diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-12-15 23:46:29 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:26 +0200 |
| commit | 7fe517c328906d0f962c3dc33d7bc773f2348bb4 (patch) | |
| tree | d8e56323c10cd32952d5b473d4ee56d605375c7d /roles/IMAP/files | |
| parent | 540779286a899dee846784a8ffd0fdab756ac1e3 (diff) | |
Configure the webmail.
Diffstat (limited to 'roles/IMAP/files')
| -rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-master.conf | 1 | ||||
| -rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 8 |
2 files changed, 9 insertions, 0 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf index 51ed7c6..d477d01 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf @@ -1,40 +1,41 @@ #default_process_limit = 100 #default_client_limit = 1000 # Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. #default_vsz_limit = 256M # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. default_internal_user = dovecot service imap-login { inet_listener imap { address = 172.16.0.1 port = 143 + ssl = no } inet_listener imaps { port = 993 ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit } service pop3-login { inet_listener pop3 { diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf index a733e94..4eabe53 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf @@ -1,27 +1,35 @@ ## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = required +# No need for SSL if the packets are protected by IPSec. +local 172.16.0.1 { + protocol imap { + disable_plaintext_auth = no + ssl = no + } +} + # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = <path. #ssl_key_password = # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) #ssl_ca = # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes |