Note: These instructions are identical for Leopard and Snow Leopard with some minor differences.

As it is with Postfix, to configure Dovecot we need to edit several files as well. Luckily Dovecot comes with sample files we can use as a basis for our own configuration.

For new installations we will use the pre-configured files, but we first need to copy them. Open a Terminal session and go into the directory ‘/etc/dovecot‘ and then enter the following commands:

sudo cp -r /usr/local/share/doc/dovecot/example-config/ .

For security reasons Dovecot has it’s own user account which it use to run itself. If you are still on Leopard you need to create that user in the same manner as we did for the virtual maildirectories if you are using Snow Leopard the user is already there and you can skip this:

sudo dscl . -create /Users/_dovecot
sudo dscl . -create /Users/_dovecot UserShell /usr/bin/false
sudo dscl . -create /Users/_dovecot UniqueID 104
sudo dscl . -create /Users/_dovecot PrimaryGroupID 104
sudo dscl . -create /Users/_dovecot NFSHomeDirectory /var/empty
sudo dscl . -passwd /Users/_dovecot ''

Dovecot comes with a script to build self-signed SSL certificates using OpenSSL. The SSL certificate’s configuration is taken from the file ‘dovecot-openssl.cnf‘ file in the doc directory of the sourcecode. You need to edit that file and change the following settings:

default_bits = 2048
[ req_dn ]
# country (2 letter code) (your country)
# State or Province Name (full name, not required)
# Locality Name (eg. city)
# Organization (eg. company)
# Organizational Unit Name (eg. section)
OU=IMAP server
# Common Name (* is also possible)

As with Postfix the important field is the CN (Common Name) field, which should contain your server’s host name. The clients will verify that the CN matches the connected host name, otherwise they’ll say the certificate is invalid. It’s also possible to use wildcards (eg. * in the host name. They should work with most clients.

If you are done than you need to edit the script that creates the SSL certificates called ‘‘. This is needed as there are some setting we like differently.

Make the following changes to the script:


When you are finished you can execute the script:

chmod a+x
sudo ./

If everything went correctly you should see a file ‘dovecot.pem‘ in the /etc/dovecot directory.

Next are some of the more specific config files. First ‘conf.d/10-ssl.conf‘ for the ssl configuration. Please note that only the changes to the sample configurations are listed here.

ssl = required
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/dovecot.pem

Next file is ‘conf.d/10-master.conf‘ for the services configuration.
default_login_user = _dovecot
default_internal_user = _dovecot
service auth {
  unix_listener auth-userdb {
    mode = 0660
    user = _vmail
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = _postfix
    group = _postfix

Next file is ‘conf.d/10-auth.conf‘ for the authorization configuration.

#!include auth-system.conf.ext
!include auth-sql.conf.ext

Next file is ‘conf.d/10-mail.conf‘ for the mailbox configuration.

mail_location = maildir:/usr/local/virtual/%d/%u
mail_uid = 102
mail_gid = 102
first_valid_uid = 102
last_valid_uid = 105

Next file is ‘conf.d/auth-sql.conf.ext‘ for making the sql queries more efficient you need to uncomment the following lines:

userdb {
  driver = prefetch

Next up we need to edit the file ‘dovecot-sql.conf.ext’ which describes how we will connect to the MySQL database with all the user information in it.

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfixpassword
user_query = SELECT '/usr/local/virtual/%d/%n' as home, \
  'maildir:/usr/local/virtual/%d/%n' as mail, 102 AS uid, \
  102 AS gid, concat("*:storage=", quota) AS quota \
  FROM mailbox WHERE username = "%u" AND active = "1"
password_query = SELECT username as user, password, \
 '/usr/local/virtual/%d/%n' as userdb_home, \
 'maildir:/usr/local/virtual/%d/%n' as userdb_mail, \
 102 as userdb_uid, 102 as userdb_gid FROM mailbox \
 WHERE username = '%u' AND active = '1'