blob: 4e23fa88ef54bf6ae5dd2faf1294247206c4f7cd (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
# cache all authentication results for one hour
#auth_cache_size = 10M
#auth_cache_ttl = 1 hour
#auth_cache_negative_ttl = 1 hour
# Don't cache password details, otherwise password changes require a server HUP
# before the server will re-query the password data source.
auth_cache_size = 0
# only use plain username/password auth - OK since everything is over TLS
auth_mechanisms = plain
# passdb specifies how users are authenticated - sql here, and
# our sql config specifies the sqlite filename with queries to use
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
# userdb specifies the location of users' "home" directories - where their
# mail is stored. e.g. /var/mail/vhosts/exmaple.com/user
# %d = domain, %n = user
# We can't use "prefetch" because postfix can't read users from "prefetch" db,
# and we can't use 'static' because the doveadm tool needs to iterate users
# for purging zero refcount deleted mails, so we give a userdb of sql here
# and specify a "get all users" SQL query in the configuration file.
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
# UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda.
auth_socket_path = /var/run/dovecot/auth-userdb
# Respect /etc/hosts.deny (populated by fail2ban)
# You can use /etc/hosts.allow to countermand fail2ban decisions.
login_access_sockets = tcpwrap
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
|
