self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-01-24 03:49:27 +02:00
Code Issues Releases Activity
Mailu/core/nginx/dovecot/proxy.conf
Florent Daigniere 8e28050510 Don't let people disable 465 and 993 
This is what we use for the other type of autoconfig... and really what
everyone should be using.

(cherry picked from commit 5fb44bd7190ec2e2d70e06927f641d0b5df44ed8)
2024-06-26 12:26:15 +00:00

165 lines
3.5 KiB
Plaintext
Raw Blame History

###############
# General
###############
log_path = /dev/stderr
auth_verbose=yes
mail_debug=yes
login_log_format_elements = user=<%u> method=%m rip=%r rport=%b lip=%l lport=%a mpid=%e %c
protocols = sieve imap pop3 lmtp submission
postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
hostname = {{ HOSTNAMES.split(",")[0] }}
submission_host = {{ SMTP_ADDRESS }}
submission_relay_host = {{ SMTP_ADDRESS }}
submission_relay_port = 10025
submission_relay_trusted = yes
submission_relay_ssl = no
submission_max_mail_size = {{ MESSAGE_SIZE_LIMIT }}
submission_backend_capabilities = 8BITMIME DSN VRFY
submission_client_workarounds = mailbox-for-path whitespace-before-path
# disable BURL
imap_urlauth_host=
lmtp_proxy = yes
lmtp_client_workarounds = whitespace-before-path mailbox-for-path
{%- if SUBNET6 %}
listen = *,::
{% else %}
listen = *
{% endif %}
default_internal_user = dovecot
default_login_user = mail
default_internal_group = dovecot
haproxy_trusted_networks = {% if REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %}{{ from_ip }} {% endfor %}{% endif %}
###############
# Authentication
###############
auth_username_chars =
auth_mechanisms = plain login
{%- if TLS %}
ssl = required
ssl_cert = <{{ TLS[0] }}
ssl_key = <{{ TLS[1] }}
{%- if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %}
ssl_alt_cert = <{{ TLS[2] }}
ssl_alt_key = <{{ TLS[3] }}
{% endif %}
# intermediate configuration
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
ssl_prefer_server_ciphers = no
ssl_options = no_compression no_ticket
{% else %}
disable_plaintext_auth = no
ssl = no
{% endif %}
passdb {
driver = lua
args = file=/etc/dovecot/login.lua blocking=yes
}
service auth-worker {
user = dovenull
group = dovenull
unix_listener auth-worker {
}
}
service anvil {
unix_listener anvil-auth-penalty {
mode = 0
}
}
{%- if PORT_4190 %}
service managesieve-login {
executable = managesieve-login
inet_listener sieve {
port = 4190
{%- if PROXY_PROTOCOL_4190 %}
haproxy = yes
{% endif %}
}
inet_listener sieve-webmail {
port = 14190
}
}
{% endif %}
protocol imap {
mail_max_userip_connections = 20
imap_idle_notify_interval = 29mins
}
service imap-login {
inet_listener imap {
port = {% if PORT_143 %}143{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_143 %}
haproxy = yes
{% endif %}
}
{%- if TLS_993 %}
inet_listener imaps {
port = 993
ssl = yes
{%- if PROXY_PROTOCOL_993 %}
haproxy = yes
{% endif %}
}
{% endif %}
inet_listener imap-webmail {
port = 10143
}
}
service pop3-login {
inet_listener pop3 {
port = {% if PORT_110 %}110{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_110 %}
haproxy = yes
{% endif %}
}
{%- if TLS_995 and PORT_995 %}
inet_listener pop3s {
port = 995
ssl = yes
{%- if PROXY_PROTOCOL_995 %}
haproxy = yes
{% endif %}
}
{% endif %}
}
recipient_delimiter = {{ RECIPIENT_DELIMITER }}
service lmtp {
user = $default_internal_user
inet_listener lmtp {
port = 2525
}
}
service submission-login {
inet_listener submission {
port = {% if PORT_587 %}587{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_587 %}
haproxy = yes
{% endif %}
}
{%- if TLS_465 %}
inet_listener submissions {
port = 465
ssl = yes
{%- if PROXY_PROTOCOL_465 %}
haproxy = yes
{% endif %}
}
{% endif %}
inet_listener submission-webmail {
port = 10025
}
}
Reference in New Issue View Git Blame Copy Permalink