Here is how I set up dovecot.

$ doas pkg_add dovecot

In /etc/dovecot/dovecot.conf, add these lines at the very bottom:

service lmtp {
  user = vmail


You can turn on debugging, verbose ssl, and so forth as you need to help troubleshoot.

In /etc/dovecot/conf.d/10-auth.conf, I make these changes:

#!include auth-system.conf.ext
passdb {
   args = scheme=blf-crypt /etc/mail/passwd
   driver = passwd-file

userdb {
   args = uid=vmail gid=vmail home=/var/vmail/%d/%n
   driver = static

Comment out auth-system.conf.ext and add the new passdb/userdb conf settings.

In /etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:/var/vmail/%d/%n/Maildir

In /etc/dovecot/conf.d/10-ssl.conf, I make these changes:

ssl = required                                                                        
ssl_cert = </etc/ssl/
ssl_key = </etc/ssl/private/
ssl_dh_parameters_length = 2048

As hinted in the instructions in the dovecot README in /usr/local/share/doc/pkg-readmes/dovecot, you want to add to /etc/login.conf:


WARNING: You must use tabs and not spaces. If you use spaces in /etc/login.conf, the settings will not work.

NOTE: Allowing more open files than suggested in the README can help if you have many IP addresses.

Then rebuild login.conf.db:

# [ -f /etc/login.conf.db ] && cap_mkdb /etc/login.conf


$ openssl s_client -starttls imap -connect