summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/files/etc/dovecot/conf.d
Commit message (Collapse)AuthorAgeFiles
* IMAP: Update role to Debian Buster.Guilhem Moulin2020-05-196
| | | | | | | | For `ssl_cipher_list` we pick the suggested value from https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’ to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’.
* AEAD ciphers: Add EECDH+CHACHA20 macro.Guilhem Moulin2020-05-181
| | | | | | | This adds the following two ciphers: ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-0911
|
* dovecot: enable user iteration and add a cronjob for `doveadm purge -A`Guilhem Moulin2017-06-051
|
* dovecot: use Single-Instance Storage for mail attachments.Guilhem Moulin2016-12-101
|
* Dovecot: use fallocate(2) to preallocate new mdbox files.Guilhem Moulin2016-12-081
|
* IMAP: don't include mailbox under the virtual namespace in LIST responses.Guilhem Moulin2016-07-061
| | | | | | | | | Clients now have to use the NAMESPACE extension [RFC 2342] to discover mailboxes under the “virtual/” namespace. (Plus an extra LIST command, causing an overhead two roundtrips.) Of course the downside is that non namespace-aware clients lose access to the “virtual/{all,flagged,…}” mailboxes, but on second thought it's probably better this way rather than having such clients treat these mailboxes as regular mailboxes.
* dovecot: use the MSA postfix instance for sieve redirection.Guilhem Moulin2016-07-011
| | | | | We don't want to use the default instance since its SIZE limit is tighter than the ones on the MX:es.
* dovecot: also listen on the virtual IP dedicated to IPSec.Guilhem Moulin2016-05-221
| | | | | | (On port 143.) Moreover, add the whole IPSec virtual subnet to ‘login_trusted_networks’ since our IPSec tunnels provide end-to-end encryption and we therefore don't need the extra SSL/TLS protection.
* Let's EncryptGuilhem Moulin2016-03-021
|
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-201
|
* dovecot: remove !SSLv2 from ssl_cipher_list.Guilhem Moulin2015-12-151
|
* dovecot-sieve: Enable the 'editheader' extension (5293).Guilhem Moulin2015-11-261
| | | | | Which is disabled by default, as per http://wiki.dovecot.org/Pigeonhole/Sieve
* IMAP: Store virtual indexes in memory.Guilhem Moulin2015-09-301
|
* dovecot: Disable SSLv3.Guilhem Moulin2015-09-171
|
* Enable the IMAP COMPRESS extension [RFC4978].Guilhem Moulin2015-09-151
|
* Dovecot: Collect IMAP statistics.Guilhem Moulin2015-06-104
|
* Allow 'vmail' users with a UID lower than 500.Guilhem Moulin2015-06-101
| | | | Fix regression introduced in f7c8011.
* logjam mitigation.Guilhem Moulin2015-06-071
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-078
|
* Fix Dovecot's mail location.Guilhem Moulin2015-06-072
|
* Performance tuning in Dovecot's configuration.Guilhem Moulin2015-06-072
|
* Replace IPSec tunnels by app-level ephemeral TLS sessions.Guilhem Moulin2015-06-072
| | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well.
* Don't use mailbox list indexes.Guilhem Moulin2015-06-071
| | | | | | | In 2.1.7 they are buggy, and make Dovecot crash (when connected through Evolution for instance). They have improved a lot since, though: http://hg.dovecot.org/dovecot-2.2/file/c55c660d6e9d/NEWS
* Generate certs for Dovecot and Nginx if they are not there.Guilhem Moulin2015-06-071
|
* Dovecot wibble.Guilhem Moulin2015-06-071
|
* The 'vmail' user may have a UID lower than 500.Guilhem Moulin2015-06-071
| | | | So we set 'first_valid_uid' to 1, to accept any UID.
* Support boken SMTP clients and LOGIN SASL mechanism.Guilhem Moulin2015-06-071
|
* Compress messages on the IMAP backend.Guilhem Moulin2015-06-072
|
* Install dovecot from backports (for imapc).Guilhem Moulin2015-06-071
| | | | | Interesting features include caching of mail headers (v2.2.8+) as well as new IMAP capabilities.
* Configure Sieve and ManageSieve.Guilhem Moulin2015-06-072
| | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server.
* Make the virtual mailboxes visible under RoundCube.Guilhem Moulin2015-06-073
| | | | | | RoundCubes lists subscribed mailboxes only (determined using LIST-EXTENDED by default); also, it seems to ignore new subscriptions to mailboxes not listed by the LIST command.
* Configure the webmail.Guilhem Moulin2015-06-072
|
* wibbleGuilhem Moulin2015-06-071
|
* Configure dovecot's antispam filter.Guilhem Moulin2015-06-073
| | | | | | | | | | | | | Mails to be retrained are stored in the spooldir /home/mail/spamspool; later a daemon catches them up and feed them to sa-learn(1p). (On busy systems batch-process the learning should be much more efficient.) The folder transisition matrix along with the corresponding actions can be found there: http://hg.dovecot.org/dovecot-antispam-plugin/raw-file/5ebc6aae4d7c/doc/dovecot-antispam.7.txt See also dovecot-antispam(7).
* Enable IMAP virtual mailboxes.Guilhem Moulin2015-06-072
| | | | | | | | | | | | | | Using dovecot's 'virtual' plugin, cf. http://wiki2.dovecot.org/Plugins/Virtual The 'virtual/' namespace is visible in the NAMESPACE command (hidden=no), but not in LIST (list=no). This should ensure that the namespace isn't automatically synced by offlineimap, but nevertheless visible by roundcube, cf. http://trac.roundcube.net/ticket/1486796 http://mailman2.u.washington.edu/pipermail/imap-protocol/2010-May/001076.html
* Configure the IMAP server.Guilhem Moulin2015-06-078
(For now, only LMTP and IMAP processes, without replication.)