+++ /dev/null
-Configuration files go to this directory. See example configuration files in
-/usr/share/doc/dovecot-core/example-config/
# possible variables you can use.
#mail_log_prefix = "%s(%u): "
-# Format to use for logging mail deliveries. You can use variables:
+# Format to use for logging mail deliveries:
# %$ - Delivery status message (e.g. "saved to INBOX")
-# %m - Message-ID
-# %s - Subject
-# %f - From address
-# %p - Physical size
-# %w - Virtual size
+# %m / %{msgid} - Message-ID
+# %s / %{subject} - Subject
+# %f / %{from} - From address
+# %p / %{size} - Physical size
+# %w / %{vsize} - Virtual size
+# %e / %{from_envelope} - MAIL FROM envelope
+# %{to_envelope} - RCPT TO envelope
+# %{delivery_time} - How many milliseconds it took to deliver the mail
+# %{session_time} - How long LMTP session took, not including delivery_time
+# %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
#deliver_log_format = msgid=%m: %$
# Namespace handles its own subscriptions. If set to "no", the parent
# namespace handles them (empty prefix should always have this as "yes")
#subscriptions = yes
+
+ # See 15-mailboxes.conf for definitions of special mailboxes.
}
# Example shared namespace configuration
# or ~user/.
#mail_full_filesystem_access = no
-# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but
-# soon intended to be used by METADATA as well.
+# Dictionary for key=value mailbox attributes. This is used for example by
+# URLAUTH and METADATA extensions.
#mail_attribute_dict =
mail_attribute_dict = file:%h/.maildir/dovecot-attributes
+# A comment or note that is associated with the server. This value is
+# accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/comment".
+#mail_server_comment = ""
+
+# Indicates a method for contacting the server administrator. According to
+# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
+# is currently not enforced. Use for example mailto:admin@example.com. This
+# value is accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/admin".
+#mail_server_admin =
+
##
## Mail processes
##
# also required for IMAP NOTIFY extension to be enabled.
#mailbox_list_index = no
+# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
+# of potentially returning out-of-date results after e.g. server crashes.
+# The results will be automatically fixed once the folders are opened.
+#mailbox_list_index_very_dirty_syncs = yes
+
+# Should INBOX be kept up-to-date in the mailbox list index? By default it's
+# not, because most of the mailbox accesses will open INBOX anyway.
+#mailbox_list_index_include_inbox = no
+
# The minimum number of mails in a mailbox before updates are done to cache
# file. This allows optimizing Dovecot's behavior to do less disk writes at
# the cost of more disk reads.
# When IDLE command is running, mailbox is checked once in a while to see if
# there are any new mails or other changes. This setting defines the minimum
-# time to wait between those checks. Dovecot can also use dnotify, inotify and
+# time to wait between those checks. Dovecot can also use inotify and
# kqueue to find out immediately when changes occur.
#mailbox_idle_check_interval = 30 secs
# These should exist only after Dovecot dies in the middle of saving mails.
#mail_temp_scan_interval = 1w
+# How many slow mail accesses sorting can perform before it returns failure.
+# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
+# The untagged SORT reply is still returned, but it's likely not correct.
+#mail_sort_max_read_count = 0
+
+protocol !indexer-worker {
+ # If folder vsize calculation requires opening more than this many mails from
+ # disk (i.e. mail sizes aren't in cache already), return failure and finish
+ # the calculation via indexer process. Disabled by default. This setting must
+ # be 0 for indexer-worker processes.
+ #mail_vsize_bg_after_count = 0
+}
+
##
## Maildir-specific settings
##
# broken size. The performance hit for enabling this is very small.
#maildir_broken_filename_sizes = no
+# Always move mails from new/ directory to cur/, even when the \Recent flags
+# aren't being reset.
+#maildir_empty_new = no
+
##
## mbox-specific settings
##
--- /dev/null
+# Configure Dovecot mail replication
+# Based on https://wiki.dovecot.org/Replication
+
+mail_plugins = $mail_plugins notify replication
+
+service replicator {
+ process_min_avail = 1
+}
+
+dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
+plugin {
+ mail_replica = remote:dovecot-vmail@mail-pi.dehnerts.com
+}
+
+service aggregator {
+ fifo_listener replication-notify-fifo {
+ user = dovereplicate
+ mode = 0666
+ }
+ unix_listener replication-notify {
+ user = dovereplicate
+ mode = 0666
+ }
+}
+
+service replicator {
+ unix_listener replicator-doveadm {
+ mode = 0600
+ }
+}
+
+service doveadm {
+ vsz_limit=512M
+}
+
+replication_max_conns = 10
+
+plugin {
+ # When saving a new mail via IMAP or delivering a mail via LDA/LMTP,
+ # wait for the mail to be synced to the remote site. If it doesn't finish
+ # in 2 seconds, return success anyway.
+ #replication_sync_timeout = 2s
+}
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-#ssl = yes
+ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/dovecot/dovecot.pem
-ssl_key = </etc/dovecot/private/dovecot.pem
+ssl_cert = </etc/dovecot/private/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.key
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
# directory is usually /etc/ssl/certs in Debian-based systems and the file is
# /etc/pki/tls/cert.pem in RedHat-based systems.
-#ssl_client_ca_dir =
+ssl_client_ca_dir = /etc/ssl/certs
#ssl_client_ca_file =
# Request client to send a certificate. If you also want to require it, set
# DH parameters length to use.
#ssl_dh_parameters_length = 1024
-# How often to regenerate the SSL parameters file. Generation is quite CPU
-# intensive operation. The value is in hours, 0 disables regeneration
-# entirely.
-#ssl_parameters_regenerate = 168
-
# SSL protocols to use
-#ssl_protocols = !SSLv2
+#ssl_protocols = !SSLv3
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =
+
+# SSL extra options. Currently supported options are:
+# no_compression - Disable compression.
+# no_ticket - Disable SSL session tickets.
+#ssl_options =
## IMAP specific settings
##
+# If nothing happens for this long while client is IDLEing, move the connection
+# to imap-hibernate process and close the old imap process. This saves memory,
+# because connections use very little memory in imap-hibernate process. The
+# downside is that recreating the imap process back uses some resources.
+#imap_hibernate_timeout = 0
+
+# Maximum IMAP command line length. Some clients generate very long command
+# lines with huge mailboxes, so you may need to raise this if you get
+# "Too long argument" or "IMAP command line too large" errors often.
+#imap_max_line_length = 64k
+
+# IMAP logout format string:
+# %i - total number of bytes read from client
+# %o - total number of bytes sent to client
+# %{fetch_hdr_count} - Number of mails with mail header data sent to client
+# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
+# %{fetch_body_count} - Number of mails with mail body data sent to client
+# %{fetch_body_bytes} - Number of bytes with mail body data sent to client
+# %{deleted} - Number of mails where client added \Deleted flag
+# %{expunged} - Number of mails that client expunged, which does not
+# include automatically expunged mails
+# %{autoexpunged} - Number of mails that were automatically expunged after
+# client disconnected
+# %{trashed} - Number of mails that client copied/moved to the
+# special_use=\Trash mailbox.
+# %{appended} - Number of mails saved during the session
+#imap_logout_format = in=%i out=%o
+
+# Override the IMAP CAPABILITY response. If the value begins with '+',
+# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+#imap_capability =
+
+# How long to wait between "OK Still here" notifications when client is
+# IDLEing.
+#imap_idle_notify_interval = 2 mins
+
+# ID field names and values to send to clients. Using * as the value makes
+# Dovecot use the default value. The following fields have default values
+# currently: name, version, os, os-version, support-url, support-email.
+#imap_id_send =
+
+# ID fields sent by client to log. * means everything.
+#imap_id_log =
+
+# Workarounds for various client bugs:
+# delay-newmail:
+# Send EXISTS/RECENT new mail notifications only when replying to NOOP
+# and CHECK commands. Some clients ignore them otherwise, for example OSX
+# Mail (<v2.1). Outlook Express breaks more badly though, without this it
+# may show user "Message no longer in server" errors. Note that OE6 still
+# breaks even with this workaround if synchronization is set to
+# "Headers Only".
+# tb-extra-mailbox-sep:
+# Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+# adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+# ignore the extra '/' instead of treating it as invalid mailbox name.
+# tb-lsub-flags:
+# Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+# This makes Thunderbird realize they aren't selectable and show them
+# greyed out, instead of only later giving "not selectable" popup error.
+#
+# The list is space-separated.
+#imap_client_workarounds =
+
+# Host allowed in URLAUTH URLs sent by client. "*" allows all.
+#imap_urlauth_host =
+
+# What happens when FETCH fails due to some internal error:
+# disconnect-immediately:
+# The FETCH is aborted immediately and the IMAP client is disconnected.
+# disconnect-after:
+# The FETCH runs for all the requested mails returning as much data as
+# possible. The client is finally disconnected without a tagged reply.
+# no-after:
+# Same as disconnect-after, but tagged NO reply is sent instead of
+# disconnecting the client. If the client attempts to FETCH the same failed
+# mail more than once, the client is disconnected. This is to avoid clients
+# from going into infinite loops trying to FETCH a broken mail.
+#imap_fetch_failure = disconnect-immediately
+
protocol imap {
- # Maximum IMAP command line length. Some clients generate very long command
- # lines with huge mailboxes, so you may need to raise this if you get
- # "Too long argument" or "IMAP command line too large" errors often.
- #imap_max_line_length = 64k
+ # Space separated list of plugins to load (default is global mail_plugins).
+ #mail_plugins = $mail_plugins
# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
mail_max_userip_connections = 50
-
- # Space separated list of plugins to load (default is global mail_plugins).
- #mail_plugins = $mail_plugins
-
- # IMAP logout format string:
- # %i - total number of bytes read from client
- # %o - total number of bytes sent to client
- #imap_logout_format = bytes=%i/%o
-
- # Override the IMAP CAPABILITY response. If the value begins with '+',
- # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
- #imap_capability =
-
- # How long to wait between "OK Still here" notifications when client is
- # IDLEing.
- #imap_idle_notify_interval = 2 mins
-
- # ID field names and values to send to clients. Using * as the value makes
- # Dovecot use the default value. The following fields have default values
- # currently: name, version, os, os-version, support-url, support-email.
- #imap_id_send =
-
- # ID fields sent by client to log. * means everything.
- #imap_id_log =
-
- # Workarounds for various client bugs:
- # delay-newmail:
- # Send EXISTS/RECENT new mail notifications only when replying to NOOP
- # and CHECK commands. Some clients ignore them otherwise, for example OSX
- # Mail (<v2.1). Outlook Express breaks more badly though, without this it
- # may show user "Message no longer in server" errors. Note that OE6 still
- # breaks even with this workaround if synchronization is set to
- # "Headers Only".
- # tb-extra-mailbox-sep:
- # With mbox storage a mailbox can contain either mails or submailboxes,
- # but not both. Thunderbird separates these two by forcing server to
- # accept '/' suffix in mailbox names in subscriptions list.
- # tb-lsub-flags:
- # Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
- # This makes Thunderbird realize they aren't selectable and show them
- # greyed out, instead of only later giving "not selectable" popup error.
- #
- # The list is space-separated.
- #imap_client_workarounds =
}
+++ /dev/null
-# Configure Dovecot mail replication
-# Based on https://wiki.dovecot.org/Replication
-
-mail_plugins = $mail_plugins notify replication
-
-service replicator {
- process_min_avail = 1
-}
-
-dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
-plugin {
- mail_replica = remote:dovecot-vmail@mail-pi.dehnerts.com
-}
-
-service aggregator {
- fifo_listener replication-notify-fifo {
- user = dovereplicate
- mode = 0666
- }
- unix_listener replication-notify {
- user = dovereplicate
- mode = 0666
- }
-}
-
-service replicator {
- unix_listener replicator-doveadm {
- mode = 0600
- }
-}
-
-service doveadm {
- vsz_limit=512M
-}
-
-replication_max_conns = 10
-
-plugin {
- # When saving a new mail via IMAP or delivering a mail via LDA/LMTP,
- # wait for the mail to be synced to the remote site. If it doesn't finish
- # in 2 seconds, return success anyway.
- #replication_sync_timeout = 2s
-}
# over quota, if the quota doesn't grow too high. Default is to allow as
# long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
#quota_grace = 10%%
+
+ # Quota plugin can also limit the maximum accepted mail size.
+ #quota_max_mail_size = 100M
}
##
# Location for ":global" include scripts as used by the "include" extension.
#sieve_global =
+ # The location of a Sieve script that is run for any message that is about to
+ # be discarded; i.e., it is not delivered anywhere by the normal Sieve
+ # execution. This only happens when the "implicit keep" is canceled, by e.g.
+ # the "discard" action, and no actions that deliver the message are executed.
+ # This "discard script" can prevent discarding the message, by executing
+ # alternative actions. If the discard script does nothing, the message is
+ # still discarded as it would be when no discard script is configured.
+ #sieve_discard =
+
# Location Sieve of scripts that need to be executed before the user's
# personal script. If a 'file' location path points to a directory, all the
# Sieve scripts contained therein (with the proper `.sieve' extension) are
# set to 0, no limit on the used amount of disk storage is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_storage = 0
+
+ # The primary e-mail address for the user. This is used as a default when no
+ # other appropriate address is available for sending messages. If this setting
+ # is not configured, either the postmaster or null "<>" address is used as a
+ # sender, depending on the action involved. This setting is important when
+ # there is no message envelope to extract addresses from, such as when the
+ # script is executed in IMAP.
+ #sieve_user_email =
+
+ # The path to the file where the user log is written. If not configured, a
+ # default location is used. If the main user's personal Sieve (as configured
+ # with sieve=) is a file, the logfile is set to <filename>.log by default. If
+ # it is not a file, the default user log file is ~/.dovecot.sieve.log.
+ #sieve_user_log =
+
+ # Specifies what envelope sender address is used for redirected messages.
+ # The following values are supported for this setting:
+ #
+ # "sender" - The sender address is used (default).
+ # "recipient" - The final recipient address is used.
+ # "orig_recipient" - The original recipient is used.
+ # "user_email" - The user's primary address is used. This is
+ # configured with the "sieve_user_email" setting. If
+ # that setting is unconfigured, "user_mail" is equal to
+ # "recipient".
+ # "postmaster" - The postmaster_address configured for the LDA.
+ # "<user@domain>" - Redirected messages are always sent from user@domain.
+ # The angle brackets are mandatory. The null "<>" address
+ # is also supported.
+ #
+ # This setting is ignored when the envelope sender is "<>". In that case the
+ # sender of the redirected message is also always "<>".
+ #sieve_redirect_envelope_from = sender
+
+ ## TRACE DEBUGGING
+ # Trace debugging provides detailed insight in the operations performed by
+ # the Sieve script. These settings apply to both the LDA Sieve plugin and the
+ # IMAPSIEVE plugin.
+ #
+ # WARNING: On a busy server, this functionality can quickly fill up the trace
+ # directory with a lot of trace files. Enable this only temporarily and as
+ # selective as possible.
+
+ # The directory where trace files are written. Trace debugging is disabled if
+ # this setting is not configured or if the directory does not exist. If the
+ # path is relative or it starts with "~/" it is interpreted relative to the
+ # current user's home directory.
+ #sieve_trace_dir =
+
+ # The verbosity level of the trace messages. Trace debugging is disabled if
+ # this setting is not configured. Possible values are:
+ #
+ # "actions" - Only print executed action commands, like keep,
+ # fileinto, reject and redirect.
+ # "commands" - Print any executed command, excluding test commands.
+ # "tests" - Print all executed commands and performed tests.
+ # "matching" - Print all executed commands, performed tests and the
+ # values matched in those tests.
+ #sieve_trace_level =
+
+ # Enables highly verbose debugging messages that are usually only useful for
+ # developers.
+ #sieve_trace_debug = no
+
+ # Enables showing byte code addresses in the trace output, rather than only
+ # the source line numbers.
+ #sieve_trace_addresses = no
}
#
# But also adds some new settings:
# client_flags - See MySQL manual
+# connect_timeout - Connect timeout in seconds (default: 5)
+# read_timeout - Read timeout in seconds (default: 30)
+# write_timeout - Write timeout in seconds (default: 30)
# ssl_ca, ssl_ca_path - Set either one or both to enable SSL
# ssl_cert, ssl_key - For sending client-side certificates to server
# ssl_cipher - Set minimum allowed cipher security (default: HIGH)
projects / sysconfig / dovecot.git / commitdiff