Mailserver Configuration

Valid for versions 86 through the latest version

Version:

82

86


Last modified: October 13, 2020

Overview

This interface allows you to configure the POP3 and IMAP protocols that the Dovecot® mail servers use. You can access these settings when you run the Dovecot mail server.

Important:

Email authentication requires a valid cPanel & WHM license. If your license expires, mail delivery will continue to function. However, your mail client will not authenticate with the cPanel & WHM server. You must renew your cPanel & WHM license to reenable this service.

Mailserver Configuration settings

Select the desired value for each setting. To save your changes, click Save Changes. To use a default configuration, click Use Default Values. To undo any changes, click Reset Form.

Protocols Enabled

This allows you to select your desired protocols. To enable or disable a protocol, select the corresponding checkbox.

Note:
  • You cannot disable Local Mail Transport Protocol (LMTP).

  • If you do not select a setting, the system will operate in authentication-only mode.

  • cPanel’s Webmail feature requires that you enable the Internet Message Access Protocol (IMAP) protocol.

This setting defaults to IMAP, LMTP, and POP3.

IPv6 Enabled

This allows you to enable Dovecot to listen for any IPv6 connection requests.

This setting defaults to enabled.

Allow Plaintext Authentication (from remote clients)_

This allows a remote email client to authenticate without encryption.

  • Yes — Do not enforce encryption.

  • No — Enforce encryption for connections that do not come from the local server.

    Note:

    Use this setting to enforce encryption for remote webmail logins. We recommend using this setting instead of disabling IMAP.

This setting defaults to yes.

SSL Cipher List

A standard-format list of SSL ciphers. Dovecot uses this to connect to your server with the POP3 protocol. For more information, read OpenSSL’s ciphers documentation.

This setting defaults to a PCI-compliant SSL cipher.

SSL Minimum Protocol

The list of SSL protocols that the mail server uses:

  • SSLv3

  • TLSv1

  • TLSv1.1

  • TLSv1.2

Important:

cPanel & WHM supports Transport Layer Security (TLS) protocol version 1.2 and Transport Layer Security (TLS) protocol version 1.3:

  • cPanel & WHM only supports TLSv1.2 or newer. The system enables TLSv1.2 by default.
  • Not all clients will support TLSv1.3, which requires OpenSSL 1.1.1 or higher.

This setting defaults to TLSv1.2.

Maximum Number of Mail Processes

The maximum number of mail processes that may run at one time.

This setting defaults to 512.

Process Memory Limit for Mail (MB)

The maximum memory use of the IMAP and POP3 processes, in megabytes.

Note:

A high limit will not affect your server’s performance. That is because the IMAP and POP3 processes mostly read memory-mapped files.

This setting defaults to 512.

Idle Hibernate Timeout (Seconds)

The number of seconds to delay before moving users to the IMAP hibernate process. This setting will help save system memory.

Note:

A value of 0 disables this setting.

This setting defaults to 30.

Maximum IMAP Connections Per IP Address

The number of simultaneous IMAP connections that a single IP address can make at one time.

Note:

The system only applies this setting if you enabled an IMAP protocol.

This setting defaults to 20.

Interval between IMAP IDLE “OK Still here” messages

The number of minutes between IMAP IDLE “OK Still here” messages.

Note:

You can increase this value to help increase the battery life of some mobile clients.

This setting defaults to 24.

Maximum POP3 Connections per IP Address

The number of simultaneous POP3 connections that a single IP address can make at one time.

Note:

The system only applies this setting if you enabled the POP3 protocol.

This setting defaults to 3.

Number of Spare Authentication Processes

The total number of spare authentication processes the system runs. Dovecot uses the processes to listen for new connections.

This setting defaults to 2.

Maximum Number of Authentication Processes

The maximum number of authentication daemons the system allows to run at one time. Consider the needs of your mail server before you enter a value that is not the default value.

Note:
  • If you set this to a high value, it may degrade your server’s performance. A high number of these daemons can consume large amounts of system resources.

  • If you set this to a low value, it may degrade your server’s performance. This is because there are a lack of daemons to authenticate each session.

This setting defaults to 50.

Process Memory Limit for Authentication (MB)

The total amount of memory that the IMAP and POP3 authentication processes can use, in megabytes.

This setting defaults to 128.

Size of Authentication Cache (MB)

The total amount of memory that the cache file can use, in megabytes. This file caches validated logins. This allows the mail server to retrieve mail multiple times before it must check login credentials again.

Note:

This value cannot exceed four characters. This includes the required M character (for example, 100M).

This setting defaults to 1M.

Time to Cache Successful Logins

The amount of time, in seconds, that the cache file stores successful login records.

Note:

When you reduce this value, it can increase the load of the authentication server. However, a lower value can help to prevent issues when updating passwords.

This setting defaults to 3600.

Time to Cache Failed Logins

The amount of time, in seconds, that the cache file stores a failed login attempt’s record.

Note:

When you reduce this value, it can increase the load of the authentication server. However, a lower value can help to prevent issues when updating passwords.

This setting defaults to 3600.

Use New Authentication Process for Each Connection

Whether to use a new login processes for each new POP3 or IMAP connection. Enable this to improve Dovecot’s authentication security.

Important:

Use caution if you select the Yes setting. This can significantly reduce the performance of a heavily-loaded server.

This setting defaults to No.

Process Memory Limit: config (MB)

The maximum memory Dovecot’s internal config service uses, in megabytes. Each SSL/TLS certificate that Dovecot tracks require additional memory. Increase this value for servers with many domains. This will help to ensure that Dovecot runs correctly.

Note:
  • We recommend that you set this value to at least 512.
  • This value cannot be lower than 128.

This setting defaults to 2048.

Idle Check Interval

The amount of time, in seconds, between updates to idle IMAP connections.

Note:
  • We recommend that you use the default setting (30 seconds).

  • Lowering this value causes idle clients to see new messages faster. However, a lower value may also slightly increase your server load.

This setting defaults to 30.

Include Trash in Quota

Whether the system counts mail in the Trash folder against a user’s quota.

Note:

When you adjust this setting, the system does not update existing quotas. You must run the following command as the root user to recalculate existing quotas:

/usr/local/cpanel/scripts/generate_maildirsize --allaccounts --confirm

This setting defaults to disabled.

Compress Messages

This allows the system to compress recently created and delivered messages. This can help you to manage your server’s disk space. You can access the compressed messages via Dovecot’s mdbox format.

Note:

The system will only compress messages after you enable this setting. It does not compress existing messages.

This setting defaults to disabled.

Compression Level

The compression level at which to save messages. The system uses this setting when you enable the Compress Messages setting. Enter an integer between 0 and 9, where 0 is the default compression level and 9 is the highest compression level. For more information, read zlib.net’s Compression documentation.

This setting defaults to 6.

Auto Expunge Trash

This allows the system to delete messages in the Trash folder after a certain number of days. The number of days is the value that you define in the Trash Expire Time setting.

Note:

This setting only deletes messages in the Trash folder after you enable it. For example, if you enable this setting on April 1st, the system won’t delete any messages older than April 1st.

This setting defaults to disabled.

Trash Expire Time

The total number of days that the mail server stores messages in the Trash folder. The system will delete any messages that exceed this value.

Note:

This setting requires that you enable the Auto Expunge Trash setting.

This setting defaults to 30.

MDBOX rotation size (MB)

The maximum size of an mdbox mailbox file, in megabytes, before the system rotates it.

Note:

The value that you enter cannot exceed four characters. This includes the required M character (for example, 100M).

This setting defaults to 10M.

MDBOX rotation interval (Weeks or Days)

The total time, in weeks or days, that an mdbox mailbox file may exist before the system rotates it. Enter a value that consists of a positive integer and the letter w for weeks or the letter d for days. For example, 2w represents a two week rotation interval.

Note:
  • A 0 value disables the time-based rotation of the mdbox mailbox files.

  • The value that you enter cannot exceed nine characters. This includes the required w (weeks) or d (days) character.

This setting defaults to 0.

Disk Quota Delivery Failure Response

How Dovecot responds when there is a system or mailbox disk quota preventing message delivery:

  • Reject the message permanently. — Reject the message and return it to the sender.

  • Defer delivery temporarily. — This setting allows a user to reduce their disk use to receive a message. For example, they can free disk space or increase disk quota before the system attempts to deliver the message again.

This setting defaults to Reject the message permanently.

Minimum Available LMTP Processes

The minimum number of processes that the system attempts to reserve in order to accept more client connections. A 0 value only starts the LMTP server as needed. A 0 value for this setting also helps the system conserve memory.

This setting defaults to 0.

LMTP Process Limit

The total number of LMTP server processes the system allows.

This setting defaults to 500.

LMTP User Concurrency Limit

This limits the total number of concurrent LMTP deliveries per user.

Note:

A value of 0 disables the per-user limit.

This setting defaults to 4.

Add Dovecot settings

You can add custom settings to configure the Dovecot mail server.

The dovecot.conf file

The system uses the /etc/dovecot/dovecot.conf file to initialize the Dovecot service with the settings you define. It also applies any of your custom settings globally. You can configure these custom settings in WHM’s Mailsever Configuration interface (WHM >> Home >> Service Configuration >> Mailsever Configuration). By default, this file uses the template in the /var/cpanel/templates/dovecot2.3/main.default file.

Important:

Using this custom template applies any changes to all of your server’s accounts.

To create a custom template for this file, perform the following steps:

  1. Copy the /var/cpanel/templates/dovecot2.3/main.default file to the /var/cpanel/templates/dovecot2.3/main.local file. This ensures that the system will not overwrite your changes when Dovecot updates during the cPanel & WHM update (upcp) process.

  2. Open the /var/cpanel/templates/dovecot2.3/main.local file with a text editor. Edit the file to reflect your desired settings. For example:

    login_trusted_networks: 192.168.1.0/24

  3. Save your changes to the file.

  4. Rebuild the Dovecot mail server with the /usr/local/cpanel/scripts/builddovecotconf script. This applies the new configuration settings from the /var/cpanel/templates/dovecot2.3/main.local file.

  5. Restart the Dovecot mail server with the /usr/local/cpanel/scripts/restartsrv_dovecot script.

Note:

The maildir_very_dirty_syncs setting may prevent users from viewing new mail notifications in subscribed folders. This setting defaults to yes. To change this setting to no, follow the instructions above to create a custom template.

The sni.conf file

The system uses the /etc/dovecot/sni.conf file to define the SSL-capable domains that Dovecot service uses. This file only applies these changes to the defined domains. It does not make any global changes.

To create a custom template for this file, perform the following steps:

  1. Copy the /var/cpanel/templates/dovecotSNI/main.default to the /var/cpanel/templates/dovecotSNI/main.local file. This ensures that the system will not overwrite your changes when cPanel & WHM updates.

  2. Open the /var/cpanel/templates/dovecotSNI/main.local file with a text editor. Add the following text to the end of the file:

    1
    2
    3
    4
    
    local_name "" {
      ssl_cert = <
      ssl_key = <
    }

  3. In the local_name field, enter the new domain’s name. For example:

    local_name "example.com" {

  4. In the ssl_cert field, enter the full path of the new domain’s SSL certificate file. For example:

    ssl_cert = </path/to/ssl_crt_file/example.com.crt

  5. In the ssl_key field, add the full path of the new domain’s SSL certificate’s private key file. For example:

    ssl_key = </path/to/ssl_privatekey_file/example.com.key

  6. Save your changes to the file.

  7. Rebuild the Dovecot mail server with the /usr/local/cpanel/scripts/builddovecotconf script. This applies the new configuration settings from the /var/cpanel/templates/dovecotSNI/main.local file.

  8. Restart the Dovecot mail server with the /usr/local/cpanel/scripts/restartsrv_dovecot script.

Additional Documentation