・dovecot.conf の設定

[root@alma]# vi /etc/dovecot/dovecot.conf

≪ 途中省略 ≫

# Protocols we want to be serving.
#protocols = imap pop3 lmtp submission
↓※コメント解除して書き換え（postfixでsubmission設定を行っているのでダブルで設定すると起動エラーになる）
protocols = imap pop3 lmtp

# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
↓※コメント解除して書き換え（IPv4 で待ち受け）
listen = *

≪ 以下省略 ≫

・10-mail.conf の設定

[root@alma]# vi /etc/dovecot/conf.d/10-mail.conf

≪ 途中省略 ≫

# See doc/wiki/Variables.txt for full list. Some examples:
#
# mail_location = maildir:~/Maildir
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
#
#
#
#mail_location =
↓※コメント解除して追記（メールボックスの指定）
mail_location = maildir:~/Maildir

≪ 以下省略 ≫

・10-auth.conf の設定

[root@alma]# vi /etc/dovecot/conf.d/10-auth.conf

##
## Authentication processes
##

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
#disable_plaintext_auth = yes
↓※コメント解除して書き換え（プレーンテキスト認証も許可する）
disable_plaintext_auth = no

≪ 途中省略 ≫

# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain
↓※追記（login を追加）
auth_mechanisms = plain login

≪ 以下省略 ≫

・10-ssl.confの設定 の設定

[root@alma]# vi /etc/dovecot/conf.d/10-ssl.conf

##
## SSL settings
##

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
# plain imap and pop3 are still allowed for local connections
ssl = required
↓※書き換え（SSL 認証は必須ではない）
ssl = yes

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
↓※書き換え（証明書のパス）
ssl_cert = </etc/letsencrypt/live/mail.papa-net.com/fullchain.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
↓※書き換え（秘密鍵のパス）
ssl_key = </etc/letsencrypt/live/mail.papa-net.com/privkey.pem

≪ 途中省略 ≫

# SSL DH parameters
# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
# Or migrate from old ssl-parameters.dat file with the command dovecot
# gives on startup when ssl_dh is unset.
#ssl_dh = </etc/dovecot/dh.pem
↓※コメント解除（SSL 用データのパス）
ssl_dh = </etc/dovecot/dh.pem

# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
# TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3, depending on the OpenSSL version used.
#
# Dovecot also recognizes values ANY and LATEST. ANY matches with any protocol
# version, and LATEST matches with the latest version supported by library.
#ssl_min_protocol = TLSv1.2
↓※コメント解除（Dovecot バージョン 2.3 以降）
ssl_min_protocol = TLSv1.2

≪ 以下省略 ≫

・dh.pem（SSL 用データ）の作成

[root@alma]# openssl dhparam -out /etc/dovecot/dh.pem 4096

かなり時間がかかりますがゆっくり待ちます

・10-master.confの設定
　　
[root@alma]# vi /etc/dovecot/conf.d/10-master.conf

≪ 途中省略 ≫

service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
#unix_listener /var/spool/postfix/private/auth {
↓※コメント解除
unix_listener /var/spool/postfix/private/auth {
#mode = 0666
↓※コメント解除
mode = 0666
↓※以下追記
user = postfix
group = postfix
#}
↓※コメント解除
}

≪ 以下省略 ≫

・ログ出力先の指定

[root@alma]# vi /etc/dovecot/conf.d/10-logging.conf

##
## Log destination.
##

# Log file to use for error messages. "syslog" logs to syslog,
# /dev/stderr logs to stderr.
#log_path = syslog
↓※コメント解除して書き換え
log_path = /var/log/dovecot.log

≪ 以下省略 ≫

・dovecot の設定確認

[root@alma]# doveconf -n | head

# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# OS: Linux 5.14.0-503.35.1.el9_5.x86_64 x86_64 AlmaLinux release 9.5 (Teal Serval)
# Hostname: papa-net.com
auth_mechanisms = plain login
disable_plaintext_auth = no
first_valid_uid = 1000
listen = *
log_path = /var/log/dovecot.log
mail_location = maildir:~/Maildir
mbox_write_locks = fcntl

※dovecot のバージョン等と設定を変更した箇所と値が表示されるので確認します
※エラーメッセージ等が表示されなければ設定に問題はありません