====== Docker: Dovecot ======

Dovecot ( [[https://doc.dovecot.org|https://doc.dovecot.org]] ) is a small, powerfull, fast and very stable IMAP- Server for storing Mails, which can be used by any Mailclient like Thunderbird, Evolution…

===== Prerequisites =====

You will need all stuff to have [[:content:serverbasics:docker-freeipa|FreeIPA]] up, having understood dockers and running those services, so that LDAPs will work.

===== Docker composer =====

Dovecot does not use any Database, as Mails will be stored in MailDir- Format, which is using Directories and Files for each Mail, so mounting the mail- Directory is enough.

In your docker_compose- Directory, create the ''docker-compose.yml'' with the following content:
<file>

services:
# Small but performant and secure Imap- Server: https://hub.docker.com/r/dovecot/dovecot
  dovecot:
    image: dovecot/dovecot:latest
#For testing:
#    image: dovecot/dovecot:latest-dev
    restart: always
    read_only: true
    stop_grace_period: 1m
    volumes:
      - dovecot_config:/etc/dovecot
      - dovecot_maildata:/srv/vmail
    tmpfs:
      - /tmp
      - /run/dovecot
      - /srv/mail
    environment:
      # Those passwords shuld not be used/only for testing
      # They will allow any username with that password to connect
      USER_PASSWORD: 'VERYSTRONGFIRSTPWD'
      DOVEADM_PASSWORD: 'VERYSTRONGSECONDPWD'
    ports:
      - "993:31993"
#Listeners from Homepage
#    POP3 on 31110, TLS 31995 (needs config file to enable, disabled by default)
#    IMAP on 31143, TLS 31993
#    Submission on 31587
#    LMTPS on 31024
#    ManageSieve on 34190
#    HTTP API on 8080
#    Metrics on 9090
    networks:
      - default

volumes:
  dovecot_config:
  dovecot_maildata:

networks:
# Still needs to be defined while without it won't enable ipv6
  default:
    driver: bridge
    enable_ipv6: true

</file>

Basically, ''docker compose up -d'' will already start your Server.
===== LDAP Password-Checks =====

In your Volume dovecot_config you will now find the directory conf.d - put some file in here like domainname.conf to have it loaded in your dovecot- config. It will overwrite all basic settings.

<file>
ssl = required
auth_allow_cleartext = no

#external connection: check SSL validity. Won't validate let's encrypt LDAP- Certs without importing CA
ssl_client_require_valid_cert = no

ssl_server {
  cert_file = /etc/dovecot/ssl/domain.tld.crt
  key_file = /etc/dovecot/ssl/domain.tld.key
}

#LDAP Auth
# Password lookup: will also do full user/pass bind to check, so this should be enough
# https://doc.dovecot.org/2.4.1/core/config/auth/databases/ldap.html#authentication-binds

#For debugging and also provides useful informations about logins
log_debug = category=auth

passdb ldap {
# will speed up check of user when using multiple queries to ldap-server like userdb- checking too
# will slow down if only one check is done per login
#  use_worker = yes
  driver = ldap
  ldap_uris = ldaps://dockerproject-ipa-1:636
  bind = yes
  bind_userdn = uid=%{user},cn=users,cn=accounts,dc=domain,dc=tld
  filter = (&(objectClass=posixAccount)(uid=%{user}))
  ldap_base = dc=domain,dc=tld
}

</file>

Change Domain, tld and your docker-hostname to match your needs.

===== SSL Setup =====

Also, you need your ACME- Certificates of Caddy copied to that Volume. I do it with the file ''cert_renew.sh''
<file>
#!/bin/bash
#Renew ACME Certs of Dovecot from Caddy
cat /home/docker/docker_volumes/dockerproject_caddy_data/_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/domain.tld/domain.tld.key> /home/docker/docker_volumes/pcserver2023_dovecot_config/_data/ssl/domain.tld.key
cat /home/docker/docker_volumes/dockerproject_caddy_data/_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/domain.tld/domain.tld.crt> /home/docker/docker_volumes/pcserver2023_dovecot_config/_data/ssl/domain.tld.crt

</file>

which i call every Day with dockers crontab.

Make sure that the files are accessible for dovecot (and if possible to noone else, not in container nor on your host).

===== Possible problems =====

Currently (02.08.2025) there are a few problems with Thunderbird and Dovecot.

==== Error: Disconnected: Too many invalid IMAP commands. ====

Have a look at the page beneath to configure Thunderbird with the settings:

  * mail.server.default.allow_utf8_accept = false
  * mail.imap.use_literal_plus = false

[[https://yellowshoes.de/2025/07/31/thunderbird-dovecot-2-4-disconnected-too-many-invalid-imap-commands/|https://yellowshoes.de/2025/07/31/thunderbird-dovecot-2-4-disconnected-too-many-invalid-imap-commands/]]