---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# dovecot
## Synopsis
[Postfix and Dovecot as mail servers (IMAP and submission).](https://www.dovecot.org/)
This application service provides email server. Two servers are used: Dovecot as IMAP server and Postfix as submission server. In addition, an auto-detection file of the email configuration is set up.
## Example
Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.
```
dovecot:
applicationservice: dovecot
provider_zone: imap
zones_name:
- ldap
- localdns
- oauth2
- reverseproxy
- smtp
values:
general.mail.domain.mail_domains:
- example.net
general.mail.domain.imap_domainname:
'0': imap.example.net
general.mail.domain.submission_domainname:
'0': submission.example.net
```
## Basic variables
### General
#### Mail configuration
Configure IMAP servers and submission to access email accounts and send emails.
##### Mail domain
This family is a leadership.
| Parameter | Comments |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **[general.mail.domain.mail_domains](dictionaries/31_dovecot.xml)**
mandatory, multiple
**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Final destination email address.
These domain names are the domain names for emails (user@*example.net*) and for auto configuration of email clients (https://*example.net*/.well-known/autoconfig/mail/config-v1.1.xml).
**Example:** example.net |
| **[general.mail.domain.imap_domainname](dictionaries/31_dovecot.xml)**
mandatory
**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | External IMAP server address.
Matches TLS connection’s SNI name, if it’s sent by the client. For some email clients, use in DNS configuration a line like "_submissions._tcp IN SRV 1 587 *imap.example.net*.".
**Example:** imap.example.net |
| **[general.mail.domain.submission_domainname](dictionaries/31_dovecot.xml)**
mandatory
**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | External submission server address.
Matches TLS connection’s SNI name, if it’s sent by the client. For some email clients, add in DNS configuration a line like "_imaps._tcp IN SRV 0 1 993 *submission.example.net*.".
**Example:** submission.example.net |
| Parameter | Comments |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **[general.mail.mail_crt_provider](dictionaries/31_dovecot.xml)**
mandatory
**Type:** [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Type of certificate autority signing external IMAP and submission domain certificates.
The certificate can be self-signed (therefore invalid by default for the client) or obtained via the Let's Encrypt service (generally valid for the client).
**Choices:**
- `self-signed` ← default
- `letsencrypt` |
## Variables
### General
#### OpenLDAP directory
##### Client
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
| **[general.ldap.client.ldapclient_family](dictionaries/31_dovecot.xml)**
mandatory
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Restrict service configuration for a LDAP family.
"all" for all families.
**Default:** all |
## Requirements services
### Mandatories
- [LocalDNS](../README.LocalDNS.md): DNS forwarder for local domain name.
- [SMTP](../README.SMTP.md): Create a SMTP relay account and authorize sending email.
- [LDAP](../README.LDAP.md): Create account and connexion to a LDAP server.
- [ReverseProxy](../README.ReverseProxy.md): Register to service to a reverse proxy server.
- [OAuth2](../README.OAuth2.md): Remote clients needing to verify OAuth2 account.
### Optionals
- [Journald](../README.Journald.md): Concentrate journal messages on one host.
## Dependances
- [base-fedora-36](../base-fedora-36/README.md): Base information of a Fedora 36.
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
- [relay-lmtp-client](../relay-lmtp-client/README.md): Application service needs interact with a Postfix server with LMTP protocol.
- [relay-mail-client](../relay-mail-client/README.md): Client SMTP.
- [ldap-client](../ldap-client/README.md): Application service needs interact with a LDAP server.
- [oauth2-client](../oauth2-client/README.md): Application service needs interact with a Oauth2 server.
- [nginx-https](../nginx-https/README.md): Nginx as HTTPS web site.
- [nginx-common](../nginx-common/README.md): Nginx common configuration.
- [reverse-proxy-client](../reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server.
## Useful for service
[roundcube](../roundcube/README.md): Roundcube, a webmail.