diff --git a/roles/mailserver_dovecot/files/nftables/input.d/imap-imaps.conf b/roles/mailserver_dovecot/files/nftables/input.d/imap-imaps.conf
new file mode 100644
index 0000000..9e70423
--- /dev/null
+++ b/roles/mailserver_dovecot/files/nftables/input.d/imap-imaps.conf
@@ -0,0 +1 @@
+tcp dport {143, 993} accept comment "Allow IMAP/IMAPS from all"
diff --git a/roles/mailserver_dovecot/meta/main.yml b/roles/mailserver_dovecot/meta/main.yml
new file mode 100644
index 0000000..0b0dbbe
--- /dev/null
+++ b/roles/mailserver_dovecot/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: setup_nftables
diff --git a/roles/mailserver_dovecot/tasks/main.yml b/roles/mailserver_dovecot/tasks/main.yml
index 4d7347d..72ba08e 100644
--- a/roles/mailserver_dovecot/tasks/main.yml
+++ b/roles/mailserver_dovecot/tasks/main.yml
@@ -280,3 +280,11 @@
   loop:
     - spam
     - ham
+
+- name: Allow incoming IMAP/IMAPS
+  become: true
+  ansible.builtin.copy:
+    src: nftables/input.d/imap-imaps.conf
+    dest: /etc/nftables/input.d/imap-imaps.conf
+    mode: 0640
+  notify: Reload nftables service