Skip to main content


The Secure IMAP server

Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.


Wed Aug 12 16:25:42 EEST 2020

We are happy to announce that we have CentOS 8 packages available starting from v2.3.11.3. You can find these packages at

Wed Aug 12 16:14:49 EEST 2020

We have disclosed three new vulnerabilities in dovecot, please see CVE-2020-12100, CVE-2020-12673 and CVE-2020-12674.

Wed Aug 12 16:02:20 EEST 2020

Released v2.3.11.3

Mon May 18 15:03:31 EEST 2020

Multiple vulnerabilities in Dovecot


Best performing

Dovecot is among the best performing IMAP servers while still supporting the standard mbox and Maildir formats. The mailboxes are transparently indexed, which gives Dovecot its good performance while still providing full compatibility with existing mailbox handling tools.

Standards compliant

Dovecot is standards compliant. Dovecot v1.1 passes all IMAP server standard compliancy tests while most other servers fail many of them.



Dovecot's indexes are self-optimizing. They contain exactly what the user's client commonly needs, no more and no less.


Dovecot is self-healing. It tries to fix most of the problems it notices by itself, such as broken index files. The problems are however logged so the administrator can later try to figure out what caused them.


Dovecot tries to be admin-friendly. Common error messages are made as easily understandable as possible. Any crash, no matter how it happened, is considered a bug that will be fixed.


Clustered filesystems compatibilty

Dovecot allows mailboxes and their indexes to be modified by multiple computers at the same time, while still performing well. This means that Dovecot works well with clustered filesystems. NFS has caching problems, but you can work around them with director proxies.

Flexible authentification

Dovecot's user authentication is extremely flexible and feature-rich, supporting many different authentication databases and mechanisms.



Postfix and Exim

Postfix 2.3+ and Exim 4.64+ users can do SMTP authentication directly against Dovecot's authentication backend without having to configure it separately.

Easy migration

Dovecot supports easy migration from many existing IMAP and POP3 servers, allowing the change to be transparent to existing users.

Workarounds support

Dovecot supports workarounds for several bugs in IMAP and POP3 clients. Since the workarounds may cause the protocol exchange to be suboptimal, you can enable only the workarounds you need.


Dovecot's design and implementation is highly focused on security. Rather than taking the traditional road of just fixing vulnerabilities whenever someone happens to report them, I offer 1000 EUR of my own money to the first person to find a security hole from Dovecot.

Easily Extensible

Dovecot is easily extensible. Plugins can add new commands, modify existing behavior, add their own data into index files or even add support for new mailbox formats. For example quota and ACL support are completely implemented as plugins.


  • Complete IMAP4rev1 and POP3 support. IPv6, SSL and TLS are supported.
  • Supports multiple commonly used IMAP extensions, including SORT, THREAD and IDLE.
  • Shared mailboxes are fully supported in v1.2+. Older versions also support admin-configurable ACL files.
  • Maildir++ quota is supported, but hard filesystem quota can be problematic.
  • Dovecot is commonly used with Linux, Solaris, FreeBSD, OpenBSD, NetBSD and Mac OS X. See the Wiki page about OS compatibility for more.