As it is with Postfix, to configure Dovecot we need to edit several files as well. Luckily Dovecot comes with sample files we can use as a basis for our own configuration.

For new installations we will use the pre-configured files, but we first need to copy them. Open a Terminal session and go into the directory ‘/usr/local/etc/dovecot‘ and then enter the following commands:

sudo cp -r /usr/local/share/doc/dovecot/example-config/ . 

For security reasons Dovecot has it’s own user account which it uses to run itself which is something we need to configure. Also Dovecot comes with a script to build self-signed SSL certificates using OpenSSL. The SSL certificate’s configuration is taken from the file ‘dovecot-openssl.cnf‘ file in the doc directory of the sourcecode. You need to edit that file and change the following settings:

default_bits = 2048

[ req_dn ]
# country (2 letter code) (your country)

# State or Province Name (full name, not required)

# Locality Name (eg. city)

# Organization (eg. company)

# Organizational Unit Name (eg. section)
OU=IMAP server

# Common Name (* is also possible)

As with Postfix the important field is the CN (Common Name) field, which should contain your server’s host name. The clients will verify that the CN matches the connected host name, otherwise they’ll say the certificate is invalid. It’s also possible to use wildcards (eg. * in the host name. They should work with most current mail clients.

If you are done than you need to edit the script that creates the SSL certificates called ‘‘. This is needed as there are some setting we like differently.

Make the following changes to the script:




When you are finished you can execute the script:

chmod a+x
sudo ./

If everything went correctly you should see a file ‘dovecot.pem‘ in the ‘/usr/local/etc/dovecot‘ directory.

Next are some of the more specific config files. First ‘conf.d/10-ssl.conf‘ for the ssl configuration. Please note that only the changes to the sample configurations are listed here.

ssl = required
ssl_cert = </usr/local/etc/dovecot/dovecot.pem
ssl_key = </usr/local/etc/dovecot/dovecot.pem

Next file is ‘conf.d/10-master.conf‘ for the services configuration.

default_login_user = _dovecot
default_internal_user = _dovecot

service auth {
  unix_listener auth-userdb {
    mode = 0660
    user = _vmail

  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = _postfix
    group = _postfix

Next file is ‘conf.d/10-auth.conf‘ for the authorization configuration.

#!include auth-system.conf.ext
!include auth-sql.conf.ext

Next file is ‘conf.d/10-mail.conf‘ for the mailbox configuration.

mail_location = maildir:/usr/local/virtual/%d/%u

mail_uid = 102
mail_gid = 102

first_valid_uid = 102
last_valid_uid = 105

Next file is ‘conf.d/auth-sql.conf.ext‘ for making the sql queries more efficient and to find the correct configuration you need to change the following:

passdb {
    driver = sql
    args = /usr/local/etc/dovecot/dovecot-sql.conf.ext

userdb {
    driver = prefetch

userdb {
    driver = sql
    args = /usr/local/etc/dovecot/dovecot-sql.conf.ext

Next up we need to edit the file ‘dovecot-sql.conf.ext’ which describes how we will connect to the MySQL database with all the user information in it.

driver = mysql

connect = host=localhost dbname=postfix user=postfix password=postfixpassword

user_query = SELECT '/usr/local/virtual/%d/%n' as home, \
  'maildir:/usr/local/virtual/%d/%n' as mail, 102 AS uid, \
  102 AS gid, concat("*:storage=", quota) AS quota \
  FROM mailbox WHERE username = "%u" AND active = "1"

password_query = SELECT username as user, password, \
 '/usr/local/virtual/%d/%n' as userdb_home, \
 'maildir:/usr/local/virtual/%d/%n' as userdb_mail, \
 102 as userdb_uid, 102 as userdb_gid FROM mailbox \
 WHERE username = '%u' AND active = '1'