Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 1 | # -------------------------------------------------------------------------- |
| 2 | # Please create a file "extra.conf" for persistent overrides to dovecot.conf |
| 3 | # -------------------------------------------------------------------------- |
| 4 | # LDAP example: |
| 5 | #passdb { |
| 6 | # args = /etc/dovecot/ldap/passdb.conf |
| 7 | # driver = ldap |
| 8 | #} |
| 9 | |
| 10 | auth_mechanisms = plain login |
| 11 | #mail_debug = yes |
| 12 | #auth_debug = yes |
| 13 | log_path = syslog |
| 14 | disable_plaintext_auth = yes |
| 15 | # Uncomment on NFS share |
| 16 | #mmap_disable = yes |
| 17 | #mail_fsync = always |
| 18 | #mail_nfs_index = yes |
| 19 | #mail_nfs_storage = yes |
| 20 | login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k" |
| 21 | mail_home = /var/vmail/%d/%n |
| 22 | mail_location = maildir:~/ |
| 23 | mail_plugins = </etc/dovecot/mail_plugins |
| 24 | mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix: |
| 25 | mail_attachment_dir = /var/attachments |
| 26 | mail_attachment_min_size = 128k |
Matthias Andreas Benkard | d1f5b68 | 2023-11-18 13:18:30 +0100 | [diff] [blame] | 27 | # Significantly speeds up very large mailboxes, but is only safe to enable if |
| 28 | # you do not manually modify the files in the `cur` directories in |
| 29 | # mailcowdockerized_vmail-vol-1. |
| 30 | # https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-performance/ |
| 31 | maildir_very_dirty_syncs = yes |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 32 | |
| 33 | # Dovecot 2.2 |
| 34 | #ssl_protocols = !SSLv3 |
| 35 | # Dovecot 2.3 |
| 36 | ssl_min_protocol = TLSv1.2 |
| 37 | |
| 38 | ssl_prefer_server_ciphers = yes |
| 39 | ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM |
| 40 | |
| 41 | # Default in Dovecot 2.3 |
| 42 | ssl_options = no_compression no_ticket |
| 43 | |
| 44 | # New in Dovecot 2.3 |
| 45 | ssl_dh = </etc/ssl/mail/dhparams.pem |
| 46 | # Dovecot 2.2 |
| 47 | #ssl_dh_parameters_length = 2048 |
| 48 | log_timestamp = "%Y-%m-%d %H:%M:%S " |
| 49 | recipient_delimiter = + |
| 50 | auth_master_user_separator = * |
| 51 | mail_shared_explicit_inbox = yes |
| 52 | mail_prefetch_count = 30 |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 53 | passdb { |
| 54 | driver = lua |
| 55 | args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes |
| 56 | result_success = return-ok |
| 57 | result_failure = continue |
| 58 | result_internalfail = continue |
| 59 | } |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 60 | # try a master passwd |
| 61 | passdb { |
| 62 | driver = passwd-file |
| 63 | args = /etc/dovecot/dovecot-master.passwd |
| 64 | master = yes |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 65 | skip = authenticated |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 66 | } |
| 67 | # check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail |
| 68 | # a return of the following passdb is mandatory |
| 69 | passdb { |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 70 | driver = lua |
| 71 | args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 72 | } |
| 73 | # Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing) |
| 74 | service doveadm { |
| 75 | inet_listener { |
| 76 | port = 12345 |
| 77 | } |
| 78 | vsz_limit=2048 MB |
| 79 | } |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 80 | !include /etc/dovecot/dovecot.folders.conf |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 81 | protocols = imap sieve lmtp pop3 |
| 82 | service dict { |
| 83 | unix_listener dict { |
| 84 | mode = 0660 |
| 85 | user = vmail |
| 86 | group = vmail |
| 87 | } |
| 88 | } |
| 89 | service log { |
| 90 | user = dovenull |
| 91 | } |
| 92 | service config { |
| 93 | unix_listener config { |
| 94 | user = root |
| 95 | group = vmail |
| 96 | mode = 0660 |
| 97 | } |
| 98 | } |
| 99 | service auth { |
| 100 | inet_listener auth-inet { |
| 101 | port = 10001 |
| 102 | } |
| 103 | unix_listener auth-master { |
| 104 | mode = 0600 |
| 105 | user = vmail |
| 106 | } |
| 107 | unix_listener auth-userdb { |
| 108 | mode = 0600 |
| 109 | user = vmail |
| 110 | } |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 111 | vsz_limit = 2G |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 112 | } |
| 113 | service managesieve-login { |
| 114 | inet_listener sieve { |
| 115 | port = 4190 |
| 116 | } |
| 117 | inet_listener sieve_haproxy { |
| 118 | port = 14190 |
| 119 | haproxy = yes |
| 120 | } |
| 121 | service_count = 1 |
| 122 | process_min_avail = 2 |
| 123 | vsz_limit = 1G |
| 124 | } |
| 125 | service imap-login { |
| 126 | service_count = 1 |
| 127 | process_limit = 10000 |
| 128 | vsz_limit = 1G |
| 129 | user = dovenull |
| 130 | inet_listener imap_haproxy { |
| 131 | port = 10143 |
| 132 | haproxy = yes |
| 133 | } |
| 134 | inet_listener imaps_haproxy { |
| 135 | port = 10993 |
| 136 | ssl = yes |
| 137 | haproxy = yes |
| 138 | } |
| 139 | } |
| 140 | service pop3-login { |
| 141 | service_count = 1 |
| 142 | vsz_limit = 1G |
| 143 | inet_listener pop3_haproxy { |
| 144 | port = 10110 |
| 145 | haproxy = yes |
| 146 | } |
| 147 | inet_listener pop3s_haproxy { |
| 148 | port = 10995 |
| 149 | ssl = yes |
| 150 | haproxy = yes |
| 151 | } |
| 152 | } |
| 153 | service imap { |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 154 | executable = imap |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 155 | user = vmail |
| 156 | vsz_limit = 1G |
| 157 | } |
| 158 | service managesieve { |
| 159 | process_limit = 256 |
| 160 | } |
| 161 | service lmtp { |
| 162 | inet_listener lmtp-inet { |
| 163 | port = 24 |
| 164 | } |
| 165 | user = vmail |
| 166 | } |
| 167 | listen = *,[::] |
| 168 | ssl_cert = </etc/ssl/mail/cert.pem |
| 169 | ssl_key = </etc/ssl/mail/key.pem |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 170 | userdb { |
| 171 | driver = passwd-file |
| 172 | args = /etc/dovecot/dovecot-master.userdb |
| 173 | } |
| 174 | userdb { |
| 175 | args = /etc/dovecot/sql/dovecot-dict-sql-userdb.conf |
| 176 | driver = sql |
| 177 | skip = found |
| 178 | } |
| 179 | protocol imap { |
| 180 | mail_plugins = </etc/dovecot/mail_plugins_imap |
| 181 | imap_metadata = yes |
| 182 | } |
| 183 | mail_attribute_dict = file:%h/dovecot-attributes |
| 184 | protocol lmtp { |
| 185 | mail_plugins = </etc/dovecot/mail_plugins_lmtp |
| 186 | auth_socket_path = /var/run/dovecot/auth-master |
| 187 | } |
| 188 | protocol sieve { |
| 189 | managesieve_logout_format = bytes=%i/%o |
| 190 | } |
| 191 | plugin { |
| 192 | # Allow "any" or "authenticated" to be used in ACLs |
| 193 | acl_anyone = </etc/dovecot/acl_anyone |
| 194 | acl_shared_dict = file:/var/vmail/shared-mailboxes.db |
| 195 | acl = vfile |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 196 | acl_user = %u |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 197 | fts = solr |
| 198 | fts_autoindex = yes |
| 199 | fts_solr = url=http://solr:8983/solr/dovecot-fts/ |
| 200 | quota = dict:Userquota::proxy::sqlquota |
| 201 | quota_rule2 = Trash:storage=+100%% |
| 202 | sieve = /var/vmail/sieve/%u.sieve |
| 203 | sieve_plugins = sieve_imapsieve sieve_extprograms |
| 204 | sieve_vacation_send_from_recipient = yes |
| 205 | sieve_redirect_envelope_from = recipient |
| 206 | # From elsewhere to Spam folder |
| 207 | imapsieve_mailbox1_name = Junk |
| 208 | imapsieve_mailbox1_causes = COPY |
| 209 | imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve |
| 210 | # END |
| 211 | # From Spam folder to elsewhere |
| 212 | imapsieve_mailbox2_name = * |
| 213 | imapsieve_mailbox2_from = Junk |
| 214 | imapsieve_mailbox2_causes = COPY |
| 215 | imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve |
| 216 | # END |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 217 | master_user = %u |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 218 | quota_warning = storage=95%% quota-warning 95 %u |
| 219 | quota_warning2 = storage=80%% quota-warning 80 %u |
| 220 | sieve_pipe_bin_dir = /usr/lib/dovecot/sieve |
| 221 | sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute |
| 222 | sieve_extensions = +notify +imapflags +vacation-seconds +editheader |
| 223 | sieve_max_script_size = 1M |
| 224 | sieve_max_redirects = 100 |
| 225 | sieve_max_actions = 101 |
| 226 | sieve_quota_max_scripts = 0 |
| 227 | sieve_quota_max_storage = 0 |
| 228 | listescape_char = "\\" |
| 229 | sieve_vacation_min_period = 5s |
| 230 | sieve_vacation_max_period = 0 |
| 231 | sieve_vacation_default_period = 60s |
| 232 | sieve_before = /var/vmail/sieve/global_sieve_before.sieve |
| 233 | sieve_before2 = dict:proxy::sieve_before;name=active;bindir=/var/vmail/sieve_before_bindir |
| 234 | sieve_after = dict:proxy::sieve_after;name=active;bindir=/var/vmail/sieve_after_bindir |
| 235 | sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve |
| 236 | sieve_duplicate_default_period = 1m |
| 237 | sieve_duplicate_max_period = 7d |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 238 | |
| 239 | # -- Global keys |
| 240 | mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem |
| 241 | mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem |
| 242 | mail_crypt_save_version = 2 |
| 243 | |
| 244 | # Enable compression while saving, lz4 Dovecot v2.2.11+ |
| 245 | zlib_save = lz4 |
| 246 | |
| 247 | mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename |
| 248 | mail_log_fields = uid box msgid size |
| 249 | mail_log_cached_only = yes |
| 250 | } |
| 251 | service quota-warning { |
| 252 | executable = script /usr/local/bin/quota_notify.py |
| 253 | # use some unprivileged user for executing the quota warnings |
| 254 | user = vmail |
| 255 | unix_listener quota-warning { |
| 256 | user = vmail |
| 257 | } |
| 258 | } |
| 259 | dict { |
| 260 | sqlquota = mysql:/etc/dovecot/sql/dovecot-dict-sql-quota.conf |
| 261 | sieve_after = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf |
| 262 | sieve_before = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf |
| 263 | } |
| 264 | remote 127.0.0.1 { |
| 265 | disable_plaintext_auth = no |
| 266 | } |
| 267 | submission_host = postfix:588 |
| 268 | mail_max_userip_connections = 500 |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 269 | service stats { |
| 270 | unix_listener stats-writer { |
| 271 | mode = 0660 |
| 272 | user = vmail |
| 273 | } |
| 274 | } |
| 275 | imap_max_line_length = 2 M |
| 276 | #auth_cache_verify_password_with_worker = yes |
| 277 | #auth_cache_negative_ttl = 0 |
| 278 | #auth_cache_ttl = 30 s |
| 279 | #auth_cache_size = 2 M |
| 280 | service replicator { |
| 281 | process_min_avail = 1 |
| 282 | } |
| 283 | service aggregator { |
| 284 | fifo_listener replication-notify-fifo { |
| 285 | user = vmail |
| 286 | } |
| 287 | unix_listener replication-notify { |
| 288 | user = vmail |
| 289 | } |
| 290 | } |
| 291 | service replicator { |
| 292 | unix_listener replicator-doveadm { |
| 293 | mode = 0666 |
| 294 | } |
| 295 | } |
| 296 | replication_max_conns = 10 |
| 297 | doveadm_port = 12345 |
| 298 | replication_dsync_parameters = -d -l 30 -U -n INBOX |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 299 | # <Includes> |
| 300 | !include_try /etc/dovecot/sni.conf |
| 301 | !include_try /etc/dovecot/sogo_trusted_ip.conf |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 302 | !include_try /etc/dovecot/extra.conf |
| 303 | !include_try /etc/dovecot/sogo-sso.conf |
| 304 | !include_try /etc/dovecot/shared_namespace.conf |
Matthias Andreas Benkard | 7b2a3a1 | 2021-08-16 10:57:25 +0200 | [diff] [blame] | 305 | # </Includes> |
Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 306 | default_client_limit = 10400 |
| 307 | default_vsz_limit = 1024 M |