Am 22.12.2013 17:24, schrieb Charles Marcus:
One thing about dovecots config I've learned during this process... it is confusing sometimes to determine where any given setting is coming from, given the number of different default config files..
Grepping of course will help you find it, but it would be nice if there was some way to simplify this...
Maybe cut down on the number of different config files
you are free to use only one config file as below and a second one "/etc/dovecot/sql.conf" referred there contains the sensible autentication configuration
hence my RPM-SPEC does not include a single config file
[root@testserver:~]$ cat /etc/dovecot/dovecot.conf # provided services protocols = imap pop3
# configure ssl ssl = yes ssl_cert = </etc/postfix/certs/localhost.pem ssl_key = </etc/postfix/certs/localhost.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2 ssl_prefer_server_ciphers = yes ssl_parameters_regenerate = 0
# configure imap-proxy service imap-login { inet_listener imap { address = **.**.**.** port = 143 } inet_listener imaps { address = **.**.**.** port = 993 } vsz_limit = 128M service_count = 0 process_min_avail = 1 process_limit = 1 client_limit = 200 }
# configure pop3-proxy service pop3-login { inet_listener pop3 { address = **.**.**.** port = 110 } inet_listener pop3s { address = **.**.**.** port = 995 } vsz_limit = 128M service_count = 0 process_min_avail = 1 process_limit = 1 client_limit = 200 }
# default settings imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE login_greeting = login_log_format_elements = %u %r %m %k login_log_format = %{login_status}: %s mail_max_userip_connections = 100 auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN PLAIN disable_plaintext_auth = no shutdown_clients = no version_ignore = yes
# Logging syslog_facility = mail
# authentication process auth_worker_max_count = 50 auth_cache_size = 1024 auth_cache_ttl = 600 auth_cache_negative_ttl = 600 auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options auth_debug = no auth_debug_passwords = no auth_verbose = no mail_debug = no verbose_ssl = no
# configure proxy-database passdb { driver = sql args = /etc/dovecot/sql.conf }
# we are not using local users userdb { driver = static args = static uid=10000 gid=10000 home=/dev/null }
# configure backend for postfix sasl-auth service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } }