Advertisement
Guest User

Untitled

a guest
Oct 13th, 2019
1,150
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 70.29 KB | None | 0 0
  1. ## Dovecot configuration file
  2.  
  3. # NOTICE FOR CPANEL SYSTEMS
  4. # On cPanel servers this file is generated by combining a
  5. # template at /var/cpanel/templates/dovecot2.3/main.default
  6. # and a datastore at /var/cpanel/conf/dovecot/main
  7. #
  8. # The template may be customized by making a copy of it at
  9. # /var/cpanel/templates/dovecot2.3/main.local
  10. # similar to the way in which httpd.conf can be customized
  11. #
  12. # Direct edits of the rendered dovecot.conf file will not
  13. # be preserved when dovecot is updated.  Use the
  14. # "Mailserver Configuration" interface in WebHostManager instead.
  15.  
  16.  
  17. # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
  18.  
  19. # "doveconf -n" command gives a clean output of the changed settings. Use it
  20. # instead of copy&pasting files when posting to the Dovecot mailing list.
  21.  
  22. # '#' character and everything after it is treated as comments. Extra spaces
  23. # and tabs are ignored. If you want to use either of these explicitly, put the
  24. # value inside quotes, eg.: key = "# char and trailing whitespace  "
  25.  
  26. # Most (but not all) settings can be overridden by different protocols and/or
  27. # source/destination IPs by placing the settings inside sections, for example:
  28. # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
  29.  
  30. # Default values are shown for each setting, it's not required to uncomment
  31. # those. These are exceptions to this though: No sections (e.g. namespace {})
  32. # or plugin settings are added by default, they're listed only as examples.
  33. # Paths are also just examples with the real defaults being based on configure
  34. # options. The paths listed here are for configure --prefix=/usr
  35. # --sysconfdir=/etc --localstatedir=/var
  36.  
  37. # Base directory where to store runtime data.
  38. [%- IF base_dir.defined %]
  39. base_dir = [% base_dir %]
  40. [%- ELSE %]
  41. #base_dir = /var/run/dovecot
  42. [%- END %]
  43.  
  44. # Protocols we want to be serving: imap pop3
  45. # If you only want to use dovecot-auth, you can set this to "none".
  46. [%- IF protocols.length %]
  47. protocols = lmtp [% protocols.split(' ').grep('^(imap|pop3)$').join(' ') %]
  48. [%- ELSE %]
  49. protocols = lmtp imap pop3
  50. [%- END %]
  51.  
  52. # A comma separated list of IPs or hosts where to listen in for connections.
  53. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
  54. # If you want to specify non-default ports or anything more complex,
  55. # edit conf.d/master.conf.
  56. #listen = *, ::
  57.  
  58. # Should all IMAP and POP3 processes be killed when Dovecot master process
  59. # shuts down. Setting this to "no" means that Dovecot can be upgraded without
  60. # forcing existing client connections to close (although that could also be
  61. # a problem if the upgrade is eg. because of a security fix). This however
  62. # means that after master process has died, the client processes can't write
  63. # to log files anymore.
  64. [%- IF shutdown_clients.defined %]
  65. shutdown_clients = [% shutdown_clients %]
  66. [%- ELSE %]
  67. #shutdown_clients = yes
  68. [%- END %]
  69.  
  70. [% IF fts_support %]
  71. # FTS support
  72. !include_try /etc/dovecot/fts.conf
  73. [% END %]
  74.  
  75. ##
  76. ## SSL settings
  77. ##
  78.  
  79. # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
  80. [%- IF ssl.defined %]
  81. ssl = [% ssl %]
  82. [%- ELSE %]
  83. #ssl = yes
  84. [%- END %]
  85.  
  86. # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
  87. # dropping root privileges, so keep the key file unreadable by anyone but
  88. # root. Included doc/mkcert.sh can be used to easily generate self-signed
  89. # certificate, just make sure to update the domains in dovecot-openssl.cnf
  90. [%- IF ssl_cert_file.defined %]
  91. ssl_cert = <[% ssl_cert_file %]
  92. [%- ELSE %]
  93. #ssl_cert = </etc/dovecot/ssl/dovecot.crt
  94. [%- END %]
  95.  
  96. [%- IF ssl_key_file.defined %]
  97. ssl_key = <[% ssl_key_file %]
  98. [%- ELSE %]
  99. #ssl_key = </etc/dovecot/ssl/dovecot.key
  100. [%- END %]
  101.  
  102. # If key file is password protected, give the password here. Alternatively
  103. # give it when starting dovecot with -p parameter.
  104. [%- IF ssl_key_password.defined %]
  105. ssl_key_password = [% ssl_key_password %]
  106. [%- ELSE %]
  107. #ssl_key_password =
  108. [%- END %]
  109.  
  110. # PEM encoded trusted certificate authority. Set this only if you intend to use
  111. # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
  112. # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
  113. [%- IF ssl_ca_file.defined %]
  114. ssl_ca = <[% ssl_ca_file %]
  115. [%- ELSE %]
  116. #ssl_ca =
  117. [%- END %]
  118.  
  119. # Request client to send a certificate. If you also want to require it, set
  120. # auth_ssl_require_client_cert=yes in auth section.
  121. [%- IF ssl_verify_client_cert.defined %]
  122. ssl_verify_client_cert = [% ssl_verify_client_cert %]
  123. [%- ELSE %]
  124. #ssl_verify_client_cert = no
  125. [%- END %]
  126.  
  127. # Which field from certificate to use for username. commonName and
  128. # x500UniqueIdentifier are the usual choices. You'll also need to set
  129. # auth_ssl_username_from_cert=yes.
  130. [%- IF ssl_cert_username_field.defined %]
  131. ssl_cert_username_field = [% ssl_cert_username_field %]
  132. [%- ELSE %]
  133. #ssl_cert_username_field = commonName
  134. [%- END %]
  135.  
  136. # SSL DH parameters
  137. # Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
  138. # Or migrate from old ssl-parameters.dat file with the command dovecot
  139. # gives on startup when ssl_dh is unset.
  140. [%- IF ssl_dh_file %]
  141. ssl_dh = <[% ssl_dh_file %]
  142. [%- END %]
  143.  
  144. # Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
  145. # TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
  146. [%- IF ssl_min_protocol.defined %]
  147. ssl_min_protocol = [% ssl_min_protocol %]
  148. [%- ELSE %]
  149. #ssl_min_protocol = TLSv1
  150. [%- END %]
  151.  
  152. # SSL ciphers to use, the default is:
  153. #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
  154. # To disable non-EC DH, use:
  155. #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
  156. [%- IF ssl_cipher_list.defined %]
  157. ssl_cipher_list = [% ssl_cipher_list %]
  158. [%- ELSE %]
  159. #ssl_cipher_list = ALL:!LOW:!SSLv2
  160. [%- END %]
  161.  
  162. # Colon separated list of elliptic curves to use. Empty value (the default)
  163. # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
  164. # example of a valid value.
  165. #ssl_curve_list =
  166.  
  167. # Prefer the server's order of ciphers over client's.
  168. #ssl_prefer_server_ciphers = no
  169.  
  170. # SSL crypto device to use, for valid values run "openssl engine"
  171. #ssl_crypto_device =
  172.  
  173. # SSL extra options. Currently supported options are:
  174. #   compression - Enable compression.
  175. #   no_ticket - Disable SSL session tickets.
  176. #ssl_options =
  177.  
  178. # Show protocol level SSL errors.
  179. [%- IF verbose_ssl.defined %]
  180. verbose_ssl = [% verbose_ssl %]
  181. [%- ELSE %]
  182. #verbose_ssl = no
  183. [%- END %]
  184.  
  185. # SNI hosts
  186. !include_try /etc/dovecot/sni.conf
  187.  
  188. ##
  189. ## Login processes
  190. ##
  191.  
  192. # Name of this instance. In multi-instance setup doveadm and other commands
  193. # can use -i <instance_name> to select which instance is used (an alternative
  194. # to -c <config_path>). The instance name is also added to Dovecot processes
  195. # in ps output.
  196. #instance_name = dovecot
  197.  
  198. # Greeting message for clients.
  199. [%- IF login_greeting.defined %]
  200. login_greeting = [% login_greeting %]
  201. [%- ELSE %]
  202. #login_greeting = Dovecot ready.
  203. [%- END %]
  204.  
  205. # Space separated list of trusted network ranges. Connections from these
  206. # IPs are allowed to override their IP addresses and ports (for logging and
  207. # for authentication checks). disable_plaintext_auth is also ignored for
  208. # these networks. Typically you'd specify your IMAP proxy servers here.
  209. [%- IF login_trusted_networks.defined %]
  210. login_trusted_networks = [% login_trusted_networks %]
  211. [%- ELSE %]
  212. #login_trusted_networks =
  213. [%- END %]
  214.  
  215. # Space separated list of login access check sockets (e.g. tcpwrap)
  216. #login_access_sockets =
  217.  
  218. # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
  219. # proxying. This isn't necessary normally, but may be useful if the destination
  220. # IP is e.g. a load balancer's IP.
  221. #auth_proxy_self =
  222.  
  223. ##
  224. ## Mailbox locations and namespaces
  225. ##
  226.  
  227. # Location for users' mailboxes. The default is empty, which means that Dovecot
  228. # tries to find the mailboxes automatically. This won't work if the user
  229. # doesn't yet have any mail, so you should explicitly tell Dovecot the full
  230. # location.
  231. #
  232. # If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
  233. # isn't enough. You'll also need to tell Dovecot where the other mailboxes are
  234. # kept. This is called the "root mail directory", and it must be the first
  235. # path given in the mail_location setting.
  236. #
  237. # There are a few special variables you can use, eg.:
  238. #
  239. #   %u - username
  240. #   %n - user part in user@domain, same as %u if there's no domain
  241. #   %d - domain part in user@domain, empty if there's no domain
  242. #   %h - home directory
  243. #
  244. # See doc/wiki/Variables.txt for full list. Some examples:
  245. #
  246. #   mail_location = maildir:~/Maildir
  247. #   mail_location = mbox:~/mail:INBOX=/var/mail/%u
  248. #   mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
  249. #
  250. # <doc/wiki/MailLocation.txt>
  251. #
  252.  
  253. [%- IF mail_location.defined %]
  254. mail_location = [% mail_location %]
  255. [%- ELSE %]
  256. #mail_location =
  257. [%- END %]
  258.  
  259. namespace inbox {
  260.    type = private
  261.  
  262.    # Hierarchy separator to use. You should use the same separator for all
  263.    # namespaces or some clients get confused. '/' is usually a good one.
  264.    # The default however depends on the underlying mail storage format.
  265. [%- IF namespace_private.separator.defined %]
  266.    separator = [% namespace_private.separator %]
  267. [%- ELSE %]
  268.    #separator =
  269. [%- END %]
  270.  
  271.    # Prefix required to access this namespace. This needs to be different for
  272.    # all namespaces. For example "Public/".
  273. [%- IF namespace_private.prefix.defined %]
  274.    prefix = [% namespace_private.prefix %]
  275. [%- ELSE %]
  276.    #prefix = INBOX.
  277. [%- END %]
  278.  
  279.    # Physical location of the mailbox. This is in same format as
  280.    # mail_location, which is also the default for it.
  281. [%- IF namespace_private.location.defined %]
  282.    location = [% namespace_private.location %]
  283. [%- ELSE %]
  284.    #location =
  285. [%- END %]
  286.  
  287.    # There can be only one INBOX, and this setting defines which namespace
  288.    # has it.
  289. [%- IF namespace_private.inbox.defined %]
  290.    inbox = [% namespace_private.inbox %]
  291. [%- ELSE %]
  292.    #inbox = yes
  293. [%- END %]
  294.  
  295.    # If namespace is hidden, it's not advertised to clients via NAMESPACE
  296.    # extension. You'll most likely also want to set list=no. This is mostly
  297.    # useful when converting from another server with different namespaces which
  298.    # you want to deprecate but still keep working. For example you can create
  299.    # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
  300. [%- IF namespace_private.hidden.defined %]
  301.    hidden = [% namespace_private.hidden %]
  302. [%- ELSE %]
  303.    #hidden = yes
  304. [%- END %]
  305.  
  306.    # Show the mailboxes under this namespace with LIST command. This makes the
  307.    # namespace visible for clients that don't support NAMESPACE extension.
  308.    # "children" value lists child mailboxes, but hides the namespace prefix.
  309. [%- IF namespace_private.defined('list') %]
  310.    list = [% namespace_private.item('list') %]
  311. [%- ELSE %]
  312.    #list = yes
  313. [%- END %]
  314.  
  315.    # Namespace handles its own subscriptions. If set to "no", the parent
  316.    # namespace handles them (empty prefix should always have this as "yes")
  317.    #subscriptions = yes
  318. [%- IF namespace_private.subscriptions.defined %]
  319.    subscriptions = [% namespace_private.subscriptions %]
  320. [%- ELSE %]
  321.    #subscriptions = yes
  322. [%- END %]
  323.  
  324.   mailbox Drafts {
  325.     special_use = \Drafts
  326.     auto = subscribe
  327.   }
  328.  
  329.   mailbox spam {
  330.     special_use = \Junk
  331.     auto = subscribe
  332.   }
  333.  
  334.   mailbox Trash {
  335.     special_use = \Trash
  336.     auto = subscribe
  337.   }
  338.  
  339.   mailbox Sent {
  340.     special_use = \Sent
  341.     auto = subscribe
  342.   }
  343.  
  344.   mailbox "Sent Messages" {
  345.     special_use = \Sent
  346.     auto = no
  347.   }
  348.  
  349.   mailbox Archive {
  350.     special_use = \Archive
  351.     auto = create
  352.   }
  353.  
  354.   mailbox "Archives" {
  355.     special_use = \Archive
  356.     auto = no
  357.   }
  358. }
  359.  
  360. # Example shared namespace configuration
  361. #namespace {
  362.   #type = shared
  363.   #separator = /
  364.  
  365.   # Mailboxes are visible under "shared/user@domain/"
  366.   # %%n, %%d and %%u are expanded to the destination user.
  367.   #prefix = shared/%%u/
  368.  
  369.   # Mail location for other users' mailboxes. Note that %variables and ~/
  370.   # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
  371.   # destination user's data.
  372.   #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  373.  
  374.   # Use the default namespace for saving subscriptions.
  375.   #subscriptions = no
  376.  
  377.   # List the shared/ namespace only if there are visible shared mailboxes.
  378.   #list = children
  379. #}
  380. # Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
  381. #mail_shared_explicit_inbox = no
  382.  
  383. # System user and group used to access mails. If you use multiple, userdb
  384. # can override these by returning uid or gid fields. You can use either numbers
  385. # or names. <doc/wiki/UserIds.txt>
  386. [%- IF mail_uid.defined %]
  387. mail_uid = [% mail_uid %]
  388. [%- ELSE %]
  389. #mail_uid =
  390. [%- END %]
  391. [%- IF mail_gid.defined %]
  392. mail_gid = [% mail_gid %]
  393. [%- ELSE %]
  394. #mail_gid =
  395. [%- END %]
  396.  
  397. # Group to enable temporarily for privileged operations. Currently this is
  398. # used only with INBOX when either its initial creation or dotlocking fails.
  399. # Typically this is set to "mail" to give access to /var/mail.
  400. [%- IF mail_privileged_group.defined %]
  401. mail_privileged_group = [% mail_privileged_group %]
  402. [%- ELSE %]
  403. #mail_privileged_group =
  404. [%- END %]
  405.  
  406. # Grant access to these supplementary groups for mail processes. Typically
  407. # these are used to set up access to shared mailboxes. Note that it may be
  408. # dangerous to set these if users can create symlinks (e.g. if "mail" group is
  409. # set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
  410. # mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
  411. [%- IF mail_access_groups.defined %]
  412. mail_access_groups = [% mail_access_groups %]
  413. [%- ELSE %]
  414. #mail_access_groups =
  415. [%- END %]
  416.  
  417. # Allow full filesystem access to clients. There's no access checks other than
  418. # what the operating system does for the active UID/GID. It works with both
  419. # maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
  420. # or ~user/.
  421. [%- IF mail_full_filesystem_access.defined %]
  422. mail_full_filesystem_access = [% mail_full_filesystem_access %]
  423. [%- ELSE %]
  424. #mail_full_filesystem_access = no
  425. [%- END %]
  426.  
  427. # Dictionary for key=value mailbox attributes. This is used for example by
  428. # URLAUTH and METADATA extensions.
  429. #mail_attribute_dict =
  430.  
  431. # A comment or note that is associated with the server. This value is
  432. # accessible for authenticated users through the IMAP METADATA server
  433. # entry "/shared/comment".
  434. #mail_server_comment = ""
  435.  
  436. # Indicates a method for contacting the server administrator. According to
  437. # RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
  438. # is currently not enforced. Use for example mailto:admin@example.com. This
  439. # value is accessible for authenticated users through the IMAP METADATA server
  440. # entry "/shared/admin".
  441. #mail_server_admin =
  442.  
  443. ##
  444. ## Mail processes
  445. ##
  446.  
  447. # Don't use mmap() at all. This is required if you store indexes to shared
  448. # filesystems (NFS or clustered filesystem).
  449. [%- IF mmap_disable.defined %]
  450. mmap_disable = [% mmap_disable %]
  451. [%- ELSE %]
  452. #mmap_disable = no
  453. [%- END %]
  454.  
  455. # Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
  456. # since version 3, so this should be safe to use nowadays by default.
  457. [%- IF dotlock_use_excl.defined %]
  458. dotlock_use_excl = [% dotlock_use_excl %]
  459. [%- ELSE %]
  460. #dotlock_use_excl = yes
  461. [%- END %]
  462.  
  463. # When to use fsync() or fdatasync() calls:
  464. #   optimized (default): Whenever necessary to avoid losing important data
  465. #   always: Useful with e.g. NFS when write()s are delayed
  466. #   never: Never use it (best performance, but crashes can lose data)
  467. [%- IF fsync_disable.defined %]
  468. mail_fsync = [% fsync_disable == "yes" ? 'never' : 'optimized' %]
  469. [%- ELSE %]
  470. #mail_fsync = optimized
  471. [%- END %]
  472.  
  473. # Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches
  474. # whenever needed. If you're using only a single mail server this isn't needed.
  475. [%- IF mail_nfs_storage.defined %]
  476. mail_nfs_storage = [% mail_nfs_storage %]
  477. [%- ELSE %]
  478. #mail_nfs_storage = no
  479. [%- END %]
  480.  
  481. # Mail index files also exist in NFS. Setting this to yes requires
  482. # mmap_disable=yes and fsync_disable=no.
  483. [%- IF mail_nfs_index.defined %]
  484. mail_nfs_index = [% mail_nfs_index %]
  485. [%- ELSE %]
  486. #mail_nfs_index = no
  487. [%- END %]
  488.  
  489. # Locking method for index files. Alternatives are fcntl, flock and dotlock.
  490. # Dotlocking uses some tricks which may create more disk I/O than other locking
  491. # methods. NFS users: flock doesn't work, remember to change mmap_disable.
  492. [%- IF lock_method.defined %]
  493. lock_method = [% lock_method %]
  494. [%- ELSE %]
  495. #lock_method = fcntl
  496. [%- END %]
  497.  
  498. # Show more verbose process titles (in ps). Currently shows user name and
  499. # IP address. Useful for seeing who are actually using the IMAP processes
  500. # (eg. shared mailboxes or if same uid is used for multiple accounts).
  501. [%- IF verbose_proctitle.defined %]
  502. verbose_proctitle = [% verbose_proctitle %]
  503. [%- ELSE %]
  504. #verbose_proctitle = no
  505. [%- END %]
  506.  
  507. # Directory where mails can be temporarily stored. Usually it's used only for
  508. # mails larger than >= 128 kB. It's used by various parts of Dovecot, for
  509. # example LDA/LMTP while delivering large mails or zlib plugin for keeping
  510. # uncompressed mails.
  511. #mail_temp_dir = /tmp
  512.  
  513. # Valid UID range for users, defaults to 500 and above. This is mostly
  514. # to make sure that users can't log in as daemons or other system users.
  515. # Note that denying root logins is hardcoded to dovecot binary and can't
  516. # be done even if first_valid_uid is set to 0.
  517. [%- IF first_valid_uid.defined %]
  518. first_valid_uid = [% first_valid_uid %]
  519. [%- ELSE %]
  520. first_valid_uid = 201
  521. [%- END %]
  522. [%- IF last_valid_uid.defined %]
  523. last_valid_uid = [% last_valid_uid %]
  524. [%- ELSE %]
  525. #last_valid_uid = 0
  526. [%- END %]
  527.  
  528. # Valid GID range for users, defaults to non-root/wheel. Users having
  529. # non-valid GID as primary group ID aren't allowed to log in. If user
  530. # belongs to supplementary groups with non-valid GIDs, those groups are
  531. # not set.
  532. [%- IF first_valid_gid.defined %]
  533. first_valid_gid = [% first_valid_gid %]
  534. [%- ELSE %]
  535. #first_valid_gid = 1
  536. [%- END %]
  537. [%- IF last_valid_gid.defined %]
  538. last_valid_gid = [% last_valid_gid %]
  539. [%- ELSE %]
  540. #last_valid_gid = 0
  541. [%- END %]
  542.  
  543. # Maximum allowed length for mail keyword name. It's only forced when trying
  544. # to create new keywords.
  545. [%- IF mail_max_keyword_length.defined %]
  546. mail_max_keyword_length = [% mail_max_keyword_length %]
  547. [%- ELSE %]
  548. #mail_max_keyword_length = 50
  549. [%- END %]
  550.  
  551. # ':' separated list of directories under which chrooting is allowed for mail
  552. # processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
  553. # This setting doesn't affect login_chroot, mail_chroot or auth chroot
  554. # settings. If this setting is empty, "/./" in home dirs are ignored.
  555. # WARNING: Never add directories here which local users can modify, that
  556. # may lead to root exploit. Usually this should be done only if you don't
  557. # allow shell access for users. <doc/wiki/Chrooting.txt>
  558. [%- IF valid_chroot_dirs.defined %]
  559. valid_chroot_dirs = [% valid_chroot_dirs %]
  560. [%- ELSE %]
  561. #valid_chroot_dirs =
  562. [%- END %]
  563.  
  564. # Default chroot directory for mail processes. This can be overridden for
  565. # specific users in user database by giving /./ in user's home directory
  566. # (eg. /home/./user chroots into /home). Note that usually there is no real
  567. # need to do chrooting, Dovecot doesn't allow users to access files outside
  568. # their mail directory anyway. If your home directories are prefixed with
  569. # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
  570. [%- IF mail_chroot.defined %]
  571. mail_chroot = [% mail_chroot %]
  572. [%- ELSE %]
  573. #mail_chroot =
  574. [%- END %]
  575.  
  576. # UNIX socket path to master authentication server to find users.
  577. # This is used by imap (for shared users) and lda.
  578. #auth_socket_path = /var/run/dovecot/auth-userdb
  579.  
  580. # Directory where to look up mail plugins.
  581. #mail_plugin_dir = /usr/lib/dovecot
  582.  
  583. # Space separated list of plugins to load for all services. Plugins specific to
  584. # IMAP, LDA, etc. are added to this list in their own .conf files.
  585. # Quota support must be enabled globally for the quota-status
  586. # service to work
  587. mail_plugins = quota quota_clone zlib [% IF fts_support %]fts fts_solr[% END %]
  588.  
  589. ##
  590. ## Mailbox handling optimizations
  591. ##
  592.  
  593. # Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
  594. # also required for IMAP NOTIFY extension to be enabled.
  595. mailbox_list_index = yes
  596.  
  597. # Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
  598. # of potentially returning out-of-date results after e.g. server crashes.
  599. # The results will be automatically fixed once the folders are opened.
  600. #mailbox_list_index_very_dirty_syncs = yes
  601.  
  602. # Should INBOX be kept up-to-date in the mailbox list index? By default it's
  603. # not, because most of the mailbox accesses will open INBOX anyway.
  604. #mailbox_list_index_include_inbox = no
  605.  
  606. # The minimum number of mails in a mailbox before updates are done to cache
  607. # file. This allows optimizing Dovecot's behavior to do less disk writes at
  608. # the cost of more disk reads.
  609. [%- IF mail_cache_min_mail_count.defined %]
  610. mail_cache_min_mail_count = [% mail_cache_min_mail_count %]
  611. [%- ELSE %]
  612. #mail_cache_min_mail_count = 0
  613. [%- END %]
  614.  
  615. # When IDLE command is running, mailbox is checked once in a while to see if
  616. # there are any new mails or other changes. This setting defines the minimum
  617. # time to wait between those checks. Dovecot can also use inotify and
  618. # kqueue to find out immediately when changes occur.
  619. [%- IF mailbox_idle_check_interval.defined %]
  620. mailbox_idle_check_interval = [% mailbox_idle_check_interval %] secs
  621. [%- ELSE %]
  622. #mailbox_idle_check_interval = 30 secs
  623. [%- END %]
  624.  
  625. # Save mails with CR+LF instead of plain LF. This makes sending those mails
  626. # take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
  627. # But it also creates a bit more disk I/O which may just make it slower.
  628. # Also note that if other software reads the mboxes/maildirs, they may handle
  629. # the extra CRs wrong and cause problems.
  630. [%- IF mail_save_crlf.defined %]
  631. mail_save_crlf = [% mail_save_crlf %]
  632. [%- ELSE %]
  633. #mail_save_crlf = no
  634. [%- END %]
  635.  
  636. # Max number of mails to keep open and prefetch to memory. This only works with
  637. # some mailbox formats and/or operating systems.
  638. mail_prefetch_count = 20
  639.  
  640. # How often to scan for stale temporary files and delete them (0 = never).
  641. # These should exist only after Dovecot dies in the middle of saving mails.
  642. #mail_temp_scan_interval = 1w
  643.  
  644. # How many slow mail accesses sorting can perform before it returns failure.
  645. # With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
  646. # The untagged SORT reply is still returned, but it's likely not correct.
  647. #mail_sort_max_read_count = 0
  648.  
  649. protocol !indexer-worker {
  650.   # If folder vsize calculation requires opening more than this many mails from
  651.   # disk (i.e. mail sizes aren't in cache already), return failure and finish
  652.   # the calculation via indexer process. Disabled by default. This setting must
  653.   # be 0 for indexer-worker processes.
  654.   #mail_vsize_bg_after_count = 0
  655. }
  656.  
  657. ##
  658. ## Maildir-specific settings
  659. ##
  660.  
  661. # By default LIST command returns all entries in maildir beginning with a dot.
  662. # Enabling this option makes Dovecot return only entries which are directories.
  663. # This is done by stat()ing each entry, so it causes more disk I/O.
  664. # (For systems setting struct dirent->d_type, this check is free and it's
  665. # done always regardless of this setting)
  666. [%- IF maildir_stat_dirs.defined %]
  667. maildir_stat_dirs = [% maildir_stat_dirs %]
  668. [%- ELSE %]
  669. #maildir_stat_dirs = no
  670. [%- END %]
  671.  
  672. # When copying a message, do it with hard links whenever possible. This makes
  673. # the performance much better, and it's unlikely to have any side effects.
  674. [%- IF maildir_copy_with_hardlinks.defined %]
  675. maildir_copy_with_hardlinks = [% maildir_copy_with_hardlinks %]
  676. [%- ELSE %]
  677. #maildir_copy_with_hardlinks = yes
  678. [%- END %]
  679.  
  680. # Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
  681. # when its mtime changes unexpectedly or when we can't find the mail otherwise.
  682. [%- IF maildir_very_dirty_syncs.defined %]
  683. maildir_very_dirty_syncs = [% maildir_very_dirty_syncs %]
  684. [%- ELSE %]
  685. #maildir_very_dirty_syncs = no
  686. [%- END %]
  687.  
  688. # If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
  689. # getting the mail's physical size, except when recalculating Maildir++ quota.
  690. # This can be useful in systems where a lot of the Maildir filenames have a
  691. # broken size. The performance hit for enabling this is very small.
  692. [%- IF maildir_broken_filename_sizes.defined %]
  693. maildir_broken_filename_sizes = [% maildir_broken_filename_sizes %]
  694. [%- ELSE %]
  695. #maildir_broken_filename_sizes = no
  696. [%- END %]
  697.  
  698. # Always move mails from new/ directory to cur/, even when the \Recent flags
  699. # aren't being reset.
  700. #maildir_empty_new = no
  701.  
  702. ##
  703. ## mdbox-specific settings
  704. ##
  705.  
  706. # Maximum dbox file size until it's rotated.
  707. [%- IF mdbox_rotate_size.defined %]
  708. mdbox_rotate_size = [% mdbox_rotate_size %]
  709. [%- ELSE %]
  710. #mdbox_rotate_size = 10M
  711. [%- END %]
  712.  
  713. # Maximum dbox file age until it's rotated. Typically in days. Day begins
  714. # from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
  715. [%- IF mdbox_rotate_interval.defined %]
  716.     [% IF mdbox_rotate_interval.match('[wd]') %]
  717. # In this case they have defined a unit
  718. mdbox_rotate_interval = [% mdbox_rotate_interval %]
  719.     [% ELSIF mdbox_rotate_interval %]
  720. # If they have not defined a unit we assume days
  721. mdbox_rotate_interval = [% mdbox_rotate_interval %]d
  722.     [% END %]
  723. [%- ELSE %]
  724. #mdbox_rotate_interval = 0
  725. [%- END %]
  726.  
  727. # When creating new mdbox files, immediately preallocate their size to
  728. # mdbox_rotate_size. This setting currently works only in Linux with some
  729. # filesystems (ext4, xfs).
  730. #mdbox_preallocate_space = no
  731.  
  732. ##
  733. ## IMAP specific settings
  734. ##
  735.  
  736. protocol imap {
  737.  
  738.   # If nothing happens for this long while client is IDLEing, move the connection
  739.   # to imap-hibernate process and close the old imap process. This saves memory,
  740.   # because connections use very little memory in imap-hibernate process. The
  741.   # downside is that recreating the imap process back uses some resources.
  742.   #imap_hibernate_timeout = 0
  743.  
  744.   # Maximum IMAP command line length in bytes. Some clients generate very long
  745.   # command lines with huge mailboxes, so you may need to raise this if you get
  746.   # "Too long argument" or "IMAP command line too large" errors often.
  747. [%- IF protocol_imap.imap_max_line_length.defined %]
  748.   imap_max_line_length = [% protocol_imap.imap_max_line_length %]
  749. [%- ELSE %]
  750.   #imap_max_line_length = 65536
  751. [%- END %]
  752.  
  753.   # Maximum number of IMAP connections allowed for a user from each IP address.
  754.   # NOTE: The username is compared case-sensitively.
  755. [%- IF protocol_imap.mail_max_userip_connections.defined %]
  756.   mail_max_userip_connections = [% protocol_imap.mail_max_userip_connections %]
  757. [%- ELSE %]
  758.   #mail_max_userip_connections = 10
  759. [%- END %]
  760.  
  761.   # Space separated list of plugins to load (default is global mail_plugins).
  762. [%- IF protocol_imap.mail_plugins.defined %]
  763.   mail_plugins = [% protocol_imap.mail_plugins %]
  764. [%- ELSE %]
  765.   #mail_plugins = acl quota imap_quota
  766. [%- END %]
  767. [% IF expire_trash %]
  768.   mail_plugins = $mail_plugins expire
  769. [% END %]
  770.   mail_plugins = $mail_plugins zlib imap_zlib quota_clone virtual [% IF xaps_topic %]imap_xaps[% END %] [% IF fts_support %]fts fts_solr[% END %]
  771.   #mail_plugin_dir = /usr/lib/dovecot/imap
  772.  
  773.  
  774.   # IMAP logout format string:
  775.   #  %i - total number of bytes read from client
  776.   #  %o - total number of bytes sent to client
  777.   #  %{fetch_hdr_count} - Number of mails with mail header data sent to client
  778.   #  %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
  779.   #  %{fetch_body_count} - Number of mails with mail body data sent to client
  780.   #  %{fetch_body_bytes} - Number of bytes with mail body data sent to client
  781.   #  %{deleted} - Number of mails where client added \Deleted flag
  782.   #  %{expunged} - Number of mails that client expunged, which does not
  783.   #                include automatically expunged mails
  784.   #  %{autoexpunged} - Number of mails that were automatically expunged after
  785.   #                    client disconnected
  786.   #  %{trashed} - Number of mails that client copied/moved to the
  787.   #               special_use=\Trash mailbox.
  788.   #  %{appended} - Number of mails saved during the session
  789. [%- IF protocol_imap.imap_logout_format.defined %]
  790.   imap_logout_format = [% protocol_imap.imap_logout_format %]
  791. [%- ELSE %]
  792.   #imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} \
  793.   #  trashed=%{trashed} hdr_count=%{fetch_hdr_count} \
  794.   #  hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} \
  795.   #  body_bytes=%{fetch_body_bytes}
  796. [%- END %]
  797.  
  798.   # Override the IMAP CAPABILITY response. If the value begins with '+',
  799.   # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
  800. [%- IF protocol_imap.imap_capability.defined %]
  801.   imap_capability = [% protocol_imap.imap_capability %]
  802. [%- ELSE %]
  803.   #imap_capability =
  804. [%- END %]
  805.  
  806.   # How many seconds to wait between "OK Still here" notifications when
  807.   # client is IDLEing.
  808. [%- IF protocol_imap.imap_idle_notify_interval.defined %]
  809.   imap_idle_notify_interval = [% protocol_imap.imap_idle_notify_interval %] min
  810. [%- ELSE %]
  811.   #imap_idle_notify_interval = 120
  812. [%- END %]
  813.  
  814.   # ID field names and values to send to clients. Using * as the value makes
  815.   # Dovecot use the default value. The following fields have default values
  816.   # currently: name, version, os, os-version, support-url, support-email.
  817. [%- IF protocol_imap.imap_id_send.defined %]
  818.   imap_id_send = [% protocol_imap.imap_id_send %]
  819. [%- ELSE %]
  820.   #imap_id_send =
  821. [%- END %]
  822.  
  823.   # ID fields sent by client to log. * means everything.
  824. [%- IF protocol_imap.imap_id_log.defined %]
  825.   imap_id_log = [% protocol_imap.imap_id_log %]
  826. [%- ELSE %]
  827.   #imap_id_log =
  828. [%- END %]
  829.  
  830.   # Workarounds for various client bugs:
  831.   #   delay-newmail:
  832.   #     Send EXISTS/RECENT new mail notifications only when replying to NOOP
  833.   #     and CHECK commands. Some clients ignore them otherwise, for example OSX
  834.   #     Mail (<v2.1). Outlook Express breaks more badly though, without this it
  835.   #     may show user "Message no longer in server" errors. Note that OE6 still
  836.   #     breaks even with this workaround if synchronization is set to
  837.   #     "Headers Only".
  838.   #   tb-extra-mailbox-sep:
  839.   #     Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
  840.   #     adds extra '/' suffixes to mailbox names. This option causes Dovecot to
  841.   #     ignore the extra '/' instead of treating it as invalid mailbox name.
  842.   #   tb-lsub-flags:
  843.   #     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
  844.   #     This makes Thunderbird realize they aren't selectable and show them
  845.   #     greyed out, instead of only later giving "not selectable" popup error.
  846.   #
  847.   # The list is space-separated.
  848. [%- IF protocol_imap.imap_client_workarounds.defined %]
  849.   imap_client_workarounds = [% protocol_imap.imap_client_workarounds %]
  850. [%- ELSE %]
  851.   #imap_client_workarounds =
  852. [%- END %]
  853.  
  854.   # Host allowed in URLAUTH URLs sent by client. "*" allows all.
  855.   #imap_urlauth_host =
  856.  
  857.   # Enable IMAP LITERAL- extension (replaces LITERAL+)
  858.   #imap_literal_minus = no
  859.  
  860.   # What happens when FETCH fails due to some internal error:
  861.   #   disconnect-immediately:
  862.   #     The FETCH is aborted immediately and the IMAP client is disconnected.
  863.   #   disconnect-after:
  864.   #     The FETCH runs for all the requested mails returning as much data as
  865.   #     possible. The client is finally disconnected without a tagged reply.
  866.   #   no-after:
  867.   #     Same as disconnect-after, but tagged NO reply is sent instead of
  868.   #     disconnecting the client. If the client attempts to FETCH the same failed
  869.   #     mail more than once, the client is disconnected. This is to avoid clients
  870.   #     from going into infinite loops trying to FETCH a broken mail.
  871.   #imap_fetch_failure = disconnect-immediately
  872.  
  873.   namespace spam {
  874.       prefix = spam
  875.   [%- IF namespace_private.separator.defined %]
  876.      separator = [% namespace_private.separator %]
  877.   [%- ELSE %]
  878.      #separator =
  879.   [%- END %]
  880.     location = virtual:/usr/local/cpanel/etc/dovecot/virtual/spam:INDEX=~/mail/virtual/%u/spam
  881.     list = no
  882.     hidden = yes
  883.   }
  884.  
  885.   namespace sent {
  886.       prefix = sent
  887.   [%- IF namespace_private.separator.defined %]
  888.      separator = [% namespace_private.separator %]
  889.   [%- ELSE %]
  890.      #separator =
  891.   [%- END %]
  892.     location = virtual:/usr/local/cpanel/etc/dovecot/virtual/sent:INDEX=~/mail/virtual/%u/sent
  893.     list = no
  894.     hidden = yes
  895.   }
  896.  
  897.  
  898. }
  899.  
  900.  
  901. ##
  902. ## POP3 specific settings
  903. ##
  904.  
  905. protocol pop3 {
  906.  
  907.   # Don't try to set mails non-recent or seen with POP3 sessions. This is
  908.   # mostly intended to reduce disk I/O. With maildir it doesn't move files
  909.   # from new/ to cur/, with mbox it doesn't write Status-header.
  910. [%- IF protocol_pop3.pop3_no_flag_updates.defined %]
  911.   pop3_no_flag_updates = [% protocol_pop3.pop3_no_flag_updates %]
  912. [%- ELSE %]
  913.   #pop3_no_flag_updates = no
  914. [%- END %]
  915.  
  916.   # Support LAST command which exists in old POP3 specs, but has been removed
  917.   # from new ones. Some clients still wish to use this though. Enabling this
  918.   # makes RSET command clear all \Seen flags from messages.
  919. [%- IF protocol_pop3.pop3_enable_last.defined %]
  920.   pop3_enable_last = [% protocol_pop3.pop3_enable_last %]
  921. [%- ELSE %]
  922.   #pop3_enable_last = no
  923. [%- END %]
  924.  
  925.   # If mail has X-UIDL header, use it as the mail's UIDL.
  926. [%- IF protocol_pop3.pop3_reuse_xuidl.defined %]
  927.   pop3_reuse_xuidl = [% protocol_pop3.pop3_reuse_xuidl %]
  928. [%- ELSE %]
  929.   #pop3_reuse_xuidl = no
  930. [%- END %]
  931.  
  932.   # Allow only one POP3 session to run simultaneously for the same user.
  933. [%- IF protocol_pop3.pop3_lock_session.defined %]
  934.   pop3_lock_session = [% protocol_pop3.pop3_lock_session %]
  935. [%- ELSE %]
  936.   #pop3_lock_session =
  937. [%- END %]
  938.  
  939.   # POP3 UIDL (unique mail identifier) format to use. You can use following
  940.   # variables, along with the variable modifiers described in
  941.   # doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
  942.   #
  943.   #  %v - Mailbox's IMAP UIDVALIDITY
  944.   #  %u - Mail's IMAP UID
  945.   #  %m - MD5 sum of the mailbox headers in hex (mbox only)
  946.   #  %f - filename (maildir only)
  947.   #
  948.   # If you want UIDL compatibility with other POP3 servers, use:
  949.   #  UW's ipop3d         : %08Xv%08Xu
  950.   #  Courier             : %f or %v-%u (both might be used simultaneosly)
  951.   #  Cyrus (<= 2.1.3)    : %u
  952.   #  Cyrus (>= 2.1.4)    : %v.%u
  953.   #  Dovecot v0.99.x     : %v.%u
  954.   #  tpop3d              : %Mf
  955.   #
  956.   # Note that Outlook 2003 seems to have problems with %v.%u format which was
  957.   # Dovecot's default, so if you're building a new server it would be a good
  958.   # idea to change this. %08Xu%08Xv should be pretty fail-safe.
  959.   #
  960. [%- IF protocol_pop3.pop3_uidl_format.defined %]
  961.   pop3_uidl_format = [% protocol_pop3.pop3_uidl_format %]
  962. [%- ELSE %]
  963.   #pop3_uidl_format = UID%u-%v
  964. [%- END %]
  965.  
  966.   # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
  967.   # won't change those UIDLs. Currently this works only with Maildir.
  968.   #pop3_save_uidl = no
  969.  
  970.   # What to do about duplicate UIDLs if they exist?
  971.   #   allow: Show duplicates to clients.
  972.   #   rename: Append a temporary -2, -3, etc. counter after the UIDL.
  973.   #pop3_uidl_duplicates = allow
  974.  
  975.   # This option changes POP3 behavior so that it's not possible to actually
  976.   # delete mails via POP3, only hide them from future POP3 sessions. The mails
  977.   # will still be counted towards user's quota until actually deleted via IMAP.
  978.   # Use e.g. "$POP3Deleted" as the value (it will be visible as IMAP keyword).
  979.   # Make sure you can legally archive mails before enabling this setting.
  980.   #pop3_deleted_flag =
  981.  
  982.   # POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
  983.   # Many POP3 servers violate this by returning the sizes with LF linefeeds,
  984.   # because it's faster to get. When this setting is enabled, Dovecot still
  985.   # tries to do the right thing first, but if that requires opening the
  986.   # message, it fallbacks to the easier (but incorrect) size.
  987.   #pop3_fast_size_lookups = no
  988.  
  989.   # POP3 logout format string:
  990.   #  %i - total number of bytes read from client
  991.   #  %o - total number of bytes sent to client
  992.   #  %t - number of TOP commands
  993.   #  %p - number of bytes sent to client as a result of TOP command
  994.   #  %r - number of RETR commands
  995.   #  %b - number of bytes sent to client as a result of RETR command
  996.   #  %d - number of deleted messages
  997.   #  %{deleted_bytes} - number of bytes in deleted messages
  998.   #  %m - number of messages (before deletion)
  999.   #  %s - mailbox size in bytes (before deletion)
  1000.   #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
  1001.   pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o
  1002.  
  1003.   # Maximum number of POP3 connections allowed for a user from each IP address.
  1004.   # NOTE: The username is compared case-sensitively.
  1005. [%- IF protocol_pop3.mail_max_userip_connections.defined %]
  1006.   mail_max_userip_connections = [% protocol_pop3.mail_max_userip_connections %]
  1007. [%- ELSE %]
  1008.   #mail_max_userip_connections = 3
  1009. [%- END %]
  1010.  
  1011.   # Space separated list of plugins to load (default is global mail_plugins).
  1012. [%- IF protocol_pop3.mail_plugins.defined %]
  1013.   mail_plugins = [% protocol_pop3.mail_plugins %]
  1014. [%- ELSE %]
  1015.   #mail_plugins =
  1016. [%- END %]
  1017. [% IF expire_trash %]
  1018.   mail_plugins = $mail_plugins expire
  1019. [% END %]
  1020.  
  1021.   mail_plugins = $mail_plugins quota quota_clone virtual zlib
  1022.  
  1023.   #mail_plugin_dir = /usr/lib/dovecot/pop3
  1024.  
  1025.   # Workarounds for various client bugs:
  1026.   #   outlook-no-nuls:
  1027.   #     Outlook and Outlook Express hang if mails contain NUL characters.
  1028.   #     This setting replaces them with 0x80 character.
  1029.   #   oe-ns-eoh:
  1030.   #     Outlook Express and Netscape Mail breaks if end of headers-line is
  1031.   #     missing. This option simply sends it if it's missing.
  1032.   # The list is space-separated.
  1033. [%- IF protocol_pop3.pop3_client_workarounds.defined %]
  1034.   pop3_client_workarounds = [% protocol_pop3.pop3_client_workarounds %]
  1035. [%- ELSE %]
  1036.   #pop3_client_workarounds =
  1037. [%- END %]
  1038.  
  1039.   namespace spam {
  1040.       prefix = spam
  1041.   [%- IF namespace_private.separator.defined %]
  1042.      separator = [% namespace_private.separator %]
  1043.   [%- ELSE %]
  1044.      #separator =
  1045.   [%- END %]
  1046.     location = virtual:/usr/local/cpanel/etc/dovecot/virtual/spam:INDEX=~/mail/virtual/%u/spam
  1047.     list = no
  1048.     hidden = yes
  1049.   }
  1050.  
  1051.   namespace sent {
  1052.       prefix = sent
  1053.   [%- IF namespace_private.separator.defined %]
  1054.      separator = [% namespace_private.separator %]
  1055.   [%- ELSE %]
  1056.      #separator =
  1057.   [%- END %]
  1058.     location = virtual:/usr/local/cpanel/etc/dovecot/virtual/sent:INDEX=~/mail/virtual/%u/sent
  1059.     list = no
  1060.     hidden = yes
  1061.   }
  1062.  
  1063.  
  1064. }
  1065.  
  1066. ##
  1067. ## LMTP specific settings
  1068. ##
  1069.  
  1070. protocol lmtp {
  1071.     quota_full_tempfail = [% incoming_reached_quota == 'defer' ? 'yes' : 'no' -%]
  1072.  
  1073.     # Address to use when sending rejection mails.
  1074.     # Default is postmaster@%d. %d expands to recipient domain.
  1075.     postmaster_address = root
  1076.  
  1077.     mail_plugins = quota quota_clone zlib [% IF xaps_topic %]xaps[% END %]
  1078. }
  1079.  
  1080. lmtp_save_to_detail_mailbox = yes
  1081. lmtp_user_concurrency_limit = [% lmtp_user_concurrency_limit %]
  1082.  
  1083. recipient_delimiter = +
  1084.  
  1085. # Support proxying to other LMTP/SMTP servers by performing passdb lookups.
  1086. #lmtp_proxy = no
  1087.  
  1088. # When recipient address includes the detail (e.g. user+detail), try to save
  1089. # the mail to the detail mailbox. See also recipient_delimiter and
  1090. # lda_mailbox_autocreate settings.
  1091. #lmtp_save_to_detail_mailbox = no
  1092.  
  1093. # Verify quota before replying to RCPT TO. This adds a small overhead.
  1094. [%- IF lmtp_rcpt_check_quota.defined %]
  1095. lmtp_rcpt_check_quota = [% lmtp_rcpt_check_quota %]
  1096. [%- ELSE %]
  1097. lmtp_rcpt_check_quota = yes
  1098. [%- END %]
  1099.  
  1100.  
  1101. # Which recipient address to use for Delivered-To: header and Received:
  1102. # header. The default is "final", which is the same as the one given to
  1103. # RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
  1104. # parameter, "none" uses nothing. Note that "none" is currently always used
  1105. # when a mail has multiple recipients.
  1106. #lmtp_hdr_delivery_address = final
  1107.  
  1108. ##
  1109. ## LDA specific settings
  1110. ##
  1111.  
  1112. protocol lda {
  1113.   quota_full_tempfail = [% incoming_reached_quota == 'defer' ? 'yes' : 'no' -%]
  1114.  
  1115.   # Address to use when sending rejection mails.
  1116.   # Default is postmaster@%d. %d expands to recipient domain.
  1117.   postmaster_address = root
  1118.  
  1119.   # Hostname to use in various parts of sent mails (e.g. in Message-Id) and
  1120.   # in LMTP replies. Default is the system's real hostname@domain.
  1121.   #hostname =
  1122.  
  1123.   # Support for dynamically loadable plugins. mail_plugins is a space separated
  1124.   # list of plugins to load.
  1125.   mail_plugins = quota quota_clone zlib [% IF xaps_topic %]xaps[% END %]
  1126.   #mail_plugin_dir = /usr/lib/dovecot/lda
  1127.  
  1128.   # Binary to use for sending mails.
  1129.   #sendmail_path = /usr/lib/sendmail
  1130.  
  1131.   # If non-empty, send mails via this SMTP host[:port] instead of sendmail.
  1132.   #submission_host =
  1133.  
  1134.   # Subject: header to use for rejection mails. You can use the same variables
  1135.   # as for rejection_reason below.
  1136.   #rejection_subject = Rejected: %s
  1137.  
  1138.   # UNIX socket path to master authentication server to find users.
  1139.   #auth_socket_path = /var/run/dovecot/auth-master
  1140. }
  1141.  
  1142. # Should saving a mail to a nonexistent mailbox automatically create it?
  1143. lda_mailbox_autocreate = yes
  1144.  
  1145. # Should automatically created mailboxes be also automatically subscribed?
  1146. #lda_mailbox_autosubscribe = no
  1147.  
  1148. ##
  1149. ## Authentication processes
  1150. ##
  1151.  
  1152. # Disable LOGIN command and all other plaintext authentications unless
  1153. # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
  1154. # matches the local IP (ie. you're connecting from the same computer), the
  1155. # connection is considered secure and plaintext authentication is allowed.
  1156. # See also ssl=required setting.
  1157. [%- IF disable_plaintext_auth.defined %]
  1158. disable_plaintext_auth = [% disable_plaintext_auth %]
  1159. [%- ELSE %]
  1160. #disable_plaintext_auth = yes
  1161. [%- END %]
  1162.  
  1163. # Auth cache settings
  1164.  
  1165. # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
  1166. # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
  1167. [%- IF auth_cache_size.defined %]
  1168. auth_cache_size = [% auth_cache_size %]
  1169. [%- ELSE %]
  1170. #auth_cache_size = 0
  1171. [%- END %]
  1172.  
  1173. # Time to live for cached data. After TTL expires the cached record is no
  1174. # longer used, *except* if the main database lookup returns internal failure.
  1175. # We also try to handle password changes automatically: If user's previous
  1176. # authentication was successful, but this one wasn't, the cache isn't used.
  1177. # For now this works only with plaintext authentication.
  1178. [%- IF auth_cache_ttl.defined %]
  1179. auth_cache_ttl = [% auth_cache_ttl %] sec
  1180. [%- ELSE %]
  1181. #auth_cache_ttl = 3600 sec
  1182. [%- END %]
  1183.  
  1184. # TTL for negative hits (user not found, password mismatch).
  1185. # 0 disables caching them completely.
  1186. [%- IF auth_cache_negative_ttl.defined %]
  1187. auth_cache_negative_ttl = [% auth_cache_negative_ttl %] sec
  1188. [%- ELSE %]
  1189. #auth_cache_negative_ttl = 3600 sec
  1190. [%- END %]
  1191.  
  1192. # Space separated list of realms for SASL authentication mechanisms that need
  1193. # them. You can leave it empty if you don't want to support multiple realms.
  1194. # Many clients simply use the first one listed here, so keep the default realm
  1195. # first.
  1196. #auth_realms =
  1197.  
  1198. # Default realm/domain to use if none was specified. This is used for both
  1199. # SASL realms and appending @domain to username in plaintext logins.
  1200. #auth_default_realm =
  1201.  
  1202. # List of allowed characters in username. If the user-given username contains
  1203. # a character not listed in here, the login automatically fails. This is just
  1204. # an extra check to make sure user can't exploit any potential quote escaping
  1205. # vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
  1206. # set this value to empty.
  1207. #Allow + in usernames
  1208. auth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$-=?^_{}~./@+%"
  1209.  
  1210. # Maximum number of dovecot-auth worker processes. They're used to execute
  1211. # blocking passdb and userdb queries (eg. MySQL and PAM). They're
  1212. # automatically created and destroyed as needed.
  1213. #auth_worker_max_count = 30
  1214.  
  1215. # Time to delay before replying to failed authentications.
  1216. #auth_failure_delay = 2 secs
  1217.  
  1218. # Space separated list of wanted authentication mechanisms:
  1219. #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
  1220. #   gss-spnego
  1221. # NOTE: See also disable_plaintext_auth setting.
  1222. auth_mechanisms = plain login
  1223.  
  1224. [% IF hulk_enabled %]
  1225. auth_policy_server_url = http://127.0.0.1:579/dovecot-auth-policy
  1226. auth_policy_server_timeout_msecs = 3000
  1227. auth_policy_hash_mech = sha512
  1228. auth_policy_request_attributes = auth_database=mail database=mail service=dovecot username=%{orig_user} authtoken_hash=$0$0$%{hashed_password} local_host=%{real_lip} local_port=%{real_lport} remote_host=%{real_rip} remote_port=%{real_rport}
  1229. auth_policy_reject_on_fail = no
  1230. auth_policy_hash_truncate = 64
  1231. auth_policy_hash_nonce = "dummmy"
  1232.  
  1233. # auth_policy_hash_nonce and auth_policy_server_api_header
  1234. !include_try /etc/dovecot/auth_policy.conf
  1235. [% END %]
  1236.  
  1237. ##
  1238. ## Password and user databases
  1239. ##
  1240.  
  1241. passdb {
  1242.   driver = dict
  1243.   args = /usr/local/cpanel/etc/dovecot/cpauthd-dict.conf
  1244.   result_internalfail = continue
  1245.   result_failure = [% IF allow_domainowner_mail_pass %]continue[% ELSE %]return-fail[% END %]
  1246. }
  1247. [% IF allow_domainowner_mail_pass %]
  1248. passdb {
  1249.   driver = dict
  1250.   skip = authenticated
  1251.   args = /usr/local/cpanel/etc/dovecot/cpauthd-dict-domain_owner_mail_pass.conf
  1252.   result_internalfail = continue
  1253.   result_failure = return-fail
  1254. }
  1255.  
  1256. [% END %]
  1257.  
  1258.  
  1259. userdb {
  1260.    driver = prefetch
  1261. }
  1262. userdb {
  1263.   driver = dict
  1264.   args = /usr/local/cpanel/etc/dovecot/cpauthd-dict.conf
  1265. }
  1266.  
  1267.  
  1268.  
  1269.  
  1270.  
  1271.  
  1272.  
  1273.  
  1274.  
  1275.  
  1276. ##
  1277. ## Log destination.
  1278. ##
  1279.  
  1280. # Log file to use for error messages. "syslog" logs to syslog,
  1281. # /dev/stderr logs to stderr.
  1282. #log_path = syslog
  1283.  
  1284. # Log file to use for informational messages. Defaults to log_path.
  1285. #info_log_path =
  1286. # Log file to use for debug messages. Defaults to info_log_path.
  1287. #debug_log_path =
  1288.  
  1289. # Syslog facility to use if you're logging to syslog. Usually if you don't
  1290. # want to use "mail", you'll use local0..local7. Also other standard
  1291. # facilities are supported.
  1292. #syslog_facility = mail
  1293.  
  1294. ##
  1295. ## Logging verbosity and debugging.
  1296. ##
  1297.  
  1298. # Log unsuccessful authentication attempts and the reasons why they failed.
  1299. [%- IF auth_verbose.defined %]
  1300. auth_verbose = [% auth_verbose %]
  1301. [%- ELSE %]
  1302. #auth_verbose = no
  1303. [%- END %]
  1304.  
  1305. # In case of password mismatches, log the attempted password. Valid values are
  1306. # no, plain and sha1. sha1 can be useful for detecting brute force password
  1307. # attempts vs. user simply trying the same password over and over again.
  1308. # You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
  1309. #auth_verbose_passwords = no
  1310.  
  1311. # Even more verbose logging for debugging purposes. Shows for example SQL
  1312. # queries.
  1313. [%- IF auth_debug.defined %]
  1314. auth_debug = [% auth_debug %]
  1315. [%- ELSE %]
  1316. #auth_debug = no
  1317. [%- END %]
  1318.  
  1319. # In case of password mismatches, log the passwords and used scheme so the
  1320. # problem can be debugged. Enabling this also enables auth_debug.
  1321. [%- IF auth_debug_passwords.defined %]
  1322. auth_debug_passwords = [% auth_debug_passwords %]
  1323. [%- ELSE %]
  1324. #auth_debug_passwords = no
  1325. [%- END %]
  1326.  
  1327. # Enable mail process debugging. This can help you figure out why Dovecot
  1328. # isn't finding your mails.
  1329. [%- IF mail_debug.defined %]
  1330. mail_debug = [% mail_debug %]
  1331. [%- ELSE %]
  1332. #mail_debug = no
  1333. [%- END %]
  1334.  
  1335. # Show protocol level SSL errors.
  1336. #verbose_ssl = no
  1337.  
  1338. # mail_log plugin provides more event logging for mail processes.
  1339. plugin {
  1340.   # Events to log. Also available: flag_change append
  1341.   #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  1342.   # Available fields: uid, box, msgid, from, subject, size, vsize, flags
  1343.   # size and vsize are available only for expunge and copy events.
  1344.   #mail_log_fields = uid box msgid size
  1345. }
  1346.  
  1347. ##
  1348. ## Log formatting.
  1349. ##
  1350.  
  1351. # Prefix for each line written to log file. % codes are in strftime(3)
  1352. # format.
  1353. #log_timestamp = "%b %d %H:%M:%S "
  1354.  
  1355. # Space-separated list of elements we want to log. The elements which have
  1356. # a non-empty variable value are joined together to form a comma-separated
  1357. # string.
  1358. [%- IF login_log_format_elements.defined %]
  1359. login_log_format_elements = [% login_log_format_elements %]
  1360. [%- ELSE %]
  1361. #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
  1362. [%- END %]
  1363.  
  1364. # Login log format. %$ contains login_log_format_elements string, %s contains
  1365. # the data we want to log.
  1366. [%- IF login_log_format.defined %]
  1367. login_log_format = [% login_log_format %]
  1368. [%- ELSE %]
  1369. #login_log_format = %$: %s
  1370. [%- END %]
  1371.  
  1372. # Log prefix for mail processes. See doc/wiki/Variables.txt for list of
  1373. # possible variables you can use.
  1374. [%- IF mail_log_prefix.defined %]
  1375. mail_log_prefix = [% mail_log_prefix %]
  1376. [%- ELSE %]
  1377. #mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
  1378. [%- END %]
  1379.  
  1380. # Format to use for logging mail deliveries:
  1381. #  %$ - Delivery status message (e.g. "saved to INBOX")
  1382. #  %m / %{msgid} - Message-ID
  1383. #  %s / %{subject} - Subject
  1384. #  %f / %{from} - From address
  1385. #  %p / %{size} - Physical size
  1386. #  %w / %{vsize} - Virtual size
  1387. #  %e / %{from_envelope} - MAIL FROM envelope
  1388. #  %{to_envelope} - RCPT TO envelope
  1389. #  %{delivery_time} - How many milliseconds it took to deliver the mail
  1390. #  %{session_time} - How long LMTP session took, not including delivery_time
  1391. #  %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
  1392. #deliver_log_format = msgid=%m: %$
  1393.  
  1394. ##
  1395. ## Services
  1396. ##
  1397.  
  1398. service config {
  1399.     vsz_limit = [% config_vsz_limit || 512 %] M
  1400. }
  1401.  
  1402. service quota-status {
  1403.   executable = quota-status -p postfix
  1404.   unix_listener {
  1405.     path = quota-status
  1406.     mode = 0666
  1407.   }
  1408. }
  1409.  
  1410. service auth {
  1411.   unix_listener auth-client {
  1412.     path = auth-client
  1413.     mode = 0666
  1414.   }
  1415.  
  1416.   [%- IF auth_required_client_limit.defined %]
  1417.   client_limit = [% auth_required_client_limit %]
  1418.   [%- END %]
  1419. }
  1420.  
  1421. [%- IF anvil_required_client_limit.defined %]
  1422. service anvil {
  1423.   client_limit = [% anvil_required_client_limit %]
  1424. }
  1425. [%- END %]
  1426.  
  1427. service stats {
  1428.   client_limit = [% stats_required_client_limit || 2000 %]
  1429.   unix_listener stats-writer {
  1430.     mode = 0666
  1431.   }
  1432. }
  1433.  
  1434. plugin {
  1435. [% IF compress_messages %]
  1436.   zlib_save = gz
  1437. [%- IF compress_messages_level.defined %]
  1438.   zlib_save_level = [% compress_messages_level %]
  1439. [% END %]
  1440. [% END %]
  1441.   [% IF xaps_topic %]xaps_topic = [% xaps_topic %][% END %]
  1442. }
  1443.  
  1444. mail_access_groups = dovecot
  1445.  
  1446. service dict {
  1447.   unix_listener dict {
  1448.     mode = 0660
  1449.       group = dovecot
  1450.   }
  1451. }
  1452.  
  1453. # Disabled until we offically support Pigeonhole
  1454. #managesieve_notify_capability = mailto
  1455. #managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
  1456.  
  1457. service lmtp {
  1458. # Set max. process size in megabytes. Most of the memory goes to mmap()ing
  1459. # files, so it shouldn't harm much even if this limit is set pretty high.
  1460. [%- IF mail_process_size.defined %]
  1461.     vsz_limit = [% mail_process_size %] M
  1462. [%- ELSE %]
  1463.     #vsz_limit = 512 M
  1464. [%- END %]
  1465. [%- IF lmtp_process_min_avail %]
  1466.     process_min_avail = [% lmtp_process_min_avail %]
  1467. [%- ELSE %]
  1468.     #process_min_avail =
  1469. [%- END %]
  1470.  
  1471.     #We always want this. Otherwise one connection could block another
  1472.     #connection that shares the same process.
  1473.     client_limit = 1
  1474.  
  1475.     process_limit = [% lmtp_process_limit || 500 %]
  1476.  
  1477.     unix_listener lmtp {
  1478.        user = mailnull
  1479.        group = mail
  1480.        mode = 0660
  1481.     }
  1482. }
  1483.  
  1484. service imap-login {
  1485. # Maximum number of connections allowed per each login process. This setting
  1486. # is used only if login_process_per_connection=no. Once the limit is reached,
  1487. # the process notifies master so that it can create a new login process.
  1488. [%- IF login_max_connections.defined %]
  1489.   client_limit = [% login_max_connections %]
  1490. [%- ELSE %]
  1491.   #client_limit = 256
  1492. [%- END %]
  1493. # Maximum number of login processes to create. The listening process count
  1494. # usually stays at login_processes_count, but when multiple users start logging
  1495. # in at the same time more extra processes are created. To prevent fork-bombing
  1496. # we check only once in a second if new processes should be created - if all
  1497. # of them are used at the time, we double their amount until the limit set by
  1498. # this setting is reached.
  1499. [%- IF login_max_processes_count.defined %]
  1500.     process_limit = [% login_max_processes_count %]
  1501. [%- ELSE %]
  1502.     process_limit = 128
  1503. [%- END %]
  1504. # Number of login processes to keep for listening new connections.
  1505. [%- IF login_processes_count.defined %]
  1506.     process_min_avail = [% login_processes_count %]
  1507. [%- ELSE %]
  1508.     #process_min_avail = 2
  1509. [%- END %]
  1510. # Should each login be processed in its own process (yes), or should one
  1511. # login process be allowed to process multiple connections (no)? Yes is more
  1512. # secure, espcially with SSL/TLS enabled. No is faster since there's no need
  1513. # to create processes all the time.
  1514. [%- IF login_process_per_connection.defined %]
  1515.     service_count = [% login_process_per_connection == "no" ? 0 : 1 %]
  1516. [%- ELSE %]
  1517.     #service_count = 0
  1518. [%- END %]
  1519. # Set max. process size in megabytes. If you don't use
  1520. # login_process_per_connection you might need to grow this.
  1521. [%- IF login_process_size.defined %]
  1522.     vsz_limit = [% login_process_size %] M
  1523. [%- ELSE %]
  1524.     #vsz_limit = 128 M
  1525. [%- END %]
  1526. # Drop all privileges before exec()ing the mail process. This is mostly
  1527. # meant for debugging, otherwise you don't get core dumps. It could be a small
  1528. # security risk if you use single UID for multiple users, as the users could
  1529. # ptrace() each others processes then.
  1530. [%- IF mail_drop_priv_before_exec.defined %]
  1531.     drop_priv_before_exec = [% mail_drop_priv_before_exec %]
  1532. [%- ELSE %]
  1533.     #drop_priv_before_exec =
  1534. [%- END %]
  1535. # chroot login process to the login_dir. Only reason not to do this is if you
  1536. # wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
  1537. [%- IF login_chroot.defined %]
  1538. chroot = [% login_chroot %]
  1539. [%- ELSE %]
  1540. #chroot = yes
  1541. [%- END %]
  1542. # User to use for the login process. Create a completely new user for this,
  1543. # and don't use it anywhere else. The user must also belong to a group where
  1544. # only it has access, it's used to control access for authentication process.
  1545. # Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
  1546. [%- IF login_user.defined %]
  1547. user = [% login_user %]
  1548. [%- ELSE %]
  1549. #user = dovecot
  1550. [%- END %]
  1551. # IP or host address where to listen in for non-SSL connections. Defaults
  1552. # to above if not specified.
  1553. [%- IF listen.defined %]
  1554.     inet_listener imap {
  1555.       address = [% listen %]
  1556.     }
  1557. [%- ELSE %]
  1558. #    inet_listener imap {
  1559. #      address =
  1560. #    }
  1561. [%- END %]
  1562. # IP or host address where to listen in for SSL connections. Defaults
  1563. # to above if not specified.
  1564. [%- IF ssl_listen.defined %]
  1565.     inet_listener imaps {
  1566.       address = [% ssl_listen %]
  1567.     }
  1568. [%- ELSE %]
  1569. #    inet_listener imaps {
  1570. #      address =
  1571. #    }
  1572. [%- END %]
  1573. }
  1574.  
  1575. service imap {
  1576. # Maximum number of running mail processes. When this limit is reached,
  1577. # new users aren't allowed to log in.
  1578. [%- IF max_mail_processes.defined %]
  1579.     process_limit = [% max_mail_processes %]
  1580. [%- ELSE %]
  1581.     #process_limit = 512
  1582. [%- END %]
  1583. # Set max. process size in megabytes. Most of the memory goes to mmap()ing
  1584. # files, so it shouldn't harm much even if this limit is set pretty high.
  1585. [%- IF mail_process_size.defined %]
  1586.     vsz_limit = [% mail_process_size %] M
  1587. [%- ELSE %]
  1588.     #vsz_limit = 512 M
  1589. [%- END %]
  1590. # Drop all privileges before exec()ing the mail process. This is mostly
  1591. # meant for debugging, otherwise you don't get core dumps. It could be a small
  1592. # security risk if you use single UID for multiple users, as the users could
  1593. # ptrace() each others processes then.
  1594. [%- IF mail_drop_priv_before_exec.defined %]
  1595.     drop_priv_before_exec = [% mail_drop_priv_before_exec %]
  1596. [%- ELSE %]
  1597.     #drop_priv_before_exec =
  1598. [%- END %]
  1599. }
  1600.  
  1601. service managesieve-login {
  1602. # Maximum number of connections allowed per each login process. This setting
  1603. # is used only if login_process_per_connection=no. Once the limit is reached,
  1604. # the process notifies master so that it can create a new login process.
  1605. [%- IF login_max_connections.defined %]
  1606.   client_limit = [% login_max_connections %]
  1607. [%- ELSE %]
  1608.   #client_limit = 256
  1609. [%- END %]
  1610. # Maximum number of login processes to create. The listening process count
  1611. # usually stays at login_processes_count, but when multiple users start logging
  1612. # in at the same time more extra processes are created. To prevent fork-bombing
  1613. # we check only once in a second if new processes should be created - if all
  1614. # of them are used at the time, we double their amount until the limit set by
  1615. # this setting is reached.
  1616. [%- IF login_max_processes_count.defined %]
  1617.     process_limit = [% login_max_processes_count %]
  1618. [%- ELSE %]
  1619.     process_limit = 128
  1620. [%- END %]
  1621. # Number of login processes to keep for listening new connections.
  1622. [%- IF login_processes_count.defined %]
  1623.     process_min_avail = [% login_processes_count %]
  1624. [%- ELSE %]
  1625.     #process_min_avail = 2
  1626. [%- END %]
  1627. # Should each login be processed in its own process (yes), or should one
  1628. # login process be allowed to process multiple connections (no)? Yes is more
  1629. # secure, espcially with SSL/TLS enabled. No is faster since there's no need
  1630. # to create processes all the time.
  1631. [%- IF login_process_per_connection.defined %]
  1632.     service_count = [% login_process_per_connection == "no" ? 0 : 1 %]
  1633. [%- ELSE %]
  1634.     #service_count = 0
  1635. [%- END %]
  1636. # Set max. process size in megabytes. If you don't use
  1637. # login_process_per_connection you might need to grow this.
  1638. [%- IF login_process_size.defined %]
  1639.     vsz_limit = [% login_process_size %] M
  1640. [%- ELSE %]
  1641.     #vsz_limit = 128 M
  1642. [%- END %]
  1643. # Drop all privileges before exec()ing the mail process. This is mostly
  1644. # meant for debugging, otherwise you don't get core dumps. It could be a small
  1645. # security risk if you use single UID for multiple users, as the users could
  1646. # ptrace() each others processes then.
  1647. [%- IF mail_drop_priv_before_exec.defined %]
  1648.     drop_priv_before_exec = [% mail_drop_priv_before_exec %]
  1649. [%- ELSE %]
  1650.     #drop_priv_before_exec =
  1651. [%- END %]
  1652. # chroot login process to the login_dir. Only reason not to do this is if you
  1653. # wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
  1654. [%- IF login_chroot.defined %]
  1655. chroot = [% login_chroot %]
  1656. [%- ELSE %]
  1657. #chroot = yes
  1658. [%- END %]
  1659. # User to use for the login process. Create a completely new user for this,
  1660. # and don't use it anywhere else. The user must also belong to a group where
  1661. # only it has access, it's used to control access for authentication process.
  1662. # Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
  1663. [%- IF login_user.defined %]
  1664. user = [% login_user %]
  1665. [%- ELSE %]
  1666. #user = dovecot
  1667. [%- END %]
  1668.  
  1669. }
  1670.  
  1671. service managesieve {
  1672. # Maximum number of running mail processes. When this limit is reached,
  1673. # new users aren't allowed to log in.
  1674. [%- IF max_mail_processes.defined %]
  1675.     process_limit = [% max_mail_processes %]
  1676. [%- ELSE %]
  1677.     #process_limit = 512
  1678. [%- END %]
  1679. # Set max. process size in megabytes. Most of the memory goes to mmap()ing
  1680. # files, so it shouldn't harm much even if this limit is set pretty high.
  1681. [%- IF mail_process_size.defined %]
  1682.     vsz_limit = [% mail_process_size %] M
  1683. [%- ELSE %]
  1684.     #vsz_limit = 512 M
  1685. [%- END %]
  1686. # Drop all privileges before exec()ing the mail process. This is mostly
  1687. # meant for debugging, otherwise you don't get core dumps. It could be a small
  1688. # security risk if you use single UID for multiple users, as the users could
  1689. # ptrace() each others processes then.
  1690. [%- IF mail_drop_priv_before_exec.defined %]
  1691.     drop_priv_before_exec = [% mail_drop_priv_before_exec %]
  1692. [%- ELSE %]
  1693.     #drop_priv_before_exec =
  1694. [%- END %]
  1695. }
  1696.  
  1697. service pop3-login {
  1698. # Maximum number of connections allowed per each login process. This setting
  1699. # is used only if login_process_per_connection=no. Once the limit is reached,
  1700. # the process notifies master so that it can create a new login process.
  1701. [%- IF login_max_connections.defined %]
  1702.   client_limit = [% login_max_connections %]
  1703. [%- ELSE %]
  1704.   #client_limit = 256
  1705. [%- END %]
  1706. # Maximum number of login processes to create. The listening process count
  1707. # usually stays at login_processes_count, but when multiple users start logging
  1708. # in at the same time more extra processes are created. To prevent fork-bombing
  1709. # we check only once in a second if new processes should be created - if all
  1710. # of them are used at the time, we double their amount until the limit set by
  1711. # this setting is reached.
  1712. [%- IF login_max_processes_count.defined %]
  1713.     process_limit = [% login_max_processes_count %]
  1714. [%- ELSE %]
  1715.     process_limit = 128
  1716. [%- END %]
  1717. # Number of login processes to keep for listening new connections.
  1718. [%- IF login_processes_count.defined %]
  1719.     process_min_avail = [% login_processes_count %]
  1720. [%- ELSE %]
  1721.     #process_min_avail = 2
  1722. [%- END %]
  1723. # Should each login be processed in its own process (yes), or should one
  1724. # login process be allowed to process multiple connections (no)? Yes is more
  1725. # secure, espcially with SSL/TLS enabled. No is faster since there's no need
  1726. # to create processes all the time.
  1727. [%- IF login_process_per_connection.defined %]
  1728.     service_count = [% login_process_per_connection == "no" ? 0 : 1 %]
  1729. [%- ELSE %]
  1730.     #service_count = 0
  1731. [%- END %]
  1732. # Set max. process size in megabytes. If you don't use
  1733. # login_process_per_connection you might need to grow this.
  1734. [%- IF login_process_size.defined %]
  1735.     vsz_limit = [% login_process_size %] M
  1736. [%- ELSE %]
  1737.     #vsz_limit = 128 M
  1738. [%- END %]
  1739. # Drop all privileges before exec()ing the mail process. This is mostly
  1740. # meant for debugging, otherwise you don't get core dumps. It could be a small
  1741. # security risk if you use single UID for multiple users, as the users could
  1742. # ptrace() each others processes then.
  1743. [%- IF mail_drop_priv_before_exec.defined %]
  1744.     drop_priv_before_exec = [% mail_drop_priv_before_exec %]
  1745. [%- ELSE %]
  1746.     #drop_priv_before_exec =
  1747. [%- END %]
  1748. # chroot login process to the login_dir. Only reason not to do this is if you
  1749. # wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
  1750. [%- IF login_chroot.defined %]
  1751. chroot = [% login_chroot %]
  1752. [%- ELSE %]
  1753. #chroot = yes
  1754. [%- END %]
  1755. # User to use for the login process. Create a completely new user for this,
  1756. # and don't use it anywhere else. The user must also belong to a group where
  1757. # only it has access, it's used to control access for authentication process.
  1758. # Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
  1759. [%- IF login_user.defined %]
  1760. user = [% login_user %]
  1761. [%- ELSE %]
  1762. #user = dovecot
  1763. [%- END %]
  1764. # IP or host address where to listen in for non-SSL connections. Defaults
  1765. # to above if not specified.
  1766. [%- IF listen.defined %]
  1767.     inet_listener pop3 {
  1768.       address = [% listen %]
  1769.     }
  1770. [%- ELSE %]
  1771. #    inet_listener pop3 {
  1772. #      address =
  1773. #    }
  1774. [%- END %]
  1775. # IP or host address where to listen in for SSL connections. Defaults
  1776. # to above if not specified.
  1777. [%- IF ssl_listen.defined %]
  1778.     inet_listener pop3s {
  1779.       address = [% ssl_listen %]
  1780.     }
  1781. [%- ELSE %]
  1782. #    inet_listener pop3s {
  1783. #      address =
  1784. #    }
  1785. [%- END %]
  1786. }
  1787.  
  1788. service pop3 {
  1789. # Maximum number of running mail processes. When this limit is reached,
  1790. # new users aren't allowed to log in.
  1791. [%- IF max_mail_processes.defined %]
  1792.     process_limit = [% max_mail_processes %]
  1793. [%- ELSE %]
  1794.     #process_limit = 512
  1795. [%- END %]
  1796. # Set max. process size in megabytes. Most of the memory goes to mmap()ing
  1797. # files, so it shouldn't harm much even if this limit is set pretty high.
  1798. [%- IF mail_process_size.defined %]
  1799.     vsz_limit = [% mail_process_size %] M
  1800. [%- ELSE %]
  1801.     #vsz_limit = 512 M
  1802. [%- END %]
  1803. # Drop all privileges before exec()ing the mail process. This is mostly
  1804. # meant for debugging, otherwise you don't get core dumps. It could be a small
  1805. # security risk if you use single UID for multiple users, as the users could
  1806. # ptrace() each others processes then.
  1807. [%- IF mail_drop_priv_before_exec.defined %]
  1808.     drop_priv_before_exec = [% mail_drop_priv_before_exec %]
  1809. [%- ELSE %]
  1810.     #drop_priv_before_exec =
  1811. [%- END %]
  1812.  
  1813. }
  1814.  
  1815. # Should all processes be killed when Dovecot master process shuts down.
  1816. # Setting this to "no" means that Dovecot can be upgraded without
  1817. # forcing existing client connections to close (although that could also be
  1818. # a problem if the upgrade is e.g. because of a security fix).
  1819. [%- IF shutdown_clients.defined %]
  1820. shutdown_clients = [% shutdown_clients %]
  1821. [%- ELSE %]
  1822. #shutdown_clients = yes
  1823. [%- END %]
  1824.  
  1825. # If non-zero, run mail commands via this many connections to doveadm server,
  1826. # instead of running them directly in the same process.
  1827. #doveadm_worker_count = 0
  1828. # UNIX socket or host:port used for connecting to doveadm server
  1829. #doveadm_socket_path = doveadm-server
  1830.  
  1831. # Space separated list of environment variables that are preserved on Dovecot
  1832. # startup and passed down to all of its child processes. You can also give
  1833. # key=value pairs to always set specific settings.
  1834. #import_environment = TZ
  1835.  
  1836. ##
  1837. ## Dictionary server settings
  1838. ##
  1839.  
  1840. # Dictionary can be used to store key=value lists. This is used by several
  1841. # plugins. The dictionary can be accessed either directly or though a
  1842. # dictionary server. The following dict block maps dictionary names to URIs
  1843. # when the server is used. These can then be referenced using URIs in format
  1844. # "proxy::<name>".
  1845.  
  1846. dict {
  1847. [% IF expire_trash %]
  1848.   expire = sqlite:/usr/local/cpanel/etc/dovecot/dovecot-dict-expire.conf.ext
  1849. [% END %]
  1850. }
  1851.  
  1852. plugin {
  1853.   # Here you can give some extra environment variables to mail processes.
  1854.   # This is mostly meant for passing parameters to plugins. %variable
  1855.   # expansion is done for all values.
  1856.  
  1857.   # Quota plugin. Multiple backends are supported:
  1858.   #   dirsize: Find and sum all the files found from mail directory.
  1859.   #            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
  1860.   #   dict: Keep quota stored in dictionary (eg. SQL)
  1861.   #   maildir: Maildir++ quota
  1862.   #   fs: Read-only support for filesystem quota
  1863.   #
  1864.   # Quota limits are set using "quota_rule" parameters, either in here or in
  1865.   # userdb. It's also possible to give mailbox-specific limits, for example:
  1866.   #   quota_rule = *:storage=1048576
  1867.   #   quota_rule2 = Trash:storage=102400
  1868.   # User has now 1GB quota, but when saving to Trash mailbox the user gets
  1869.   # additional 100MB.
  1870.   #
  1871.   # Multiple quota roots are also possible, for example:
  1872.   #   quota = dict:user::proxy::quota
  1873.   #   quota2 = dict:domain:%d:proxy::quota_domain
  1874.   #   quota_rule = *:storage=102400
  1875.   #   quota2_rule = *:storage=1048576
  1876.   # Gives each user their own 100MB quota and one shared 1GB quota within
  1877.   # the domain.
  1878.   #
  1879.   # You can execute a given command when user exceeds a specified quota limit.
  1880.   # Each quota root has separate limits. Only the command for the first
  1881.   # exceeded limit is excecuted, so put the highest limit first.
  1882.   # Note that % needs to be escaped as %%, otherwise "% " expands to empty.
  1883.   #   quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95
  1884.   #   quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80
  1885.  
  1886.   quota_exceeded_message = "Mailbox is full / Blocks limit exceeded / Inode limit exceeded"
  1887.  
  1888.   # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from maildir
  1889.   # directory. You can also optionally give a global ACL directory path where
  1890.   # ACLs are applied to all users' mailboxes. The global ACL directory contains
  1891.   # one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
  1892.   # specifies how many seconds to wait between stat()ing dovecot-acl file
  1893.   # to see if it changed.
  1894. [%- IF plugin.acl.defined %]
  1895.   acl = [% plugin.acl %]
  1896. [%- ELSE %]
  1897.   #acl = vfile:/etc/dovecot-acls:cache_secs=300
  1898. [%- END %]
  1899.  
  1900.   # To let users LIST mailboxes shared by other users, Dovecot needs a
  1901.   # shared mailbox dictionary. For example:
  1902.   #acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
  1903.  
  1904.   # Convert plugin. If set, specifies the source storage path which is
  1905.   # converted to destination storage (mail_location) when the user logs in.
  1906.   # The existing mail directory is renamed to <dir>-converted.
  1907.   #convert_mail = mbox:%h/mail
  1908.   # Skip mailboxes which we can't open successfully instead of aborting.
  1909.   #convert_skip_broken_mailboxes = no
  1910.   # Skip directories beginning with '.'
  1911.   #convert_skip_dotdirs = no
  1912.   # If source storage has mailbox names with destination storage's hierarchy
  1913.   # separators, replace them with this character.
  1914.   #convert_alt_hierarchy_char = _
  1915.  
  1916.   # Trash plugin. When saving a message would make user go over quota, this
  1917.   # plugin automatically deletes the oldest mails from configured mailboxes
  1918.   # until the message can be saved within quota limits. The configuration file
  1919.   # is a text file where each line is in format: <priority> <mailbox name>
  1920.   # Mails are first deleted in lowest -> highest priority number order
  1921.   #trash = /etc/dovecot-trash.conf
  1922.  
  1923.   # Expire plugin. Mails are expunged from mailboxes after being there the
  1924.   # configurable time. The first expiration date for each mailbox is stored in
  1925.   # a dictionary so it can be quickly determined which mailboxes contain
  1926.   # expired mails. The actual expunging is done in a nightly cronjob, which
  1927.   # you must set up:
  1928.   #   dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool
  1929.   #expire = Trash 7 Spam 30
  1930.   #expire_dict = db:/var/lib/dovecot/expire.db
  1931. [% IF expire_trash %]
  1932.   expire_dict = proxy::expire
  1933.   expire = Trash
  1934.   expire2 = "Deleted Messages"
  1935.   expire3 = "INBOX.Deleted Messages"
  1936.   expire4 = INBOX.Trash
  1937.  
  1938.   # Enable caching of dict value in dovecot.index file. This significantly reduces
  1939.   # the number of dict lookups. It makes initial testing more confusing though, so
  1940.   # it's better to enable it only after you've verified that the expire plugin is
  1941.   # working as wanted. (v2.2.16+)
  1942.   expire_cache = yes
  1943.  
  1944. [% END %]
  1945.   # Lazy expunge plugin. Currently works only with maildirs. When a user
  1946.   # expunges mails, the mails are moved to a mailbox in another namespace
  1947.   # (1st). When a mailbox is deleted, the mailbox is moved to another namespace
  1948.   # (2nd) as well. Also if the deleted mailbox had any expunged messages,
  1949.   # they're moved to a 3rd namespace. The mails won't be counted in quota,
  1950.   # and they're not deleted automatically (use a cronjob or something).
  1951.   #lazy_expunge = .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/
  1952. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement