This is a Prosody authentication plugin which uses Dovecot as the backend.


As with all auth modules, there is no need to add this to modules_enabled. Simply add in the global section, or for the relevant hosts:

authentication = "dovecot"

These options are used by mod_auth_dovecot:

Name Description Default value
dovecot_auth_socket Path to the Dovecot auth socket “/var/run/dovecot/auth-login”
auth_append_host If true, sends the bare JID as authzid. false

The Dovecot user and group must have access to connect to this socket. You can create a new dedicated socket for Prosody too. Add the below to the socket listen section of /etc/dovecot/dovecot.conf, and match the socket path in Prosody’s dovecot_auth_socket setting.

service auth {
    unix_listener /var/spool/prosody/private/auth-client {
        mode = 0660
        user = prosody
        group = prosody

Make sure the socket directories exist and are owned by the Prosody user.

Note: Dovecot uses UNIX sockets by default. luasocket is compiled with UNIX socket on debian/ubuntu by default, but is not on many other platforms. If you run into this issue, you would need to either recompile luasocket with UNIX socket support, or use Dovecot 2.x’s TCP socket support.

TCP socket support for Dovecot 2.x

Dovecot 2.x includes TCP socket support. These are the relevant mod_auth_dovecot options:

Name Description Default value
dovecot_auth_host Hostname to connect to. “”
dovecot_auth_port Port to connect to. (this value is required)


trunk Works
0.8 Works


With the plugin installer in Prosody 0.12 you can use:

sudo prosodyctl install --server= mod_auth_dovecot

For earlier versions see the documentation for installing 3rd party modules