summaryrefslogtreecommitdiffstats
path: root/roles/IMAP
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2018-12-09 18:41:06 +0100
committerGuilhem Moulin <guilhem@fripost.org>2018-12-09 20:25:40 +0100
commite2ddcfc51f66c2a52a401064eab005e793f148ee (patch)
tree7c14243b2d53f81e54c9ee77dc526c71559e572a /roles/IMAP
parent7d9380c2c9dd87876ce4d9f9b30c934505fcba51 (diff)
Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.
Diffstat (limited to 'roles/IMAP')
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf6
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf9
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf28
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf8
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf4
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf53
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf20
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf7
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf10
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf165
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext3
-rw-r--r--roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext3
-rwxr-xr-xroles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl14
-rw-r--r--roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j217
-rw-r--r--roles/IMAP/templates/etc/postfix/main.cf.j28
15 files changed, 272 insertions, 83 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf
index d4f323d..7213fbb 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf
@@ -73,7 +73,7 @@ auth_username_format = %Lu
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file.
-#auth_krb5_keytab =
+#auth_krb5_keytab =
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
@@ -88,9 +88,9 @@ auth_username_format = %Lu
# Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no
-# Take the username from client's SSL certificate, using
+# Take the username from client's SSL certificate, using
# X509_NAME_get_text_by_NID() which returns the subject's DN's
-# CommonName.
+# CommonName.
#auth_ssl_username_from_cert = no
# Space separated list of wanted authentication mechanisms:
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf
index c611bfc..848fe69 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-logging.conf
@@ -7,9 +7,9 @@
#log_path = syslog
# Log file to use for informational messages. Defaults to log_path.
-#info_log_path =
+#info_log_path =
# Log file to use for debug messages. Defaults to info_log_path.
-#debug_log_path =
+#debug_log_path =
# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard
@@ -69,12 +69,13 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
# Login log format. %s contains login_log_format_elements string, %$ contains
# the data we want to log.
#login_log_format = %$: %s
-
+
# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
# possible variables you can use.
#mail_log_prefix = "%s(%u): "
-# Format to use for logging mail deliveries. You can use variables:
+# Format to use for logging mail deliveries. See doc/wiki/Variables.txt for
+# list of all variables you can use. Some of the common ones include:
# %$ - Delivery status message (e.g. "saved to INBOX")
# %m - Message-ID
# %s - Subject
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf
index 2e68df4..a781402 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf
@@ -50,7 +50,7 @@ namespace inbox {
# Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/".
- #prefix =
+ #prefix =
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
@@ -133,10 +133,22 @@ mail_gid = vmail
# or ~user/.
#mail_full_filesystem_access = no
-# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but
-# soon intended to be used by METADATA as well.
+# Dictionary for key=value mailbox attributes. This is used for example by
+# URLAUTH and METADATA extensions.
#mail_attribute_dict =
+# A comment or note that is associated with the server. This value is
+# accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/comment".
+mail_server_comment = "fripost - demokratisk e-post"
+
+# Indicates a method for contacting the server administrator. According to
+# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
+# is currently not enforced. Use for example mailto:admin@example.com. This
+# value is accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/admin".
+mail_server_admin = mailto:postmaster@fripost.org
+
##
## Mail processes
##
@@ -188,7 +200,7 @@ first_valid_uid = 1
# WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you don't
# allow shell access for users. <doc/wiki/Chrooting.txt>
-#valid_chroot_dirs =
+#valid_chroot_dirs =
# Default chroot directory for mail processes. This can be overridden for
# specific users in user database by giving /./ in user's home directory
@@ -196,7 +208,7 @@ first_valid_uid = 1
# need to do chrooting, Dovecot doesn't allow users to access files outside
# their mail directory anyway. If your home directories are prefixed with
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
-#mail_chroot =
+#mail_chroot =
# UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda.
@@ -207,7 +219,7 @@ first_valid_uid = 1
# Space separated list of plugins to load for all services. Plugins specific to
# IMAP, LDA, etc. are added to this list in their own .conf files.
-mail_plugins = stats virtual zlib
+mail_plugins = quota stats virtual zlib
##
## Mailbox handling optimizations
@@ -224,7 +236,7 @@ mailbox_list_index = yes
# When IDLE command is running, mailbox is checked once in a while to see if
# there are any new mails or other changes. This setting defines the minimum
-# time to wait between those checks. Dovecot can also use dnotify, inotify and
+# time to wait between those checks. Dovecot can also use inotify and
# kqueue to find out immediately when changes occur.
#mailbox_idle_check_interval = 30 secs
@@ -313,7 +325,7 @@ mailbox_list_index = yes
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
# how it's expected to be. The only real downside to this setting is that if
# some other MUA changes message flags, Dovecot doesn't notice it immediately.
-# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
+# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
# commands.
#mbox_dirty_syncs = yes
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index dc0b5bf..250eec5 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -21,7 +21,7 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
-#ssl_ca =
+#ssl_ca =
# Require that CRL check succeeds for client certificates.
#ssl_require_crl = yes
@@ -46,7 +46,7 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
ssl_dh_parameters_length = 2048
# SSL protocols to use
-ssl_protocols = !SSLv2 !SSLv3
+#ssl_protocols = !SSLv3
# SSL ciphers to use
ssl_cipher_list = HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH
@@ -56,3 +56,7 @@ ssl_cipher_list = HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =
+
+# SSL extra options. Currently supported options are:
+# no_compression - Disable compression.
+ssl_options = no_compression
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf b/roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf
index bdf045d..2a7bd27 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/15-lda.conf
@@ -8,7 +8,7 @@
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
# in LMTP replies. Default is the system's real hostname@domain.
-#hostname =
+#hostname =
# If user is over quota, return with temporary failure instead of
# bouncing the mail.
@@ -32,7 +32,7 @@ sendmail_path = /usr/sbin/postmulti -i msa -x /usr/sbin/sendmail
#recipient_delimiter = +
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
-# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
+# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
# A commonly used header for this is X-Original-To.
#lda_original_recipient_header =
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf b/roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf
index 6aa5c22..9c330be 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf
@@ -2,19 +2,48 @@
## Mailbox definitions
##
+# Each mailbox is specified in a separate mailbox section. The section name
+# specifies the mailbox name. If it has spaces, you can put the name
+# "in quotes". These sections can contain the following mailbox settings:
+#
+# auto:
+# Indicates whether the mailbox with this name is automatically created
+# implicitly when it is first accessed. The user can also be automatically
+# subscribed to the mailbox after creation. The following values are
+# defined for this setting:
+#
+# no - Never created automatically.
+# create - Automatically created, but no automatic subscription.
+# subscribe - Automatically created and subscribed.
+#
+# special_use:
+# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
+# mailbox. There are no validity checks, so you could specify anything
+# you want in here, but it's not a good idea to use flags other than the
+# standard ones specified in the RFC:
+#
+# \All - This (virtual) mailbox presents all messages in the
+# user's message store.
+# \Archive - This mailbox is used to archive messages.
+# \Drafts - This mailbox is used to hold draft messages.
+# \Flagged - This (virtual) mailbox presents all messages in the
+# user's message store marked with the IMAP \Flagged flag.
+# \Junk - This mailbox is where messages deemed to be junk mail
+# are held.
+# \Sent - This mailbox is used to hold copies of messages that
+# have been sent.
+# \Trash - This mailbox is used to hold messages that have been
+# deleted.
+#
+# comment:
+# Defines a default comment or note associated with the mailbox. This
+# value is accessible through the IMAP METADATA mailbox entries
+# "/shared/comment" and "/private/comment". Users with sufficient
+# privileges can override the default value for entries with a custom
+# value.
+
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
namespace inbox {
-
- #mailbox name {
- # auto=create will automatically create this mailbox.
- # auto=subscribe will both create and subscribe to the mailbox.
- #auto = no
-
- # Space separated list of IMAP SPECIAL-USE attributes as specified by
- # RFC 6154: \All \Archive \Drafts \Flagged \Junk \Sent \Trash
- #special_use =
- #}
-
# These mailboxes are widely used and could perhaps be created automatically:
mailbox Trash {
auto = create
@@ -36,10 +65,12 @@ namespace inbox {
# If you have a virtual "All messages" mailbox:
mailbox virtual/All {
special_use = \All
+ comment = All messages
}
# If you have a virtual "Flagged" mailbox:
mailbox virtual/Flagged {
special_use = \Flagged
+ comment = All flagged messages
}
}
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf
index b62f6ef..3ddedce 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf
@@ -2,6 +2,12 @@
## IMAP specific settings
##
+# If nothing happens for this long while client is IDLEing, move the connection
+# to imap-hibernate process and close the old imap process. This saves memory,
+# because connections use very little memory in imap-hibernate process. The
+# downside is that recreating the imap process back uses some resources.
+imap_hibernate_timeout = 15s
+
# Maximum IMAP command line length. Some clients generate very long command
# lines with huge mailboxes, so you may need to raise this if you get
# "Too long argument" or "IMAP command line too large" errors often.
@@ -10,11 +16,19 @@
# IMAP logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
+# %{fetch_hdr_count} - Number of mails with mail header data sent to client
+# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
+# %{fetch_body_count} - Number of mails with mail body data sent to client
+# %{fetch_body_bytes} - Number of bytes with mail body data sent to client
+# %{deleted} - Number of mails where client added \Deleted flag
+# %{expunged} - Number of mails that client expunged
+# %{trashed} - Number of mails that client copied/moved to the
+# special_use=\Trash mailbox.
#imap_logout_format = in=%i out=%o
# Override the IMAP CAPABILITY response. If the value begins with '+',
# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
-#imap_capability =
+#imap_capability =
# How long to wait between "OK Still here" notifications when client is
# IDLEing.
@@ -23,7 +37,7 @@
# ID field names and values to send to clients. Using * as the value makes
# Dovecot use the default value. The following fields have default values
# currently: name, version, os, os-version, support-url, support-email.
-#imap_id_send =
+#imap_id_send =
# ID fields sent by client to log. * means everything.
#imap_id_log =
@@ -46,7 +60,7 @@
# greyed out, instead of only later giving "not selectable" popup error.
#
# The list is space-separated.
-#imap_client_workarounds =
+#imap_client_workarounds =
# Host allowed in URLAUTH URLs sent by client. "*" allows all.
#imap_urlauth_host =
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf
index cd48ab8..8fc5fa0 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf
@@ -13,6 +13,13 @@
# Verify quota before replying to RCPT TO. This adds a small overhead.
#lmtp_rcpt_check_quota = no
+# Which recipient address to use for Delivered-To: header and Received:
+# header. The default is "final", which is the same as the one given to
+# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
+# parameter, "none" uses nothing. Note that "none" is currently always used
+# when a mail has multiple recipients.
+#lmtp_hdr_delivery_address = final
+
protocol lmtp {
postmaster_address = postmaster@fripost.org
# Space separated list of plugins to load (default is global mail_plugins).
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf b/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf
index b6fcd3b..9583b6d 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf
@@ -19,13 +19,15 @@ plugin {
antispam_spool2dir_spam = /home/mail/spamspool/%u-%%10lu-%%06lu.spam
antispam_spool2dir_notspam = /home/mail/spamspool/%u-%%10lu-%%06lu.ham
-
- zlib_save = gz
- zlib_save_level = 6
-
+ quota_rule = *:storage=0
+ quota = count:User quota
+ quota_vsizes = yes
# how often to session statistics
stats_refresh = 30 secs
# track per-IMAP command statistics
stats_track_cmds = yes
+
+ zlib_save = gz
+ zlib_save_level = 6
}
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf b/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf
index afee135..c1ff93e 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf
@@ -5,39 +5,81 @@
# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
# by adding it to the respective mail_plugins= settings.
+# The Sieve interpreter can retrieve Sieve scripts from several types of
+# locations. The default `file' location type is a local filesystem path
+# pointing to a Sieve script file or a directory containing multiple Sieve
+# script files. More complex setups can use other location types such as
+# `ldap' or `dict' to fetch Sieve scripts from remote databases.
+#
+# All settings that specify the location of one ore more Sieve scripts accept
+# the following syntax:
+#
+# location = [<type>:]path[;<option>[=<value>][;...]]
+#
+# If the type prefix is omitted, the script location type is 'file' and the
+# location is interpreted as a local filesystem path pointing to a Sieve script
+# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
+# information.
+
plugin {
- # The path to the user's main active script. If ManageSieve is used, this the
- # location of the symbolic link controlled by ManageSieve.
- sieve = ~/dovecot.sieve
-
- # The default Sieve script when the user has none. This is a path to a global
- # sieve script file, which gets executed ONLY if user's private Sieve script
- # doesn't exist. Be sure to pre-compile this script manually using the sievec
- # command line tool.
- # --> See sieve_before fore executing scripts before the user's personal
+ # The location of the user's main Sieve script or script storage. The LDA
+ # Sieve plugin uses this to find the active script for Sieve filtering at
+ # delivery. The "include" extension uses this location for retrieving
+ # :personal" scripts. This is also where the ManageSieve service will store
+ # the user's scripts, if supported.
+ #
+ # Currently only the 'file:' location type supports ManageSieve operation.
+ # Other location types like 'dict:' and 'ldap:' can currently only
+ # be used as a read-only script source ().
+ #
+ # For the 'file:' type: use the ';active=' parameter to specify where the
+ # active script symlink is located.
+ # For other types: use the ';name=' parameter to specify the name of the
+ # default/active script.
+ sieve = file:~/sieve;active=~/dovecot.sieve
+
+ # The default Sieve script when the user has none. This is the location of a
+ # global sieve script file, which gets executed ONLY if user's personal Sieve
+ # script doesn't exist. Be sure to pre-compile this script manually using the
+ # sievec command line tool if the binary is not stored in a global location.
+ # --> See sieve_before for executing scripts before the user's personal
# script.
#sieve_default = /var/lib/dovecot/sieve/default.sieve
- # Directory for :personal include scripts for the include extension. This
- # is also where the ManageSieve service stores the user's scripts.
- sieve_dir = ~/sieve
-
- # Directory for :global include scripts for the include extension.
- #sieve_global_dir =
-
- # Path to a script file or a directory containing script files that need to be
- # executed before the user's script. If the path points to a directory, all
- # the Sieve scripts contained therein (with the proper .sieve extension) are
- # executed. The order of execution within a directory is determined by the
- # file names, using a normal 8bit per-character comparison. Multiple script
- # file or directory paths can be specified by appending an increasing number.
- #sieve_before =
- #sieve_before2 =
+ # The name by which the default Sieve script (as configured by the
+ # sieve_default setting) is visible to the user through ManageSieve.
+ #sieve_default_name =
+
+ # Location for ":global" include scripts as used by the "include" extension.
+ #sieve_global =
+
+ # The location of a Sieve script that is run for any message that is about to
+ # be discarded; i.e., it is not delivered anywhere by the normal Sieve
+ # execution. This only happens when the "implicit keep" is canceled, by e.g.
+ # the "discard" action, and no actions that deliver the message are executed.
+ # This "discard script" can prevent discarding the message, by executing
+ # alternative actions. If the discard script does nothing, the message is
+ # still discarded as it would be when no discard script is configured.
+ #sieve_discard =
+
+ # Location Sieve of scripts that need to be executed before the user's
+ # personal script. If a 'file' location path points to a directory, all the
+ # Sieve scripts contained therein (with the proper `.sieve' extension) are
+ # executed. The order of execution within that directory is determined by the
+ # file names, using a normal 8bit per-character comparison.
+ #
+ # Multiple script locations can be specified by appending an increasing number
+ # to the setting name. The Sieve scripts found from these locations are added
+ # to the script execution sequence in the specified order. Reading the
+ # numbered sieve_before settings stops at the first missing setting, so no
+ # numbers may be skipped.
+ #sieve_before = /var/lib/dovecot/sieve.d/
+ #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
#sieve_before3 = (etc...)
# Identical to sieve_before, only the specified scripts are executed after the
- # user's script (only when keep is still in effect!). Multiple script file or
- # directory paths can be specified by appending an increasing number.
+ # user's script (only when keep is still in effect!). Multiple script
+ # locations can be specified by appending an increasing number.
#sieve_after =
#sieve_after2 =
#sieve_after2 = (etc...)
@@ -48,7 +90,7 @@ plugin {
# to disable certain Sieve extensions or enable those that are not available
# by default. This setting can use '+' and '-' to specify differences relative
# to the default. For example `sieve_extensions = +imapflags' will enable the
- # deprecated imapflags extension in addition to all extensions were already
+ # deprecated imapflags extension in addition to all extensions were already
# enabled by default.
sieve_extensions = +editheader
@@ -68,7 +110,7 @@ plugin {
# setting, the used plugins can be specified. Check the Dovecot wiki
# (wiki2.dovecot.org) or the pigeonhole website
# (http://pigeonhole.dovecot.org) for available plugins.
- # The sieve_extprograms plugin is included in this release.
+ # The sieve_extprograms plugin is included in this release.
#sieve_plugins =
# The separator that is expected between the :user and :detail
@@ -102,4 +144,71 @@ plugin {
# set to 0, no limit on the used amount of disk storage is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_storage = 0
+
+ # The primary e-mail address for the user. This is used as a default when no
+ # other appropriate address is available for sending messages. If this setting
+ # is not configured, either the postmaster or null "<>" address is used as a
+ # sender, depending on the action involved. This setting is important when
+ # there is no message envelope to extract addresses from, such as when the
+ # script is executed in IMAP.
+ #sieve_user_email =
+
+ # The path to the file where the user log is written. If not configured, a
+ # default location is used. If the main user's personal Sieve (as configured
+ # with sieve=) is a file, the logfile is set to <filename>.log by default. If
+ # it is not a file, the default user log file is ~/.dovecot.sieve.log.
+ #sieve_user_log =
+
+ # Specifies what envelope sender address is used for redirected messages.
+ # The following values are supported for this setting:
+ #
+ # "sender" - The sender address is used (default).
+ # "recipient" - The final recipient address is used.
+ # "orig_recipient" - The original recipient is used.
+ # "user_email" - The user's primary address is used. This is
+ # configured with the "sieve_user_email" setting. If
+ # that setting is unconfigured, "user_mail" is equal to
+ # "recipient".
+ # "postmaster" - The postmaster_address configured for the LDA.
+ # "<user@domain>" - Redirected messages are always sent from user@domain.
+ # The angle brackets are mandatory. The null "<>" address
+ # is also supported.
+ #
+ # This setting is ignored when the envelope sender is "<>". In that case the
+ # sender of the redirected message is also always "<>".
+ #sieve_redirect_envelope_from = sender
+
+ ## TRACE DEBUGGING
+ # Trace debugging provides detailed insight in the operations performed by
+ # the Sieve script. These settings apply to both the LDA Sieve plugin and the
+ # IMAPSIEVE plugin.
+ #
+ # WARNING: On a busy server, this functionality can quickly fill up the trace
+ # directory with a lot of trace files. Enable this only temporarily and as
+ # selective as possible.
+
+ # The directory where trace files are written. Trace debugging is disabled if
+ # this setting is not configured or if the directory does not exist. If the
+ # path is relative or it starts with "~/" it is interpreted relative to the
+ # current user's home directory.
+ #sieve_trace_dir =
+
+ # The verbosity level of the trace messages. Trace debugging is disabled if
+ # this setting is not configured. Possible values are:
+ #
+ # "actions" - Only print executed action commands, like keep,
+ # fileinto, reject and redirect.
+ # "commands" - Print any executed command, excluding test commands.
+ # "tests" - Print all executed commands and performed tests.
+ # "matching" - Print all executed commands, performed tests and the
+ # values matched in those tests.
+ #sieve_trace_level =
+
+ # Enables highly verbose debugging messages that are usually only useful for
+ # developers.
+ #sieve_trace_debug = no
+
+ # Enables showing byte code addresses in the trace output, rather than only
+ # the source line numbers.
+ #sieve_trace_addresses = no
}
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
index 9917753..8c33c6d 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
@@ -18,9 +18,6 @@ passdb {
#userdb {
# driver = ldap
-# # This should be a different file from the passdb's, in order to perform
-# # asynchronous requests.
-#
# args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
#
# # Default fields can be used to specify defaults that LDAP may override
diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
index 72f4604..1b97a0e 100644
--- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
@@ -31,8 +31,7 @@ uris = ldapi://
#dnpass =
# Use SASL binding instead of the simple binding. Note that this changes
-# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
-# and auth_bind=yes don't work together.
+# ldap_version automatically to be 3 if it's lower.
#sasl_bind = no
# SASL mechanism name to use.
#sasl_mech =
diff --git a/roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl b/roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl
index 399e65f..5b2c74e 100755
--- a/roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl
+++ b/roles/IMAP/files/usr/local/bin/dovecot-auth-proxy.pl
@@ -74,15 +74,15 @@ sub server() {
next;
}
# <major-version> <minor-version> <value type>
- unless ($1 == 2 and $2 == 0 and $3 == 0) {
+ unless ($1 == 2 and $2 == 1 and $3 == 0) {
warn "Unsupported protocol version $1.$2 (or value type $3)\n";
close $conn or warn "Can't close: $!";
next;
}
my $cmd = $conn->getline() // '';
- if ($cmd =~ /\AI(\d+)\t(.*)\n\z/) {
- iterate($conn, $1, $2);
+ if ($cmd =~ /\AI(\d+)\t(\d+)\t(.*)\n\z/) {
+ iterate($conn, $1, $2, $3);
}
else {
fail($conn => "Unknown command line: $cmd");
@@ -98,8 +98,8 @@ sub fail($;$) {
}
# list all users, even the inactive ones
-sub iterate($$$) {
- my ($fh, $flags, $prefix) = @_;
+sub iterate($$$$) {
+ my ($fh, $flags, $max_rows, $prefix) = @_;
unless ($flags == 0) {
fail($fh => "Unsupported iterate flags $flags");
return;
@@ -109,17 +109,19 @@ sub iterate($$$) {
fail($fh => "opendir: $!");
return;
};
+ my $count = 0;
while (defined (my $d = readdir $dh)) {
next if $d eq '.' or $d eq '..';
opendir my $dh, $d or do {
fail($fh => "opendir: $!");
return;
};
- while (defined (my $l = readdir $dh)) {
+ while (defined (my $l = readdir $dh) and ($max_rows <= 0 or $count < $max_rows)) {
next if $l eq '.' or $l eq '..';
my $user = $l.'@'.$d;
next unless $user =~ /\A[a-zA-Z0-9\.\-_@]+\z/; # skip invalid user names
$fh->printf("O%s%s\t\n", $prefix, $user);
+ $count++;
}
closedir $dh or warn "closedir: $!";
}
diff --git a/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2 b/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2
index b7aead3..1bf13b0 100644
--- a/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2
+++ b/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2
@@ -57,7 +57,6 @@ service lmtp {
user = vmail
unix_listener /var/spool/postfix-{{ postfix_instance.IMAP.name }}/private/dovecot-lmtpd {
- group = postfix
user = postfix
mode = 0600
}
@@ -80,6 +79,18 @@ service imap {
# Max. number of IMAP processes (connections)
#process_limit = 1024
+
+ unix_listener imap-master {
+ user = $default_internal_user
+ mode = 0600
+ }
+}
+
+service imap-hibernate {
+ unix_listener imap-hibernate {
+ user = vmail
+ mode = 0600
+ }
}
service pop3 {
@@ -102,14 +113,12 @@ service auth {
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
- mode = 0600
user = vmail
- group = root
+ mode = 0600
}
# Postfix smtp-auth
unix_listener /var/spool/postfix-{{ postfix_instance.MSA.name }}/private/dovecot-auth {
- group = postfix
user = postfix
mode = 0600
}
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index f819b19..2105d29 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -4,9 +4,11 @@
# {{ ansible_managed }}
# Do NOT edit this file directly!
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-readme_directory = no
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+readme_directory = no
+compatibility_level = 2
+smtputf8_enable = no
delay_warning_time = 4h
maximal_queue_lifetime = 5d