| Commit message (Collapse) | Author | Age | Files |
|---|
| |
|
|
|
|
|
| |
Provisioning /etc/dovecot/conf.d/*.conf is a pain on upgrade so we
consolidate that by reverting these files to the distro-provided ones
and shipping a single /etc/dovecot/conf.d/99-local.conf override
instead.
|
| |
|
|
|
|
|
|
| |
For `ssl_cipher_list` we pick the suggested value from
https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d
At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’
to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’.
|
| |
|
|
|
|
|
| |
This adds the following two ciphers:
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Clients now have to use the NAMESPACE extension [RFC 2342] to discover
mailboxes under the “virtual/” namespace. (Plus an extra LIST command,
causing an overhead two roundtrips.) Of course the downside is that non
namespace-aware clients lose access to the “virtual/{all,flagged,…}”
mailboxes, but on second thought it's probably better this way rather
than having such clients treat these mailboxes as regular mailboxes.
|
| |
|
|
|
| |
We don't want to use the default instance since its SIZE limit is
tighter than the ones on the MX:es.
|
| |
|
|
|
|
| |
(On port 143.) Moreover, add the whole IPSec virtual subnet to
‘login_trusted_networks’ since our IPSec tunnels provide end-to-end
encryption and we therefore don't need the extra SSL/TLS protection.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Which is disabled by default, as per
http://wiki.dovecot.org/Pigeonhole/Sieve
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fix regression introduced in f7c8011.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the
default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it
before hand).
|
| | |
|
| |
|
|
|
| |
For some reason giraff doesn't like IPSec. App-level TLS sessions are
less efficient, but thanks to ansible it still scales well.
|
| |
|
|
|
|
|
| |
In 2.1.7 they are buggy, and make Dovecot crash (when connected through
Evolution for instance). They have improved a lot since, though:
http://hg.dovecot.org/dovecot-2.2/file/c55c660d6e9d/NEWS
|
| | |
|
| | |
|
| |
|
|
| |
So we set 'first_valid_uid' to 1, to accept any UID.
|
| | |
|
| | |
|
| |
|
|
|
| |
Interesting features include caching of mail headers (v2.2.8+) as well
as new IMAP capabilities.
|
| |
|
|
|
| |
Also, add the 'managesieve' RoundCube plugin to communicate with our
server.
|
| |
|
|
|
|
| |
RoundCubes lists subscribed mailboxes only (determined using
LIST-EXTENDED by default); also, it seems to ignore new subscriptions to
mailboxes not listed by the LIST command.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Mails to be retrained are stored in the spooldir /home/mail/spamspool;
later a daemon catches them up and feed them to sa-learn(1p). (On busy
systems batch-process the learning should be much more efficient.)
The folder transisition matrix along with the corresponding actions can
be found there:
http://hg.dovecot.org/dovecot-antispam-plugin/raw-file/5ebc6aae4d7c/doc/dovecot-antispam.7.txt
See also dovecot-antispam(7).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using dovecot's 'virtual' plugin, cf.
http://wiki2.dovecot.org/Plugins/Virtual
The 'virtual/' namespace is visible in the NAMESPACE command
(hidden=no), but not in LIST (list=no). This should ensure that the
namespace isn't automatically synced by offlineimap, but nevertheless
visible by roundcube, cf.
http://trac.roundcube.net/ticket/1486796
http://mailman2.u.washington.edu/pipermail/imap-protocol/2010-May/001076.html
|
|
|
(For now, only LMTP and IMAP processes, without replication.)
|
