CSUF LogoCSUF Site Navigation

F14 E-Mail & Spam Dovecot

Department of Electrical and Computer Engineering
Associate Professor Gregory R. Kriehn
F14 Dovecot

Dovecot acts as a secure IMAP and/or POP3 server for Linux. I find it useful to run on my server so that I can pull e-mail from it onto my laptop using the POP3 protocol whenever I am away from the university. Configuring Dovecot used to be simple, but with version 2 it has become very obtuse, so spend time examining the documentation at:


If you want to use SSL encryption when using POP3, you will have to pay for an SSL certificate, which is something that I am not willing to do. However, I am not willing to send in a password to my server using plain text authentication either, so I have chosen to use DIGEST-MD5 authentication.

Before configuring Dovecot, be sure that you have poked a hole in Port 110 to allow for POP3 connections. See my Firewall page for details.

Configuration files are located in /etc/dovecot. The main configuration file is dovecot.conf, and other files are located in /etc/dovecot/conf.d. Start by editing the /etc/dovecot/dovecot.conf file. Scroll down to the Protocols section. Add the following:
protocols = pop3
Save and exit. Next move into the conf.d subdirectory and edit the following files:


Add the following in the appropriate subsections:
disable_plaintext_auth = no
auth_mechanisms = digest-md5
Save and exit.


Add the following in the appropriate subsections:
log_path = /var/log/dovecot/dovecot.log
Save and exit. Since the log file is going to be stored in /var/log/dovecot, create the directory:
~> sudo mkdir /var/log/dovecot
While we are at it, we may as well setup log rotation for the file as well. Create a /etc/logrotate.d/dovecot file using sudo and add the following:
/var/log/dovecot/dovecot.log {
        rotate 4
Save and exit.


Since all of my mail is dumped to /var/mail/[user] on the server via fetchmail (see my fetchmail page), I want to add the following:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
Save and exit.


Add the following in the appropriate subsections:
service pop3-login{
  inet_listener pop3 {
    port = 110
  inet_listener pop3s {
Save and exit.


Comment out the PAM authentication section. Under it, add the following:
#passdb {
#  driver = pam
#  args = dovecot

passdb {
  driver = passwd-file
  args = scheme=plain-md5 username_format=%u /etc/dovecot/dovecot.password
userdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/dovecot.password
Save and exit.

Next, we need to setup a digest-md5 password. This can be done using the dovecotpw command:
~> doveadm pw -s digest-md5
Type in new password, and you will see a line similar to:
(Please note that I have used a dummy password here.) Next create a new /etc/dovecot/dovecot.password file using sudo and copy your password into the file:
Substitute your username for [user], your user id for [uid], your group id for [gid], your full name for [name], your home directory location for [home], and your shell location for [shell]. Save and exit, and change the ownership and permissions of the file:
~> sudo chown root.dovecot /etc/dovecot/dovecot.password
~> sudo chmod o-r /etc/dovecot/dovecot.password

Setup Fail2Ban with Dovecot

To use Fail2Ban with Dovecot, see the Fail2Ban page.

Restart Dovecot Daemon

Restart Dovecot.
~> sudo service dovecot restart
If everything is setup properly, you should see something similar to:  
Stopping Dovecot Imap:                                     [  OK  ]
Starting Dovecot Imap:                                     [  OK  ]
Next, on a remote computer, pull up your E-mail client, such as evolution. Click on Edit -> Preferences, select the Account name you are using, and click Edit. Click on Receiving Email, and choose POP under from the pull down menu. Type in your Server name and Username, and make sure that No encryption is selected from the drop down menu for Security. Then select DIGEST-MD5 under Authentication Type and click OK, followed by Close. You should now be able to establish a POP connection back to the server, and pull down your E-Mail.