Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Dovecot configuration file
- # NOTICE FOR CPANEL SYSTEMS
- # On cPanel servers this file is generated by combining a
- # template at /var/cpanel/templates/dovecot2.3/main.default
- # and a datastore at /var/cpanel/conf/dovecot/main
- #
- # The template may be customized by making a copy of it at
- # /var/cpanel/templates/dovecot2.3/main.local
- # similar to the way in which httpd.conf can be customized
- #
- # Direct edits of the rendered dovecot.conf file will not
- # be preserved when dovecot is updated. Use the
- # "Mailserver Configuration" interface in WebHostManager instead.
- # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
- # "doveconf -n" command gives a clean output of the changed settings. Use it
- # instead of copy&pasting files when posting to the Dovecot mailing list.
- # '#' character and everything after it is treated as comments. Extra spaces
- # and tabs are ignored. If you want to use either of these explicitly, put the
- # value inside quotes, eg.: key = "# char and trailing whitespace "
- # Most (but not all) settings can be overridden by different protocols and/or
- # source/destination IPs by placing the settings inside sections, for example:
- # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
- # Default values are shown for each setting, it's not required to uncomment
- # those. These are exceptions to this though: No sections (e.g. namespace {})
- # or plugin settings are added by default, they're listed only as examples.
- # Paths are also just examples with the real defaults being based on configure
- # options. The paths listed here are for configure --prefix=/usr
- # --sysconfdir=/etc --localstatedir=/var
- # Base directory where to store runtime data.
- [%- IF base_dir.defined %]
- base_dir = [% base_dir %]
- [%- ELSE %]
- #base_dir = /var/run/dovecot
- [%- END %]
- # Protocols we want to be serving: imap pop3
- # If you only want to use dovecot-auth, you can set this to "none".
- [%- IF protocols.length %]
- protocols = lmtp [% protocols.split(' ').grep('^(imap|pop3)$').join(' ') %]
- [%- ELSE %]
- protocols = lmtp imap pop3
- [%- END %]
- # A comma separated list of IPs or hosts where to listen in for connections.
- # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
- # If you want to specify non-default ports or anything more complex,
- # edit conf.d/master.conf.
- #listen = *, ::
- # Should all IMAP and POP3 processes be killed when Dovecot master process
- # shuts down. Setting this to "no" means that Dovecot can be upgraded without
- # forcing existing client connections to close (although that could also be
- # a problem if the upgrade is eg. because of a security fix). This however
- # means that after master process has died, the client processes can't write
- # to log files anymore.
- [%- IF shutdown_clients.defined %]
- shutdown_clients = [% shutdown_clients %]
- [%- ELSE %]
- #shutdown_clients = yes
- [%- END %]
- [% IF fts_support %]
- # FTS support
- !include_try /etc/dovecot/fts.conf
- [% END %]
- ##
- ## SSL settings
- ##
- # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
- [%- IF ssl.defined %]
- ssl = [% ssl %]
- [%- ELSE %]
- #ssl = yes
- [%- END %]
- # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
- # dropping root privileges, so keep the key file unreadable by anyone but
- # root. Included doc/mkcert.sh can be used to easily generate self-signed
- # certificate, just make sure to update the domains in dovecot-openssl.cnf
- [%- IF ssl_cert_file.defined %]
- ssl_cert = <[% ssl_cert_file %]
- [%- ELSE %]
- #ssl_cert = </etc/dovecot/ssl/dovecot.crt
- [%- END %]
- [%- IF ssl_key_file.defined %]
- ssl_key = <[% ssl_key_file %]
- [%- ELSE %]
- #ssl_key = </etc/dovecot/ssl/dovecot.key
- [%- END %]
- # If key file is password protected, give the password here. Alternatively
- # give it when starting dovecot with -p parameter.
- [%- IF ssl_key_password.defined %]
- ssl_key_password = [% ssl_key_password %]
- [%- ELSE %]
- #ssl_key_password =
- [%- END %]
- # PEM encoded trusted certificate authority. Set this only if you intend to use
- # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
- # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
- [%- IF ssl_ca_file.defined %]
- ssl_ca = <[% ssl_ca_file %]
- [%- ELSE %]
- #ssl_ca =
- [%- END %]
- # Request client to send a certificate. If you also want to require it, set
- # auth_ssl_require_client_cert=yes in auth section.
- [%- IF ssl_verify_client_cert.defined %]
- ssl_verify_client_cert = [% ssl_verify_client_cert %]
- [%- ELSE %]
- #ssl_verify_client_cert = no
- [%- END %]
- # Which field from certificate to use for username. commonName and
- # x500UniqueIdentifier are the usual choices. You'll also need to set
- # auth_ssl_username_from_cert=yes.
- [%- IF ssl_cert_username_field.defined %]
- ssl_cert_username_field = [% ssl_cert_username_field %]
- [%- ELSE %]
- #ssl_cert_username_field = commonName
- [%- END %]
- # SSL DH parameters
- # Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
- # Or migrate from old ssl-parameters.dat file with the command dovecot
- # gives on startup when ssl_dh is unset.
- [%- IF ssl_dh_file %]
- ssl_dh = <[% ssl_dh_file %]
- [%- END %]
- # Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
- # TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
- [%- IF ssl_min_protocol.defined %]
- ssl_min_protocol = [% ssl_min_protocol %]
- [%- ELSE %]
- #ssl_min_protocol = TLSv1
- [%- END %]
- # SSL ciphers to use, the default is:
- #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
- # To disable non-EC DH, use:
- #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
- [%- IF ssl_cipher_list.defined %]
- ssl_cipher_list = [% ssl_cipher_list %]
- [%- ELSE %]
- #ssl_cipher_list = ALL:!LOW:!SSLv2
- [%- END %]
- # Colon separated list of elliptic curves to use. Empty value (the default)
- # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
- # example of a valid value.
- #ssl_curve_list =
- # Prefer the server's order of ciphers over client's.
- #ssl_prefer_server_ciphers = no
- # SSL crypto device to use, for valid values run "openssl engine"
- #ssl_crypto_device =
- # SSL extra options. Currently supported options are:
- # compression - Enable compression.
- # no_ticket - Disable SSL session tickets.
- #ssl_options =
- # Show protocol level SSL errors.
- [%- IF verbose_ssl.defined %]
- verbose_ssl = [% verbose_ssl %]
- [%- ELSE %]
- #verbose_ssl = no
- [%- END %]
- # SNI hosts
- !include_try /etc/dovecot/sni.conf
- ##
- ## Login processes
- ##
- # Name of this instance. In multi-instance setup doveadm and other commands
- # can use -i <instance_name> to select which instance is used (an alternative
- # to -c <config_path>). The instance name is also added to Dovecot processes
- # in ps output.
- #instance_name = dovecot
- # Greeting message for clients.
- [%- IF login_greeting.defined %]
- login_greeting = [% login_greeting %]
- [%- ELSE %]
- #login_greeting = Dovecot ready.
- [%- END %]
- # Space separated list of trusted network ranges. Connections from these
- # IPs are allowed to override their IP addresses and ports (for logging and
- # for authentication checks). disable_plaintext_auth is also ignored for
- # these networks. Typically you'd specify your IMAP proxy servers here.
- [%- IF login_trusted_networks.defined %]
- login_trusted_networks = [% login_trusted_networks %]
- [%- ELSE %]
- #login_trusted_networks =
- [%- END %]
- # Space separated list of login access check sockets (e.g. tcpwrap)
- #login_access_sockets =
- # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
- # proxying. This isn't necessary normally, but may be useful if the destination
- # IP is e.g. a load balancer's IP.
- #auth_proxy_self =
- ##
- ## Mailbox locations and namespaces
- ##
- # Location for users' mailboxes. The default is empty, which means that Dovecot
- # tries to find the mailboxes automatically. This won't work if the user
- # doesn't yet have any mail, so you should explicitly tell Dovecot the full
- # location.
- #
- # If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
- # isn't enough. You'll also need to tell Dovecot where the other mailboxes are
- # kept. This is called the "root mail directory", and it must be the first
- # path given in the mail_location setting.
- #
- # There are a few special variables you can use, eg.:
- #
- # %u - username
- # %n - user part in user@domain, same as %u if there's no domain
- # %d - domain part in user@domain, empty if there's no domain
- # %h - home directory
- #
- # See doc/wiki/Variables.txt for full list. Some examples:
- #
- # mail_location = maildir:~/Maildir
- # mail_location = mbox:~/mail:INBOX=/var/mail/%u
- # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
- #
- # <doc/wiki/MailLocation.txt>
- #
- [%- IF mail_location.defined %]
- mail_location = [% mail_location %]
- [%- ELSE %]
- #mail_location =
- [%- END %]
- namespace inbox {
- type = private
- # Hierarchy separator to use. You should use the same separator for all
- # namespaces or some clients get confused. '/' is usually a good one.
- # The default however depends on the underlying mail storage format.
- [%- IF namespace_private.separator.defined %]
- separator = [% namespace_private.separator %]
- [%- ELSE %]
- #separator =
- [%- END %]
- # Prefix required to access this namespace. This needs to be different for
- # all namespaces. For example "Public/".
- [%- IF namespace_private.prefix.defined %]
- prefix = [% namespace_private.prefix %]
- [%- ELSE %]
- #prefix = INBOX.
- [%- END %]
- # Physical location of the mailbox. This is in same format as
- # mail_location, which is also the default for it.
- [%- IF namespace_private.location.defined %]
- location = [% namespace_private.location %]
- [%- ELSE %]
- #location =
- [%- END %]
- # There can be only one INBOX, and this setting defines which namespace
- # has it.
- [%- IF namespace_private.inbox.defined %]
- inbox = [% namespace_private.inbox %]
- [%- ELSE %]
- #inbox = yes
- [%- END %]
- # If namespace is hidden, it's not advertised to clients via NAMESPACE
- # extension. You'll most likely also want to set list=no. This is mostly
- # useful when converting from another server with different namespaces which
- # you want to deprecate but still keep working. For example you can create
- # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
- [%- IF namespace_private.hidden.defined %]
- hidden = [% namespace_private.hidden %]
- [%- ELSE %]
- #hidden = yes
- [%- END %]
- # Show the mailboxes under this namespace with LIST command. This makes the
- # namespace visible for clients that don't support NAMESPACE extension.
- # "children" value lists child mailboxes, but hides the namespace prefix.
- [%- IF namespace_private.defined('list') %]
- list = [% namespace_private.item('list') %]
- [%- ELSE %]
- #list = yes
- [%- END %]
- # Namespace handles its own subscriptions. If set to "no", the parent
- # namespace handles them (empty prefix should always have this as "yes")
- #subscriptions = yes
- [%- IF namespace_private.subscriptions.defined %]
- subscriptions = [% namespace_private.subscriptions %]
- [%- ELSE %]
- #subscriptions = yes
- [%- END %]
- mailbox Drafts {
- special_use = \Drafts
- auto = subscribe
- }
- mailbox spam {
- special_use = \Junk
- auto = subscribe
- }
- mailbox Trash {
- special_use = \Trash
- auto = subscribe
- }
- mailbox Sent {
- special_use = \Sent
- auto = subscribe
- }
- mailbox "Sent Messages" {
- special_use = \Sent
- auto = no
- }
- mailbox Archive {
- special_use = \Archive
- auto = create
- }
- mailbox "Archives" {
- special_use = \Archive
- auto = no
- }
- }
- # Example shared namespace configuration
- #namespace {
- #type = shared
- #separator = /
- # Mailboxes are visible under "shared/user@domain/"
- # %%n, %%d and %%u are expanded to the destination user.
- #prefix = shared/%%u/
- # Mail location for other users' mailboxes. Note that %variables and ~/
- # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
- # destination user's data.
- #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
- # Use the default namespace for saving subscriptions.
- #subscriptions = no
- # List the shared/ namespace only if there are visible shared mailboxes.
- #list = children
- #}
- # Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
- #mail_shared_explicit_inbox = no
- # System user and group used to access mails. If you use multiple, userdb
- # can override these by returning uid or gid fields. You can use either numbers
- # or names. <doc/wiki/UserIds.txt>
- [%- IF mail_uid.defined %]
- mail_uid = [% mail_uid %]
- [%- ELSE %]
- #mail_uid =
- [%- END %]
- [%- IF mail_gid.defined %]
- mail_gid = [% mail_gid %]
- [%- ELSE %]
- #mail_gid =
- [%- END %]
- # Group to enable temporarily for privileged operations. Currently this is
- # used only with INBOX when either its initial creation or dotlocking fails.
- # Typically this is set to "mail" to give access to /var/mail.
- [%- IF mail_privileged_group.defined %]
- mail_privileged_group = [% mail_privileged_group %]
- [%- ELSE %]
- #mail_privileged_group =
- [%- END %]
- # Grant access to these supplementary groups for mail processes. Typically
- # these are used to set up access to shared mailboxes. Note that it may be
- # dangerous to set these if users can create symlinks (e.g. if "mail" group is
- # set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
- # mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
- [%- IF mail_access_groups.defined %]
- mail_access_groups = [% mail_access_groups %]
- [%- ELSE %]
- #mail_access_groups =
- [%- END %]
- # Allow full filesystem access to clients. There's no access checks other than
- # what the operating system does for the active UID/GID. It works with both
- # maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
- # or ~user/.
- [%- IF mail_full_filesystem_access.defined %]
- mail_full_filesystem_access = [% mail_full_filesystem_access %]
- [%- ELSE %]
- #mail_full_filesystem_access = no
- [%- END %]
- # Dictionary for key=value mailbox attributes. This is used for example by
- # URLAUTH and METADATA extensions.
- #mail_attribute_dict =
- # A comment or note that is associated with the server. This value is
- # accessible for authenticated users through the IMAP METADATA server
- # entry "/shared/comment".
- #mail_server_comment = ""
- # Indicates a method for contacting the server administrator. According to
- # RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
- # is currently not enforced. Use for example mailto:admin@example.com. This
- # value is accessible for authenticated users through the IMAP METADATA server
- # entry "/shared/admin".
- #mail_server_admin =
- ##
- ## Mail processes
- ##
- # Don't use mmap() at all. This is required if you store indexes to shared
- # filesystems (NFS or clustered filesystem).
- [%- IF mmap_disable.defined %]
- mmap_disable = [% mmap_disable %]
- [%- ELSE %]
- #mmap_disable = no
- [%- END %]
- # Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
- # since version 3, so this should be safe to use nowadays by default.
- [%- IF dotlock_use_excl.defined %]
- dotlock_use_excl = [% dotlock_use_excl %]
- [%- ELSE %]
- #dotlock_use_excl = yes
- [%- END %]
- # When to use fsync() or fdatasync() calls:
- # optimized (default): Whenever necessary to avoid losing important data
- # always: Useful with e.g. NFS when write()s are delayed
- # never: Never use it (best performance, but crashes can lose data)
- [%- IF fsync_disable.defined %]
- mail_fsync = [% fsync_disable == "yes" ? 'never' : 'optimized' %]
- [%- ELSE %]
- #mail_fsync = optimized
- [%- END %]
- # Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches
- # whenever needed. If you're using only a single mail server this isn't needed.
- [%- IF mail_nfs_storage.defined %]
- mail_nfs_storage = [% mail_nfs_storage %]
- [%- ELSE %]
- #mail_nfs_storage = no
- [%- END %]
- # Mail index files also exist in NFS. Setting this to yes requires
- # mmap_disable=yes and fsync_disable=no.
- [%- IF mail_nfs_index.defined %]
- mail_nfs_index = [% mail_nfs_index %]
- [%- ELSE %]
- #mail_nfs_index = no
- [%- END %]
- # Locking method for index files. Alternatives are fcntl, flock and dotlock.
- # Dotlocking uses some tricks which may create more disk I/O than other locking
- # methods. NFS users: flock doesn't work, remember to change mmap_disable.
- [%- IF lock_method.defined %]
- lock_method = [% lock_method %]
- [%- ELSE %]
- #lock_method = fcntl
- [%- END %]
- # Show more verbose process titles (in ps). Currently shows user name and
- # IP address. Useful for seeing who are actually using the IMAP processes
- # (eg. shared mailboxes or if same uid is used for multiple accounts).
- [%- IF verbose_proctitle.defined %]
- verbose_proctitle = [% verbose_proctitle %]
- [%- ELSE %]
- #verbose_proctitle = no
- [%- END %]
- # Directory where mails can be temporarily stored. Usually it's used only for
- # mails larger than >= 128 kB. It's used by various parts of Dovecot, for
- # example LDA/LMTP while delivering large mails or zlib plugin for keeping
- # uncompressed mails.
- #mail_temp_dir = /tmp
- # Valid UID range for users, defaults to 500 and above. This is mostly
- # to make sure that users can't log in as daemons or other system users.
- # Note that denying root logins is hardcoded to dovecot binary and can't
- # be done even if first_valid_uid is set to 0.
- [%- IF first_valid_uid.defined %]
- first_valid_uid = [% first_valid_uid %]
- [%- ELSE %]
- first_valid_uid = 201
- [%- END %]
- [%- IF last_valid_uid.defined %]
- last_valid_uid = [% last_valid_uid %]
- [%- ELSE %]
- #last_valid_uid = 0
- [%- END %]
- # Valid GID range for users, defaults to non-root/wheel. Users having
- # non-valid GID as primary group ID aren't allowed to log in. If user
- # belongs to supplementary groups with non-valid GIDs, those groups are
- # not set.
- [%- IF first_valid_gid.defined %]
- first_valid_gid = [% first_valid_gid %]
- [%- ELSE %]
- #first_valid_gid = 1
- [%- END %]
- [%- IF last_valid_gid.defined %]
- last_valid_gid = [% last_valid_gid %]
- [%- ELSE %]
- #last_valid_gid = 0
- [%- END %]
- # Maximum allowed length for mail keyword name. It's only forced when trying
- # to create new keywords.
- [%- IF mail_max_keyword_length.defined %]
- mail_max_keyword_length = [% mail_max_keyword_length %]
- [%- ELSE %]
- #mail_max_keyword_length = 50
- [%- END %]
- # ':' separated list of directories under which chrooting is allowed for mail
- # processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
- # This setting doesn't affect login_chroot, mail_chroot or auth chroot
- # settings. If this setting is empty, "/./" in home dirs are ignored.
- # WARNING: Never add directories here which local users can modify, that
- # may lead to root exploit. Usually this should be done only if you don't
- # allow shell access for users. <doc/wiki/Chrooting.txt>
- [%- IF valid_chroot_dirs.defined %]
- valid_chroot_dirs = [% valid_chroot_dirs %]
- [%- ELSE %]
- #valid_chroot_dirs =
- [%- END %]
- # Default chroot directory for mail processes. This can be overridden for
- # specific users in user database by giving /./ in user's home directory
- # (eg. /home/./user chroots into /home). Note that usually there is no real
- # need to do chrooting, Dovecot doesn't allow users to access files outside
- # their mail directory anyway. If your home directories are prefixed with
- # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
- [%- IF mail_chroot.defined %]
- mail_chroot = [% mail_chroot %]
- [%- ELSE %]
- #mail_chroot =
- [%- END %]
- # UNIX socket path to master authentication server to find users.
- # This is used by imap (for shared users) and lda.
- #auth_socket_path = /var/run/dovecot/auth-userdb
- # Directory where to look up mail plugins.
- #mail_plugin_dir = /usr/lib/dovecot
- # Space separated list of plugins to load for all services. Plugins specific to
- # IMAP, LDA, etc. are added to this list in their own .conf files.
- # Quota support must be enabled globally for the quota-status
- # service to work
- mail_plugins = quota quota_clone zlib [% IF fts_support %]fts fts_solr[% END %]
- ##
- ## Mailbox handling optimizations
- ##
- # Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
- # also required for IMAP NOTIFY extension to be enabled.
- mailbox_list_index = yes
- # Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
- # of potentially returning out-of-date results after e.g. server crashes.
- # The results will be automatically fixed once the folders are opened.
- #mailbox_list_index_very_dirty_syncs = yes
- # Should INBOX be kept up-to-date in the mailbox list index? By default it's
- # not, because most of the mailbox accesses will open INBOX anyway.
- #mailbox_list_index_include_inbox = no
- # The minimum number of mails in a mailbox before updates are done to cache
- # file. This allows optimizing Dovecot's behavior to do less disk writes at
- # the cost of more disk reads.
- [%- IF mail_cache_min_mail_count.defined %]
- mail_cache_min_mail_count = [% mail_cache_min_mail_count %]
- [%- ELSE %]
- #mail_cache_min_mail_count = 0
- [%- END %]
- # When IDLE command is running, mailbox is checked once in a while to see if
- # there are any new mails or other changes. This setting defines the minimum
- # time to wait between those checks. Dovecot can also use inotify and
- # kqueue to find out immediately when changes occur.
- [%- IF mailbox_idle_check_interval.defined %]
- mailbox_idle_check_interval = [% mailbox_idle_check_interval %] secs
- [%- ELSE %]
- #mailbox_idle_check_interval = 30 secs
- [%- END %]
- # Save mails with CR+LF instead of plain LF. This makes sending those mails
- # take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
- # But it also creates a bit more disk I/O which may just make it slower.
- # Also note that if other software reads the mboxes/maildirs, they may handle
- # the extra CRs wrong and cause problems.
- [%- IF mail_save_crlf.defined %]
- mail_save_crlf = [% mail_save_crlf %]
- [%- ELSE %]
- #mail_save_crlf = no
- [%- END %]
- # Max number of mails to keep open and prefetch to memory. This only works with
- # some mailbox formats and/or operating systems.
- mail_prefetch_count = 20
- # How often to scan for stale temporary files and delete them (0 = never).
- # These should exist only after Dovecot dies in the middle of saving mails.
- #mail_temp_scan_interval = 1w
- # How many slow mail accesses sorting can perform before it returns failure.
- # With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
- # The untagged SORT reply is still returned, but it's likely not correct.
- #mail_sort_max_read_count = 0
- protocol !indexer-worker {
- # If folder vsize calculation requires opening more than this many mails from
- # disk (i.e. mail sizes aren't in cache already), return failure and finish
- # the calculation via indexer process. Disabled by default. This setting must
- # be 0 for indexer-worker processes.
- #mail_vsize_bg_after_count = 0
- }
- ##
- ## Maildir-specific settings
- ##
- # By default LIST command returns all entries in maildir beginning with a dot.
- # Enabling this option makes Dovecot return only entries which are directories.
- # This is done by stat()ing each entry, so it causes more disk I/O.
- # (For systems setting struct dirent->d_type, this check is free and it's
- # done always regardless of this setting)
- [%- IF maildir_stat_dirs.defined %]
- maildir_stat_dirs = [% maildir_stat_dirs %]
- [%- ELSE %]
- #maildir_stat_dirs = no
- [%- END %]
- # When copying a message, do it with hard links whenever possible. This makes
- # the performance much better, and it's unlikely to have any side effects.
- [%- IF maildir_copy_with_hardlinks.defined %]
- maildir_copy_with_hardlinks = [% maildir_copy_with_hardlinks %]
- [%- ELSE %]
- #maildir_copy_with_hardlinks = yes
- [%- END %]
- # Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
- # when its mtime changes unexpectedly or when we can't find the mail otherwise.
- [%- IF maildir_very_dirty_syncs.defined %]
- maildir_very_dirty_syncs = [% maildir_very_dirty_syncs %]
- [%- ELSE %]
- #maildir_very_dirty_syncs = no
- [%- END %]
- # If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
- # getting the mail's physical size, except when recalculating Maildir++ quota.
- # This can be useful in systems where a lot of the Maildir filenames have a
- # broken size. The performance hit for enabling this is very small.
- [%- IF maildir_broken_filename_sizes.defined %]
- maildir_broken_filename_sizes = [% maildir_broken_filename_sizes %]
- [%- ELSE %]
- #maildir_broken_filename_sizes = no
- [%- END %]
- # Always move mails from new/ directory to cur/, even when the \Recent flags
- # aren't being reset.
- #maildir_empty_new = no
- ##
- ## mdbox-specific settings
- ##
- # Maximum dbox file size until it's rotated.
- [%- IF mdbox_rotate_size.defined %]
- mdbox_rotate_size = [% mdbox_rotate_size %]
- [%- ELSE %]
- #mdbox_rotate_size = 10M
- [%- END %]
- # Maximum dbox file age until it's rotated. Typically in days. Day begins
- # from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
- [%- IF mdbox_rotate_interval.defined %]
- [% IF mdbox_rotate_interval.match('[wd]') %]
- # In this case they have defined a unit
- mdbox_rotate_interval = [% mdbox_rotate_interval %]
- [% ELSIF mdbox_rotate_interval %]
- # If they have not defined a unit we assume days
- mdbox_rotate_interval = [% mdbox_rotate_interval %]d
- [% END %]
- [%- ELSE %]
- #mdbox_rotate_interval = 0
- [%- END %]
- # When creating new mdbox files, immediately preallocate their size to
- # mdbox_rotate_size. This setting currently works only in Linux with some
- # filesystems (ext4, xfs).
- #mdbox_preallocate_space = no
- ##
- ## IMAP specific settings
- ##
- protocol imap {
- # If nothing happens for this long while client is IDLEing, move the connection
- # to imap-hibernate process and close the old imap process. This saves memory,
- # because connections use very little memory in imap-hibernate process. The
- # downside is that recreating the imap process back uses some resources.
- #imap_hibernate_timeout = 0
- # Maximum IMAP command line length in bytes. Some clients generate very long
- # command lines with huge mailboxes, so you may need to raise this if you get
- # "Too long argument" or "IMAP command line too large" errors often.
- [%- IF protocol_imap.imap_max_line_length.defined %]
- imap_max_line_length = [% protocol_imap.imap_max_line_length %]
- [%- ELSE %]
- #imap_max_line_length = 65536
- [%- END %]
- # Maximum number of IMAP connections allowed for a user from each IP address.
- # NOTE: The username is compared case-sensitively.
- [%- IF protocol_imap.mail_max_userip_connections.defined %]
- mail_max_userip_connections = [% protocol_imap.mail_max_userip_connections %]
- [%- ELSE %]
- #mail_max_userip_connections = 10
- [%- END %]
- # Space separated list of plugins to load (default is global mail_plugins).
- [%- IF protocol_imap.mail_plugins.defined %]
- mail_plugins = [% protocol_imap.mail_plugins %]
- [%- ELSE %]
- #mail_plugins = acl quota imap_quota
- [%- END %]
- [% IF expire_trash %]
- mail_plugins = $mail_plugins expire
- [% END %]
- mail_plugins = $mail_plugins zlib imap_zlib quota_clone virtual [% IF xaps_topic %]imap_xaps[% END %] [% IF fts_support %]fts fts_solr[% END %]
- #mail_plugin_dir = /usr/lib/dovecot/imap
- # IMAP logout format string:
- # %i - total number of bytes read from client
- # %o - total number of bytes sent to client
- # %{fetch_hdr_count} - Number of mails with mail header data sent to client
- # %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
- # %{fetch_body_count} - Number of mails with mail body data sent to client
- # %{fetch_body_bytes} - Number of bytes with mail body data sent to client
- # %{deleted} - Number of mails where client added \Deleted flag
- # %{expunged} - Number of mails that client expunged, which does not
- # include automatically expunged mails
- # %{autoexpunged} - Number of mails that were automatically expunged after
- # client disconnected
- # %{trashed} - Number of mails that client copied/moved to the
- # special_use=\Trash mailbox.
- # %{appended} - Number of mails saved during the session
- [%- IF protocol_imap.imap_logout_format.defined %]
- imap_logout_format = [% protocol_imap.imap_logout_format %]
- [%- ELSE %]
- #imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} \
- # trashed=%{trashed} hdr_count=%{fetch_hdr_count} \
- # hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} \
- # body_bytes=%{fetch_body_bytes}
- [%- END %]
- # Override the IMAP CAPABILITY response. If the value begins with '+',
- # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
- [%- IF protocol_imap.imap_capability.defined %]
- imap_capability = [% protocol_imap.imap_capability %]
- [%- ELSE %]
- #imap_capability =
- [%- END %]
- # How many seconds to wait between "OK Still here" notifications when
- # client is IDLEing.
- [%- IF protocol_imap.imap_idle_notify_interval.defined %]
- imap_idle_notify_interval = [% protocol_imap.imap_idle_notify_interval %] min
- [%- ELSE %]
- #imap_idle_notify_interval = 120
- [%- END %]
- # ID field names and values to send to clients. Using * as the value makes
- # Dovecot use the default value. The following fields have default values
- # currently: name, version, os, os-version, support-url, support-email.
- [%- IF protocol_imap.imap_id_send.defined %]
- imap_id_send = [% protocol_imap.imap_id_send %]
- [%- ELSE %]
- #imap_id_send =
- [%- END %]
- # ID fields sent by client to log. * means everything.
- [%- IF protocol_imap.imap_id_log.defined %]
- imap_id_log = [% protocol_imap.imap_id_log %]
- [%- ELSE %]
- #imap_id_log =
- [%- END %]
- # Workarounds for various client bugs:
- # delay-newmail:
- # Send EXISTS/RECENT new mail notifications only when replying to NOOP
- # and CHECK commands. Some clients ignore them otherwise, for example OSX
- # Mail (<v2.1). Outlook Express breaks more badly though, without this it
- # may show user "Message no longer in server" errors. Note that OE6 still
- # breaks even with this workaround if synchronization is set to
- # "Headers Only".
- # tb-extra-mailbox-sep:
- # Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
- # adds extra '/' suffixes to mailbox names. This option causes Dovecot to
- # ignore the extra '/' instead of treating it as invalid mailbox name.
- # tb-lsub-flags:
- # Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
- # This makes Thunderbird realize they aren't selectable and show them
- # greyed out, instead of only later giving "not selectable" popup error.
- #
- # The list is space-separated.
- [%- IF protocol_imap.imap_client_workarounds.defined %]
- imap_client_workarounds = [% protocol_imap.imap_client_workarounds %]
- [%- ELSE %]
- #imap_client_workarounds =
- [%- END %]
- # Host allowed in URLAUTH URLs sent by client. "*" allows all.
- #imap_urlauth_host =
- # Enable IMAP LITERAL- extension (replaces LITERAL+)
- #imap_literal_minus = no
- # What happens when FETCH fails due to some internal error:
- # disconnect-immediately:
- # The FETCH is aborted immediately and the IMAP client is disconnected.
- # disconnect-after:
- # The FETCH runs for all the requested mails returning as much data as
- # possible. The client is finally disconnected without a tagged reply.
- # no-after:
- # Same as disconnect-after, but tagged NO reply is sent instead of
- # disconnecting the client. If the client attempts to FETCH the same failed
- # mail more than once, the client is disconnected. This is to avoid clients
- # from going into infinite loops trying to FETCH a broken mail.
- #imap_fetch_failure = disconnect-immediately
- namespace spam {
- prefix = spam
- [%- IF namespace_private.separator.defined %]
- separator = [% namespace_private.separator %]
- [%- ELSE %]
- #separator =
- [%- END %]
- location = virtual:/usr/local/cpanel/etc/dovecot/virtual/spam:INDEX=~/mail/virtual/%u/spam
- list = no
- hidden = yes
- }
- namespace sent {
- prefix = sent
- [%- IF namespace_private.separator.defined %]
- separator = [% namespace_private.separator %]
- [%- ELSE %]
- #separator =
- [%- END %]
- location = virtual:/usr/local/cpanel/etc/dovecot/virtual/sent:INDEX=~/mail/virtual/%u/sent
- list = no
- hidden = yes
- }
- }
- ##
- ## POP3 specific settings
- ##
- protocol pop3 {
- # Don't try to set mails non-recent or seen with POP3 sessions. This is
- # mostly intended to reduce disk I/O. With maildir it doesn't move files
- # from new/ to cur/, with mbox it doesn't write Status-header.
- [%- IF protocol_pop3.pop3_no_flag_updates.defined %]
- pop3_no_flag_updates = [% protocol_pop3.pop3_no_flag_updates %]
- [%- ELSE %]
- #pop3_no_flag_updates = no
- [%- END %]
- # Support LAST command which exists in old POP3 specs, but has been removed
- # from new ones. Some clients still wish to use this though. Enabling this
- # makes RSET command clear all \Seen flags from messages.
- [%- IF protocol_pop3.pop3_enable_last.defined %]
- pop3_enable_last = [% protocol_pop3.pop3_enable_last %]
- [%- ELSE %]
- #pop3_enable_last = no
- [%- END %]
- # If mail has X-UIDL header, use it as the mail's UIDL.
- [%- IF protocol_pop3.pop3_reuse_xuidl.defined %]
- pop3_reuse_xuidl = [% protocol_pop3.pop3_reuse_xuidl %]
- [%- ELSE %]
- #pop3_reuse_xuidl = no
- [%- END %]
- # Allow only one POP3 session to run simultaneously for the same user.
- [%- IF protocol_pop3.pop3_lock_session.defined %]
- pop3_lock_session = [% protocol_pop3.pop3_lock_session %]
- [%- ELSE %]
- #pop3_lock_session =
- [%- END %]
- # POP3 UIDL (unique mail identifier) format to use. You can use following
- # variables, along with the variable modifiers described in
- # doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
- #
- # %v - Mailbox's IMAP UIDVALIDITY
- # %u - Mail's IMAP UID
- # %m - MD5 sum of the mailbox headers in hex (mbox only)
- # %f - filename (maildir only)
- #
- # If you want UIDL compatibility with other POP3 servers, use:
- # UW's ipop3d : %08Xv%08Xu
- # Courier : %f or %v-%u (both might be used simultaneosly)
- # Cyrus (<= 2.1.3) : %u
- # Cyrus (>= 2.1.4) : %v.%u
- # Dovecot v0.99.x : %v.%u
- # tpop3d : %Mf
- #
- # Note that Outlook 2003 seems to have problems with %v.%u format which was
- # Dovecot's default, so if you're building a new server it would be a good
- # idea to change this. %08Xu%08Xv should be pretty fail-safe.
- #
- [%- IF protocol_pop3.pop3_uidl_format.defined %]
- pop3_uidl_format = [% protocol_pop3.pop3_uidl_format %]
- [%- ELSE %]
- #pop3_uidl_format = UID%u-%v
- [%- END %]
- # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
- # won't change those UIDLs. Currently this works only with Maildir.
- #pop3_save_uidl = no
- # What to do about duplicate UIDLs if they exist?
- # allow: Show duplicates to clients.
- # rename: Append a temporary -2, -3, etc. counter after the UIDL.
- #pop3_uidl_duplicates = allow
- # This option changes POP3 behavior so that it's not possible to actually
- # delete mails via POP3, only hide them from future POP3 sessions. The mails
- # will still be counted towards user's quota until actually deleted via IMAP.
- # Use e.g. "$POP3Deleted" as the value (it will be visible as IMAP keyword).
- # Make sure you can legally archive mails before enabling this setting.
- #pop3_deleted_flag =
- # POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
- # Many POP3 servers violate this by returning the sizes with LF linefeeds,
- # because it's faster to get. When this setting is enabled, Dovecot still
- # tries to do the right thing first, but if that requires opening the
- # message, it fallbacks to the easier (but incorrect) size.
- #pop3_fast_size_lookups = no
- # POP3 logout format string:
- # %i - total number of bytes read from client
- # %o - total number of bytes sent to client
- # %t - number of TOP commands
- # %p - number of bytes sent to client as a result of TOP command
- # %r - number of RETR commands
- # %b - number of bytes sent to client as a result of RETR command
- # %d - number of deleted messages
- # %{deleted_bytes} - number of bytes in deleted messages
- # %m - number of messages (before deletion)
- # %s - mailbox size in bytes (before deletion)
- # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
- pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o
- # Maximum number of POP3 connections allowed for a user from each IP address.
- # NOTE: The username is compared case-sensitively.
- [%- IF protocol_pop3.mail_max_userip_connections.defined %]
- mail_max_userip_connections = [% protocol_pop3.mail_max_userip_connections %]
- [%- ELSE %]
- #mail_max_userip_connections = 3
- [%- END %]
- # Space separated list of plugins to load (default is global mail_plugins).
- [%- IF protocol_pop3.mail_plugins.defined %]
- mail_plugins = [% protocol_pop3.mail_plugins %]
- [%- ELSE %]
- #mail_plugins =
- [%- END %]
- [% IF expire_trash %]
- mail_plugins = $mail_plugins expire
- [% END %]
- mail_plugins = $mail_plugins quota quota_clone virtual zlib
- #mail_plugin_dir = /usr/lib/dovecot/pop3
- # Workarounds for various client bugs:
- # outlook-no-nuls:
- # Outlook and Outlook Express hang if mails contain NUL characters.
- # This setting replaces them with 0x80 character.
- # oe-ns-eoh:
- # Outlook Express and Netscape Mail breaks if end of headers-line is
- # missing. This option simply sends it if it's missing.
- # The list is space-separated.
- [%- IF protocol_pop3.pop3_client_workarounds.defined %]
- pop3_client_workarounds = [% protocol_pop3.pop3_client_workarounds %]
- [%- ELSE %]
- #pop3_client_workarounds =
- [%- END %]
- namespace spam {
- prefix = spam
- [%- IF namespace_private.separator.defined %]
- separator = [% namespace_private.separator %]
- [%- ELSE %]
- #separator =
- [%- END %]
- location = virtual:/usr/local/cpanel/etc/dovecot/virtual/spam:INDEX=~/mail/virtual/%u/spam
- list = no
- hidden = yes
- }
- namespace sent {
- prefix = sent
- [%- IF namespace_private.separator.defined %]
- separator = [% namespace_private.separator %]
- [%- ELSE %]
- #separator =
- [%- END %]
- location = virtual:/usr/local/cpanel/etc/dovecot/virtual/sent:INDEX=~/mail/virtual/%u/sent
- list = no
- hidden = yes
- }
- }
- ##
- ## LMTP specific settings
- ##
- protocol lmtp {
- quota_full_tempfail = [% incoming_reached_quota == 'defer' ? 'yes' : 'no' -%]
- # Address to use when sending rejection mails.
- # Default is postmaster@%d. %d expands to recipient domain.
- postmaster_address = root
- mail_plugins = quota quota_clone zlib [% IF xaps_topic %]xaps[% END %]
- }
- lmtp_save_to_detail_mailbox = yes
- lmtp_user_concurrency_limit = [% lmtp_user_concurrency_limit %]
- recipient_delimiter = +
- # Support proxying to other LMTP/SMTP servers by performing passdb lookups.
- #lmtp_proxy = no
- # When recipient address includes the detail (e.g. user+detail), try to save
- # the mail to the detail mailbox. See also recipient_delimiter and
- # lda_mailbox_autocreate settings.
- #lmtp_save_to_detail_mailbox = no
- # Verify quota before replying to RCPT TO. This adds a small overhead.
- [%- IF lmtp_rcpt_check_quota.defined %]
- lmtp_rcpt_check_quota = [% lmtp_rcpt_check_quota %]
- [%- ELSE %]
- lmtp_rcpt_check_quota = yes
- [%- END %]
- # Which recipient address to use for Delivered-To: header and Received:
- # header. The default is "final", which is the same as the one given to
- # RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
- # parameter, "none" uses nothing. Note that "none" is currently always used
- # when a mail has multiple recipients.
- #lmtp_hdr_delivery_address = final
- ##
- ## LDA specific settings
- ##
- protocol lda {
- quota_full_tempfail = [% incoming_reached_quota == 'defer' ? 'yes' : 'no' -%]
- # Address to use when sending rejection mails.
- # Default is postmaster@%d. %d expands to recipient domain.
- postmaster_address = root
- # Hostname to use in various parts of sent mails (e.g. in Message-Id) and
- # in LMTP replies. Default is the system's real hostname@domain.
- #hostname =
- # Support for dynamically loadable plugins. mail_plugins is a space separated
- # list of plugins to load.
- mail_plugins = quota quota_clone zlib [% IF xaps_topic %]xaps[% END %]
- #mail_plugin_dir = /usr/lib/dovecot/lda
- # Binary to use for sending mails.
- #sendmail_path = /usr/lib/sendmail
- # If non-empty, send mails via this SMTP host[:port] instead of sendmail.
- #submission_host =
- # Subject: header to use for rejection mails. You can use the same variables
- # as for rejection_reason below.
- #rejection_subject = Rejected: %s
- # UNIX socket path to master authentication server to find users.
- #auth_socket_path = /var/run/dovecot/auth-master
- }
- # Should saving a mail to a nonexistent mailbox automatically create it?
- lda_mailbox_autocreate = yes
- # Should automatically created mailboxes be also automatically subscribed?
- #lda_mailbox_autosubscribe = no
- ##
- ## Authentication processes
- ##
- # Disable LOGIN command and all other plaintext authentications unless
- # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
- # matches the local IP (ie. you're connecting from the same computer), the
- # connection is considered secure and plaintext authentication is allowed.
- # See also ssl=required setting.
- [%- IF disable_plaintext_auth.defined %]
- disable_plaintext_auth = [% disable_plaintext_auth %]
- [%- ELSE %]
- #disable_plaintext_auth = yes
- [%- END %]
- # Auth cache settings
- # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
- # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
- [%- IF auth_cache_size.defined %]
- auth_cache_size = [% auth_cache_size %]
- [%- ELSE %]
- #auth_cache_size = 0
- [%- END %]
- # Time to live for cached data. After TTL expires the cached record is no
- # longer used, *except* if the main database lookup returns internal failure.
- # We also try to handle password changes automatically: If user's previous
- # authentication was successful, but this one wasn't, the cache isn't used.
- # For now this works only with plaintext authentication.
- [%- IF auth_cache_ttl.defined %]
- auth_cache_ttl = [% auth_cache_ttl %] sec
- [%- ELSE %]
- #auth_cache_ttl = 3600 sec
- [%- END %]
- # TTL for negative hits (user not found, password mismatch).
- # 0 disables caching them completely.
- [%- IF auth_cache_negative_ttl.defined %]
- auth_cache_negative_ttl = [% auth_cache_negative_ttl %] sec
- [%- ELSE %]
- #auth_cache_negative_ttl = 3600 sec
- [%- END %]
- # Space separated list of realms for SASL authentication mechanisms that need
- # them. You can leave it empty if you don't want to support multiple realms.
- # Many clients simply use the first one listed here, so keep the default realm
- # first.
- #auth_realms =
- # Default realm/domain to use if none was specified. This is used for both
- # SASL realms and appending @domain to username in plaintext logins.
- #auth_default_realm =
- # List of allowed characters in username. If the user-given username contains
- # a character not listed in here, the login automatically fails. This is just
- # an extra check to make sure user can't exploit any potential quote escaping
- # vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
- # set this value to empty.
- #Allow + in usernames
- auth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$-=?^_{}~./@+%"
- # Maximum number of dovecot-auth worker processes. They're used to execute
- # blocking passdb and userdb queries (eg. MySQL and PAM). They're
- # automatically created and destroyed as needed.
- #auth_worker_max_count = 30
- # Time to delay before replying to failed authentications.
- #auth_failure_delay = 2 secs
- # Space separated list of wanted authentication mechanisms:
- # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
- # gss-spnego
- # NOTE: See also disable_plaintext_auth setting.
- auth_mechanisms = plain login
- [% IF hulk_enabled %]
- auth_policy_server_url = http://127.0.0.1:579/dovecot-auth-policy
- auth_policy_server_timeout_msecs = 3000
- auth_policy_hash_mech = sha512
- auth_policy_request_attributes = auth_database=mail database=mail service=dovecot username=%{orig_user} authtoken_hash=$0$0$%{hashed_password} local_host=%{real_lip} local_port=%{real_lport} remote_host=%{real_rip} remote_port=%{real_rport}
- auth_policy_reject_on_fail = no
- auth_policy_hash_truncate = 64
- auth_policy_hash_nonce = "dummmy"
- # auth_policy_hash_nonce and auth_policy_server_api_header
- !include_try /etc/dovecot/auth_policy.conf
- [% END %]
- ##
- ## Password and user databases
- ##
- passdb {
- driver = dict
- args = /usr/local/cpanel/etc/dovecot/cpauthd-dict.conf
- result_internalfail = continue
- result_failure = [% IF allow_domainowner_mail_pass %]continue[% ELSE %]return-fail[% END %]
- }
- [% IF allow_domainowner_mail_pass %]
- passdb {
- driver = dict
- skip = authenticated
- args = /usr/local/cpanel/etc/dovecot/cpauthd-dict-domain_owner_mail_pass.conf
- result_internalfail = continue
- result_failure = return-fail
- }
- [% END %]
- userdb {
- driver = prefetch
- }
- userdb {
- driver = dict
- args = /usr/local/cpanel/etc/dovecot/cpauthd-dict.conf
- }
- ##
- ## Log destination.
- ##
- # Log file to use for error messages. "syslog" logs to syslog,
- # /dev/stderr logs to stderr.
- #log_path = syslog
- # Log file to use for informational messages. Defaults to log_path.
- #info_log_path =
- # Log file to use for debug messages. Defaults to info_log_path.
- #debug_log_path =
- # Syslog facility to use if you're logging to syslog. Usually if you don't
- # want to use "mail", you'll use local0..local7. Also other standard
- # facilities are supported.
- #syslog_facility = mail
- ##
- ## Logging verbosity and debugging.
- ##
- # Log unsuccessful authentication attempts and the reasons why they failed.
- [%- IF auth_verbose.defined %]
- auth_verbose = [% auth_verbose %]
- [%- ELSE %]
- #auth_verbose = no
- [%- END %]
- # In case of password mismatches, log the attempted password. Valid values are
- # no, plain and sha1. sha1 can be useful for detecting brute force password
- # attempts vs. user simply trying the same password over and over again.
- # You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
- #auth_verbose_passwords = no
- # Even more verbose logging for debugging purposes. Shows for example SQL
- # queries.
- [%- IF auth_debug.defined %]
- auth_debug = [% auth_debug %]
- [%- ELSE %]
- #auth_debug = no
- [%- END %]
- # In case of password mismatches, log the passwords and used scheme so the
- # problem can be debugged. Enabling this also enables auth_debug.
- [%- IF auth_debug_passwords.defined %]
- auth_debug_passwords = [% auth_debug_passwords %]
- [%- ELSE %]
- #auth_debug_passwords = no
- [%- END %]
- # Enable mail process debugging. This can help you figure out why Dovecot
- # isn't finding your mails.
- [%- IF mail_debug.defined %]
- mail_debug = [% mail_debug %]
- [%- ELSE %]
- #mail_debug = no
- [%- END %]
- # Show protocol level SSL errors.
- #verbose_ssl = no
- # mail_log plugin provides more event logging for mail processes.
- plugin {
- # Events to log. Also available: flag_change append
- #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
- # Available fields: uid, box, msgid, from, subject, size, vsize, flags
- # size and vsize are available only for expunge and copy events.
- #mail_log_fields = uid box msgid size
- }
- ##
- ## Log formatting.
- ##
- # Prefix for each line written to log file. % codes are in strftime(3)
- # format.
- #log_timestamp = "%b %d %H:%M:%S "
- # Space-separated list of elements we want to log. The elements which have
- # a non-empty variable value are joined together to form a comma-separated
- # string.
- [%- IF login_log_format_elements.defined %]
- login_log_format_elements = [% login_log_format_elements %]
- [%- ELSE %]
- #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
- [%- END %]
- # Login log format. %$ contains login_log_format_elements string, %s contains
- # the data we want to log.
- [%- IF login_log_format.defined %]
- login_log_format = [% login_log_format %]
- [%- ELSE %]
- #login_log_format = %$: %s
- [%- END %]
- # Log prefix for mail processes. See doc/wiki/Variables.txt for list of
- # possible variables you can use.
- [%- IF mail_log_prefix.defined %]
- mail_log_prefix = [% mail_log_prefix %]
- [%- ELSE %]
- #mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
- [%- END %]
- # Format to use for logging mail deliveries:
- # %$ - Delivery status message (e.g. "saved to INBOX")
- # %m / %{msgid} - Message-ID
- # %s / %{subject} - Subject
- # %f / %{from} - From address
- # %p / %{size} - Physical size
- # %w / %{vsize} - Virtual size
- # %e / %{from_envelope} - MAIL FROM envelope
- # %{to_envelope} - RCPT TO envelope
- # %{delivery_time} - How many milliseconds it took to deliver the mail
- # %{session_time} - How long LMTP session took, not including delivery_time
- # %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
- #deliver_log_format = msgid=%m: %$
- ##
- ## Services
- ##
- service config {
- vsz_limit = [% config_vsz_limit || 512 %] M
- }
- service quota-status {
- executable = quota-status -p postfix
- unix_listener {
- path = quota-status
- mode = 0666
- }
- }
- service auth {
- unix_listener auth-client {
- path = auth-client
- mode = 0666
- }
- [%- IF auth_required_client_limit.defined %]
- client_limit = [% auth_required_client_limit %]
- [%- END %]
- }
- [%- IF anvil_required_client_limit.defined %]
- service anvil {
- client_limit = [% anvil_required_client_limit %]
- }
- [%- END %]
- service stats {
- client_limit = [% stats_required_client_limit || 2000 %]
- unix_listener stats-writer {
- mode = 0666
- }
- }
- plugin {
- [% IF compress_messages %]
- zlib_save = gz
- [%- IF compress_messages_level.defined %]
- zlib_save_level = [% compress_messages_level %]
- [% END %]
- [% END %]
- [% IF xaps_topic %]xaps_topic = [% xaps_topic %][% END %]
- }
- mail_access_groups = dovecot
- service dict {
- unix_listener dict {
- mode = 0660
- group = dovecot
- }
- }
- # Disabled until we offically support Pigeonhole
- #managesieve_notify_capability = mailto
- #managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
- service lmtp {
- # Set max. process size in megabytes. Most of the memory goes to mmap()ing
- # files, so it shouldn't harm much even if this limit is set pretty high.
- [%- IF mail_process_size.defined %]
- vsz_limit = [% mail_process_size %] M
- [%- ELSE %]
- #vsz_limit = 512 M
- [%- END %]
- [%- IF lmtp_process_min_avail %]
- process_min_avail = [% lmtp_process_min_avail %]
- [%- ELSE %]
- #process_min_avail =
- [%- END %]
- #We always want this. Otherwise one connection could block another
- #connection that shares the same process.
- client_limit = 1
- process_limit = [% lmtp_process_limit || 500 %]
- unix_listener lmtp {
- user = mailnull
- group = mail
- mode = 0660
- }
- }
- service imap-login {
- # Maximum number of connections allowed per each login process. This setting
- # is used only if login_process_per_connection=no. Once the limit is reached,
- # the process notifies master so that it can create a new login process.
- [%- IF login_max_connections.defined %]
- client_limit = [% login_max_connections %]
- [%- ELSE %]
- #client_limit = 256
- [%- END %]
- # Maximum number of login processes to create. The listening process count
- # usually stays at login_processes_count, but when multiple users start logging
- # in at the same time more extra processes are created. To prevent fork-bombing
- # we check only once in a second if new processes should be created - if all
- # of them are used at the time, we double their amount until the limit set by
- # this setting is reached.
- [%- IF login_max_processes_count.defined %]
- process_limit = [% login_max_processes_count %]
- [%- ELSE %]
- process_limit = 128
- [%- END %]
- # Number of login processes to keep for listening new connections.
- [%- IF login_processes_count.defined %]
- process_min_avail = [% login_processes_count %]
- [%- ELSE %]
- #process_min_avail = 2
- [%- END %]
- # Should each login be processed in its own process (yes), or should one
- # login process be allowed to process multiple connections (no)? Yes is more
- # secure, espcially with SSL/TLS enabled. No is faster since there's no need
- # to create processes all the time.
- [%- IF login_process_per_connection.defined %]
- service_count = [% login_process_per_connection == "no" ? 0 : 1 %]
- [%- ELSE %]
- #service_count = 0
- [%- END %]
- # Set max. process size in megabytes. If you don't use
- # login_process_per_connection you might need to grow this.
- [%- IF login_process_size.defined %]
- vsz_limit = [% login_process_size %] M
- [%- ELSE %]
- #vsz_limit = 128 M
- [%- END %]
- # Drop all privileges before exec()ing the mail process. This is mostly
- # meant for debugging, otherwise you don't get core dumps. It could be a small
- # security risk if you use single UID for multiple users, as the users could
- # ptrace() each others processes then.
- [%- IF mail_drop_priv_before_exec.defined %]
- drop_priv_before_exec = [% mail_drop_priv_before_exec %]
- [%- ELSE %]
- #drop_priv_before_exec =
- [%- END %]
- # chroot login process to the login_dir. Only reason not to do this is if you
- # wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
- [%- IF login_chroot.defined %]
- chroot = [% login_chroot %]
- [%- ELSE %]
- #chroot = yes
- [%- END %]
- # User to use for the login process. Create a completely new user for this,
- # and don't use it anywhere else. The user must also belong to a group where
- # only it has access, it's used to control access for authentication process.
- # Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
- [%- IF login_user.defined %]
- user = [% login_user %]
- [%- ELSE %]
- #user = dovecot
- [%- END %]
- # IP or host address where to listen in for non-SSL connections. Defaults
- # to above if not specified.
- [%- IF listen.defined %]
- inet_listener imap {
- address = [% listen %]
- }
- [%- ELSE %]
- # inet_listener imap {
- # address =
- # }
- [%- END %]
- # IP or host address where to listen in for SSL connections. Defaults
- # to above if not specified.
- [%- IF ssl_listen.defined %]
- inet_listener imaps {
- address = [% ssl_listen %]
- }
- [%- ELSE %]
- # inet_listener imaps {
- # address =
- # }
- [%- END %]
- }
- service imap {
- # Maximum number of running mail processes. When this limit is reached,
- # new users aren't allowed to log in.
- [%- IF max_mail_processes.defined %]
- process_limit = [% max_mail_processes %]
- [%- ELSE %]
- #process_limit = 512
- [%- END %]
- # Set max. process size in megabytes. Most of the memory goes to mmap()ing
- # files, so it shouldn't harm much even if this limit is set pretty high.
- [%- IF mail_process_size.defined %]
- vsz_limit = [% mail_process_size %] M
- [%- ELSE %]
- #vsz_limit = 512 M
- [%- END %]
- # Drop all privileges before exec()ing the mail process. This is mostly
- # meant for debugging, otherwise you don't get core dumps. It could be a small
- # security risk if you use single UID for multiple users, as the users could
- # ptrace() each others processes then.
- [%- IF mail_drop_priv_before_exec.defined %]
- drop_priv_before_exec = [% mail_drop_priv_before_exec %]
- [%- ELSE %]
- #drop_priv_before_exec =
- [%- END %]
- }
- service managesieve-login {
- # Maximum number of connections allowed per each login process. This setting
- # is used only if login_process_per_connection=no. Once the limit is reached,
- # the process notifies master so that it can create a new login process.
- [%- IF login_max_connections.defined %]
- client_limit = [% login_max_connections %]
- [%- ELSE %]
- #client_limit = 256
- [%- END %]
- # Maximum number of login processes to create. The listening process count
- # usually stays at login_processes_count, but when multiple users start logging
- # in at the same time more extra processes are created. To prevent fork-bombing
- # we check only once in a second if new processes should be created - if all
- # of them are used at the time, we double their amount until the limit set by
- # this setting is reached.
- [%- IF login_max_processes_count.defined %]
- process_limit = [% login_max_processes_count %]
- [%- ELSE %]
- process_limit = 128
- [%- END %]
- # Number of login processes to keep for listening new connections.
- [%- IF login_processes_count.defined %]
- process_min_avail = [% login_processes_count %]
- [%- ELSE %]
- #process_min_avail = 2
- [%- END %]
- # Should each login be processed in its own process (yes), or should one
- # login process be allowed to process multiple connections (no)? Yes is more
- # secure, espcially with SSL/TLS enabled. No is faster since there's no need
- # to create processes all the time.
- [%- IF login_process_per_connection.defined %]
- service_count = [% login_process_per_connection == "no" ? 0 : 1 %]
- [%- ELSE %]
- #service_count = 0
- [%- END %]
- # Set max. process size in megabytes. If you don't use
- # login_process_per_connection you might need to grow this.
- [%- IF login_process_size.defined %]
- vsz_limit = [% login_process_size %] M
- [%- ELSE %]
- #vsz_limit = 128 M
- [%- END %]
- # Drop all privileges before exec()ing the mail process. This is mostly
- # meant for debugging, otherwise you don't get core dumps. It could be a small
- # security risk if you use single UID for multiple users, as the users could
- # ptrace() each others processes then.
- [%- IF mail_drop_priv_before_exec.defined %]
- drop_priv_before_exec = [% mail_drop_priv_before_exec %]
- [%- ELSE %]
- #drop_priv_before_exec =
- [%- END %]
- # chroot login process to the login_dir. Only reason not to do this is if you
- # wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
- [%- IF login_chroot.defined %]
- chroot = [% login_chroot %]
- [%- ELSE %]
- #chroot = yes
- [%- END %]
- # User to use for the login process. Create a completely new user for this,
- # and don't use it anywhere else. The user must also belong to a group where
- # only it has access, it's used to control access for authentication process.
- # Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
- [%- IF login_user.defined %]
- user = [% login_user %]
- [%- ELSE %]
- #user = dovecot
- [%- END %]
- }
- service managesieve {
- # Maximum number of running mail processes. When this limit is reached,
- # new users aren't allowed to log in.
- [%- IF max_mail_processes.defined %]
- process_limit = [% max_mail_processes %]
- [%- ELSE %]
- #process_limit = 512
- [%- END %]
- # Set max. process size in megabytes. Most of the memory goes to mmap()ing
- # files, so it shouldn't harm much even if this limit is set pretty high.
- [%- IF mail_process_size.defined %]
- vsz_limit = [% mail_process_size %] M
- [%- ELSE %]
- #vsz_limit = 512 M
- [%- END %]
- # Drop all privileges before exec()ing the mail process. This is mostly
- # meant for debugging, otherwise you don't get core dumps. It could be a small
- # security risk if you use single UID for multiple users, as the users could
- # ptrace() each others processes then.
- [%- IF mail_drop_priv_before_exec.defined %]
- drop_priv_before_exec = [% mail_drop_priv_before_exec %]
- [%- ELSE %]
- #drop_priv_before_exec =
- [%- END %]
- }
- service pop3-login {
- # Maximum number of connections allowed per each login process. This setting
- # is used only if login_process_per_connection=no. Once the limit is reached,
- # the process notifies master so that it can create a new login process.
- [%- IF login_max_connections.defined %]
- client_limit = [% login_max_connections %]
- [%- ELSE %]
- #client_limit = 256
- [%- END %]
- # Maximum number of login processes to create. The listening process count
- # usually stays at login_processes_count, but when multiple users start logging
- # in at the same time more extra processes are created. To prevent fork-bombing
- # we check only once in a second if new processes should be created - if all
- # of them are used at the time, we double their amount until the limit set by
- # this setting is reached.
- [%- IF login_max_processes_count.defined %]
- process_limit = [% login_max_processes_count %]
- [%- ELSE %]
- process_limit = 128
- [%- END %]
- # Number of login processes to keep for listening new connections.
- [%- IF login_processes_count.defined %]
- process_min_avail = [% login_processes_count %]
- [%- ELSE %]
- #process_min_avail = 2
- [%- END %]
- # Should each login be processed in its own process (yes), or should one
- # login process be allowed to process multiple connections (no)? Yes is more
- # secure, espcially with SSL/TLS enabled. No is faster since there's no need
- # to create processes all the time.
- [%- IF login_process_per_connection.defined %]
- service_count = [% login_process_per_connection == "no" ? 0 : 1 %]
- [%- ELSE %]
- #service_count = 0
- [%- END %]
- # Set max. process size in megabytes. If you don't use
- # login_process_per_connection you might need to grow this.
- [%- IF login_process_size.defined %]
- vsz_limit = [% login_process_size %] M
- [%- ELSE %]
- #vsz_limit = 128 M
- [%- END %]
- # Drop all privileges before exec()ing the mail process. This is mostly
- # meant for debugging, otherwise you don't get core dumps. It could be a small
- # security risk if you use single UID for multiple users, as the users could
- # ptrace() each others processes then.
- [%- IF mail_drop_priv_before_exec.defined %]
- drop_priv_before_exec = [% mail_drop_priv_before_exec %]
- [%- ELSE %]
- #drop_priv_before_exec =
- [%- END %]
- # chroot login process to the login_dir. Only reason not to do this is if you
- # wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
- [%- IF login_chroot.defined %]
- chroot = [% login_chroot %]
- [%- ELSE %]
- #chroot = yes
- [%- END %]
- # User to use for the login process. Create a completely new user for this,
- # and don't use it anywhere else. The user must also belong to a group where
- # only it has access, it's used to control access for authentication process.
- # Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
- [%- IF login_user.defined %]
- user = [% login_user %]
- [%- ELSE %]
- #user = dovecot
- [%- END %]
- # IP or host address where to listen in for non-SSL connections. Defaults
- # to above if not specified.
- [%- IF listen.defined %]
- inet_listener pop3 {
- address = [% listen %]
- }
- [%- ELSE %]
- # inet_listener pop3 {
- # address =
- # }
- [%- END %]
- # IP or host address where to listen in for SSL connections. Defaults
- # to above if not specified.
- [%- IF ssl_listen.defined %]
- inet_listener pop3s {
- address = [% ssl_listen %]
- }
- [%- ELSE %]
- # inet_listener pop3s {
- # address =
- # }
- [%- END %]
- }
- service pop3 {
- # Maximum number of running mail processes. When this limit is reached,
- # new users aren't allowed to log in.
- [%- IF max_mail_processes.defined %]
- process_limit = [% max_mail_processes %]
- [%- ELSE %]
- #process_limit = 512
- [%- END %]
- # Set max. process size in megabytes. Most of the memory goes to mmap()ing
- # files, so it shouldn't harm much even if this limit is set pretty high.
- [%- IF mail_process_size.defined %]
- vsz_limit = [% mail_process_size %] M
- [%- ELSE %]
- #vsz_limit = 512 M
- [%- END %]
- # Drop all privileges before exec()ing the mail process. This is mostly
- # meant for debugging, otherwise you don't get core dumps. It could be a small
- # security risk if you use single UID for multiple users, as the users could
- # ptrace() each others processes then.
- [%- IF mail_drop_priv_before_exec.defined %]
- drop_priv_before_exec = [% mail_drop_priv_before_exec %]
- [%- ELSE %]
- #drop_priv_before_exec =
- [%- END %]
- }
- # Should all processes be killed when Dovecot master process shuts down.
- # Setting this to "no" means that Dovecot can be upgraded without
- # forcing existing client connections to close (although that could also be
- # a problem if the upgrade is e.g. because of a security fix).
- [%- IF shutdown_clients.defined %]
- shutdown_clients = [% shutdown_clients %]
- [%- ELSE %]
- #shutdown_clients = yes
- [%- END %]
- # If non-zero, run mail commands via this many connections to doveadm server,
- # instead of running them directly in the same process.
- #doveadm_worker_count = 0
- # UNIX socket or host:port used for connecting to doveadm server
- #doveadm_socket_path = doveadm-server
- # Space separated list of environment variables that are preserved on Dovecot
- # startup and passed down to all of its child processes. You can also give
- # key=value pairs to always set specific settings.
- #import_environment = TZ
- ##
- ## Dictionary server settings
- ##
- # Dictionary can be used to store key=value lists. This is used by several
- # plugins. The dictionary can be accessed either directly or though a
- # dictionary server. The following dict block maps dictionary names to URIs
- # when the server is used. These can then be referenced using URIs in format
- # "proxy::<name>".
- dict {
- [% IF expire_trash %]
- expire = sqlite:/usr/local/cpanel/etc/dovecot/dovecot-dict-expire.conf.ext
- [% END %]
- }
- plugin {
- # Here you can give some extra environment variables to mail processes.
- # This is mostly meant for passing parameters to plugins. %variable
- # expansion is done for all values.
- # Quota plugin. Multiple backends are supported:
- # dirsize: Find and sum all the files found from mail directory.
- # Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
- # dict: Keep quota stored in dictionary (eg. SQL)
- # maildir: Maildir++ quota
- # fs: Read-only support for filesystem quota
- #
- # Quota limits are set using "quota_rule" parameters, either in here or in
- # userdb. It's also possible to give mailbox-specific limits, for example:
- # quota_rule = *:storage=1048576
- # quota_rule2 = Trash:storage=102400
- # User has now 1GB quota, but when saving to Trash mailbox the user gets
- # additional 100MB.
- #
- # Multiple quota roots are also possible, for example:
- # quota = dict:user::proxy::quota
- # quota2 = dict:domain:%d:proxy::quota_domain
- # quota_rule = *:storage=102400
- # quota2_rule = *:storage=1048576
- # Gives each user their own 100MB quota and one shared 1GB quota within
- # the domain.
- #
- # You can execute a given command when user exceeds a specified quota limit.
- # Each quota root has separate limits. Only the command for the first
- # exceeded limit is excecuted, so put the highest limit first.
- # Note that % needs to be escaped as %%, otherwise "% " expands to empty.
- # quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95
- # quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80
- quota_exceeded_message = "Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
- # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from maildir
- # directory. You can also optionally give a global ACL directory path where
- # ACLs are applied to all users' mailboxes. The global ACL directory contains
- # one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
- # specifies how many seconds to wait between stat()ing dovecot-acl file
- # to see if it changed.
- [%- IF plugin.acl.defined %]
- acl = [% plugin.acl %]
- [%- ELSE %]
- #acl = vfile:/etc/dovecot-acls:cache_secs=300
- [%- END %]
- # To let users LIST mailboxes shared by other users, Dovecot needs a
- # shared mailbox dictionary. For example:
- #acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
- # Convert plugin. If set, specifies the source storage path which is
- # converted to destination storage (mail_location) when the user logs in.
- # The existing mail directory is renamed to <dir>-converted.
- #convert_mail = mbox:%h/mail
- # Skip mailboxes which we can't open successfully instead of aborting.
- #convert_skip_broken_mailboxes = no
- # Skip directories beginning with '.'
- #convert_skip_dotdirs = no
- # If source storage has mailbox names with destination storage's hierarchy
- # separators, replace them with this character.
- #convert_alt_hierarchy_char = _
- # Trash plugin. When saving a message would make user go over quota, this
- # plugin automatically deletes the oldest mails from configured mailboxes
- # until the message can be saved within quota limits. The configuration file
- # is a text file where each line is in format: <priority> <mailbox name>
- # Mails are first deleted in lowest -> highest priority number order
- #trash = /etc/dovecot-trash.conf
- # Expire plugin. Mails are expunged from mailboxes after being there the
- # configurable time. The first expiration date for each mailbox is stored in
- # a dictionary so it can be quickly determined which mailboxes contain
- # expired mails. The actual expunging is done in a nightly cronjob, which
- # you must set up:
- # dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool
- #expire = Trash 7 Spam 30
- #expire_dict = db:/var/lib/dovecot/expire.db
- [% IF expire_trash %]
- expire_dict = proxy::expire
- expire = Trash
- expire2 = "Deleted Messages"
- expire3 = "INBOX.Deleted Messages"
- expire4 = INBOX.Trash
- # Enable caching of dict value in dovecot.index file. This significantly reduces
- # the number of dict lookups. It makes initial testing more confusing though, so
- # it's better to enable it only after you've verified that the expire plugin is
- # working as wanted. (v2.2.16+)
- expire_cache = yes
- [% END %]
- # Lazy expunge plugin. Currently works only with maildirs. When a user
- # expunges mails, the mails are moved to a mailbox in another namespace
- # (1st). When a mailbox is deleted, the mailbox is moved to another namespace
- # (2nd) as well. Also if the deleted mailbox had any expunged messages,
- # they're moved to a 3rd namespace. The mails won't be counted in quota,
- # and they're not deleted automatically (use a cronjob or something).
- #lazy_expunge = .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement