Getting dovecot to run on Mojave

I’m using great dovecot as a local email server. By local, I mean it runs on my laptop and binds to 127.0.0.1. This way, I have a nice IMAP server hosting most of my emails (my main account is elsewhere) and acting as an archive, which I can access with any email client. In no way I’m left locked into a particular email client or provider.

However, little did I notice (since dovecot is mostly for archiving) that my email clients actually don’t connect to it, after one of the upgrades. To debug, I reached to the command line:

$ telnet localhost 143
Trying ::1...
Connection failed: Connection refused
Trying fe80::1%lo0...
Connection failed: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
 * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready.
tag1 login me secret_password
Connection closed by foreign host.

Ok, that was not good. I thought that disable_plaintext_auth (defaults to no) might be at fault, so I changed it in /usr/local/etc/dovecot/local.conf and restarted dovecot:

sudo brew services restart dovecot

The issue persisted.

Unfortunately, dovecot doesn’t log much by default. To get that working, I just added log_path=/dev/stderr to local.conf and restarted. This time, I got something in the logs:

Mar 10 23:38:42 imap-login: Info: Login: user=<me>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6331, secured, session=<FK4uVDa9acl/AAAB>
Mar 10 23:38:42 imap(me)<6331><FK4uVDa9acl/AAAB>: Fatal: setgroups(6) failed: Too many extra groups

Indeed:

$ id -G me
20 12 61 79 80 81 98 701 405 702 33 100 204 250 395 398 399

After a bit of duckduckgoing, it turns out that a simple fix is to add this to local.conf:

last_valid_gid=100

Restarting poor dovecot for the n+1-th time and telneting proved that I can now login and my email client started fetching mailboxes. (Incidentally, I figured out that the problem is there because filing/moving messages didn’t work).

For reference, these are the changes I ended up in the local.conf file:

log_path=/dev/stderr

disable_plaintext_auth=no

# This is really important in order to make it work on Mojave
last_valid_gid=100