#Handing off local delivery to Dovecot's LMTP, and telling it where to store mai

1. #Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
2. #virtual_transport = lmtp:unix:private/dovecot-lmtp
3. dovecot_destination_recipient_limit = 1
4. virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
5. virtual_transport = dovecot
6.  
7. dovecot unix - n n - - pipe
8. flags=DRhu user=vmail:vmail argv=/usr/local/lib/dovecot/dovecot-lda -f
9.  
10. mail_location = maildir:/var/mail/vhosts/%d/%n
11.  
12. alias_database = hash:/etc/aliases
13. alias_maps = hash:/etc/aliases
14. append_dot_mydomain = no
15. biff = no
16. dovecot_destination_recipient_limit = 1
17. inet_interfaces = all
18. mailbox_size_limit = 0
19. mydestination = mydomain.com
20. myhostname = mydomain.com
21. mynetworks = 127.0.0.0/8 192.168.1.0/24 [::ffff:127.0.0.0]/104 [::1]/128
22. myorigin = /etc/mailname
23. readme_directory = no
24. recipient_delimiter = +
25. relayhost =
26. smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
27. smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
28. smtpd_sasl_auth_enable = yes
29. smtpd_sasl_path = private/auth
30. smtpd_sasl_type = dovecot
31. smtpd_tls_auth_only = yes
32. smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/fullchain.pem
33. smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem
34. smtpd_use_tls = yes
35. virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-email2email.cf
36. virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
37. virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
38. virtual_transport = dovecot
39.  
40. # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
41. # Pigeonhole version 0.4.13 (7b14904)
42. # OS: Linux 4.4.0-36-generic x86_64 Ubuntu 16.04.1 LTS ext4
43. auth_mechanisms = plain login
44. mail_location = maildir:/var/mail/vhosts/%d/%n
45. mail_privileged_group = mail
46. passdb {
47. args = /etc/dovecot/dovecot-sql.conf.ext
48. driver = sql
49. }
50. protocols = imap pop3 lmtp
51. service auth-worker {
52. user = vmail
53. }
54. service auth {
55. unix_listener /var/spool/postfix/private/auth {
56. group = postfix
57. mode = 0666
58. user = postfix
59. }
60. unix_listener auth-userdb {
61. mode = 0600
62. user = vmail
63. }
64. user = dovecot
65. }
66. service imap-login {
67. inet_listener imaps {
68. port = 993
69. ssl = yes
70. }
71. }
72. service lmtp {
73. unix_listener /var/spool/postfix/private/dovecot-lmtp {
74. group = postfix
75. mode = 0600
76. user = postfix
77. }
78. }
79. service pop3-login {
80. inet_listener pop3 {
81. port = 0
82. }
83. inet_listener pop3s {
84. port = 995
85. ssl = yes
86. }
87. }
88. ssl = required
89. ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
90. ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
91. userdb {
92. args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
93. driver = static
94. }
95.  
96. # See /usr/share/postfix/main.cf.dist for a commented, more complete version
97.  
98. # Debian specific: Specifying a file name will cause the first
99. # line of that file to be used as the name. The Debian default
100. # is /etc/mailname.
101. #myorigin = /etc/mailname
102.  
103. smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
104. biff = no
105.  
106. # appending .domain is the MUA's job.
107. append_dot_mydomain = no
108.  
109. # Uncomment the next line to generate "delayed mail" warnings
110. #delay_warning_time = 4h
111.  
112. readme_directory = no
113.  
114. # SSL/TLS certificates
115. smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.com/fullchain.pem
116. smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.com/privkey.pem
117. smtpd_use_tls=yes
118. smtpd_tls_auth_only=yes
119.  
120. # TLS parameters
121. #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
122. #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
123. #smtpd_use_tls=yes
124. #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
125. #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
126.  
127. #smtpd_tls_cert_file=/etc/dovecot/dovecot.pem
128. #smtpd_tls_key_file=/etc/dovecot/private/dovecot.pem
129. #smtpd_use_tls=yes
130. #smtpd_tls_auth_only = yes
131.  
132. #Enabling SMTP for authenticated users, and handing off authentication to Dovecot
133. smtpd_sasl_type = dovecot
134. smtpd_sasl_path = private/auth
135. smtpd_sasl_auth_enable = yes
136.  
137. smtpd_recipient_restrictions =
138. permit_sasl_authenticated,
139. permit_mynetworks,
140. reject_unauth_destination
141.  
142. # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
143. # information on enabling SSL in the smtp client.
144.  
145. myhostname = mydomain.com
146. alias_maps = hash:/etc/aliases
147. alias_database = hash:/etc/aliases
148. myorigin = /etc/mailname
149. #mydestination = mydomain.com, mail.mydomain.com
150. mydestination = mydomain.com
151. relayhost =
152. mynetworks = 127.0.0.0/8 192.168.1.0/24 [::ffff:127.0.0.0]/104 [::1]/128
153. mailbox_size_limit = 0
154. recipient_delimiter = +
155. inet_interfaces = all
156.  
157. #Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
158. #virtual_transport = lmtp:unix:private/dovecot-lmtp
159. dovecot_destination_recipient_limit = 1
160. virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
161. virtual_transport = dovecot
162.  
163. #Virtual domains, users, and aliases
164. virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
165. virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
166. mysql:/etc/postfix/mysql-virtual-email2email.cf
167.  
168. #
169. # Postfix master process configuration file. For details on the format
170. # of the file, see the master(5) manual page (command: "man 5 master" or
171. # on-line: http://www.postfix.org/master.5.html).
172. #
173. # Do not forget to execute "postfix reload" after editing this file.
174. #
175. # ==========================================================================
176. # service type private unpriv chroot wakeup maxproc command + args
177. # (yes) (yes) (no) (never) (100)
178. # ==========================================================================
179. dovecot unix - n n - - pipe
180. flags=DRhu user=vmail:vmail argv=/usr/local/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}
181. #smtp inet n - y - 1 postscreen
182. smtp inet n - y - - smtpd
183. #smtpd pass - - y - - smtpd
184. #dnsblog unix - - y - 0 dnsblog
185. #tlsproxy unix - - y - 0 tlsproxy
186. submission inet n - - - - smtpd
187. -o syslog_name=postfix/submission
188. -o smtpd_tls_security_level=encrypt
189. -o smtpd_sasl_auth_enable=yes
190. -o smtpd_client_restrictions=permit_sasl_authenticated,reject
191. -o milter_macro_daemon_name=ORIGINATING
192. smtps inet n - - - - smtpd
193. -o syslog_name=postfix/smtps
194. -o smtpd_tls_wrappermode=yes
195. -o smtpd_sasl_auth_enable=yes
196. -o smtpd_client_restrictions=permit_sasl_authenticated,reject
197. -o milter_macro_daemon_name=ORIGINATING
198. #628 inet n - y - - qmqpd
199. pickup unix n - y 60 1 pickup
200. cleanup unix n - y - 0 cleanup
201. qmgr unix n - n 300 1 qmgr
202. #qmgr unix n - n 300 1 oqmgr
203. tlsmgr unix - - y 1000? 1 tlsmgr
204. rewrite unix - - y - - trivial-rewrite
205. bounce unix - - y - 0 bounce
206. defer unix - - y - 0 bounce
207. trace unix - - y - 0 bounce
208. verify unix - - y - 1 verify
209. flush unix n - y 1000? 0 flush
210. proxymap unix - - n - - proxymap
211. proxywrite unix - - n - 1 proxymap
212. smtp unix - - y - - smtp
213. relay unix - - y - - smtp
214. # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
215. showq unix n - y - - showq
216. error unix - - y - - error
217. retry unix - - y - - error
218. discard unix - - y - - discard
219. local unix - n n - - local
220. virtual unix - n n - - virtual
221. lmtp unix - - y - - lmtp
222. anvil unix - - y - 1 anvil
223. scache unix - - y - 1 scache
224. #
225. # ====================================================================
226. # Interfaces to non-Postfix software. Be sure to examine the manual
227. # pages of the non-Postfix software to find out what options it wants.
228. #
229. # Many of the following services use the Postfix pipe(8) delivery
230. # agent. See the pipe(8) man page for information about ${recipient}
231. # and other message envelope options.
232. # ====================================================================
233. #
234. # maildrop. See the Postfix MAILDROP_README file for details.
235. # Also specify in main.cf: maildrop_destination_recipient_limit=1
236. #
237. maildrop unix - n n - - pipe
238. flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
239. #
240. # ====================================================================
241. #
242. # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
243. #
244. # Specify in cyrus.conf:
245. # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
246. #
247. # Specify in main.cf one or more of the following:
248. # mailbox_transport = lmtp:inet:localhost
249. # virtual_transport = lmtp:inet:localhost
250. #
251. # ====================================================================
252. #
253. # Cyrus 2.1.5 (Amos Gouaux)
254. # Also specify in main.cf: cyrus_destination_recipient_limit=1
255. #
256. #cyrus unix - n n - - pipe
257. # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
258. #
259. # ====================================================================
260. # Old example of delivery via Cyrus.
261. #
262. #old-cyrus unix - n n - - pipe
263. # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
264. #
265. # ====================================================================
266. #
267. # See the Postfix UUCP_README file for configuration details.
268. #
269. uucp unix - n n - - pipe
270. flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
271. #
272. # Other external delivery methods.
273. #
274. ifmail unix - n n - - pipe
275. flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
276. bsmtp unix - n n - - pipe
277. flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
278. scalemail-backend unix - n n - 2 pipe
279. flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
280. mailman unix - n n - - pipe
281. flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
282. ${nexthop} ${user}
283.  
284. user = mailuser
285. password = xxxxxxxxx
286. hosts = 127.0.0.1
287. dbname = mailserver
288. query = SELECT destination FROM virtual_aliases WHERE source='%s'
289.  
290. user = mailuser
291. password = xxxxxxxxxxx
292. hosts = 127.0.0.1
293. dbname = mailserver
294. query = SELECT email FROM virtual_users WHERE email='%s'
295.  
296. user = mailuser
297. password = xxxxxxxxxxxx
298. hosts = 127.0.0.1
299. dbname = mailserver
300. query = SELECT 1 FROM virtual_domains WHERE name='%s'
301.  
302. user = mailuser
303. password = xxxxxxxxxx
304. hosts = 127.0.0.1
305. dbname = mailserver
306. query = SELECT 1 FROM virtual_users WHERE email='%s'
307.  
308. ## Dovecot configuration file
309.  
310. # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
311.  
312. # "doveconf -n" command gives a clean output of the changed settings. Use it
313. # instead of copy&pasting files when posting to the Dovecot mailing list.
314.  
315. # '#' character and everything after it is treated as comments. Extra spaces
316. # and tabs are ignored. If you want to use either of these explicitly, put the
317. # value inside quotes, eg.: key = "# char and trailing whitespace "
318.  
319. # Default values are shown for each setting, it's not required to uncomment
320. # those. These are exceptions to this though: No sections (e.g. namespace {})
321. # or plugin settings are added by default, they're listed only as examples.
322. # Paths are also just examples with the real defaults being based on configure
323. # options. The paths listed here are for configure --prefix=/usr
324. # --sysconfdir=/etc --localstatedir=/var
325.  
326. # Enable installed protocols
327. !include_try /usr/share/dovecot/protocols.d/*.protocol
328. protocols = imap pop3 lmtp
329.  
330. # A comma separated list of IPs or hosts where to listen in for connections.
331. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
332. # If you want to specify non-default ports or anything more complex,
333. # edit conf.d/master.conf.
334. #listen = *, ::
335.  
336. # Base directory where to store runtime data.
337. #base_dir = /var/run/dovecot/
338.  
339. # Name of this instance. Used to prefix all Dovecot processes in ps output.
340. #instance_name = dovecot
341.  
342. # Greeting message for clients.
343. #login_greeting = Dovecot ready.
344.  
345. # Space separated list of trusted network ranges. Connections from these
346. # IPs are allowed to override their IP addresses and ports (for logging and
347. # for authentication checks). disable_plaintext_auth is also ignored for
348. # these networks. Typically you'd specify the IMAP proxy servers here.
349. #login_trusted_networks =
350.  
351. # Sepace separated list of login access check sockets (e.g. tcpwrap)
352. #login_access_sockets =
353.  
354. # Show more verbose process titles (in ps). Currently shows user name and
355. # IP address. Useful for seeing who are actually using the IMAP processes
356. # (eg. shared mailboxes or if same uid is used for multiple accounts).
357. #verbose_proctitle = no
358.  
359. # Should all processes be killed when Dovecot master process shuts down.
360. # Setting this to "no" means that Dovecot can be upgraded without
361. # forcing existing client connections to close (although that could also be
362. # a problem if the upgrade is e.g. because of a security fix).
363. #shutdown_clients = yes
364.  
365. # If non-zero, run mail commands via this many connections to doveadm server,
366. # instead of running them directly in the same process.
367. #doveadm_worker_count = 0
368. # UNIX socket or host:port used for connecting to doveadm server
369. #doveadm_socket_path = doveadm-server
370.  
371. # Space separated list of environment variables that are preserved on Dovecot
372. # startup and passed down to all of its child processes. You can also give
373. # key=value pairs to always set specific settings.
374. #import_environment = TZ
375.  
376. ##
377. ## Dictionary server settings
378. ##
379.  
380. # Dictionary can be used to store key=value lists. This is used by several
381. # plugins. The dictionary can be accessed either directly or though a
382. # dictionary server. The following dict block maps dictionary names to URIs
383. # when the server is used. These can then be referenced using URIs in format
384. # "proxy::<name>".
385.  
386. dict {
387. #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
388. #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
389. }
390.  
391. # Most of the actual configuration gets included below. The filenames are
392. # first sorted by their ASCII value and parsed in that order. The 00-prefixes
393. # in filenames are intended to make it easier to understand the ordering.
394. !include conf.d/*.conf
395.  
396. # A config file can also tried to be included without giving an error if
397. # it's not found:
398. !include_try local.conf
399.  
400. mail_location = maildir:/var/mail/vhosts/%d/%n
401. mail_privileged_group = mail
402.  
403. drwxrwsr-x 3 vmail vmail 4096 Sep 16 17:54 /var/mail
404.  
405. disable_plaintext_auth = yes
406. auth_mechanisms = plain login
407. !include auth-sql.conf.ext
408.  
409. # Authentication for SQL users. Included from 10-auth.conf.
410. #
411. # <doc/wiki/AuthDatabase.SQL.txt>
412.  
413. #passdb {
414. # driver = sql
415.  
416. # Path for SQL configuration file, see example-config/dovecot-#sql.conf.ext
417. #}
418.  
419. # "prefetch" user database means that the passdb already provided the
420. # needed information and there's no need to do a separate userdb lookup.
421. # <doc/wiki/UserDatabase.Prefetch.txt>
422. #userdb {
423. # driver = prefetch
424. #}
425.  
426. #userdb {
427. # driver = static
428. #}
429.  
430. # If you don't have any user-specific settings, you can avoid the user_query
431. # by using userdb static instead of userdb sql, for example:
432. # <doc/wiki/UserDatabase.Static.txt>
433. #userdb {
434. #driver = static
435. #args = uid=vmail gid=vmail home=/var/vmail/%u
436. #}
437.  
438.  
439. #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
440. passdb {
441. driver = sql
442. args = /etc/dovecot/dovecot-sql.conf.ext
443. }
444. userdb {
445. driver = static
446. args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
447. }
448.  
449. driver = mysql
450. connect = host=127.0.0.1 dbname=mailserver user=mailuser password=Owningjesta2life
451. default_pass_scheme = SHA512-CRYPT
452. password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
453.  
454. drwxr-x--- 4 vmail dovecot 4096 Sep 16 14:50 /etc/dovecot
455.  
456. #default_process_limit = 100
457. #default_client_limit = 1000
458.  
459. # Default VSZ (virtual memory size) limit for service processes. This is mainly
460. # intended to catch and kill processes that leak memory before they eat up
461. # everything.
462. #default_vsz_limit = 256M
463.  
464. # Login user is internally used by login processes. This is the most untrusted
465. # user in Dovecot system. It shouldn't have access to anything at all.
466. #default_login_user = dovenull
467.  
468. # Internal user is used by unprivileged processes. It should be separate from
469. # login user, so that login processes can't disturb other processes.
470. #default_internal_user = dovecot
471.  
472. #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
473.  
474. #service imap-login {
475. # inet_listener imap {
476. # #port = 143
477. # }
478. # inet_listener imaps {
479. # #port = 993
480. # #ssl = yes
481. # }
482.  
483. service imap-login {
484. inet_listener imap {
485. #port = 0
486. }
487. inet_listener imaps {
488. port = 993
489. ssl = yes
490. }
491.  
492. # Number of connections to handle before starting a new process. Typically
493. # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
494. # is faster. <doc/wiki/LoginProcess.txt>
495. #service_count = 1
496.  
497. # Number of processes to always keep waiting for more connections.
498. #process_min_avail = 0
499.  
500. # If you set service_count=0, you probably need to grow this.
501. #vsz_limit = $default_vsz_limit
502. }
503.  
504. #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
505.  
506. #service pop3-login {
507. # inet_listener pop3 {
508. # #port = 110
509. # }
510. # inet_listener pop3s {
511. # #port = 995
512. # #ssl = yes
513. # }
514. #}
515.  
516. service pop3-login {
517. inet_listener pop3 {
518. port = 0
519. }
520. inet_listener pop3s {
521. port = 995
522. ssl = yes
523. }
524. }
525.  
526. #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
527.  
528. #service lmtp {
529. # unix_listener lmtp {
530. #mode = 0666
531. # }
532.  
533. # Create inet listener only if you can't use the above UNIX socket
534. #inet_listener lmtp {
535. # Avoid making LMTP visible for the entire internet
536. #address =
537. #port =
538. #}
539. #}
540.  
541. service lmtp {
542. unix_listener /var/spool/postfix/private/dovecot-lmtp {
543. mode = 0600
544. user = postfix
545. group = postfix
546. }
547. # Create inet listener only if you can't use the above UNIX socket
548. #inet_listener lmtp {
549. # Avoid making LMTP visible for the entire internet
550. #address =
551. #port =
552. #}
553. }
554.  
555. service imap {
556. # Most of the memory goes to mmap()ing files. You may need to increase this
557. # limit if you have huge mailboxes.
558. #vsz_limit = $default_vsz_limit
559.  
560. # Max. number of IMAP processes (connections)
561. #process_limit = 1024
562. }
563.  
564. service pop3 {
565. # Max. number of POP3 processes (connections)
566. #process_limit = 1024
567. }
568.  
569. #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
570.  
571. #service auth {
572. # auth_socket_path points to this userdb socket by default. It's typically
573. # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
574. # full permissions to this socket are able to get a list of all usernames and
575. # get the results of everyone's userdb lookups.
576. #
577. # The default 0666 mode allows anyone to connect to the socket, but the
578. # userdb lookups will succeed only if the userdb returns an "uid" field that
579. # matches the caller process's UID. Also if caller's uid or gid matches the
580. # socket's uid or gid the lookup succeeds. Anything else causes a failure.
581. #
582. # To give the caller full permissions to lookup all users, set the mode to
583. # something else than 0666 and Dovecot lets the kernel enforce the
584. # permissions (e.g. 0777 allows everyone full permissions).
585. # unix_listener auth-userdb {
586. #mode = 0666
587. #user =
588. #group =
589. # }
590.  
591. # Postfix smtp-auth
592. # unix_listener /var/spool/postfix/private/auth {
593. # mode = 0666
594. # user = postfix
595. # group = postfix
596. # }
597.  
598. # Auth process is run as this user.
599. #user = $default_internal_user
600. #}
601.  
602.  
603. service auth {
604. # auth_socket_path points to this userdb socket by default. It's typically
605. # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
606. # permissions make it readable only by root, but you may need to relax these
607. # permissions. Users that have access to this socket are able to get a list
608. # of all usernames and get results of everyone's userdb lookups.
609. unix_listener /var/spool/postfix/private/auth {
610. mode = 0666
611. user = postfix
612. group = postfix
613. }
614.  
615. unix_listener auth-userdb {
616. mode = 0600
617. user = vmail
618. #group =
619. }
620.  
621. # Postfix smtp-auth
622. #unix_listener /var/spool/postfix/private/auth {
623. # mode = 0666
624. #}
625.  
626. # Auth process is run as this user.
627. user = dovecot
628. }
629.  
630.  
631. #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
632.  
633. #service auth-worker {
634. # Auth worker process is run as root by default, so that it can access
635. # /etc/shadow. If this isn't necessary, the user should be changed to
636. # $default_internal_user.
637. #user = root
638. #}
639.  
640. service auth-worker {
641. # Auth worker process is run as root by default, so that it can access
642. # /etc/shadow. If this isn't necessary, the user should be changed to
643. # $default_internal_user.
644. user = vmail
645. }
646.  
647. service dict {
648. # If dict proxy is used, mail processes should have access to its socket.
649. # For example: mode=0660, group=vmail and global mail_access_groups=vmail
650. unix_listener dict {
651. #mode = 0600
652. #user =
653. #group =
654. }
655. }
656.  
657. ##
658. ## SSL settings
659. ##
660.  
661.  
662. #Added for ssl support reffered https://scaron.info/blog/debian-mail-postfix-dovecot.html
663. # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
664. ssl = required
665. ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
666. ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
667.  
668. # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
669. # dropping root privileges, so keep the key file unreadable by anyone but
670. # root. Included doc/mkcert.sh can be used to easily generate self-signed
671. # certificate, just make sure to update the domains in dovecot-openssl.cnf
672. #ssl_cert = </etc/dovecot/dovecot.pem
673. #ssl_key = </etc/dovecot/private/dovecot.pem
674.  
675. # If key file is password protected, give the password here. Alternatively
676. # give it when starting dovecot with -p parameter. Since this file is often
677. # world-readable, you may want to place this setting instead to a different
678. # root owned 0600 file by using ssl_key_password = <path.
679. #ssl_key_password =
680.  
681. # PEM encoded trusted certificate authority. Set this only if you intend to use
682. # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
683. # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
684. #ssl_ca =
685.  
686. # Require that CRL check succeeds for client certificates.
687. #ssl_require_crl = yes
688.  
689. # Directory and/or file for trusted SSL CA certificates. These are used only
690. # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
691. # directory is usually /etc/ssl/certs in Debian-based systems and the file is
692. # /etc/pki/tls/cert.pem in RedHat-based systems.
693. #ssl_client_ca_dir =
694. #ssl_client_ca_file =
695.  
696. # Request client to send a certificate. If you also want to require it, set
697. # auth_ssl_require_client_cert=yes in auth section.
698. #ssl_verify_client_cert = no
699.  
700. # Which field from certificate to use for username. commonName and
701. # x500UniqueIdentifier are the usual choices. You'll also need to set
702. # auth_ssl_username_from_cert=yes.
703. #ssl_cert_username_field = commonName
704.  
705. # DH parameters length to use.
706. #ssl_dh_parameters_length = 1024
707.  
708. # SSL protocols to use
709. #ssl_protocols = !SSLv2
710.  
711. # SSL ciphers to use
712. #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
713.  
714. # Prefer the server's order of ciphers over client's.
715. #ssl_prefer_server_ciphers = no
716.  
717. # SSL crypto device to use, for valid values run "openssl engine"
718. #ssl_crypto_device =
719.  
720. # SSL extra options. Currently supported options are:
721. # no_compression - Disable compression.
722. #ssl_options =