Our documentation is getting an overhaul! We would like your input! Click here to take a look at the beta launch of our new documentation site! Only cPanel & WHM version 82 documentation exists on our beta at this time. 84 will be added to the new site soon! Leave your feedback here: https://go.cpanel.net/docsfeedback
Mailserver Configuration - Version 82 Documentation - cPanel Documentation
Page tree
For cPanel & WHM version 82.


Skip to end of metadata
Go to start of metadata

(WHM >> Home >> Service Configuration >> Mailserver Configuration)

Overview

This interface allows you to configure the POP3 and IMAP protocols that the Dovecot® mail servers use. You can access these options when you run the Dovecot mail server.

Important:

Email authentication requires a valid cPanel license. If your license expires, mail delivery will continue to function. However, your mail client will not authenticate with the cPanel server. You must renew your cPanel license to reenable this service.

Mailserver Configuration options

Select the desired settings for each option in the table below. To save your changes, click Save Changes.

  • To use a default configuration, click Use Default Values.
  • To undo any changes, click Reset Form.
Configuration optionDescription

Protocols Enabled

This allows you to select your desired protocols. To enable or disable a protocol, select the corresponding checkbox.

This option defaults to IMAP, LMTP, and POP3.

Note:

  • You cannot disable Local Mail Transport Protocol (LMTP).
  • If you do not select an option, the system will operate in authentication-only mode.
  • cPanel’s Webmail feature requires that you enable the Internet Message Access Protocol (IMAP) protocol.
IPv6 Enabled

This allows you to enable Dovecot to listen for any IPv6 connection requests.

This option defaults to enabled.

Allow Plaintext Authentication (from remote clients)

This allows a remote email client to authenticate without encryption. Select a desired option from the menu:

  • yes — Do not enforce encryption.
  • no — Enforce encryption for connections that do not come from the local server.

This option defaults to yes.

Note:

Select the no option if you want to enforce encryption for remote webmail logins. We recommend using this option instead of disabling IMAP.

SSL Cipher List
A standard-format list of SSL ciphers. Dovecot uses this to connect to your server with the POP3 protocol. For more information, read OpenSSL's ciphers documentation.
This option defaults to a PCI-compliant SSL cipher.
SSL Minimum Protocol

The list of SSL protocols that the mail server uses. You can select from the following:

  • SLLv3
  • TLSv1
  • TLSv1.1
  • TLSv1.2

Important:

cPanel, L.L.C. only supports the Transport Layer Security (TLS) version 1.2 protocol. We strongly recommend that you do not disable this protocol on your server. This is a security risk.

This option defaults to TLSv1.2.

Maximum Number of Mail Processes

The maximum number of mail processes that may run at one time.

This option defaults to 512.

Process Memory Limit for Mail (MB)

The maximum memory use of the IMAP and POP3 processes, in Megabytes.

This option defaults to 512.

Note:

If you set this option to a high limit, this should not affect your server's performance. That is because the IMAP and POP3 processes mostly read memory-mapped files.

Maximum IMAP Connections Per IP Address

The number of simultaneous IMAP connections that a single IP address can make at one time.

This option defaults to 20.

Note:

The system only applies this setting if you enabled an IMAP protocol. 

Interval between IMAP IDLE "OK Still here" messages

The number of minutes between IMAP IDLE "OK Still here" messages.

This option defaults to 24.

Note:

You can increase this value to help increase the battery life of some mobile clients.

Maximum POP3 Connections per IP Address

The number of simultaneous POP3 connections that a single IP address can make at one time.

This option defaults to 3.

Note:

The system only applies this setting if you enabled the POP3 protocol.

Number of Spare Authentication Processes

The total number of spare authentication processes run by the system. Dovecot uses these processes to listen for new connections.

This option defaults to 2.

Maximum Number of Authentication Processes

The maximum number of authentication daemons allowed to run at one time. Consider the needs of your mail server before you enter a value that is not the default value.

This option defaults to 50.

Note:

  • If you set this option to a high value, it may degrade your server's performance. A high number of these daemons can consume large amounts of system resources.
  • If you set this option to a low value, it may degrade your server's performance. This is because there are a lack of daemons to authenticate each session.
Process Memory Limit for Authentication (MB)

The total amount of memory that the IMAP and POP3 authentication processes can use, in Megabytes.

This option defaults to 128.

Size of Authentication Cache (MB)

The total amount of memory that the cache file can use, in Megabytes. This file caches validated logins. This allows the mail server to retrieve mail multiple times before it must check login credentials again.

This option defaults to 1M.

Note:

This value cannot exceed four characters. This includes the required M character (for example, 100M).

Time to Cache Successful Logins

The amount of time, in seconds, that the cache file stores successful login records.

This option defaults to 3600.

Note:

When you reduce this value, it can increase the load of the authentication server. However, a lower value can help to prevent issues when updating passwords.

Time to Cache Failed Logins

The amount of time, in seconds, that the cache file stores a failed login attempt's record.

This option defaults to 3600.

Note:

When you reduce this value, it can increase the load of the authentication server. However, a lower value can help to prevent issues when updating passwords.

Use New Authentication Process for Each Connection

Whether to use a new login processes for each new POP3 or IMAP connection. Enable this option to improve Dovecot's authentication security.

This option defaults to No.

Important:

Use caution if you select the yes option. This option can significantly reduce the performance of a heavily-loaded server.

Process Memory Limit: config (MB)

The maximum memory used by Dovecot’s internal config service, in Megabytes. Each SSL/TLS certificate that Dovecot tracks requires additional memory. You should increase this value for servers with many domains. This will help to ensure that Dovecot runs correctly.

This option defaults to 2048.

Note:

  • We recommend that you set this value to at least 512.
  • This value cannot be lower than 128.
Idle Check Interval

The amount of time, in seconds, between updates to idle IMAP connections.

This option defaults to 30.

Note:

  • We recommend that you use the default setting (30 seconds).
  • Lowering this value causes idle clients to see new messages faster. However, a lower value may also slightly increase your server load.
Include Trash in Quota

Whether the system counts mail in the Trash folder against a user's quota.

This option defaults to disabled.

Note:

When you adjust this option, the system does not update existing quotas. You must run the following command as the root user to recalculate existing quotas:

/usr/local/cpanel/scripts/generate_maildirsize --allaccounts --confirm

Compress Messages

This allows the system to compress recently created and delivered messages. This can help you to manage your server's disk space. You can access the compressed messages via Dovecot's mdbox format.

Note:

The system will only compress messages after you enable this option. It does not compress existing messages.

This option defaults to disabled.

Compression Level

The compression level at which to save messages. The system uses this option when you enable the Compress Messages setting.

Enter an integer between 0 and 9, where 0 is the default compression level and 9 is the highest compression level. For more information, read zlib.net's Compression documentation.

This option defaults to 6.

Auto Expunge Trash

This allows the system to delete messages in the Trash folder after a certain number of days. The number of days is the value that you define in the Trash Expire Time option.

This option defaults to disabled.

Note:

This option only deletes messages in the Trash folder after you enable it. For example, if you enable this option on April 1st, the system won't delete any messages older than April 1st.

Trash Expire Time

The total number of days that the mail server stores messages in the Trash folder. The system will delete any messages that exceed this value.

This option defaults to 30 days.

Note:

This option requires that you enable the Auto Expunge Trash option.

MDBOX rotation size (MB)

The maximum size of an mdbox mailbox file, in Megabytes, before the system rotates it.

This value defaults to 10M.

Note:

The value that you input cannot exceed four characters. This includes the required M character (for example, 100M).

MDBOX rotation interval (Weeks or Days)

The total time, in weeks or days, that an mdbox mailbox file may exist before the system rotates it. Enter a value that consists of a positive integer and the letter w for weeks or the letter d for days. For example, 2w represents a two week rotation interval.

This option defaults to 0.

Note:

  • A 0 value disables the time-based rotation of the mdbox mailbox files.
  • The value that you input cannot exceed nine characters. This includes the required w (weeks) or d (days) character.
Disk Quota Delivery Failure Response

How Dovecot responds when there is a system or mailbox disk quota preventing message delivery. You can select from the following options:

  • Reject the message permanently. — Reject the message and return it to the sender.
  • Defer delivery temporarily. — This option allows a user to reduce their disk use to receive a message. For example, they can free disk space or increase disk quota before the system attempts to deliver the message again.

This option defaults to Reject the message permanently.

Minimum Available LMTP Processes

The minimum number of processes that the system will attempt to reserve in order to accept more client connections. A 0 value will only start the LMTP server as needed. This will also help conserve memory.

This option defaults to 0.

LMTP Process Limit

The total number of LMTP server processes allowed by the system.

This option defaults to 500.

This limits the total number of concurrent LMTP deliveries per user.

This option defaults to 4.

Note:

A value of 0 disables the per-user limit.

Add Dovecot options

You can add custom options in this interface to configure the Dovecot mail server. Select the tab that corresponds with the template that you want to modify:

To modify the template for the /etc/dovecot/dovecot.conf file, perform the following steps:

  1. Copy the /var/cpanel/templates/dovecot2.3/main.default file to the /var/cpanel/templates/dovecot2.3/main.local file.

  2. Open the /var/cpanel/templates/dovecot2.3/main.local file with a text editor and edit the files to reflect your desired settings. For example:

    login_trusted_networks: 192.168.1.0/24

    Note:

  3. Save your changes to the file.
  4. Rebuild the Dovecot mail server to apply the new configuration settings. To do this, run the following script:

    /usr/local/cpanel/scripts/builddovecotconf 
  5. Restart the Dovecot mail server. To do this, run the following script:

    /usr/local/cpanel/scripts/restartsrv_dovecot

To modify the template for the /etc/dovecot/sni.conf file, perform the following steps:

  1. Copy the /var/cpanel/templates/dovecotSNI/main.default file to the /var/cpanel/templates/dovecotSNI/main.local file.

  2. Open the /var/cpanel/templates/dovecotSNI/main.local file with a text editor and edit the files to reflect your desired settings. For example:

    [% FOREACH domain IN mail_sni_domains.sort -%] local_name [% domain %] { ssl_cert = <[% mail_sni_domains.$domain.crt %] ssl_key = <[% mail_sni_domains.$domain.key %] [%- IF mail_sni_domains.$domain.cabundle %] ssl_ca = <[% mail_sni_domains.$domain.cabundle %] [%- END %]
    } local_name mail.[% domain %] { ssl_cert = <[% mail_sni_domains.$domain.crt %] ssl_key = <[% mail_sni_domains.$domain.key %] [%- IF mail_sni_domains.$domain.cabundle %] ssl_ca = <[% mail_sni_domains.$domain.cabundle %] [%- END %]
    } 


    Note:

  3. Save your changes to the file.
  4. Rebuild the Dovecot mail server to apply the new configuration settings. To do this, run the following script:

    /usr/local/cpanel/scripts/builddovecotconf 
  5. Restart the Dovecot mail server. To do this, run the following script:

    /usr/local/cpanel/scripts/restartsrv_dovecot

Additional documentation