From f7c8011b39044a69daa091ef2c0f7a7aefacb663 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 14 May 2015 23:14:25 +0200 Subject: Upgrade Dovecot config to Jessie. --- roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf | 3 +- roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf | 35 ++++--- roles/IMAP/files/etc/dovecot/conf.d/10-master.conf | 14 ++- roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 16 ++- roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf | 109 +++++++++++---------- roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf | 3 + roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf | 25 ++--- .../files/etc/dovecot/conf.d/auth-ldap.conf.ext | 2 +- roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext | 5 +- 9 files changed, 119 insertions(+), 93 deletions(-) (limited to 'roles/IMAP/files') diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf index cf0189e..d4f323d 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf @@ -6,7 +6,8 @@ # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. -disable_plaintext_auth = yes +# See also ssl=required setting. +#disable_plaintext_auth = yes # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used. diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf index dcc1d9c..c98d3f6 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf @@ -107,7 +107,7 @@ namespace virtual { #list = children #} # Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? -#mail_shared_explicit_inbox = yes +#mail_shared_explicit_inbox = no # System user and group used to access mails. If you use multiple, userdb # can override these by returning uid or gid fields. You can use either numbers @@ -133,6 +133,10 @@ mail_gid = vmail # or ~user/. #mail_full_filesystem_access = no +# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but +# soon intended to be used by METADATA as well. +#mail_attribute_dict = + ## ## Mail processes ## @@ -151,13 +155,6 @@ mail_gid = vmail # never: Never use it (best performance, but crashes can lose data) #mail_fsync = optimized -# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches -# whenever needed. If you're using only a single mail server this isn't needed. -#mail_nfs_storage = no -# Mail index files also exist in NFS. Setting this to yes requires -# mmap_disable=yes and fsync_disable=no. -#mail_nfs_index = no - # Locking method for index files. Alternatives are fcntl, flock and dotlock. # Dotlocking uses some tricks which may create more disk I/O than other locking # methods. NFS users: flock doesn't work, remember to change mmap_disable. @@ -170,14 +167,14 @@ mail_gid = vmail # to make sure that users can't log in as daemons or other system users. # Note that denying root logins is hardcoded to dovecot binary and can't # be done even if first_valid_uid is set to 0. -first_valid_uid = 1 +#first_valid_uid = 500 #last_valid_uid = 0 # Valid GID range for users, defaults to non-root/wheel. Users having # non-valid GID as primary group ID aren't allowed to log in. If user # belongs to supplementary groups with non-valid GIDs, those groups are # not set. -first_valid_gid = 1 +#first_valid_gid = 1 #last_valid_gid = 0 # Maximum allowed length for mail keyword name. It's only forced when trying @@ -216,6 +213,10 @@ mail_plugins = virtual zlib ## Mailbox handling optimizations ## +# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are +# also required for IMAP NOTIFY extension to be enabled. +mailbox_list_index = yes + # The minimum number of mails in a mailbox before updates are done to cache # file. This allows optimizing Dovecot's behavior to do less disk writes at # the cost of more disk reads. @@ -267,6 +268,10 @@ mail_plugins = virtual zlib # broken size. The performance hit for enabling this is very small. #maildir_broken_filename_sizes = no +# Always move mails from new/ directory to cur/, even when the \Recent flags +# aren't being reset. +#maildir_empty_new = no + ## ## mbox-specific settings ## @@ -285,8 +290,14 @@ mail_plugins = virtual zlib # in is important to avoid deadlocks if other MTAs/MUAs are using multiple # locking methods as well. Some operating systems don't allow using some of # them simultaneously. +# +# The Debian value for mbox_write_locks differs from upstream Dovecot. It is +# changed to be compliant with Debian Policy (section 11.6) for NFS safety. +# Dovecot: mbox_write_locks = dotlock fcntl +# Debian: mbox_write_locks = fcntl dotlock +# #mbox_read_locks = fcntl -#mbox_write_locks = dotlock fcntl +#mbox_write_locks = fcntl dotlock # Maximum time to wait for lock (all of them) before aborting. #mbox_lock_timeout = 5 mins @@ -350,8 +361,6 @@ mail_plugins = virtual zlib # also allows single instance storage for them. Other backends don't support # this for now. -# WARNING: This feature hasn't been tested much yet. Use at your own risk. - # Directory root where to store mail attachments. Disabled, if empty. #mail_attachment_dir = diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf index 30e9fb6..189e96e 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf @@ -8,25 +8,25 @@ # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. -default_login_user = dovenull +#default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. -default_internal_user = dovecot +#default_internal_user = dovecot service imap-login { inet_listener imap { port = 0 } inet_listener imaps { - port = 993 - ssl = yes + #port = 993 + #ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. - service_count = 1 + #service_count = 1 # Max. number of IMAP processes (logins) process_limit = 256 @@ -46,8 +46,6 @@ service pop3-login { #port = 995 #ssl = yes } - - service_count = 1 } service lmtp { @@ -112,7 +110,7 @@ service auth { } # Auth process is run as this user. - user = $default_internal_user + #user = $default_internal_user } service auth-worker { diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf index 526da9c..90843b2 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf @@ -26,6 +26,13 @@ ssl_key = diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext index 1ffa73d..72f4604 100644 --- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext @@ -1,3 +1,6 @@ +# This file is commonly accessed via passdb {} or userdb {} section in +# conf.d/auth-ldap.conf.ext + # This file is opened as root, so it should be owned by root and mode 0600. # # http://wiki2.dovecot.org/AuthDatabase/LDAP @@ -90,7 +93,7 @@ ldap_version = 3 base = fvl=%n,fvd=%d,ou=virtual,dc=fripost,dc=org # Dereference: never, searching, finding, always -deref = never +#deref = never # Search scope: base, onelevel, subtree scope = base -- cgit v1.2.3