dovecot: also listen on the virtual IP dedicated to IPSec.

(On port 143.)  Moreover, add the whole IPSec virtual subnet to
‘login_trusted_networks’ since our IPSec tunnels provide end-to-end
encryption and we therefore don't need the extra SSL/TLS protection.

1 files changed, 0 insertions, 138 deletions

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf
deleted file mode 100644
index 9fcc549..0000000
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf
+++ /dev/null
@@ -1,138 +0,0 @@
-#default_process_limit = 100
-#default_client_limit = 1000
-
-# Default VSZ (virtual memory size) limit for service processes. This is mainly
-# intended to catch and kill processes that leak memory before they eat up
-# everything.
-#default_vsz_limit = 256M
-
-# Login user is internally used by login processes. This is the most untrusted
-# user in Dovecot system. It shouldn't have access to anything at all.
-#default_login_user = dovenull
-
-# Internal user is used by unprivileged processes. It should be separate from
-# login user, so that login processes can't disturb other processes.
-#default_internal_user = dovecot
-
-service imap-login {
-  inet_listener imap {
-    port = 0
-  }
-  inet_listener imaps {
-    #port = 993
-    #ssl = yes
-  }
-
-  # Number of connections to handle before starting a new process. Typically
-  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
-  # is faster. <doc/wiki/LoginProcess.txt>
-  #service_count = 1
-
-  # Max. number of IMAP processes (logins)
-  process_limit = 256
-
-  # Number of processes to always keep waiting for more connections.
-  process_min_avail = 4
-
-  # If you set service_count=0, you probably need to grow this.
-  #vsz_limit = $default_vsz_limit
-}
-
-service pop3-login {
-  inet_listener pop3 {
-    #port = 110
-  }
-  inet_listener pop3s {
-    #port = 995
-    #ssl = yes
-  }
-}
-
-service lmtp {
-  user = vmail
-
-  unix_listener /var/spool/postfix-mda/private/dovecot-lmtpd {
-    group = postfix
-    user = postfix
-    mode = 0600
-  }
-
-  # Create inet listener only if you can't use the above UNIX socket
-  #inet_listener lmtp {
-    # Avoid making LMTP visible for the entire internet
-    #address =
-    #port = 
-  #}
-
-  # Number of processes to always keep waiting for more connections.
-  process_min_avail = 4
-}
-
-service imap {
-  # Most of the memory goes to mmap()ing files. You may need to increase this
-  # limit if you have huge mailboxes.
-  #vsz_limit = $default_vsz_limit
-
-  # Max. number of IMAP processes (connections)
-  #process_limit = 1024
-}
-
-service pop3 {
-  # Max. number of POP3 processes (connections)
-  #process_limit = 1024
-}
-
-service auth {
-  # auth_socket_path points to this userdb socket by default. It's typically
-  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
-  # full permissions to this socket are able to get a list of all usernames and
-  # get the results of everyone's userdb lookups.
-  #
-  # The default 0666 mode allows anyone to connect to the socket, but the
-  # userdb lookups will succeed only if the userdb returns an "uid" field that
-  # matches the caller process's UID. Also if caller's uid or gid matches the
-  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
-  #
-  # To give the caller full permissions to lookup all users, set the mode to
-  # something else than 0666 and Dovecot lets the kernel enforce the
-  # permissions (e.g. 0777 allows everyone full permissions).
-  unix_listener auth-userdb {
-    mode = 0600
-    user = vmail
-    group = root
-  }
-
-  # Postfix smtp-auth
-  unix_listener /var/spool/postfix-msa/private/dovecot-auth {
-    group = postfix
-    user = postfix
-    mode = 0600
-  }
-
-  # Auth process is run as this user.
-  #user = $default_internal_user
-}
-
-service auth-worker {
-  # Auth worker process is run as root by default, so that it can access
-  # /etc/shadow. If this isn't necessary, the user should be changed to
-  # $default_internal_user.
-  user = $default_internal_user
-}
-
-service dict {
-  # If dict proxy is used, mail processes should have access to its socket.
-  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
-  unix_listener dict {
-    #mode = 0600
-    #user = 
-    #group = 
-  }
-}
-
-service stats {
-  fifo_listener stats-mail {
-    user = vmail
-    mode = 0600
-  }
-}