X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=files%2Fetc%2Fdovecot%2Fdovecot.conf;fp=files%2Fetc%2Fdovecot%2Fdovecot.conf;h=0000000000000000000000000000000000000000;hb=1bfc033259cebfaa0ca3dec10fbbf1ca450d44f1;hp=98a46f698b77efe27b741bf25445e86875a6b403;hpb=9742d3662fe74ee8d7f0d510c9198fedeba13f35;p=carnet-upgrade.git diff --git a/files/etc/dovecot/dovecot.conf b/files/etc/dovecot/dovecot.conf deleted file mode 100644 index 98a46f6..0000000 --- a/files/etc/dovecot/dovecot.conf +++ /dev/null @@ -1,500 +0,0 @@ -## Dovecot 1.0 configuration file - -# Default values are shown after each value, it's not required to uncomment -# any of the lines. Exception to this are paths, they're just examples -# with real defaults being based on configure options. The paths listed here -# are for configure --prefix=/usr --sysconfdir=/etc/dovecot -# --localstatedir=/var --with-ssldir=/etc/ssl - -# Base directory where to store runtime data. -#base_dir = /var/run/dovecot/ - -# Protocols we want to be serving: -# imap imaps pop3 pop3s -protocols = - -# IP or host address where to listen in for connections. It's not currently -# possible to specify multiple addresses. "*" listens in all IPv4 interfaces. -# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4 -# interfaces depending on the operating system. You can specify ports with -# "host:port". -#imap_listen = * -#pop3_listen = * - -# IP or host address where to listen in for SSL connections. Defaults -# to above non-SSL equilevants if not specified. -#imaps_listen = -#pop3s_listen = - -# Disable SSL/TLS support. -#ssl_disable = no - -# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -# dropping root privileges, so keep the key file unreadable by anyone but -# root. -#ssl_cert_file = /etc/ssl/certs/dovecot.pem -#ssl_key_file = /etc/ssl/private/dovecot.pem - -# SSL parameter file. Master process generates this file for login processes. -# It contains Diffie Hellman and RSA parameters. -#ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat - -# How often to regenerate the SSL parameters file. Generation is quite CPU -# intensive operation. The value is in hours, 0 disables regeneration -# entirely. -#ssl_parameters_regenerate = 24 - -# Disable LOGIN command and all other plaintext authentications unless -# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and -# IPv6 ::1 addresses are considered secure, this setting has no effect if -# you connect from those addresses. -#disable_plaintext_auth = yes - -# Use this logfile instead of syslog(). /dev/stderr can be used if you want to -# use stderr for logging (ONLY /dev/stderr - otherwise it is closed). -#log_path = - -# For informational messages, use this logfile instead of the default -#info_log_path = - -# Prefix for each line written to log file. % codes are in strftime(3) -# format. -#log_timestamp = "%b %d %H:%M:%S " - -## -## Login processes -## - -# Directory where authentication process places authentication UNIX sockets -# which login needs to be able to connect to. The sockets are created when -# running as root, so you don't have to worry about permissions. Note that -# everything in this directory is deleted when Dovecot is started. -#login_dir = /var/run/dovecot/login - -# chroot login process to the login_dir. Only reason not to do this is if you -# wish to run the whole Dovecot without roots. -# http://wiki.dovecot.org/Rootless -#login_chroot = yes - - -## -## IMAP login process -## - -login = imap - -# Executable location. -#login_executable = /usr/lib/dovecot/imap-login - -# User to use for the login process. Create a completely new user for this, -# and don't use it anywhere else. The user must also belong to a group where -# only it has access, it's used to control access for authentication process. -# Note that this user is NOT used to access mails. -# http://wiki.dovecot.org/UserIds -#login_user = dovecot - -# Set max. process size in megabytes. If you don't use -# login_process_per_connection you might need to grow this. -#login_process_size = 32 - -# Should each login be processed in it's own process (yes), or should one -# login process be allowed to process multiple connections (no)? Yes is more -# secure, espcially with SSL/TLS enabled. No is faster since there's no need -# to create processes all the time. -#login_process_per_connection = yes - -# Number of login processes to create. If login_process_per_user is -# yes, this is the number of extra processes waiting for users to log in. -#login_processes_count = 3 - -# Maximum number of extra login processes to create. The extra process count -# usually stays at login_processes_count, but when multiple users start logging -# in at the same time more extra processes are created. To prevent fork-bombing -# we check only once in a second if new processes should be created - if all -# of them are used at the time, we double their amount until limit set by this -# setting is reached. This setting is used only if login_process_per_use is yes. -#login_max_processes_count = 128 - -# Maximum number of connections allowed in login state. When this limit is -# reached, the oldest connections are dropped. If login_process_per_user -# is no, this is a per-process value, so the absolute maximum number of users -# logging in actually login_processes_count * max_logging_users. -#login_max_logging_users = 256 - -## -## POP3 login process -## - -# Settings default to same as above, so you don't have to set anything -# unless you want to override them. - -login = pop3 - -# Exception to above rule being the executable location. -#login_executable = /usr/lib/dovecot/pop3-login - -## -## Mail processes -## - -# Maximum number of running mail processes. When this limit is reached, -# new users aren't allowed to log in. -#max_mail_processes = 1024 - -# Show more verbose process titles (in ps). Currently shows user name and -# IP address. Useful for seeing who are actually using the IMAP processes -# (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no - -# Show protocol level SSL errors. -#verbose_ssl = no - -# Valid UID range for users, defaults to 500 and above. This is mostly -# to make sure that users can't log in as daemons or other system users. -# Note that denying root logins is hardcoded to dovecot binary and can't -# be done even if first_valid_uid is set to 0. -#first_valid_uid = 500 -#last_valid_uid = 0 - -# Valid GID range for users, defaults to non-root/wheel. Users having -# non-valid GID as primary group ID aren't allowed to log in. If user -# belongs to supplementary groups with non-valid GIDs, those groups are -# not set. -#first_valid_gid = 1 -#last_valid_gid = 0 - -# Grant access to these extra groups for mail processes. Typical use would be -# to give "mail" group write access to /var/mail to be able to create dotlocks. -mail_extra_groups = mail - -# ':' separated list of directories under which chrooting is allowed for mail -# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). -# This setting doesn't affect login_chroot or auth_chroot variables. -# WARNING: Never add directories here which local users can modify, that -# may lead to root exploit. Usually this should be done only if you don't -# allow shell access for users. See -# /usr/share/doc/dovecot-common/configuration.txt for more information. -#valid_chroot_dirs = - -# Default chroot directory for mail processes. This can be overridden by -# giving /./ in user's home directory (eg. /home/./user chroots into /home). -#mail_chroot = - -# Default MAIL environment to use when it's not set. By leaving this empty -# dovecot tries to do some automatic detection as described in -# /usr/share/doc/dovecot-common/mail-storages.txt. There's a few special -# variables you can use: -# -# %u - username -# %n - user part in user@domain, same as %u if there's no domain -# %d - domain part in user@domain, empty if user there's no domain -# %h - home directory -# -# You can also limit a width of string by giving the number of max. characters -# after the '%' character. For example %1u gives the first character of -# username. Some examples: -# -# default_mail_env = maildir:/var/mail/%1u/%u/Maildir -# default_mail_env = mbox:~/mail/:INBOX=/var/mail/%u -# default_mail_env = mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n -# -#default_mail_env = - -# Space-separated list of fields to cache for all mails. Currently these -# fields are allowed followed by a list of commands they speed up: -# -# Envelope - FETCH ENVELOPE and SEARCH FROM, TO, CC, BCC, SUBJECT, -# SENTBEFORE, SENTON, SENTSINCE, HEADER MESSAGE-ID, -# HEADER IN-REPLY-TO -# Body - FETCH BODY -# Bodystructure - FETCH BODY, BODYSTRUCTURE -# MessagePart - FETCH BODY[1.2.3] (ie. body parts), RFC822.SIZE, -# SEARCH SMALLER, LARGER, also speeds up BODY/BODYSTRUCTURE -# generation. This is always set with mbox mailboxes, and -# also default with Maildir. -# -# Different IMAP clients work in different ways, that's why Dovecot by default -# only caches MessagePart which speeds up most operations. Whenever client -# does something where caching could be used, the field is automatically marked -# to be cached later. For example after FETCH BODY the BODY will be cached -# for all new messages. Normally you should leave this alone, unless you know -# what most of your IMAP clients are. Caching more fields than needed makes -# the index files larger and generate useless I/O. -# -# With maildir there's one extra optimization - if nothing is cached, indexing -# the maildir becomes much faster since it's not opening any of the mail files. -# This could be useful if your IMAP clients access only new mails. - -#mail_cache_fields = MessagePart - -# Space-separated list of fields that Dovecot should never set to be cached. -# Useful if you want to save disk space at the cost of more I/O when the fields -# needed. -#mail_never_cache_fields = - -# Workarounds for various client bugs: -# oe6-fetch-no-newmail: -# Never send EXISTS/RECENT when replying to FETCH command. Outlook Express -# seems to think they are FETCH replies and gives user "Message no longer -# in server" error. Note that OE6 still breaks even with this workaround -# if synchronization is set to "Headers Only". -# outlook-idle: -# Outlook and Outlook Express never abort IDLE command, so if no mail -# arrives in half a hour, Dovecot closes the connection. This is still -# fine, except Outlook doesn't connect back so you don't see if new mail -# arrives. -# outlook-pop3-no-nuls: -# Outlook and Outlook Express hang if mails contain NUL characters. -# This setting replaces them with 0x80 character. -#client_workarounds = - -# Dovecot can notify client of new mail in selected mailbox soon after it's -# received. This setting specifies the minimum interval in seconds between -# new mail notifications to client - internally they may be checked more or -# less often. Setting this to 0 disables the checking. -# NOTE: Evolution client breaks with this option when it's trying to APPEND. -#mailbox_check_interval = 0 - -# Like mailbox_check_interval, but used for IDLE command. -#mailbox_idle_check_interval = 30 - -# Allow full filesystem access to clients. There's no access checks other than -# what the operating system does for the active UID/GID. It works with both -# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ -# or ~user/. -#mail_full_filesystem_access = no - -# Maximum allowed length for custom flag name. It's only forced when trying -# to create new flags. -#mail_max_flag_length = 50 - -# Save mails with CR+LF instead of plain LF. This makes sending those mails -# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. -# But it also creates a bit more disk I/O which may just make it slower. -#mail_save_crlf = no - -# Use mmap() instead of read() to read mail files. read() seems to be a bit -# faster with my Linux/x86 and it's better with NFS, so that's the default. -#mail_read_mmaped = no - -# By default LIST command returns all entries in maildir beginning with dot. -# Enabling this option makes Dovecot return only entries which are directories. -# This is done by stat()ing each entry, so it causes more disk I/O. -# (For systems setting struct dirent->d_type, this check is free and it's -# done always regardless of this setting) -#maildir_stat_dirs = no - -# Copy mail to another folders using hard links. This is much faster than -# actually copying the file. This is problematic only if something modifies -# the mail in one folder but doesn't want it modified in the others. I don't -# know any MUA which would modify mail files directly. IMAP protocol also -# requires that the mails don't change, so it would be problematic in any case. -# If you care about performance, enable it. -#maildir_copy_with_hardlinks = no - -# Check if mails' content has been changed by external programs. This slows -# down things as extra stat() needs to be called for each file. If changes are -# noticed, the message is treated as a new message, since IMAP protocol -# specifies that existing messages are immutable. -#maildir_check_content_changes = no - -# Which locking methods to use for locking mbox. There's three available: -# dotlock: Create .lock file. This is the oldest and most NFS-safe -# solution. If you want to use /var/mail/ like directory, the users -# will need write access to that directory. -# fcntl : Use this if possible. Works with NFS too if lockd is used. -# flock : May not exist in all systems. Doesn't work with NFS. -# -# You can use both fcntl and flock too; if you do the order they're declared -# with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl -# and flock. Some operating systems don't allow using both of them -# simultaneously, eg. BSDs. If dotlock is used, it's always created first. -#mbox_locks = dotlock fcntl - -# Should we create dotlock file even when we want only a read-lock? Setting -# this to yes hurts the performance when the mailbox is accessed simultaneously -# by multiple processes, but it's needed for reliable reading if no other -# locking methods are available. -#mbox_read_dotlock = no - -# Maximum time in seconds to wait for lock (all of them) before aborting. -#mbox_lock_timeout = 300 - -# If dotlock exists but the mailbox isn't modified in any way, override the -# lock file after this many seconds. -#mbox_dotlock_change_timeout = 30 - -# umask to use for mail files and directories -#umask = 0077 - -# Drop all privileges before exec()ing the mail process. This is mostly -# meant for debugging, otherwise you don't get core dumps. Note that setting -# this to yes means that log file is opened as the logged in user, which -# might not work. It could also be a small security risk if you use single UID -# for multiple users, as the users could ptrace() each others processes then. -#mail_drop_priv_before_exec = no - -## -## IMAP process -## - -# Executable location -#imap_executable = /usr/lib/dovecot/imap - -# Set max. process size in megabytes. Most of the memory goes to mmap()ing -# files, so it shouldn't harm much even if this limit is set pretty high. -#imap_process_size = 256 - -# Support for dynamically loadable modules. -#imap_use_modules = no -#imap_modules = /usr/lib/dovecot/imap - -## -## POP3 process -## - -# Executable location -#pop3_executable = /usr/lib/dovecot/pop3 - -# Set max. process size in megabytes. Most of the memory goes to mmap()ing -# files, so it shouldn't harm much even if this limit is set pretty high. -#pop3_process_size = 256 - -# Support for dynamically loadable modules. -#pop3_use_modules = no -#pop3_modules = /usr/lib/dovecot/pop3 - -## -## Authentication processes -## - -# An Authentication process is a child process used by Dovecot that -# handles the authentication steps. The steps cover an authentication -# mechanism (auth_mechanisms, how the client authenticates in the IMAP or -# POP3 protocol), which password database should be queried (auth_passdb), -# and which user database should be queried (auth_userdb, to obtain -# UID, GID, and location of the user's mailbox/home directory). -# -# You can have multiple processes, though a typical configuration will -# have only one. Each time "auth = xx" is seen, a new process -# definition is started. The point of multiple processes is to be able -# to set stricter permissions. (See auth_user below.) -# -# Just remember that only one Authentication process is asked for the -# password, so you can't have different passwords accessible through -# different process definitions (unless they have different -# auth_mechanisms, and you're ok with having different password for -# each mechanisms). - -# Authentication process name. -auth = default - -# Specifies how the client authenticates in the IMAP protocol. -# Space separated list of permitted authentication mechanisms: -# anonymous plain digest-md5 cram-md5 -# -# anonymous - No authentication required. -# plain - The password is sent as plain text. All IMAP/POP3 clients -# support this, and the password can be encrypted by Dovecot to match -# any of the encryption schemes used in password databases. -# digest-md5 and cram-md5 - both encrypt the password so it is more -# secure in transit, but are not well supported by clients, and -# require that the password database use a matching encryption -# scheme (or be in plaintext). -# -# See auth.txt for more details. -# -# If you are using SSL there is less benefit to digest-md5 and -# cram-md5 as the communication is already encrypted. -auth_mechanisms = plain - -# Space separated list of realms for SASL authentication mechanisms that need -# them. You can leave it empty if you don't want to support multiple realms. -# Many clients simply use the first one listed here, so keep the default realm -# first. -#auth_realms = - -# Default realm/domain to use if none was specified. This is used for both -# SASL realms and appending @domain to username in plaintext logins. -#auth_default_realm = - -# User database specifies where mails are located and what user/group IDs -# own them. For single-UID configuration use "static". -# http://wiki.dovecot.org/Authentication -# http://wiki.dovecot.org/VirtualUsers -# passwd: /etc/passwd or similiar, using getpwnam() -# passwd-file : passwd-like file with specified location -# static uid= gid= home=: static settings -# vpopmail: vpopmail library -# ldap : LDAP, see /etc/dovecot/dovecot-ldap.conf -# mysql : a MySQL database, see /etc/dovecot/dovecot-mysql.conf -# pgsql : a PostgreSQL database, see -# /etc/dovecot/dovecot-pgsql.conf -auth_userdb = passwd - -# Password database specifies only the passwords for users. -# http://wiki.dovecot.org/Authentication -# passwd: /etc/passwd or similiar, using getpwnam() -# shadow: /etc/shadow or similiar, using getspnam() -# pam [ | *]: PAM authentication -# passwd-file : passwd-like file with specified location -# vpopmail: vpopmail authentication -# ldap : LDAP, see /etc/dovecot/dovecot-ldap.conf -# mysql : a MySQL database, see /etc/dovecot/dovecot-mysql.conf -# pgsql : a PostgreSQL database, see -# /etc/dovecot/dovecot-pgsql.conf -auth_passdb = pam - -#auth_executable = /usr/lib/dovecot/dovecot-auth - -# Set max. process size in megabytes. -#auth_process_size = 256 - -# User to use for the process. This user needs access to only user and -# password databases, nothing else. Only shadow and pam authentication -# requires roots, so use something else if possible. Note that passwd -# authentication with BSDs internally accesses shadow files, which also -# requires roots. Note that this user is NOT used to access mails. -# That user is specified by auth_userdb above. -auth_user = root - -# Directory where to chroot the process. Most authentication backends don't -# work if this is set, and there's no point chrooting if auth_user is root. -#auth_chroot = - -# Number of authentication processes to create -#auth_count = 1 - -# List of allowed characters in username. If the user-given username contains -# a character not listed in here, the login automatically fails. This is just -# an extra check to make sure user can't exploit any potential quote escaping -# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, -# set this value to empty. -#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ - -# Username to use for users logging in with ANONYMOUS SASL mechanism -#auth_anonymous_username = anonymous - -# More verbose logging. Useful for figuring out why authentication isn't -# working. -#auth_verbose = no - -# Even more verbose logging for debugging purposes. Shows for example SQL -# queries. -#auth_debug = no - -# digest-md5 authentication process. It requires special MD5 passwords which -# /etc/shadow and PAM doesn't support, so we never need roots to handle it. -# Note that the passwd-file is opened before chrooting and dropping root -# privileges, so it may be 0600-root owned file. - -#auth = digest_md5 -#auth_mechanisms = digest-md5 -#auth_realms = -#auth_userdb = passwd-file /etc/passwd.imap -#auth_passdb = passwd-file /etc/passwd.imap -#auth_user = imapauth -#auth_chroot = - -# if you plan to use only passwd-file, you don't need the two auth processes, -# simply set "auth_methods = plain digest-md5"