This article will show you how to install and configure dovecot on RHEL 7, dovecot is IMAP server to receive emails from other SMTP server
Open firewall and add IMAP services
# Add firewall services for mail submission, imap
sudo firewall-cmd --permanent --add-service={smtp-submission,smtps,imap,imaps}
# Reload firewall
sudo firewall-cmd --reload
# Verify services
sudo firewall-cmd --list-services Enforce SSL for network traffic
You can use let’s encrypt to issue certificates for your mail host, refer to below post for details
Once have certbot installed, run below command to issue certificates
sudo certbot certonly -a nginx --agree-tos --staple-ocsp --email you@example.com -d mail.yourwebsite.com
# You should have new certs generated for your mail host under /etc/letsencrypt folder, will use those certificates for later steps.Update submission service on postfix
Update postfix submission service to allow email client sending emails, edit /etc/postfix/master.cf
sudo vi /etc/postfix/master.cf
# Update blow lines
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/authUpdate certs configuration add generated certs path postfix configuration file
User postconf command to update certs and configuration: sudo postconf “[property] = [value]” or sudo vi /etc/postfix/main.cf
#Enable TLS Encryption when Postfix receives incoming emails
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.your-domain.com/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1Save and close file, then restart postfix
sudo systemctl restart postfixCheck your postfix is listening on 587 and 465 ports
sudo ss -lnpt | grep masterInstall dovecot
# Run below command to install dovecot
sudo yum install dovecot
# Check installed version
dovecot --version
# Enable dovecot service and start dovecot
sudo systemctl enable dovecot
sudo systemctl start dovecot
# Check dovecot is running
sudo systemctl status dovecot
# Example output
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-12-31 14:16:13 AST; 22s ago
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Process: 20906 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS)Update dovecot configuration
Update /etc/dovecot/dovecot.conf file.
sudo vi /etc/dovecot/dovecot.conf
# Change protocols you want to enable.
protocols = imap lmtp
# Update mail location, edit /etc/dovecot/conf.d/10-mail.conf file
sudo vi /etc/dovecot/conf.d/10-mail.conf
# Find and update below line
mail_location = maildir:~/Maildir
# Add below line in the file
mail_privileged_group = mail# Save and close this file, then add dovecot to mail group in order to read emails
sudo gpasswd -a dovecot mail# Update /etc/dovecot/conf.d/10-master.conf file
sudo vi /etc/dovecot/conf.d/10-master.conf
# Update lmtp service configuration
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
# Save and close file.# Update main configuration /etc/postfix/main.cf
sudo vi /etc/postfix/main.cf
# Adding below lines to end of this file
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no# Update /etc/dovecot/conf.d/10-auth.conf file
sudo vi /etc/dovecot/conf.d/10-auth.conf
# Find and update below lines:
disable_plaintext_auth = yes
auth_username_format = %Lu
auth_mechanisms = plain login
# Save and close file# Update /etc/dovecot/conf.d/10-ssl.conf file
sudo vi /etc/dovecot/conf.d/10-ssl.conf
# Find and update below lines:
ssl = required
ssl_prefer_server_ciphers = yes
# Update certs file
ssl_cert = </etc/letsencrypt/live/mail.yourwebsite.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.yourwebsite.com/privkey.pem
# Save and close file
# Uncomment below line
#ssl_dh = </etc/dovecot/dh.pem
#ssl_min_protocol = TLSv1.2Save and close file, then run below command:
sudo openssl dhparam -out /etc/dovecot/dh.pem 4096Update /etc/dovecot/conf.d/10-master.conf file, configure authentication between postfix and dovecot
sudo vi /etc/dovecot/conf.d/10-master.conf
# Find and update below lines:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0600
user = postfix
group = postfix
}
}
# Save and close fileUpdate /etc/dovecot/conf.d/15-mailboxes.conf file, configure folders that need to be auto created
sudo vi /etc/dovecot/conf.d/15-mailboxes.conf
# Find and update below lines, same rules can be applied to Drafts, Junk, Trash and Sent folders
mailbox Trash {
auto = create
special_use = \Trash
}
# Save and close fileRestart postfix and dovecot server
sudo systemctl restart postfix dovecot
# Check ports dovecot is listening
sudo ss -lnpt | grep dovecot# Example output
LISTEN 0 100 *:993 *:* users:(("dovecot",pid=21114,fd=43))
LISTEN 0 100 *:995 *:* users:(("dovecot",pid=21114,fd=27))
LISTEN 0 100 *:110 *:* users:(("dovecot",pid=21114,fd=25))
LISTEN 0 100 *:143 *:* users:(("dovecot",pid=21114,fd=41))
LISTEN 0 100 [::]:993 [::]:* users:(("dovecot",pid=21114,fd=44))
LISTEN 0 100 [::]:995 [::]:* users:(("dovecot",pid=21114,fd=28))
LISTEN 0 100 [::]:110 [::]:* users:(("dovecot",pid=21114,fd=26))
LISTEN 0 100 [::]:143 [::]:* users:(("dovecot",pid=21114,fd=42))Now the dovecot IMAP server configuration is done, you can use thunderbird client to test if you can send and receive emails.
Upgrade troubleshooting
if you encounter this error
imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters (ssl_dh setting): error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>Try to make updates like below
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pemor
openssl dhparam -out /etc/dovecot/dh.pem 4096 -days 3650Edit /etc/dovecot/conf.d/10-ssl.conf and put below line after
ssl_cert = </etc/letsencrypt/live/mail.hostname.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.hostname.com/privkey.pem
ssl_dh = </etc/dovecot/dh.pemThen restart dovecot, your email client is ready to go.