303 lines
		
	
	
		
			7.6 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			303 lines
		
	
	
		
			7.6 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| # --------------------------------------------------------------------------
 | |
| # Please create a file "extra.conf" for persistent overrides to dovecot.conf
 | |
| # --------------------------------------------------------------------------
 | |
| # LDAP example:
 | |
| #passdb {
 | |
| #  args = /etc/dovecot/ldap/passdb.conf
 | |
| #  driver = ldap
 | |
| #}
 | |
| 
 | |
| auth_mechanisms = plain login
 | |
| #mail_debug = yes
 | |
| #auth_debug = yes
 | |
| log_path = syslog
 | |
| disable_plaintext_auth = yes
 | |
| # Uncomment on NFS share
 | |
| #mmap_disable = yes
 | |
| #mail_fsync = always
 | |
| #mail_nfs_index = yes
 | |
| #mail_nfs_storage = yes
 | |
| login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
 | |
| mail_home = /var/vmail/%d/%n
 | |
| mail_location = maildir:~/
 | |
| mail_plugins = </etc/dovecot/mail_plugins
 | |
| mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
 | |
| mail_attachment_dir = /var/attachments
 | |
| mail_attachment_min_size = 128k
 | |
| 
 | |
| # Dovecot 2.2
 | |
| #ssl_protocols = !SSLv3
 | |
| # Dovecot 2.3
 | |
| ssl_min_protocol = TLSv1.2
 | |
| 
 | |
| ssl_prefer_server_ciphers = yes
 | |
| ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM
 | |
| 
 | |
| # Default in Dovecot 2.3
 | |
| ssl_options = no_compression no_ticket
 | |
| 
 | |
| # New in Dovecot 2.3
 | |
| ssl_dh = </etc/ssl/mail/dhparams.pem
 | |
| # Dovecot 2.2
 | |
| #ssl_dh_parameters_length = 2048
 | |
| log_timestamp = "%Y-%m-%d %H:%M:%S "
 | |
| recipient_delimiter = +
 | |
| auth_master_user_separator = *
 | |
| mail_shared_explicit_inbox = yes
 | |
| mail_prefetch_count = 30
 | |
| passdb {
 | |
|   driver = lua
 | |
|   args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
 | |
|   result_success = return-ok
 | |
|   result_failure = continue
 | |
|   result_internalfail = continue
 | |
| }
 | |
| # try a master passwd
 | |
| passdb {
 | |
|   driver = passwd-file
 | |
|   args = /etc/dovecot/dovecot-master.passwd
 | |
|   master = yes
 | |
|   skip = authenticated
 | |
| }
 | |
| # check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail
 | |
| # a return of the following passdb is mandatory
 | |
| passdb {
 | |
|   driver = lua
 | |
|   args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
 | |
| }
 | |
| # Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing)
 | |
| service doveadm {
 | |
|   inet_listener {
 | |
|     port = 12345
 | |
|   }
 | |
|   vsz_limit=2048 MB
 | |
| }
 | |
| !include /etc/dovecot/dovecot.folders.conf
 | |
| protocols = imap sieve lmtp pop3
 | |
| service dict {
 | |
|   unix_listener dict {
 | |
|     mode = 0660
 | |
|     user = vmail
 | |
|     group = vmail
 | |
|   }
 | |
| }
 | |
| service log {
 | |
|   user = dovenull
 | |
| }
 | |
| service config {
 | |
|   unix_listener config {
 | |
|     user = root
 | |
|     group = vmail
 | |
|     mode = 0660
 | |
|   }
 | |
| }
 | |
| service auth {
 | |
|   inet_listener auth-inet {
 | |
|     port = 10001
 | |
|   }
 | |
|   unix_listener auth-master {
 | |
|     mode = 0600
 | |
|     user = vmail
 | |
|   }
 | |
|   unix_listener auth-userdb {
 | |
|     mode = 0600
 | |
|     user = vmail
 | |
|   }
 | |
|   vsz_limit = 2G
 | |
| }
 | |
| service managesieve-login {
 | |
|   inet_listener sieve {
 | |
|     port = 4190
 | |
|   }
 | |
|   inet_listener sieve_haproxy {
 | |
|     port = 14190
 | |
|     haproxy = yes
 | |
|   }
 | |
|   service_count = 1
 | |
|   process_min_avail = 2
 | |
|   vsz_limit = 1G
 | |
| }
 | |
| service imap-login {
 | |
|   service_count = 1
 | |
|   process_limit = 10000
 | |
|   vsz_limit = 1G
 | |
|   user = dovenull
 | |
|   inet_listener imap_haproxy {
 | |
|     port = 10143
 | |
|     haproxy = yes
 | |
|   }
 | |
|   inet_listener imaps_haproxy {
 | |
|     port = 10993
 | |
|     ssl = yes
 | |
|     haproxy = yes
 | |
|   }
 | |
| }
 | |
| service pop3-login {
 | |
|   service_count = 1
 | |
|   vsz_limit = 1G
 | |
|   inet_listener pop3_haproxy {
 | |
|     port = 10110
 | |
|     haproxy = yes
 | |
|   }
 | |
|   inet_listener pop3s_haproxy {
 | |
|     port = 10995
 | |
|     ssl = yes
 | |
|     haproxy = yes
 | |
|   }
 | |
| }
 | |
| service imap {
 | |
|   executable = imap
 | |
|   user = vmail
 | |
|   vsz_limit = 1G
 | |
| }
 | |
| service managesieve {
 | |
|   process_limit = 256
 | |
| }
 | |
| service lmtp {
 | |
|   inet_listener lmtp-inet {
 | |
|     port = 24
 | |
|   }
 | |
|   user = vmail
 | |
| }
 | |
| listen = *,[::]
 | |
| ssl_cert = </etc/ssl/mail/cert.pem
 | |
| ssl_key = </etc/ssl/mail/key.pem
 | |
| userdb {
 | |
|   driver = passwd-file
 | |
|   args = /etc/dovecot/dovecot-master.userdb
 | |
| }
 | |
| userdb {
 | |
|   args = /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
 | |
|   driver = sql
 | |
|   skip = found
 | |
| }
 | |
| protocol imap {
 | |
|   mail_plugins = </etc/dovecot/mail_plugins_imap
 | |
|   imap_metadata = yes
 | |
| }
 | |
| mail_attribute_dict = file:%h/dovecot-attributes
 | |
| protocol lmtp {
 | |
|   mail_plugins = </etc/dovecot/mail_plugins_lmtp
 | |
|   auth_socket_path = /var/run/dovecot/auth-master
 | |
| }
 | |
| protocol sieve {
 | |
|   managesieve_logout_format = bytes=%i/%o
 | |
| }
 | |
| plugin {
 | |
|   # Allow "any" or "authenticated" to be used in ACLs
 | |
|   acl_anyone = </etc/dovecot/acl_anyone
 | |
|   acl_shared_dict = file:/var/vmail/shared-mailboxes.db
 | |
|   acl = vfile
 | |
|   acl_user = %u
 | |
|   fts = solr
 | |
|   fts_autoindex = yes
 | |
|   fts_solr = url=http://solr:8983/solr/dovecot-fts/
 | |
|   quota = dict:Userquota::proxy::sqlquota
 | |
|   quota_rule2 = Trash:storage=+100%%
 | |
|   sieve = /var/vmail/sieve/%u.sieve
 | |
|   sieve_plugins = sieve_imapsieve sieve_extprograms
 | |
|   sieve_vacation_send_from_recipient = yes
 | |
|   sieve_redirect_envelope_from = recipient
 | |
|   # From elsewhere to Spam folder
 | |
|   imapsieve_mailbox1_name = Junk
 | |
|   imapsieve_mailbox1_causes = COPY
 | |
|   imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
 | |
|   # END
 | |
|   # From Spam folder to elsewhere
 | |
|   imapsieve_mailbox2_name = *
 | |
|   imapsieve_mailbox2_from = Junk
 | |
|   imapsieve_mailbox2_causes = COPY
 | |
|   imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
 | |
|   # END
 | |
|   master_user = %u
 | |
|   quota_warning = storage=95%% quota-warning 95 %u
 | |
|   quota_warning2 = storage=80%% quota-warning 80 %u
 | |
|   sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
 | |
|   sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
 | |
|   sieve_extensions = +notify +imapflags +vacation-seconds +editheader
 | |
|   sieve_max_script_size = 1M
 | |
|   sieve_max_redirects = 100
 | |
|   sieve_max_actions = 101
 | |
|   sieve_quota_max_scripts = 0
 | |
|   sieve_quota_max_storage = 0
 | |
|   listescape_char = "\\"
 | |
|   sieve_vacation_min_period = 5s
 | |
|   sieve_vacation_max_period = 0
 | |
|   sieve_vacation_default_period = 60s
 | |
|   sieve_before = /var/vmail/sieve/global_sieve_before.sieve
 | |
|   sieve_before2 = dict:proxy::sieve_before;name=active;bindir=/var/vmail/sieve_before_bindir
 | |
|   sieve_after = dict:proxy::sieve_after;name=active;bindir=/var/vmail/sieve_after_bindir
 | |
|   sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve
 | |
|   sieve_duplicate_default_period = 1m
 | |
|   sieve_duplicate_max_period = 7d
 | |
| 
 | |
|   # -- Global keys
 | |
|   mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
 | |
|   mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
 | |
|   mail_crypt_save_version = 2
 | |
| 
 | |
|   # Enable compression while saving, lz4 Dovecot v2.2.11+
 | |
|   zlib_save = lz4
 | |
| 
 | |
|   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
 | |
|   mail_log_fields = uid box msgid size
 | |
|   mail_log_cached_only = yes
 | |
| }
 | |
| service quota-warning {
 | |
|   executable = script /usr/local/bin/quota_notify.py
 | |
|   # use some unprivileged user for executing the quota warnings
 | |
|   user = vmail
 | |
|   unix_listener quota-warning {
 | |
|     user = vmail
 | |
|   }
 | |
| }
 | |
| dict {
 | |
|   sqlquota = mysql:/etc/dovecot/sql/dovecot-dict-sql-quota.conf
 | |
|   sieve_after = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf
 | |
|   sieve_before = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf
 | |
| }
 | |
| remote 127.0.0.1 {
 | |
|   disable_plaintext_auth = no
 | |
| }
 | |
| submission_host = postfix:588
 | |
| mail_max_userip_connections = 500
 | |
| service stats {
 | |
|   unix_listener stats-writer {
 | |
|     mode = 0660
 | |
|     user = vmail
 | |
|   }
 | |
| }
 | |
| imap_max_line_length = 2 M
 | |
| #auth_cache_verify_password_with_worker = yes
 | |
| #auth_cache_negative_ttl = 0
 | |
| #auth_cache_ttl = 30 s
 | |
| #auth_cache_size = 2 M
 | |
| service replicator {
 | |
|   process_min_avail = 1
 | |
| }
 | |
| service aggregator {
 | |
|   fifo_listener replication-notify-fifo {
 | |
|     user = vmail
 | |
|   }
 | |
|   unix_listener replication-notify {
 | |
|     user = vmail
 | |
|   }
 | |
| }
 | |
| service replicator {
 | |
|   unix_listener replicator-doveadm {
 | |
|     mode = 0666
 | |
|   }
 | |
| }
 | |
| replication_max_conns = 10
 | |
| doveadm_port = 12345
 | |
| replication_dsync_parameters = -d -l 30 -U -n INBOX
 | |
| # <Includes>
 | |
| !include_try /etc/dovecot/sni.conf
 | |
| !include_try /etc/dovecot/sogo_trusted_ip.conf
 | |
| !include_try /etc/dovecot/extra.conf
 | |
| !include_try /etc/dovecot/sogo-sso.conf
 | |
| !include_try /etc/dovecot/shared_namespace.conf
 | |
| # </Includes>
 | |
| default_client_limit = 10400
 | |
| default_vsz_limit = 1024 M
 |