1 files changed, 82 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf
new file mode 100644
index 0000000..f99d0f4
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf
@@ -0,0 +1,82 @@
+# to improve performance, disable fsync globally - we will enable it for
+# some specific services later on
+mail_fsync = never
+service imap-login {
+  # plain-text IMAP should only be accessible from localhost
+  inet_listener imap {
+    address = 127.0.0.1, ::1
+  }
+  # enable high-performance mode, described here:
+  # https://wiki.dovecot.org/LoginProcess
+  service_count = 0
+  # set to the number of CPU cores on your server
+  process_min_avail = 3
+  vsz_limit = 1G
+}
+# disable POP3 altogether
+service pop3-login {
+  inet_listener pop3 {
+    port = 0
+  }
+  inet_listener pop3s {
+    port = 0
+  }
+}
+# enable semi-long-lived IMAP processes to improve performance
+service imap {
+  service_count = 256
+  # set to the number of CPU cores on your server
+  process_min_avail = 3
+}
+# expose an LMTP socket for postfix to deliver mail
+service lmtp {
+ unix_listener /var/spool/postfix/private/dovecot-lmtp {
+   group = postfix
+   mode = 0600
+   user = postfix
+  }
+}
+service auth {
+  # auth_socket_path points to this userdb socket by default. It's typically
+  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
+  # full permissions to this socket are able to get a list of all usernames and
+  # get the results of everyone's userdb lookups.
+  #
+  # The default 0666 mode allows anyone to connect to the socket, but the
+  # userdb lookups will succeed only if the userdb returns an "uid" field that
+  # matches the caller process's UID. Also if caller's uid or gid matches the
+  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
+  #
+  # To give the caller full permissions to lookup all users, set the mode to
+  # something else than 0666 and Dovecot lets the kernel enforce the
+  # permissions (e.g. 0777 allows everyone full permissions).
+  # auth for postfix
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0666
+    user = postfix
+    group = postfix
+  }
+  # auth for doveadm tools
+  unix_listener auth-userdb {
+    mode = 0666
+    user = vmail
+    group = vmail
+  }
+  client_limit = 840
+}
+# no need to run this as root
+service auth-worker {
+  user = vmail
+}

diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf new file mode 100644 index 0000000..f99d0f4 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf
@@ -0,0 +1,82 @@
	1	# to improve performance, disable fsync globally - we will enable it for
	2	# some specific services later on
	3	mail_fsync = never
	4
	5	service imap-login {
	6	# plain-text IMAP should only be accessible from localhost
	7	inet_listener imap {
	8	address = 127.0.0.1, ::1
	9	}
	10
	11	# enable high-performance mode, described here:
	12	# https://wiki.dovecot.org/LoginProcess
	13	service_count = 0
	14
	15	# set to the number of CPU cores on your server
	16	process_min_avail = 3
	17	vsz_limit = 1G
	18	}
	19
	20	# disable POP3 altogether
	21	service pop3-login {
	22	inet_listener pop3 {
	23	port = 0
	24	}
	25
	26	inet_listener pop3s {
	27	port = 0
	28	}
	29	}
	30
	31	# enable semi-long-lived IMAP processes to improve performance
	32	service imap {
	33	service_count = 256
	34	# set to the number of CPU cores on your server
	35	process_min_avail = 3
	36	}
	37
	38	# expose an LMTP socket for postfix to deliver mail
	39	service lmtp {
	40	unix_listener /var/spool/postfix/private/dovecot-lmtp {
	41	group = postfix
	42	mode = 0600
	43	user = postfix
	44	}
	45	}
	46
	47	service auth {
	48	# auth_socket_path points to this userdb socket by default. It's typically
	49	# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
	50	# full permissions to this socket are able to get a list of all usernames and
	51	# get the results of everyone's userdb lookups.
	52	#
	53	# The default 0666 mode allows anyone to connect to the socket, but the
	54	# userdb lookups will succeed only if the userdb returns an "uid" field that
	55	# matches the caller process's UID. Also if caller's uid or gid matches the
	56	# socket's uid or gid the lookup succeeds. Anything else causes a failure.
	57	#
	58	# To give the caller full permissions to lookup all users, set the mode to
	59	# something else than 0666 and Dovecot lets the kernel enforce the
	60	# permissions (e.g. 0777 allows everyone full permissions).
	61
	62	# auth for postfix
	63	unix_listener /var/spool/postfix/private/auth {
	64	mode = 0666
	65	user = postfix
	66	group = postfix
	67	}
	68
	69	# auth for doveadm tools
	70	unix_listener auth-userdb {
	71	mode = 0666
	72	user = vmail
	73	group = vmail
	74	}
	75
	76	client_limit = 840
	77	}
	78
	79	# no need to run this as root
	80	service auth-worker {
	81	user = vmail
	82	}