using something else, see password databases and user databases.

Mail Location

You can let Dovecot do its automatic mail location detection, but if that doesn't work, you can set the location manually in mail_location setting. See MailLocation for more information.

Mbox

Make sure that all software accessing the mboxes are using the same locking methods in the same order. The order is important to prevent deadlocking. From Dovecot's side you can change these from mbox_read_locks and mbox_write_locks settings. See MboxLocking for more information.

If you're using /var/mail/ directory for INBOXes, you may need to set mail_privileged_group = mail so Dovecot can create dotlocks there.

For better performance you may want to set mbox_very_dirty_syncs = yes option.

Maildir

For better performance you may want to set maildir_very_dirty_syncs = yes option.

Client Workarounds

Check imap_client_workarounds and pop3_client_workarounds and see if you want to enable more of them than the defaults.

SSL and Plaintext Authentication

If you intend to use SSL, set ssl_cert and ssl_key settings. Otherwise set ssl = no. Easiest way to get SSL certificates built is to use Dovecot's doc/mkcert.sh script. See SSL.

By default disable_plaintext_auth = yes, which means that Dovecot will fail the authentication if the client doesn't use SSL (or use non-plaintext authentication). This is recommended in most situations, since it prevents leaking passwords. However, if you don't offer SSL for some reason, you'll probably want to set disable_plaintext_auth = no.

NFS

If you're using NFS or some other remote filesystem that's shared between multiple computers, you should read NFS.

Running

See RunningDovecot and Logging.

None: QuickConfiguration (last edited 2018-09-30 16:16:38 by TimoSirainen)