summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/templates
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2024-09-08 02:10:41 +0200
committerGuilhem Moulin <guilhem@fripost.org>2024-09-08 02:10:41 +0200
commit4977d7c1d80ac0caf94914fbf9be8471d056c906 (patch)
tree47c03cb07ea14d0cce56ecefce583570f10947a8 /roles/IMAP/templates
parent6f7e29aa7227147a5c9038fe92d484d11e90d6fc (diff)
IMAP: Adjust dovecot configuration to bullseye.
Provisioning /etc/dovecot/conf.d/*.conf is a pain on upgrade so we consolidate that by reverting these files to the distro-provided ones and shipping a single /etc/dovecot/conf.d/99-local.conf override instead.
Diffstat (limited to 'roles/IMAP/templates')
-rw-r--r--roles/IMAP/templates/etc/dovecot/conf.d/99-local.conf.j2204
1 files changed, 204 insertions, 0 deletions
diff --git a/roles/IMAP/templates/etc/dovecot/conf.d/99-local.conf.j2 b/roles/IMAP/templates/etc/dovecot/conf.d/99-local.conf.j2
new file mode 100644
index 0000000..3560193
--- /dev/null
+++ b/roles/IMAP/templates/etc/dovecot/conf.d/99-local.conf.j2
@@ -0,0 +1,204 @@
+auth_default_realm = fripost.org
+auth_username_format = %Lu
+auth_mechanisms = plain login
+
+mail_uid = vmail
+mail_gid = vmail
+mail_privileged_group =
+
+first_valid_uid = 1
+last_valid_uid = 0
+
+default_vsz_limit = 1024M
+
+service imap-login {
+ inet_listener imap {
+{% if groups.all | length > 1 %}
+ address = {{ ipsec[inventory_hostname_short] }}
+ port = 143
+{% else %}
+ port = 0
+{% endif %}
+ }
+ process_limit = 256
+ process_min_avail = 4
+}
+
+service stats {
+ unix_listener stats-writer {
+ user = vmail
+ mode = 0600
+ }
+}
+
+service submission-login {
+ inet_listener submission {
+ port = 0
+ }
+}
+
+service lmtp {
+ user = vmail
+ unix_listener lmtp {
+ mode = 0
+ }
+ unix_listener /var/spool/postfix-mda/private/dovecot-lmtpd {
+ user = postfix
+ mode = 0600
+ }
+ process_min_avail = 4
+}
+
+service imap {
+ unix_listener imap-master {
+ user = $default_internal_user
+ mode = 0600
+ }
+}
+service imap-hibernate {
+ unix_listener imap-hibernate {
+ # Match user running imap processes, cf.
+ # https://dovecot.org/pipermail/dovecot/2015-August/101783.html
+ user = vmail
+ mode = 0600
+ }
+}
+
+service auth {
+ unix_listener auth-userdb {
+ user = vmail
+ mode = 0600
+ }
+
+ # Postfix smtp-auth
+ unix_listener /var/spool/postfix-msa/private/dovecot-auth {
+ user = postfix
+ group = postfix
+ mode = 0600
+ }
+}
+
+service auth-worker {
+ user = $default_internal_user
+}
+
+
+mail_server_comment = "fripost - demokratisk e-post"
+mail_server_admin = mailto:postmaster@fripost.org
+
+mail_plugins = quota virtual zlib
+
+mail_location = mdbox:~/mail
+mdbox_preallocate_space = yes
+
+mail_attachment_dir = /home/mail/attachments
+mail_attachment_fs = sis-queue /home/mail/attachments/queue:posix
+mail_attachment_hash = %{sha256}
+
+sendmail_path = /usr/sbin/postmulti -i msa -x /usr/sbin/sendmail
+
+ssl = required
+# XXX `doveadm exec imap` fails with "ssl_key: Can't open file
+# /etc/dovecot/ssl/imap.fripost.org.key"
+# https://dovecot.org/pipermail/dovecot/2020-August/119642.html
+# TODO bookworm inline the include_try
+!include_try ../ssl/config
+ssl_dh = </etc/ssl/dhparams.pem
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+
+namespace inbox {
+ inbox = yes
+ separator = /
+
+ mailbox Drafts {
+ auto = create
+ special_use = \Drafts
+ }
+ mailbox Junk {
+ auto = create
+ special_use = \Junk
+ }
+ mailbox "Sent Messages" {
+ auto = no
+ special_use = \Sent
+ }
+ mailbox Sent {
+ auto = subscribe
+ special_use = \Sent
+ }
+ mailbox Trash {
+ auto = create
+ special_use = \Trash
+ }
+ mailbox virtual/All {
+ comment = All messages
+ special_use = \All
+ }
+ mailbox virtual/Flagged {
+ comment = All flagged messages
+ special_use = \Flagged
+ }
+}
+
+namespace virtual {
+ prefix = virtual/
+ separator = /
+ location = virtual:/etc/dovecot/virtual:INDEX=MEMORY
+ list = no
+ hidden = no
+ subscriptions = no
+}
+
+imap_hibernate_timeout = 15s
+protocol imap {
+ mail_plugins = $mail_plugins imap_zlib
+ mail_max_userip_connections = 16
+
+ ## TODO Load the 'antispam' plugin for people using the content filter.
+ ## (Otherwise fallback to the static userdb.)
+ #userdb {
+ # driver = ldap
+ # args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
+ #
+ # # Default fields can be used to specify defaults that LDAP may override
+ # default_fields = home=/home/mail/virtual/%d/%n
+ #}
+}
+
+protocol lmtp {
+ postmaster_address = postmaster@fripost.org
+ # Space separated list of plugins to load (default is global mail_plugins).
+ mail_plugins = $mail_plugins sieve
+}
+
+plugin {
+ antispam_backend = spool2dir
+
+ antispam_trash = Trash
+ antispam_unsure_pattern_ignorecase = MailTrain;MailTrain/*
+ antispam_spam = Junk
+
+ # The first %%lu is replaced by the current time.
+ # The second %%lu is replaced by a counter to generate unique names.
+ # These two tokens MUST be present in the template!
+ antispam_spool2dir_spam = /home/mail/spamspool/%u-%%10lu-%%06lu.spam
+ antispam_spool2dir_notspam = /home/mail/spamspool/%u-%%10lu-%%06lu.ham
+}
+
+plugin {
+ quota_rule = *:storage=0
+ quota = count:User quota
+ quota_vsizes = yes
+}
+
+plugin {
+ sieve = file:~/sieve;active=~/dovecot.sieve
+ sieve_extensions = +editheader
+ recipient_delimiter = +
+}
+
+plugin {
+ zlib_save = gz
+ zlib_save_level = 6
+}