While Dovecot, Postfix, and Sendmail all handle email operations, they serve fundamentally different purposes in the mail delivery chain:
- Postfix/Sendmail: Pure MTA (Message Transfer Agent) focused on SMTP operations - sending/receiving mail between servers
- Dovecot: Primarily an MDA (Mail Delivery Agent) and IMAP/POP3 server - manages mailbox access and storage
The Unix philosophy of "do one thing well" applies perfectly here. A typical mail flow:
Incoming mail:
Internet → Postfix (SMTP) → Dovecot (LMTP delivery) → Maildir storage
Outgoing mail:
MUA → Postfix (SMTP submission) → Internet
Mail access:
Dovecot (IMAP/POP3) ↔ Maildir storage
Performance Optimization
Postfix handles the CPU-intensive SMTP protocol processing while Dovecot specializes in efficient mailbox access:
# Postfix main.cf optimization for SMTP
smtpd_proxy_options = speed_adjust
smtpd_client_connection_count_limit = 20
Security Isolation
Running different components with separate privileges reduces attack surface:
# Example permissions for mail directory
/var/mail/vhosts:
- Owned by vmail:vmail (Dovecot runs as this user)
- Mode 770 (Postfix can write, Dovecot can read)
Protocol Specialization
- Postfix excels at SMTP (RFC 5321) with features like:
- SPF/DKIM/DMARC verification
- Greylisting
- Rate limiting
- Dovecot specializes in IMAP (RFC 3501) with:
- Full-text search
- Compression
- Push notifications
Here's a minimal working configuration for Postfix+Dovecot integration:
# Postfix main.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailboxes.cf
# Dovecot 10-master.conf
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
Simple use cases where you only need:
- Postfix alone: Outbound mail relay or basic SMTP server
- Dovecot alone: IMAP server accessing existing mail storage
But for a complete mail server, the combined solution provides enterprise-grade features through specialization.
While Dovecot, Postfix, and Sendmail all handle email, they serve fundamentally different roles in the mail delivery chain:
# Postfix/Sendmail as MTA (Mail Transfer Agent)
1. Receives email via SMTP (port 25/587)
2. Routes email between servers
3. Handles queue management
# Dovecot as MDA/IMAP (Mail Delivery Agent)
1. Delivers mail to local mailboxes (MDA)
2. Provides IMAP/POP3 access (ports 143/993/110/995)
3. Manages mailbox storage and retrieval
The separation allows each daemon to specialize:
- Postfix/Sendmail optimize for SMTP transactions (EHLO, MAIL FROM, RCPT TO commands)
- Dovecot excels at IMAP commands (FETCH, STORE, SEARCH) and mailbox formats (mbox, Maildir)
Here's how they interact in a typical setup:
# Postfix main.cf snippet
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# Dovecot 10-mail.conf
mail_location = maildir:~/Maildir
# Authentication integration
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
The separation creates security boundaries:
| Component | Default Privileges | Network Exposure |
|---|---|---|
| Postfix | runs as postfix user | Exposes SMTP ports to internet |
| Dovecot | runs as dovecot user | Only exposes IMAP/POP3 to authenticated users |
Dovecot's IMAP implementation outperforms alternatives when handling:
- Large mailboxes (100k+ messages)
- Concurrent connections (500+)
- Full-text search operations
Benchmark tests show Dovecot delivers 3-5x better IMAP search performance compared to Courier or Cyrus when properly tuned.
While all-in-one solutions exist (like Exim), they often:
- Compromise on either SMTP or IMAP performance
- Create single points of failure
- Limit flexibility in security hardening
The Postfix+Dovecot combination has become the de facto standard for Linux mail servers precisely because it leverages the strengths of each component while maintaining clear separation of concerns.