apt-get install dovecot-core
mkdir /etc/dovecot/ssl
chmod 0750 /etc/dovecot/ssl
chgrp dovecot /etc/dovecot/ssl
openssl req \
-x509 -nodes -days 365 -sha256 \
-subj '/C=DE/ST=Hamburg/L=Hamburg/CN=mymailserver.lan' \
-newkey rsa:2048 \
-keyout /etc/dovecot/ssl/mymailserver.lan.key_pem \
-out /etc/dovecot/ssl/mymailserver.lan.crt_pem
chmod 0640 /etc/dovecot/ssl/*pem
chgrp dovecot /etc/dovecot/ssl/*pemssl = required
ssl_cert = </etc/dovecot/ssl/mymailserver.lan.crt_pem
ssl_key = </etc/dovecot/ssl/mymailserver.lan.key_pem
ssl_dh_parameters_length = 1024
ssl_protocols = !SSLv2
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_prefer_server_ciphers = no