blob: 159e39f41527d5d9c4cd7ce519e0e5c7f04bf654 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +01001# --------------------------------------------------------------------------
2# Please create a file "extra.conf" for persistent overrides to dovecot.conf
3# --------------------------------------------------------------------------
4# LDAP example:
5#passdb {
6# args = /etc/dovecot/ldap/passdb.conf
7# driver = ldap
8#}
9
10auth_mechanisms = plain login
11#mail_debug = yes
12#auth_debug = yes
13log_path = syslog
14disable_plaintext_auth = yes
15# Uncomment on NFS share
16#mmap_disable = yes
17#mail_fsync = always
18#mail_nfs_index = yes
19#mail_nfs_storage = yes
20login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
21mail_home = /var/vmail/%d/%n
22mail_location = maildir:~/
23mail_plugins = </etc/dovecot/mail_plugins
24mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
25mail_attachment_dir = /var/attachments
26mail_attachment_min_size = 128k
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +010027# Significantly speeds up very large mailboxes, but is only safe to enable if
28# you do not manually modify the files in the `cur` directories in
29# mailcowdockerized_vmail-vol-1.
30# https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-performance/
31maildir_very_dirty_syncs = yes
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010032
33# Dovecot 2.2
34#ssl_protocols = !SSLv3
35# Dovecot 2.3
36ssl_min_protocol = TLSv1.2
37
38ssl_prefer_server_ciphers = yes
39ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM
40
41# Default in Dovecot 2.3
42ssl_options = no_compression no_ticket
43
44# New in Dovecot 2.3
45ssl_dh = </etc/ssl/mail/dhparams.pem
46# Dovecot 2.2
47#ssl_dh_parameters_length = 2048
48log_timestamp = "%Y-%m-%d %H:%M:%S "
49recipient_delimiter = +
50auth_master_user_separator = *
51mail_shared_explicit_inbox = yes
52mail_prefetch_count = 30
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020053passdb {
54 driver = lua
55 args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
56 result_success = return-ok
57 result_failure = continue
58 result_internalfail = continue
59}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010060# try a master passwd
61passdb {
62 driver = passwd-file
63 args = /etc/dovecot/dovecot-master.passwd
64 master = yes
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020065 skip = authenticated
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010066}
67# check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail
68# a return of the following passdb is mandatory
69passdb {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020070 driver = lua
71 args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010072}
73# Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing)
74service doveadm {
75 inet_listener {
76 port = 12345
77 }
78 vsz_limit=2048 MB
79}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020080!include /etc/dovecot/dovecot.folders.conf
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010081protocols = imap sieve lmtp pop3
82service dict {
83 unix_listener dict {
84 mode = 0660
85 user = vmail
86 group = vmail
87 }
88}
89service log {
90 user = dovenull
91}
92service config {
93 unix_listener config {
94 user = root
95 group = vmail
96 mode = 0660
97 }
98}
99service auth {
100 inet_listener auth-inet {
101 port = 10001
102 }
103 unix_listener auth-master {
104 mode = 0600
105 user = vmail
106 }
107 unix_listener auth-userdb {
108 mode = 0600
109 user = vmail
110 }
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200111 vsz_limit = 2G
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100112}
113service managesieve-login {
114 inet_listener sieve {
115 port = 4190
116 }
117 inet_listener sieve_haproxy {
118 port = 14190
119 haproxy = yes
120 }
121 service_count = 1
122 process_min_avail = 2
123 vsz_limit = 1G
124}
125service imap-login {
126 service_count = 1
127 process_limit = 10000
128 vsz_limit = 1G
129 user = dovenull
130 inet_listener imap_haproxy {
131 port = 10143
132 haproxy = yes
133 }
134 inet_listener imaps_haproxy {
135 port = 10993
136 ssl = yes
137 haproxy = yes
138 }
139}
140service pop3-login {
141 service_count = 1
142 vsz_limit = 1G
143 inet_listener pop3_haproxy {
144 port = 10110
145 haproxy = yes
146 }
147 inet_listener pop3s_haproxy {
148 port = 10995
149 ssl = yes
150 haproxy = yes
151 }
152}
153service imap {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200154 executable = imap
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100155 user = vmail
156 vsz_limit = 1G
157}
158service managesieve {
159 process_limit = 256
160}
161service lmtp {
162 inet_listener lmtp-inet {
163 port = 24
164 }
165 user = vmail
166}
167listen = *,[::]
168ssl_cert = </etc/ssl/mail/cert.pem
169ssl_key = </etc/ssl/mail/key.pem
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100170userdb {
171 driver = passwd-file
172 args = /etc/dovecot/dovecot-master.userdb
173}
174userdb {
175 args = /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
176 driver = sql
177 skip = found
178}
179protocol imap {
180 mail_plugins = </etc/dovecot/mail_plugins_imap
181 imap_metadata = yes
182}
183mail_attribute_dict = file:%h/dovecot-attributes
184protocol lmtp {
185 mail_plugins = </etc/dovecot/mail_plugins_lmtp
186 auth_socket_path = /var/run/dovecot/auth-master
187}
188protocol sieve {
189 managesieve_logout_format = bytes=%i/%o
190}
191plugin {
192 # Allow "any" or "authenticated" to be used in ACLs
193 acl_anyone = </etc/dovecot/acl_anyone
194 acl_shared_dict = file:/var/vmail/shared-mailboxes.db
195 acl = vfile
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200196 acl_user = %u
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100197 fts = solr
198 fts_autoindex = yes
199 fts_solr = url=http://solr:8983/solr/dovecot-fts/
200 quota = dict:Userquota::proxy::sqlquota
201 quota_rule2 = Trash:storage=+100%%
202 sieve = /var/vmail/sieve/%u.sieve
203 sieve_plugins = sieve_imapsieve sieve_extprograms
204 sieve_vacation_send_from_recipient = yes
205 sieve_redirect_envelope_from = recipient
206 # From elsewhere to Spam folder
207 imapsieve_mailbox1_name = Junk
208 imapsieve_mailbox1_causes = COPY
209 imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
210 # END
211 # From Spam folder to elsewhere
212 imapsieve_mailbox2_name = *
213 imapsieve_mailbox2_from = Junk
214 imapsieve_mailbox2_causes = COPY
215 imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
216 # END
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200217 master_user = %u
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100218 quota_warning = storage=95%% quota-warning 95 %u
219 quota_warning2 = storage=80%% quota-warning 80 %u
220 sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
221 sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
222 sieve_extensions = +notify +imapflags +vacation-seconds +editheader
223 sieve_max_script_size = 1M
224 sieve_max_redirects = 100
225 sieve_max_actions = 101
226 sieve_quota_max_scripts = 0
227 sieve_quota_max_storage = 0
228 listescape_char = "\\"
229 sieve_vacation_min_period = 5s
230 sieve_vacation_max_period = 0
231 sieve_vacation_default_period = 60s
232 sieve_before = /var/vmail/sieve/global_sieve_before.sieve
233 sieve_before2 = dict:proxy::sieve_before;name=active;bindir=/var/vmail/sieve_before_bindir
234 sieve_after = dict:proxy::sieve_after;name=active;bindir=/var/vmail/sieve_after_bindir
235 sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve
236 sieve_duplicate_default_period = 1m
237 sieve_duplicate_max_period = 7d
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100238
239 # -- Global keys
240 mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
241 mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
242 mail_crypt_save_version = 2
243
244 # Enable compression while saving, lz4 Dovecot v2.2.11+
245 zlib_save = lz4
246
247 mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
248 mail_log_fields = uid box msgid size
249 mail_log_cached_only = yes
250}
251service quota-warning {
252 executable = script /usr/local/bin/quota_notify.py
253 # use some unprivileged user for executing the quota warnings
254 user = vmail
255 unix_listener quota-warning {
256 user = vmail
257 }
258}
259dict {
260 sqlquota = mysql:/etc/dovecot/sql/dovecot-dict-sql-quota.conf
261 sieve_after = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf
262 sieve_before = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf
263}
264remote 127.0.0.1 {
265 disable_plaintext_auth = no
266}
267submission_host = postfix:588
268mail_max_userip_connections = 500
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100269service stats {
270 unix_listener stats-writer {
271 mode = 0660
272 user = vmail
273 }
274}
275imap_max_line_length = 2 M
276#auth_cache_verify_password_with_worker = yes
277#auth_cache_negative_ttl = 0
278#auth_cache_ttl = 30 s
279#auth_cache_size = 2 M
280service replicator {
281 process_min_avail = 1
282}
283service aggregator {
284 fifo_listener replication-notify-fifo {
285 user = vmail
286 }
287 unix_listener replication-notify {
288 user = vmail
289 }
290}
291service replicator {
292 unix_listener replicator-doveadm {
293 mode = 0666
294 }
295}
296replication_max_conns = 10
297doveadm_port = 12345
298replication_dsync_parameters = -d -l 30 -U -n INBOX
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200299# <Includes>
300!include_try /etc/dovecot/sni.conf
301!include_try /etc/dovecot/sogo_trusted_ip.conf
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100302!include_try /etc/dovecot/extra.conf
303!include_try /etc/dovecot/sogo-sso.conf
304!include_try /etc/dovecot/shared_namespace.conf
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200305# </Includes>
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100306default_client_limit = 10400
307default_vsz_limit = 1024 M