blob: 39b1def949b853ef59cf653c3e23c72cffd73d8a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-vserver-amd64 x86_64 Debian 7.3 ufs
# See http://help.directadmin.com/item.php?id=348
listen = *
auth_mechanisms = plain login
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_log_format_elements = user=<%%u> method=%m %c
mail_location = maildir:/var/mail/virtual/%u
mail_privileged_group = mail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_storage = ~/sieve
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
group = mail
mode = 0600
user = vmail
}
user = root
}
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root.
ssl_cert = </etc/ssl/certs/cert.crt
ssl_key = </etc/ssl/private/cert.pem
# SSL ciphers to use
#
# Since Dovecot started using OpenSSL 1.1, we don't have to disable
# SSLv2 anymore as it's already removed from OpenSSL.
#
# See http://www.virtualmin.com/node/25057
# https://zmap.io/sslv3/servers.html
# https://security.stackexchange.com/questions/71872/disable-sslv3-in-dovecot-tls-handshaking-failed-no-shared-cipher
# https://bbs.archlinux.org/viewtopic.php?id=225535
ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:SSLv3
# See https://wiki2.dovecot.org/Upgrading/2.3
#ssl_protocols = !SSLv3
ssl_min_protocol = TLSv1
ssl_dh = </etc/dovecot/dh.pem
userdb {
args = uid=5000 gid=5000 home=/var/mail/virtual/%u allow_all_users=yes
driver = static
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
mail_plugins = sieve
postmaster_address = postmaster@<%= @fqdn %>
}
# Should saving a mail to a non-existing mailbox automatically create it?
lda_mailbox_autocreate = yes
# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903161
service stats {
unix_listener stats-reader {
mode = 0
}
unix_listener stats-writer {
#mode = 0
mode = 0666
}
}
# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903161
service old-stats {
fifo_listener old-stats-mail {
mode = 0
}
fifo_listener old-stats-user {
mode = 0
}
unix_listener old-stats {
#mode = 0
mode = 0666
}
}
|
