|
|
|
|
@@ -2852,387 +2852,6 @@ auth_mechanisms = plain login
|
|
|
|
|
#!include auth-deny.conf.ext
|
|
|
|
|
#!include auth-master.conf.ext
|
|
|
|
|
|
|
|
|
|
#!include auth-system.conf.ext
|
|
|
|
|
!include auth-sql.conf.ext
|
|
|
|
|
#!include auth-ldap.conf.ext
|
|
|
|
|
#!include auth-passwdfile.conf.ext
|
|
|
|
|
#!include auth-checkpassword.conf.ext
|
|
|
|
|
#!include auth-vpopmail.conf.ext
|
|
|
|
|
#!include auth-static.conf.ext
|
|
|
|
|
]]>
|
|
|
|
|
</content>
|
|
|
|
|
</file>
|
|
|
|
|
<file name="/etc/dovecot/dovecot.conf" chown="root:root"
|
|
|
|
|
chmod="0640" backup="true">
|
|
|
|
|
<content><![CDATA[
|
|
|
|
|
## Dovecot configuration file
|
|
|
|
|
|
|
|
|
|
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
|
|
|
|
|
|
|
|
|
|
# "doveconf -n" command gives a clean output of the changed settings. Use it
|
|
|
|
|
# instead of copy&pasting files when posting to the Dovecot mailing list.
|
|
|
|
|
|
|
|
|
|
# '#' character and everything after it is treated as comments. Extra spaces
|
|
|
|
|
# and tabs are ignored. If you want to use either of these explicitly, put the
|
|
|
|
|
# value inside quotes, eg.: key = "# char and trailing whitespace "
|
|
|
|
|
|
|
|
|
|
# Default values are shown for each setting, it's not required to uncomment
|
|
|
|
|
# those. These are exceptions to this though: No sections (e.g. namespace {})
|
|
|
|
|
# or plugin settings are added by default, they're listed only as examples.
|
|
|
|
|
# Paths are also just examples with the real defaults being based on configure
|
|
|
|
|
# options. The paths listed here are for configure --prefix=/usr
|
|
|
|
|
# --sysconfdir=/etc --localstatedir=/var
|
|
|
|
|
|
|
|
|
|
# Enable installed protocols
|
|
|
|
|
!include_try /usr/share/dovecot/protocols.d/*.protocol
|
|
|
|
|
|
|
|
|
|
# A comma separated list of IPs or hosts where to listen in for connections.
|
|
|
|
|
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
|
|
|
|
|
# If you want to specify non-default ports or anything more complex,
|
|
|
|
|
# edit conf.d/master.conf.
|
|
|
|
|
#listen = *, ::
|
|
|
|
|
|
|
|
|
|
# Base directory where to store runtime data.
|
|
|
|
|
#base_dir = /var/run/dovecot/
|
|
|
|
|
|
|
|
|
|
# Name of this instance. In multi-instance setup doveadm and other commands
|
|
|
|
|
# can use -i <instance_name> to select which instance is used (an alternative
|
|
|
|
|
# to -c <config_path>). The instance name is also added to Dovecot processes
|
|
|
|
|
# in ps output.
|
|
|
|
|
#instance_name = dovecot
|
|
|
|
|
|
|
|
|
|
# Greeting message for clients.
|
|
|
|
|
#login_greeting = Dovecot ready.
|
|
|
|
|
|
|
|
|
|
# Space separated list of trusted network ranges. Connections from these
|
|
|
|
|
# IPs are allowed to override their IP addresses and ports (for logging and
|
|
|
|
|
# for authentication checks). disable_plaintext_auth is also ignored for
|
|
|
|
|
# these networks. Typically you'd specify your IMAP proxy servers here.
|
|
|
|
|
#login_trusted_networks =
|
|
|
|
|
|
|
|
|
|
# Sepace separated list of login access check sockets (e.g. tcpwrap)
|
|
|
|
|
#login_access_sockets =
|
|
|
|
|
|
|
|
|
|
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
|
|
|
|
|
# proxying. This isn't necessary normally, but may be useful if the destination
|
|
|
|
|
# IP is e.g. a load balancer's IP.
|
|
|
|
|
#auth_proxy_self =
|
|
|
|
|
|
|
|
|
|
# Show more verbose process titles (in ps). Currently shows user name and
|
|
|
|
|
# IP address. Useful for seeing who are actually using the IMAP processes
|
|
|
|
|
# (eg. shared mailboxes or if same uid is used for multiple accounts).
|
|
|
|
|
#verbose_proctitle = no
|
|
|
|
|
|
|
|
|
|
# Should all processes be killed when Dovecot master process shuts down.
|
|
|
|
|
# Setting this to "no" means that Dovecot can be upgraded without
|
|
|
|
|
# forcing existing client connections to close (although that could also be
|
|
|
|
|
# a problem if the upgrade is e.g. because of a security fix).
|
|
|
|
|
#shutdown_clients = yes
|
|
|
|
|
|
|
|
|
|
# If non-zero, run mail commands via this many connections to doveadm server,
|
|
|
|
|
# instead of running them directly in the same process.
|
|
|
|
|
#doveadm_worker_count = 0
|
|
|
|
|
# UNIX socket or host:port used for connecting to doveadm server
|
|
|
|
|
#doveadm_socket_path = doveadm-server
|
|
|
|
|
|
|
|
|
|
# Space separated list of environment variables that are preserved on Dovecot
|
|
|
|
|
# startup and passed down to all of its child processes. You can also give
|
|
|
|
|
# key=value pairs to always set specific settings.
|
|
|
|
|
#import_environment = TZ
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
## Dictionary server settings
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
# Dictionary can be used to store key=value lists. This is used by several
|
|
|
|
|
# plugins. The dictionary can be accessed either directly or though a
|
|
|
|
|
# dictionary server. The following dict block maps dictionary names to URIs
|
|
|
|
|
# when the server is used. These can then be referenced using URIs in format
|
|
|
|
|
# "proxy::<name>".
|
|
|
|
|
|
|
|
|
|
dict {
|
|
|
|
|
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
|
|
|
|
|
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Most of the actual configuration gets included below. The filenames are
|
|
|
|
|
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
|
|
|
|
|
# in filenames are intended to make it easier to understand the ordering.
|
|
|
|
|
!include conf.d/*.conf
|
|
|
|
|
|
|
|
|
|
# A config file can also tried to be included without giving an error if
|
|
|
|
|
# it's not found:
|
|
|
|
|
!include_try local.conf
|
|
|
|
|
]]>
|
|
|
|
|
</content>
|
|
|
|
|
</file>
|
|
|
|
|
<file name="/etc/dovecot/dovecot-sql.conf.ext" chown="root:root"
|
|
|
|
|
chmod="0600" backup="true">
|
|
|
|
|
<content><![CDATA[
|
|
|
|
|
# This file is opened as root, so it should be owned by root and mode 0600.
|
|
|
|
|
#
|
|
|
|
|
# http://wiki2.dovecot.org/AuthDatabase/SQL
|
|
|
|
|
#
|
|
|
|
|
# For the sql passdb module, you'll need a database with a table that
|
|
|
|
|
# contains fields for at least the username and password. If you want to
|
|
|
|
|
# use the user@domain syntax, you might want to have a separate domain
|
|
|
|
|
# field as well.
|
|
|
|
|
#
|
|
|
|
|
# If your users all have the same uig/gid, and have predictable home
|
|
|
|
|
# directories, you can use the static userdb module to generate the home
|
|
|
|
|
# dir based on the username and domain. In this case, you won't need fields
|
|
|
|
|
# for home, uid, or gid in the database.
|
|
|
|
|
#
|
|
|
|
|
# If you prefer to use the sql userdb module, you'll want to add fields
|
|
|
|
|
# for home, uid, and gid. Here is an example table:
|
|
|
|
|
#
|
|
|
|
|
# CREATE TABLE users (
|
|
|
|
|
# username VARCHAR(128) NOT NULL,
|
|
|
|
|
# domain VARCHAR(128) NOT NULL,
|
|
|
|
|
# password VARCHAR(64) NOT NULL,
|
|
|
|
|
# home VARCHAR(255) NOT NULL,
|
|
|
|
|
# uid INTEGER NOT NULL,
|
|
|
|
|
# gid INTEGER NOT NULL,
|
|
|
|
|
# active CHAR(1) DEFAULT 'Y' NOT NULL
|
|
|
|
|
# );
|
|
|
|
|
|
|
|
|
|
# Database driver: mysql, pgsql, sqlite
|
|
|
|
|
driver = mysql
|
|
|
|
|
|
|
|
|
|
# Database connection string. This is driver-specific setting.
|
|
|
|
|
#
|
|
|
|
|
# HA / round-robin load-balancing is supported by giving multiple host
|
|
|
|
|
# settings, like: host=sql1.host.org host=sql2.host.org
|
|
|
|
|
#
|
|
|
|
|
# pgsql:
|
|
|
|
|
# For available options, see the PostgreSQL documention for the
|
|
|
|
|
# PQconnectdb function of libpq.
|
|
|
|
|
# Use maxconns=n (default 5) to change how many connections Dovecot can
|
|
|
|
|
# create to pgsql.
|
|
|
|
|
#
|
|
|
|
|
# mysql:
|
|
|
|
|
# Basic options emulate PostgreSQL option names:
|
|
|
|
|
# host, port, user, password, dbname
|
|
|
|
|
#
|
|
|
|
|
# But also adds some new settings:
|
|
|
|
|
# client_flags - See MySQL manual
|
|
|
|
|
# ssl_ca, ssl_ca_path - Set either one or both to enable SSL
|
|
|
|
|
# ssl_cert, ssl_key - For sending client-side certificates to server
|
|
|
|
|
# ssl_cipher - Set minimum allowed cipher security (default: HIGH)
|
|
|
|
|
# option_file - Read options from the given file instead of
|
|
|
|
|
# the default my.cnf location
|
|
|
|
|
# option_group - Read options from the given group (default: client)
|
|
|
|
|
#
|
|
|
|
|
# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
|
|
|
|
|
# Note that currently you can't use spaces in parameters.
|
|
|
|
|
#
|
|
|
|
|
# sqlite:
|
|
|
|
|
# The path to the database file.
|
|
|
|
|
#
|
|
|
|
|
# Examples:
|
|
|
|
|
# connect = host=192.168.1.1 dbname=users
|
|
|
|
|
# connect = host=sql.example.com dbname=virtual user=virtual password=blarg
|
|
|
|
|
# connect = /etc/dovecot/authdb.sqlite
|
|
|
|
|
#
|
|
|
|
|
connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
|
|
|
|
|
|
|
|
|
|
# Default password scheme.
|
|
|
|
|
#
|
|
|
|
|
# List of supported schemes is in
|
|
|
|
|
# http://wiki2.dovecot.org/Authentication/PasswordSchemes
|
|
|
|
|
#
|
|
|
|
|
default_pass_scheme = CRYPT
|
|
|
|
|
|
|
|
|
|
# passdb query to retrieve the password. It can return fields:
|
|
|
|
|
# password - The user's password. This field must be returned.
|
|
|
|
|
# user - user@domain from the database. Needed with case-insensitive lookups.
|
|
|
|
|
# username and domain - An alternative way to represent the "user" field.
|
|
|
|
|
#
|
|
|
|
|
# The "user" field is often necessary with case-insensitive lookups to avoid
|
|
|
|
|
# e.g. "name" and "nAme" logins creating two different mail directories. If
|
|
|
|
|
# your user and domain names are in separate fields, you can return "username"
|
|
|
|
|
# and "domain" fields instead of "user".
|
|
|
|
|
#
|
|
|
|
|
# The query can also return other fields which have a special meaning, see
|
|
|
|
|
# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
|
|
|
|
|
#
|
|
|
|
|
# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
|
|
|
|
|
# for full list):
|
|
|
|
|
# %u = entire user@domain
|
|
|
|
|
# %n = user part of user@domain
|
|
|
|
|
# %d = domain part of user@domain
|
|
|
|
|
#
|
|
|
|
|
# Note that these can be used only as input to SQL query. If the query outputs
|
|
|
|
|
# any of these substitutions, they're not touched. Otherwise it would be
|
|
|
|
|
# difficult to have eg. usernames containing '%' characters.
|
|
|
|
|
#
|
|
|
|
|
# Example:
|
|
|
|
|
# password_query = SELECT userid AS user, pw AS password \
|
|
|
|
|
# FROM users WHERE userid = '%u' AND active = 'Y'
|
|
|
|
|
#
|
|
|
|
|
#password_query = \
|
|
|
|
|
# SELECT username, domain, password \
|
|
|
|
|
# FROM users WHERE username = '%n' AND domain = '%d'
|
|
|
|
|
|
|
|
|
|
# userdb query to retrieve the user information. It can return fields:
|
|
|
|
|
# uid - System UID (overrides mail_uid setting)
|
|
|
|
|
# gid - System GID (overrides mail_gid setting)
|
|
|
|
|
# home - Home directory
|
|
|
|
|
# mail - Mail location (overrides mail_location setting)
|
|
|
|
|
#
|
|
|
|
|
# None of these are strictly required. If you use a single UID and GID, and
|
|
|
|
|
# home or mail directory fits to a template string, you could use userdb static
|
|
|
|
|
# instead. For a list of all fields that can be returned, see
|
|
|
|
|
# http://wiki2.dovecot.org/UserDatabase/ExtraFields
|
|
|
|
|
#
|
|
|
|
|
# Examples:
|
|
|
|
|
# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
|
|
|
|
|
# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
|
|
|
|
|
# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
|
|
|
|
|
#
|
|
|
|
|
#user_query = \
|
|
|
|
|
# SELECT home, uid, gid \
|
|
|
|
|
# FROM users WHERE username = '%n' AND domain = '%d'
|
|
|
|
|
user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', (quota*1024)) as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
|
|
|
|
|
|
|
|
|
|
# If you wish to avoid two SQL lookups (passdb + userdb), you can use
|
|
|
|
|
# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
|
|
|
|
|
# also have to return userdb fields in password_query prefixed with "userdb_"
|
|
|
|
|
# string. For example:
|
|
|
|
|
#password_query = \
|
|
|
|
|
# SELECT userid AS user, password, \
|
|
|
|
|
# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
|
|
|
|
|
# FROM users WHERE userid = '%u'
|
|
|
|
|
password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
|
|
|
|
|
|
|
|
|
|
# Query to get a list of all usernames.
|
|
|
|
|
#iterate_query = SELECT username AS user FROM users
|
|
|
|
|
]]>
|
|
|
|
|
</content>
|
|
|
|
|
</file>
|
|
|
|
|
<file name="/etc/dovecot/conf.d/10-auth.conf" chown="root:0"
|
|
|
|
|
chmod="0640" backup="true">
|
|
|
|
|
<content><
Michael Kaufmann (d00p)