Skip to content

Dovecot 2.4 support in Debian 13

The Debian upgrade failed on the first try with:

Job for dovecot.service failed because the control process exited with error code.
See "systemctl status dovecot.service" and "journalctl -xeu dovecot.service" for details.
invoke-rc.d: initscript dovecot, action "restart" failed.
dovecot.service - Dovecot IMAP/POP3 email server
     Loaded: loaded (file://ispdev2/usr/lib/systemd/system/dovecot.service enabled; preset: enabled
     Active: ESC[0;1;31mfailedESC[0m (Result: exit-code) since Fri 2025-08-22 16:27:27 CEST; 25ms ago
   Duration: 5min 54.617s
 Invocation: 716238614e884877826ea0b346dc6971
       Docs: dovecot(1) https://doc.dovecot.org/
    Process: 101952 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89)
   Main PID: 101952 (code=exited, status=89)
   Mem peak: 8.6M
        CPU: 31ms

Aug 22 16:27:27 ispdev2 systemd[1]: Starting dovecot.service - Dovecot IMAP/POP3 email server...
Aug 22 16:27:27 ispdev2 dovecot[101952]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 4: The first setting must be dovecot_config_version
Aug 22 16:27:27 ispdev2 systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Aug 22 16:27:27 ispdev2 systemd[1]: dovecot.service: Failed with result 'exit-code'.
Aug 22 16:27:27 ispdev2 systemd[1]: Failed to start dovecot.service - Dovecot IMAP/POP3 email server.
dpkg: error processing package dovecot-core (--configure):
 installed dovecot-core package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 dovecot-core

Running apt upgrade a second time finished without error.

But restarting the service keeps failing on:

dovecot[105869]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 4: The first setting must be dovecot_config_version

A relevant note in the dovecot-core.NEWS file points to https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html for more info.

dovecot (1:2.4.1+dfsg1-1) unstable; urgency=medium

  Dovecot 2.4 is a major upgrade from the previous 2.3 branch and introduces
  an incompatible configuration language.  Please see
  https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html for
  details on transitioning to the new language.  The default configuration
  shipped by Debian has been updated for compatibility with the new
  configuration, but any locally maintained configuration will need to be
  updated.

 -- Noah Meyerhans <noahm@debian.org>  Mon, 10 Mar 2025 13:28:20 -0400

It's clear that the config templates need to be adapted.

In a fresh attempt I added the dovecot_config_version line before the Debian upgrade, but that does not help. The debian package currently has no code to auto update the Dovecot config.

Debian has an open bug report for this https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095613

Some of the changes are easy, (diff below)... but I got stuck on the passdb and userdb sections, so this needs more work and thorough testing.

diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf
index 66fc8e8..f6fed71 100644
--- a/dovecot/dovecot.conf
+++ b/dovecot/dovecot.conf
@@ -2,21 +2,21 @@
 # Put your custom settings in /usr/local/ispconfig/server/conf-custom/install/dovecot_custom.conf.master.
 # To start using those changes, do a force upgrade and let it reconfigure your services. (ispconfig_update.sh --force)
 
-dovecot_config_version = 2.3.19
-dovecot_storage_version = 2.3.19
+dovecot_config_version = 2.4.0
+dovecot_storage_version = 2.4.0
 
 listen = *,[::]
 protocols = imap pop3 lmtp
 auth_mechanisms = plain login
-disable_plaintext_auth = no
+auth_allow_cleartext = no
 log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
-ssl_cert = </etc/postfix/smtpd.cert
-ssl_key = </etc/postfix/smtpd.key
-ssl_dh = </etc/dovecot/dh.pem
+ssl_server_cert_file = /etc/postfix/smtpd.cert
+ssl_server_key_file = /etc/postfix/smtpd.key
+ssl_server_dh_file = /etc/dovecot/dh.pem
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-ssl_prefer_server_ciphers = no
+ssl_server_prefer_ciphers = server
 mail_max_userip_connections = 100
 mail_plugins = quota
 passdb {
@@ -31,13 +31,13 @@ userdb {
   driver = sql
 }
 plugin {
-  quota = dict:user::file:/var/vmail/%d/%n/.quotausage
+  quota = dict:user::file:/var/vmail/%{user | domain }/%{user | username }/.quotausage
 
   # no longer needed, as 'sieve' is in userdb extra fields:
-  sieve=/var/vmail/%d/%n/.sieve
+  sieve=/var/vmail/%{user | domain }/%{user | username }/.sieve
 
-  sieve_before=/var/vmail/%d/%n/.ispconfig-before.sieve
-  sieve_after=/var/vmail/%d/%n/.ispconfig.sieve
+  sieve_before=/var/vmail/%{user | domain }/%{user | username }/.ispconfig-before.sieve
+  sieve_after=/var/vmail/%{user | domain }/%{user | username }/.ispconfig.sieve
   sieve_max_script_size = 2M
   sieve_max_actions = 100
   sieve_max_redirects = 25