doveadm, dovecot-auth

最後更新: 2020-04-05


  • daemon 相關
  • Status 相關
  • doveadm user
  • kick user 相關
  • dovecot-auth
  • doveadm pw
  • doveadm-dump
  • doveadm-index
  • doveadm-purge
  • doveadm force-resync
  • doveadm-move
  • doveadm-search
  • doveadm log
  • doveadm sync
  • doveadm fetch
  • doveadm flags
  • doveadm mailbox


Daemon 相關


doveadm reload

Force dovecot(1) to reload the configuration.

doveadm stop

Stop dovecot(1) and all its child processes.


Status 相關


Dovecot v2.1+ supports gathering statistics (CPU, disk usage, etc.) from mail processes (IMAP, POP3, LMTP, etc.) to the stats process.

ps aux | grep [s]tats

dovecot  29172  0.0  0.5  58756 46200 ?        S    Aug23  13:45 dovecot/stats

Basic Configuration

mail_plugins = $mail_plugins stats

protocol imap {
  # With imap_stats plugin you can get per-command level statistics for IMAP commands
  mail_plugins = $mail_plugins imap_stats

plugin {
  # how often to session statistics (must be set)
  stats_refresh = 30 secs
  # track per-IMAP command statistics (optional)
  stats_track_cmds = yes

service stats {
  fifo_listener stats-mail {
    user = vmail
    mode = 0600

# Once the memory limit is reached, oldest statistics are freed from memory.
stats_memory_limit = 16 M


-s socketpath                   # Sets stats socket path

# used to output statistics

doveadm stats dump <level> [filter]


  • session    Per IMAP/POP3 connection
  • user    Per user (all of user’s sessions summed up)
  • domain    Per domain (all of domain’s users summed up)
  • ip    Per IP address (all sessions from the IP summed up)
  • global    Everything summed up (2.2.16+)


  • user=<wildcard>           # Match given user.
  • domain=<wildcard>    # Match given DNS domain name
  • session=<str>
  • ip=<ip>"["/<mask>"]"  # Match local or remote IP
  • since=<timestamp>      # Match session start time


doveadm stats dump user

user    reset_timestamp last_update     num_logins      num_cmds        auth_successes  auth_master_successes   auth_failures   auth_db_tempfails  auth_cache_hits auth_cache_misses       user_cpu        sys_cpu clock_time      min_faults      maj_faults      vol_cs  invol_cs  disk_input       disk_output     read_count      read_bytes      write_count     write_bytes     mail_lookup_path        mail_lookup_attr  mail_read_count  mail_read_bytes mail_cache_hits  1566531004      1570613890.233211       209     195     0       0       0       0       0       0       3.809473  1.865273 271301147395.171981     413408  1       3442    614     417792  17346560        19602   25382865        5775    13657345        5751       55      640415  1629

# used to reset statistics

doveadm stats reset

Info: Stats reset

# used to monitor statistics

doveadm stats top [<sort field>]


# The doveadm instance commands are used to manage the list of Dovecot instances running on the server.

# In most installations there is only one Dovecot instance

# Instances are added to the list automatically when Dovecot is started.

doveadm instance list

path                          name    last used           running
/var/run/dovecot              dovecot 2019-10-09 13:02:52 yes


doveadm user


# Perform a user lookup in Dovecot's userdbs

doveadm user [-a <userdb socket path>] [-x <auth info>] [-f field] <user mask> [...]


# show all user

doveadm user *@*


kick & who user


doveadm who            # Show who is logged in to the Dovecot server.

username      # proto (pids)                          (ips)
x@mydomain    5 imap  (21363 21365 21364 21330 21439) (x.x.x.x)
y@mydomain    4 imap  (21443 21496 21495 21517)       (x.x.x.x)

doveadm kick [user | ip[/mask]]

-f     Enforce the disconnect

 * who 是 list 唔到 webmail user, 因為 webmail 個 connection 一閃即逝.

# Webmail 每次 refresh 的 log

Jul 31 11:25:17 vm dovecot: imap-login: Login: user=<U@D>, method=PLAIN, rip=::1, lip=::1, mpid=20505, secured
Jul 31 11:25:17 vm dovecot: imap(U@D): Disconnected: Logged out bytes=344/2030


doveadm auth


# Test authentication for a user

    doveadm [-a auth_socket_path] user [password]

# Version: 2.2

doveadm auth test aaa@aaa your_pw


Dovecot supports caching the results of password and user database lookups.


Jan 13 12:27:27 server dovecot: auth: cache(x@x,y.y.y.y): Password mismatch

Flush Cache & Status

If a database lookup fails because of some internal error,

but data still exists in the cache (even if expired), the cached data is used.

The authentication cache can be flushed by sending a SIGHUP to dovecot-auth. (doveadm auth cache flush)

Sending SIGUSR2 to dovecot-auth makes it log the number of cache hits and misses.

# Setting

auth_cache_ttl: Time to live in seconds for cache entries.
                        ( removed from the cache only when the cache is full and a new entry is to be added)

auth_cache_size: Authentication cache size, 0 disables caching (default)

auth_cache_negative_ttl: a passdb or userdb lookup didn't return any data
                                        ( i.e. the user doesn't exist)

# MySetting

auth_verbose = yes
# auth_cache setting
auth_cache_negative_ttl = 900
auth_cache_size = 1M
auth_cache_negative_ttl = 1 hour

# Cache keys

For SQL and LDAP lookups Dovecot figures this out automatically by using all the used %variables as the cache key.

For example if your SQL query contains %s, %u and %r the cache entry is used only if all of them (service name, username and remote IP) match for the new lookup.

The following databases require specifying the cache key:

passdb {
  driver = pam
  args = cache_key=%s%u *


doveadm pw


# password hash generator

-l                      # List all supported password schemes

-s scheme         # CRYPT MD5 MD5-CRYPT DIGEST-MD5 PLAIN-MD5

-p <pw>           # will no prompt interactively


doveadm pw -l


# Generate a password hash

doveadm pw -s MD5-CRYPT

doveadm pw -s 'sha512' -p '123456'

Tested it with





Dump the content of Dovecot 's binary mailbox index/log.

doveadm dump dovecot.index.log

Detected file type: log
version = 1.2
hdr size = 40
index id = 1407148799

doveadm dump dovecot.mailbox.log

#96: subscribe 86c7d94c87680557f26fcb26843f739f (2014-08-04 18:39:59)
#120: rename 03978f1c46897051ba9785af8fbbef84 (1970-01-01 08:00:00)




# Add unindexed messages in a mailbox into index/cache file.

doveadm [-Dv] index [-S socket_path] mailbox

-u user/mask       # e.g. -u *


doveadm index -u test1@???@??? /var/vmail/vmail/???@???/test1




Remove messages with refcount=0 from mdbox files.


doveadm force-resync


             doveadm-force-resync(1), Repair broken  mailboxes,  in  case  Dovecot doesn't automatically do that.




Move  messages  matching the given search query into another mailbox.

move u <user> <destination> user <source user> <search query>

* the move/copy action with  the environment of the logged in system user.




# Show a list of mailbox GUIDs and message UIDs matching given search query


search -u <user> <search query>


* case-insensitive
* AND: doveadm search NEW LARGER 50k
* OR: doveadm search SAVEDON 2007-04-13 \( SEEN OR FLAGGED \)

search query:

  • ALL                             # Matches all messages.
  • SMALLER size
  • LARGER size
  • MAILBOX name (inbox, foldername )
  • HEADER field pattern
  • SUBJECT pattern
  • FROM patter
  • TO pattern
  • TEXT pattern
  • NEW
  • SEEN
  • NOT search key
  • ON "date"                      # specification YYYY-MM-DD
  • SINCE "date"
  • SAVEDSINCE "date "
  • interval (since 1w)(since 7d)


# To list all deleted messages in the "Trash" folder use:

doveadm search mailbox Trash DELETED

# 在 inbox 內某天的 mail

doveadm search -u test@??? MAILBOX inbox ON 2014-08-14

ea596834e7f0ec53a2190000654d370e 6185
ea596834e7f0ec53a2190000654d370e 6186
ea596834e7f0ec53a2190000654d370e 6187

# 某人看過的信

doveadm search -u test@??? SEEN

c5b9cc393a84ec538c4800009cc1905c 10
c5b9cc393a84ec538c4800009cc1905c 11
c5b9cc393a84ec538c4800009cc1905c 12
c5b9cc393a84ec538c4800009cc1905c 13


doveadm log


doveadm log [find|test|reopen]


Debug: /var/log/dovecot.log
Info: /var/log/dovecot.log
Warning: /var/log/dovecot.log
Error: /var/log/dovecot.log
Fatal: /var/log/dovecot.log


Aug 14 15:30:50 doveadm: Debug: This is Dovecot's debug log (1408001450)
Aug 14 15:30:50 doveadm: Info: This is Dovecot's info log (1408001450)
Aug 14 15:30:50 doveadm: Warning: This is Dovecot's warning log (1408001450)
Aug 14 15:30:50 doveadm: Error: This is Dovecot's error log (1408001450)
Aug 14 15:30:50 doveadm: Fatal: This is Dovecot's fatal log (1408001450)


after manually rotating the log files


doveadm sync

doveadm sync

force-resync [-u <user>|-A] [-S <socket_path>] <mailbox mask>


doveadm fetch


doveadm [-Dv] [-f formatter] fetch [-S socket_path] fields search_query


  • body
  • mailbox (Name of the mailbox)
  • text (header and body)
  • date.received
  • date.sent
  • date.saved
  • flags
  • hdr                            # The header of the message.
  • imap.body
  • imap.bodystructure
  • imap.envelope
doveadm search -u bob mailbox INBOX subject todo |
while read guid uid; do
  doveadm fetch -u bob body mailbox-guid $guid uid $uid > msg.$uid

doveadm fetch -u test@s??? hdr mailbox-guid ea596834e7f0ec53a2190000654d370e uid 6187 > msg

HEADER field pattern


field: Received
pattern: 453DE43B64

doveadm search -u test@s??? HEADER Received 453DE43B64

ea596834e7f0ec53a2190000654d370e 6186


doveadm flags


doveadm flags <add|remove|replace> <flag> <id>

flags add

flags remove

flags replace          # replace ALL current flags with the given flags




        # List and manipulate the message flags of the message with uid 81563

        doveadm fetch -u test@??? 'uid flags' mailbox-guid ea596834e7f0ec53a2190000654d370e uid 6186

        uid: 6186
        flags: \Seen NonJunk

        doveadm flags remove -u test@??? '\Deleted' mailbox-guid ea596834e7f0ec53a2190000654d370e uid 6186


man doveadm-flags


doveadm mailbox



mailbox      create|delete|list|mutf7|rename|status|subscribe|unsubscribe

list mailbox

# overview of existing mailboxes use this command.


doveadm mailbox list -u ???@???

doveadm mailbox list -u test@????

轉換 string 名 - mutf7

# See RFC 3501, section 5.1.3 (Mailbox International Naming Convention).

doveadm mailbox mutf7 [-7|-8] name1 name2 ...


doveadm mailbox mutf7 -7 '.&W8RO9lCZTv0-'


-7           # Indicates that the name's string representation is mUTF-7 encoded and it should be converted to UTF-8.

-8           # Indicates that the name's is UTF-8 encoded and should be converted to mUTF-7 (default).

nameN    # One or more mailbox names that should be converted.

# subscribe | unsubscribe

mailbox unsubscribe

mailbox subscribe

# status


doveadm [-f formatter] mailbox status -u user@domain [-t] fields mailbox

-f formatter   # flow

-8                 Lists the mailboxes with UTF-8 encoding.

-t                  summarize the values of the status fields

                     (messages, recent, unseen and/or vsize of multiple mailboxes to a sum (total).)

fields:            all | messages | recent ...


doveadm mailbox status -u user@domain -t all inbox     # 有細階沒影響

messages=201 recent=0 unseen=191 vsize=7750571

doveadm mailbox status -u user@domain -t all "*"        # 必須用 "*"

messages=201 recent=0 unseen=190 vsize=7750571

# rename

mailbox rename old_name new_name

# delete

mailbox delete -u <user> <mailbox>

i.e. 刪除 "MyTest_Local"

doveadm mailbox delete -u ???@???  "MyTest_Local"