several misc questions, public folders and sharing, quota, ssl
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Apr 14 20:43:24 EEST 2017
Please keep responses on the list. Thank you. =)
Without ACL plugin there is no way to restrict access, it's free for all.
my site is a very tiny few user site, but ...
auth_mechanisms = login plain
mail_attribute_dict = file:%h/Mail/dovecot-attributes
mail_location = sdbox:~/Mail
mail_plugins = stats quota fts fts_lucene
namespace inbox {
inbox = yes
list = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = .
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
fts = lucene
fts_lucene = whitespace_chars=@.
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
quota = count:User quota
quota_vsizes = yes
recipient_delimiter = +
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
stats_refresh = 30
}
protocols = imap lmtp
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
user = $default_internal_user
}
service doveadm {
inet_listener http {
address = 127.0.0.1
port = 38080
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
inet_listener lmtp {
address = 127.0.0.1
port = 8025
}
}
service stats {
fifo_listener stats-mail {
mode = 0666
}
}
ssl = required
ssl_cert = #
ssl_cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA
ssl_dh_parameters_length = 4096
ssl_key = #
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
submission_host = 127.0.0.1:25
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve
}
protocol lmtp {
mail_plugins = stats quota fts fts_lucene sieve
}
protocol lda {
mail_plugins = stats quota fts fts_lucene sieve
}
Aki
> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at gmail.com> wrote:
>
>
> Hello Aki,
>
> Thank you for your reply.
>
> I've implemented your changes and thanks for the @STRENGTH reminder, I
> had forgotten about that one.
>
> I'll check out the acl plugin. Is it required when sharing a public
> folder or are public folders usable by all? I know it is for shared
> folders.
>
> The TestFolder1 is still not showing up in public not sure why
> everything looks good.
>
> My configuration was migrated from 2.0 to 2.1 then 2.2, various ports
> along the way.
>
> I was wondering if I could take a look at your dovecot configuration
> files and a doveconf -n output?
>
> Thanks.
> Dave.
>
>
> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> >
> >> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler at gmail.com> wrote:
> >>
> >>
> >> Hello,
> >>
> >> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to
> >> optimize how the system is running and have a few misc questions.
> >>
> >> First ssl, is my cipher list good? I'm trying for pfs and wanting to
> >> ensure these cipherlist is appropriate:
> >>
> >> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
> >>
> >
> > I would add @STRENGTH to the end, so it'll get sorted by strengthness.
> >
> >> Next, a new feature that I'm trying for is virtual folders that store
> >> All messages. My understanding of this is that it stores a version of
> >> every received message in one place? I've got the virtual plugin
> >> loaded and have:
> >>
> >> mailbox virtual/All {
> >> comment = All my messages
> >> special_use = \All
> >> }
> >>
> >> I've got a directory /home/vmail/example.com/username/virtual under
> >> which is an ALL folder both directories are accessible to the vmail
> >> user, yet there's no contents in this folder and it's showing up
> >> nowhere.
> >>
> >
> > Configuring virtual all folder:
> >
> > namespace {
> > prefix = virtual
> > location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual
> > comment = All my messages
> > special_use = \All
> > mailbox All {
> > auto = subscribe
> > }
> > }
> >
> > ==== /etc/dovecot/virtual/All/dovecot-virtual ====
> > *
> > all
> > ==== EOF ===
> >
> >> Next, quota warnings, are not being sent at all. I set up a testuser
> >> with a quota of 2 mb, then sent a message to that user getting the box
> >> to 95% full, and no message. Took the user overquota with the next
> >> message, still nothing, and a third message did trigger my custom
> >> quota exceeded message and the message was bounced.
> >>
> >
> > I would recommend you using
> >
> > mail_plugins = $mail_plugins quota quota_clone
> >
> > plugin {
> > quota = count:User quota
> > quota_clone_dict = proxy::sqlquota
> > quota_vsizes = true
> > }
> >
> > Also,
> >
> > "Note that the warning is ONLY executed at the exact time when the limit is
> > being crossed, so when you're testing it you have to do it by crossing the
> > limit by saving a new mail. If something else besides Dovecot updates quota
> > so that the limit is crossed, the warning is never executed."
> >
> >> I'm wanting to implement public folders. My mailboxes are all
> >> virtual, and they are stored under /home/vmail/example.com/username
> >> and /home/vmail/example.org/username in the maildir format. I've got
> >> one user uid and gid of 999 name of vmail who owns all the mailboxes.
> >> I've separated out public folders storing them under
> >> /home/vmail/public. I've created one mailbox called TestFolder and
> >> new, cur, and tmp directories under it. This is what it looks like:
> >
> > <snip />
> >
> >> The public/TestFolder is showing up fine and I can switch to it. The
> >> public/TestFolder1 is not showing up at all so I'm not seeing it and
> >> can't switch to it. Any ideas?
> >>
> >
> > Not sure why it's not showing up, *but*, you could add :INDEXPVT=%h/public
> > to the folder, to keep per-user indexes separate.
> >
> >> My second question involves public folders and domain sharing. Are
> >> public folders accessible to all users and all domains? I've got two
> >> domains example.com and example.org i'd like to create a folder that
> >> some users in example.com can share with some users in example.org,
> >> not necessarily all users in those domains should be able to see the
> >> folders.
> >>
> >
> > Dovecot does not, as per such, care about your domains. It cares about user
> > names. If you want to do this kind of thing, please consult ACL plugin.
> > https://wiki2.dovecot.org/ACL
> >
> >> Ideas welcome.
> >>
> >> Thanks.
> >> Dave.
> >>
> >
> > Some other comments, if you are using SSL, you can drop cram-md5 as auth
> > mech, it's not storage-safe.
> >
> > you should use mail_location = maildir:~/maildir:LAYOUT=fs
> >
> > to avoid your other things in user's home being interprepted as mail
> > directories.
> >
> > why are you setting these?
> > maildir_broken_filename_sizes = yes
> > maildir_empty_new = yes
> > maildir_very_dirty_syncs = yes
> >
> > and in general I see lots of overconfiguring, dovecot defaults are usually
> > right, and setting various things just for the fun of it, can cause
> > problems.
> >
> > Aki
> >
More information about the dovecot
mailing list