Please read between the lines =)

at least you should remove autocreate plugin.

On December 15, 2017 at 4:47 PM voytek@sbt.net.au wrote:

I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql virtual domains, in the process of setting a new Centos 7 to migrate, copied /etc/dovecot, made some minor edits to get rid of errors, added Letsencrypt in place of self certified certs, it seems to work, using mail client I can log on StartSSL/110/143, TLS/995/993 with no visible errors when login on

is there any other sanity checks I should do ? before I start putting users on it ?

attaching dovecot.conf at the end, appreciate any suggestion or correction

I see a lot of these warning, are they benign?

#grep Warning /var/log/dovecot.log | wc 74 1102 6900 # wc /var/log/dovecot.log 174 2299 19716 /var/log/dovecot.log

Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending requests: EOF Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer

( as I've re used an old host name, I can see some users already trying to connect, they must've never removed this server name when it was shut down, perhaps they're generating these errors, repeatedly logging on ?)

# doveadm who username # proto (pids) (ips) five@aaa.com.au 1 imap (9047) (35.196.255.170) seven@aaa.com.au 1 imap (9056) (104.196.21.108) eight@aaa.com.au 1 imap (9062) (35.196.255.170) five@aa.com.au 2 imap (9240 9044) (203.194.43.48 35.196.255.170) six@aa.com.au 2 imap (9248 9063) (203.194.43.48 35.185.44.87) postbox@aa.com.au 1 imap (9057) (104.196.178.232) eight@aa.com.au 2 imap (9244 9050) (203.194.43.48 35.196.255.170) seven@aa.com.au 2 imap (9055 9242) (104.196.21.108 203.194.43.48) six@aaa.com.au 1 imap (9054) (35.185.44.87)

doveconf -n -c /etc/dovecot/test/dovecot.conf > /etc/dovecot/test/dovecot.conf.new

# cat dovecot.conf.new

# 2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/

The INDEX= is redundant.

mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u

You should read https://wiki.dovecot.org/SharedMailboxes/Shared

prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk

autocreate & autosubscribe should be converted into

namespace { mailbox INBOX { auto = subscribe # (or just create if subscribing is not required) } }

quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix }

This could be mode = 0600

unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } }

You sure you need these?

service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service pop3-login { service_count = 1 } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert = </etc/letsencrypt/..fullchain.pem ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { auth_socket_path = /var/run/dovecot/auth-master

should not be needed

lda_mailbox_autocreate = yes log_path = /var/log/sieve.log mail_plugins = quota sieve autocreate postmaster_address = root } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 60 mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } #

Aki