[Dovecot] best fine tune for 2.0.9
Hi Timo and the other directors of the following pigeonhole dovecot sieve
I wonder what are the strengths and weaknesses of my config, and what do I need to change to stick more to a best configuration
r13151 ~]# /usr/sbin/dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32.2-xxxx-grs-ipv6-32 i686 CentOS release 5.5 (Final) auth_mechanisms = plain login base_dir = /var/run/dovecot/ imap_capability = +IDLE listen = [::] log_path = /var/log/maillog log_timestamp = %Y-%m-%d %H:%M:%S login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_location = maildir:~/Maildir mail_max_userip_connections = 20 managesieve_notify_capability = mailto managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date spamtest spamtestplus virustest namespace { inbox = yes location = prefix = separator = . } passdb { driver = pam } plugin { plugin = autocreate managesieve sieve sieve = ~/.dovecot.sieve sieve_before = /var/sieve-scripts/roundcube.sieve sieve_dir = ~/sieve sieve_global_path = whatever } protocols = sieve imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { mode = 0666 } vsz_limit = 64 M } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = * , [::] port = 993 } process_limit = 128 vsz_limit = 64 M } service imap { client_limit = 5 service_count = 0 } service managesieve-login { inet_listener managesieve-login { address = * port = 2000 } process_limit = 128 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { address = * , [::] port = 995 } process_limit = 128 vsz_limit = 64 M } ssl_ca =
-- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
On 7.2.2011, at 16.46, fakessh @ wrote:
imap_capability = +IDLE
No longer necessary.
protocols = sieve imap pop3 service auth { unix_listener auth-master { mode = 0666 }
Would be better to limit to 0600 or 0660 if possible. What is using auth-master anyway? Most parts of Dovecot want to use auth-userdb. I can't actually even think of anything that wants auth-master..
listen = [::] .. service imap-login { inet_listener imaps { address = * , [::]
Why override it here? You could set a global listen = *, [::] without having to specify it separately for imap/pop3.
service imap { client_limit = 5
Having client_limit larger than 1 for imap/pop3 services isn't well supported. Clients may see delays and you may see error messages in logs.
service managesieve-login { inet_listener managesieve-login { address = *
Managesieve intentionally isn't listening on IPv6?
timo thank you for your reply
Le lundi 07 février 2011 à 17:32 +0200, Timo Sirainen a écrit :
On 7.2.2011, at 16.46, fakessh @ wrote:
imap_capability = +IDLE
No longer necessary.
protocols = sieve imap pop3 service auth { unix_listener auth-master { mode = 0666 }
Would be better to limit to 0600 or 0660 if possible. What is using auth-master anyway? Most parts of Dovecot want to use auth-userdb. I can't actually even think of anything that wants auth-master..
I will try to gradually change the permissions
listen = [::] .. service imap-login { inet_listener imaps { address = * , [::]
Why override it here? You could set a global listen = *, [::] without having to specify it separately for imap/pop3.
service imap { client_limit = 5
Having client_limit larger than 1 for imap/pop3 services isn't well supported. Clients may see delays and you may see error messages in logs.
service managesieve-login { inet_listener managesieve-login { address = *
Managesieve intentionally isn't listening on IPv6?
gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
participants (2)
-
fakessh @
-
Timo Sirainen