Note: These instructions are identical for Leopard and Snow Leopard.

Note: These instructions are only valid for Dovecot 1.x., if you have installed Dovecot 2.x please look here.

As it is with Postfix, to configure Dovecot we need to edit several files as well. Luckily Dovecot comes with sample files we can use as a basis for our own configuration.

For new installations we will use the pre-configured files, but we first need to copy them. Open a Terminal session and go into the directory ‘/etc/dovecot‘ and then enter the following commands:

sudo cp dovecot-example.conf dovecot.conf
sudo cp dovecot-sql-example.conf dovecot-sql.conf

For security reasons Dovecot has it’s own user account which it use to run itself. If you are still on Leopard you need to create that user in the same manner as we did for the virtual maildirectories if you are using Snow Leopard the user is already there and you can skip this:

sudo dscl . -create /Users/_dovecot
sudo dscl . -create /Users/_dovecot UserShell /usr/bin/false
sudo dscl . -create /Users/_dovecot UniqueID 104
sudo dscl . -create /Users/_dovecot PrimaryGroupID 104
sudo dscl . -create /Users/_dovecot NFSHomeDirectory /var/empty
sudo dscl . -passwd /Users/_dovecot ''

Dovecot comes with a script to build self-signed SSL certificates using OpenSSL. The SSL certificate’s configuration is taken from the file ‘dovecot-openssl.cnf‘ file in the doc directory of the sourcecode. You need to edit that file and change the following settings:

default_bits = 2048
[ req_dn ]
# country (2 letter code) (your country)
# State or Province Name (full name, not required)
# Locality Name (eg. city)
# Organization (eg. company)
# Organizational Unit Name (eg. section)
OU=IMAP server
# Common Name (* is also possible)

As with Postfix the important field is the CN (Common Name) field, which should contain your server’s host name. The clients will verify that the CN matches the connected host name, otherwise they’ll say the certificate is invalid. It’s also possible to use wildcards (eg. * in the host name. They should work with most clients.

If you are done than you need to edit the script that creates the SSL certificates called ‘‘. This is needed as there are some setting we like differently.

Make the following changes to the script:


When you are finished you can execute the script:

chmod a+x
sudo ./

If everything went correctly you should see a file ‘dovecot.pem‘ in the /etc/dovecot directory.

Next we will edit the ‘dovecot.conf‘ file which is the central configuration file for all protocols, delivery and authentication parameters. I’m not showing the complete file as it would be too big but only the affected portions:

protocols = imap imaps pop3 pop3s
disable_plaintext_auth =yes
ssl = yes
ssl_cert_file = /etc/dovecot/dovecot.pem
ssl_key_file = /etc/dovecot/dovecot.pem
login_user = _dovecot
mail_location =maildir:/usr/local/virtual/%d/%u
mail_uid = 102
mail_gid = 102
## Mail processes
first_valid_uid = 102
last_valid_uid = 105
protocol imap {
protocol pop3 {
protocol lda {
  postmaster_address = postmaster@yourdomain.tld
  # UNIX socket path to master authentication server to find users.
  auth_socket_path = /var/run/dovecot-auth-master
auth_executable = /usr/local/libexec/dovecot/dovecot-auth
# More verbose logging.
auth_verbose =no
# Even more verbose logging for debugging purposes.
auth_debug = no
auth default {
  mechanisms = login plain
  # SQL database
  passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  # SQL database
  userdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  user = nobody
  socket listen {
    master {
      path = /var/run/dovecot-auth-master
      mode = 0660
      user = _vmail
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = _postfix
      group = _postfix

Next up we need to edit the file ‘dovecot-sql.conf’ which describes how we will connect to the MySQL database with all the user information in it.

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfixpassword
user_query = SELECT '/usr/local/virtual/%d/%n' as home, \
  'maildir:/usr/local/virtual/%d/%n' as mail, 102 AS uid, \
  102 AS gid, concat("dirsize:storage=", quota) AS quota \
  FROM mailbox WHERE username = "%u" AND active = "1"
password_query = SELECT username as user, password, \
 '/usr/local/virtual/%d/%n' as userdb_home, \
 'maildir:/usr/local/virtual/%d/%n' as userdb_mail, \
 102 as userdb_uid, 102 as userdb_gid FROM mailbox \
 WHERE username = '%u' AND active = '1'