[Dovecot] best fine tune for 2.0.9
Hi Timo and the other directors of the following pigeonhole dovecot sieve
I wonder what are the strengths and weaknesses of my config, and what do I need to change to stick more to a best configuration
r13151 ~]# /usr/sbin/dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32.2-xxxx-grs-ipv6-32 i686 CentOS release 5.5 (Final) auth_mechanisms = plain login base_dir = /var/run/dovecot/ imap_capability = +IDLE listen = [::] log_path = /var/log/maillog log_timestamp = %Y-%m-%d %H:%M:%S login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_location = maildir:~/Maildir mail_max_userip_connections = 20 managesieve_notify_capability = mailto managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date spamtest spamtestplus virustest namespace { inbox = yes location = prefix = separator = . } passdb { driver = pam } plugin { plugin = autocreate managesieve sieve sieve = ~/.dovecot.sieve sieve_before = /var/sieve-scripts/roundcube.sieve sieve_dir = ~/sieve sieve_global_path = whatever } protocols = sieve imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { mode = 0666 } vsz_limit = 64 M } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = * , [::] port = 993 } process_limit = 128 vsz_limit = 64 M } service imap { client_limit = 5 service_count = 0 } service managesieve-login { inet_listener managesieve-login { address = * port = 2000 } process_limit = 128 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { address = * , [::] port = 995 } process_limit = 128 vsz_limit = 64 M } ssl_ca = </etc/pki/tls/certs/root.crt ssl_cert = </etc/pki/tls/certs/r13151.ovh.net.crt ssl_key = </etc/pki/tls/private/r13151.ovh.net.key ssl_verify_client_cert = yes userdb { driver = passwd } version_ignore = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep imap_max_line_length = 64 k mail_plugins = autocreate } protocol pop3 { mail_plugins = autocreate pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s } protocol lda { hostname = r13151.ovh.net mail_plugins = autocreate sieve postmaster_address = postmaster@fakessh.eu sendmail_path = /usr/lib/sendmail } protocol sieve { managesieve_implementation_string = dovecot managesieve_logout_format = bytes ( in=%i : out=%o ) managesieve_max_line_length = 65536 }
-- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
On 7.2.2011, at 16.46, fakessh @ wrote:
imap_capability = +IDLE
No longer necessary.
protocols = sieve imap pop3 service auth { unix_listener auth-master { mode = 0666 }
Would be better to limit to 0600 or 0660 if possible. What is using auth-master anyway? Most parts of Dovecot want to use auth-userdb. I can't actually even think of anything that wants auth-master..
listen = [::] .. service imap-login { inet_listener imaps { address = * , [::]
Why override it here? You could set a global listen = *, [::] without having to specify it separately for imap/pop3.
service imap { client_limit = 5
Having client_limit larger than 1 for imap/pop3 services isn't well supported. Clients may see delays and you may see error messages in logs.
service managesieve-login { inet_listener managesieve-login { address = *
Managesieve intentionally isn't listening on IPv6?
timo thank you for your reply
Le lundi 07 février 2011 à 17:32 +0200, Timo Sirainen a écrit :
On 7.2.2011, at 16.46, fakessh @ wrote:
imap_capability = +IDLE
No longer necessary.
protocols = sieve imap pop3 service auth { unix_listener auth-master { mode = 0666 }
Would be better to limit to 0600 or 0660 if possible. What is using auth-master anyway? Most parts of Dovecot want to use auth-userdb. I can't actually even think of anything that wants auth-master..
I will try to gradually change the permissions
listen = [::] .. service imap-login { inet_listener imaps { address = * , [::]
Why override it here? You could set a global listen = *, [::] without having to specify it separately for imap/pop3.
service imap { client_limit = 5
Having client_limit larger than 1 for imap/pop3 services isn't well supported. Clients may see delays and you may see error messages in logs.
service managesieve-login { inet_listener managesieve-login { address = *
Managesieve intentionally isn't listening on IPv6?
gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
participants (2)
-
fakessh @
-
Timo Sirainen