If you just want to get Dovecot running with typical configuration in a typical environment, here's what you'll have to do:
If you compiled Dovecot from sources, Dovecot has installed a /usr/local/etc/dovecot-example.conf file, which you'll have to rename to /usr/local/etc/dovecot.conf. Prebuilt packages usually install /etc/dovecot.conf directly. You'll find the path by running dovecot -n|head -1. It's a good idea to read through the whole file and see what settings you might want to change.
auth required pam_unix.so account required pam_unix.so
You can let Dovecot do its automatic mail location detection, but if that doesn't work, you can set the location manually in mail_location setting. See MailLocation for more information.
Make sure that all software accessing the mboxes are using the same locking methods in the same order. The order is important to prevent deadlocking. From Dovecot's side you can change these from mbox_read_locks and mbox_write_locks settings. See MboxLocking for more information.
If you're using /var/mail/ directory for INBOXes, you may need to set mail_privileged_group = mail so Dovecot can create dotlocks there.
For better performance you may want to set mbox_very_dirty_syncs = yes option.
For better performance you may want to set maildir_copy_with_hardlinks = yes option.
Check imap_client_workarounds and pop3_client_workarounds and see if you want to enable more of them than the defaults.
If you're going to use Dovecot's POP3 server, you'll need to add pop3 (and pop3s for SSL) to protocols line in configuration file.
You'll also have to set pop3_uidl_format setting. If you're migrating from another POP3 server, see migration page. Otherwise set it to Dovecot's default:
pop3_uidl_format = %08Xu%08Xv
If you intend to use SSL, set ssl_cert_file and ssl_key_file settings. Otherwise set ssl_disable = yes. Easiest way to get SSL certificates built is to use Dovecot's doc/mkcert.sh script.
By default Dovecot doesn't allow users to send passwords unencrypted to the server. Usually if SSL is enabled, it's a good idea not to allow this. However, if you don't offer SSL for some reason, you'll probably want to set disable_plaintext_auth = no.
To enable imaps and pop3s, make sure they're listed in protocols setting.
If you're using NFS or some other remote filesystem that's shared between multiple computers, you'll need to set mmap_disable = yes. If you're not using lockd you'll need to change lock_method to dotlock. These settings are only used for handling index files.
It's possible to safely store index files in NFS nowadays, but you'll need to change some NFS mount options to do it. See NFS for more information. If you have only a single Dovecot server, or if the users almost always log into same physical server, you may want to consider storing the indexes into local disks instead. This is done by appending :INDEX=path to mail_location. For example:
mail_location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=/var/indexes/%u
Remember that if you're storing indexes locally you can keep mmap_disable = no (which gives better performance).