howto: configure dovecot on centos/rhel 6.4

dovecot is a pop3 and imap server. it is of course open source. it goes on top of your mail transport agent (MTA) such as sendmail or postfix. as with all things difficult, it is only difficult if you do not know it.

funny thing is, i took it in my RHCE class and i still have my notes and ..they didnt work. so i had to do some research and this is the result

we will start with installing dovecot

yum -y install dovecot

next we will create the certs:

make -C /etc/pki/tls/certs dovecot.pem

answer the questions as you deem appropriate of course. next is to enable the imap and pop3 protocols support

sed -i 's/#protocols/protocols/g' /etc/dovecot/dovecot.conf

add the certs to dovecot.conf. the last line tells dovecot which permissions to use to access the mail box directory

cat >> /etc/dovecot/dovecot.conf << EOF

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
mail_access_groups = mail

after that disable plaintext authentication

sed -i 's/#disable_plaintext_auth/disable_plaintext_auth/g' /etc/dovecot/conf.d/10-auth.conf

and to add the login mechanism to dovecot

sed -i 's/= plain/= plain login/g' /etc/dovecot/conf.d/10-auth.conf

next set the correct permissions

sed -i 's/unix_listener auth-userdb {/unix_listener auth-userdb {\n\tmode = 0600, user = postfix, group = postfix/g' /etc/dovecot/conf.d/10-master.conf

finally, we should tell dovecot where to find the mail files

sed -i 's,#mail_location =,mail_location = mbox:~/mail:INBOX=/var/mail/%u,g' /etc/dovecot/conf.d/10-mail.conf 

system wise, we should also have it start automatically with the system

chkconfig dovecot on

and finally start the dovecot service

service dovecot restart

and thats it. dovecot is configured and you have both imap and pop3 services working now. the final step is verify

  mutt -f pop://user@localhost
  mutt -f pop3s://user@domain.tld

if you need to trouble shoot, the dovecot logs to /var/log/maillog


double check to ensure you have disabled other ssl lines