mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
ee0d0853dd
Courier and Cyrus Sasl have been removed and substituted with Dovecot which now handle authentication for Postfix, Imap and Pop3, with support for SSL. This allow the use of several encryption schemes for the password as well as a single user db. OpenDKIM keys can now be provided at the startup and will be used instead of generating new ones (so that you don't have to change your DNS configuration). This version builds correctly on Docker but no integration tests have been reworked to accommodate Dovecot instead of Courier and Cyrus Sasl. As such at present no automatic tests can be executed.
59 lines
2.1 KiB
Plaintext
59 lines
2.1 KiB
Plaintext
##
|
|
## SSL settings
|
|
##
|
|
|
|
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
|
|
#ssl = yes
|
|
|
|
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
|
# dropping root privileges, so keep the key file unreadable by anyone but
|
|
# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
|
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
|
ssl_cert = </etc/dovecot/dovecot.pem
|
|
ssl_key = </etc/dovecot/private/dovecot.pem
|
|
|
|
# If key file is password protected, give the password here. Alternatively
|
|
# give it when starting dovecot with -p parameter. Since this file is often
|
|
# world-readable, you may want to place this setting instead to a different
|
|
# root owned 0600 file by using ssl_key_password = <path.
|
|
#ssl_key_password =
|
|
|
|
# PEM encoded trusted certificate authority. Set this only if you intend to use
|
|
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
|
|
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
|
|
#ssl_ca =
|
|
|
|
# Require that CRL check succeeds for client certificates.
|
|
#ssl_require_crl = yes
|
|
|
|
# Directory and/or file for trusted SSL CA certificates. These are used only
|
|
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
|
|
# directory is usually /etc/ssl/certs in Debian-based systems and the file is
|
|
# /etc/pki/tls/cert.pem in RedHat-based systems.
|
|
#ssl_client_ca_dir =
|
|
#ssl_client_ca_file =
|
|
|
|
# Request client to send a certificate. If you also want to require it, set
|
|
# auth_ssl_require_client_cert=yes in auth section.
|
|
#ssl_verify_client_cert = no
|
|
|
|
# Which field from certificate to use for username. commonName and
|
|
# x500UniqueIdentifier are the usual choices. You'll also need to set
|
|
# auth_ssl_username_from_cert=yes.
|
|
#ssl_cert_username_field = commonName
|
|
|
|
# DH parameters length to use.
|
|
#ssl_dh_parameters_length = 1024
|
|
|
|
# SSL protocols to use
|
|
#ssl_protocols = !SSLv2
|
|
|
|
# SSL ciphers to use
|
|
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
|
|
|
|
# Prefer the server's order of ciphers over client's.
|
|
#ssl_prefer_server_ciphers = no
|
|
|
|
# SSL crypto device to use, for valid values run "openssl engine"
|
|
#ssl_crypto_device =
|