Dovecot 2.4 Secure IMAP Server Released

Dovecot 2.4 secure IMAP server has been released with a new signing key, experimental ARM64 Docker support, and major config changes.
Dovecot 2.4 Secure IMAP Server Released

The Dovecot team has just announced the release of its free and open-source secure and high-performance IMAP and POP3 server, Dovecot 2.4, widely adopted by many internet service providers, hosting companies, and businesses running their mail servers.

First, the breaking changes. This latest release updates Dovecot’s signing key for version 2.4 onward. Moreover, administrators should note that 2.4 packages are incompatible with older 2.3 configuration files.

So, before proceeding, you must carefully review the official documentation for upgrading from v2.3 to v2.4.

Among the many adjustments:

  • dovecot_config_version must be the first non-comment line in your configuration file.
  • dovecot_storage_version now also needs to appear in your configuration.
  • Many configuration parameters have changed, and the plugin {} section has been removed.
  • Default settings have been modified in notable ways, so double-check your existing setup.

Apart from these major changes, Dovecot 2.4 now includes experimental ARM64 support through a new Docker image. Even though this is labeled “experimental,” it provides a convenient head start for those running services on ARM-based hardware, such as Raspberry Pi.

Continuing with the Docker changes, images for Dovecot 2.4 are now run in a rootless environment under UID 1000 as vmail using built sources. If you are not quite ready for this switch, you can still use the 2.3 Docker image by pulling the “2.3-latest” tag.

Another noteworthy change is that Pigeonhole (the Sieve filtering component) will follow Dovecot’s versioning starting with this release. There will be no separate mailing list announcements for Pigeonhole. Instead, the Pigeonhole updates will roll out in tandem with each Dovecot release.

Here’s a quick rundown of some key points to keep in mind if you decide to switch to the new version:

  • The new version now utilizes ACL settings instead of Global ACL Directories.
  • Several plugins and features, such as dict-memcached, director, and fts-lucene have been removed. For example, dict-memcached is replaced by Redis, while the director functionality is no longer provided in the core code base.
  • Weak password schemes are now disabled by default, and enabling them requires auth_allow_weak_schemes.
  • The utility now treats the -n (no comments) option as default. Additionally, the environment variable USER is only supported with --no-userdb-lookup, and you must use -u, -F, or -A otherwise.
  • Regarding plugins, zlib is now called mail_compress, and it no longer requires a plugin for IMAP compression.

Of course, Dovecot 2.4 also brings a whole bunch of new features, with the main ones being:

  • Dovecot 2.4 includes experimental SMTPUTF8 and IMAP UTF8=ACCEPT support. Enabling these features requires --enable-experimental-mail-utf8 and mail_utf8_extensions=yes.
  • Improved TLS Server Name (SNI) support means administrators can apply pre-login settings. For instance, distinct capabilities can be configured based on a user’s TLS Server Name. Additionally, TLS ALPN has been added to ensure connections with mismatched applications are refused.
  • fts-flatcurve, a new Xapian-based Full-Text Search plugin, has been introduced. This could potentially deliver more efficient searching for large mailstores.
  • New support for SCRAM-SHA-1-PLUS and SCRAM-SHA-256-PLUS is available. The system can now send JA3 hashes to a policy server, adding an added layer of security and transparency for authentication traffic.

Lastly, as already mentioned, since Pigeonhole’s release schedule and versioning now align with Dovecot’s, Pigeonhole version 2.4 is available alongside Dovecot 2.4 with the following key changes:

  • Adjusted default vacation days, now set to 60 rather than infinite.
  • A syntax refresh to match the new Dovecot configuration structure.
  • The i;unicode-casecmp comparator for internationalized case-insensitive matching.

Refer to the release announcement or look here for more information on all new features and changes. You can grab the Dovecod 2.4 source code from this link. Docker images are available via Docker Hub.

Once again, if you are upgrading from a previous version, make sure you consult the upgrade guide before installing.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Related Posts