Mailserver with ldap tutorial – part 2: dovecot

After we’ve setup openldap in part 1, I’m going to describe in this post how to setup dovecot. In our mailserver dovecot will have three tasks: it provides access to the mailboxes via imaps, it will destribute the mails accepted by postfix to the mailboxes (local deliviery agent) and it will provide an authentication interface for postfix

This is a post from my old blog It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

This is step 1 of the 8 step tutorial for setting up a mailserver with openldap, postfix and dovecot using virtual users. You can find the overview here.

Install dovecot

aptitude install dovecot-imapd

Create user vmail

As we are using virtual users for our mailserver we need a common user for the virtual maildirs. Create it using:

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m


Dovecot has one main config file, the /etc/dovecot/dovecot.conf. It should look similar to this:

protocols = imap imaps
disable_plaintext_auth = yes
syslog_facility = mail
ssl_cert_file = /etc/ssl/certs/cert.pem
ssl_key_file = /etc/ssl/private/key.pem

mail_uid = vmail
mail_gid = vmail
mail_privileged_group = vmail

protocol lda {
  postmaster_address =
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/vmail/dovecot-deliver.log

auth default {
  passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf

  userdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf

  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
      group = vmail
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix

As the mailbox location is stored in the ldap we have to read it from there. The configuration for that ist stored in /etc/dovecot/dovecot-ldap.conf as mentioned above.

hosts = localhost
dn = cn=dovecot,dc=cbjck,dc=de
dnpass = 
ldap_version = 3
base = ou=people,dc=cbjck,dc=de
scope = subtree

user_attrs = homeDirectory=home,mailbox=mail
user_filter = (&(objectClass=mailUser)(|(uid=%u)(maildrop=%u)(mail=%u)))

pass_attrs = uid=user, userPassword=password
pass_filter = (&(objectClass=mailUser)(|(uid=%u)(maildrop=%u)(mail=%u)))

Of course the pasword for cn=dovecot,dc=cbjck,dc=de is not!

Rotate the log with logrotate

As the logfile set in /etc/dovecot/dovecot.conf might get quite large it is a good idea to onfigure logrotate for that file. Create /etc/logrotate.d/dovecot-deliver:

<pre>/var/vmail/dovecot-deliver.log {
  rotate 14

That’s it. Dovecot is ready and we can continue to step 3: postfix.

Edited on Jan 9th 2015 for better readability.
Edited on Aug 18th 2017 for better readability


  1. Pingback: Shared mailboxes with dovecot

  2. Pingback: Mailserver with ldap tutorial - part 3: postfix

Leave a Reply

Your email address will not be published. Required fields are marked *