Mercurial > dovecot > original-hg > dovecot-1.2
diff dovecot-example.conf @ 4360:7b18bb6b6450 HEAD
Moved around settings and added some main groups to them, hopefully making
it easier to find them.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Fri, 16 Jun 2006 12:48:23 +0300 |
| parents | 92ad9dbcde85 |
| children | 4e0890fa0bbe |
line wrap: on
line diff
--- a/dovecot-example.conf Fri Jun 16 12:47:57 2006 +0300 +++ b/dovecot-example.conf Fri Jun 16 12:48:23 2006 +0300 @@ -38,6 +38,44 @@ # } #listen = * +# Disable LOGIN command and all other plaintext authentications unless +# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and +# IPv6 ::1 addresses are considered secure, this setting has no effect if +# you connect from those addresses. +#disable_plaintext_auth = yes + +# Should all IMAP and POP3 processes be killed when Dovecot master process +# shuts down. Setting this to "no" means that Dovecot can be upgraded without +# forcing existing client connections to close (although that could also be +# a problem if the upgrade is eg. because of a security fix). This however +# means that after master process has died, the client processes can't write +# to log files anymore. +#shutdown_clients = yes + +## +## Logging +## + +# Use this logfile instead of syslog(). /dev/stderr can be used if you want to +# use stderr for logging (ONLY /dev/stderr - otherwise it is closed). +#log_path = + +# For informational messages, use this logfile instead of the default +#info_log_path = + +# Prefix for each line written to log file. % codes are in strftime(3) +# format. +#log_timestamp = "%b %d %H:%M:%S " + +# Syslog facility to use if you're logging to syslog. Usually if you don't +# want to use "mail", you'll use local0..local7. Also other standard +# facilities are supported. +#syslog_facility = mail + +## +## SSL settings +## + # IP or host address where to listen in for SSL connections. Defaults # to above if not specified. #ssl_listen = @@ -70,35 +108,8 @@ # SSL ciphers to use #ssl_cipher_list = ALL:!LOW -# Disable LOGIN command and all other plaintext authentications unless -# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and -# IPv6 ::1 addresses are considered secure, this setting has no effect if -# you connect from those addresses. -#disable_plaintext_auth = yes - -# Should all IMAP and POP3 processes be killed when Dovecot master process -# shuts down. Setting this to "no" means that Dovecot can be upgraded without -# forcing existing client connections to close (although that could also be -# a problem if the upgrade is eg. because of a security fix). This however -# means that after master process has died, the client processes can't write -# to log files anymore. -#shutdown_clients = yes - -# Use this logfile instead of syslog(). /dev/stderr can be used if you want to -# use stderr for logging (ONLY /dev/stderr - otherwise it is closed). -#log_path = - -# For informational messages, use this logfile instead of the default -#info_log_path = - -# Prefix for each line written to log file. % codes are in strftime(3) -# format. -#log_timestamp = "%b %d %H:%M:%S " - -# Syslog facility to use if you're logging to syslog. Usually if you don't -# want to use "mail", you'll use local0..local7. Also other standard -# facilities are supported. -#syslog_facility = mail +# Show protocol level SSL errors. +#verbose_ssl = no ## ## Login processes @@ -163,58 +174,9 @@ #login_log_format = %$: %s ## -## Mail processes +## Mailbox locations and namespaces ## -# Maximum number of running mail processes. When this limit is reached, -# new users aren't allowed to log in. -#max_mail_processes = 1024 - -# Show more verbose process titles (in ps). Currently shows user name and -# IP address. Useful for seeing who are actually using the IMAP processes -# (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no - -# Show protocol level SSL errors. -#verbose_ssl = no - -# Valid UID range for users, defaults to 500 and above. This is mostly -# to make sure that users can't log in as daemons or other system users. -# Note that denying root logins is hardcoded to dovecot binary and can't -# be done even if first_valid_uid is set to 0. -#first_valid_uid = 500 -#last_valid_uid = 0 - -# Valid GID range for users, defaults to non-root/wheel. Users having -# non-valid GID as primary group ID aren't allowed to log in. If user -# belongs to supplementary groups with non-valid GIDs, those groups are -# not set. -#first_valid_gid = 1 -#last_valid_gid = 0 - -# Grant access to these extra groups for mail processes. Typical use would be -# to give "mail" group write access to /var/mail to be able to create dotlocks. -#mail_extra_groups = - -# ':' separated list of directories under which chrooting is allowed for mail -# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). -# This setting doesn't affect login_chroot or auth_chroot variables. -# WARNING: Never add directories here which local users can modify, that -# may lead to root exploit. Usually this should be done only if you don't -# allow shell access for users. See doc/configuration.txt for more information. -#valid_chroot_dirs = - -# Default chroot directory for mail processes. This can be overridden for -# specific users in user database by giving /./ in user's home directory -# (eg. /home/./user chroots into /home). Note that usually there is no real -# need to do chrooting, Dovecot doesn't allow users to access files outside -# their mail directory anyway. -#mail_chroot = - -# Enable mail process debugging. This can help you figure out why Dovecot -# isn't finding your mails. -#mail_debug = no - # Default MAIL environment to use when it's not set. By leaving this empty # dovecot tries to do some automatic detection as described in # doc/mail-storages.txt. There's a few special variables you can use, eg.: @@ -270,6 +232,105 @@ #hidden = yes #} +# Grant access to these extra groups for mail processes. Typical use would be +# to give "mail" group write access to /var/mail to be able to create dotlocks. +#mail_extra_groups = + +# Allow full filesystem access to clients. There's no access checks other than +# what the operating system does for the active UID/GID. It works with both +# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ +# or ~user/. +#mail_full_filesystem_access = no + +## +## Mail processes +## + +# Enable mail process debugging. This can help you figure out why Dovecot +# isn't finding your mails. +#mail_debug = no + +# Log prefix for mail processes. See doc/variables.txt for list of possible +# variables you can use. +#mail_log_prefix = "%Us(%u): " + +# Use mmap() instead of read() to read mail files. read() seems to be a bit +# faster with my Linux/x86 and it's better with NFS, so that's the default. +# Note that OpenBSD 3.3 and older don't work right with mail_read_mmaped = yes. +#mail_read_mmaped = no + +# Don't use mmap() at all. This is required if you store indexes to shared +# filesystems (NFS or clustered filesystem). +#mmap_disable = no + +# Don't write() to mmaped files. This is required for some operating systems +# which use separate caches for them, such as OpenBSD. +#mmap_no_write = no + +# Locking method for index files. Alternatives are fcntl, flock and dotlock. +# Dotlocking uses some tricks which may create more disk I/O than other locking +# methods. NOTE: If you use NFS, remember to change also mmap_disable setting! +#lock_method = fcntl + +# Drop all privileges before exec()ing the mail process. This is mostly +# meant for debugging, otherwise you don't get core dumps. It could be a small +# security risk if you use single UID for multiple users, as the users could +# ptrace() each others processes then. +#mail_drop_priv_before_exec = no + +# Show more verbose process titles (in ps). Currently shows user name and +# IP address. Useful for seeing who are actually using the IMAP processes +# (eg. shared mailboxes or if same uid is used for multiple accounts). +#verbose_proctitle = no + +# Valid UID range for users, defaults to 500 and above. This is mostly +# to make sure that users can't log in as daemons or other system users. +# Note that denying root logins is hardcoded to dovecot binary and can't +# be done even if first_valid_uid is set to 0. +#first_valid_uid = 500 +#last_valid_uid = 0 + +# Valid GID range for users, defaults to non-root/wheel. Users having +# non-valid GID as primary group ID aren't allowed to log in. If user +# belongs to supplementary groups with non-valid GIDs, those groups are +# not set. +#first_valid_gid = 1 +#last_valid_gid = 0 + +# Maximum number of running mail processes. When this limit is reached, +# new users aren't allowed to log in. +#max_mail_processes = 1024 + +# Set max. process size in megabytes. Most of the memory goes to mmap()ing +# files, so it shouldn't harm much even if this limit is set pretty high. +#mail_process_size = 256 + +# Maximum allowed length for mail keyword name. It's only forced when trying +# to create new keywords. +#mail_max_keyword_length = 50 + +# Default umask to use for mail files and directories. +#umask = 0077 + +# ':' separated list of directories under which chrooting is allowed for mail +# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). +# This setting doesn't affect login_chroot or auth_chroot variables. +# WARNING: Never add directories here which local users can modify, that +# may lead to root exploit. Usually this should be done only if you don't +# allow shell access for users. See doc/configuration.txt for more information. +#valid_chroot_dirs = + +# Default chroot directory for mail processes. This can be overridden for +# specific users in user database by giving /./ in user's home directory +# (eg. /home/./user chroots into /home). Note that usually there is no real +# need to do chrooting, Dovecot doesn't allow users to access files outside +# their mail directory anyway. +#mail_chroot = + +## +## Mailbox handling optimizations +## + # Space-separated list of fields to initially save into cache file. Currently # these fields are allowed: # @@ -308,16 +369,6 @@ # and inotify with Linux to reply immediately after the change occurs. #mailbox_idle_check_interval = 30 -# Allow full filesystem access to clients. There's no access checks other than -# what the operating system does for the active UID/GID. It works with both -# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ -# or ~user/. -#mail_full_filesystem_access = no - -# Maximum allowed length for mail keyword name. It's only forced when trying -# to create new keywords. -#mail_max_keyword_length = 50 - # Save mails with CR+LF instead of plain LF. This makes sending those mails # take less CPU, especially with sendfile() syscall with Linux and FreeBSD. # But it also creates a bit more disk I/O which may just make it slower. @@ -325,23 +376,9 @@ # the extra CRs wrong and cause problems. #mail_save_crlf = no -# Use mmap() instead of read() to read mail files. read() seems to be a bit -# faster with my Linux/x86 and it's better with NFS, so that's the default. -# Note that OpenBSD 3.3 and older don't work right with mail_read_mmaped = yes. -#mail_read_mmaped = no - -# Don't use mmap() at all. This is required if you store indexes to shared -# filesystems (NFS or clustered filesystem). -#mmap_disable = no - -# Don't write() to mmaped files. This is required for some operating systems -# which use separate caches for them, such as OpenBSD. -#mmap_no_write = no - -# Locking method for index files. Alternatives are fcntl, flock and dotlock. -# Dotlocking uses some tricks which may create more disk I/O than other locking -# methods. NOTE: If you use NFS, remember to change also mmap_disable setting! -#lock_method = fcntl +## +## Maildir-specific settings +## # By default LIST command returns all entries in maildir beginning with dot. # Enabling this option makes Dovecot return only entries which are directories. @@ -358,6 +395,10 @@ # If you care about performance, enable it. #maildir_copy_with_hardlinks = no +## +## mbox-specific settings +## + # Which locking methods to use for locking mbox. There's four available: # dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe # solution. If you want to use /var/mail/ like directory, the users @@ -405,6 +446,10 @@ # If an index file already exists it's still read, just not updated. #mbox_min_index_size = 0 +## +## dbox-specific settings +## + # Maximum dbox file size in kilobytes until it's rotated. #dbox_rotate_size = 2048 @@ -416,23 +461,6 @@ # midnight, so 1 = today, 2 = yesterday, etc. 0 = check disabled. #dbox_rotate_days = 0 -# umask to use for mail files and directories -#umask = 0077 - -# Drop all privileges before exec()ing the mail process. This is mostly -# meant for debugging, otherwise you don't get core dumps. It could be a small -# security risk if you use single UID for multiple users, as the users could -# ptrace() each others processes then. -#mail_drop_priv_before_exec = no - -# Set max. process size in megabytes. Most of the memory goes to mmap()ing -# files, so it shouldn't harm much even if this limit is set pretty high. -#mail_process_size = 256 - -# Log prefix for mail processes. See doc/variables.txt for list of possible -# variables you can use. -#mail_log_prefix = "%Us(%u): " - ## ## IMAP specific settings ## @@ -849,27 +877,27 @@ #ssl_username_from_cert = no # It's possible to export the authentication interface to other programs: -# socket listen { -# master { -# # Master socket is typically used to give Dovecot's local delivery -# # agent access to userdb so it can find mailbox locations. It can -# # however also be used to disturb regular user authentications. -# # WARNING: Giving untrusted users access to master socket may be a -# # security risk, don't give too wide permissions to it! -# path = /var/run/dovecot/auth-master -# #mode = 0600 -# # Default user/group is the one who started dovecot-auth (root) -# #user = -# #group = -# } -# client { -# # The client socket is generally safe to export to everyone. Typical use -# # is to export it to your SMTP server so it can do SMTP AUTH lookups -# # using it. -# path = /var/run/dovecot/auth-client -# mode = 0660 -# } -# } + #socket listen { + #master { + # Master socket is typically used to give Dovecot's local delivery + # agent access to userdb so it can find mailbox locations. It can + # however also be used to disturb regular user authentications. + # WARNING: Giving untrusted users access to master socket may be a + # security risk, don't give too wide permissions to it! + #path = /var/run/dovecot/auth-master + #mode = 0600 + # Default user/group is the one who started dovecot-auth (root) + #user = + #group = + #} + #client { + # The client socket is generally safe to export to everyone. Typical use + # is to export it to your SMTP server so it can do SMTP AUTH lookups + # using it. + #path = /var/run/dovecot/auth-client + #mode = 0660 + #} + #} } # If you wish to use another authentication server than dovecot-auth, you can