This guide provides a full Ansible playbook to install Dovecot with distro-aware package handling and service management for Debian 10+, Ubuntu LTS, and RHEL 9+ compatible systems. This playbook is designed for Dovecot v2.4.x with updated configuration requirements.
- name: Install and configure Dovecot
hosts: dovecot
become: true
vars:
app_config_dir: /etc/dovecot
dovecot_packages:
- dovecot-core
- dovecot-imapd
- dovecot-pop3d
- dovecot-lmtpd
- dovecot-sqlite # or appropriate SQL driver package
ssl_cert_path: "/etc/ssl/certs/dovecot.pem"
ssl_key_path: "/etc/ssl/private/dovecot.pem"
tasks:
- name: Install packages on Debian/Ubuntu
apt:
name: "{{ dovecot_packages }}"
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install packages on RHEL family
dnf:
name: "{{ dovecot_packages }}"
state: present
when: ansible_os_family == "RedHat"
- name: Create configuration directory
file:
path: "{{ app_config_dir }}"
state: directory
mode: "0755"
- name: Backup existing configuration
copy:
src: "{{ app_config_dir }}/"
dest: "{{ app_config_dir }}.backup.{{ ansible_date_time.iso8601_basic_short }}"
remote_src: true
when:
- dovecot_backup_existing is defined
- dovecot_backup_existing
- name: Configure main settings for Dovecot 2.4
template:
src: 10-main.conf.j2
dest: "{{ app_config_dir }}/conf.d/10-main.conf"
owner: root
group: root
mode: "0644"
notify: restart dovecot
- name: Configure authentication for Dovecot 2.4
template:
src: 10-auth.conf.j2
dest: "{{ app_config_dir }}/conf.d/10-auth.conf"
owner: root
group: root
mode: "0644"
notify: restart dovecot
- name: Configure mail settings for Dovecot 2.4
template:
src: 10-mail.conf.j2
dest: "{{ app_config_dir }}/conf.d/10-mail.conf"
owner: root
group: root
mode: "0644"
notify: restart dovecot
- name: Configure SSL for Dovecot 2.4
template:
src: 10-ssl.conf.j2
dest: "{{ app_config_dir }}/conf.d/10-ssl.conf"
owner: root
group: root
mode: "0644"
notify: restart dovecot
- name: Copy SSL certificates
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- { src: "files/dovecot.pem", dest: "{{ ssl_cert_path }}", mode: "0644" }
- { src: "files/dovecot-key.pem", dest: "{{ ssl_key_path }}", mode: "0600" }
notify: restart dovecot
- name: Enable and start service
service:
name: dovecot
state: started
enabled: true
- name: Verify binary is available
command: "dovecot --version"
register: app_version
changed_when: false
failed_when: false
- name: Show detected version output
debug:
var: app_version.stdout
- name: Test configuration syntax
command: "doveconf -n"
register: dovecot_config_test
changed_when: false
failed_when: "'error' in dovecot_config_test.stderr"
Create a handlers file at handlers/main.yml:
- name: restart dovecot
service:
name: dovecot
state: restarted
Create the following templates in templates/ directory:
templates/10-main.conf.j2:
# Protocols to enable
protocols = imap pop3 lmtp submission
# SSL configuration
ssl = required
ssl_cert = <{{ ssl_cert_path }}
ssl_key = <{{ ssl_key_path }}
# Mail location
mail_location = maildir:~/Maildir
# Logging
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
debug_log_path = /var/log/dovecot-debug.log
templates/10-auth.conf.j2:
# Authentication mechanisms
auth_mechanisms = plain login
# Disable plaintext auth on unencrypted connections
disable_plaintext_auth = yes
# Auth default restrictions
auth_default_restrictions = $default_internal_groups
templates/10-mail.conf.j2:
# Mail location
mail_location = maildir:~/Maildir:LAYOUT=fs
# UID/GID settings
first_valid_uid = 1000
last_valid_uid = 1000
first_valid_gid = 1000
last_valid_gid = 1000
# Mail processes
mail_privileged_group = mail
templates/10-ssl.conf.j2:
# SSL protocols
ssl_min_protocol = TLSv1.2
# SSL cipher preferences
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
# SSL options
ssl_prefer_server_ciphers = yes
For a more modular approach, consider organizing as an Ansible role:
roles/
└── dovecot/
├── tasks/
│ └── main.yml
├── handlers/
│ └── main.yml
├── templates/
│ ├── 10-main.conf.j2
│ ├── 10-auth.conf.j2
│ ├── 10-mail.conf.j2
│ └── 10-ssl.conf.j2
├── files/
│ ├── dovecot.pem
│ └── dovecot-key.pem
└── vars/
└── main.yml
When deploying Dovecot 2.4.x, be aware of the following changes:
Always test your Ansible playbooks in a staging environment before deploying to production, especially when upgrading from Dovecot 2.3.x.
Any questions?
Feel free to contact us. Find all contact information on our contact page.