Last updated: 2026-02-11
Dovecot TLS/SSL Configuration Guide
This guide provides recommended TLS/SSL settings for Dovecot, a secure and high-performance IMAP and POP3 mail server. TLS encryption protects email credentials and message content as they are retrieved by mail clients.
Prerequisites
- Dovecot 2.3.11.3 or later (for
ssl_min_protocolsupport; see Version Notes for older alternatives) - OpenSSL 1.1.1 or later
- A valid SSL/TLS certificate from a trusted CA
Certificate Configuration
Dovecot uses the < prefix to read file contents directly into the configuration:
ssl_cert = </etc/dovecot/ssl/fullchain.pem
ssl_key = </etc/dovecot/ssl/privkey.pem
The
<prefix is required. Without it, Dovecot treats the value as a literal string, not a file path.Path note: This guide uses custom paths under
/etc/dovecot/ssl/. Distribution defaults differ: RHEL/CentOS places certs in/etc/pki/dovecot/certs/and keys in/etc/pki/dovecot/private/. Debian/Ubuntu uses/etc/dovecot/private/.
Enable and Require TLS
Set ssl to required to enforce encrypted connections for all clients:
ssl = required
Available values:
- no -- TLS disabled
- yes -- TLS available but not required (clients can connect in plaintext)
- required -- All connections must use TLS (recommended)
Protocol Versions
Set the minimum TLS version to 1.2:
ssl_min_protocol = TLSv1.2
Cipher Suites
Configure strong cipher suites with forward secrecy:
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
For TLS 1.3 cipher suites (Dovecot 2.3.15+):
ssl_cipher_suites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Enable server cipher preference:
ssl_prefer_server_ciphers = yes
ECDH Curve
Specify the elliptic curves for key exchange:
ssl_curve_list = P-256:P-384:P-521
DH Parameters
For older clients that use DHE key exchange, generate strong DH parameters. With a modern ECDHE-only cipher list this is optional, but harmless to include:
ssl_dh = </etc/dovecot/ssl/dh.pem
Generate the DH parameters file:
openssl dhparam -out /etc/dovecot/ssl/dh.pem 4096
OCSP Stapling
Dovecot 2.3.15+ supports OCSP stapling. Provide the OCSP response via the certificate configuration:
ssl_stapling = yes
OCSP stapling support depends on your Dovecot build and OpenSSL version. Verify with
doveconf -n | grep staplingafter enabling.
Disable Plaintext Authentication Without TLS
Prevent clients from sending passwords over unencrypted connections:
auth_mechanisms = plain login
disable_plaintext_auth = yes
With ssl = required, this is redundant but provides defense in depth.
Per-Protocol Settings
If you run both IMAP and POP3, you can apply TLS settings per protocol:
protocol imap {
ssl_cert = </etc/dovecot/ssl/imap-fullchain.pem
ssl_key = </etc/dovecot/ssl/imap-privkey.pem
}
protocol pop3 {
ssl_cert = </etc/dovecot/ssl/pop3-fullchain.pem
ssl_key = </etc/dovecot/ssl/pop3-privkey.pem
}
In most cases, a single certificate for all protocols is sufficient.
Version Notes
Several TLS directives were introduced in different Dovecot releases. If you are running an older version (common on enterprise distributions), substitute or omit the following:
ssl_min_protocol-- Requires Dovecot 2.3.11.3+. RHEL 8 ships Dovecot 2.3.8, which does not have this directive. On older versions, use the legacy syntax instead:ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1ssl_cipher_suites(TLS 1.3 ciphers) -- Requires Dovecot 2.3.15+. RHEL 8 and Debian 11 ship older versions. Omit this line on older versions; TLS 1.3 will still work with default cipher selection if your OpenSSL supports it.ssl_curve_list-- Requires Dovecot 2.3.12+. Omit on older versions.ssl_stapling-- Requires Dovecot 2.3.15+. Omit on older versions.
Complete Configuration
Add these settings to /etc/dovecot/conf.d/10-ssl.conf (or your main dovecot.conf):
# Require TLS
ssl = required
# Certificate files
ssl_cert = </etc/dovecot/ssl/fullchain.pem
ssl_key = </etc/dovecot/ssl/privkey.pem
# Protocol version (requires Dovecot 2.3.11.3+)
# On older versions (e.g., RHEL 8 ships 2.3.8), use instead:
# ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1
ssl_min_protocol = TLSv1.2
# TLS 1.2 cipher suites
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
# TLS 1.3 cipher suites (requires Dovecot 2.3.15+; omit on older versions)
ssl_cipher_suites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
# Cipher preference
ssl_prefer_server_ciphers = yes
# ECDH curves (requires Dovecot 2.3.12+; omit on older versions)
ssl_curve_list = P-256:P-384:P-521
# DH parameters (optional with ECDHE-only ciphers)
ssl_dh = </etc/dovecot/ssl/dh.pem
# OCSP stapling (requires Dovecot 2.3.15+; omit on older versions)
ssl_stapling = yes
# Disable plaintext auth without TLS
disable_plaintext_auth = yes
Listener Configuration
Dovecot listens on the following default ports. Verify they are configured in /etc/dovecot/conf.d/10-master.conf:
- 143 -- IMAP with STARTTLS
- 993 -- IMAPS (implicit TLS, recommended)
- 110 -- POP3 with STARTTLS
- 995 -- POP3S (implicit TLS, recommended)
Implicit TLS (ports 993/995) is preferred over STARTTLS because the connection is encrypted from the start, with no plaintext preamble that could be intercepted.
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
Verification
Test the Dovecot configuration and restart:
doveconf -n | grep ssl
systemctl restart dovecot
Test IMAPS:
openssl s_client -connect mail.example.com:993
Test IMAP with STARTTLS:
openssl s_client -connect mail.example.com:143 -starttls imap
Check Dovecot's log for TLS connection details:
doveadm log find
journalctl -u dovecot | grep TLS