--- dovecot-0.99.13/dovecot-example.conf 2004-12-29 13:00:24.000000000 -0500 +++ dovecot-0.99.13/dovecot.conf 2005-01-17 11:49:56.000000000 -0500 @@ -1,30 +1,24 @@ ## Dovecot 1.0 configuration file -# Default values are shown after each value, it's not required to uncomment -# any of the lines. Exception to this are paths, they're just examples -# with real defaults being based on configure options. The paths listed here -# are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var -# --with-ssldir=/etc/ssl - # Base directory where to store runtime data. #base_dir = /var/run/dovecot/ # Protocols we want to be serving: # imap imaps pop3 pop3s -#protocols = imap imaps +protocols = imap imaps pop3 pop3s # IP or host address where to listen in for connections. It's not currently # possible to specify multiple addresses. "*" listens in all IPv4 interfaces. # "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4 # interfaces depending on the operating system. You can specify ports with # "host:port". -#imap_listen = * -#pop3_listen = * +imap_listen = [::] +pop3_listen = [::] # IP or host address where to listen in for SSL connections. Defaults # to above non-SSL equilevants if not specified. -#imaps_listen = -#pop3s_listen = +imaps_listen = [::] +pop3s_listen = [::] # Disable SSL/TLS support. #ssl_disable = no @@ -33,8 +27,8 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -#ssl_cert_file = /etc/ssl/certs/dovecot.pem -#ssl_key_file = /etc/ssl/private/dovecot.pem +ssl_cert_file = /etc/pki/dovecot/dovecot.pem +ssl_key_file = /etc/pki/dovecot/private/dovecot.pem # SSL parameter file. Master process generates this file for login processes. # It contains Diffie Hellman and RSA parameters. @@ -70,7 +64,7 @@ # which login needs to be able to connect to. The sockets are created when # running as root, so you don't have to worry about permissions. Note that # everything in this directory is deleted when Dovecot is started. -#login_dir = /var/run/dovecot/login +login_dir = /var/run/dovecot-login # chroot login process to the login_dir. Only reason not to do this is if you # wish to run the whole Dovecot without roots. @@ -308,7 +302,7 @@ # with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl # and flock. Some operating systems don't allow using both of them # simultaneously, eg. BSDs. If dotlock is used, it's always created first. -#mbox_locks = dotlock fcntl +mbox_locks = fcntl # Should we create dotlock file even when we want only a read-lock? Setting # this to yes hurts the performance when the mailbox is accessed simultaneously diff -u -r dovecot-0.99.11.orig/doc/mkcert.sh dovecot-0.99.11/doc/mkcert.sh --- dovecot-0.99.11.orig/doc/mkcert.sh 2004-07-22 20:04:37.000000000 -0400 +++ dovecot-0.99.11/doc/mkcert.sh 2004-12-22 16:33:20.000000000 -0500 @@ -4,11 +4,12 @@ # Edit dovecot-openssl.cnf before running this. OPENSSL=${OPENSSL-openssl} -SSLDIR=${SSLDIR-/etc/ssl} -OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} +SSLDIR=${SSLDIR-/etc/pki/dovecot} +OPENSSLCONFIG=${OPENSSLCONFIG-$SSLDIR/dovecot-openssl.cnf} +CERTNAME=${CERTNAME-dovecot} -CERTFILE=$SSLDIR/certs/imapd.pem -KEYFILE=$SSLDIR/private/imapd.pem +CERTFILE=$SSLDIR/$CERTNAME.pem +KEYFILE=$SSLDIR/private/$CERTNAME.pem if [ ! -d $SSLDIR/certs ]; then echo "$SSLDIR/certs directory doesn't exist" @@ -29,6 +30,7 @@ fi $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 -chmod 0600 $KEYFILE +chown root:root $CERTFILE $KEYFILE +chmod 0600 $CERTFILE $KEYFILE echo $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2