1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Mailu/core/nginx/dovecot/proxy.conf
2023-06-05 10:23:30 +02:00

157 lines
3.4 KiB
Plaintext

###############
# General
###############
log_path = /dev/stderr
auth_verbose=yes
mail_debug=yes
login_log_format_elements = user=<%u> method=%m rip=%r rport=%b lip=%l lport=%a mpid=%e %c
protocols = sieve imap pop3 lmtp submission
postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
hostname = {{ HOSTNAMES.split(",")[0] }}
submission_host = {{ SMTP_ADDRESS }}
submission_relay_host = {{ SMTP_ADDRESS }}
submission_relay_port = 10025
submission_relay_trusted = yes
submission_relay_ssl = no
submission_max_mail_size = {{ MESSAGE_SIZE_LIMIT }}
submission_backend_capabilities = 8BITMIME DSN VRFY
submission_client_workarounds = mailbox-for-path whitespace-before-path
# disable BURL
imap_urlauth_host=
lmtp_proxy = yes
lmtp_client_workarounds = whitespace-before-path mailbox-for-path
default_internal_user = dovecot
default_login_user = mail
default_internal_group = dovecot
haproxy_trusted_networks = {% if REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %}{{ from_ip }} {% endfor %}{% endif %}
###############
# Authentication
###############
auth_username_chars =
auth_mechanisms = plain login
{%- if TLS %}
ssl = required
ssl_cert = <{{ TLS[0] }}
ssl_key = <{{ TLS[1] }}
{%- if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %}
ssl_alt_cert = <{{ TLS[2] }}
ssl_alt_key = <{{ TLS[3] }}
{% endif %}
# intermediate configuration
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
ssl_prefer_server_ciphers = no
ssl_options = no_compression no_ticket
{% else %}
disable_plaintext_auth = no
ssl = no
{% endif %}
passdb {
driver = lua
args = file=/etc/dovecot/login.lua blocking=yes
}
service auth-worker {
user = dovenull
group = dovenull
unix_listener auth-worker {
}
}
service anvil {
unix_listener anvil-auth-penalty {
mode = 0
}
}
service managesieve-login {
executable = managesieve-login
inet_listener sieve {
port = 4190
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
haproxy = yes
{% endif %}
}
inet_listener sieve-webmail {
port = 14190
}
}
protocol imap {
mail_max_userip_connections = 20
imap_idle_notify_interval = 29mins
}
service imap-login {
inet_listener imap {
port = 143
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
haproxy = yes
{% endif %}
}
inet_listener imaps {
port = 993
{%- if TLS %}
ssl = yes
{% endif %}
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
haproxy = yes
{% endif %}
}
inet_listener imap-webmail {
port = 10143
}
}
service pop3-login {
inet_listener pop3 {
port = 110
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
haproxy = yes
{% endif %}
}
inet_listener pop3s {
port = 995
{%- if TLS %}
ssl = yes
{% endif %}
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
haproxy = yes
{% endif %}
}
}
recipient_delimiter = {{ RECIPIENT_DELIMITER }}
service lmtp {
user = $default_internal_user
inet_listener lmtp {
port = 2525
}
}
service submission-login {
inet_listener submission {
port = 587
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
haproxy = yes
{% endif %}
}
inet_listener submissions {
port = 465
{%- if TLS %}
ssl = yes
{% endif %}
{%- if PROXY_PROTOCOL in ['all', 'mail'] %}
haproxy = yes
{% endif %}
}
inet_listener submission-webmail {
port = 10025
}
}