2016-02-17 23:56:40 +02:00
|
|
|
###############
|
|
|
|
# General
|
|
|
|
###############
|
2016-02-24 08:44:49 +02:00
|
|
|
log_path = /dev/stderr
|
2016-11-12 17:18:14 +02:00
|
|
|
protocols = imap pop3 lmtp sieve
|
2016-05-29 15:56:18 +02:00
|
|
|
postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
|
|
|
|
hostname = {{ HOSTNAME }}
|
2016-02-21 16:39:01 +02:00
|
|
|
mail_plugins = $mail_plugins quota
|
2016-04-20 21:17:43 +02:00
|
|
|
submission_host = smtp
|
2016-02-17 23:56:40 +02:00
|
|
|
|
2016-02-21 16:09:25 +02:00
|
|
|
service dict {
|
|
|
|
unix_listener dict {
|
|
|
|
group = mail
|
|
|
|
mode = 0660
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-04-20 21:20:02 +02:00
|
|
|
dict {
|
|
|
|
sieve = sqlite:/etc/dovecot/pigeonhole-sieve.dict
|
|
|
|
}
|
|
|
|
|
2016-02-17 23:56:40 +02:00
|
|
|
###############
|
|
|
|
# Mailboxes
|
|
|
|
###############
|
|
|
|
first_valid_gid = 8
|
|
|
|
first_valid_uid = 8
|
2016-02-24 08:44:49 +02:00
|
|
|
mail_location = maildir:/mail/%u
|
|
|
|
mail_home = /mail/%u
|
2016-02-17 23:56:40 +02:00
|
|
|
mail_uid = mail
|
|
|
|
mail_gid = mail
|
|
|
|
mail_privileged_group = mail
|
|
|
|
mail_access_groups = mail
|
2017-01-23 21:54:10 +02:00
|
|
|
maildir_stat_dirs = yes
|
2016-02-17 23:56:40 +02:00
|
|
|
|
2016-02-21 16:07:12 +02:00
|
|
|
namespace inbox {
|
|
|
|
inbox = yes
|
|
|
|
mailbox Trash {
|
|
|
|
auto = subscribe
|
|
|
|
special_use = \Trash
|
|
|
|
}
|
|
|
|
mailbox Drafts {
|
|
|
|
auto = subscribe
|
|
|
|
special_use = \Drafts
|
|
|
|
}
|
|
|
|
mailbox Sent {
|
|
|
|
auto = subscribe
|
|
|
|
special_use = \Sent
|
|
|
|
}
|
|
|
|
mailbox Junk {
|
|
|
|
auto = subscribe
|
|
|
|
special_use = \Junk
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-17 23:56:40 +02:00
|
|
|
###############
|
|
|
|
# TLS
|
|
|
|
###############
|
|
|
|
ssl = yes
|
2016-02-24 08:44:49 +02:00
|
|
|
ssl_cert = </certs/cert.pem
|
|
|
|
ssl_key = </certs/key.pem
|
2017-09-10 19:00:22 +02:00
|
|
|
ssl_dh = </certs/dhparam.pem
|
2016-08-19 13:55:34 +02:00
|
|
|
# TLS hardening is based on the following documentation:
|
|
|
|
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
|
2016-08-19 13:19:05 +02:00
|
|
|
ssl_protocols=!SSLv3 !SSLv2
|
2016-08-19 13:54:47 +02:00
|
|
|
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
|
|
|
|
ssl_prefer_server_ciphers = yes
|
|
|
|
ssl_options = no_compression
|
2016-02-17 23:56:40 +02:00
|
|
|
|
|
|
|
###############
|
|
|
|
# Authentication
|
|
|
|
###############
|
2016-02-24 08:44:49 +02:00
|
|
|
auth_mechanisms = plain login
|
2016-02-17 23:56:40 +02:00
|
|
|
|
|
|
|
passdb {
|
|
|
|
driver = sql
|
|
|
|
args = /etc/dovecot/dovecot-sql.conf.ext
|
|
|
|
}
|
|
|
|
|
|
|
|
userdb {
|
|
|
|
driver = sql
|
|
|
|
args = /etc/dovecot/dovecot-sql.conf.ext
|
|
|
|
}
|
|
|
|
|
|
|
|
service auth {
|
|
|
|
user = dovecot
|
|
|
|
unix_listener auth-userdb {
|
|
|
|
}
|
2016-02-24 08:44:49 +02:00
|
|
|
|
|
|
|
inet_listener {
|
|
|
|
port = 2102
|
2016-02-17 23:56:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
service auth-worker {
|
|
|
|
unix_listener auth-worker {
|
2016-06-19 21:57:02 +02:00
|
|
|
user = dovecot
|
2016-05-06 19:26:11 +02:00
|
|
|
group = mail
|
2016-02-17 23:56:40 +02:00
|
|
|
mode = 0660
|
|
|
|
}
|
|
|
|
user = mail
|
|
|
|
}
|
|
|
|
|
|
|
|
###############
|
2016-11-12 17:18:14 +02:00
|
|
|
# IMAP & POP
|
2016-02-17 23:56:40 +02:00
|
|
|
###############
|
|
|
|
|
|
|
|
protocol imap {
|
2016-12-11 20:15:09 +02:00
|
|
|
mail_plugins = $mail_plugins imap_quota imap_sieve
|
2016-02-17 23:56:40 +02:00
|
|
|
}
|
|
|
|
|
2016-11-12 17:18:14 +02:00
|
|
|
protocol pop3 {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2016-02-17 23:56:40 +02:00
|
|
|
service imap-login {
|
|
|
|
inet_listener imap {
|
|
|
|
port = 143
|
|
|
|
}
|
|
|
|
inet_listener imaps {
|
|
|
|
port = 993
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
###############
|
|
|
|
# Delivery
|
|
|
|
###############
|
|
|
|
|
|
|
|
protocol lmtp {
|
2016-02-21 16:07:12 +02:00
|
|
|
mail_plugins = $mail_plugins sieve
|
2017-09-10 14:09:16 +02:00
|
|
|
recipient_delimiter = {{ RECIPIENT_DELIMITER }}
|
2016-02-17 23:56:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
service lmtp {
|
2016-02-24 08:44:49 +02:00
|
|
|
inet_listener lmtp {
|
|
|
|
port = 2525
|
2016-02-17 23:56:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-21 16:39:01 +02:00
|
|
|
plugin {
|
|
|
|
quota = maildir:User quota
|
|
|
|
}
|
|
|
|
|
2016-02-17 23:56:40 +02:00
|
|
|
|
|
|
|
###############
|
|
|
|
# Filtering
|
|
|
|
###############
|
|
|
|
|
|
|
|
service managesieve-login {
|
|
|
|
inet_listener sieve {
|
|
|
|
port = 4190
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-10-18 23:02:42 +02:00
|
|
|
service managesieve {
|
|
|
|
}
|
|
|
|
|
2016-02-17 23:56:40 +02:00
|
|
|
plugin {
|
2016-10-18 23:02:42 +02:00
|
|
|
sieve = file:~/sieve;active=~/.dovecot.sieve
|
2016-12-11 20:15:09 +02:00
|
|
|
sieve_plugins = sieve_extdata sieve_imapsieve sieve_extprograms
|
|
|
|
sieve_global_extensions = +vnd.dovecot.extdata +spamtest +spamtestplus +vnd.dovecot.execute
|
2016-02-24 08:44:49 +02:00
|
|
|
sieve_before = /var/lib/dovecot/before.sieve
|
|
|
|
sieve_default = /var/lib/dovecot/default.sieve
|
|
|
|
sieve_after = /var/lib/dovecot/after.sieve
|
2016-04-20 21:20:02 +02:00
|
|
|
sieve_extdata_dict_uri = proxy::sieve
|
2016-11-24 13:39:58 +02:00
|
|
|
|
2016-12-11 20:15:09 +02:00
|
|
|
# Sieve execute
|
|
|
|
sieve_execute_bin_dir = /var/lib/dovecot/bin
|
|
|
|
|
2016-11-24 13:39:58 +02:00
|
|
|
# Send vacation replies even for aliases
|
|
|
|
# See the Pigeonhole documentation about warnings: http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation
|
|
|
|
# It appears that our implemntation of mail delivery meets criteria of section 4.5
|
|
|
|
# from RFC 5230 and that disabling the recipient checks is not an issue here.
|
|
|
|
sieve_vacation_dont_check_recipient = yes
|
|
|
|
|
|
|
|
# Include the recipient in vacation replies so that DKIM applies
|
2016-11-23 21:23:39 +02:00
|
|
|
sieve_vacation_send_from_recipient = yes
|
2016-06-19 21:57:02 +02:00
|
|
|
|
2016-09-29 15:34:43 +02:00
|
|
|
# extract spam score from
|
|
|
|
# X-Spam-Result: .... [<value> / <max_value] ...
|
|
|
|
sieve_spamtest_status_type = score
|
|
|
|
sieve_spamtest_status_header = X-Spamd-Result: .*\[(-?[[:digit:]]+\.[[:digit:]]+) .*\]
|
|
|
|
sieve_spamtest_max_header = X-Spamd-Result: .*\[.* ([[:digit:]]+\.[[:digit:]]+)\]
|
2016-12-11 20:15:09 +02:00
|
|
|
|
|
|
|
# Learn from spam
|
|
|
|
imapsieve_mailbox1_name = Junk
|
|
|
|
imapsieve_mailbox1_causes = COPY
|
|
|
|
imapsieve_mailbox1_before = file:/var/lib/dovecot/report-spam.sieve
|
|
|
|
imapsieve_mailbox2_name = *
|
|
|
|
imapsieve_mailbox2_from = Junk
|
|
|
|
imapsieve_mailbox2_causes = COPY
|
|
|
|
imapsieve_mailbox2_before = file:/var/lib/dovecot/report-ham.sieve
|
2016-09-29 15:34:43 +02:00
|
|
|
}
|
2016-10-18 23:02:42 +02:00
|
|
|
|
2016-08-18 15:58:26 +02:00
|
|
|
###############
|
2016-10-18 23:02:42 +02:00
|
|
|
# Extensions
|
2016-08-18 15:58:26 +02:00
|
|
|
###############
|
|
|
|
|
|
|
|
!include_try /overrides/dovecot.conf
|