How to Enable SSL in Dovecot Mail Server

Dovecot is a free and open source POP3 and IMAP mail system that gives your server’s users access to their email. Many server installations include it out of the box as the default mail box agent, and most use it in conjunction with another mail delivery system.

Dovecot has some security features that may not be enabled by default, but it is easy to enable them and make sure your email is as secure as possible.  Among them is SSL, which encrypts connections to the POP3 or IMAP server. To enable SSL in Dovecot on a CentOS, Fedora, or Red Hat Enterprise Linux server, do the following:

1. Edit the  /etc/dovecot.conf file using your editor of choice (vi or nano)

2. Uncomment the SSL lines to make it look like this:

# Disable SSL/TLS support?
ssl_disable = no

# PEM encoded X.509 SSL/TLS certificate and private key. They’re opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/ can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf

ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem

You may also want to disable plain text logins with this line:

disable_plaintext_auth = yes

Save the file and exit. Finally, restart the dovecot server:

service dovecot restart


/etc/init.d/dovecot restart

You will also need to configure your mail client or web-based email system to connect using SSL and secure authentication. Henceforward, whenever you connect to your POP3 or IMAP mail server, it will be a secure SSL connection.