Install dovecot IMAP server on RHEL7

Open firewall and add IMAP services

# Add firewall services for mail submission, imap
sudo firewall-cmd --permanent --add-service={smtp-submission,smtps,imap,imaps} 
# Reload firewall
sudo firewall-cmd --reload
# Verify services
sudo firewall-cmd --list-services 

Enforce SSL for network traffic

You can use let’s encrypt to issue certificates for your mail host, refer to below post for details

Once have certbot installed, run below command to issue certificates

sudo certbot certonly -a nginx --agree-tos --staple-ocsp --email you@example.com -d mail.yourwebsite.com

# You should have new certs generated for your mail host under /etc/letsencrypt folder, will use those certificates for later steps.

Update submission service on postfix

Update postfix submission service to allow email client sending emails

# Edit /etc/postfix/master.cf
sudo vi /etc/postfix/master.cf
# Update blow lines
submission     inet     n    -    y    -    -    smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_tls_wrappermode=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

Update certs configuration add generated certs path postfix configuration file

sudo postconf "smtpd_tls_cert_file = /etc/letsencrypt/live/mail.yourwebsite.com/fullchain.pem"

sudo postconf "smtpd_tls_key_file = /etc/letsencrypt/live/mail.yourwebsite.com/privkey.pem"

# Save and close file, then restart postfix 
sudo systemctl restart postfix

Check your postfix is listening on 587 and 465 ports

sudo ss -lnpt | grep master

Install dovecot

# Run below command to install dovecot
sudo yum install dovecot

# Check installed version
dovecot --version
# Enable dovecot service and start dovecot
sudo systemctl enable dovecot
sudo systemctl start dovecot 

# Check dovecot is running
sudo systemctl status dovecot
# Example output
● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-12-31 14:16:13 AST; 22s ago
     Docs: man:dovecot(1)
           http://wiki2.dovecot.org/
  Process: 20906 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS)

Update dovecot configuration

# Update /etc/dovecot/dovecot.conf file.
# Change protocols you want to enable.
protocols = imap pop3 lmtp

# Update mail location, edit /etc/dovecot/conf.d/10-mail.conf file
sudo vi /etc/dovecot/conf.d/10-mail.conf
# Find and update below line
mail_location = maildir:~/Maildir

# Save and close this file, then add dovecot to mail group in order to read emails
sudo gpasswd -a dovecot mail
# Update /etc/dovecot/conf.d/10-master.conf file
sudo vi /etc/dovecot/conf.d/10-master.conf 
# Update lmtp service configuration
service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   mode = 0600
   user = postfix
   group = postfix
  }
}
# Save and close file.
# Update main configuration /etc/postfix/main.cf
sudo vi /etc/postfix/main.cf
# Adding below lines to end of this file
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no
# Update /etc/dovecot/conf.d/10-auth.conf file
sudo vi /etc/dovecot/conf.d/10-auth.conf
# Find and update below lines:
disable_plaintext_auth = yes
auth_username_format = %n
auth_mechanisms = plain login

# Save and close file
# Update /etc/dovecot/conf.d/10-ssl.conf file
sudo vi /etc/dovecot/conf.d/10-ssl.conf
# Find and update below lines:
ssl = required
ssl_prefer_server_ciphers = yes
# Update certs file
ssl_cert = </etc/letsencrypt/live/mail.yourwebsite.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.yourwebsite.com/privkey.pem
# Save and close file
# Update /etc/dovecot/conf.d/10-master.conf file, configure authentication between postfix and dovecot
sudo vi /etc/dovecot/conf.d/10-master.conf
# Find and update below lines:
service auth {
    unix_listener /var/spool/postfix/private/auth {
      mode = 0600
      user = postfix
      group = postfix
    }
}
# Save and close file
# Update /etc/dovecot/conf.d/15-mailboxes.conf file, configure folders that need to be auto created
sudo vi /etc/dovecot/conf.d/15-mailboxes.conf
# Find and update below lines, same rules can be applied to Drafts, Junk, Trash and Sent folders
mailbox Trash {
    auto = create
    special_use = \Trash
}
# Save and close file

Restart postfix and dovecot server

sudo systemctl restart postfix dovecot

# Check ports dovecot is listening
sudo ss -lnpt | grep dovecot

# Example output
LISTEN     0      100          *:993                      *:*                   users:(("dovecot",pid=21114,fd=43))
LISTEN     0      100          *:995                      *:*                   users:(("dovecot",pid=21114,fd=27))
LISTEN     0      100          *:110                      *:*                   users:(("dovecot",pid=21114,fd=25))
LISTEN     0      100          *:143                      *:*                   users:(("dovecot",pid=21114,fd=41))
LISTEN     0      100       [::]:993                   [::]:*                   users:(("dovecot",pid=21114,fd=44))
LISTEN     0      100       [::]:995                   [::]:*                   users:(("dovecot",pid=21114,fd=28))
LISTEN     0      100       [::]:110                   [::]:*                   users:(("dovecot",pid=21114,fd=26))
LISTEN     0      100       [::]:143                   [::]:*                   users:(("dovecot",pid=21114,fd=42))

Now the dovecot IMAP server configuration is done, you can use thunderbird client to test if you can send and receive emails.

Leave a Comment