diff options
Diffstat (limited to 'ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf')
-rw-r--r-- | ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf new file mode 100644 index 0000000..4e23fa8 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf | |||
@@ -0,0 +1,46 @@ | |||
1 | # cache all authentication results for one hour | ||
2 | #auth_cache_size = 10M | ||
3 | #auth_cache_ttl = 1 hour | ||
4 | #auth_cache_negative_ttl = 1 hour | ||
5 | |||
6 | # Don't cache password details, otherwise password changes require a server HUP | ||
7 | # before the server will re-query the password data source. | ||
8 | auth_cache_size = 0 | ||
9 | |||
10 | # only use plain username/password auth - OK since everything is over TLS | ||
11 | auth_mechanisms = plain | ||
12 | |||
13 | # passdb specifies how users are authenticated - sql here, and | ||
14 | # our sql config specifies the sqlite filename with queries to use | ||
15 | passdb { | ||
16 | driver = sql | ||
17 | args = /etc/dovecot/dovecot-sql.conf.ext | ||
18 | } | ||
19 | |||
20 | # userdb specifies the location of users' "home" directories - where their | ||
21 | # mail is stored. e.g. /var/mail/vhosts/exmaple.com/user | ||
22 | # %d = domain, %n = user | ||
23 | # We can't use "prefetch" because postfix can't read users from "prefetch" db, | ||
24 | # and we can't use 'static' because the doveadm tool needs to iterate users | ||
25 | # for purging zero refcount deleted mails, so we give a userdb of sql here | ||
26 | # and specify a "get all users" SQL query in the configuration file. | ||
27 | userdb { | ||
28 | driver = sql | ||
29 | args = /etc/dovecot/dovecot-sql.conf.ext | ||
30 | } | ||
31 | |||
32 | # UNIX socket path to master authentication server to find users. | ||
33 | # This is used by imap (for shared users) and lda. | ||
34 | auth_socket_path = /var/run/dovecot/auth-userdb | ||
35 | |||
36 | # Respect /etc/hosts.deny (populated by fail2ban) | ||
37 | # You can use /etc/hosts.allow to countermand fail2ban decisions. | ||
38 | login_access_sockets = tcpwrap | ||
39 | |||
40 | service tcpwrap { | ||
41 | unix_listener login/tcpwrap { | ||
42 | group = $default_login_user | ||
43 | mode = 0600 | ||
44 | user = $default_login_user | ||
45 | } | ||
46 | } | ||