Mercurial > dovecot > original-hg > dovecot-1.2
annotate dovecot-example.conf @ 3726:ad1e6b8a5109 HEAD
mailbox_idle_check_interval comment updated
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Tue, 06 Dec 2005 14:54:42 +0200 |
| parents | d22c883021da |
| children | ab929802ad6c |
| rev | line source |
|---|---|
| 0 | 1 ## Dovecot 1.0 configuration file |
| 2 | |
|
2231
58fc6765027c
Add a comment about # chars and whitespace.
Timo Sirainen <tss@iki.fi>
parents:
2218
diff
changeset
|
3 # '#' character and everything after it is treated as comments. Extra spaces |
|
58fc6765027c
Add a comment about # chars and whitespace.
Timo Sirainen <tss@iki.fi>
parents:
2218
diff
changeset
|
4 # and tabs are ignored. If you want to use either of these explicitly, put the |
|
58fc6765027c
Add a comment about # chars and whitespace.
Timo Sirainen <tss@iki.fi>
parents:
2218
diff
changeset
|
5 # value inside quotes, eg.: key = "# char and trailing whitespace " |
|
58fc6765027c
Add a comment about # chars and whitespace.
Timo Sirainen <tss@iki.fi>
parents:
2218
diff
changeset
|
6 |
| 0 | 7 # Default values are shown after each value, it's not required to uncomment |
| 435 | 8 # any of the lines. Exception to this are paths, they're just examples |
| 9 # with real defaults being based on configure options. The paths listed here | |
| 10 # are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var | |
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
644
diff
changeset
|
11 # --with-ssldir=/etc/ssl |
| 0 | 12 |
|
872
6377d4f7a31c
Added base_dir setting, so the configure time --localstatedir can be
Timo Sirainen <tss@iki.fi>
parents:
817
diff
changeset
|
13 # Base directory where to store runtime data. |
|
6377d4f7a31c
Added base_dir setting, so the configure time --localstatedir can be
Timo Sirainen <tss@iki.fi>
parents:
817
diff
changeset
|
14 #base_dir = /var/run/dovecot/ |
|
6377d4f7a31c
Added base_dir setting, so the configure time --localstatedir can be
Timo Sirainen <tss@iki.fi>
parents:
817
diff
changeset
|
15 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
16 # Protocols we want to be serving: |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
17 # imap imaps pop3 pop3s |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
18 #protocols = imap imaps |
| 0 | 19 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
20 # IP or host address where to listen in for connections. It's not currently |
|
780
1cc947617c8b
imap_listen and imaps_listen accepts now "*" as "all IPv4 interfaces" and
Timo Sirainen <tss@iki.fi>
parents:
779
diff
changeset
|
21 # possible to specify multiple addresses. "*" listens in all IPv4 interfaces. |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
22 # "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4 |
|
3205
0ddbe4de5a84
listen port comment updates. Patch by Reuben Farrelly.
Timo Sirainen <tss@iki.fi>
parents:
3204
diff
changeset
|
23 # interfaces depending on the operating system. If you want to specify ports |
|
0ddbe4de5a84
listen port comment updates. Patch by Reuben Farrelly.
Timo Sirainen <tss@iki.fi>
parents:
3204
diff
changeset
|
24 # for each service, you will need to configure these settings inside the |
|
0ddbe4de5a84
listen port comment updates. Patch by Reuben Farrelly.
Timo Sirainen <tss@iki.fi>
parents:
3204
diff
changeset
|
25 # protocol imap/pop3 { ... } section, so you can specify different ports |
|
0ddbe4de5a84
listen port comment updates. Patch by Reuben Farrelly.
Timo Sirainen <tss@iki.fi>
parents:
3204
diff
changeset
|
26 # for IMAP/POP3. |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
27 #listen = * |
| 0 | 28 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
29 # IP or host address where to listen in for SSL connections. Defaults |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
30 # to above if not specified. |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
31 #ssl_listen = |
| 0 | 32 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
33 # Disable SSL/TLS support. |
| 666 | 34 #ssl_disable = no |
| 35 | |
| 519 | 36 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before |
|
518
1f9b96080525
Updated SSL certificate comments.
Timo Sirainen <tss@iki.fi>
parents:
472
diff
changeset
|
37 # dropping root privileges, so keep the key file unreadable by anyone but |
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
644
diff
changeset
|
38 # root. Included doc/mkcert.sh can be used to easily generate self-signed |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
644
diff
changeset
|
39 # certificate, just make sure to update the domains in dovecot-openssl.cnf |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
40 #ssl_cert_file = /etc/ssl/certs/dovecot.pem |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
41 #ssl_key_file = /etc/ssl/private/dovecot.pem |
| 0 | 42 |
|
1997
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
43 # File containing trusted SSL certificate authorities. Usually not needed. |
|
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
44 #ssl_ca_file = |
|
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
45 |
|
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
46 # Request client to send a certificate. |
|
1997
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
47 #ssl_verify_client_cert = no |
|
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
48 |
|
615
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
49 # SSL parameter file. Master process generates this file for login processes. |
|
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
50 # It contains Diffie Hellman and RSA parameters. |
|
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
51 #ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat |
|
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
52 |
|
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
53 # How often to regenerate the SSL parameters file. Generation is quite CPU |
|
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
54 # intensive operation. The value is in hours, 0 disables regeneration |
|
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
55 # entirely. |
|
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
56 #ssl_parameters_regenerate = 24 |
|
0d852af6842e
Master process generates DH/RSA parameters now and stores them into file
Timo Sirainen <tss@iki.fi>
parents:
614
diff
changeset
|
57 |
| 1996 | 58 # SSL ciphers to use |
|
3511
d6d8cdd9b0fa
ssl_cipher_list setting needs to be uppercased ALL:!LOW or it won't work
Timo Sirainen <tss@iki.fi>
parents:
3510
diff
changeset
|
59 #ssl_cipher_list = ALL:!LOW |
| 1996 | 60 |
| 0 | 61 # Disable LOGIN command and all other plaintext authentications unless |
|
1725
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1707
diff
changeset
|
62 # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and |
|
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1707
diff
changeset
|
63 # IPv6 ::1 addresses are considered secure, this setting has no effect if |
|
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1707
diff
changeset
|
64 # you connect from those addresses. |
|
cc0690f92d96
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
Timo Sirainen <tss@iki.fi>
parents:
1707
diff
changeset
|
65 #disable_plaintext_auth = yes |
| 0 | 66 |
|
1124
5e9430a39611
/dev/stderr works now in log paths.
Timo Sirainen <tss@iki.fi>
parents:
1113
diff
changeset
|
67 # Use this logfile instead of syslog(). /dev/stderr can be used if you want to |
|
5e9430a39611
/dev/stderr works now in log paths.
Timo Sirainen <tss@iki.fi>
parents:
1113
diff
changeset
|
68 # use stderr for logging (ONLY /dev/stderr - otherwise it is closed). |
|
35
b420373f88f6
Added log_path and log_timestamp settings to config file. Removed -l command
Timo Sirainen <tss@iki.fi>
parents:
27
diff
changeset
|
69 #log_path = |
|
b420373f88f6
Added log_path and log_timestamp settings to config file. Removed -l command
Timo Sirainen <tss@iki.fi>
parents:
27
diff
changeset
|
70 |
|
811
664de3231e33
Added info_log_file setting and i_info() function to write to it. Default is
Timo Sirainen <tss@iki.fi>
parents:
788
diff
changeset
|
71 # For informational messages, use this logfile instead of the default |
|
664de3231e33
Added info_log_file setting and i_info() function to write to it. Default is
Timo Sirainen <tss@iki.fi>
parents:
788
diff
changeset
|
72 #info_log_path = |
|
664de3231e33
Added info_log_file setting and i_info() function to write to it. Default is
Timo Sirainen <tss@iki.fi>
parents:
788
diff
changeset
|
73 |
|
35
b420373f88f6
Added log_path and log_timestamp settings to config file. Removed -l command
Timo Sirainen <tss@iki.fi>
parents:
27
diff
changeset
|
74 # Prefix for each line written to log file. % codes are in strftime(3) |
|
1647
d6288ae1a71b
Spaces are now stripped from end of line in config file. You can use " or '
Timo Sirainen <tss@iki.fi>
parents:
1622
diff
changeset
|
75 # format. |
|
d6288ae1a71b
Spaces are now stripped from end of line in config file. You can use " or '
Timo Sirainen <tss@iki.fi>
parents:
1622
diff
changeset
|
76 #log_timestamp = "%b %d %H:%M:%S " |
|
35
b420373f88f6
Added log_path and log_timestamp settings to config file. Removed -l command
Timo Sirainen <tss@iki.fi>
parents:
27
diff
changeset
|
77 |
|
3724
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3718
diff
changeset
|
78 # Syslog facility to use if you're logging to syslog. Usually if you don't |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3718
diff
changeset
|
79 # want to use "mail", you'll use local0..local7. Also other standard |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3718
diff
changeset
|
80 # facilities are supported. |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3718
diff
changeset
|
81 #syslog_facility = mail |
|
d22c883021da
Added syslog_facility setting to config file.
Timo Sirainen <tss@iki.fi>
parents:
3718
diff
changeset
|
82 |
| 0 | 83 ## |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
84 ## Login processes |
| 0 | 85 ## |
| 86 | |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
87 # Directory where authentication process places authentication UNIX sockets |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
88 # which login needs to be able to connect to. The sockets are created when |
| 2163 | 89 # running as root, so you don't have to worry about permissions. Note that |
| 90 # everything in this directory is deleted when Dovecot is started. | |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
91 #login_dir = /var/run/dovecot/login |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
92 |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
93 # chroot login process to the login_dir. Only reason not to do this is if you |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
94 # wish to run the whole Dovecot without roots. |
| 3028 | 95 # http://wiki.dovecot.org/Rootless |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
96 #login_chroot = yes |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
97 |
| 1582 | 98 # User to use for the login process. Create a completely new user for this, |
| 99 # and don't use it anywhere else. The user must also belong to a group where | |
| 100 # only it has access, it's used to control access for authentication process. | |
| 3026 | 101 # Note that this user is NOT used to access mails. |
| 3028 | 102 # http://wiki.dovecot.org/UserIds |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
103 #login_user = dovecot |
| 0 | 104 |
|
722
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
105 # Set max. process size in megabytes. If you don't use |
|
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
106 # login_process_per_connection you might need to grow this. |
|
2137
7d625d6b33aa
Raised login_process_size default from 16MB -> 32MB
Timo Sirainen <tss@iki.fi>
parents:
2133
diff
changeset
|
107 #login_process_size = 32 |
|
722
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
108 |
|
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
109 # Should each login be processed in it's own process (yes), or should one |
|
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
110 # login process be allowed to process multiple connections (no)? Yes is more |
|
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
111 # secure, espcially with SSL/TLS enabled. No is faster since there's no need |
|
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
112 # to create processes all the time. |
|
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
113 #login_process_per_connection = yes |
|
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
114 |
|
3568
1081888c1407
s/login_process_per_user/login_process_per_connection/
Timo Sirainen <tss@iki.fi>
parents:
3561
diff
changeset
|
115 # Number of login processes to create. If login_process_per_connection is |
|
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
116 # yes, this is the number of extra processes waiting for users to log in. |
|
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
117 #login_processes_count = 3 |
| 0 | 118 |
|
614
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
119 # Maximum number of extra login processes to create. The extra process count |
|
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
120 # usually stays at login_processes_count, but when multiple users start logging |
|
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
121 # in at the same time more extra processes are created. To prevent fork-bombing |
|
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
122 # we check only once in a second if new processes should be created - if all |
|
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
123 # of them are used at the time, we double their amount until limit set by this |
|
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
124 # setting is reached. This setting is used only if login_process_per_use is yes. |
|
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
125 #login_max_processes_count = 128 |
|
e60620644af3
login_process_per_connection = yes scales now better when multiple users are
Timo Sirainen <tss@iki.fi>
parents:
613
diff
changeset
|
126 |
| 0 | 127 # Maximum number of connections allowed in login state. When this limit is |
|
3568
1081888c1407
s/login_process_per_user/login_process_per_connection/
Timo Sirainen <tss@iki.fi>
parents:
3561
diff
changeset
|
128 # reached, the oldest connections are dropped. If login_process_per_connection |
|
613
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
129 # is no, this is a per-process value, so the absolute maximum number of users |
|
1906116a62ce
Finally support for handling each login connection in it's own process.
Timo Sirainen <tss@iki.fi>
parents:
600
diff
changeset
|
130 # logging in actually login_processes_count * max_logging_users. |
|
1555
b566a1ba703e
s/max_logging_users/login_max_logging_users/
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
131 #login_max_logging_users = 256 |
| 0 | 132 |
|
2674
857f5f7b512b
Added login_greeting and login_greeting_capability settings.
Timo Sirainen <tss@iki.fi>
parents:
2673
diff
changeset
|
133 # Greeting message for clients. |
|
857f5f7b512b
Added login_greeting and login_greeting_capability settings.
Timo Sirainen <tss@iki.fi>
parents:
2673
diff
changeset
|
134 #login_greeting = Dovecot ready. |
| 0 | 135 |
|
3384
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
136 # Space-separated list of elements we want to log. The elements which have |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
137 # a non-empty variable value are joined together to form a comma-separated |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
138 # string. |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
139 #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
140 |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
141 # Login log format. %$ contains login_log_format_elements string, %s contains |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
142 # the data we want to log. |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
143 #login_log_format = %$: %s |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
144 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
145 ## |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
146 ## Mail processes |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
147 ## |
|
722
0438621d25ff
Added virtual memory size limits to processes. Default values are pretty
Timo Sirainen <tss@iki.fi>
parents:
666
diff
changeset
|
148 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
149 # Maximum number of running mail processes. When this limit is reached, |
| 0 | 150 # new users aren't allowed to log in. |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
151 #max_mail_processes = 1024 |
| 0 | 152 |
|
596
ab3590c3a7d9
Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents:
519
diff
changeset
|
153 # Show more verbose process titles (in ps). Currently shows user name and |
|
ab3590c3a7d9
Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents:
519
diff
changeset
|
154 # IP address. Useful for seeing who are actually using the IMAP processes |
|
ab3590c3a7d9
Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents:
519
diff
changeset
|
155 # (eg. shared mailboxes or if same uid is used for multiple accounts). |
|
ab3590c3a7d9
Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents:
519
diff
changeset
|
156 #verbose_proctitle = no |
|
ab3590c3a7d9
Added verbose_proctitle setting: Show more verbose process titles (in ps).
Timo Sirainen <tss@iki.fi>
parents:
519
diff
changeset
|
157 |
| 1236 | 158 # Show protocol level SSL errors. |
| 159 #verbose_ssl = no | |
| 160 | |
|
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1465
diff
changeset
|
161 # Valid UID range for users, defaults to 500 and above. This is mostly |
|
1295
cc9b61b9959e
updated first_valid_uid comment
Timo Sirainen <tss@iki.fi>
parents:
1283
diff
changeset
|
162 # to make sure that users can't log in as daemons or other system users. |
|
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1465
diff
changeset
|
163 # Note that denying root logins is hardcoded to dovecot binary and can't |
|
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1465
diff
changeset
|
164 # be done even if first_valid_uid is set to 0. |
| 0 | 165 #first_valid_uid = 500 |
| 166 #last_valid_uid = 0 | |
| 167 | |
|
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1465
diff
changeset
|
168 # Valid GID range for users, defaults to non-root/wheel. Users having |
|
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1465
diff
changeset
|
169 # non-valid GID as primary group ID aren't allowed to log in. If user |
|
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1465
diff
changeset
|
170 # belongs to supplementary groups with non-valid GIDs, those groups are |
|
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1465
diff
changeset
|
171 # not set. |
| 0 | 172 #first_valid_gid = 1 |
| 173 #last_valid_gid = 0 | |
| 174 | |
|
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
2137
diff
changeset
|
175 # Grant access to these extra groups for mail processes. Typical use would be |
|
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
2137
diff
changeset
|
176 # to give "mail" group write access to /var/mail to be able to create dotlocks. |
|
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
2137
diff
changeset
|
177 #mail_extra_groups = |
|
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
2137
diff
changeset
|
178 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
179 # ':' separated list of directories under which chrooting is allowed for mail |
| 0 | 180 # processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). |
| 978 | 181 # This setting doesn't affect login_chroot or auth_chroot variables. |
| 0 | 182 # WARNING: Never add directories here which local users can modify, that |
| 183 # may lead to root exploit. Usually this should be done only if you don't | |
| 979 | 184 # allow shell access for users. See doc/configuration.txt for more information. |
| 0 | 185 #valid_chroot_dirs = |
| 186 | |
| 2652 | 187 # Default chroot directory for mail processes. This can be overridden for |
| 188 # specific users in user database by giving /./ in user's home directory | |
| 189 # (eg. /home/./user chroots into /home). Note that usually there is no real | |
| 190 # need to do chrooting, Dovecot doesn't allow users to access files outside | |
| 191 # their mail directory anyway. | |
|
1734
d83e16602418
Added mail_chroot setting to specify default chroot.
Timo Sirainen <tss@iki.fi>
parents:
1728
diff
changeset
|
192 #mail_chroot = |
|
d83e16602418
Added mail_chroot setting to specify default chroot.
Timo Sirainen <tss@iki.fi>
parents:
1728
diff
changeset
|
193 |
|
3033
146897976cfa
Added mail_debug setting. Moved full_filesystem_access from global variable
Timo Sirainen <tss@iki.fi>
parents:
3028
diff
changeset
|
194 # Enable mail process debugging. This can help you figure out why Dovecot |
|
146897976cfa
Added mail_debug setting. Moved full_filesystem_access from global variable
Timo Sirainen <tss@iki.fi>
parents:
3028
diff
changeset
|
195 # isn't finding your mails. |
|
146897976cfa
Added mail_debug setting. Moved full_filesystem_access from global variable
Timo Sirainen <tss@iki.fi>
parents:
3028
diff
changeset
|
196 #mail_debug = no |
|
146897976cfa
Added mail_debug setting. Moved full_filesystem_access from global variable
Timo Sirainen <tss@iki.fi>
parents:
3028
diff
changeset
|
197 |
|
779
f126b666859e
New setting: default_mail_env which can be used to specify where to find
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
198 # Default MAIL environment to use when it's not set. By leaving this empty |
|
f126b666859e
New setting: default_mail_env which can be used to specify where to find
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
199 # dovecot tries to do some automatic detection as described in |
|
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2078
diff
changeset
|
200 # doc/mail-storages.txt. There's a few special variables you can use, eg.: |
|
813
493bc8da9e80
default_mail_env behaviour changed. We use %u instead of $U now. Added also
Timo Sirainen <tss@iki.fi>
parents:
811
diff
changeset
|
201 # |
|
493bc8da9e80
default_mail_env behaviour changed. We use %u instead of $U now. Added also
Timo Sirainen <tss@iki.fi>
parents:
811
diff
changeset
|
202 # %u - username |
|
493bc8da9e80
default_mail_env behaviour changed. We use %u instead of $U now. Added also
Timo Sirainen <tss@iki.fi>
parents:
811
diff
changeset
|
203 # %n - user part in user@domain, same as %u if there's no domain |
| 2447 | 204 # %d - domain part in user@domain, empty if there's no domain |
|
813
493bc8da9e80
default_mail_env behaviour changed. We use %u instead of $U now. Added also
Timo Sirainen <tss@iki.fi>
parents:
811
diff
changeset
|
205 # %h - home directory |
|
2057
5e0167577399
Fixed var_expand() to take a table of variables rather than a few predefined
Timo Sirainen <tss@iki.fi>
parents:
2039
diff
changeset
|
206 # |
|
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2078
diff
changeset
|
207 # See doc/variables.txt for full list. Some examples: |
|
813
493bc8da9e80
default_mail_env behaviour changed. We use %u instead of $U now. Added also
Timo Sirainen <tss@iki.fi>
parents:
811
diff
changeset
|
208 # |
| 1747 | 209 # default_mail_env = maildir:/var/mail/%1u/%u/Maildir |
| 210 # default_mail_env = mbox:~/mail/:INBOX=/var/mail/%u | |
| 211 # default_mail_env = mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n | |
|
813
493bc8da9e80
default_mail_env behaviour changed. We use %u instead of $U now. Added also
Timo Sirainen <tss@iki.fi>
parents:
811
diff
changeset
|
212 # |
|
779
f126b666859e
New setting: default_mail_env which can be used to specify where to find
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
213 #default_mail_env = |
|
f126b666859e
New setting: default_mail_env which can be used to specify where to find
Timo Sirainen <tss@iki.fi>
parents:
722
diff
changeset
|
214 |
|
2673
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
215 # If you need to set multiple mailbox locations or want to change default |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
216 # namespace settings, you can do it by defining namespace sections: |
|
3144
33cbe3dec3b8
Added a reminder about needing a default namespace.
Timo Sirainen <tss@iki.fi>
parents:
3142
diff
changeset
|
217 # |
|
2673
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
218 # You can have private, shared and public namespaces. The only difference |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
219 # between them is how Dovecot announces them to client via NAMESPACE |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
220 # extension. Shared namespaces are meant for user-owned mailboxes which are |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
221 # shared to other users, while public namespaces are for more globally |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
222 # accessible mailboxes. |
|
3144
33cbe3dec3b8
Added a reminder about needing a default namespace.
Timo Sirainen <tss@iki.fi>
parents:
3142
diff
changeset
|
223 # |
|
33cbe3dec3b8
Added a reminder about needing a default namespace.
Timo Sirainen <tss@iki.fi>
parents:
3142
diff
changeset
|
224 # REMEMBER: If you add any namespaces, the default namespace must be added |
|
33cbe3dec3b8
Added a reminder about needing a default namespace.
Timo Sirainen <tss@iki.fi>
parents:
3142
diff
changeset
|
225 # explicitly, ie. default_mail_env does nothing unless you have a namespace |
|
33cbe3dec3b8
Added a reminder about needing a default namespace.
Timo Sirainen <tss@iki.fi>
parents:
3142
diff
changeset
|
226 # without a location setting. Default namespace is simply done by having a |
|
33cbe3dec3b8
Added a reminder about needing a default namespace.
Timo Sirainen <tss@iki.fi>
parents:
3142
diff
changeset
|
227 # namespace with empty prefix. |
|
2673
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
228 #namespace private { |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
229 # Hierarchy separator to use. You should use the same separator for all |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
230 # namespaces or some clients get confused. '/' is usually a good one. |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
231 #separator = / |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
232 |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
233 # Prefix required to access this namespace. This needs to be different for |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
234 # all namespaces. For example "Public/". |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
235 #prefix = |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
236 |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
237 # Physical location of the mailbox. This is in same format as |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
238 # default_mail_env, which is also the default for it. |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
239 #location = |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
240 |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
241 # There can be only one INBOX, and this setting defines which namespace |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
242 # has it. |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
243 #inbox = yes |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
244 |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
245 # If namespace is hidden, it's not advertised to clients via NAMESPACE |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
246 # extension or shown in LIST replies. This is mostly useful when converting |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
247 # from another server with different namespaces which you want to depricate |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
248 # but still keep working. For example you can create hidden namespaces with |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
249 # prefixes "~/mail/", "~%u/mail/" and "mail/". |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
250 #hidden = yes |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
251 #} |
|
5f2c5b65b0cd
Added example namespace with comments.
Timo Sirainen <tss@iki.fi>
parents:
2666
diff
changeset
|
252 |
|
3021
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
253 # Space-separated list of fields to initially save into cache file. Currently |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
254 # these fields are allowed: |
|
462
67d22b7b0918
Added mail_cache_fields and mail_never_cache_fields settings, plus settings
Timo Sirainen <tss@iki.fi>
parents:
435
diff
changeset
|
255 # |
|
3021
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
256 # flags, date.sent, date.received, size.virtual, size.physical |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
257 # mime.parts, imap.body, imap.bodystructure |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
258 # |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
259 # Different IMAP clients work in different ways, so they benefit from |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
260 # different cached fields. Some do not benefit from them at all. Caching more |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
261 # than necessary generates useless disk I/O, so you don't want to do that |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
262 # either. |
|
462
67d22b7b0918
Added mail_cache_fields and mail_never_cache_fields settings, plus settings
Timo Sirainen <tss@iki.fi>
parents:
435
diff
changeset
|
263 # |
|
3021
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
264 # Dovecot attempts to automatically figure out what client wants and it keeps |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
265 # only that. However the first few times a mailbox is opened, Dovecot hasn't |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
266 # yet figured out what client needs, so it may not perform optimally. If you |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
267 # know what fields the majority of your clients need, it may be useful to set |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
268 # these fields by hand. If client doesn't actually use them, Dovecot will |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
269 # eventually drop them. |
|
462
67d22b7b0918
Added mail_cache_fields and mail_never_cache_fields settings, plus settings
Timo Sirainen <tss@iki.fi>
parents:
435
diff
changeset
|
270 # |
|
3021
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
271 # Usually you should just leave this field alone. The potential benefits are |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
272 # typically unnoticeable. |
|
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
273 #mail_cache_fields = |
|
462
67d22b7b0918
Added mail_cache_fields and mail_never_cache_fields settings, plus settings
Timo Sirainen <tss@iki.fi>
parents:
435
diff
changeset
|
274 |
|
3021
b987319c7ce3
Updated mail_cache_fields and mail_never_cache_fields comments.
Timo Sirainen <tss@iki.fi>
parents:
2996
diff
changeset
|
275 # Space-separated list of fields that Dovecot should never save to cache file. |
| 987 | 276 # Useful if you want to save disk space at the cost of more I/O when the fields |
| 277 # needed. | |
| 278 #mail_never_cache_fields = | |
| 279 | |
|
3726
ad1e6b8a5109
mailbox_idle_check_interval comment updated
Timo Sirainen <tss@iki.fi>
parents:
3724
diff
changeset
|
280 # When IDLE command is running, mailbox is checked once in a while to see if |
|
ad1e6b8a5109
mailbox_idle_check_interval comment updated
Timo Sirainen <tss@iki.fi>
parents:
3724
diff
changeset
|
281 # there are any new mails or other changes. This setting defines the minimum |
|
ad1e6b8a5109
mailbox_idle_check_interval comment updated
Timo Sirainen <tss@iki.fi>
parents:
3724
diff
changeset
|
282 # time to wait between those checks. Dovecot is however able to use dnotify |
|
ad1e6b8a5109
mailbox_idle_check_interval comment updated
Timo Sirainen <tss@iki.fi>
parents:
3724
diff
changeset
|
283 # and inotify with Linux to reply immediately after the change occurs. |
| 1177 | 284 #mailbox_idle_check_interval = 30 |
| 285 | |
|
1151
058f6c26f405
Added mail_full_filesystem_access setting. Some of the setting variable
Timo Sirainen <tss@iki.fi>
parents:
1142
diff
changeset
|
286 # Allow full filesystem access to clients. There's no access checks other than |
|
058f6c26f405
Added mail_full_filesystem_access setting. Some of the setting variable
Timo Sirainen <tss@iki.fi>
parents:
1142
diff
changeset
|
287 # what the operating system does for the active UID/GID. It works with both |
|
058f6c26f405
Added mail_full_filesystem_access setting. Some of the setting variable
Timo Sirainen <tss@iki.fi>
parents:
1142
diff
changeset
|
288 # maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ |
|
058f6c26f405
Added mail_full_filesystem_access setting. Some of the setting variable
Timo Sirainen <tss@iki.fi>
parents:
1142
diff
changeset
|
289 # or ~user/. |
|
058f6c26f405
Added mail_full_filesystem_access setting. Some of the setting variable
Timo Sirainen <tss@iki.fi>
parents:
1142
diff
changeset
|
290 #mail_full_filesystem_access = no |
|
058f6c26f405
Added mail_full_filesystem_access setting. Some of the setting variable
Timo Sirainen <tss@iki.fi>
parents:
1142
diff
changeset
|
291 |
| 1986 | 292 # Maximum allowed length for mail keyword name. It's only forced when trying |
| 293 # to create new keywords. | |
| 294 #mail_max_keyword_length = 50 | |
|
1168
03f1455664d7
Added setting to limit length of custom flag names.
Timo Sirainen <tss@iki.fi>
parents:
1151
diff
changeset
|
295 |
|
472
2fa0bfb65268
Added setting mail_save_crlf. Few other settings cleanups.
Timo Sirainen <tss@iki.fi>
parents:
462
diff
changeset
|
296 # Save mails with CR+LF instead of plain LF. This makes sending those mails |
|
2fa0bfb65268
Added setting mail_save_crlf. Few other settings cleanups.
Timo Sirainen <tss@iki.fi>
parents:
462
diff
changeset
|
297 # take less CPU, especially with sendfile() syscall with Linux and FreeBSD. |
|
2fa0bfb65268
Added setting mail_save_crlf. Few other settings cleanups.
Timo Sirainen <tss@iki.fi>
parents:
462
diff
changeset
|
298 # But it also creates a bit more disk I/O which may just make it slower. |
|
3648
2c19efe2ddb6
Added compatibility warning about mail_save_crlf.
Timo Sirainen <tss@iki.fi>
parents:
3636
diff
changeset
|
299 # Also note that if other software reads the mboxes/maildirs, they may handle |
|
2c19efe2ddb6
Added compatibility warning about mail_save_crlf.
Timo Sirainen <tss@iki.fi>
parents:
3636
diff
changeset
|
300 # the extra CRs wrong and cause problems. |
|
472
2fa0bfb65268
Added setting mail_save_crlf. Few other settings cleanups.
Timo Sirainen <tss@iki.fi>
parents:
462
diff
changeset
|
301 #mail_save_crlf = no |
|
2fa0bfb65268
Added setting mail_save_crlf. Few other settings cleanups.
Timo Sirainen <tss@iki.fi>
parents:
462
diff
changeset
|
302 |
|
644
415498fa78d6
mail_read_mmaped: Use mmap() instead of read() to read mail files. read()
Timo Sirainen <tss@iki.fi>
parents:
643
diff
changeset
|
303 # Use mmap() instead of read() to read mail files. read() seems to be a bit |
|
415498fa78d6
mail_read_mmaped: Use mmap() instead of read() to read mail files. read()
Timo Sirainen <tss@iki.fi>
parents:
643
diff
changeset
|
304 # faster with my Linux/x86 and it's better with NFS, so that's the default. |
|
1622
d22e03714d36
index_mmap_invalidate = yes now invalidate memory maps before accessing
Timo Sirainen <tss@iki.fi>
parents:
1615
diff
changeset
|
305 # Note that OpenBSD 3.3 and older don't work right with mail_read_mmaped = yes. |
|
644
415498fa78d6
mail_read_mmaped: Use mmap() instead of read() to read mail files. read()
Timo Sirainen <tss@iki.fi>
parents:
643
diff
changeset
|
306 #mail_read_mmaped = no |
|
415498fa78d6
mail_read_mmaped: Use mmap() instead of read() to read mail files. read()
Timo Sirainen <tss@iki.fi>
parents:
643
diff
changeset
|
307 |
| 1918 | 308 # Don't use mmap() at all. This is required if you store indexes in remote |
| 309 # filesystems (NFS or clustered filesystem). | |
| 310 #mmap_disable = no | |
| 311 | |
| 312 # Don't write() to mmaped files. This is required for some operating systems | |
| 313 # which use separate caches for them, such as OpenBSD. | |
| 314 #mmap_no_write = no | |
| 315 | |
|
2723
12b503fbb8af
Replaced fcntl_locks_disable with lock_method, so it's now possible to use
Timo Sirainen <tss@iki.fi>
parents:
2719
diff
changeset
|
316 # Locking method for index files. Alternatives are fcntl, flock and dotlock. |
|
12b503fbb8af
Replaced fcntl_locks_disable with lock_method, so it's now possible to use
Timo Sirainen <tss@iki.fi>
parents:
2719
diff
changeset
|
317 # Dotlocking uses some tricks which may create more disk I/O than other locking |
|
3636
08b768956051
Default lock_method to flock instead of fcntl. This is at least useful for
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
318 # methods. NOTE: If you use NFS, remember to change also mmap_disable setting! |
|
3679
3ba5ee54fa3c
Added a note to Solaris users about lock_method.
Timo Sirainen <tss@iki.fi>
parents:
3667
diff
changeset
|
319 # Solaris doesn't support flock, so Solaris users need to change this to fcntl. |
|
3636
08b768956051
Default lock_method to flock instead of fcntl. This is at least useful for
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
320 #lock_method = flock |
|
1920
d11efbf1d341
Added fcntl_lock_disable setting to allow indexes to work with NFS. Some
Timo Sirainen <tss@iki.fi>
parents:
1918
diff
changeset
|
321 |
|
2078
b3daf55df932
Added maildir_stat_dirs option.
Timo Sirainen <tss@iki.fi>
parents:
2068
diff
changeset
|
322 # By default LIST command returns all entries in maildir beginning with dot. |
|
b3daf55df932
Added maildir_stat_dirs option.
Timo Sirainen <tss@iki.fi>
parents:
2068
diff
changeset
|
323 # Enabling this option makes Dovecot return only entries which are directories. |
|
b3daf55df932
Added maildir_stat_dirs option.
Timo Sirainen <tss@iki.fi>
parents:
2068
diff
changeset
|
324 # This is done by stat()ing each entry, so it causes more disk I/O. |
|
b3daf55df932
Added maildir_stat_dirs option.
Timo Sirainen <tss@iki.fi>
parents:
2068
diff
changeset
|
325 # (For systems setting struct dirent->d_type, this check is free and it's |
|
b3daf55df932
Added maildir_stat_dirs option.
Timo Sirainen <tss@iki.fi>
parents:
2068
diff
changeset
|
326 # done always regardless of this setting) |
|
b3daf55df932
Added maildir_stat_dirs option.
Timo Sirainen <tss@iki.fi>
parents:
2068
diff
changeset
|
327 #maildir_stat_dirs = no |
|
b3daf55df932
Added maildir_stat_dirs option.
Timo Sirainen <tss@iki.fi>
parents:
2068
diff
changeset
|
328 |
| 0 | 329 # Copy mail to another folders using hard links. This is much faster than |
| 987 | 330 # actually copying the file. This is problematic only if something modifies |
| 331 # the mail in one folder but doesn't want it modified in the others. I don't | |
| 332 # know any MUA which would modify mail files directly. IMAP protocol also | |
| 333 # requires that the mails don't change, so it would be problematic in any case. | |
| 334 # If you care about performance, enable it. | |
| 0 | 335 #maildir_copy_with_hardlinks = no |
| 336 | |
|
2103
879b0b9ed5d4
Separate mbox_locks/mbox_read_dotlock to mbox_read_locks and
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
337 # Which locking methods to use for locking mbox. There's four available: |
|
1113
4abeb0fa0fe7
Don't use flock() locking by default. Using both fcntl+flock doesn't work
Timo Sirainen <tss@iki.fi>
parents:
1055
diff
changeset
|
338 # dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe |
|
4abeb0fa0fe7
Don't use flock() locking by default. Using both fcntl+flock doesn't work
Timo Sirainen <tss@iki.fi>
parents:
1055
diff
changeset
|
339 # solution. If you want to use /var/mail/ like directory, the users |
|
4abeb0fa0fe7
Don't use flock() locking by default. Using both fcntl+flock doesn't work
Timo Sirainen <tss@iki.fi>
parents:
1055
diff
changeset
|
340 # will need write access to that directory. |
|
4abeb0fa0fe7
Don't use flock() locking by default. Using both fcntl+flock doesn't work
Timo Sirainen <tss@iki.fi>
parents:
1055
diff
changeset
|
341 # fcntl : Use this if possible. Works with NFS too if lockd is used. |
|
4abeb0fa0fe7
Don't use flock() locking by default. Using both fcntl+flock doesn't work
Timo Sirainen <tss@iki.fi>
parents:
1055
diff
changeset
|
342 # flock : May not exist in all systems. Doesn't work with NFS. |
|
2103
879b0b9ed5d4
Separate mbox_locks/mbox_read_dotlock to mbox_read_locks and
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
343 # lockf : May not exist in all systems. Doesn't work with NFS. |
|
1113
4abeb0fa0fe7
Don't use flock() locking by default. Using both fcntl+flock doesn't work
Timo Sirainen <tss@iki.fi>
parents:
1055
diff
changeset
|
344 # |
|
2103
879b0b9ed5d4
Separate mbox_locks/mbox_read_dotlock to mbox_read_locks and
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
345 # You can use multiple locking methods; if you do the order they're declared |
|
879b0b9ed5d4
Separate mbox_locks/mbox_read_dotlock to mbox_read_locks and
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
346 # in is important to avoid deadlocks if other MTAs/MUAs are using multiple |
|
879b0b9ed5d4
Separate mbox_locks/mbox_read_dotlock to mbox_read_locks and
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
347 # locking methods as well. Some operating systems don't allow using some of |
|
2205
821fbe3e892b
Don't require dotlocking to be first in locking list.
Timo Sirainen <tss@iki.fi>
parents:
2163
diff
changeset
|
348 # them simultaneously. |
|
2103
879b0b9ed5d4
Separate mbox_locks/mbox_read_dotlock to mbox_read_locks and
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
349 #mbox_read_locks = fcntl |
|
879b0b9ed5d4
Separate mbox_locks/mbox_read_dotlock to mbox_read_locks and
Timo Sirainen <tss@iki.fi>
parents:
2097
diff
changeset
|
350 #mbox_write_locks = dotlock fcntl |
|
643
da34bdd4e0c6
Added mbox lock settings to config file. Support timeouting fcntl() and
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
351 |
|
da34bdd4e0c6
Added mbox lock settings to config file. Support timeouting fcntl() and
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
352 # Maximum time in seconds to wait for lock (all of them) before aborting. |
|
da34bdd4e0c6
Added mbox lock settings to config file. Support timeouting fcntl() and
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
353 #mbox_lock_timeout = 300 |
|
da34bdd4e0c6
Added mbox lock settings to config file. Support timeouting fcntl() and
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
354 |
|
da34bdd4e0c6
Added mbox lock settings to config file. Support timeouting fcntl() and
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
355 # If dotlock exists but the mailbox isn't modified in any way, override the |
|
da34bdd4e0c6
Added mbox lock settings to config file. Support timeouting fcntl() and
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
356 # lock file after this many seconds. |
|
da34bdd4e0c6
Added mbox lock settings to config file. Support timeouting fcntl() and
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
357 #mbox_dotlock_change_timeout = 30 |
|
da34bdd4e0c6
Added mbox lock settings to config file. Support timeouting fcntl() and
Timo Sirainen <tss@iki.fi>
parents:
615
diff
changeset
|
358 |
|
2511
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
359 # When mbox changes unexpectedly we have to fully read it to find out what |
|
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
360 # changed. If the mbox is large this can take a long time. Since the change |
|
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
361 # is usually just a newly appended mail, it'd be faster to simply read the |
|
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
362 # new mails. If this setting is enabled, Dovecot does this but still safely |
|
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
363 # fallbacks to re-reading the whole mbox file whenever something in mbox isn't |
|
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
364 # how it's expected to be. The only real downside to this setting is that if |
|
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
365 # some other MUA changes message flags, Dovecot doesn't notice it immediately. |
|
2666
0ba82d7a5aba
Updated mbox_dirty_syncs and mbox_lazy_writes comments.
Timo Sirainen <tss@iki.fi>
parents:
2662
diff
changeset
|
366 # Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK |
|
0ba82d7a5aba
Updated mbox_dirty_syncs and mbox_lazy_writes comments.
Timo Sirainen <tss@iki.fi>
parents:
2662
diff
changeset
|
367 # commands. |
|
2511
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
368 #mbox_dirty_syncs = yes |
|
710e0bf25bf8
Added mbox_dirty_syncs setting which delays re-reading the whole mbox when
Timo Sirainen <tss@iki.fi>
parents:
2510
diff
changeset
|
369 |
|
2967
b31f48d152c4
Added mbox_very_dirty_syncs setting.
Timo Sirainen <tss@iki.fi>
parents:
2952
diff
changeset
|
370 # Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, |
|
b31f48d152c4
Added mbox_very_dirty_syncs setting.
Timo Sirainen <tss@iki.fi>
parents:
2952
diff
changeset
|
371 # EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. |
|
b31f48d152c4
Added mbox_very_dirty_syncs setting.
Timo Sirainen <tss@iki.fi>
parents:
2952
diff
changeset
|
372 #mbox_very_dirty_syncs = no |
|
b31f48d152c4
Added mbox_very_dirty_syncs setting.
Timo Sirainen <tss@iki.fi>
parents:
2952
diff
changeset
|
373 |
|
2666
0ba82d7a5aba
Updated mbox_dirty_syncs and mbox_lazy_writes comments.
Timo Sirainen <tss@iki.fi>
parents:
2662
diff
changeset
|
374 # Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK |
|
0ba82d7a5aba
Updated mbox_dirty_syncs and mbox_lazy_writes comments.
Timo Sirainen <tss@iki.fi>
parents:
2662
diff
changeset
|
375 # commands and when closing the mailbox). This is especially useful for POP3 |
|
0ba82d7a5aba
Updated mbox_dirty_syncs and mbox_lazy_writes comments.
Timo Sirainen <tss@iki.fi>
parents:
2662
diff
changeset
|
376 # where clients often delete all mails. The downside is that our changes |
|
0ba82d7a5aba
Updated mbox_dirty_syncs and mbox_lazy_writes comments.
Timo Sirainen <tss@iki.fi>
parents:
2662
diff
changeset
|
377 # aren't immediately visible to other MUAs. |
|
2662
add94f9aa9e1
Added mbox_lazy_writes setting.
Timo Sirainen <tss@iki.fi>
parents:
2652
diff
changeset
|
378 #mbox_lazy_writes = yes |
|
add94f9aa9e1
Added mbox_lazy_writes setting.
Timo Sirainen <tss@iki.fi>
parents:
2652
diff
changeset
|
379 |
| 0 | 380 # umask to use for mail files and directories |
| 381 #umask = 0077 | |
| 382 | |
|
1223
52e0830ade13
Added setting mail_drop_priv_before_exec.
Timo Sirainen <tss@iki.fi>
parents:
1218
diff
changeset
|
383 # Drop all privileges before exec()ing the mail process. This is mostly |
|
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
384 # meant for debugging, otherwise you don't get core dumps. It could be a small |
|
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
385 # security risk if you use single UID for multiple users, as the users could |
|
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
386 # ptrace() each others processes then. |
|
1223
52e0830ade13
Added setting mail_drop_priv_before_exec.
Timo Sirainen <tss@iki.fi>
parents:
1218
diff
changeset
|
387 #mail_drop_priv_before_exec = no |
|
52e0830ade13
Added setting mail_drop_priv_before_exec.
Timo Sirainen <tss@iki.fi>
parents:
1218
diff
changeset
|
388 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
389 # Set max. process size in megabytes. Most of the memory goes to mmap()ing |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
390 # files, so it shouldn't harm much even if this limit is set pretty high. |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
391 #mail_process_size = 256 |
|
1465
03dd87873a81
Added support for dynamically loadable imap/pop3 modules.
Timo Sirainen <tss@iki.fi>
parents:
1437
diff
changeset
|
392 |
|
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2078
diff
changeset
|
393 # Log prefix for mail processes. See doc/variables.txt for list of possible |
|
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2078
diff
changeset
|
394 # variables you can use. |
|
2805
100ecc609dd1
mail_log_prefix was using old %p, changed it to %s..
Timo Sirainen <tss@iki.fi>
parents:
2802
diff
changeset
|
395 #mail_log_prefix = "%Us(%u): " |
|
2097
4e77cb0aff21
Added %l, %r and %P variables and mail_log_prefix setting.
Timo Sirainen <tss@iki.fi>
parents:
2078
diff
changeset
|
396 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
397 ## |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
398 ## IMAP specific settings |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
399 ## |
|
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
400 |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
401 protocol imap { |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
402 # Login executable location. |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
403 #login_executable = /usr/libexec/dovecot/imap-login |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
404 |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
405 # IMAP executable location |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
406 #mail_executable = /usr/libexec/dovecot/imap |
| 1727 | 407 # This would write rawlogs into ~/dovecot.rawlog/ directory: |
| 408 #mail_executable = /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/imap | |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
409 |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
410 # Maximum IMAP command line length in bytes. Some clients generate very long |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
411 # command lines with huge mailboxes, so you may need to raise this if you get |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
412 # "Too long argument" or "IMAP command line too large" errors often. |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
413 #imap_max_line_length = 65536 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
414 |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
415 # Support for dynamically loadable modules. |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
416 #mail_use_modules = no |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
417 #mail_modules = /usr/lib/dovecot/imap |
|
2316
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
418 |
|
2674
857f5f7b512b
Added login_greeting and login_greeting_capability settings.
Timo Sirainen <tss@iki.fi>
parents:
2673
diff
changeset
|
419 # Send IMAP capabilities in greeting message. This makes it unnecessary for |
|
857f5f7b512b
Added login_greeting and login_greeting_capability settings.
Timo Sirainen <tss@iki.fi>
parents:
2673
diff
changeset
|
420 # clients to request it with CAPABILITY command, so it saves one round-trip. |
|
857f5f7b512b
Added login_greeting and login_greeting_capability settings.
Timo Sirainen <tss@iki.fi>
parents:
2673
diff
changeset
|
421 # Many clients however don't understand it and ask the CAPABILITY anyway. |
|
857f5f7b512b
Added login_greeting and login_greeting_capability settings.
Timo Sirainen <tss@iki.fi>
parents:
2673
diff
changeset
|
422 #login_greeting_capability = no |
|
857f5f7b512b
Added login_greeting and login_greeting_capability settings.
Timo Sirainen <tss@iki.fi>
parents:
2673
diff
changeset
|
423 |
|
2316
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
424 # Workarounds for various client bugs: |
|
3204
c8fffa286b6a
Renamed oe6-fetch-no-newmail workaround to delay-newmail and changed it to
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
425 # delay-newmail: |
|
c8fffa286b6a
Renamed oe6-fetch-no-newmail workaround to delay-newmail and changed it to
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
426 # Send EXISTS/RECENT new mail notifications only when replying to NOOP |
|
c8fffa286b6a
Renamed oe6-fetch-no-newmail workaround to delay-newmail and changed it to
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
427 # and CHECK commands. Some clients ignore them otherwise, for example |
|
c8fffa286b6a
Renamed oe6-fetch-no-newmail workaround to delay-newmail and changed it to
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
428 # OSX Mail. Outlook Express breaks more badly though, without this it |
|
c8fffa286b6a
Renamed oe6-fetch-no-newmail workaround to delay-newmail and changed it to
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
429 # may show user "Message no longer in server" errors. Note that OE6 still |
|
c8fffa286b6a
Renamed oe6-fetch-no-newmail workaround to delay-newmail and changed it to
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
430 # breaks even with this workaround if synchronization is set to |
|
c8fffa286b6a
Renamed oe6-fetch-no-newmail workaround to delay-newmail and changed it to
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
431 # "Headers Only". |
|
2316
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
432 # outlook-idle: |
|
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
433 # Outlook and Outlook Express never abort IDLE command, so if no mail |
|
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
434 # arrives in half a hour, Dovecot closes the connection. This is still |
|
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
435 # fine, except Outlook doesn't connect back so you don't see if new mail |
|
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
436 # arrives. |
| 2448 | 437 # netscape-eoh: |
| 438 # Netscape 4.x breaks if message headers don't end with the empty "end of | |
| 439 # headers" line. Normally all messages have this, but setting this | |
| 440 # workaround makes sure that Netscape never breaks by adding the line if | |
| 441 # it doesn't exist. This is done only for FETCH BODY[HEADER.FIELDS..] | |
| 442 # commands. Note that RFC says this shouldn't be done. | |
|
3505
0e05687892dc
Added tb-extra-mailbox-sep IMAP workaround.
Timo Sirainen <tss@iki.fi>
parents:
3384
diff
changeset
|
443 # tb-extra-mailbox-sep: |
|
0e05687892dc
Added tb-extra-mailbox-sep IMAP workaround.
Timo Sirainen <tss@iki.fi>
parents:
3384
diff
changeset
|
444 # With mbox storage a mailbox can contain either mails or submailboxes, |
|
3510
2910fde2725d
Updated behavior of tb-extra-mailbox-sep
Timo Sirainen <tss@iki.fi>
parents:
3509
diff
changeset
|
445 # but not both. Thunderbird separates these two by forcing server to |
|
2910fde2725d
Updated behavior of tb-extra-mailbox-sep
Timo Sirainen <tss@iki.fi>
parents:
3509
diff
changeset
|
446 # accept '/' suffix in mailbox names in subscriptions list. |
|
2726
8ba8f672dc3e
Enable outlook-idle workaround by default.
Timo Sirainen <tss@iki.fi>
parents:
2723
diff
changeset
|
447 #imap_client_workarounds = outlook-idle |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
448 } |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
449 |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
450 ## |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
451 ## POP3 specific settings |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
452 ## |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
453 |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
454 protocol pop3 { |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
455 # Login executable location. |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
456 #login_executable = /usr/libexec/dovecot/pop3-login |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
457 |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
458 # POP3 executable location |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
459 #mail_executable = /usr/libexec/dovecot/pop3 |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
460 |
|
2719
f8adc5cb2508
Renamed pop3_mails_keep_recent to pop3_no_flag_updates which includes
Timo Sirainen <tss@iki.fi>
parents:
2674
diff
changeset
|
461 # Don't try to set mails non-recent or seen with POP3 sessions. This is |
|
f8adc5cb2508
Renamed pop3_mails_keep_recent to pop3_no_flag_updates which includes
Timo Sirainen <tss@iki.fi>
parents:
2674
diff
changeset
|
462 # mostly intended to reduce disk I/O. With maildir it doesn't move files |
|
f8adc5cb2508
Renamed pop3_mails_keep_recent to pop3_no_flag_updates which includes
Timo Sirainen <tss@iki.fi>
parents:
2674
diff
changeset
|
463 # from new/ to cur/, with mbox it doesn't write Status-header. |
|
f8adc5cb2508
Renamed pop3_mails_keep_recent to pop3_no_flag_updates which includes
Timo Sirainen <tss@iki.fi>
parents:
2674
diff
changeset
|
464 #pop3_no_flag_updates = no |
|
2039
f0925b2271e1
Added pop3_mails_keep_recent option. Fixed recent assert crash.
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
465 |
|
2621
c6cc163344c3
Added pop3_enable_last setting to enable deprecated LAST command.
Timo Sirainen <tss@iki.fi>
parents:
2595
diff
changeset
|
466 # Support LAST command which exists in old POP3 specs, but has been removed |
|
c6cc163344c3
Added pop3_enable_last setting to enable deprecated LAST command.
Timo Sirainen <tss@iki.fi>
parents:
2595
diff
changeset
|
467 # from new ones. Some clients still wish to use this though. Enabling this |
|
c6cc163344c3
Added pop3_enable_last setting to enable deprecated LAST command.
Timo Sirainen <tss@iki.fi>
parents:
2595
diff
changeset
|
468 # makes RSET command clear all \Seen flags from messages. |
|
c6cc163344c3
Added pop3_enable_last setting to enable deprecated LAST command.
Timo Sirainen <tss@iki.fi>
parents:
2595
diff
changeset
|
469 #pop3_enable_last = no |
|
2976
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
470 |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
471 # POP3 UIDL format to use. You can use following variables: |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
472 # |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
473 # %v - Mailbox UIDVALIDITY |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
474 # %u - Mail UID |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
475 # %m - MD5 sum of the mailbox headers in hex (mbox only) |
|
2996
9219e788d774
Added %f pop3_uidl_format for maildir. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2976
diff
changeset
|
476 # %f - filename (maildir only) |
|
2976
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
477 # |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
478 # If you want UIDL compatibility with other POP3 servers, use: |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
479 # UW's ipop3d : %08Xv%08Xu |
|
2996
9219e788d774
Added %f pop3_uidl_format for maildir. Patch by Andrey Panin.
Timo Sirainen <tss@iki.fi>
parents:
2976
diff
changeset
|
480 # Courier version 0 : %f |
|
2976
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
481 # Courier version 1 : %u |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
482 # Courier version 2 : %v-%u |
| 3142 | 483 # Cyrus (<= 2.1.3) : %u |
| 484 # Cyrus (>= 2.1.4) : %v.%u | |
|
3661
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
485 # Older Dovecots : %v.%u |
|
2976
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
486 # |
|
3661
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
487 # Note that Outlook 2003 seems to have problems with %v.%u format which was |
|
2976
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
488 # Dovecot's default, so if you're building a new server it would be a good |
|
96a4ab34c8f1
Added pop3_uidl_format setting.
Timo Sirainen <tss@iki.fi>
parents:
2967
diff
changeset
|
489 # idea to change this. %08Xu%08Xv should be pretty fail-safe. |
|
3661
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
490 # |
|
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
491 # NOTE: Nowadays this is required to be set explicitly, since the old |
|
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
492 # default was bad but it couldn't be changed without breaking existing |
|
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
493 # installations. %08Xu%08Xv will be the new default, so use it for new |
|
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
494 # installations. |
|
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
495 # |
|
a745511d591e
pop3_uidl_format is now required to be explicitly set. There is no default
Timo Sirainen <tss@iki.fi>
parents:
3659
diff
changeset
|
496 #pop3_uidl_format = |
|
2621
c6cc163344c3
Added pop3_enable_last setting to enable deprecated LAST command.
Timo Sirainen <tss@iki.fi>
parents:
2595
diff
changeset
|
497 |
|
3384
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
498 # POP3 logout format string: |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
499 # %t - number of TOP commands |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
500 # %T - number of bytes sent to client as a result of TOP command |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
501 # %r - number of RETR commands |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
502 # %R - number of bytes sent to client as a result of RETR command |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
503 # %d - number of deleted messages |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
504 # %m - number of messages (before deletion) |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
505 # %s - mailbox size in bytes (before deletion) |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
506 #pop3_logout_format = top=%t/%T, retr=%r/%R, del=%d/%m, size=%s |
|
3b75956d20c4
Added configurable logging for login process. Added configurable pop3 logout
Timo Sirainen <tss@iki.fi>
parents:
3259
diff
changeset
|
507 |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
508 # Support for dynamically loadable modules. |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
509 #mail_use_modules = no |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
510 #mail_modules = /usr/lib/dovecot/pop3 |
|
2316
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
511 |
|
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
512 # Workarounds for various client bugs: |
|
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
513 # outlook-no-nuls: |
|
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
514 # Outlook and Outlook Express hang if mails contain NUL characters. |
|
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
515 # This setting replaces them with 0x80 character. |
| 2952 | 516 # oe-ns-eoh: |
| 517 # Outlook Express and Netscape Mail breaks if end of headers-line is | |
| 518 # missing. This option simply sends it if it's missing. | |
|
2316
1c1ed4494aa4
Split client_workarounds to imap_ and pop3_ ones. Added outlook-no-nuls POP3
Timo Sirainen <tss@iki.fi>
parents:
2288
diff
changeset
|
519 #pop3_client_workarounds = |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
520 } |
|
1465
03dd87873a81
Added support for dynamically loadable imap/pop3 modules.
Timo Sirainen <tss@iki.fi>
parents:
1437
diff
changeset
|
521 |
|
1055
a72bba3f8a55
Rewrote setting handling. Changed some existing settings also since POP3
Timo Sirainen <tss@iki.fi>
parents:
1040
diff
changeset
|
522 ## |
| 0 | 523 ## Authentication processes |
| 524 ## | |
| 525 | |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
526 # Executable location |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
527 #auth_executable = /usr/libexec/dovecot/dovecot-auth |
| 0 | 528 |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
529 # Set max. process size in megabytes. |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
530 #auth_process_size = 256 |
| 0 | 531 |
|
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
532 # Authentication cache size in kilobytes. 0 means it's disabled. |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
533 # Note that bsdauth, PAM and vpopmail require cache_key to be set for caching |
|
3659
7a04c13af9bc
Added a warning about multiple passdbs to auth_cache_size.
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
534 # to be used. Also note that currently auth cache doesn't work very well if |
|
7a04c13af9bc
Added a warning about multiple passdbs to auth_cache_size.
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
535 # you're using multiple passdbs with same usernames in them. |
|
2798
54b29901a793
Added simple LRU cache for auth requests. Currently only for sql passdb.
Timo Sirainen <tss@iki.fi>
parents:
2792
diff
changeset
|
536 #auth_cache_size = 0 |
|
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
537 # Time to live in seconds for cached data. After this many seconds the cached |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
538 # record is no longer used, *except* if the main database lookup returns |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
539 # internal failure. |
|
2798
54b29901a793
Added simple LRU cache for auth requests. Currently only for sql passdb.
Timo Sirainen <tss@iki.fi>
parents:
2792
diff
changeset
|
540 #auth_cache_ttl = 3600 |
|
54b29901a793
Added simple LRU cache for auth requests. Currently only for sql passdb.
Timo Sirainen <tss@iki.fi>
parents:
2792
diff
changeset
|
541 |
|
1328
0a524d229f50
Added auth_default_realm (based on patch by Kristian Hoffmann)
Timo Sirainen <tss@iki.fi>
parents:
1318
diff
changeset
|
542 # Space separated list of realms for SASL authentication mechanisms that need |
|
0a524d229f50
Added auth_default_realm (based on patch by Kristian Hoffmann)
Timo Sirainen <tss@iki.fi>
parents:
1318
diff
changeset
|
543 # them. You can leave it empty if you don't want to support multiple realms. |
|
0a524d229f50
Added auth_default_realm (based on patch by Kristian Hoffmann)
Timo Sirainen <tss@iki.fi>
parents:
1318
diff
changeset
|
544 # Many clients simply use the first one listed here, so keep the default realm |
|
0a524d229f50
Added auth_default_realm (based on patch by Kristian Hoffmann)
Timo Sirainen <tss@iki.fi>
parents:
1318
diff
changeset
|
545 # first. |
| 0 | 546 #auth_realms = |
| 547 | |
| 2133 | 548 # Default realm/domain to use if none was specified. This is used for both |
| 549 # SASL realms and appending @domain to username in plaintext logins. | |
|
1328
0a524d229f50
Added auth_default_realm (based on patch by Kristian Hoffmann)
Timo Sirainen <tss@iki.fi>
parents:
1318
diff
changeset
|
550 #auth_default_realm = |
|
0a524d229f50
Added auth_default_realm (based on patch by Kristian Hoffmann)
Timo Sirainen <tss@iki.fi>
parents:
1318
diff
changeset
|
551 |
|
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1328
diff
changeset
|
552 # List of allowed characters in username. If the user-given username contains |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1328
diff
changeset
|
553 # a character not listed in here, the login automatically fails. This is just |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1328
diff
changeset
|
554 # an extra check to make sure user can't exploit any potential quote escaping |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1328
diff
changeset
|
555 # vulnerabilities with SQL/LDAP databases. If you want to allow all characters, |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1328
diff
changeset
|
556 # set this value to empty. |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1328
diff
changeset
|
557 #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1328
diff
changeset
|
558 |
|
2510
0f660149c7ef
Added auth_username_translation setting.
Timo Sirainen <tss@iki.fi>
parents:
2448
diff
changeset
|
559 # Username character translations before it's looked up from databases. The |
|
0f660149c7ef
Added auth_username_translation setting.
Timo Sirainen <tss@iki.fi>
parents:
2448
diff
changeset
|
560 # value contains series of from -> to characters. For example "#@/@" means |
|
0f660149c7ef
Added auth_username_translation setting.
Timo Sirainen <tss@iki.fi>
parents:
2448
diff
changeset
|
561 # that '#' and '/' characters are translated to '@'. |
|
0f660149c7ef
Added auth_username_translation setting.
Timo Sirainen <tss@iki.fi>
parents:
2448
diff
changeset
|
562 #auth_username_translation = |
|
0f660149c7ef
Added auth_username_translation setting.
Timo Sirainen <tss@iki.fi>
parents:
2448
diff
changeset
|
563 |
|
1437
c27c6089e933
Added support for ANONYMOUS SASL mechanism.
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
564 # Username to use for users logging in with ANONYMOUS SASL mechanism |
|
c27c6089e933
Added support for ANONYMOUS SASL mechanism.
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
565 #auth_anonymous_username = anonymous |
|
c27c6089e933
Added support for ANONYMOUS SASL mechanism.
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
566 |
| 999 | 567 # More verbose logging. Useful for figuring out why authentication isn't |
| 568 # working. | |
| 569 #auth_verbose = no | |
| 0 | 570 |
| 2417 | 571 # Even more verbose logging for debugging purposes. Shows for example SQL |
| 572 # queries. | |
| 573 #auth_debug = no | |
| 574 | |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3144
diff
changeset
|
575 # Maximum number of dovecot-auth worker processes. They're used to execute |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3144
diff
changeset
|
576 # blocking passdb and userdb queries (eg. MySQL and PAM). They're |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3144
diff
changeset
|
577 # automatically created and destroyed as needed. |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3144
diff
changeset
|
578 #auth_worker_max_count = 30 |
|
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3144
diff
changeset
|
579 |
|
3683
28cca6317829
Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
3679
diff
changeset
|
580 # Kerberos keytab to use for the GSSAPI mechanism. Will use the system |
|
28cca6317829
Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
3679
diff
changeset
|
581 # default (usually /etc/krb5.keytab) if not specified. |
|
28cca6317829
Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
3679
diff
changeset
|
582 #auth_krb5_keytab = |
|
28cca6317829
Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
3679
diff
changeset
|
583 |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
584 auth default { |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
585 # Space separated list of wanted authentication mechanisms: |
|
3683
28cca6317829
Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
3679
diff
changeset
|
586 # plain digest-md5 cram-md5 apop anonymous gssapi |
|
1707
ba70d60987e2
We now support checking the password against all defined auth processes and
Timo Sirainen <tss@iki.fi>
parents:
1688
diff
changeset
|
587 mechanisms = plain |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
588 |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
589 # |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
590 # Password database is used to verify user's password (and nothing more). |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
591 # You can have multiple passdbs and userdbs. This is useful if you want to |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
592 # allow both system users (/etc/passwd) and virtual users to login without |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
593 # duplicating the system users into virtual database. |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
594 # |
| 3142 | 595 # http://wiki.dovecot.org/Authentication |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
596 # |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
597 |
| 3609 | 598 # Users can be temporarily disabled by adding a passdb with deny=yes. |
| 599 # If the user is found from that database, authentication will fail. | |
| 600 # The deny passdb should always be specified before others, so it gets | |
| 601 # checked first. Here's an example: | |
| 602 #passdb passwd-file { | |
| 603 # File contains a list of usernames, one per line | |
| 3610 | 604 #args = /etc/dovecot.deny |
| 3609 | 605 #deny = yes |
| 606 #} | |
| 607 | |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
608 # PAM authentication. Preferred nowadays by most systems. |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
609 # Note that PAM can only be used to verify if user's password is correct, |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
610 # so it can't be used as userdb. If you don't want to use a separate user |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
611 # database (passwd usually), you can use static userdb. |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
612 passdb pam { |
|
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
613 # [-session] [cache_key=<key>] [<service name>] |
| 3509 | 614 # |
| 615 # -session makes Dovecot open and immediately close PAM session. Some | |
| 616 # PAM plugins need this to work. | |
|
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
617 # |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
618 # cache_key can be used to enable authentication caching for PAM |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
619 # (auth_cache_size also needs to be set). It isn't enabled by default |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
620 # because PAM modules can do all kinds of checks besides checking password, |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
621 # such as checking IP address. Dovecot can't know about these checks |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
622 # without some help. cache_key is simply a list of variables (see |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
623 # doc/variables.txt) which must match for the cached data to be used. |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
624 # Here are some examples: |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
625 # %u - Username must match. Probably sufficient for most uses. |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
626 # %u%r - Username and remote IP address must match. |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
627 # %u%s - Username and service (ie. IMAP, POP3) must match. |
| 3509 | 628 # |
| 629 # If service name is "*", it means the authenticating service name | |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
630 # is used, eg. pop3 or imap. |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
631 #args = dovecot |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
632 } |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
633 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
634 # /etc/passwd or similar, using getpwnam() |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
635 # In many systems nowadays this uses Name Service Switch, which is |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
636 # configured in /etc/nsswitch.conf. |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
637 #passdb passwd { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
638 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
639 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
640 # /etc/shadow or similiar, using getspnam(). Deprecated by PAM nowadays. |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
641 #passdb shadow { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
642 #} |
| 3142 | 643 |
|
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
644 # BSD authentication. Used by at least OpenBSD. |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
645 #passdb bsdauth { |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
646 # [cache_key=<key>] - See cache_key in PAM for explanation. |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
647 #args = |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
648 #} |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
649 |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
650 # passwd-like file with specified location |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
651 #passdb passwd-file { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
652 # Path for passwd-file |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
653 #args = |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
654 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
655 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
656 # checkpassword executable authentication |
|
3667
b7569a6a4ada
Renamed userdb passdb to prefetch.
Timo Sirainen <tss@iki.fi>
parents:
3661
diff
changeset
|
657 # NOTE: You will probably want to use "userdb prefetch" with this. |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
658 #passdb checkpassword { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
659 # Path for checkpassword binary |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
660 #args = |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
661 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
662 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
663 # SQL database |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
664 #passdb sql { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
665 # Path for SQL configuration file, see doc/dovecot-sql.conf for example |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
666 #args = |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
667 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
668 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
669 # LDAP database |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
670 #passdb ldap { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
671 # Path for LDAP configuration file, see doc/dovecot-ldap.conf for example |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
672 #args = |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
673 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
674 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
675 # vpopmail authentication |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
676 #passdb vpopmail { |
|
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
677 # [cache_key=<key>] - See cache_key in PAM for explanation. |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3648
diff
changeset
|
678 #args = |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
679 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
680 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
681 # |
| 3026 | 682 # User database specifies where mails are located and what user/group IDs |
| 683 # own them. For single-UID configuration use "static". | |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
684 # |
| 3028 | 685 # http://wiki.dovecot.org/Authentication |
| 686 # http://wiki.dovecot.org/VirtualUsers | |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
687 # |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
688 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
689 # /etc/passwd or similar, using getpwnam() |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
690 # In many systems nowadays this uses Name Service Switch, which is |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
691 # configured in /etc/nsswitch.conf. |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
692 userdb passwd { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
693 } |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
694 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
695 # passwd-like file with specified location |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
696 #userdb passwd-file { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
697 # Path for passwd-file |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
698 #args = |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
699 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
700 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
701 # static settings generated from template |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
702 #userdb static { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
703 # Template for settings. Can return anything a userdb could normally |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
704 # return, eg.: uid, gid, home, mail, nice |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
705 # |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
706 # A few examples: |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
707 # |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
708 # args = uid=500 gid=500 home=/var/mail/%u |
|
3561
7faf81f89cab
Change mail setting in static userdb not to use %h since it doesn't work.
Timo Sirainen <tss@iki.fi>
parents:
3511
diff
changeset
|
709 # args = uid=500 gid=500 home=/home/%u mail=mbox:/home/%u/mail nice=10 |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
710 # |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
711 #args = |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
712 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
713 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
714 # SQL database |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
715 #userdb sql { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
716 # Path for SQL configuration file, see doc/dovecot-sql.conf for example |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
717 #args = |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
718 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
719 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
720 # LDAP database |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
721 #userdb ldap { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
722 # Path for LDAP configuration file, see doc/dovecot-ldap.conf for example |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
723 #args = |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
724 #} |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
725 |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
726 # vpopmail |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
727 #userdb vpopmail { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
728 #} |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
729 |
|
3667
b7569a6a4ada
Renamed userdb passdb to prefetch.
Timo Sirainen <tss@iki.fi>
parents:
3661
diff
changeset
|
730 # "prefetch" user database means that the passdb already provided the |
|
3595
4d2ee2274c70
Added information about userdb passdb.
Timo Sirainen <tss@iki.fi>
parents:
3568
diff
changeset
|
731 # needed information and there's no need to do a separate userdb lookup. |
|
4d2ee2274c70
Added information about userdb passdb.
Timo Sirainen <tss@iki.fi>
parents:
3568
diff
changeset
|
732 # This can be made to work with SQL and LDAP databases. |
|
4d2ee2274c70
Added information about userdb passdb.
Timo Sirainen <tss@iki.fi>
parents:
3568
diff
changeset
|
733 # http://wiki.dovecot.org/AuthSpecials |
|
3718
c62c573560c1
"userdb prefetch" should be commented out by default.
Timo Sirainen <tss@iki.fi>
parents:
3683
diff
changeset
|
734 #userdb prefetch { |
|
c62c573560c1
"userdb prefetch" should be commented out by default.
Timo Sirainen <tss@iki.fi>
parents:
3683
diff
changeset
|
735 #} |
|
3595
4d2ee2274c70
Added information about userdb passdb.
Timo Sirainen <tss@iki.fi>
parents:
3568
diff
changeset
|
736 |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
737 # User to use for the process. This user needs access to only user and |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
738 # password databases, nothing else. Only shadow and pam authentication |
|
1615
a8dc875a8918
Included comment about passwd+BSD requiring roots.
Timo Sirainen <tss@iki.fi>
parents:
1610
diff
changeset
|
739 # requires roots, so use something else if possible. Note that passwd |
|
a8dc875a8918
Included comment about passwd+BSD requiring roots.
Timo Sirainen <tss@iki.fi>
parents:
1610
diff
changeset
|
740 # authentication with BSDs internally accesses shadow files, which also |
| 3026 | 741 # requires roots. Note that this user is NOT used to access mails. |
| 742 # That user is specified by userdb above. | |
|
1707
ba70d60987e2
We now support checking the password against all defined auth processes and
Timo Sirainen <tss@iki.fi>
parents:
1688
diff
changeset
|
743 user = root |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
744 |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
745 # Directory where to chroot the process. Most authentication backends don't |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
746 # work if this is set, and there's no point chrooting if auth_user is root. |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
747 # Note that valid_chroot_dirs isn't needed to use this setting. |
|
1707
ba70d60987e2
We now support checking the password against all defined auth processes and
Timo Sirainen <tss@iki.fi>
parents:
1688
diff
changeset
|
748 #chroot = |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
749 |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
750 # Number of authentication processes to create |
|
1707
ba70d60987e2
We now support checking the password against all defined auth processes and
Timo Sirainen <tss@iki.fi>
parents:
1688
diff
changeset
|
751 #count = 1 |
|
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
752 |
|
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
753 # Require a valid SSL client certificate or the authentication fails. |
|
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
754 #ssl_require_client_cert = no |
|
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3610
diff
changeset
|
755 |
|
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3610
diff
changeset
|
756 # Take the username from client's SSL certificate, using X509_NAME_oneline() |
|
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3610
diff
changeset
|
757 # which typically uses subject's Distinguished Name. |
|
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3610
diff
changeset
|
758 #ssl_username_from_cert = no |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
759 } |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1592
diff
changeset
|
760 |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
761 # It's possible to export the authentication interface to other programs, |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
762 # for example SMTP server which supports talking to Dovecot. Client socket |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
763 # handles the actual authentication - you give it a username and password |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
764 # and it returns OK or failure. So it's pretty safe to allow anyone access to |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
765 # it. Master socket is used to a) query if given client was successfully |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
766 # authenticated, b) userdb lookups. |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
767 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
768 # listener sockets will be created by Dovecot's master process using the |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
769 # settings given inside the auth section |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
770 #auth default_with_listener { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
771 # mechanisms = plain |
|
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
772 # passdb passwd { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
773 # } |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
774 # userdb pam { |
|
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
775 # } |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
776 # socket listen { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
777 # master { |
|
3598
3e737ed2f57b
Changed /var/run/dovecot/auth-master to /var/run/dovecot-auth-master
Timo Sirainen <tss@iki.fi>
parents:
3595
diff
changeset
|
778 # path = /var/run/dovecot-auth-master |
|
3599
0229cb5e4384
Added a warning about auth-master socket permissions
Timo Sirainen <tss@iki.fi>
parents:
3598
diff
changeset
|
779 # # WARNING: Giving untrusted users access to master socket may be a |
|
0229cb5e4384
Added a warning about auth-master socket permissions
Timo Sirainen <tss@iki.fi>
parents:
3598
diff
changeset
|
780 # # security risk, don't give too wide permissions to it! |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
781 # #mode = 0600 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
782 # # Default user/group is the one who started dovecot-auth (root) |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
783 # #user = |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
784 # #group = |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
785 # } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
786 # client { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
787 # path = /var/run/dovecot-auth-client |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
788 # mode = 0660 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
789 # } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
790 # } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
791 #} |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
792 |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
793 # connect sockets are assumed to be already running, Dovecot's master |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
794 # process only tries to connect to them. They don't need any other settings |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
795 # than path for the master socket, as the configuration is done elsewhere. |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
796 # Note that the client sockets must exist in login_dir. |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
797 #auth external { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
798 # socket connect { |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
799 # master { |
|
3598
3e737ed2f57b
Changed /var/run/dovecot/auth-master to /var/run/dovecot-auth-master
Timo Sirainen <tss@iki.fi>
parents:
3595
diff
changeset
|
800 # path = /var/run/dovecot-auth-master |
|
2236
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
801 # } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
802 # } |
|
43b82a35888d
Dovecot can now connect to externally running dovecot-auth.
Timo Sirainen <tss@iki.fi>
parents:
2231
diff
changeset
|
803 #} |