|
############################# |
|
## General |
|
############################# |
|
|
|
# Protocols we want to be serving: pop imap |
|
protocols = pop3 imap |
|
|
|
# Base directory where to store runtime data. |
|
base_dir = /var/run/dovecot/ |
|
|
|
############################# |
|
## Logging |
|
############################# |
|
|
|
# Prefix for each line written to log file. |
|
log_timestamp = "%Y-%m-%d %H:%M:%S " |
|
|
|
# Syslog facility to use if you're logging to syslog. Usually if you don't |
|
# want to use "mail", you'll use local0..local7. Also other standard |
|
# facilities are supported. |
|
syslog_facility = mail |
|
|
|
############################# |
|
## SSL settings |
|
############################# |
|
|
|
# SSL/TLS settings |
|
# forcing ssl disabled |
|
# ssl = yes |
|
|
|
# Disable LOGIN command and all other plaintext authentications unless |
|
# SSL/TLS is used (LOGINDISABLED capability). |
|
disable_plaintext_auth = no |
|
|
|
# SSL certificate ... preferred permissions: root:root 0444 |
|
ssl_cert = </etc/pki/tls/certs/dovecot.crt |
|
|
|
# SSL certificate key ... preferred permissions: root:root 0400 |
|
ssl_key = </etc/pki/tls/private/dovecot.key |
|
|
|
# With the settings below if a client connects which doesn't present a |
|
# certificate signed by one of the CAs in the ssl_ca_file, Dovecot won't |
|
# let the user log in. |
|
## fusioned certificated and CRL file |
|
ssl_ca = </etc/pki/tls/mixed_ca/mixed_ca_fusion.pem |
|
|
|
# verify client cert |
|
ssl_verify_client_cert = yes |
|
|
|
# Which field from certificate to use for username. commonName and |
|
# x500UniqueIdentifier are the usual choices. |
|
# Username of Requestor in special field |
|
ssl_cert_username_field = 2.5.4.5 # object identifier |
|
|
|
# Check the depth of a SSL certificate chain. The given value is the maximum |
|
# allowed depth. Default is 9. |
|
ssl_verify_depth = 9 |
|
|
|
# take sha1 as fingerprint algo |
|
ssl_cert_md_algorithm = sha1 |
|
|
|
# take only this high ciphers |
|
ssl_cipher_list = HIGH:!ADH-AES128-SHA:!ADH-AES256-SHA:!ADH-DES-CBC3-SHA:!DES-CBC3-MD5:!DES-CBC3-SHA:!DHE-DSS-AES128-SHA:!DHE-DSS-AES256-SHA:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-MD5:!KRB5-DES-CBC3-SHA:!LOW:!SSLv2:!EXP:!aNULL |
|
|
|
############################# |
|
## Services inkl. Tuning |
|
############################# |
|
|
|
## using MAILDIR instead of MBOX |
|
mail_location = maildir:~/Maildir |
|
|
|
namespace { |
|
inbox = yes |
|
location = |
|
prefix = |
|
separator = / |
|
type = private |
|
} |
|
|
|
#################### |
|
# anvil |
|
#################### |
|
service anvil { |
|
client_limit = 1200 |
|
# process limit must be 1 |
|
process_limit = 1 |
|
} |
|
|
|
#################### |
|
# auth |
|
#################### |
|
service auth { |
|
client_limit = 1200 |
|
# process limit must be 1 |
|
process_limit = 1 |
|
} |
|
|
|
#################### |
|
# pop3 configuration |
|
#################### |
|
service pop3-login { |
|
inet_listener pop3 { |
|
address = 192.168.0.246 |
|
port = 110 |
|
|
|
} |
|
inet_listener pop3s { |
|
address = 192.168.0.246 |
|
port = 995 |
|
} |
|
|
|
service_count = 1 |
|
|
|
# To avoid startup latency for new client connections, set process_min_avail to higher |
|
# than zero. That many idling processes are always kept around waiting for new |
|
# connections. |
|
# process_min_avail should be set to be at least the number of CPU cores in the system, |
|
# so that all of them will be used. |
|
process_min_avail = 8 |
|
|
|
# Otherwise new processes are created only once an existing one's connection count |
|
# reaches client_limit |
|
client_limit = 1024 |
|
|
|
# Max. number of POP3 processes (connections) |
|
process_limit = 512 |
|
|
|
# Default VSZ (virtual memory size) limit for service processes. This is mainly |
|
# intended to catch and kill processes that leak memory before they eat up |
|
# everything. |
|
# vsz_limit should be increased to avoid out of memory errors, especially if you're |
|
# using SSL/TLS. |
|
vsz_limit = 2048 M |
|
} |
|
|
|
protocol pop3 { |
|
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh |
|
pop3_uidl_format = %08Xu%08Xv |
|
} |
|
|
|
#################### |
|
# imap configuration |
|
#################### |
|
|
|
service imap-login { |
|
inet_listener imap { |
|
# disable imap without ssl |
|
address = 192.168.0.246 |
|
port = 143 |
|
} |
|
inet_listener imaps { |
|
address = 192.168.0.246 |
|
port = 993 |
|
} |
|
|
|
service_count = 1 |
|
|
|
# To avoid startup latency for new client connections, set process_min_avail to higher |
|
# than zero. That many idling processes are always kept around waiting for new |
|
# connections. |
|
# process_min_avail should be set to be at least the number of CPU cores in the system, |
|
# so that all of them will be used. |
|
process_min_avail = 8 |
|
|
|
# Otherwise new processes are created only once an existing one's connection count |
|
# reaches client_limit |
|
client_limit = 1024 |
|
|
|
# Max. number of IMAP processes (connections) |
|
process_limit = 512 |
|
|
|
# Default VSZ (virtual memory size) limit for service processes. This is mainly |
|
# intended to catch and kill processes that leak memory before they eat up |
|
# everything. |
|
# vsz_limit should be increased to avoid out of memory errors, especially if you're |
|
# using SSL/TLS. |
|
vsz_limit = 2048 M |
|
} |
|
|
|
protocol imap { |
|
imap_client_workarounds = "delay-newmail " |
|
} |
|
|
|
############################# |
|
## Authentication |
|
############################# |
|
|
|
passdb { |
|
args = proxy=y proxy_nopipelining=y host=zimbra-mta.example.com nopassword=y nodelay=y nologin=y |
|
driver = static |
|
} |
|
|
|
userdb { |
|
args = static uid=5000 gid=5000 home=/dev/null |
|
driver = static |
|
} |
|
|
|
############################# |
|
## Debug |
|
############################# |
|
|
|
auth_verbose = yes |
|
auth_debug = yes |
|
mail_debug = yes |
|
verbose_ssl = yes |
|
|
|
# vim: ft=conf |
|
|