got a listener on 993

Ivo c.e4ed1a035298f9021dcfbca4d511c303 at ultra.hr
Tue Apr 14 11:23:38 EEST 2020 

Maybe this thread can help you with your first question :
https://dovecot.org/pipermail/dovecot/2014-August/097488.html


On 13.4.2020. 20:52, David Mehler wrote:
> Hello,
>
> Before I get in to my question is ssl on 993 or starttls on 143 better
> from a security perspective?
>
> I've noticed that I've got a dovecot listener on port 993, below is my
> doveconf -n output I don't have an imaps listener uncommented should I
> do so and set it's port to 0? Will that disable the 993 listener?
> Thanks.
> Dave.
>
> # 2.3.10 (0da0eff44): /usr/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.10 (bf8ef1c2)
> # OS: FreeBSD 12.1-RELEASE-p2 amd64
> # Hostname: hostname.example.com
> auth_cache_size = 10 M
> auth_default_realm = example.com
> auth_mechanisms = plain login
> auth_realms = example.com
> dict {
>    lastlogin = mysql:/usr/local/etc/dovecot/dovecot-last-login.conf
> }
> first_valid_gid = 2100
> first_valid_uid = 2100
> hostname = hostname.example.com
> imap_client_workarounds = delay-newhostname tb-extra-hostnamebox-sep
> tb-lsub-flags
> imap_idle_notify_interval = 1 mins
> last_valid_gid = 2100
> last_valid_uid = 2100
> lda_hostnamebox_autocreate = yes
> lda_hostnamebox_autosubscribe = yes
> lda_original_recipient_header = X-Original-To
> listen = xxx.xxx.xxx.xxx
> lmtp_rcpt_check_quota = yes
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> hostname_access_groups = vhostname
> hostname_fsync = never
> hostname_gid = vhostname
> hostname_home = /var/vhostname/hostnameboxes/%d/%n
> hostname_location = dbox:~/hostname
> hostname_plugins = acl fts fts_lucene mail_log notify quota trash
> virtual welcome zlib mail_crypt
> hostname_privileged_group = vhostname
> hostname_server_admin = hostnameto:postmaster at example.com
> hostname_uid = vhostname
> managesieve_notify_capability = hostnameto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment hostnamebox date index ihave duplicate mime foreverypart
> extracttext spamtest spamtestplus virustest editheader imapflags
> notify imapsieve vnd.dovecot.imapsieve
> namespace {
>    location = sdbox:/var/vhostname/public/:CONTROL=~/hostname/public:INDEX=~/hostname/public
>    prefix = Public/
>    separator = /
>    subscriptions = yes
>    type = public
> }
> namespace {
>    hidden = no
>    list = yes
>    location = hostnamedir:/var/vhostname/shared/office/.hostnamedir:CONTROL=~/.hostnamedir/control/office:INDEX=~/.hostnamedir/index/office
>    prefix = shared/%%u/
>    separator = /
>    subscriptions = yes
>    type = shared
> }
> namespace inbox {
>    inbox = yes
>    location =
>    hostnamebox Drafts {
>      auto = subscribe
>      special_use = \Drafts
>    }
>    hostnamebox Sent {
>      auto = subscribe
>      special_use = \Sent
>    }
>    hostnamebox Spam {
>      auto = subscribe
>      autoexpunge = 30 days
>      special_use = \Junk
>    }
>    hostnamebox Trash {
>      auto = subscribe
>      autoexpunge = 30 days
>      special_use = \Trash
>    }
>    prefix =
>    separator = /
>    type = private
> }
> passdb {
>    args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>    driver = sql
> }
> plugin {
>    acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>    fts = lucene
>    fts_autoindex = yes
>    fts_autoindex_exclude = \Junk
>    fts_autoindex_exclude2 = \Trash
>    fts_autoindex_exclude3 = \Spam
>    fts_autoindex_max_recent_msgs = 80
>    fts_index_timeout = 90
>    fts_lucene = whitespace_chars=@. normalize no_snowball
>    imapsieve_hostnamebox1_before =
> file:/var/vhostname/sieve/global/learn-spam.sieve
>    imapsieve_hostnamebox1_causes = COPY
>    imapsieve_hostnamebox1_name = Spam
>    imapsieve_hostnamebox2_before =
> file:/var/vhostname/sieve/global/learn-ham.sieve
>    imapsieve_hostnamebox2_causes = COPY
>    imapsieve_hostnamebox2_from = Spam
>    imapsieve_hostnamebox2_name = *
>    last_login_dict = proxy::lastlogin
>    last_login_key = # hidden, use -P to show it
>    hostname_crypt_curve = prime256v1
>    hostname_crypt_global_private_key = # hidden, use -P to show it
>    hostname_crypt_global_public_key = # hidden, use -P to show it
>    hostname_crypt_save_version = 2
>    hostname_log_events = delete undelete expunge copy
> hostnamebox_delete hostnamebox_rename
>    hostname_log_fields = uid box msgid size
>    quota = count:User quota
>    quota_exceeded_message = Storage quota for this account has been
> exceeded, please try again later.
>    quota_grace = 10%%
>    quota_rule2 = Trash:ignore
>    quota_status_nouser = DUNNO
>    quota_status_overquota = 552 5.2.2 hostnamebox is full
>    quota_status_success = DUNNO
>    quota_vsizes = true
>    quota_warning = storage=100%% quota-exceeded 100 %u
>    quota_warning2 = storage=95%% quota-warning 95 %u
>    quota_warning3 = storage=90%% quota-warning 90 %u
>    quota_warning4 = storage=85%% quota-warning 85 %u
>    quota_warning5 = storage=75%% quota-warning 75 %u
>    sieve = file:/var/vhostname/sieve/%d/%n/scripts;active=/var/vhostname/sieve/%d/%n/active-script.sieve
>    sieve_before = /var/vhostname/sieve/global/spam-global.sieve
>    sieve_extensions = +notify +imapflags +spamtest +spamtestplus
> +virustest +editheader
>    sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
> +vnd.dovecot.environment
>    sieve_max_redirects = 30
>    sieve_max_script_size = 1M
>    sieve_pipe_bin_dir = /usr/bin
>    sieve_plugins = sieve_imapsieve sieve_extprograms
>    sieve_spamtest_max_header = X-Spamd-Result: default: [[:alnum:]]+
> \[-?[[:digit:]]+\.[[:digit:]]+ / (-?[[:digit:]]+\.[[:digit:]]+)\]
>    sieve_spamtest_status_header = X-Spamd-Result: default: [[:alnum:]]+
> \[(-?[[:digit:]]+\.[[:digit:]]+) / -?[[:digit:]]+\.[[:digit:]]+\]
>    sieve_spamtest_status_type = score
>    sieve_user_log = /var/vhostname/sieve/sieve_error.log
>    sieve_virustest_status_header = X-Virus-Scan: Found to be (.+)\.
>    sieve_virustest_status_type = text
>    sieve_virustest_text_value1 = clean
>    sieve_virustest_text_value5 = infected
>    trash = /usr/local/etc/dovecot/trash.conf
>    welcome_script = welcome %n postmaster@%d
>    welcome_wait = yes
> }
> postmaster_address = postmaster at example.com
> protocols = imap lmtp sieve
> sendhostname_path = /usr/local/sbin/sendhostname
> service auth-worker {
>    user = vhostname
> }
> service auth {
>    unix_listener /var/spool/postfix/private/auth {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
>    unix_listener auth-userdb {
>      group = vhostname
>      mode = 0666
>      user = vhostname
>    }
> }
> service dict {
>    unix_listener dict {
>      mode = 0600
>      user = vhostname
>    }
>    user = root
> }
> service imap-login {
>    inet_listener imap {
>      port = 143
>    }
>    process_min_avail = 1
> }
> service imap {
>    executable = imap
> }
> service lmtp {
>    executable = lmtp
>    unix_listener /var/spool/postfix/private/dovecot-lmtp {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> service managesieve-login {
>    inet_listener sieve {
>      address = 172.16.21.3
>      port = 4190
>    }
> }
> service quota-status {
>    client_limit = 1
>    executable = quota-status -p postfix
>    unix_listener /var/spool/postfix/private/dovecot-quota {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> service quota-warning {
>    executable = script /usr/local/etc/dovecot/quota-warning.sh
>    unix_listener quota-warning {
>      group = vhostname
>      mode = 0660
>      user = vhostname
>    }
>    user = vhostname
> }
> service stats {
>    unix_listener stats-reader {
>      group = vhostname
>      mode = 0660
>      user = vhostname
>    }
>    unix_listener stats-writer {
>      group = vhostname
>      mode = 0660
>      user = vhostname
>    }
> }
> service welcome {
>    executable = script /usr/local/etc/dovecot/welcome.sh
>    unix_listener welcome {
>      user = vhostname
>    }
>    user = vhostname
> }
> ssl = required
> ssl_cert = </usr/local/etc/ssl/acme.sh/example.com/fullchain.crt
> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM
> ssl_curve_list = P-256
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = TLSv1.2
> ssl_options = no_ticket
> ssl_prefer_server_ciphers = yes
> userdb {
>    args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>    driver = sql
> }
> protocol lmtp {
>    hostname_fsync = optimized
>    hostname_plugins = acl fts fts_lucene hostname_log notify quota
> trash virtual welcome zlib hostname_crypt sieve
> }
> protocol lda {
>    hostname_fsync = optimized
>    hostname_plugins = acl fts fts_lucene hostname_log notify quota
> trash virtual welcome zlib hostname_crypt sieve
> }
> protocol imap {
>    hostname_max_userip_connections = 20
>    hostname_plugins = acl fts fts_lucene hostname_log notify quota
> trash virtual welcome zlib hostname_crypt imap_acl imap_quota
> imap_sieve imap_zlib last_login quota welcome
> }
> protocol sieve {
>    info_log_path = /var/log/dovecot/dovecot-sieve.log
>    log_path = /var/log/dovecot/dovecot-sieve-errors.log
> }
>

More information about the dovecot mailing list