Hello,
I'm setting up a dovecot-2.0.beta6 install and I'm experiencing the
following issues/questions :
1. Converting the config file
# /usr/local/dovecot-2/bin/doveconf -n -c
/usr/local/dovecot-1.2.12/etc/dovecot.conf :
[...]
doveconf: Fatal: Error in configuration file
/usr/local/dovecot-1.2.12/etc/dovecot.conf line 176: Unknown setting:
process_limit
but
# grep -i process_limit /usr/local/dovecot-1.2.12/etc/dovecot.conf
#
Well, it doesn't bother me much since I made the dovecot-2 conf from scratch
anyway.
2. Changing the process limit
In 10-master.conf, I changed 'service imap''s 'process_limit' from 1024 to 4096
which caused :
Warning: service auth { client_limit=4096 } is lower than required under max.
load (5320)
Where does the 5320 come from ?
3. The = <file syntax
Is there anything to know about this new syntax other than files are introduced
by "<" ?
4. The "filter" hierarchy
My understanding is that protocol, remote, local must be specified in the
following order
protocol name {
remote <ip|name> {
local <ip|name> {
and that for a match in several blocks, the more specific wins.
but it's not clear to me where they are valid and if we can negate (with a !
for instance) an argument.
For instance, I want to implement the typical case of "let clients from the
inside network perform a plain auth over a clear connection, require SSL before
auth for the outside network clients".
For that, I want to put
remote <internal network address> {
disable_plaintext_auth = no
}
in 10-auth.conf
and let the 'disable_plaintext_auth = yes' in dovecot.conf
But :
. why is this default not in 10-auth.conf file ?
. would I have been allowed to do, for instance, in that file at the same line
protocol imap {
remote <internal network address> {
disable_plaintext_auth = no
}
?
. would I have been allowed to do, for instance, in that file at the same line
protocol ! imap ...
or
remote ! <some address>
?
Besides, if I set ssl=required, do I still need disable_plaintext_auth = yes ?
4. auth unix listner
Default is the unix socket 'auth-userdb'. Which processes communicate
through this one ? Does that mean the the auth process is not the
process which performs the actual passdb/userdb lookup ? In that case
what is the 'userdb process' ?
Same question : what is the auth-client socket used for ?
Finally, would it make sense to declare other auth listeners than the two
listed by default in the 10-master.conf file ?
--
Thomas Hummel | Institut Pasteur
<hum...@pasteur.fr> | Pôle informatique - systèmes et réseau
