dovecot.conf.j2 2.46 KB
Newer Older
Florian Pritz's avatar
Florian Pritz committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
auth_mechanisms = plain login
disable_plaintext_auth = yes
mail_location = mdbox:~/.mdbox
mail_plugins = $mail_plugins zlib notify mail_log

# remove domain part from username and lowercase it
auth_username_format = %Ln

namespace inbox {
	hidden = no
	inbox = yes
	list = yes
	location = 
	prefix = 
	separator = .
	type = private

	mailbox Trash {
		auto = subscribe
		special_use = \Trash
	}
	mailbox Drafts {
		auto = subscribe
		special_use = \Drafts
	}
	mailbox Sent {
		auto = subscribe # autocreate, autosubscribe
		special_use = \Sent
	}
	mailbox Junk {
		auto = subscribe
		special_use = \Junk
	}
}

passdb {
	driver = pam
}
plugin {
	sieve = ~/.dovecot.sieve
	sieve_dir = ~/.sieve
	sieve_global_dir = /etc/dovecot/sieve/global/
	sieve_global_path = /etc/dovecot/sieve/default.sieve
44
	sieve_before = /etc/dovecot/sieve/spam-to-folder.sieve
Florian Pritz's avatar
Florian Pritz committed
45
46
47

	mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
	mail_log_fields = uid box msgid size
48
49
50

	zlib_save_level = 6
	zlib_save = gz
Florian Pritz's avatar
Florian Pritz committed
51
52
53
54
55
56
57
58
59
60
61
}
protocols = imap pop3 sieve lmtp
service auth {
	unix_listener auth-client {
		group = postfix
		user = postfix
		mode = 0660
	}
	user = root
}
service imap-login {
62
63
64
65
  # don't listen for plain imap
  inet_listener imap {
    port = 0
  }
Florian Pritz's avatar
Florian Pritz committed
66
67
68
69
	process_limit = 400
	process_min_avail = 5
}

70
71
72
73
74
75
service pop3-login {
  # don't listen for plain pop3
  inet_listener pop3 {
    port = 0
  }
}
Florian Pritz's avatar
Florian Pritz committed
76
77
78
79
80
81
82
83
84
85
service lmtp {
	unix_listener /var/spool/postfix/private/dovecot-lmtp {
		group = postfix
		user = postfix
		mode = 0660
	}
}

login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"

86
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
87
88
ssl_cert = </etc/letsencrypt/live/{{mail_domain}}/fullchain.pem
ssl_key = </etc/letsencrypt/live/{{mail_domain}}/privkey.pem
Florian Pritz's avatar
Florian Pritz committed
89
ssl_prefer_server_ciphers = yes
90
ssl_min_protocol = TLSv1.2
Florian Pritz's avatar
Florian Pritz committed
91
ssl_dh=</etc/dovecot/dh.pem
Florian Pritz's avatar
Florian Pritz committed
92
93
ssl_options = no_compression

94
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Florian Pritz's avatar
Florian Pritz committed
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

userdb {
	driver = passwd
}
protocol imap {
	imap_client_workarounds = tb-extra-mailbox-sep
	mail_max_userip_connections = 30
	mail_plugins = $mail_plugins
}
protocol lmtp {
	postmaster_address = postmaster@archlinux.org
	mail_plugins = $mail_plugins sieve
}
protocol sieve {
	managesieve_logout_format = bytes ( in=%i : out=%o )
}