blob: f99d0f42908781da4e1a5cc1db2206f6b90159cd (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
# to improve performance, disable fsync globally - we will enable it for
# some specific services later on
mail_fsync = never
service imap-login {
# plain-text IMAP should only be accessible from localhost
inet_listener imap {
address = 127.0.0.1, ::1
}
# enable high-performance mode, described here:
# https://wiki.dovecot.org/LoginProcess
service_count = 0
# set to the number of CPU cores on your server
process_min_avail = 3
vsz_limit = 1G
}
# disable POP3 altogether
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
# enable semi-long-lived IMAP processes to improve performance
service imap {
service_count = 256
# set to the number of CPU cores on your server
process_min_avail = 3
}
# expose an LMTP socket for postfix to deliver mail
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
# auth for postfix
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# auth for doveadm tools
unix_listener auth-userdb {
mode = 0666
user = vmail
group = vmail
}
client_limit = 840
}
# no need to run this as root
service auth-worker {
user = vmail
}
|