configuration sanity check
David Mehler
dave.mehler at gmail.com
Sat Apr 29 06:13:02 EEST 2017
Hello,
Can I get a sanity check on this configuration? It's a database setup
of Dovecot 2.2 with Postfix.
I'm having issues and i'd like to know if there's anything glaringly
wrong with my configuration?
With the password hash situation, should I go with SHA512,
SHA512-CRYPT or the SSHA512-CRYPT?
Thanks.
Dave.
# 2.2.29.1 (e0b76e3): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: FreeBSD 10.3-RELEASE-p18 amd64
auth_default_realm = example.com
auth_mechanisms = plain login cram-md5
auth_realms = example.com example.net
dict {
acl = mysql:/usr/local/etc/dovecot/dovecot-share-folder.conf
lastlogin = mysql:/usr/local/etc/dovecot/dovecot-last-login.conf
sqlquota = mysql:/usr/local/etc/dovecot/dovecot-used-quota.conf
}
disable_plaintext_auth = yes
first_valid_gid = 999
first_valid_uid = 999
hostname = mail.example.com
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
last_valid_gid = 999
last_valid_uid = 999
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = 127.0.0.1 xxx.xxx.xxx.xxx
mail_fsync = never
mail_gid = vmail
mail_home = /home/vmail/%d/%n
mail_location = maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
mail_plugins = acl mail_log notify quota quota_clone trash virtual welcome zlib
mail_server_admin = mailto:postmaster at example.com
mail_uid = vmail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapflags notify imapsieve vnd.dovecot.imapsieve
namespace {
hidden = no
list = yes
location = maildir:/home/vmail/public:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
mailbox TestFolder {
auto = subscribe
comment = Public Folder for message sharing
}
prefix = public/
separator = /
subscriptions = yes
type = public
}
namespace {
list = yes
location = maildir:~/mail/:INDEX=~/mail/shared/%%Ld/%%Ln
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace {
location = virtual:/usr/local/etc/dovecot/virtual
mailbox All {
auto = subscribe
comment = All my messages
special_use = \All
}
prefix = virtual/
separator = /
}
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = no
special_use = \Archive
}
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox "Deleted Messages" {
auto = no
autoexpunge = 30 days
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = no
autoexpunge = 30 days
special_use = \Junk
}
mailbox "Junk E-mail" {
auto = no
autoexpunge = 30 days
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Items" {
auto = no
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = subscribe
autoexpunge = 30 days
special_use = \Junk
}
mailbox Trash {
auto = subscribe
autoexpunge = 30 days
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
acl_anyone = allow
acl_shared_dict = file:/usr/local/etc/dovecot/shared-mailboxes
imapsieve_mailbox1_before =
file:/usr/local/lib/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
quota = count:User quota
quota_clone_dict = proxy::sqlquota
quota_exceeded_message = Storage quota for this account has been
exceeded, please try again later.
quota_grace = 10%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_vsizes = true
quota_warning = storage=100%% quota-exceeded 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=85%% quota-warning 85 %u
quota_warning5 = storage=75%% quota-warning 75 %u
sieve = /home/vmail/%d/sieve/dovecot.sieve
sieve_before = /home/vmail/sieve/dovecot.sieve
sieve_default = /usr/local/etc/dovecot/sieve/dovecot.sieve
sieve_dir = /usr/local/etc/dovecot/sieve
sieve_extensions = +notify +imapflags
sieve_global_dir = /home/vmail/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
sieve_max_redirects = 30
sieve_max_script_size = 1M
sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_user_log = /home/vmail/sieve/sieve_error.log
trash = /usr/local/etc/dovecot/dovecot-trash.conf.ext
welcome_script = welcome %u
welcome_wait = yes
}
protocols = imap sieve
sendmail_path = /usr/local/sbin/sendmail
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
}
service dict {
unix_listener dict {
mode = 0660
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service managesieve-login {
inet_listener sieve {
address = 127.0.0.1
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
address = 127.0.0.1
port = 12345
}
}
service quota-warning {
executable = script /usr/local/etc/dovecot/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
service welcome {
executable = script /usr/local/bin/welcome.sh
unix_listener welcome {
user = vmail
}
user = vmail
}
ssl_cert = </usr/local/etc/letsencrypt/live/mail.example.com/fullchain.pem
ssl_cipher_list =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 at STRENGTH
ssl_dh_parameters_length = 2048
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
userdb {
driver = prefetch
}
userdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
userdb {
args = uid=vmail gid=vmail home=/home/vmail/%d/%n
driver = static
}
protocol lda {
mail_fsync = optimized
mail_plugins = acl mail_log notify quota quota_clone trash virtual
welcome zlib sieve
}
protocol imap {
mail_plugins = acl mail_log notify quota quota_clone trash virtual
welcome zlib imap_acl imap_quota imap_sieve imap_zlib last_login
}
dovecot-shared-folder.conf:
connect = host=/tmp/mysql.sock dbname=dbname user=username password=password
# For shared mailboxes
map {
pattern = shared/shared-boxes/user/$to/$from
table = user_shares
value_field = dummy
fields {
from_user = $from
to_user = $to
}
}
# To share mailbox to anyone uncomment acl_anyone=allow in
# 90-acl.conf
map {
pattern = shared/shared-boxes/anyone/$from
table = anyone_shares
value_field = dummy
fields {
from_user = $from
}
}
dovecot-last-login.conf
connect = host=/tmp/mysql.sock dbname=dbname user=user password=password
# Last Login
map {
pattern = shared/last-login/$user
table = virtual_users
username_field = user
value_field = lastlogin
fields {
username = $user
}
}
global-acls
#<identifier> <ACLs> [:<named ACLs>]
# options: l lookup, r read, w write, s write-seen,
# t write-deleted, i insert, p post, e expunge,
# k create, x delete, a administration rights
public/TestFolder user=username lrwstipekxa
#owner lrwstipekxa
# allow anyone to list and read a public mailbox
public/* user=username lr
# Prevent all users from deleting their Spam folder
#INBOX.Spam owner lrwstipeka
dovecot-trash.conf.ext
# Spam mailbox is emptied before Trash
1 Spam
# Trash mailbox is emptied before Sent
2 Trash
# If both Sent and "Sent Messages" mailboxes exist, the next oldest message
# to be deleted is looked up from both of the mailboxes.
3 Sent
3 Sent Messages
# Junk mailbox is emptied
4 Junk
dovecot-sql.conf.ext
driver = mysql
connect = host=/tmp/mysql.sock dbname=dbname user=user password=password
default_pass_scheme = SHA512
password_query = SELECT user as user, password, \
CASE quota \
WHEN 0 \
THEN '*:bytes=256M:messages=0' \
ELSE \
CONCAT('*:bytes=', CAST(quota AS CHAR), 'M:messages=',
CAST(quota_messages AS CHAR)) \
END AS `userdb_quota_rule` \
FROM virtual_users WHERE user='%u';
user_query = SELECT user as user, \
CASE quota \
WHEN 0 \
THEN '*:bytes=1024M:messages=0' \
ELSE \
CONCAT('*:bytes=', CAST(quota AS CHAR), 'M:messages=',
CAST(quota_messages AS CHAR)) \
END AS `quota_rule` \
FROM virtual_users WHERE user='%u';
# For using doveadm -A:
iterate_query = SELECT user AS user FROM virtual_users
More information about the dovecot
mailing list