Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 7b2a3a1c374b0a853b379f41561dcf2796c55986 / . / mailcow / src / mailcow-dockerized / data / conf / dovecot / dovecot.conf
blob: b7aca7578aa9b5c47cf36397120141953adc9c8a [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]1# --------------------------------------------------------------------------
2# Please create a file "extra.conf" for persistent overrides to dovecot.conf
3# --------------------------------------------------------------------------
4# LDAP example:
5#passdb {
6# args = /etc/dovecot/ldap/passdb.conf
7# driver = ldap
8#}
9
10auth_mechanisms = plain login
11#mail_debug = yes
12#auth_debug = yes
13log_path = syslog
14disable_plaintext_auth = yes
15# Uncomment on NFS share
16#mmap_disable = yes
17#mail_fsync = always
18#mail_nfs_index = yes
19#mail_nfs_storage = yes
20login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
21mail_home = /var/vmail/%d/%n
22mail_location = maildir:~/
23mail_plugins = </etc/dovecot/mail_plugins
24mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
25mail_attachment_dir = /var/attachments
26mail_attachment_min_size = 128k
27
28# Dovecot 2.2
29#ssl_protocols = !SSLv3
30# Dovecot 2.3
31ssl_min_protocol = TLSv1.2
32
33ssl_prefer_server_ciphers = yes
34ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM
35
36# Default in Dovecot 2.3
37ssl_options = no_compression no_ticket
38
39# New in Dovecot 2.3
40ssl_dh = </etc/ssl/mail/dhparams.pem
41# Dovecot 2.2
42#ssl_dh_parameters_length = 2048
43log_timestamp = "%Y-%m-%d %H:%M:%S "
44recipient_delimiter = +
45auth_master_user_separator = *
46mail_shared_explicit_inbox = yes
47mail_prefetch_count = 30
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]48passdb {
49 driver = lua
50 args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
51 result_success = return-ok
52 result_failure = continue
53 result_internalfail = continue
54}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]55# try a master passwd
56passdb {
57 driver = passwd-file
58 args = /etc/dovecot/dovecot-master.passwd
59 master = yes
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]60 skip = authenticated
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]61}
62# check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail
63# a return of the following passdb is mandatory
64passdb {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]65 driver = lua
66 args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]67}
68# Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing)
69service doveadm {
70 inet_listener {
71 port = 12345
72 }
73 vsz_limit=2048 MB
74}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]75!include /etc/dovecot/dovecot.folders.conf
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]76protocols = imap sieve lmtp pop3
77service dict {
78 unix_listener dict {
79 mode = 0660
80 user = vmail
81 group = vmail
82 }
83}
84service log {
85 user = dovenull
86}
87service config {
88 unix_listener config {
89 user = root
90 group = vmail
91 mode = 0660
92 }
93}
94service auth {
95 inet_listener auth-inet {
96 port = 10001
97 }
98 unix_listener auth-master {
99 mode = 0600
100 user = vmail
101 }
102 unix_listener auth-userdb {
103 mode = 0600
104 user = vmail
105 }
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]106 vsz_limit = 2G
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]107}
108service managesieve-login {
109 inet_listener sieve {
110 port = 4190
111 }
112 inet_listener sieve_haproxy {
113 port = 14190
114 haproxy = yes
115 }
116 service_count = 1
117 process_min_avail = 2
118 vsz_limit = 1G
119}
120service imap-login {
121 service_count = 1
122 process_limit = 10000
123 vsz_limit = 1G
124 user = dovenull
125 inet_listener imap_haproxy {
126 port = 10143
127 haproxy = yes
128 }
129 inet_listener imaps_haproxy {
130 port = 10993
131 ssl = yes
132 haproxy = yes
133 }
134}
135service pop3-login {
136 service_count = 1
137 vsz_limit = 1G
138 inet_listener pop3_haproxy {
139 port = 10110
140 haproxy = yes
141 }
142 inet_listener pop3s_haproxy {
143 port = 10995
144 ssl = yes
145 haproxy = yes
146 }
147}
148service imap {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]149 executable = imap
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]150 user = vmail
151 vsz_limit = 1G
152}
153service managesieve {
154 process_limit = 256
155}
156service lmtp {
157 inet_listener lmtp-inet {
158 port = 24
159 }
160 user = vmail
161}
162listen = *,[::]
163ssl_cert = </etc/ssl/mail/cert.pem
164ssl_key = </etc/ssl/mail/key.pem
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]165userdb {
166 driver = passwd-file
167 args = /etc/dovecot/dovecot-master.userdb
168}
169userdb {
170 args = /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
171 driver = sql
172 skip = found
173}
174protocol imap {
175 mail_plugins = </etc/dovecot/mail_plugins_imap
176 imap_metadata = yes
177}
178mail_attribute_dict = file:%h/dovecot-attributes
179protocol lmtp {
180 mail_plugins = </etc/dovecot/mail_plugins_lmtp
181 auth_socket_path = /var/run/dovecot/auth-master
182}
183protocol sieve {
184 managesieve_logout_format = bytes=%i/%o
185}
186plugin {
187 # Allow "any" or "authenticated" to be used in ACLs
188 acl_anyone = </etc/dovecot/acl_anyone
189 acl_shared_dict = file:/var/vmail/shared-mailboxes.db
190 acl = vfile
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]191 acl_user = %u
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]192 fts = solr
193 fts_autoindex = yes
194 fts_solr = url=http://solr:8983/solr/dovecot-fts/
195 quota = dict:Userquota::proxy::sqlquota
196 quota_rule2 = Trash:storage=+100%%
197 sieve = /var/vmail/sieve/%u.sieve
198 sieve_plugins = sieve_imapsieve sieve_extprograms
199 sieve_vacation_send_from_recipient = yes
200 sieve_redirect_envelope_from = recipient
201 # From elsewhere to Spam folder
202 imapsieve_mailbox1_name = Junk
203 imapsieve_mailbox1_causes = COPY
204 imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
205 # END
206 # From Spam folder to elsewhere
207 imapsieve_mailbox2_name = *
208 imapsieve_mailbox2_from = Junk
209 imapsieve_mailbox2_causes = COPY
210 imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
211 # END
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]212 master_user = %u
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]213 quota_warning = storage=95%% quota-warning 95 %u
214 quota_warning2 = storage=80%% quota-warning 80 %u
215 sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
216 sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
217 sieve_extensions = +notify +imapflags +vacation-seconds +editheader
218 sieve_max_script_size = 1M
219 sieve_max_redirects = 100
220 sieve_max_actions = 101
221 sieve_quota_max_scripts = 0
222 sieve_quota_max_storage = 0
223 listescape_char = "\\"
224 sieve_vacation_min_period = 5s
225 sieve_vacation_max_period = 0
226 sieve_vacation_default_period = 60s
227 sieve_before = /var/vmail/sieve/global_sieve_before.sieve
228 sieve_before2 = dict:proxy::sieve_before;name=active;bindir=/var/vmail/sieve_before_bindir
229 sieve_after = dict:proxy::sieve_after;name=active;bindir=/var/vmail/sieve_after_bindir
230 sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve
231 sieve_duplicate_default_period = 1m
232 sieve_duplicate_max_period = 7d
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]233
234 # -- Global keys
235 mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
236 mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
237 mail_crypt_save_version = 2
238
239 # Enable compression while saving, lz4 Dovecot v2.2.11+
240 zlib_save = lz4
241
242 mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
243 mail_log_fields = uid box msgid size
244 mail_log_cached_only = yes
245}
246service quota-warning {
247 executable = script /usr/local/bin/quota_notify.py
248 # use some unprivileged user for executing the quota warnings
249 user = vmail
250 unix_listener quota-warning {
251 user = vmail
252 }
253}
254dict {
255 sqlquota = mysql:/etc/dovecot/sql/dovecot-dict-sql-quota.conf
256 sieve_after = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf
257 sieve_before = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf
258}
259remote 127.0.0.1 {
260 disable_plaintext_auth = no
261}
262submission_host = postfix:588
263mail_max_userip_connections = 500
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]264service stats {
265 unix_listener stats-writer {
266 mode = 0660
267 user = vmail
268 }
269}
270imap_max_line_length = 2 M
271#auth_cache_verify_password_with_worker = yes
272#auth_cache_negative_ttl = 0
273#auth_cache_ttl = 30 s
274#auth_cache_size = 2 M
275service replicator {
276 process_min_avail = 1
277}
278service aggregator {
279 fifo_listener replication-notify-fifo {
280 user = vmail
281 }
282 unix_listener replication-notify {
283 user = vmail
284 }
285}
286service replicator {
287 unix_listener replicator-doveadm {
288 mode = 0666
289 }
290}
291replication_max_conns = 10
292doveadm_port = 12345
293replication_dsync_parameters = -d -l 30 -U -n INBOX
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]294# <Includes>
295!include_try /etc/dovecot/sni.conf
296!include_try /etc/dovecot/sogo_trusted_ip.conf
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]297!include_try /etc/dovecot/extra.conf
298!include_try /etc/dovecot/sogo-sso.conf
299!include_try /etc/dovecot/shared_namespace.conf
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame^]300# </Includes>
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]301default_client_limit = 10400
302default_vsz_limit = 1024 M