## Dovecot 1.0 configuration file base_dir = /var/run/dovecot/ protocols = imap imap_listen = * # Disable SSL/TLS support. ssl_disable = yes disable_plaintext_auth = no log_path = /var/log/dovecot info_log_path = /var/log/dovecot.info log_timestamp = "%b %d %H:%M:%S " ## ## Login processes ## login_dir = /var/run/dovecot/login login_chroot = yes ## ## IMAP login process ## login = imap # Executable location. login_executable = /usr/local/libexec/dovecot/imap-login login_user = dovecot login_process_size = 16 login_process_per_connection = yes login_processes_count = 3 login_max_processes_count = 128 # logging in actually login_processes_count * max_logging_users. login_max_logging_users = 256 ## ## Mail processes ## # Maximum number of running mail processes. When this limit is reached, # new users aren't allowed to log in. max_mail_processes = 1024 verbose_proctitle = yes valid_chroot_dirs = /home/jail # Default chroot directory for mail processes. This can be overridden by # giving /./ in user's home directory (eg. /home/./user chroots into /home). #mail_chroot = /spool/mail # Default MAIL environment to use when it's not set. By leaving this empty # dovecot tries to do some automatic detection as described in # doc/mail-storages.txt. There's a few special variables you can use: # # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if user there's no domain # %h - home directory # # You can also limit a width of string by giving the number of max. characters # after the '%' character. For example %1u gives the first character of # username. Some examples: # # default_mail_env = maildir:/%h/Maildir # Space-separated list of fields to cache for all mails. Currently these # fields are allowed followed by a list of commands they speed up: # # Envelope - FETCH ENVELOPE and SEARCH FROM, TO, CC, BCC, SUBJECT, # SENTBEFORE, SENTON, SENTSINCE, HEADER MESSAGE-ID, # HEADER IN-REPLY-TO # Body - FETCH BODY # Bodystructure - FETCH BODY, BODYSTRUCTURE # MessagePart - FETCH BODY[1.2.3] (ie. body parts), RFC822.SIZE, # SEARCH SMALLER, LARGER, also speeds up BODY/BODYSTRUCTURE # generation. This is always set with mbox mailboxes, and # also default with Maildir. # # Different IMAP clients work in different ways, that's why Dovecot by default # only caches MessagePart which speeds up most operations. Whenever client # does something where caching could be used, the field is automatically marked # to be cached later. For example after FETCH BODY the BODY will be cached # for all new messages. Normally you should leave this alone, unless you know # what most of your IMAP clients are. Caching more fields than needed makes # the index files larger and generate useless I/O. # # With maildir there's one extra optimization - if nothing is cached, indexing # the maildir becomes much faster since it's not opening any of the mail files. # This could be useful if your IMAP clients access only new mails. #mail_cache_fields = MessagePart # Space-separated list of fields that Dovecot should never set to be cached. # Useful if you want to save disk space at the cost of more I/O when the fields # needed. #mail_never_cache_fields = # Workarounds for various client bugs: # oe6-fetch-no-newmail: # Never send EXISTS/RECENT when replying to FETCH command. Outlook Express # seems to think they are FETCH replies and gives user "Message no longer # in server" error. Note that OE6 still breaks even with this workaround # if synchronization is set to "Headers Only". # outlook-idle: # Outlook and Outlook Express never abort IDLE command, so if no mail # arrives in half a hour, Dovecot closes the connection. This is still # fine, except Outlook doesn't connect back so you don't see if new mail # arrives. #client_workarounds = # Dovecot can notify client of new mail in selected mailbox soon after it's # received. This setting specifies the minimum interval in seconds between # new mail notifications to client - internally they may be checked more or # less often. Setting this to 0 disables the checking. # NOTE: Evolution client breaks with this option when it's trying to APPEND. #mailbox_check_interval = 0 # Like mailbox_check_interval, but used for IDLE command. #mailbox_idle_check_interval = 30 # Allow full filesystem access to clients. There's no access checks other than # what the operating system does for the active UID/GID. It works with both # maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ # or ~user/. mail_full_filesystem_access = no # Maximum allowed length for custom flag name. It's only forced when trying # to create new flags. #mail_max_flag_length = 50 # Save mails with CR+LF instead of plain LF. This makes sending those mails # take less CPU, especially with sendfile() syscall with Linux and FreeBSD. # But it also creates a bit more disk I/O which may just make it slower. #mail_save_crlf = no # Use mmap() instead of read() to read mail files. read() seems to be a bit # faster with my Linux/x86 and it's better with NFS, so that's the default. #mail_read_mmaped = no # Copy mail to another folders using hard links. This is much faster than # actually copying the file. This is problematic only if something modifies # the mail in one folder but doesn't want it modified in the others. I don't # know any MUA which would modify mail files directly. IMAP protocol also # requires that the mails don't change, so it would be problematic in any case. # If you care about performance, enable it. #maildir_copy_with_hardlinks = no # Check if mails' content has been changed by external programs. This slows # down things as extra stat() needs to be called for each file. If changes are # noticed, the message is treated as a new message, since IMAP protocol # specifies that existing message are immutable. #maildir_check_content_changes = no # Which locking methods to use for locking mbox. There's three available: # dotlock: Create .lock file. This is the oldest and most NFS-safe # solution. If you want to use /var/mail/ like directory, the users # will need write access to that directory. # fcntl : Use this if possible. Works with NFS too if lockd is used. # flock : May not exist in all systems. Doesn't work with NFS. # # You can use both fcntl and flock too; if you do the order they're declared # with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl # and flock. Some operating systems don't allow using both of them # simultaneously, eg. BSDs. If dotlock is used, it's always created first. #mbox_locks = dotlock fcntl flock mbox_locks = fcntl flock # Should we create dotlock file even when we want only a read-lock? Setting # this to yes hurts the performance when the mailbox is accessed simultaneously # by multiple processes, but it's needed for reliable reading if no other # locking methods are available. mbox_read_dotlock = no # Maximum time in seconds to wait for lock (all of them) before aborting. mbox_lock_timeout = 300 # If dotlock exists but the mailbox isn't modified in any way, override the # lock file after this many seconds. mbox_dotlock_change_timeout = 30 # umask to use for mail files and directories umask = 0077 # Drop all privileges before exec()ing the mail process. This is mostly # meant for debugging, otherwise you don't get core dumps. Note that setting # this to yes means that log file is opened as the logged in user, which # might not work. It could also be a small security risk if you use single UID # for multiple users, as the users could ptrace() each others processes then. #mail_drop_priv_before_exec = no ## ## IMAP process ## # Executable location imap_executable = /usr/local/libexec/dovecot/imap # Set max. process size in megabytes. Most of the memory goes to mmap()ing # files, so it shouldn't harm much even if this limit is set pretty high. imap_process_size = 256 # Support for dynamically loadable modules. #imap_use_modules = no #imap_modules = /usr/lib/dovecot/imap ## ## Authentication processes ## auth = default auth_mechanisms = plain # Default realm to use if none was specified. #auth_default_realm = # Where user database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # passwd-file : passwd-like file with specified location # static uid= gid= home=: static settings # vpopmail: vpopmail library # ldap : LDAP, see doc/dovecot-ldap.conf # pgsql : a PostgreSQL database, see doc/dovecot-pgsql.conf auth_userdb = passwd-file /etc/passwd auth_passdb = passwd-file /etc/shadow # Set max. process size in megabytes. #auth_process_size = 256 # User to use for the process. This user needs access to only user and # password databases, nothing else. Only shadow and pam authentication # requires roots, so use something else if possible. auth_user = root # Directory where to chroot the process. Most authentication backends don't # work if this is set, and there's no point chrooting if auth_user is root. #auth_chroot = # Number of authentication processes to create auth_count = 1 # List of allowed characters in username. If the user-given username contains # a character not listed in here, the login automatically fails. This is just # an extra check to make sure user can't exploit any potential quote escaping # vulnerabilities with SQL/LDAP databases. If you want to allow all characters, # set this value to empty. #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # Username to use for users logging in with ANONYMOUS SASL mechanism #auth_anonymous_username = anonymous # More verbose logging. Useful for figuring out why authentication isn't # working. auth_verbose = yes # digest-md5 authentication process. It requires special MD5 passwords which # /etc/shadow and PAM doesn't support, so we never need roots to handle it. # Note that the passwd-file is opened before chrooting and dropping root # privileges, so it may be 0600-root owned file. #auth = plain #auth_methods = digest-md5 #auth_realms = #auth_userdb = passwd-file /etc/passwd.imap #auth_passdb = passwd-file /etc/passwd.imap #auth_user = imapauth #auth_chroot = # if you plan to use only passwd-file, you don't need the two auth processes, # simply set "auth_methods = plain digest-md5"