1 files changed, 46 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf
new file mode 100644
index 0000000..4e23fa8
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,46 @@
+# cache all authentication results for one hour
+#auth_cache_size = 10M
+#auth_cache_ttl = 1 hour
+#auth_cache_negative_ttl = 1 hour
+# Don't cache password details, otherwise password changes require a server HUP
+# before the server will re-query the password data source.
+auth_cache_size = 0
+# only use plain username/password auth - OK since everything is over TLS
+auth_mechanisms = plain
+# passdb specifies how users are authenticated - sql here, and
+# our sql config specifies the sqlite filename with queries to use
+passdb {
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf.ext
+}
+# userdb specifies the location of users' "home" directories - where their
+# mail is stored. e.g. /var/mail/vhosts/exmaple.com/user
+# %d = domain, %n = user
+# We can't use "prefetch" because postfix can't read users from "prefetch" db,
+# and we can't use 'static' because the doveadm tool needs to iterate users
+# for purging zero refcount deleted mails, so we give a userdb of sql here
+# and specify a "get all users" SQL query in the configuration file.
+userdb {
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf.ext
+}
+# UNIX socket path to master authentication server to find users.
+# This is used by imap (for shared users) and lda.
+auth_socket_path = /var/run/dovecot/auth-userdb
+# Respect /etc/hosts.deny (populated by fail2ban)
+# You can use /etc/hosts.allow to countermand fail2ban decisions.
+login_access_sockets = tcpwrap
+service tcpwrap {
+  unix_listener login/tcpwrap {
+    group = $default_login_user
+    mode = 0600
+    user = $default_login_user
+  }
+}

diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf new file mode 100644 index 0000000..4e23fa8 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,46 @@
	1	# cache all authentication results for one hour
	2	#auth_cache_size = 10M
	3	#auth_cache_ttl = 1 hour
	4	#auth_cache_negative_ttl = 1 hour
	5
	6	# Don't cache password details, otherwise password changes require a server HUP
	7	# before the server will re-query the password data source.
	8	auth_cache_size = 0
	9
	10	# only use plain username/password auth - OK since everything is over TLS
	11	auth_mechanisms = plain
	12
	13	# passdb specifies how users are authenticated - sql here, and
	14	# our sql config specifies the sqlite filename with queries to use
	15	passdb {
	16	driver = sql
	17	args = /etc/dovecot/dovecot-sql.conf.ext
	18	}
	19
	20	# userdb specifies the location of users' "home" directories - where their
	21	# mail is stored. e.g. /var/mail/vhosts/exmaple.com/user
	22	# %d = domain, %n = user
	23	# We can't use "prefetch" because postfix can't read users from "prefetch" db,
	24	# and we can't use 'static' because the doveadm tool needs to iterate users
	25	# for purging zero refcount deleted mails, so we give a userdb of sql here
	26	# and specify a "get all users" SQL query in the configuration file.
	27	userdb {
	28	driver = sql
	29	args = /etc/dovecot/dovecot-sql.conf.ext
	30	}
	31
	32	# UNIX socket path to master authentication server to find users.
	33	# This is used by imap (for shared users) and lda.
	34	auth_socket_path = /var/run/dovecot/auth-userdb
	35
	36	# Respect /etc/hosts.deny (populated by fail2ban)
	37	# You can use /etc/hosts.allow to countermand fail2ban decisions.
	38	login_access_sockets = tcpwrap
	39
	40	service tcpwrap {
	41	unix_listener login/tcpwrap {
	42	group = $default_login_user
	43	mode = 0600
	44	user = $default_login_user
	45	}
	46	}