Am 22.12.2013 17:24, schrieb Charles Marcus: > One thing about dovecots config I've learned during this process... it is > confusing sometimes to determine where > any given setting is coming from, given the number of different default > config files.. > > Grepping of course will help you find it, but it would be nice if there was > some way to simplify this... > > Maybe cut down on the number of different config files
you are free to use only one config file as below and
a second one "/etc/dovecot/sql.conf" referred there
contains the sensible autentication configuration
hence my RPM-SPEC does not include a single config file
[root@testserver:~]$ cat /etc/dovecot/dovecot.conf
# provided services
protocols = imap pop3
# configure ssl
ssl = yes
ssl_cert = </etc/postfix/certs/localhost.pem
ssl_key = </etc/postfix/certs/localhost.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
ssl_prefer_server_ciphers = yes
ssl_parameters_regenerate = 0
# configure imap-proxy
service imap-login {
inet_listener imap {
address = **.**.**.**
port = 143
}
inet_listener imaps {
address = **.**.**.**
port = 993
}
vsz_limit = 128M
service_count = 0
process_min_avail = 1
process_limit = 1
client_limit = 200
}
# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
address = **.**.**.**
port = 110
}
inet_listener pop3s {
address = **.**.**.**
port = 995
}
vsz_limit = 128M
service_count = 0
process_min_avail = 1
process_limit = 1
client_limit = 200
}
# default settings
imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
login_log_format_elements = %u %r %m %k
login_log_format = %{login_status}: %s
mail_max_userip_connections = 100
auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN
PLAIN
disable_plaintext_auth = no
shutdown_clients = no
version_ignore = yes
# Logging
syslog_facility = mail
# authentication process
auth_worker_max_count = 50
auth_cache_size = 1024
auth_cache_ttl = 600
auth_cache_negative_ttl = 600
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation =
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl = no
# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver = static
args = static uid=10000 gid=10000 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
signature.asc
Description: OpenPGP digital signature
