[Dovecot] Dovecot-2.0 conf misc questions

23 Jun 2010

      Hello,
I'm setting up a dovecot-2.0.beta6 install and I'm experiencing the
following issues/questions :

Converting the config file

/usr/local/dovecot-2/bin/doveconf -n -c /usr/local/dovecot-1.2.12/etc/dovecot.conf :
[...]
doveconf: Fatal: Error in configuration file /usr/local/dovecot-1.2.12/etc/dovecot.conf line 176: Unknown setting: process_limit
but
# grep -i process_limit /usr/local/dovecot-1.2.12/etc/dovecot.conf
#
Well, it doesn't bother me much since I made the dovecot-2 conf from scratch anyway.

Changing the process limit

In 10-master.conf, I changed 'service imap''s 'process_limit' from 1024 to 4096 which caused :
Warning: service auth { client_limit=4096 } is lower than required under max. load (5320)
Where does the 5320 come from ?

The = 

Is there anything to know about this new syntax other than files are introduced by "<" ?

The "filter" hierarchy

My understanding is that protocol, remote, local must be specified in the following order
protocol name {
remote  {
local  {
and that for a match in several blocks, the more specific wins.
but it's not clear to me where they are valid and if we can negate (with a !
for instance) an argument.
For instance, I want to implement the typical case of "let clients from the
inside network perform a plain auth over a clear connection, require SSL before
auth for the outside network clients".
For that, I want to put
remote <internal network address> {
disable_plaintext_auth = no
}
in 10-auth.conf
and let the 'disable_plaintext_auth = yes' in dovecot.conf
But :
. why is this default not in 10-auth.conf file ?
. would I have been allowed to do, for instance, in that file at the same line
protocol imap {
 remote <internal network address> {
 disable_plaintext_auth = no
}
?
. would I have been allowed to do, for instance, in that file at the same line
 protocol ! imap ...
or
remote ! <some address>
?
Besides, if I set ssl=required, do I still need disable_plaintext_auth = yes ?

auth unix listner

Default is the unix socket 'auth-userdb'. Which processes communicate
through this one ?  Does that mean the the auth process is not the
process which performs the actual passdb/userdb lookup ? In that case
what is the 'userdb process' ?
Same question : what is the auth-client socket used for ?
Finally, would it make sense to declare other auth listeners than the two
listed by default in the 10-master.conf file ?
--
Thomas Hummel 	    | Institut Pasteur
hummel@pasteur.fr | Pôle informatique - systèmes et réseau