(WHM >> Home >> Service Configuration >> Mailserver Configuration)

Overview

This interface allow you to configure the POP3 and IMAP protocols that the Dovecot® mail servers use. The options in this document only appear when you access this interface while you run the Dovecot mail server.

Email authentication requires a valid cPanel license. If your license expires, mail delivery will continue to function. However, your mail client will not authenticate with the cPanel server. You must renew your cPanel license to reenable this service.

Mailserver Configuration options

Select the desired settings for each option in the table below, and then click Save Changes.

Configuration optionDescription
Protocols Enabled

Select the checkboxes to enable a desired protocol.

This option defaults to IMAP, LMTP, and POP3.

  • You cannot disable Local Mail Transport Protocol (LMTP).
  • If you do not select an option, the system will operate in authentication-only mode.
  • cPanel’s Webmail feature requires that you enable the Internet Message Access Protocol (IMAP) protocol.


IPv6 Enabled

This allows you to enable Dovecot to listen for IPv6 address connection requests.

This option defaults to enabled.

Allow Plaintext Authentication (from remote clients)

This allows remote email clients to authenticate without encryption. Select a desired option from the menu:

  • yes — Dovecot allows remote connections to authenticate without encryption.
  • no — Dovecot only allows connections originating on the local server to authenticate without encryption. 

This option defaults to yes.

We recommend that you set this option to no if you wish to require remote webmail logins to use encryption.


SSL Cipher List
The list of ciphers, in standard format, that the mail server uses to connect to your server with the POP3 protocol. For more information, read OpenSSL's ciphers documentation.
This option defaults to a PCI-compliant SSL cipher.
SSL Protocols

The list of SSL protocols that the mail server uses.

cPanel, L.L.C. only supports the Transport Layer Security (TLS) version 1.2 protocol. We strongly recommend that you do not disable this protocol on your server. This is a security risk.

This option defaults to TLSv1.2.

Maximum Number of Mail Processes

The maximum number of mail processes that may run at one time.

This option defaults to 512.

Process Memory Limit for Mail (MB)

The maximum memory usage of the IMAP and POP3 processes, in Megabytes. High limits should not affect server performance. These processes mostly read memory-mapped files.

This option defaults to 512.

Maximum IMAP Connections Per IP Address

The maximum number of simultaneous IMAP connections a single IP address can make at one time.

This option defaults to 20.

The system only applies this setting if you enabled an IMAP protocol. 


Interval between IMAP IDLE "OK Still here" messages

The number of minutes between IMAP IDLE "OK Still here" messages.

This option defaults to 24.

Increase this number to help improve battery life for mobile clients.


Maximum POP3 Connections per IP Address

The maximum number of simultaneous POP3 connections a single IP address can make at one time.

This option defaults to 3.

The system only applies this setting if you enabled the POP3 protocol.


Number of Spare Authentication Processes

The number of spare authentication processes to run to listen for new connections.

This option defaults to 2.

Maximum Number of Authentication Processes

The maximum number of authentication daemons that can simultaneously run. Consider the needs of your mail server before entering a value that is not the default value.

This option defaults to 50.

  • A high number of authentication daemons can slow your server's performance. These daemons can consume large amounts of system resources.
  • A low number of authentication daemons can slow your server's performance. This is because there is a lack of daemons to authenticate each session.


Process Memory Limit for Authentication (MB)

The maximum amount of memory that the IMAP and POP3 authentication processes may use, in Megabytes.

This option defaults to 128.

Size of Authentication Cache (MB)

The maximum amount of space on the hard drive that the cache file may use, in Megabytes. This cache file contains validated logins. This file allows the mail server to retrieve mail multiple times before it must check login credentials again.

This option defaults to 1M.

The value that you input cannot exceed four characters. This includes the required M character (for example, 100M).


Time to Cache Successful Logins

The amount of time, in seconds, that the cache file stores a successful login attempt's record.

This option defaults to 3600.

A lower value may decrease the likelihood of problems when users update their passwords.


Time to Cache Failed Logins

The amount of time, in seconds, that the cache file stores a failed login attempt's record.

This option defaults to 3600.

A lower value may decrease the likelihood of problems when users update their passwords.


Use New Authentication Process for Each Connection

Whether the mail server uses a newly-created authentication process each time that a connection attempt occurs.

This option defaults to No.

If you select the yes option, this can improve Dovecot authentication security. However, this may degrade the performance of a heavily-loaded server.


Process Memory Limit: config (MB)

The maximum virtual memory size (VSZ) of Dovecot’s internal config service, in Megabytes. Each SSL/TLS certificate tracked by Dovecot requires additional memory. To ensure that Dovecot runs correctly, increase this value on servers with many domains.

This option defaults to 2048.

  • We recommend that you set this value to at least 512.
  • This value cannot be lower than 128.


Idle Check Interval

The amount of time, in seconds, between updates to idle IMAP connections.

This option defaults to 30.

  • We recommend that you use the default setting (30 seconds).
  • Lowering this value causes idle clients to see new messages faster. However, a lower value may also slightly increase your server load.


Include Trash in Quota

Whether the system counts email messages in the Trash folder against a user's quota.

This option defaults to disabled.

When you adjust this option, the system does not update existing quotas. You must run the following command as the root user to recalculate existing quotas:

/usr/local/cpanel/scripts/generate_maildirsize --allaccounts --confirm



Compress Messages

This allows the system to compress recently created and delivered messages. This can help you to manage your server's disk space. You can access the compressed messages via Dovecot's mdbox format.

The system will only compress messages after you enable this option. It does not compress existing messages.

This option defaults to disabled.

Compression Level

The compression level at which to save messages. The system uses this option when you enable the Compress Messages setting.

Enter an integer between 0 and 9, where 0 is the default compression level and 9 is the highest compression level. For more information, read zlib.net's Compression documentation.

This option defaults to 6.

Auto Expunge Trash

This allows the system to delete messages in the Trash folder after a certain number of days. The number of days is the value that you define in the Trash Expire Time option.

This option defaults to disabled.

This option only deletes messages in the Trash folder after you enable it. For example, if you enable this option on April 1st, the system won't delete any messages older than April 1st.


Trash Expire Time

The total number of days that the mail server will store messages in the Trash folder. The system will delete any messages that exceed this value.

This option defaults to 30 days. 

This option requires that you enable the Auto Expunge Trash option.


MDBOX rotation size (MB)

The maximum size of an MDBOX mailbox file, in Megabytes, before the system rotates it. Enter a value that contains an integer value and the M character (for example, 100M).

This option defaults to 10M.

The value that you input cannot exceed four characters. This includes the required M character (for example, 100M).


MDBOX rotation interval (Weeks or Days)

The total time, in weeks or days, that an MDBOX mailbox file may exist before the system rotates it. Enter a value that consists of a positive integer and the letter w for weeks or the letter d for days. For example, 2w represents a two week rotation interval.

This option defaults to 0.

  • A 0 value disables the time-based rotation of the MDBOX mailbox files.
  • The value that you input cannot exceed nine characters. This includes the required w (weeks) or d (days) character.


Disk Quota Delivery Failure Response

How Dovecot handles delivery when a mailbox or cPanel system account reaches its quota.

  • Reject the message permanently. — This rejects the message and returns it to the sender.
  • Defer delivery temporarily. — This setting allows the user to free disk space or increase disk quota before the system attempts to deliver the message again.

This option defaults to Reject the message permanently.

Minimum Available LMTP Processes

This determines the minimum number of processes for the system to reserve in order to accept client connections.

This option defaults to 0.

The 0 value configures the LMTP server to only start when the system needs it and needs to conserve memory.


LMTP Process Limit

The maximum number of LMTP server processes allowed by the system.

This option defaults to 500.

This limits the maximum number of concurrent LMTP deliveries per user.

This option defaults to 4.

A value of 0 disables the per-user limit.


Add Dovecot options

You can add custom options in this interface to configure the Dovecot mail server. To do this, select the following tab that corresponds to the Dovecot template that you want to modify:


To modify the template for the /etc/dovecot/dovecot.conf file, perform the following steps:

  1. Copy the /var/cpanel/templates/dovecot2.3/main.default file to the /var/cpanel/templates/dovecot2.3/main.local file.

  2. Open the /var/cpanel/templates/dovecot2.3/main.local file with a text editor and edit the files to reflect your desired settings, for example:

    login_trusted_networks: 192.168.1.0/24



  3. Save your changes to the file.
  4. Rebuild the Dovecot mail server to apply the new configuration settings. To do this, run the following script:

    /usr/local/cpanel/scripts/builddovecotconf 


  5. Restart the Dovecot mail server. To do this, run the /scripts/restartsrv_dovecot command.


To modify the template for the /etc/dovecot/sni.conf file, perform the following steps:

  1. Copy the /var/cpanel/templates/dovecotSNI/main.default file to the /var/cpanel/templates/dovecotSNI/main.local file.

  2. Open the /var/cpanel/templates/dovecotSNI/main.local file with a text editor and e dit the files to reflect your desired settings. For example:

    [% FOREACH domain IN mail_sni_domains.sort -%] local_name [% domain %] { ssl_cert = <[% mail_sni_domains.$domain.crt %] ssl_key = <[% mail_sni_domains.$domain.key %] [%- IF mail_sni_domains.$domain.cabundle %] ssl_ca = <[% mail_sni_domains.$domain.cabundle %] [%- END %]
    } local_name mail.[% domain %] { ssl_cert = <[% mail_sni_domains.$domain.crt %] ssl_key = <[% mail_sni_domains.$domain.key %] [%- IF mail_sni_domains.$domain.cabundle %] ssl_ca = <[% mail_sni_domains.$domain.cabundle %] [%- END %]
    } 



  3. Save your changes to the file.
  4. Rebuild the Dovecot mail server to apply the new configuration settings. To do this, run the following script:

    /usr/local/cpanel/scripts/builddovecotconf 


  5. Restart the Dovecot mail server. To do this, run the /scripts/restartsrv_dovecot command.


Additional documentation