got a listener on 993
David Mehler
dave.mehler at gmail.com
Mon Apr 13 21:52:48 EEST 2020
Hello,
Before I get in to my question is ssl on 993 or starttls on 143 better
from a security perspective?
I've noticed that I've got a dovecot listener on port 993, below is my
doveconf -n output I don't have an imaps listener uncommented should I
do so and set it's port to 0? Will that disable the 993 listener?
Thanks.
Dave.
# 2.3.10 (0da0eff44): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.10 (bf8ef1c2)
# OS: FreeBSD 12.1-RELEASE-p2 amd64
# Hostname: hostname.example.com
auth_cache_size = 10 M
auth_default_realm = example.com
auth_mechanisms = plain login
auth_realms = example.com
dict {
lastlogin = mysql:/usr/local/etc/dovecot/dovecot-last-login.conf
}
first_valid_gid = 2100
first_valid_uid = 2100
hostname = hostname.example.com
imap_client_workarounds = delay-newhostname tb-extra-hostnamebox-sep
tb-lsub-flags
imap_idle_notify_interval = 1 mins
last_valid_gid = 2100
last_valid_uid = 2100
lda_hostnamebox_autocreate = yes
lda_hostnamebox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
listen = xxx.xxx.xxx.xxx
lmtp_rcpt_check_quota = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
hostname_access_groups = vhostname
hostname_fsync = never
hostname_gid = vhostname
hostname_home = /var/vhostname/hostnameboxes/%d/%n
hostname_location = dbox:~/hostname
hostname_plugins = acl fts fts_lucene mail_log notify quota trash
virtual welcome zlib mail_crypt
hostname_privileged_group = vhostname
hostname_server_admin = hostnameto:postmaster at example.com
hostname_uid = vhostname
managesieve_notify_capability = hostnameto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment hostnamebox date index ihave duplicate mime foreverypart
extracttext spamtest spamtestplus virustest editheader imapflags
notify imapsieve vnd.dovecot.imapsieve
namespace {
location = sdbox:/var/vhostname/public/:CONTROL=~/hostname/public:INDEX=~/hostname/public
prefix = Public/
separator = /
subscriptions = yes
type = public
}
namespace {
hidden = no
list = yes
location = hostnamedir:/var/vhostname/shared/office/.hostnamedir:CONTROL=~/.hostnamedir/control/office:INDEX=~/.hostnamedir/index/office
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace inbox {
inbox = yes
location =
hostnamebox Drafts {
auto = subscribe
special_use = \Drafts
}
hostnamebox Sent {
auto = subscribe
special_use = \Sent
}
hostnamebox Spam {
auto = subscribe
autoexpunge = 30 days
special_use = \Junk
}
hostnamebox Trash {
auto = subscribe
autoexpunge = 30 days
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
fts = lucene
fts_autoindex = yes
fts_autoindex_exclude = \Junk
fts_autoindex_exclude2 = \Trash
fts_autoindex_exclude3 = \Spam
fts_autoindex_max_recent_msgs = 80
fts_index_timeout = 90
fts_lucene = whitespace_chars=@. normalize no_snowball
imapsieve_hostnamebox1_before =
file:/var/vhostname/sieve/global/learn-spam.sieve
imapsieve_hostnamebox1_causes = COPY
imapsieve_hostnamebox1_name = Spam
imapsieve_hostnamebox2_before =
file:/var/vhostname/sieve/global/learn-ham.sieve
imapsieve_hostnamebox2_causes = COPY
imapsieve_hostnamebox2_from = Spam
imapsieve_hostnamebox2_name = *
last_login_dict = proxy::lastlogin
last_login_key = # hidden, use -P to show it
hostname_crypt_curve = prime256v1
hostname_crypt_global_private_key = # hidden, use -P to show it
hostname_crypt_global_public_key = # hidden, use -P to show it
hostname_crypt_save_version = 2
hostname_log_events = delete undelete expunge copy
hostnamebox_delete hostnamebox_rename
hostname_log_fields = uid box msgid size
quota = count:User quota
quota_exceeded_message = Storage quota for this account has been
exceeded, please try again later.
quota_grace = 10%%
quota_rule2 = Trash:ignore
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 hostnamebox is full
quota_status_success = DUNNO
quota_vsizes = true
quota_warning = storage=100%% quota-exceeded 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=85%% quota-warning 85 %u
quota_warning5 = storage=75%% quota-warning 75 %u
sieve = file:/var/vhostname/sieve/%d/%n/scripts;active=/var/vhostname/sieve/%d/%n/active-script.sieve
sieve_before = /var/vhostname/sieve/global/spam-global.sieve
sieve_extensions = +notify +imapflags +spamtest +spamtestplus
+virustest +editheader
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
+vnd.dovecot.environment
sieve_max_redirects = 30
sieve_max_script_size = 1M
sieve_pipe_bin_dir = /usr/bin
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_spamtest_max_header = X-Spamd-Result: default: [[:alnum:]]+
\[-?[[:digit:]]+\.[[:digit:]]+ / (-?[[:digit:]]+\.[[:digit:]]+)\]
sieve_spamtest_status_header = X-Spamd-Result: default: [[:alnum:]]+
\[(-?[[:digit:]]+\.[[:digit:]]+) / -?[[:digit:]]+\.[[:digit:]]+\]
sieve_spamtest_status_type = score
sieve_user_log = /var/vhostname/sieve/sieve_error.log
sieve_virustest_status_header = X-Virus-Scan: Found to be (.+)\.
sieve_virustest_status_type = text
sieve_virustest_text_value1 = clean
sieve_virustest_text_value5 = infected
trash = /usr/local/etc/dovecot/trash.conf
welcome_script = welcome %n postmaster@%d
welcome_wait = yes
}
postmaster_address = postmaster at example.com
protocols = imap lmtp sieve
sendhostname_path = /usr/local/sbin/sendhostname
service auth-worker {
user = vhostname
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vhostname
mode = 0666
user = vhostname
}
}
service dict {
unix_listener dict {
mode = 0600
user = vhostname
}
user = root
}
service imap-login {
inet_listener imap {
port = 143
}
process_min_avail = 1
}
service imap {
executable = imap
}
service lmtp {
executable = lmtp
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
address = 172.16.21.3
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
unix_listener /var/spool/postfix/private/dovecot-quota {
group = postfix
mode = 0660
user = postfix
}
}
service quota-warning {
executable = script /usr/local/etc/dovecot/quota-warning.sh
unix_listener quota-warning {
group = vhostname
mode = 0660
user = vhostname
}
user = vhostname
}
service stats {
unix_listener stats-reader {
group = vhostname
mode = 0660
user = vhostname
}
unix_listener stats-writer {
group = vhostname
mode = 0660
user = vhostname
}
}
service welcome {
executable = script /usr/local/etc/dovecot/welcome.sh
unix_listener welcome {
user = vhostname
}
user = vhostname
}
ssl = required
ssl_cert = </usr/local/etc/ssl/acme.sh/example.com/fullchain.crt
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM
ssl_curve_list = P-256
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_options = no_ticket
ssl_prefer_server_ciphers = yes
userdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
hostname_fsync = optimized
hostname_plugins = acl fts fts_lucene hostname_log notify quota
trash virtual welcome zlib hostname_crypt sieve
}
protocol lda {
hostname_fsync = optimized
hostname_plugins = acl fts fts_lucene hostname_log notify quota
trash virtual welcome zlib hostname_crypt sieve
}
protocol imap {
hostname_max_userip_connections = 20
hostname_plugins = acl fts fts_lucene hostname_log notify quota
trash virtual welcome zlib hostname_crypt imap_acl imap_quota
imap_sieve imap_zlib last_login quota welcome
}
protocol sieve {
info_log_path = /var/log/dovecot/dovecot-sieve.log
log_path = /var/log/dovecot/dovecot-sieve-errors.log
}
More information about the dovecot
mailing list