diff options
Diffstat (limited to 'ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf')
-rw-r--r-- | ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf new file mode 100644 index 0000000..f99d0f4 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf | |||
@@ -0,0 +1,82 @@ | |||
1 | # to improve performance, disable fsync globally - we will enable it for | ||
2 | # some specific services later on | ||
3 | mail_fsync = never | ||
4 | |||
5 | service imap-login { | ||
6 | # plain-text IMAP should only be accessible from localhost | ||
7 | inet_listener imap { | ||
8 | address = 127.0.0.1, ::1 | ||
9 | } | ||
10 | |||
11 | # enable high-performance mode, described here: | ||
12 | # https://wiki.dovecot.org/LoginProcess | ||
13 | service_count = 0 | ||
14 | |||
15 | # set to the number of CPU cores on your server | ||
16 | process_min_avail = 3 | ||
17 | vsz_limit = 1G | ||
18 | } | ||
19 | |||
20 | # disable POP3 altogether | ||
21 | service pop3-login { | ||
22 | inet_listener pop3 { | ||
23 | port = 0 | ||
24 | } | ||
25 | |||
26 | inet_listener pop3s { | ||
27 | port = 0 | ||
28 | } | ||
29 | } | ||
30 | |||
31 | # enable semi-long-lived IMAP processes to improve performance | ||
32 | service imap { | ||
33 | service_count = 256 | ||
34 | # set to the number of CPU cores on your server | ||
35 | process_min_avail = 3 | ||
36 | } | ||
37 | |||
38 | # expose an LMTP socket for postfix to deliver mail | ||
39 | service lmtp { | ||
40 | unix_listener /var/spool/postfix/private/dovecot-lmtp { | ||
41 | group = postfix | ||
42 | mode = 0600 | ||
43 | user = postfix | ||
44 | } | ||
45 | } | ||
46 | |||
47 | service auth { | ||
48 | # auth_socket_path points to this userdb socket by default. It's typically | ||
49 | # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have | ||
50 | # full permissions to this socket are able to get a list of all usernames and | ||
51 | # get the results of everyone's userdb lookups. | ||
52 | # | ||
53 | # The default 0666 mode allows anyone to connect to the socket, but the | ||
54 | # userdb lookups will succeed only if the userdb returns an "uid" field that | ||
55 | # matches the caller process's UID. Also if caller's uid or gid matches the | ||
56 | # socket's uid or gid the lookup succeeds. Anything else causes a failure. | ||
57 | # | ||
58 | # To give the caller full permissions to lookup all users, set the mode to | ||
59 | # something else than 0666 and Dovecot lets the kernel enforce the | ||
60 | # permissions (e.g. 0777 allows everyone full permissions). | ||
61 | |||
62 | # auth for postfix | ||
63 | unix_listener /var/spool/postfix/private/auth { | ||
64 | mode = 0666 | ||
65 | user = postfix | ||
66 | group = postfix | ||
67 | } | ||
68 | |||
69 | # auth for doveadm tools | ||
70 | unix_listener auth-userdb { | ||
71 | mode = 0666 | ||
72 | user = vmail | ||
73 | group = vmail | ||
74 | } | ||
75 | |||
76 | client_limit = 840 | ||
77 | } | ||
78 | |||
79 | # no need to run this as root | ||
80 | service auth-worker { | ||
81 | user = vmail | ||
82 | } | ||