Dovecot (software)

Dovecot is an open-source IMAP and POP3 server for Unix-like operating systems, written primarily with security in mind. Timo Sirainen originated Dovecot and first released it in July 2002. Dovecot developers primarily aim to produce a lightweight, fast and easy-to-set-up open-source email server.

The primary purpose of Dovecot is to act as a mail storage server. The mail is delivered to the server using some mail delivery agent (MDA) and is stored for later access with an email client (mail user agent, or MUA). Dovecot can also act as mail proxy server, forwarding connection to another mail server, or act as a lightweight MUA in order to retrieve and manipulate mail on remote server for e.g. mail migration.

According to the Open Email Survey, as of 2020, Dovecot has an installed base of at least 2.9million IMAP servers, and has a global market share of 76.9% of all IMAP servers. The results of the same survey in 2019 gave figures of 2.6million and 76.2%, respectively.

Features
Dovecot can work with standard mbox, Maildir, and its own native high-performance dbox formats. It is fully compatible with UW IMAP and Courier IMAP servers' implementation of them, as well as mail clients accessing the mailboxes directly.

Dovecot also includes a mail delivery agent (called Local delivery agent in Dovecot's documentation) and an LMTP server, with the optional Sieve filtering support.

Dovecot supports a variety of authentication schemas for IMAP, POP and message submission agent (MSA) access, including CRAM-MD5 and the more secure DIGEST-MD5.

With version 2.2, some new features have been added to Dovecot, e.g. additional IMAP command extensions, dsync has been rewritten or optimized, and shared mailboxes now support per-user flags.

Version 2.3 adds a message submission agent, Lua scripting for authentication, and some other improvements.

Apple Inc. includes Dovecot for email services since Mac OS X Server 10.6 Snow Leopard.

In 2017, Mozilla, via the Mozilla Open Source Support program, conducted a security audit on the Dovecot software, the first public audit of the Dovecot code. The team that performed the audit was extremely impressed with the quality of the dovecot code, writing that "despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations.".