1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
|
diff -Nur conf.d.orig/10-auth.conf conf.d/10-auth.conf
--- conf.d.orig/10-auth.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/10-auth.conf 2013-06-05 22:38:44.722493000 +0200
@@ -6,20 +6,20 @@
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = yes
# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
-#auth_cache_size = 0
+auth_cache_size = 10M
# Time to live for cached data. After TTL expires the cached record is no
# longer used, *except* if the main database lookup returns internal failure.
# We also try to handle password changes automatically: If user's previous
# authentication was successful, but this one wasn't, the cache isn't used.
# For now this works only with plaintext authentication.
-#auth_cache_ttl = 1 hour
+auth_cache_ttl = 1 hour
# TTL for negative hits (user not found, password mismatch).
# 0 disables caching them completely.
-#auth_cache_negative_ttl = 1 hour
+auth_cache_negative_ttl = 1 hour
# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
diff -Nur conf.d.orig/10-logging.conf conf.d/10-logging.conf
--- conf.d.orig/10-logging.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/10-logging.conf 2013-06-05 22:38:44.722879000 +0200
@@ -5,6 +5,7 @@
# Log file to use for error messages. "syslog" logs to syslog,
# /dev/stderr logs to stderr.
#log_path = syslog
+log_path = /var/log/dovecot.log
# Log file to use for informational messages. Defaults to log_path.
#info_log_path =
@@ -14,14 +15,14 @@
# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard
# facilities are supported.
-#syslog_facility = mail
+syslog_facility = mail
##
## Logging verbosity and debugging.
##
# Log unsuccessful authentication attempts and the reasons why they failed.
-#auth_verbose = no
+auth_verbose = yes
# In case of password mismatches, log the attempted password. Valid values are
# no, plain and sha1. sha1 can be useful for detecting brute force password
diff -Nur conf.d.orig/10-mail.conf conf.d/10-mail.conf
--- conf.d.orig/10-mail.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/10-mail.conf 2013-06-05 22:44:18.646267000 +0200
@@ -27,7 +27,10 @@
#
# <doc/wiki/MailLocation.txt>
#
-mail_location = mbox:~/mail:INBOX=/var/mail/%u
+# mail_location = mbox:~/mail:INBOX=/var/mail/%u
+# mail_location =
+# mail_location = mbox:~/mail:INBOX=/var/mail/%u
+mail_location = mdbox:~/mdbox
# If you need to set multiple mailbox locations or want to change default
# namespace settings, you can do it by defining namespace sections.
@@ -41,7 +44,7 @@
# on filesystem level to do so.
namespace inbox {
# Namespace type: private, shared or public
- #type = private
+ type = private
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
@@ -65,38 +68,51 @@
# useful when converting from another server with different namespaces which
# you want to deprecate but still keep working. For example you can create
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
- #hidden = no
+ hidden = no
# Show the mailboxes under this namespace with LIST command. This makes the
# namespace visible for clients that don't support NAMESPACE extension.
# "children" value lists child mailboxes, but hides the namespace prefix.
- #list = yes
+ list = yes
# Namespace handles its own subscriptions. If set to "no", the parent
# namespace handles them (empty prefix should always have this as "yes")
- #subscriptions = yes
+ subscriptions = yes
+}
+
+namespace local {
+ type = private
+ separator = /
+ prefix = Maildir/
+ location = maildir:~/Maildir
+ inbox = no
+ hidden = no
+ list = yes
+ subscriptions = no
}
# Example shared namespace configuration
-#namespace {
- #type = shared
- #separator = /
+namespace {
+ type = shared
+ separator = /
# Mailboxes are visible under "shared/user@domain/"
# %%n, %%d and %%u are expanded to the destination user.
- #prefix = shared/%%u/
+ prefix = shared/%%u/
# Mail location for other users' mailboxes. Note that %variables and ~/
# expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
# destination user's data.
#location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
+ location = mdbox:%%h/mdbox/
# Use the default namespace for saving subscriptions.
- #subscriptions = no
+ subscriptions = no
# List the shared/ namespace only if there are visible shared mailboxes.
- #list = children
-#}
+ list = children
+}
+
# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
#mail_shared_explicit_inbox = yes
@@ -116,7 +132,7 @@
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
-#mail_access_groups =
+mail_access_groups = mail
# Allow full filesystem access to clients. There's no access checks other than
# what the operating system does for the active UID/GID. It works with both
@@ -194,14 +210,14 @@
# UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda.
-#auth_socket_path = /var/run/dovecot/auth-userdb
+auth_socket_path = /var/run/dovecot/auth-userdb
# Directory where to look up mail plugins.
#mail_plugin_dir = /usr/lib/dovecot/modules
# Space separated list of plugins to load for all services. Plugins specific to
# IMAP, LDA, etc. are added to this list in their own .conf files.
-#mail_plugins =
+mail_plugins = acl
##
## Mailbox handling optimizations
diff -Nur conf.d.orig/10-master.conf conf.d/10-master.conf
--- conf.d.orig/10-master.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/10-master.conf 2013-06-06 00:25:02.628967000 +0200
@@ -17,10 +17,11 @@
service imap-login {
inet_listener imap {
#port = 143
+ port = 0
}
inet_listener imaps {
- #port = 993
- #ssl = yes
+ port = 993
+ ssl = yes
}
# Number of connections to handle before starting a new process. Typically
@@ -38,10 +39,11 @@
service pop3-login {
inet_listener pop3 {
#port = 110
+ port = 0
}
inet_listener pop3s {
- #port = 995
- #ssl = yes
+ port = 995
+ ssl = yes
}
}
@@ -62,6 +64,7 @@
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = $default_vsz_limit
+ vsz_limit = 2048M
# Max. number of IMAP processes (connections)
#process_limit = 1024
diff -Nur conf.d.orig/10-ssl.conf conf.d/10-ssl.conf
--- conf.d.orig/10-ssl.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/10-ssl.conf 2013-06-06 00:30:58.227832000 +0200
@@ -4,13 +4,16 @@
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
#ssl = yes
+ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/dovecot/dovecot.pem
-ssl_key = </etc/dovecot/private/dovecot.pem
+#ssl_cert = </etc/dovecot/dovecot.pem
+#ssl_key = </etc/dovecot/private/dovecot.pem
+ssl_cert = </etc/ssl/local/jogamp2013-hostcert.pem
+ssl_key = </etc/ssl/local/jogamp2013-hostkey.mail.pem
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
@@ -22,6 +25,7 @@
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
#ssl_ca =
+ssl_ca = </etc/ssl/local/thawte-SSL123_CA_Bundle.pem
# Require that CRL check succeeds for client certificates.
#ssl_require_crl = yes
diff -Nur conf.d.orig/15-lda.conf conf.d/15-lda.conf
--- conf.d.orig/15-lda.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/15-lda.conf 2013-06-05 22:38:44.724403000 +0200
@@ -37,12 +37,12 @@
#lda_original_recipient_header =
# Should saving a mail to a nonexistent mailbox automatically create it?
-#lda_mailbox_autocreate = no
+lda_mailbox_autocreate = yes
# Should automatically created mailboxes be also automatically subscribed?
-#lda_mailbox_autosubscribe = no
+lda_mailbox_autosubscribe = yes
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
- #mail_plugins = $mail_plugins
+ mail_plugins = $mail_plugins sieve
}
diff -Nur conf.d.orig/20-imap.conf conf.d/20-imap.conf
--- conf.d.orig/20-imap.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/20-imap.conf 2013-06-05 22:38:44.724715000 +0200
@@ -14,6 +14,7 @@
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
+ mail_plugins = $mail_plugins imap_acl
# IMAP logout format string:
# %i - total number of bytes read from client
diff -Nur conf.d.orig/20-lmtp.conf conf.d/20-lmtp.conf
--- conf.d.orig/20-lmtp.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/20-lmtp.conf 2013-06-05 22:38:44.725026000 +0200
@@ -12,5 +12,5 @@
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
- #mail_plugins = $mail_plugins
+ mail_plugins = $mail_plugins sieve
}
diff -Nur conf.d.orig/20-managesieve.conf conf.d/20-managesieve.conf
--- conf.d.orig/20-managesieve.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/20-managesieve.conf 2013-06-06 01:10:53.662647000 +0200
@@ -4,7 +4,7 @@
# Service definitions
-#service managesieve-login {
+service managesieve-login {
#inet_listener sieve {
# port = 4190
#}
@@ -23,16 +23,16 @@
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
-#}
+}
-#service managesieve {
+service managesieve {
# Max. number of ManageSieve processes (connections)
#process_count = 1024
-#}
+}
# Service configuration
-#protocol sieve {
+protocol sieve {
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
# not involve overly long command lines, so this setting will not normally
# need adjustment
@@ -70,4 +70,4 @@
# Refer to 90-sieve.conf for script quota configuration and configuration of
# Sieve execution limits.
-#}
+}
diff -Nur conf.d.orig/90-acl.conf conf.d/90-acl.conf
--- conf.d.orig/90-acl.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/90-acl.conf 2013-06-05 23:41:19.326258000 +0200
@@ -9,7 +9,7 @@
# specifies how many seconds to wait between stat()ing dovecot-acl file
# to see if it changed.
plugin {
- #acl = vfile:/etc/dovecot/global-acls:cache_secs=300
+ acl = vfile:/etc/dovecot/global-acls:cache_secs=300
}
# To let users LIST mailboxes shared by other users, Dovecot needs a
diff -Nur conf.d.orig/90-sieve.conf conf.d/90-sieve.conf
--- conf.d.orig/90-sieve.conf 2013-02-05 02:03:27.000000000 +0100
+++ conf.d/90-sieve.conf 2013-06-05 22:38:44.726032000 +0200
@@ -17,6 +17,7 @@
# --> See sieve_before fore executing scripts before the user's personal
# script.
#sieve_default = /var/lib/dovecot/sieve/default.sieve
+ sieve_default = /var/lib/dovecot/sieve/global/default.sieve
# Directory for :personal include scripts for the include extension. This
# is also where the ManageSieve service stores the user's scripts.
@@ -24,6 +25,7 @@
# Directory for :global include scripts for the include extension.
#sieve_global_dir =
+ sieve_global_dir = /var/lib/dovecot/sieve/global/
# Path to a script file or a directory containing script files that need to be
# executed before the user's script. If the path points to a directory, all
@@ -34,6 +36,7 @@
#sieve_before =
#sieve_before2 =
#sieve_before3 = (etc...)
+ sieve_before = /var/lib/dovecot/sieve/prologue.sieve
# Identical to sieve_before, only the specified scripts are executed after the
# user's script (only when keep is still in effect!). Multiple script file or
|
