mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
ee0d0853dd
Courier and Cyrus Sasl have been removed and substituted with Dovecot which now handle authentication for Postfix, Imap and Pop3, with support for SSL. This allow the use of several encryption schemes for the password as well as a single user db. OpenDKIM keys can now be provided at the startup and will be used instead of generating new ones (so that you don't have to change your DNS configuration). This version builds correctly on Docker but no integration tests have been reworked to accommodate Dovecot instead of Courier and Cyrus Sasl. As such at present no automatic tests can be executed.
128 lines
3.4 KiB
Plaintext
128 lines
3.4 KiB
Plaintext
#default_process_limit = 100
|
|
#default_client_limit = 1000
|
|
|
|
# Default VSZ (virtual memory size) limit for service processes. This is mainly
|
|
# intended to catch and kill processes that leak memory before they eat up
|
|
# everything.
|
|
#default_vsz_limit = 256M
|
|
|
|
# Login user is internally used by login processes. This is the most untrusted
|
|
# user in Dovecot system. It shouldn't have access to anything at all.
|
|
#default_login_user = dovenull
|
|
|
|
# Internal user is used by unprivileged processes. It should be separate from
|
|
# login user, so that login processes can't disturb other processes.
|
|
#default_internal_user = dovecot
|
|
|
|
service imap-login {
|
|
inet_listener imap {
|
|
#port = 143
|
|
}
|
|
inet_listener imaps {
|
|
#port = 993
|
|
#ssl = yes
|
|
}
|
|
|
|
# Number of connections to handle before starting a new process. Typically
|
|
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
|
# is faster. <doc/wiki/LoginProcess.txt>
|
|
#service_count = 1
|
|
|
|
# Number of processes to always keep waiting for more connections.
|
|
#process_min_avail = 0
|
|
|
|
# If you set service_count=0, you probably need to grow this.
|
|
#vsz_limit = $default_vsz_limit
|
|
}
|
|
|
|
service pop3-login {
|
|
inet_listener pop3 {
|
|
#port = 110
|
|
}
|
|
inet_listener pop3s {
|
|
#port = 995
|
|
#ssl = yes
|
|
}
|
|
}
|
|
|
|
service lmtp {
|
|
unix_listener lmtp {
|
|
#mode = 0666
|
|
}
|
|
|
|
# Create inet listener only if you can't use the above UNIX socket
|
|
#inet_listener lmtp {
|
|
# Avoid making LMTP visible for the entire internet
|
|
#address =
|
|
#port =
|
|
#}
|
|
}
|
|
|
|
service imap {
|
|
# Most of the memory goes to mmap()ing files. You may need to increase this
|
|
# limit if you have huge mailboxes.
|
|
#vsz_limit = $default_vsz_limit
|
|
|
|
# Max. number of IMAP processes (connections)
|
|
#process_limit = 1024
|
|
}
|
|
|
|
service pop3 {
|
|
# Max. number of POP3 processes (connections)
|
|
#process_limit = 1024
|
|
}
|
|
|
|
service auth {
|
|
# auth_socket_path points to this userdb socket by default. It's typically
|
|
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
|
|
# full permissions to this socket are able to get a list of all usernames and
|
|
# get the results of everyone's userdb lookups.
|
|
#
|
|
# The default 0666 mode allows anyone to connect to the socket, but the
|
|
# userdb lookups will succeed only if the userdb returns an "uid" field that
|
|
# matches the caller process's UID. Also if caller's uid or gid matches the
|
|
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
|
|
#
|
|
# To give the caller full permissions to lookup all users, set the mode to
|
|
# something else than 0666 and Dovecot lets the kernel enforce the
|
|
# permissions (e.g. 0777 allows everyone full permissions).
|
|
unix_listener auth-userdb {
|
|
mode = 0666
|
|
user = docker
|
|
group = docker
|
|
}
|
|
|
|
unix_listener auth-master {
|
|
mode = 0600
|
|
user = docker
|
|
group = docker
|
|
}
|
|
|
|
# Postfix smtp-auth
|
|
unix_listener /var/spool/postfix/private/auth {
|
|
mode = 0666
|
|
user = docker
|
|
group = docker
|
|
}
|
|
|
|
# Auth process is run as this user.
|
|
#user = $default_internal_user
|
|
}
|
|
|
|
service auth-worker {
|
|
# Auth worker process is run as root by default, so that it can access
|
|
# /etc/shadow. If this isn't necessary, the user should be changed to
|
|
# $default_internal_user.
|
|
#user = root
|
|
}
|
|
|
|
service dict {
|
|
# If dict proxy is used, mail processes should have access to its socket.
|
|
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
|
|
unix_listener dict {
|
|
#mode = 0600
|
|
#user =
|
|
#group =
|
|
}
|
|
}
|