[Dovecot] Dovecot-2.0 conf misc questions

Thomas Hummel hummel at pasteur.fr
Wed Jun 23 17:54:52 EEST 2010 

Hello,

I'm setting up a dovecot-2.0.beta6 install and I'm experiencing the
following issues/questions :

1. Converting the config file

  # /usr/local/dovecot-2/bin/doveconf -n -c /usr/local/dovecot-1.2.12/etc/dovecot.conf :

  [...]
  doveconf: Fatal: Error in configuration file /usr/local/dovecot-1.2.12/etc/dovecot.conf line 176: Unknown setting: process_limit

but

  # grep -i process_limit /usr/local/dovecot-1.2.12/etc/dovecot.conf
  # 

Well, it doesn't bother me much since I made the dovecot-2 conf from scratch anyway.

2. Changing the process limit

In 10-master.conf, I changed 'service imap''s 'process_limit' from 1024 to 4096 which caused :

  Warning: service auth { client_limit=4096 } is lower than required under max. load (5320)

Where does the 5320 come from ?

3. The = <file syntax

Is there anything to know about this new syntax other than files are introduced by "<" ?

4. The "filter" hierarchy

My understanding is that protocol, remote, local must be specified in the following order

protocol name {
  remote <ip|name> {
    local <ip|name> {

and that for a match in several blocks, the more specific wins.

but it's not clear to me where they are valid and if we can negate (with a !
for instance) an argument.

For instance, I want to implement the typical case of "let clients from the
inside network perform a plain auth over a clear connection, require SSL before
auth for the outside network clients".

For that, I want to put 

  remote <internal network address> {
    disable_plaintext_auth = no
  }

in 10-auth.conf

and let the 'disable_plaintext_auth = yes' in dovecot.conf

But :

  . why is this default not in 10-auth.conf file ?
  . would I have been allowed to do, for instance, in that file at the same line

    protocol imap {
     remote <internal network address> {
     disable_plaintext_auth = no
    }

?

  . would I have been allowed to do, for instance, in that file at the same line

     protocol ! imap ...
   or
     remote ! <some address>

?

Besides, if I set ssl=required, do I still need disable_plaintext_auth = yes ?

4. auth unix listner

Default is the unix socket 'auth-userdb'. Which processes communicate
through this one ?  Does that mean the the auth process is not the
process which performs the actual passdb/userdb lookup ? In that case
what is the 'userdb process' ?

Same question : what is the auth-client socket used for ?

Finally, would it make sense to declare other auth listeners than the two
listed by default in the 10-master.conf file ?

-- 
Thomas Hummel 	    | Institut Pasteur
<hummel at pasteur.fr> | Pôle informatique - systèmes et réseau

More information about the dovecot mailing list