self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Code Issues Releases Activity
98f671dc2e
Mailu/core/nginx/dovecot/proxy.conf
Florent Daigniere 5fb44bd719 Don't let people disable 465 and 993 
This is what we use for the other type of autoconfig... and really what
everyone should be using.
2024-06-22 10:23:14 +02:00

165 lines
3.5 KiB
Plaintext
Raw Blame History

###############
# General
###############
log_path = /dev/stderr
auth_verbose=yes
mail_debug=yes
login_log_format_elements = user=<%u> method=%m rip=%r rport=%b lip=%l lport=%a mpid=%e %c
protocols = sieve imap pop3 lmtp submission
postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
hostname = {{ HOSTNAMES.split(",")[0] }}
submission_host = {{ SMTP_ADDRESS }}
submission_relay_host = {{ SMTP_ADDRESS }}
submission_relay_port = 10025
submission_relay_trusted = yes
submission_relay_ssl = no
submission_max_mail_size = {{ MESSAGE_SIZE_LIMIT }}
submission_backend_capabilities = 8BITMIME DSN VRFY
submission_client_workarounds = mailbox-for-path whitespace-before-path
# disable BURL
imap_urlauth_host=
lmtp_proxy = yes
lmtp_client_workarounds = whitespace-before-path mailbox-for-path
{%- if SUBNET6 %}
listen = *,::
{% else %}
listen = *
{% endif %}
default_internal_user = dovecot
default_login_user = mail
default_internal_group = dovecot
haproxy_trusted_networks = {% if REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %}{{ from_ip }} {% endfor %}{% endif %}
###############
# Authentication
###############
auth_username_chars =
auth_mechanisms = plain login
{%- if TLS %}
ssl = required
ssl_cert = <{{ TLS[0] }}
ssl_key = <{{ TLS[1] }}
{%- if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %}
ssl_alt_cert = <{{ TLS[2] }}
ssl_alt_key = <{{ TLS[3] }}
{% endif %}
# intermediate configuration
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
ssl_prefer_server_ciphers = no
ssl_options = no_compression no_ticket
{% else %}
disable_plaintext_auth = no
ssl = no
{% endif %}
passdb {
driver = lua
args = file=/etc/dovecot/login.lua blocking=yes
}
service auth-worker {
user = dovenull
group = dovenull
unix_listener auth-worker {
}
}
service anvil {
unix_listener anvil-auth-penalty {
mode = 0
}
}
{%- if PORT_4190 %}
service managesieve-login {
executable = managesieve-login
inet_listener sieve {
port = 4190
{%- if PROXY_PROTOCOL_4190 %}
haproxy = yes
{% endif %}
}
inet_listener sieve-webmail {
port = 14190
}
}
{% endif %}
protocol imap {
mail_max_userip_connections = 20
imap_idle_notify_interval = 29mins
}
service imap-login {
inet_listener imap {
port = {% if PORT_143 %}143{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_143 %}
haproxy = yes
{% endif %}
}
{%- if TLS_993 %}
inet_listener imaps {
port = 993
ssl = yes
{%- if PROXY_PROTOCOL_993 %}
haproxy = yes
{% endif %}
}
{% endif %}
inet_listener imap-webmail {
port = 10143
}
}
service pop3-login {
inet_listener pop3 {
port = {% if PORT_110 %}110{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_110 %}
haproxy = yes
{% endif %}
}
{%- if TLS_995 and PORT_995 %}
inet_listener pop3s {
port = 995
ssl = yes
{%- if PROXY_PROTOCOL_995 %}
haproxy = yes
{% endif %}
}
{% endif %}
}
recipient_delimiter = {{ RECIPIENT_DELIMITER }}
service lmtp {
user = $default_internal_user
inet_listener lmtp {
port = 2525
}
}
service submission-login {
inet_listener submission {
port = {% if PORT_587 %}587{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_587 %}
haproxy = yes
{% endif %}
}
{%- if TLS_465 %}
inet_listener submissions {
port = 465
ssl = yes
{%- if PROXY_PROTOCOL_465 %}
haproxy = yes
{% endif %}
}
{% endif %}
inet_listener submission-webmail {
port = 10025
}
}
Reference in New Issue View Git Blame Copy Permalink