Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
- #virtual_transport = lmtp:unix:private/dovecot-lmtp
- dovecot_destination_recipient_limit = 1
- virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
- virtual_transport = dovecot
- dovecot unix - n n - - pipe
- flags=DRhu user=vmail:vmail argv=/usr/local/lib/dovecot/dovecot-lda -f
- mail_location = maildir:/var/mail/vhosts/%d/%n
- alias_database = hash:/etc/aliases
- alias_maps = hash:/etc/aliases
- append_dot_mydomain = no
- biff = no
- dovecot_destination_recipient_limit = 1
- inet_interfaces = all
- mailbox_size_limit = 0
- mydestination = mydomain.com
- myhostname = mydomain.com
- mynetworks = 127.0.0.0/8 192.168.1.0/24 [::ffff:127.0.0.0]/104 [::1]/128
- myorigin = /etc/mailname
- readme_directory = no
- recipient_delimiter = +
- relayhost =
- smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
- smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_path = private/auth
- smtpd_sasl_type = dovecot
- smtpd_tls_auth_only = yes
- smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/fullchain.pem
- smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem
- smtpd_use_tls = yes
- virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-email2email.cf
- virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
- virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
- virtual_transport = dovecot
- # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
- # Pigeonhole version 0.4.13 (7b14904)
- # OS: Linux 4.4.0-36-generic x86_64 Ubuntu 16.04.1 LTS ext4
- auth_mechanisms = plain login
- mail_location = maildir:/var/mail/vhosts/%d/%n
- mail_privileged_group = mail
- passdb {
- args = /etc/dovecot/dovecot-sql.conf.ext
- driver = sql
- }
- protocols = imap pop3 lmtp
- service auth-worker {
- user = vmail
- }
- service auth {
- unix_listener /var/spool/postfix/private/auth {
- group = postfix
- mode = 0666
- user = postfix
- }
- unix_listener auth-userdb {
- mode = 0600
- user = vmail
- }
- user = dovecot
- }
- service imap-login {
- inet_listener imaps {
- port = 993
- ssl = yes
- }
- }
- service lmtp {
- unix_listener /var/spool/postfix/private/dovecot-lmtp {
- group = postfix
- mode = 0600
- user = postfix
- }
- }
- service pop3-login {
- inet_listener pop3 {
- port = 0
- }
- inet_listener pop3s {
- port = 995
- ssl = yes
- }
- }
- ssl = required
- ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
- ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
- userdb {
- args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
- driver = static
- }
- # See /usr/share/postfix/main.cf.dist for a commented, more complete version
- # Debian specific: Specifying a file name will cause the first
- # line of that file to be used as the name. The Debian default
- # is /etc/mailname.
- #myorigin = /etc/mailname
- smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
- biff = no
- # appending .domain is the MUA's job.
- append_dot_mydomain = no
- # Uncomment the next line to generate "delayed mail" warnings
- #delay_warning_time = 4h
- readme_directory = no
- # SSL/TLS certificates
- smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.com/fullchain.pem
- smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.com/privkey.pem
- smtpd_use_tls=yes
- smtpd_tls_auth_only=yes
- # TLS parameters
- #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
- #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
- #smtpd_use_tls=yes
- #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
- #smtpd_tls_cert_file=/etc/dovecot/dovecot.pem
- #smtpd_tls_key_file=/etc/dovecot/private/dovecot.pem
- #smtpd_use_tls=yes
- #smtpd_tls_auth_only = yes
- #Enabling SMTP for authenticated users, and handing off authentication to Dovecot
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/auth
- smtpd_sasl_auth_enable = yes
- smtpd_recipient_restrictions =
- permit_sasl_authenticated,
- permit_mynetworks,
- reject_unauth_destination
- # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
- # information on enabling SSL in the smtp client.
- myhostname = mydomain.com
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- myorigin = /etc/mailname
- #mydestination = mydomain.com, mail.mydomain.com
- mydestination = mydomain.com
- relayhost =
- mynetworks = 127.0.0.0/8 192.168.1.0/24 [::ffff:127.0.0.0]/104 [::1]/128
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
- #Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
- #virtual_transport = lmtp:unix:private/dovecot-lmtp
- dovecot_destination_recipient_limit = 1
- virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
- virtual_transport = dovecot
- #Virtual domains, users, and aliases
- virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
- virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
- mysql:/etc/postfix/mysql-virtual-email2email.cf
- #
- # Postfix master process configuration file. For details on the format
- # of the file, see the master(5) manual page (command: "man 5 master" or
- # on-line: http://www.postfix.org/master.5.html).
- #
- # Do not forget to execute "postfix reload" after editing this file.
- #
- # ==========================================================================
- # service type private unpriv chroot wakeup maxproc command + args
- # (yes) (yes) (no) (never) (100)
- # ==========================================================================
- dovecot unix - n n - - pipe
- flags=DRhu user=vmail:vmail argv=/usr/local/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}
- #smtp inet n - y - 1 postscreen
- smtp inet n - y - - smtpd
- #smtpd pass - - y - - smtpd
- #dnsblog unix - - y - 0 dnsblog
- #tlsproxy unix - - y - 0 tlsproxy
- submission inet n - - - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
- smtps inet n - - - - smtpd
- -o syslog_name=postfix/smtps
- -o smtpd_tls_wrappermode=yes
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
- #628 inet n - y - - qmqpd
- pickup unix n - y 60 1 pickup
- cleanup unix n - y - 0 cleanup
- qmgr unix n - n 300 1 qmgr
- #qmgr unix n - n 300 1 oqmgr
- tlsmgr unix - - y 1000? 1 tlsmgr
- rewrite unix - - y - - trivial-rewrite
- bounce unix - - y - 0 bounce
- defer unix - - y - 0 bounce
- trace unix - - y - 0 bounce
- verify unix - - y - 1 verify
- flush unix n - y 1000? 0 flush
- proxymap unix - - n - - proxymap
- proxywrite unix - - n - 1 proxymap
- smtp unix - - y - - smtp
- relay unix - - y - - smtp
- # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
- showq unix n - y - - showq
- error unix - - y - - error
- retry unix - - y - - error
- discard unix - - y - - discard
- local unix - n n - - local
- virtual unix - n n - - virtual
- lmtp unix - - y - - lmtp
- anvil unix - - y - 1 anvil
- scache unix - - y - 1 scache
- #
- # ====================================================================
- # Interfaces to non-Postfix software. Be sure to examine the manual
- # pages of the non-Postfix software to find out what options it wants.
- #
- # Many of the following services use the Postfix pipe(8) delivery
- # agent. See the pipe(8) man page for information about ${recipient}
- # and other message envelope options.
- # ====================================================================
- #
- # maildrop. See the Postfix MAILDROP_README file for details.
- # Also specify in main.cf: maildrop_destination_recipient_limit=1
- #
- maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
- #
- # ====================================================================
- #
- # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
- #
- # Specify in cyrus.conf:
- # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
- #
- # Specify in main.cf one or more of the following:
- # mailbox_transport = lmtp:inet:localhost
- # virtual_transport = lmtp:inet:localhost
- #
- # ====================================================================
- #
- # Cyrus 2.1.5 (Amos Gouaux)
- # Also specify in main.cf: cyrus_destination_recipient_limit=1
- #
- #cyrus unix - n n - - pipe
- # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
- #
- # ====================================================================
- # Old example of delivery via Cyrus.
- #
- #old-cyrus unix - n n - - pipe
- # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
- #
- # ====================================================================
- #
- # See the Postfix UUCP_README file for configuration details.
- #
- uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
- #
- # Other external delivery methods.
- #
- ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
- bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
- scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
- mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
- user = mailuser
- password = xxxxxxxxx
- hosts = 127.0.0.1
- dbname = mailserver
- query = SELECT destination FROM virtual_aliases WHERE source='%s'
- user = mailuser
- password = xxxxxxxxxxx
- hosts = 127.0.0.1
- dbname = mailserver
- query = SELECT email FROM virtual_users WHERE email='%s'
- user = mailuser
- password = xxxxxxxxxxxx
- hosts = 127.0.0.1
- dbname = mailserver
- query = SELECT 1 FROM virtual_domains WHERE name='%s'
- user = mailuser
- password = xxxxxxxxxx
- hosts = 127.0.0.1
- dbname = mailserver
- query = SELECT 1 FROM virtual_users WHERE email='%s'
- ## Dovecot configuration file
- # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
- # "doveconf -n" command gives a clean output of the changed settings. Use it
- # instead of copy&pasting files when posting to the Dovecot mailing list.
- # '#' character and everything after it is treated as comments. Extra spaces
- # and tabs are ignored. If you want to use either of these explicitly, put the
- # value inside quotes, eg.: key = "# char and trailing whitespace "
- # Default values are shown for each setting, it's not required to uncomment
- # those. These are exceptions to this though: No sections (e.g. namespace {})
- # or plugin settings are added by default, they're listed only as examples.
- # Paths are also just examples with the real defaults being based on configure
- # options. The paths listed here are for configure --prefix=/usr
- # --sysconfdir=/etc --localstatedir=/var
- # Enable installed protocols
- !include_try /usr/share/dovecot/protocols.d/*.protocol
- protocols = imap pop3 lmtp
- # A comma separated list of IPs or hosts where to listen in for connections.
- # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
- # If you want to specify non-default ports or anything more complex,
- # edit conf.d/master.conf.
- #listen = *, ::
- # Base directory where to store runtime data.
- #base_dir = /var/run/dovecot/
- # Name of this instance. Used to prefix all Dovecot processes in ps output.
- #instance_name = dovecot
- # Greeting message for clients.
- #login_greeting = Dovecot ready.
- # Space separated list of trusted network ranges. Connections from these
- # IPs are allowed to override their IP addresses and ports (for logging and
- # for authentication checks). disable_plaintext_auth is also ignored for
- # these networks. Typically you'd specify the IMAP proxy servers here.
- #login_trusted_networks =
- # Sepace separated list of login access check sockets (e.g. tcpwrap)
- #login_access_sockets =
- # Show more verbose process titles (in ps). Currently shows user name and
- # IP address. Useful for seeing who are actually using the IMAP processes
- # (eg. shared mailboxes or if same uid is used for multiple accounts).
- #verbose_proctitle = no
- # Should all processes be killed when Dovecot master process shuts down.
- # Setting this to "no" means that Dovecot can be upgraded without
- # forcing existing client connections to close (although that could also be
- # a problem if the upgrade is e.g. because of a security fix).
- #shutdown_clients = yes
- # If non-zero, run mail commands via this many connections to doveadm server,
- # instead of running them directly in the same process.
- #doveadm_worker_count = 0
- # UNIX socket or host:port used for connecting to doveadm server
- #doveadm_socket_path = doveadm-server
- # Space separated list of environment variables that are preserved on Dovecot
- # startup and passed down to all of its child processes. You can also give
- # key=value pairs to always set specific settings.
- #import_environment = TZ
- ##
- ## Dictionary server settings
- ##
- # Dictionary can be used to store key=value lists. This is used by several
- # plugins. The dictionary can be accessed either directly or though a
- # dictionary server. The following dict block maps dictionary names to URIs
- # when the server is used. These can then be referenced using URIs in format
- # "proxy::<name>".
- dict {
- #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
- #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
- }
- # Most of the actual configuration gets included below. The filenames are
- # first sorted by their ASCII value and parsed in that order. The 00-prefixes
- # in filenames are intended to make it easier to understand the ordering.
- !include conf.d/*.conf
- # A config file can also tried to be included without giving an error if
- # it's not found:
- !include_try local.conf
- mail_location = maildir:/var/mail/vhosts/%d/%n
- mail_privileged_group = mail
- drwxrwsr-x 3 vmail vmail 4096 Sep 16 17:54 /var/mail
- disable_plaintext_auth = yes
- auth_mechanisms = plain login
- !include auth-sql.conf.ext
- # Authentication for SQL users. Included from 10-auth.conf.
- #
- # <doc/wiki/AuthDatabase.SQL.txt>
- #passdb {
- # driver = sql
- # Path for SQL configuration file, see example-config/dovecot-#sql.conf.ext
- #}
- # "prefetch" user database means that the passdb already provided the
- # needed information and there's no need to do a separate userdb lookup.
- # <doc/wiki/UserDatabase.Prefetch.txt>
- #userdb {
- # driver = prefetch
- #}
- #userdb {
- # driver = static
- #}
- # If you don't have any user-specific settings, you can avoid the user_query
- # by using userdb static instead of userdb sql, for example:
- # <doc/wiki/UserDatabase.Static.txt>
- #userdb {
- #driver = static
- #args = uid=vmail gid=vmail home=/var/vmail/%u
- #}
- #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
- passdb {
- driver = sql
- args = /etc/dovecot/dovecot-sql.conf.ext
- }
- userdb {
- driver = static
- args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
- }
- driver = mysql
- connect = host=127.0.0.1 dbname=mailserver user=mailuser password=Owningjesta2life
- default_pass_scheme = SHA512-CRYPT
- password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
- drwxr-x--- 4 vmail dovecot 4096 Sep 16 14:50 /etc/dovecot
- #default_process_limit = 100
- #default_client_limit = 1000
- # Default VSZ (virtual memory size) limit for service processes. This is mainly
- # intended to catch and kill processes that leak memory before they eat up
- # everything.
- #default_vsz_limit = 256M
- # Login user is internally used by login processes. This is the most untrusted
- # user in Dovecot system. It shouldn't have access to anything at all.
- #default_login_user = dovenull
- # Internal user is used by unprivileged processes. It should be separate from
- # login user, so that login processes can't disturb other processes.
- #default_internal_user = dovecot
- #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
- #service imap-login {
- # inet_listener imap {
- # #port = 143
- # }
- # inet_listener imaps {
- # #port = 993
- # #ssl = yes
- # }
- service imap-login {
- inet_listener imap {
- #port = 0
- }
- inet_listener imaps {
- port = 993
- ssl = yes
- }
- # Number of connections to handle before starting a new process. Typically
- # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
- # is faster. <doc/wiki/LoginProcess.txt>
- #service_count = 1
- # Number of processes to always keep waiting for more connections.
- #process_min_avail = 0
- # If you set service_count=0, you probably need to grow this.
- #vsz_limit = $default_vsz_limit
- }
- #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
- #service pop3-login {
- # inet_listener pop3 {
- # #port = 110
- # }
- # inet_listener pop3s {
- # #port = 995
- # #ssl = yes
- # }
- #}
- service pop3-login {
- inet_listener pop3 {
- port = 0
- }
- inet_listener pop3s {
- port = 995
- ssl = yes
- }
- }
- #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
- #service lmtp {
- # unix_listener lmtp {
- #mode = 0666
- # }
- # Create inet listener only if you can't use the above UNIX socket
- #inet_listener lmtp {
- # Avoid making LMTP visible for the entire internet
- #address =
- #port =
- #}
- #}
- service lmtp {
- unix_listener /var/spool/postfix/private/dovecot-lmtp {
- mode = 0600
- user = postfix
- group = postfix
- }
- # Create inet listener only if you can't use the above UNIX socket
- #inet_listener lmtp {
- # Avoid making LMTP visible for the entire internet
- #address =
- #port =
- #}
- }
- service imap {
- # Most of the memory goes to mmap()ing files. You may need to increase this
- # limit if you have huge mailboxes.
- #vsz_limit = $default_vsz_limit
- # Max. number of IMAP processes (connections)
- #process_limit = 1024
- }
- service pop3 {
- # Max. number of POP3 processes (connections)
- #process_limit = 1024
- }
- #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
- #service auth {
- # auth_socket_path points to this userdb socket by default. It's typically
- # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
- # full permissions to this socket are able to get a list of all usernames and
- # get the results of everyone's userdb lookups.
- #
- # The default 0666 mode allows anyone to connect to the socket, but the
- # userdb lookups will succeed only if the userdb returns an "uid" field that
- # matches the caller process's UID. Also if caller's uid or gid matches the
- # socket's uid or gid the lookup succeeds. Anything else causes a failure.
- #
- # To give the caller full permissions to lookup all users, set the mode to
- # something else than 0666 and Dovecot lets the kernel enforce the
- # permissions (e.g. 0777 allows everyone full permissions).
- # unix_listener auth-userdb {
- #mode = 0666
- #user =
- #group =
- # }
- # Postfix smtp-auth
- # unix_listener /var/spool/postfix/private/auth {
- # mode = 0666
- # user = postfix
- # group = postfix
- # }
- # Auth process is run as this user.
- #user = $default_internal_user
- #}
- service auth {
- # auth_socket_path points to this userdb socket by default. It's typically
- # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
- # permissions make it readable only by root, but you may need to relax these
- # permissions. Users that have access to this socket are able to get a list
- # of all usernames and get results of everyone's userdb lookups.
- unix_listener /var/spool/postfix/private/auth {
- mode = 0666
- user = postfix
- group = postfix
- }
- unix_listener auth-userdb {
- mode = 0600
- user = vmail
- #group =
- }
- # Postfix smtp-auth
- #unix_listener /var/spool/postfix/private/auth {
- # mode = 0666
- #}
- # Auth process is run as this user.
- user = dovecot
- }
- #changed as in https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
- #service auth-worker {
- # Auth worker process is run as root by default, so that it can access
- # /etc/shadow. If this isn't necessary, the user should be changed to
- # $default_internal_user.
- #user = root
- #}
- service auth-worker {
- # Auth worker process is run as root by default, so that it can access
- # /etc/shadow. If this isn't necessary, the user should be changed to
- # $default_internal_user.
- user = vmail
- }
- service dict {
- # If dict proxy is used, mail processes should have access to its socket.
- # For example: mode=0660, group=vmail and global mail_access_groups=vmail
- unix_listener dict {
- #mode = 0600
- #user =
- #group =
- }
- }
- ##
- ## SSL settings
- ##
- #Added for ssl support reffered https://scaron.info/blog/debian-mail-postfix-dovecot.html
- # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
- ssl = required
- ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
- ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
- # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
- # dropping root privileges, so keep the key file unreadable by anyone but
- # root. Included doc/mkcert.sh can be used to easily generate self-signed
- # certificate, just make sure to update the domains in dovecot-openssl.cnf
- #ssl_cert = </etc/dovecot/dovecot.pem
- #ssl_key = </etc/dovecot/private/dovecot.pem
- # If key file is password protected, give the password here. Alternatively
- # give it when starting dovecot with -p parameter. Since this file is often
- # world-readable, you may want to place this setting instead to a different
- # root owned 0600 file by using ssl_key_password = <path.
- #ssl_key_password =
- # PEM encoded trusted certificate authority. Set this only if you intend to use
- # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
- # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
- #ssl_ca =
- # Require that CRL check succeeds for client certificates.
- #ssl_require_crl = yes
- # Directory and/or file for trusted SSL CA certificates. These are used only
- # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
- # directory is usually /etc/ssl/certs in Debian-based systems and the file is
- # /etc/pki/tls/cert.pem in RedHat-based systems.
- #ssl_client_ca_dir =
- #ssl_client_ca_file =
- # Request client to send a certificate. If you also want to require it, set
- # auth_ssl_require_client_cert=yes in auth section.
- #ssl_verify_client_cert = no
- # Which field from certificate to use for username. commonName and
- # x500UniqueIdentifier are the usual choices. You'll also need to set
- # auth_ssl_username_from_cert=yes.
- #ssl_cert_username_field = commonName
- # DH parameters length to use.
- #ssl_dh_parameters_length = 1024
- # SSL protocols to use
- #ssl_protocols = !SSLv2
- # SSL ciphers to use
- #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
- # Prefer the server's order of ciphers over client's.
- #ssl_prefer_server_ciphers = no
- # SSL crypto device to use, for valid values run "openssl engine"
- #ssl_crypto_device =
- # SSL extra options. Currently supported options are:
- # no_compression - Disable compression.
- #ssl_options =
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement