As it is with Postfix, to configure Dovecot we need to edit several files as well. Luckily Dovecot comes with sample files we can use as a basis for our own configuration.

For new installations we will use the pre-configured files, but we first need to copy them. Open a Terminal session and go into the directory ‘/usr/local/etc/dovecot‘ and then enter the following commands:

sudo cp -r /usr/local/share/doc/dovecot/example-config/ . 

For security reasons Dovecot has it’s own user account which it uses to run itself which is something we need to configure. Also Dovecot comes with a script to build self-signed SSL certificates using OpenSSL. The SSL certificate’s configuration is taken from the file ‘dovecot-openssl.cnf‘ file in the doc directory of the sourcecode. You need to edit that file and change the following settings:

default_bits = 2048

[ req_dn ]
# country (2 letter code) (your country)
C=NL

# State or Province Name (full name, not required)
#ST=

# Locality Name (eg. city)
L=Rotterdam

# Organization (eg. company)
O=DIYMacServer

# Organizational Unit Name (eg. section)
OU=IMAP server

# Common Name (*.example.com is also possible)
CN=*.richard5.net

As with Postfix the important field is the CN (Common Name) field, which should contain your server’s host name. The clients will verify that the CN matches the connected host name, otherwise they’ll say the certificate is invalid. It’s also possible to use wildcards (eg. *.domain.com) in the host name. They should work with most current mail clients.

If you are done than you need to edit the script that creates the SSL certificates called ‘mkcert.sh‘. This is needed as there are some setting we like differently.

Make the following changes to the script:

SSLDIR=${SSLDIR-/usr/local/etc/dovecot}

CERTDIR=$SSLDIR
KEYDIR=$SSLDIR

CERTFILE=$CERTDIR/dovecot.pem
KEYFILE=$KEYDIR/dovecot.pem

When you are finished you can execute the script:

chmod a+x mkcert.sh
sudo ./mkcert.sh

If everything went correctly you should see a file ‘dovecot.pem‘ in the ‘/usr/local/etc/dovecot‘ directory.

Next are some of the more specific config files. First ‘conf.d/10-ssl.conf‘ for the ssl configuration. Please note that only the changes to the sample configurations are listed here.

ssl = required
ssl_cert = </usr/local/etc/dovecot/dovecot.pem
ssl_key = </usr/local/etc/dovecot/dovecot.pem

Next file is ‘conf.d/10-master.conf‘ for the services configuration.

default_login_user = _dovecot
default_internal_user = _dovecot

service auth {
  unix_listener auth-userdb {
    mode = 0660
    user = _vmail
  }

  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = _postfix
    group = _postfix
  }
}

Next file is ‘conf.d/10-auth.conf‘ for the authorization configuration.

#!include auth-system.conf.ext
!include auth-sql.conf.ext

Next file is ‘conf.d/10-mail.conf‘ for the mailbox configuration.

mail_location = maildir:/usr/local/virtual/%d/%u

mail_uid = 102
mail_gid = 102

first_valid_uid = 102
last_valid_uid = 105

Next file is ‘conf.d/auth-sql.conf.ext‘ for making the sql queries more efficient and to find the correct configuration you need to change the following:

passdb {
    driver = sql
    args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
}

userdb {
    driver = prefetch
}

userdb {
    driver = sql
    args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
}

Next up we need to edit the file ‘dovecot-sql.conf.ext’ which describes how we will connect to the MySQL database with all the user information in it.

driver = mysql

connect = host=localhost dbname=postfix user=postfix password=postfixpassword

user_query = SELECT '/usr/local/virtual/%d/%n' as home, \
  'maildir:/usr/local/virtual/%d/%n' as mail, 102 AS uid, \
  102 AS gid, concat("*:storage=", quota) AS quota \
  FROM mailbox WHERE username = "%u" AND active = "1"

password_query = SELECT username as user, password, \
 '/usr/local/virtual/%d/%n' as userdb_home, \
 'maildir:/usr/local/virtual/%d/%n' as userdb_mail, \
 102 as userdb_uid, 102 as userdb_gid FROM mailbox \
 WHERE username = '%u' AND active = '1'