I use Dovecot as my IMAP/IMAPS server – it has always worked very reliably for me.

srv/salt/dovecot.sls

First, this file needs to include sslcerts.sls to make sure that the certificates are installed. Dovecot starts as root so it doesn’t need any special groups to get access to the key.

Once the packages are installed there is a bit of configuration to set up:

• Configure the system to use Maildir format;
• Get rid of any configuration to use mbox format;
• Ensure that SSL is turned on and that the ssl_cert and ssl_key values are set correctly;
• Ensure that SSL isn’t turned off.

# Ensure we have the SSL certs available
include:
  - sslcerts

# Installs and configures the Dovecot IMAP server
dovecot-core:
  pkg:
    - installed
dovecot-imapd:
  pkg:
    - installed
dovecot-sieve:
  pkg:
    - installed

# Set the mailbox location - required
/etc/dovecot/conf.d/10-mail.conf-A:
  file.blockreplace:
    - name: /etc/dovecot/conf.d/10-mail.conf
    - marker_start: '# ------- SALTSTACK DOVECOT START -------'
    - marker_end:   '# ------- SALTSTACK DOVECOT END -------'
    - prepend_if_not_found: True
    - content: 'mail_location = maildir:~/Maildir'

/etc/dovecot/conf.d/10-mail.conf-B:
  file.comment:
    - name: /etc/dovecot/conf.d/10-mail.conf
    - regex: '^mail_location = mbox.*$'

# Use the central SSL cert and key
/etc/dovecot/conf.d/10-ssl.conf-A:
  file.blockreplace:
    - name: /etc/dovecot/conf.d/10-ssl.conf
    - marker_start: '# ------- SALTSTACK DOVECOT START -------'
    - marker_end:   '# ------- SALTSTACK DOVECOT END -------'
    - prepend_if_not_found: True
    - require:
        - sls: sslcerts
    - content: 'ssl = yes

      ssl_cert = </etc/ssl/certs/info.river-innovations.com.cert

      ssl_key = </etc/ssl/private/info.river-innovations.com.key'
/etc/dovecot/conf.d/10-ssl.conf-B:
  file.comment:
    - name: /etc/dovecot/conf.d/10-ssl.conf
    - regex: '^ssl = no.*$'