From: Jakub Czajka Date: Sat, 6 Dec 2025 21:18:49 +0000 (+0100) Subject: [dovecot] Upgrade to 2.4.0. X-Git-Url: https://git.ekhem.eu.org/?a=commitdiff_plain;h=92f0c3353ba4c8dc9c521a2aab7c7a21fc5b9807;p=server.git [dovecot] Upgrade to 2.4.0. --- diff --git a/dovecot/10-auth.conf b/dovecot/10-auth.conf index 84294a8..54bb3b9 100644 --- a/dovecot/10-auth.conf +++ b/dovecot/10-auth.conf @@ -2,15 +2,15 @@ ## Authentication processes ## -# Disable LOGIN command and all other plaintext authentications unless -# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP +# Enable LOGIN command and all other plaintext authentications even if +# SSL/TLS is not used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the -# connection is considered secure and plaintext authentication is allowed. -# See also ssl=required setting. -#disable_plaintext_auth = yes +# connection is considered secure and plaintext authentication is allowed, +# unless ssl = required. +#auth_allow_cleartext = yes # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that -# bsdauth and PAM require cache_key to be set for caching to be used. +# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used. #auth_cache_size = 0 # Time to live for cached data. After TTL expires the cached record is no # longer used, *except* if the main database lookup returns internal failure. @@ -27,10 +27,10 @@ # Many clients simply use the first one listed here, so keep the default realm # first. #auth_realms = - +# # Default realm/domain to use if none was specified. This is used for both # SASL realms and appending @domain to username in plaintext logins. -#auth_default_realm = +#auth_default_domain = # List of allowed characters in username. If the user-given username contains # a character not listed in here, the login automatically fails. This is just @@ -44,11 +44,9 @@ # that '#' and '/' characters are translated to '@'. #auth_username_translation = -# Username formatting before it's looked up from databases. You can use -# the standard variables here, eg. %Lu would lowercase the username, %n would -# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into -# "-AT-". This translation is done after auth_username_translation changes. -#auth_username_format = %Lu +# Username formatting before it's looked up from databases. +#auth_username_format = %{user|lower} +#auth_username_format = %{user|username|lower} # If you want to allow master users to log in by specifying the master # username within the normal username string (ie. not using SASL mechanism's @@ -60,11 +58,6 @@ # Username to use for users logging in with ANONYMOUS SASL mechanism #auth_anonymous_username = anonymous -# Maximum number of dovecot-auth worker processes. They're used to execute -# blocking passdb and userdb queries (eg. MySQL and PAM). They're -# automatically created and destroyed as needed. -#auth_worker_max_count = 30 - # Host name to use in GSSAPI principal names. The default is to use the # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab # entries. @@ -76,7 +69,7 @@ #auth_krb5_keytab = # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and -# ntlm_auth helper. +# ntlm_auth helper. #auth_use_winbind = no # Path for Samba's ntlm_auth helper binary. @@ -94,9 +87,9 @@ auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no # Space separated list of wanted authentication mechanisms: -# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp -# gss-spnego -# NOTE: See also disable_plaintext_auth setting. +# plain login digest-md5 cram-md5 ntlm anonymous gssapi +# gss-spnego xoauth2 oauthbearer +# NOTE: See also auth_allow_cleartext setting. auth_mechanisms = plain login ## @@ -109,19 +102,19 @@ auth_mechanisms = plain login # allow both system users (/etc/passwd) and virtual users to login without # duplicating the system users into virtual database. # -# +# # # User database specifies where mails are located and what user/group IDs # own them. For single-UID configuration use "static" userdb. # -# +# #!include auth-deny.conf.ext #!include auth-master.conf.ext +#!include auth-oauth2.conf.ext -#!include auth-system.conf.ext -!include auth-sql.conf.ext +!include auth-system.conf.ext +#!include auth-sql.conf.ext #!include auth-ldap.conf.ext #!include auth-passwdfile.conf.ext -#!include auth-checkpassword.conf.ext #!include auth-static.conf.ext diff --git a/dovecot/10-logging.conf b/dovecot/10-logging.conf index c49add3..dda6b7b 100644 --- a/dovecot/10-logging.conf +++ b/dovecot/10-logging.conf @@ -20,58 +20,44 @@ ## Logging verbosity and debugging. ## -# Log filter is a space-separated list conditions. If any of the conditions -# match, the log filter matches (i.e. they're ORed together). Parenthesis -# are supported if multiple conditions need to be matched together. -# Supported conditions are: -# event: - Match event name. '*' and '?' wildcards supported. -# source:[:] - Match source code filename [and line] -# field:= - Match field key to a value. Can be specified -# multiple times to match multiple keys. -# cat[egory]: - Match a category. Can be specified multiple times to -# match multiple categories. -# For example: event:http_request_* (cat:error cat:storage) - -# Filter to specify what debug logging to enable. This will eventually replace -# mail_debug and auth_debug settings. -#log_debug = - -# Crash after logging a matching event. For example category:error will crash -# any time an error is logged, which can be useful for debugging. -#log_core_filter = - # Log unsuccessful authentication attempts and the reasons why they failed. -#auth_verbose = no +auth_verbose = no # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. -# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6). #auth_verbose_passwords = no +# To chain multiple logging conditions you can use, +# log_debug=$SET:log_debug or category=xxx + # Even more verbose logging for debugging purposes. Shows for example SQL # queries. -#auth_debug = no - +#log_debug=category=auth +# # In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. -#auth_debug_passwords = no +auth_debug_passwords = no # Enable mail process debugging. This can help you figure out why Dovecot # isn't finding your mails. -#mail_debug = no +#log_debug=category=mail # Show protocol level SSL errors. -#verbose_ssl = no +#log_debug=category=ssl # mail_log plugin provides more event logging for mail processes. -plugin { - # Events to log. Also available: flag_change append - #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename - # Available fields: uid, box, msgid, from, subject, size, vsize, flags - # size and vsize are available only for expunge and copy events. - #mail_log_fields = uid box msgid size -} +#mail_plugins { +# notify = yes +# mail_log = yes +#} +# Events to log. Also available: flag_change append +#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append +# Available fields: uid, box, msgid, from, subject, size, vsize, flags +# size and vsize are available only for expunge and copy events. +#mail_log_fields = uid box msgid size from subject vsize flags +# only log cached fields +#mail_log_cached_only = yes ## ## Log formatting. @@ -84,26 +70,17 @@ plugin { # Space-separated list of elements we want to log. The elements which have # a non-empty variable value are joined together to form a comma-separated # string. -#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c +#login_log_format_elements = user=<%{user}> method=%{mechanism} rip=%{remote_ip} lip=%{local_ip} mpid=%{mail_pid} %{secured} session=<%{session}> -# Login log format. %s contains login_log_format_elements string, %$ contains +# Login log format. %{elements} contains login_log_format_elements string, %{message} contains # the data we want to log. -#login_log_format = %$: %s - -# Log prefix for mail processes. See doc/wiki/Variables.txt for list of -# possible variables you can use. -#mail_log_prefix = "%s(%u)<%{pid}><%{session}>: " - -# Format to use for logging mail deliveries: -# %$ - Delivery status message (e.g. "saved to INBOX") -# %m / %{msgid} - Message-ID -# %s / %{subject} - Subject -# %f / %{from} - From address -# %p / %{size} - Physical size -# %w / %{vsize} - Virtual size -# %e / %{from_envelope} - MAIL FROM envelope -# %{to_envelope} - RCPT TO envelope -# %{delivery_time} - How many milliseconds it took to deliver the mail -# %{session_time} - How long LMTP session took, not including delivery_time -# %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename -#deliver_log_format = msgid=%m: %$ +#login_log_format = %{message}: %{elements} + +# Log prefix for mail processes. See +# https://doc.dovecot.org/latest/core/settings/variables.html#mail-service-user-variables +# for list of possible variables. +#mail_log_prefix = "%{service}(%{user})<%{process:pid}><%{session}>: " + +# Format to use for logging mail deliveries. See https://doc.dovecot.org/latest/core/summaries/settings.html#deliver_log_format +# for list of possible variables. +#deliver_log_format = msgid=%{msgid}: %{message} (subject=%{subject} from=%{from} size=%{size}) diff --git a/dovecot/10-mail.conf b/dovecot/10-mail.conf index 1c65e68..c6563e2 100644 --- a/dovecot/10-mail.conf +++ b/dovecot/10-mail.conf @@ -14,20 +14,28 @@ # # There are a few special variables you can use, eg.: # -# %u - username -# %n - user part in user@domain, same as %u if there's no domain -# %d - domain part in user@domain, empty if there's no domain -# %h - home directory +# %{user} - username +# %{user|username} - user part in user@domain, same as %u if there's no domain +# %{user|domain} - domain part in user@domain, empty if there's no domain +# %{home} - home directory # -# See doc/wiki/Variables.txt for full list. Some examples: +# See https://doc.dovecot.org/latest/core/settings/variables.html for full list +# of variables. # -# mail_location = maildir:~/Maildir -# mail_location = mbox:~/mail:INBOX=/var/mail/%u -# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n +# Example: +# mail_driver = maildir +# mail_path = ~/Maildir +# mail_inbox_path = ~/Maildir/.INBOX # -# -# -mail_location = maildir:/var/vmail/%n + +# Debian defaults +# Note that upstream considers mbox deprecated and strongly recommends +# against its use in production environments. See further information +# at +# https://doc.dovecot.org/2.4.1/core/config/mailbox/formats/mbox.html +mail_driver = maildir +mail_path = /var/vmail/%{user | username} +mail_inbox_path = /var/vmail/%{user | username}/.INBOX # If you need to set multiple mailbox locations or want to change default # namespace settings, you can do it by defining namespace sections. @@ -53,9 +61,10 @@ namespace inbox { #prefix = # Physical location of the mailbox. This is in same format as - # mail_location, which is also the default for it. - #location = - + # mail location, which is also the default for it. + # mail_driver = + # mail_path = + # # There can be only one INBOX, and this setting defines which namespace # has it. inbox = yes @@ -80,18 +89,20 @@ namespace inbox { } # Example shared namespace configuration -#namespace { +#namespace shared { #type = shared #separator = / # Mailboxes are visible under "shared/user@domain/" - # %%n, %%d and %%u are expanded to the destination user. - #prefix = shared/%%u/ + # $user, $domain and $username are expanded to the destination user. + #prefix = shared/$user/ - # Mail location for other users' mailboxes. Note that %variables and ~/ - # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the + # Mail location for other users' mailboxes. Note that %{variables} and ~/ + # expands to the logged in user's data. %{owner_user} and %{owner_home} # destination user's data. - #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u + #mail_driver = maildir + #mail_path = %{owner_home}/Maildir + #mail_index_path = ~/Maildir/shared/%{owner_user} # Use the default namespace for saving subscriptions. #subscriptions = no @@ -104,7 +115,7 @@ namespace inbox { # System user and group used to access mails. If you use multiple, userdb # can override these by returning uid or gid fields. You can use either numbers -# or names. +# or names. mail_uid = vmail mail_gid = vmail @@ -128,7 +139,11 @@ mail_privileged_group = mail # Dictionary for key=value mailbox attributes. This is used for example by # URLAUTH and METADATA extensions. -#mail_attribute_dict = +#mail_attribute { +# dict file { +# path = %{home}/Maildir/dovecot-attributes +# } +#} # A comment or note that is associated with the server. This value is # accessible for authenticated users through the IMAP METADATA server @@ -195,7 +210,7 @@ mail_privileged_group = mail # settings. If this setting is empty, "/./" in home dirs are ignored. # WARNING: Never add directories here which local users can modify, that # may lead to root exploit. Usually this should be done only if you don't -# allow shell access for users. +# allow shell access for users. #valid_chroot_dirs = # Default chroot directory for mail processes. This can be overridden for @@ -211,11 +226,16 @@ mail_privileged_group = mail #auth_socket_path = /var/run/dovecot/auth-userdb # Directory where to look up mail plugins. -#mail_plugin_dir = /usr/lib/dovecot/modules +#mail_plugin_dir = /usr/lib/dovecot # Space separated list of plugins to load for all services. Plugins specific to # IMAP, LDA, etc. are added to this list in their own .conf files. #mail_plugins = +# +# To add plugins, use +#mail_plugins { +# plugin = yes +#} ## ## Mailbox handling optimizations @@ -320,14 +340,8 @@ protocol !indexer-worker { # in is important to avoid deadlocks if other MTAs/MUAs are using multiple # locking methods as well. Some operating systems don't allow using some of # them simultaneously. -# -# The Debian value for mbox_write_locks differs from upstream Dovecot. It is -# changed to be compliant with Debian Policy (section 11.6) for NFS safety. -# Dovecot: mbox_write_locks = dotlock fcntl -# Debian: mbox_write_locks = fcntl dotlock -# #mbox_read_locks = fcntl -#mbox_write_locks = fcntl dotlock +#mbox_write_locks = dotlock fcntl # Maximum time to wait for lock (all of them) before aborting. #mbox_lock_timeout = 5 mins @@ -383,32 +397,6 @@ protocol !indexer-worker { # filesystems (ext4, xfs). #mdbox_preallocate_space = no -## -## Mail attachments -## - -# sdbox and mdbox support saving mail attachments to external files, which -# also allows single instance storage for them. Other backends don't support -# this for now. - -# Directory root where to store mail attachments. Disabled, if empty. -#mail_attachment_dir = - -# Attachments smaller than this aren't saved externally. It's also possible to -# write a plugin to disable saving specific attachments externally. -#mail_attachment_min_size = 128k - -# Filesystem backend to use for saving attachments: -# posix : No SiS done by Dovecot (but this might help FS's own deduplication) -# sis posix : SiS with immediate byte-by-byte comparison during saving -# sis-queue posix : SiS with delayed comparison and deduplication -#mail_attachment_fs = sis posix - -# Hash format to use in attachment filenames. You can add any text and -# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}. -# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits -#mail_attachment_hash = %{sha1} - # Settings to control adding $HasAttachment or $HasNoAttachment keywords. # By default, all MIME parts with Content-Disposition=attachment, or inlines # with filename parameter are consired attachments. diff --git a/dovecot/10-master.conf b/dovecot/10-master.conf index 16154dc..b422273 100644 --- a/dovecot/10-master.conf +++ b/dovecot/10-master.conf @@ -25,14 +25,14 @@ service imap-login { # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 - # is faster. - #service_count = 1 + # is faster. + #service_restart_request_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 - # If you set service_count=0, you probably need to grow this. - #vsz_limit = $default_vsz_limit + # If you set service_restart_request_count=0, you probably need to grow this. + #vsz_limit = 256M # default } service pop3-login { @@ -49,10 +49,13 @@ service submission-login { inet_listener submission { #port = 587 } + inet_listener submissions { + #port = 465 + } } service lmtp { - unix_listener /var/spool/postfix/private/dovecot-lmtp { + unix_listener lmtp { mode = 0600 user = postfix group = postfix @@ -61,15 +64,15 @@ service lmtp { # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet - #address = - #port = + #listen = 127.0.0.1 + #port = 24 #} } service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. - #vsz_limit = $default_vsz_limit + #vsz_limit = 256M # default # Max. number of IMAP processes (connections) #process_limit = 1024 @@ -113,13 +116,13 @@ service auth { } # Auth process is run as this user. - #user = $default_internal_user + #user = $SET:default_internal_user } service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to - # $default_internal_user. + # $SET:default_internal_user. #user = root } diff --git a/dovecot/10-metrics.conf b/dovecot/10-metrics.conf new file mode 100644 index 0000000..36d1729 --- /dev/null +++ b/dovecot/10-metrics.conf @@ -0,0 +1,122 @@ +## +## Statistics and metrics +## + +# Dovecot supports gathering statistics from events. +# Currently there are no statistics logged by default, and therefore they must +# be explicitly added using the metric configuration blocks. +# +# Unlike old stats, the new statistics do not require any plugins loaded. +# +# See https://doc.dovecot.org/latest/core/config/statistics.html for details + +## +## Example metrics +## + +#metric auth_success { +# filter = (event=auth_request_finished AND success=yes) +#} +# +#metric auth_failure { +# filter = (event=auth_request_finished AND NOT success=yes) +## See exporter config later in this file +## can be used to replace auth_verbose=yes +# exporter = log +#} +# +#metric imap_command { +# filter = event=imap_command_finished +# group_by cmd_name { +# method discrete { +# } +# } +# group_by tagged_reply_state { +# method discrete { +# } +# } +#} +# +#metric smtp_command { +# filter = event=smtp_server_command_finished and protocol=submission +# group_by cmd_name { +# method discrete { +# } +# } +# group_by status_code { +# method discrete { +# } +# } +# group_by duration { +# method exponential { +# base = 10 +# min_magnitude = 1 +# max_magnitude = 5 +# } +# } +#} +# +#metric lmtp_command { +# filter = event=smtp_server_command_finished and protocol=lmtp +# group_by cmd_name { +# method discrete { +# } +# } +# group_by status_code { +# method discrete { +# } +# } +# group_by duration { +# method exponential { +# base = 10 +# min_magnitude = 1 +# max_magnitude = 5 +# } +# } +#} +# +#metric mail_delivery { +# filter = event=mail_delivery_finished +# group_by duration { +# method exponential { +# base = 10 +# min_magnitude = 1 +# max_magnitude = 5 +# } +# } +#} + +## +## Prometheus +## + +# To allow access to statistics with Prometheus, enable http listener +# on stats process. Stats will be available on /metrics path. +# +# See https://doc.dovecot.org/latest/core/config/statistics.html#openmetrics for more +# details. + +#service stats { +# inet_listener http { +# port = 9900 +# } +#} + +## +## Event exporting +## + +# You can also export individual events. +# +# See https://doc.dovecot.org/configuration_manual/event_export/ for more +# details. + +#event_exporter log { +# format = json +# time_format = rfc3339 +#} +# +#metric imap_commands { +# exporter = log +# filter = event=imap_command_finished +#} diff --git a/dovecot/10-ssl.conf b/dovecot/10-ssl.conf index aa19178..2fb19ef 100644 --- a/dovecot/10-ssl.conf +++ b/dovecot/10-ssl.conf @@ -2,79 +2,55 @@ ## SSL settings ## -# SSL/TLS support: yes, no, required. +# SSL/TLS support: yes, no, required. ssl = required -# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -# dropping root privileges, so keep the key file unreadable by anyone but -# root. Included doc/mkcert.sh can be used to easily generate self-signed -# certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = <${mail_ssl_cert_dir}/fullchain.pem -ssl_key = <${mail_ssl_cert_dir}/privkey.pem +# PEM encoded X.509 SSL/TLS certificate and private key. By default, Debian +# installs a self-signed certificate. This is useful for testing, but you +# should obtain a real certificate from a recognized certificate authority. +# +# These files are opened before dropping root privileges, so keep the key file +# unreadable by anyone but root. Included /usr/share/dovecot/mkcert.sh can be +# used to easily generate self-signed certificate, just make sure to update the +# domains in dovecot-openssl.cnf +# +# Preferred permissions: root:root 0444 +ssl_server_cert_file = ${mail_ssl_cert_dir}/fullchain.pem +# Preferred permissions: root:root 0400 +ssl_server_key_file = ${mail_ssl_cert_dir}/privkey.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = ". + +dict_server { +# dict quota { +# driver = sql +# sql_driver = mysql +# hostname = localhost +# +# dict_map priv/quota/storage { +# sql_table = quota +# username_field = username +# value_field bytes { +# type = uint +# } +# } +# +# dict_map priv/quota/messages { +# sql_table = quota +# username_field = username +# value_field messages { +# type = uint +# } +# } +# } +} + diff --git a/dovecot/90-acl.conf b/dovecot/90-acl.conf index f0c0e7a..b3fcfb4 100644 --- a/dovecot/90-acl.conf +++ b/dovecot/90-acl.conf @@ -8,12 +8,23 @@ # one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter # specifies how many seconds to wait between stat()ing dovecot-acl file # to see if it changed. -plugin { - #acl = vfile:/etc/dovecot/global-acls:cache_secs=300 -} + +#acl_driver = vfile +## Deprecated ACL global path +#acl_global_path = /etc/dovecot/global-acls +#acl_cache_ttl = 5m + +## New inline ACLs +#mailbox INBOX { +# acl user=testuser { +# rights = lri +# } +#} # To let users LIST mailboxes shared by other users, Dovecot needs a # shared mailbox dictionary. For example: -plugin { - #acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes -} +#acl_sharing_map { +# dict file { +# path = /var/lib/dovecot/shared-mailboxes +# } +#} diff --git a/dovecot/90-fts.conf b/dovecot/90-fts.conf new file mode 100644 index 0000000..e095c9b --- /dev/null +++ b/dovecot/90-fts.conf @@ -0,0 +1,26 @@ +## +## Plugin settings +## + +# All wanted plugins must be listed in mail_plugins setting before any of the +# settings take effect. See for list of plugins and +# their configuration. Note that %{variable} expansion is done for all values. + +## See https://doc.dovecot.org/latest/core/plugins/fts.html for FTS information + +fts_autoindex = yes +fts_autoindex_max_recent_msgs = 999 +fts_search_add_missing = yes + +## for attachment decoding + +#fts_decoder_driver = tika +#fts_decoder_tika_url = http://localhost:9998/tika/ + +## for solr +#fts solr { +# url = http://localhost:8983/solr/dovecot/ +#} + +# See 90-fts-flatcurve.conf in the dovecot-flatcurve package for +# settings specific to that driver diff --git a/dovecot/90-quota.conf b/dovecot/90-quota.conf index 3308c05..f3eb2a1 100644 --- a/dovecot/90-quota.conf +++ b/dovecot/90-quota.conf @@ -3,7 +3,7 @@ ## # Note that you also have to enable quota plugin in mail_plugins setting. -# +## ## ## Quota limits @@ -14,18 +14,19 @@ # from userdb. It's also possible to give mailbox-specific limits, for example # to give additional 100 MB when saving to Trash: -plugin { - #quota_rule = *:storage=1G - #quota_rule2 = Trash:storage=+100M - - # LDA/LMTP allows saving the last mail to bring user from under quota to - # over quota, if the quota doesn't grow too high. Default is to allow as - # long as quota will stay under 10% above the limit. Also allowed e.g. 10M. - #quota_grace = 10%% +#mail_plugins { +# quota = yes +#} - # Quota plugin can also limit the maximum accepted mail size. - #quota_max_mail_size = 100M -} +#quota "User quota" { +# storage_size = 1G +#} +# +#namespace inbox { +# mailbox Trash { +# quota_storage_extra = 100M +# } +#} ## ## Quota warnings @@ -38,10 +39,20 @@ plugin { # UNIX socket (quota-warning below). # Note that % needs to be escaped as %%, otherwise "% " expands to empty. -plugin { - #quota_warning = storage=95%% quota-warning 95 %u - #quota_warning2 = storage=80%% quota-warning 80 %u -} +#quota "User quota" { +# warning warn-95 { +# quota_storage_percentage = 95 +# execute quota-warning { +# args = 95 %{user} +# } +# } +# warning warn-80 { +# quota_storage_percentage = 80 +# execute quota-warning { +# args = 80 %{user} +# } +# } +#} # Example quota-warning service. The unix listener's permissions should be # set in a way that mail processes can connect to it. Below example assumes @@ -60,24 +71,9 @@ plugin { ## # Multiple backends are supported: -# dirsize: Find and sum all the files found from mail directory. -# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. -# dict: Keep quota stored in dictionary (eg. SQL) +# count: Default and recommended, quota driver tracks the quota internally within Dovecot's index files. # maildir: Maildir++ quota # fs: Read-only support for filesystem quota - -plugin { - #quota = dirsize:User quota - #quota = maildir:User quota - #quota = dict:User quota::proxy::quota - #quota = fs:User quota -} - -# Multiple quota roots are also possible, for example this gives each user -# their own 100MB quota and one shared 1GB quota within the domain: -plugin { - #quota = dict:user::proxy::quota - #quota2 = dict:domain:%d:proxy::quota_domain - #quota_rule = *:storage=102400 - #quota2_rule = *:storage=1048576 -} +#quota "User quota" { +# driver = count +#} diff --git a/dovecot/90-sieve-extprograms.conf b/dovecot/90-sieve-extprograms.conf new file mode 100644 index 0000000..535b089 --- /dev/null +++ b/dovecot/90-sieve-extprograms.conf @@ -0,0 +1,41 @@ +# Sieve Extprograms plugin configuration + +# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting. +# Also enable the extensions you need (one or more of vnd.dovecot.pipe, +# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the +# sieve_extensions or sieve_global_extensions settings. Restricting these +# extensions to a global context using sieve_global_extensions is recommended. + +# The directory where the program sockets are located for the +# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension +# respectively. The name of each unix socket contained in that directory +# directly maps to a program-name referenced from the Sieve script. +#sieve_pipe_socket_dir = sieve-pipe +#sieve_filter_socket_dir = sieve-filter +#sieve_execute_socket_dir = sieve-execute + +# The directory where the scripts are located for direct execution by the +# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension +# respectively. The name of each script contained in that directory +# directly maps to a program-name referenced from the Sieve script. +#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe +#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter +#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute + +# An example program service called 'do-something' to pipe messages to +#service do-something { + # Define the executed script as parameter to the sieve service + #executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh + + # Use some unprivileged user for executing the program + #user = dovenull + + # The unix socket located in the sieve_pipe_socket_dir (as defined in the + # plugin {} section above) + #unix_listener sieve-pipe/do-something { + # LDA/LMTP must have access + # user = vmail + # mode = 0600 + #} +#} + diff --git a/dovecot/90-sieve.conf b/dovecot/90-sieve.conf new file mode 100644 index 0000000..21b852c --- /dev/null +++ b/dovecot/90-sieve.conf @@ -0,0 +1,113 @@ +## +## Settings for the Sieve interpreter +## + +# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf +# by adding it to the respective mail_plugins { sieve = yes } settings. + +# See https://doc.dovecot.org/latest/core/plugins/sieve.html + +# Personal sieve script location +#sieve_script personal { +# driver = file +# path = ~/sieve +# active_path = ~/.dovecot.sieve +#} + +# Default sieve script location +#sieve_script default { +# type = default +# name = default +# driver = file +# path = /etc/dovecot/sieve/default/ +#} + + +# Which Sieve language extensions are available to users. By default, all +# supported extensions are available, except for deprecated extensions or +# those that are still under development. Some system administrators may want +# to disable certain Sieve extensions or enable those that are not available +# by default. This setting can use 'yes' and 'no' to specify differences relative +# to the default. For example `imapflags = yes' will enable the +# deprecated imapflags extension in addition to all extensions were already +# enabled by default. +#sieve_extensions { +# mboxmetadata = yes +# vnd.dovecot.debug = yes +#} + +# Which Sieve language extensions are ONLY available in global scripts. This +# can be used to restrict the use of certain Sieve extensions to administrator +# control, for instance when these extensions can cause security concerns. +# This setting has higher precedence than the `sieve_extensions' setting +# (above), meaning that the extensions enabled with this setting are never +# available to the user's personal script no matter what is specified for the +# `sieve_extensions' setting. The syntax of this setting is similar to the +# `sieve_extensions' setting, with the difference that extensions are +# enabled or disabled for exclusive use in global scripts. Currently, no +# extensions are marked as such by default. +#sieve_global_extensions = + +# The Pigeonhole Sieve interpreter can have plugins of its own. Using this +# setting, the used plugins can be specified. Check the Dovecot documentation +# https://doc.dovecot.org/latest/core/plugins/sieve.html + +#sieve_plugins = sieve_imapsieve sieve_extprograms +#sieve_pipe_bin_dir = /usr/share/dovecot-pigeonhole/sieve +#sieve_execute_bin_dir = /usr/share/dovecot-pigeonhole/sieve +#sieve_global_extensions { +# vnd.dovecot.pipe = yes +# vnd.dovecot.execute = yes +#} +#imapsieve_url = + +# The separator that is expected between the :user and :detail +# address parts introduced by the subaddress extension. This may +# also be a sequence of characters (e.g. '--'). The current +# implementation looks for the separator from the left of the +# localpart and uses the first one encountered. The :user part is +# left of the separator and the :detail part is right. This setting +# is also used by Dovecot's LMTP service. +#recipient_delimiter = +-_ + +# The maximum size of a Sieve script. The compiler will refuse to compile any +# script larger than this limit. If set to 0, no limit on the script size is +# enforced. +#sieve_max_script_size = 1M + +# The maximum number of actions that can be performed during a single script +# execution. If set to 0, no limit on the total number of actions is enforced. +#sieve_max_actions = 32 + +# The maximum number of redirect actions that can be performed during a single +# script execution. If set to 0, no redirect actions are allowed. +#sieve_max_redirects = 4 + +# The maximum number of personal Sieve scripts a single user can have. If set +# to 0, no limit on the number of scripts is enforced. +# (Currently only relevant for ManageSieve) +#sieve_quota_script_count = 0 + +# The maximum amount of disk storage a single user's scripts may occupy. If +# set to 0, no limit on the used amount of disk storage is enforced. +# (Currently only relevant for ManageSieve) +#sieve_quota_storage_size = 0 + + +#mailbox Spam { +## From elsewhere to Spam folder +# sieve_script report-spam { +# type = before +# cause = copy +# path = /etc/dovecot/report-spam.sieve +# } +#} + +## From Spam folder to elsewhere +#imapsieve_from Spam { +# sieve_script report-ham { +# type = before +# cause = copy +# path = /etc/dovecot/report-ham.sieve +# } +#} diff --git a/dovecot/auth-deny.conf.ext b/dovecot/auth-deny.conf.ext index ce3f1cf..35b5c19 100644 --- a/dovecot/auth-deny.conf.ext +++ b/dovecot/auth-deny.conf.ext @@ -1,4 +1,4 @@ -# Deny access for users. Included from 10-auth.conf. +# Deny access for users. Included from auth.conf. # Users can be (temporarily) disabled by adding a passdb with deny=yes. # If the user is found from that database, authentication will fail. @@ -6,10 +6,10 @@ # checked first. # Example deny passdb using passwd-file. You can use any passdb though. -passdb { - driver = passwd-file - deny = yes - - # File contains a list of usernames, one per line - args = /etc/dovecot/deny-users -} +#passdb deny { +# driver = passwd-file +# deny = yes +# +## File contains a list of usernames, one per line +# passwd_file_path = /etc/dovecot/deny-users +#} diff --git a/dovecot/auth-master.conf.ext b/dovecot/auth-master.conf.ext index 2cf128f..17839b2 100644 --- a/dovecot/auth-master.conf.ext +++ b/dovecot/auth-master.conf.ext @@ -1,16 +1,12 @@ -# Authentication for master users. Included from 10-auth.conf. +# Authentication for master users. Included from auth.conf. # By adding master=yes setting inside a passdb you make the passdb a list # of "master users", who can log in as anyone else. -# +# # Example master user passdb using passwd-file. You can use any passdb though. -passdb { - driver = passwd-file - master = yes - args = /etc/dovecot/master-users - - # Unless you're using PAM, you probably still want the destination user to - # be looked up from passdb that it really exists. pass=yes does that. - pass = yes -} +#passdb master-passwd-file { +# driver = passwd-file +# master = yes +# passwd_file_path = /etc/dovecot/master-users +#} diff --git a/dovecot/auth-oauth2.conf.ext b/dovecot/auth-oauth2.conf.ext new file mode 100644 index 0000000..ce90f91 --- /dev/null +++ b/dovecot/auth-oauth2.conf.ext @@ -0,0 +1,23 @@ +#auth_mechanisms { +# xoauth2 = yes +# oauthbearer = yes +#} +#oauth2 { +# tokeninfo_url = https://www.googleapis.com/oauth2/v3/tokeninfo?access_token= +# introspection_url = https://www.googleapis.com/oauth2/v2/userinfo +# #force_introspection = yes +# username_attribute = email +#} + +# with local validation +#oauth2 { +# introspection_mode = local +# username_attribute = email +# oauth2_local_validation { +# dict fs { +# fs posix { +# prefix = /etc/dovecot/oauth2-keys/ +# } +# } +# } +#} diff --git a/dovecot/auth-passwdfile.conf.ext b/dovecot/auth-passwdfile.conf.ext index c89d28c..033f253 100644 --- a/dovecot/auth-passwdfile.conf.ext +++ b/dovecot/auth-passwdfile.conf.ext @@ -1,20 +1,20 @@ -# Authentication for passwd-file users. Included from 10-auth.conf. +# Authentication for passwd-file users. Included from auth.conf. # # passwd-like file with specified location. -# +# -passdb { - driver = passwd-file - args = scheme=CRYPT username_format=%u /etc/dovecot/users -} +#passdb passwd-file { +# default_password_scheme = crypt +# auth_username_format = %{user} +# passwd_file_path = /etc/dovecot/users +#} -userdb { - driver = passwd-file - args = username_format=%u /etc/dovecot/users +#userdb passwd-file { +# auth_username_format = %{user} +# passwd_file_path = /etc/dovecot/users - # Default fields that can be overridden by passwd-file - #default_fields = quota_rule=*:storage=1G - - # Override fields from passwd-file - #override_fields = home=/home/virtual/%u -} +# fields { +# quota_rule:default=*:storage=1G +# home=/home/virtual/%{user} +# } +#} diff --git a/dovecot/auth-sql.conf.ext b/dovecot/auth-sql.conf.ext index 308c983..ff1cca0 100644 --- a/dovecot/auth-sql.conf.ext +++ b/dovecot/auth-sql.conf.ext @@ -1,30 +1,192 @@ -# Authentication for SQL users. Included from 10-auth.conf. +# Authentication for SQL users. Included from auth.conf. # -# +# -passdb { - driver = sql +# For the sql passdb module, you'll need a database with a table that +# contains fields for at least the username and password. If you want to +# use the user@domain syntax, you might want to have a separate domain +# field as well. +# +# If your users all have the same uig/gid, and have predictable home +# directories, you can use the static userdb module to generate the home +# dir based on the username and domain. In this case, you won't need fields +# for home, uid, or gid in the database. +# +# If you prefer to use the sql userdb module, you'll want to add fields +# for home, uid, and gid. Here is an example table: +# +# CREATE TABLE users ( +# username VARCHAR(128) NOT NULL, +# domain VARCHAR(128) NOT NULL, +# password VARCHAR(64) NOT NULL, +# home VARCHAR(255) NOT NULL, +# uid INTEGER NOT NULL, +# gid INTEGER NOT NULL, +# active CHAR(1) DEFAULT 'Y' NOT NULL +# ); + +# Database driver: mysql, pgsql, sqlite +sql_driver = pgsql + +# Database connection string. This is driver-specific setting. +# +# HA / round-robin load-balancing is supported by giving multiple host +# settings, like: host=sql1.host.org host=sql2.host.org +# +# pgsql: +# For available options, see the PostgreSQL documention for the +# PQconnectdb function of libpq. +# Use maxconns=n (default 5) to change how many connections Dovecot can +# create to pgsql. +# +# mysql: +# Basic options emulate PostgreSQL option names: +# host, port, user, password, dbname +# +# But also adds some new settings: +# client_flags - See MySQL manual +# ssl_ca, ssl_ca_path - Set either one or both to enable SSL +# ssl_cert, ssl_key - For sending client-side certificates to server +# ssl_cipher - Set minimum allowed cipher security (default: HIGH) +# option_file - Read options from the given file instead of +# the default my.cnf location +# option_group - Read options from the given group (default: client) +# +# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock +# Note that currently you can't use spaces in parameters. +# +# sqlite: +# The path to the database file. +# +# Examples: +# mysql 192.168.1.1 { +# dbname = users +# } +# mysql sql.example.com { +# ssl = yes +# user = virtual +# password = blarg +# dbname = virtual +# } +# sqlite /etc/dovecot/authdb.sqlite { +# } +# +#mysql /var/run/mysqld/mysqld.sock { +# user = dovecot +# password = dvmail +# dbname = dovecot +#} +#mysql localhost { +# ... +#} + +pgsql localhost { + parameters { + dbname = mail_db + user = dovecot + } +} - # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext - args = /etc/dovecot/dovecot-sql.conf.ext +passdb sql { +# default_password_scheme = SHA256 + query = \ + SELECT username, domain, password \ + FROM users \ + WHERE username = '%{user | username}' AND active = 'Y' } +# passdb query to retrieve the password. It can return fields: +# password - The user's password. This field must be returned. +# user - user@domain from the database. Needed with case-insensitive lookups. +# username and domain - An alternative way to represent the "user" field. +# +# The "user" field is often necessary with case-insensitive lookups to avoid +# e.g. "name" and "nAme" logins creating two different mail directories. If +# your user and domain names are in separate fields, you can return "username" +# and "domain" fields instead of "user". +# +# The query can also return other fields which have a special meaning, see +# https://doc.dovecot.org/latest/core/config/auth/passdb.html#extra-fields +# +# Commonly used available substitutions (see https://doc.dovecot.org/latest/core/settings/variables.html +# for full list): +# %{user} = entire user@domain +# %{user|username} = user part of user@domain +# %{user|domain} = domain part of user@domain +# +# Note that these can be used only as input to SQL query. If the query outputs +# any of these substitutions, they're not touched. Otherwise it would be +# difficult to have eg. usernames containing '%' characters. +# +# Example: +# query = SELECT userid AS user, pw AS password \ +# FROM users WHERE userid = '%u' AND active = 'Y' +# +# query = \ +# SELECT userid as username, domain, password \ +# FROM users WHERE userid = '%{user|username}' AND domain = '%{user|domain}' +#} + +#userdb sql { +# userdb query to retrieve the user information. It can return fields: +# uid - System UID (overrides mail_uid setting) +# gid - System GID (overrides mail_gid setting) +# home - Home directory +# mail_driver - Mail driver +# mail_path - Mail storage path +# +# None of these are strictly required. If you use a single UID and GID, and +# home or mail directory fits to a template string, you could use userdb static +# instead. For a list of all fields that can be returned, see +# Examples: +# query = SELECT home, uid, gid FROM users WHERE userid = '%{user}' +# query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%{user}' +# query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%{user}' +# +# query = \ +# SELECT home, uid, gid \ +# FROM users WHERE userid = '%{user|username}' AND domain = '%{user|domain}' + +# Query to get a list of all usernames. +# iterate_query = SELECT username AS user,domain FROM users + +# userdb_ldap { +# iterate_fields { +# home = /var/vmail/%{home} +# } +# } +#} + +#passdb static { +# fields { +# user=%{user|username|lower} +# noauthenticate=yes +# } +## you can remove next line if you want to always normalize your usernames +# skip = authenticated +#} + # "prefetch" user database means that the passdb already provided the # needed information and there's no need to do a separate userdb lookup. -# -#userdb { -# driver = prefetch +# +#userdb prefetch { #} -#userdb { -# driver = sql -# args = /etc/dovecot/dovecot-sql.conf.ext +#userdb static { +# fields { +# user=%{user|lower} +# } +# you can remove next line if you want to always normalize your usernames +# skip = found #} # If you don't have any user-specific settings, you can avoid the user_query # by using userdb static instead of userdb sql, for example: -# -userdb { - driver = static - args = uid=vmail gid=vmail home=/var/vmail/%n -} +# +#userdb static { + #fields { + # uid = vmail + # gid = vmail + # home = /var/vmail/%{user} + #} +#} diff --git a/dovecot/auth-static.conf.ext b/dovecot/auth-static.conf.ext index 90890c5..3b9c5e4 100644 --- a/dovecot/auth-static.conf.ext +++ b/dovecot/auth-static.conf.ext @@ -1,4 +1,4 @@ -# Static passdb. Included from 10-auth.conf. +# Static passdb. Included from auth.conf. # This can be used for situations where Dovecot doesn't need to verify the # username or the password, or if there is a single password for all users: @@ -7,18 +7,29 @@ # - proxy backend, where the frontend already verified the password # - authentication with SSL certificates # - simple testing +# +# Each passdb must have unique name, but if you onlu use it once per driver +# you can use driver name as passdb/userdb section name. -#passdb { -# driver = static -# args = proxy=y host=%1Mu.example.com nopassword=y +#passdb static { +# fields { +# proxy = y +# host = %{user|md5|substr(1)}.example.com +# nopassword = y +# } #} -#passdb { +#passdb static2 { # driver = static -# args = password=test +# fields { +# password = test +# } #} -#userdb { -# driver = static -# args = uid=vmail gid=vmail home=/home/%u +#userdb static { +# fields { +# uid = vmail +# gid = vmail +# home = /home/%{user} +# } #} diff --git a/dovecot/auth-system.conf.ext b/dovecot/auth-system.conf.ext index f9b2813..004b2b8 100644 --- a/dovecot/auth-system.conf.ext +++ b/dovecot/auth-system.conf.ext @@ -1,74 +1,72 @@ -# Authentication for system users. Included from 10-auth.conf. +# Authentication for system users. Included from auth.conf. # -# -# +# +# + +# Driver is only needed if the section name is not same as driver's name. # PAM authentication. Preferred nowadays by most systems. # PAM is typically used with either userdb passwd or userdb static. # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM -# authentication to actually work. -passdb { - driver = pam - # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=] - # [cache_key=] [] - #args = dovecot +# authentication to actually work. +passdb pam { +# driver = pam +# session = yes +# setcred = yes +# failure_show_msg = yes +# max_requests = 20 +# service_name = dovecot +# skip = authenticated +# fields { +# } +} + +userdb passwd { } # System users (NSS, /etc/passwd, or similar). # In many systems nowadays this uses Name Service Switch, which is -# configured in /etc/nsswitch.conf. -#passdb { - #driver = passwd - # [blocking=no] - #args = -#} - -# Shadow passwords for system users (NSS, /etc/shadow or similar). -# Deprecated by PAM nowadays. -# -#passdb { - #driver = shadow - # [blocking=no] - #args = +# configured in /etc/nsswitch.conf. +#passdb passwb { #} # PAM-like authentication for OpenBSD. -# -#passdb { - #driver = bsdauth - # [blocking=no] [cache_key=] - #args = +# +#passdb bsdauth { #} ## ## User databases ## -# System users (NSS, /etc/passwd, or similar). In many systems nowadays this +# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this # uses Name Service Switch, which is configured in /etc/nsswitch.conf. -userdb { - # - driver = passwd - # [blocking=no] - #args = - - # Override fields from passwd - #override_fields = home=/home/virtual/%u -} +#userdb passwd-file { + #driver = passwd-file + #auth_username_format=%{user|lower} + #passwd_file_path = /etc/passwd + #fields { + # user= %{user|lower} + # name = %{user|lower} + # home = /var/vmail/%{user} + #} + #skip = found +#} -# Static settings generated from template -#userdb { +# Static settings generated from template +#userdb static { #driver = static # Can return anything a userdb could normally return. For example: - # - # args = uid=500 gid=500 home=/var/mail/%u - # + # fields { + # uid = 500 + # gid = 500 + # home = /var/mail/%{user} + # } # LDA and LMTP needs to look up users only from the userdb. This of course # doesn't work with static userdb because there is no list of users. # Normally static userdb handles this by doing a passdb lookup. This works # with most passdbs, with PAM being the most notable exception. If you do - # the user verification another way, you can add allow_all_users=yes to - # the args in which case the passdb lookup is skipped. - # - #args = + # the user verification another way, you can add allow_all_users=yes + # in which case the passdb lookup is skipped. + #allow_all_users = yes #} diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf index 2896659..0232ab5 100644 --- a/dovecot/dovecot.conf +++ b/dovecot/dovecot.conf @@ -1,6 +1,6 @@ ## Dovecot configuration file -# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration +# If you're in a hurry, see https://doc.dovecot.org/latest/core/config/guides/quick.html # "doveconf -n" command gives a clean output of the changed settings. Use it # instead of copy&pasting files when posting to the Dovecot mailing list. @@ -9,18 +9,18 @@ # and tabs are ignored. If you want to use either of these explicitly, put the # value inside quotes, eg.: key = "# char and trailing whitespace " -# Most (but not all) settings can be overridden by different protocols and/or -# source/destination IPs by placing the settings inside sections, for example: -# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } - # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. # Paths are also just examples with the real defaults being based on configure -# options. The paths listed here are for configure --prefix=/usr -# --sysconfdir=/etc --localstatedir=/var +# options. The paths listed here are for configure --prefix=/usr/local +# --sysconfdir=/usr/local/etc --localstatedir=/var + +dovecot_config_version = 2.4.0 +dovecot_storage_version = 2.4.0 -# Enable installed protocols +# Protocols we want to be serving. +#protocols = imap pop3 lmtp !include_try /usr/share/dovecot/protocols.d/*.protocol # A comma separated list of IPs or hosts where to listen in for connections. @@ -44,12 +44,10 @@ # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for -# these networks. Typically you'd specify your IMAP proxy servers here. +# these networks, unless ssl=required. +# Typically you'd specify your IMAP proxy servers here. #login_trusted_networks = -# Space separated list of login access check sockets (e.g. tcpwrap) -#login_access_sockets = - # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # proxying. This isn't necessary normally, but may be useful if the destination # IP is e.g. a load balancer's IP. @@ -58,7 +56,7 @@ # Show more verbose process titles (in ps). Currently shows user name and # IP address. Useful for seeing who are actually using the IMAP processes # (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no +#verbose_proctitle = yes # Should all processes be killed when Dovecot master process shuts down. # Setting this to "no" means that Dovecot can be upgraded without @@ -75,22 +73,9 @@ # Space separated list of environment variables that are preserved on Dovecot # startup and passed down to all of its child processes. You can also give # key=value pairs to always set specific settings. -#import_environment = TZ - -## -## Dictionary server settings -## - -# Dictionary can be used to store key=value lists. This is used by several -# plugins. The dictionary can be accessed either directly or though a -# dictionary server. The following dict block maps dictionary names to URIs -# when the server is used. These can then be referenced using URIs in format -# "proxy::". - -dict { - #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext - #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext -} +#import_environment { +# TZ=%{env:TZ} +#} # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes