629 lines
24 KiB
Diff
629 lines
24 KiB
Diff
diff -r -u dovecot-0.99.11.orig/configure.in dovecot-0.99.11/configure.in
|
|
--- dovecot-0.99.11.orig/configure.in 2004-09-04 05:20:19.000000000 -0400
|
|
+++ dovecot-0.99.11/configure.in 2004-11-19 16:36:37.000000000 -0500
|
|
@@ -21,6 +21,20 @@
|
|
# check posix headers
|
|
AC_CHECK_HEADERS(sys/time.h)
|
|
|
|
+AC_ARG_WITH(logindir,
|
|
+[ --with-logindir=DIR LOGIN directory (LOCALSTATEDIR/run/dovecot)],
|
|
+ logindir="$withval",
|
|
+ logindir=\${localstatedir}/run/dovecot/login
|
|
+)
|
|
+AC_SUBST(logindir)
|
|
+
|
|
+AC_ARG_WITH(docdir,
|
|
+[ --with-docdir=DIR directory for documentation (DATADIR/doc/dovecot)],
|
|
+ docdir="$withval",
|
|
+ docdir=\${datadir}/doc/dovecot
|
|
+)
|
|
+AC_SUBST(docdir)
|
|
+
|
|
AC_ARG_ENABLE(ipv6,
|
|
[ --enable-ipv6 Enable IPv6 support (default)],
|
|
if test x$enableval = xno; then
|
|
@@ -180,6 +194,8 @@
|
|
)
|
|
AC_SUBST(ssldir)
|
|
|
|
+AM_CONDITIONAL(BUILD_SSL, test "$want_gnutls" = "yes" -o "$want_openssl" = "yes" )
|
|
+
|
|
AC_ARG_WITH(pop3d,
|
|
[ --with-pop3d Build POP3 server (default)],
|
|
if test x$withval = xno; then
|
|
@@ -1121,6 +1137,13 @@
|
|
AC_MSG_RESULT($i_cv_type_in6_addr)
|
|
fi
|
|
|
|
+if test $i_cv_type_in6_addr = yes; then
|
|
+ listenaddr='[[::]]'
|
|
+else
|
|
+ listenaddr='*'
|
|
+fi
|
|
+AC_SUBST(listenaddr)
|
|
+
|
|
dnl **
|
|
dnl ** storage classes
|
|
dnl **
|
|
@@ -1148,7 +1171,9 @@
|
|
|
|
AC_OUTPUT(
|
|
Makefile
|
|
+dovecot.conf
|
|
doc/Makefile
|
|
+doc/mkcert.sh
|
|
src/Makefile
|
|
src/lib/Makefile
|
|
src/lib-charset/Makefile
|
|
diff -r -u dovecot-0.99.11.orig/doc/Makefile.am dovecot-0.99.11/doc/Makefile.am
|
|
--- dovecot-0.99.11.orig/doc/Makefile.am 2004-05-25 14:21:10.000000000 -0400
|
|
+++ dovecot-0.99.11/doc/Makefile.am 2004-11-19 12:21:31.000000000 -0500
|
|
@@ -1,4 +1,4 @@
|
|
-docdir = $(datadir)/doc/dovecot
|
|
+exampledir=$(docdir)/examples
|
|
|
|
doc_DATA = \
|
|
auth.txt \
|
|
@@ -10,10 +10,13 @@
|
|
nfs.txt \
|
|
securecoding.txt
|
|
|
|
-EXTRA_DIST = \
|
|
+example_DATA = \
|
|
mkcert.sh \
|
|
dovecot-openssl.cnf \
|
|
dovecot-ldap.conf \
|
|
dovecot-mysql.conf \
|
|
- dovecot-pgsql.conf \
|
|
+ dovecot-pgsql.conf
|
|
+
|
|
+EXTRA_DIST = \
|
|
+ $(example_DATA) \
|
|
$(doc_DATA)
|
|
diff -r -u dovecot-0.99.11.orig/Makefile.am dovecot-0.99.11/Makefile.am
|
|
--- dovecot-0.99.11.orig/Makefile.am 2003-05-05 12:46:57.000000000 -0400
|
|
+++ dovecot-0.99.11/Makefile.am 2004-11-22 16:08:01.000000000 -0500
|
|
@@ -1,7 +1,18 @@
|
|
SUBDIRS = src doc
|
|
|
|
confdir = $(sysconfdir)
|
|
-conf_DATA = dovecot-example.conf
|
|
+conf_DATA = dovecot.conf
|
|
+
|
|
+doc_DATA = \
|
|
+ AUTHORS \
|
|
+ COPYING \
|
|
+ COPYING.LGPL \
|
|
+ ChangeLog \
|
|
+ INSTALL \
|
|
+ NEWS \
|
|
+ README \
|
|
+ TODO
|
|
+
|
|
|
|
EXTRA_DIST = \
|
|
config.rpath \
|
|
diff -N -u dovecot-0.99.11.orig/doc/mkcert.sh.in dovecot-0.99.11/doc/mkcert.sh.in
|
|
--- dovecot-0.99.11.orig/doc/mkcert.sh.in 1969-12-31 19:00:00.000000000 -0500
|
|
+++ dovecot-0.99.11/doc/mkcert.sh.in 2004-11-19 13:47:38.000000000 -0500
|
|
@@ -0,0 +1,34 @@
|
|
+#!/bin/sh
|
|
+
|
|
+# Generates a self-signed certificate.
|
|
+# Edit dovecot-openssl.cnf before running this.
|
|
+
|
|
+OPENSSL=${OPENSSL-openssl}
|
|
+SSLDIR=${SSLDIR-@ssldir@}
|
|
+OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
|
|
+
|
|
+CERTFILE=$SSLDIR/certs/@PACKAGE@.pem
|
|
+KEYFILE=$SSLDIR/private/@PACKAGE@.pem
|
|
+
|
|
+if [ ! -d $SSLDIR/certs ]; then
|
|
+ echo "$SSLDIR/certs directory doesn't exist"
|
|
+fi
|
|
+
|
|
+if [ ! -d $SSLDIR/private ]; then
|
|
+ echo "$SSLDIR/private directory doesn't exist"
|
|
+fi
|
|
+
|
|
+if [ -f $CERTFILE ]; then
|
|
+ echo "$CERTFILE already exists, won't overwrite"
|
|
+ exit 1
|
|
+fi
|
|
+
|
|
+if [ -f $KEYFILE ]; then
|
|
+ echo "$KEYFILE already exists, won't overwrite"
|
|
+ exit 1
|
|
+fi
|
|
+
|
|
+$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
|
|
+chmod 0600 $KEYFILE
|
|
+echo
|
|
+$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
|
|
diff -N -u dovecot-0.99.11.orig/dovecot.conf.in dovecot-0.99.11/dovecot.conf.in
|
|
--- dovecot-0.99.11.orig/dovecot.conf.in 1969-12-31 19:00:00.000000000 -0500
|
|
+++ dovecot-0.99.11/dovecot.conf.in 2004-11-19 16:42:03.000000000 -0500
|
|
@@ -0,0 +1,481 @@
|
|
+## Dovecot 1.0 configuration file
|
|
+
|
|
+# Base directory where to store runtime data.
|
|
+#base_dir = @localstatedir@/run/dovecot/
|
|
+
|
|
+# Protocols we want to be serving:
|
|
+# imap imaps pop3 pop3s
|
|
+#protocols = imap imaps
|
|
+
|
|
+# IP or host address where to listen in for connections. It's not currently
|
|
+# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
|
|
+# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4
|
|
+# interfaces depending on the operating system. You can specify ports with
|
|
+# "host:port".
|
|
+imap_listen = @listenaddr@
|
|
+pop3_listen = @listenaddr@
|
|
+
|
|
+# IP or host address where to listen in for SSL connections. Defaults
|
|
+# to above non-SSL equilevants if not specified.
|
|
+#imaps_listen = @listenaddr@
|
|
+#pop3s_listen = @listenaddr@
|
|
+
|
|
+# Disable SSL/TLS support.
|
|
+@BUILD_SSL_TRUE@ssl_disable = no
|
|
+
|
|
+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
|
+# dropping root privileges, so keep the key file unreadable by anyone but
|
|
+# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
|
+# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
|
+@BUILD_SSL_TRUE@ssl_cert_file = @ssldir@/certs/@PACKAGE@.pem
|
|
+@BUILD_SSL_TRUE@ssl_key_file = @ssldir@/private/@PACKAGE@.pem
|
|
+
|
|
+# SSL parameter file. Master process generates this file for login processes.
|
|
+# It contains Diffie Hellman and RSA parameters.
|
|
+@BUILD_SSL_TRUE@ssl_parameters_file = @localstatedir@/run/dovecot/ssl-parameters.dat
|
|
+
|
|
+# How often to regenerate the SSL parameters file. Generation is quite CPU
|
|
+# intensive operation. The value is in hours, 0 disables regeneration
|
|
+# entirely.
|
|
+@BUILD_SSL_TRUE@ssl_parameters_regenerate = 24
|
|
+
|
|
+# Disable LOGIN command and all other plaintext authentications unless
|
|
+# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
|
|
+# IPv6 ::1 addresses are considered secure, this setting has no effect if
|
|
+# you connect from those addresses.
|
|
+#disable_plaintext_auth = yes
|
|
+
|
|
+# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
|
|
+# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
|
|
+#log_path =
|
|
+
|
|
+# For informational messages, use this logfile instead of the default
|
|
+#info_log_path =
|
|
+
|
|
+# Prefix for each line written to log file. % codes are in strftime(3)
|
|
+# format.
|
|
+#log_timestamp = "%b %d %H:%M:%S "
|
|
+
|
|
+##
|
|
+## Login processes
|
|
+##
|
|
+
|
|
+# Directory where authentication process places authentication UNIX sockets
|
|
+# which login needs to be able to connect to. The sockets are created when
|
|
+# running as root, so you don't have to worry about permissions. Note that
|
|
+# everything in this directory is deleted when Dovecot is started.
|
|
+#login_dir = @logindir@
|
|
+
|
|
+# chroot login process to the login_dir. Only reason not to do this is if you
|
|
+# wish to run the whole Dovecot without roots.
|
|
+#login_chroot = yes
|
|
+
|
|
+
|
|
+##
|
|
+## IMAP login process
|
|
+##
|
|
+
|
|
+login = imap
|
|
+
|
|
+# Executable location.
|
|
+#login_executable = @libexecdir@/dovecot/imap-login
|
|
+
|
|
+# User to use for the login process. Create a completely new user for this,
|
|
+# and don't use it anywhere else. The user must also belong to a group where
|
|
+# only it has access, it's used to control access for authentication process.
|
|
+#login_user = dovecot
|
|
+
|
|
+# Set max. process size in megabytes. If you don't use
|
|
+# login_process_per_connection you might need to grow this.
|
|
+#login_process_size = 32
|
|
+
|
|
+# Should each login be processed in it's own process (yes), or should one
|
|
+# login process be allowed to process multiple connections (no)? Yes is more
|
|
+# secure, espcially with SSL/TLS enabled. No is faster since there's no need
|
|
+# to create processes all the time.
|
|
+#login_process_per_connection = yes
|
|
+
|
|
+# Number of login processes to create. If login_process_per_user is
|
|
+# yes, this is the number of extra processes waiting for users to log in.
|
|
+#login_processes_count = 3
|
|
+
|
|
+# Maximum number of extra login processes to create. The extra process count
|
|
+# usually stays at login_processes_count, but when multiple users start logging
|
|
+# in at the same time more extra processes are created. To prevent fork-bombing
|
|
+# we check only once in a second if new processes should be created - if all
|
|
+# of them are used at the time, we double their amount until limit set by this
|
|
+# setting is reached. This setting is used only if login_process_per_use is yes.
|
|
+#login_max_processes_count = 128
|
|
+
|
|
+# Maximum number of connections allowed in login state. When this limit is
|
|
+# reached, the oldest connections are dropped. If login_process_per_user
|
|
+# is no, this is a per-process value, so the absolute maximum number of users
|
|
+# logging in actually login_processes_count * max_logging_users.
|
|
+#login_max_logging_users = 256
|
|
+
|
|
+##
|
|
+## POP3 login process
|
|
+##
|
|
+
|
|
+# Settings default to same as above, so you don't have to set anything
|
|
+# unless you want to override them.
|
|
+
|
|
+login = pop3
|
|
+
|
|
+# Exception to above rule being the executable location.
|
|
+#login_executable = @libexecdir@/dovecot/pop3-login
|
|
+
|
|
+##
|
|
+## Mail processes
|
|
+##
|
|
+
|
|
+# Maximum number of running mail processes. When this limit is reached,
|
|
+# new users aren't allowed to log in.
|
|
+#max_mail_processes = 1024
|
|
+
|
|
+# Show more verbose process titles (in ps). Currently shows user name and
|
|
+# IP address. Useful for seeing who are actually using the IMAP processes
|
|
+# (eg. shared mailboxes or if same uid is used for multiple accounts).
|
|
+#verbose_proctitle = no
|
|
+
|
|
+# Show protocol level SSL errors.
|
|
+@BUILD_SSL_TRUE@verbose_ssl = no
|
|
+
|
|
+# Valid UID range for users, defaults to 500 and above. This is mostly
|
|
+# to make sure that users can't log in as daemons or other system users.
|
|
+# Note that denying root logins is hardcoded to dovecot binary and can't
|
|
+# be done even if first_valid_uid is set to 0.
|
|
+#first_valid_uid = 500
|
|
+#last_valid_uid = 0
|
|
+
|
|
+# Valid GID range for users, defaults to non-root/wheel. Users having
|
|
+# non-valid GID as primary group ID aren't allowed to log in. If user
|
|
+# belongs to supplementary groups with non-valid GIDs, those groups are
|
|
+# not set.
|
|
+#first_valid_gid = 1
|
|
+#last_valid_gid = 0
|
|
+
|
|
+# Grant access to these extra groups for mail processes. Typical use would be
|
|
+# to give "mail" group write access to /var/mail to be able to create dotlocks.
|
|
+#mail_extra_groups =
|
|
+
|
|
+# ':' separated list of directories under which chrooting is allowed for mail
|
|
+# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
|
|
+# This setting doesn't affect login_chroot or auth_chroot variables.
|
|
+# WARNING: Never add directories here which local users can modify, that
|
|
+# may lead to root exploit. Usually this should be done only if you don't
|
|
+# allow shell access for users. See doc/configuration.txt for more information.
|
|
+#valid_chroot_dirs =
|
|
+
|
|
+# Default chroot directory for mail processes. This can be overridden by
|
|
+# giving /./ in user's home directory (eg. /home/./user chroots into /home).
|
|
+#mail_chroot =
|
|
+
|
|
+# Default MAIL environment to use when it's not set. By leaving this empty
|
|
+# dovecot tries to do some automatic detection as described in
|
|
+# doc/mail-storages.txt. There's a few special variables you can use:
|
|
+#
|
|
+# %u - username
|
|
+# %n - user part in user@domain, same as %u if there's no domain
|
|
+# %d - domain part in user@domain, empty if user there's no domain
|
|
+# %h - home directory
|
|
+#
|
|
+# You can also limit a width of string by giving the number of max. characters
|
|
+# after the '%' character. For example %1u gives the first character of
|
|
+# username. Some examples:
|
|
+#
|
|
+# default_mail_env = maildir:/var/mail/%1u/%u/Maildir
|
|
+# default_mail_env = mbox:~/mail/:INBOX=/var/mail/%u
|
|
+# default_mail_env = mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n
|
|
+#
|
|
+#default_mail_env =
|
|
+
|
|
+# Space-separated list of fields to cache for all mails. Currently these
|
|
+# fields are allowed followed by a list of commands they speed up:
|
|
+#
|
|
+# Envelope - FETCH ENVELOPE and SEARCH FROM, TO, CC, BCC, SUBJECT,
|
|
+# SENTBEFORE, SENTON, SENTSINCE, HEADER MESSAGE-ID,
|
|
+# HEADER IN-REPLY-TO
|
|
+# Body - FETCH BODY
|
|
+# Bodystructure - FETCH BODY, BODYSTRUCTURE
|
|
+# MessagePart - FETCH BODY[1.2.3] (ie. body parts), RFC822.SIZE,
|
|
+# SEARCH SMALLER, LARGER, also speeds up BODY/BODYSTRUCTURE
|
|
+# generation. This is always set with mbox mailboxes, and
|
|
+# also default with Maildir.
|
|
+#
|
|
+# Different IMAP clients work in different ways, that's why Dovecot by default
|
|
+# only caches MessagePart which speeds up most operations. Whenever client
|
|
+# does something where caching could be used, the field is automatically marked
|
|
+# to be cached later. For example after FETCH BODY the BODY will be cached
|
|
+# for all new messages. Normally you should leave this alone, unless you know
|
|
+# what most of your IMAP clients are. Caching more fields than needed makes
|
|
+# the index files larger and generate useless I/O.
|
|
+#
|
|
+# With maildir there's one extra optimization - if nothing is cached, indexing
|
|
+# the maildir becomes much faster since it's not opening any of the mail files.
|
|
+# This could be useful if your IMAP clients access only new mails.
|
|
+
|
|
+#mail_cache_fields = MessagePart
|
|
+
|
|
+# Space-separated list of fields that Dovecot should never set to be cached.
|
|
+# Useful if you want to save disk space at the cost of more I/O when the fields
|
|
+# needed.
|
|
+#mail_never_cache_fields =
|
|
+
|
|
+# Workarounds for various client bugs:
|
|
+# oe6-fetch-no-newmail:
|
|
+# Never send EXISTS/RECENT when replying to FETCH command. Outlook Express
|
|
+# seems to think they are FETCH replies and gives user "Message no longer
|
|
+# in server" error. Note that OE6 still breaks even with this workaround
|
|
+# if synchronization is set to "Headers Only".
|
|
+# outlook-idle:
|
|
+# Outlook and Outlook Express never abort IDLE command, so if no mail
|
|
+# arrives in half a hour, Dovecot closes the connection. This is still
|
|
+# fine, except Outlook doesn't connect back so you don't see if new mail
|
|
+# arrives.
|
|
+# outlook-pop3-no-nuls:
|
|
+# Outlook and Outlook Express hang if mails contain NUL characters.
|
|
+# This setting replaces them with 0x80 character.
|
|
+#client_workarounds =
|
|
+
|
|
+# Dovecot can notify client of new mail in selected mailbox soon after it's
|
|
+# received. This setting specifies the minimum interval in seconds between
|
|
+# new mail notifications to client - internally they may be checked more or
|
|
+# less often. Setting this to 0 disables the checking.
|
|
+# NOTE: Evolution client breaks with this option when it's trying to APPEND.
|
|
+#mailbox_check_interval = 0
|
|
+
|
|
+# Like mailbox_check_interval, but used for IDLE command.
|
|
+#mailbox_idle_check_interval = 30
|
|
+
|
|
+# Allow full filesystem access to clients. There's no access checks other than
|
|
+# what the operating system does for the active UID/GID. It works with both
|
|
+# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
|
|
+# or ~user/.
|
|
+#mail_full_filesystem_access = no
|
|
+
|
|
+# Maximum allowed length for custom flag name. It's only forced when trying
|
|
+# to create new flags.
|
|
+#mail_max_flag_length = 50
|
|
+
|
|
+# Save mails with CR+LF instead of plain LF. This makes sending those mails
|
|
+# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
|
|
+# But it also creates a bit more disk I/O which may just make it slower.
|
|
+#mail_save_crlf = no
|
|
+
|
|
+# Use mmap() instead of read() to read mail files. read() seems to be a bit
|
|
+# faster with my Linux/x86 and it's better with NFS, so that's the default.
|
|
+#mail_read_mmaped = no
|
|
+
|
|
+# By default LIST command returns all entries in maildir beginning with dot.
|
|
+# Enabling this option makes Dovecot return only entries which are directories.
|
|
+# This is done by stat()ing each entry, so it causes more disk I/O.
|
|
+# (For systems setting struct dirent->d_type, this check is free and it's
|
|
+# done always regardless of this setting)
|
|
+#maildir_stat_dirs = no
|
|
+
|
|
+# Copy mail to another folders using hard links. This is much faster than
|
|
+# actually copying the file. This is problematic only if something modifies
|
|
+# the mail in one folder but doesn't want it modified in the others. I don't
|
|
+# know any MUA which would modify mail files directly. IMAP protocol also
|
|
+# requires that the mails don't change, so it would be problematic in any case.
|
|
+# If you care about performance, enable it.
|
|
+#maildir_copy_with_hardlinks = no
|
|
+
|
|
+# Check if mails' content has been changed by external programs. This slows
|
|
+# down things as extra stat() needs to be called for each file. If changes are
|
|
+# noticed, the message is treated as a new message, since IMAP protocol
|
|
+# specifies that existing messages are immutable.
|
|
+#maildir_check_content_changes = no
|
|
+
|
|
+# Which locking methods to use for locking mbox. There's three available:
|
|
+# dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
|
|
+# solution. If you want to use /var/mail/ like directory, the users
|
|
+# will need write access to that directory.
|
|
+# fcntl : Use this if possible. Works with NFS too if lockd is used.
|
|
+# flock : May not exist in all systems. Doesn't work with NFS.
|
|
+#
|
|
+# You can use both fcntl and flock too; if you do the order they're declared
|
|
+# with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl
|
|
+# and flock. Some operating systems don't allow using both of them
|
|
+# simultaneously, eg. BSDs. If dotlock is used, it's always created first.
|
|
+#mbox_locks = dotlock fcntl
|
|
+
|
|
+# Should we create dotlock file even when we want only a read-lock? Setting
|
|
+# this to yes hurts the performance when the mailbox is accessed simultaneously
|
|
+# by multiple processes, but it's needed for reliable reading if no other
|
|
+# locking methods are available.
|
|
+#mbox_read_dotlock = no
|
|
+
|
|
+# Maximum time in seconds to wait for lock (all of them) before aborting.
|
|
+#mbox_lock_timeout = 300
|
|
+
|
|
+# If dotlock exists but the mailbox isn't modified in any way, override the
|
|
+# lock file after this many seconds.
|
|
+#mbox_dotlock_change_timeout = 30
|
|
+
|
|
+# umask to use for mail files and directories
|
|
+#umask = 0077
|
|
+
|
|
+# Drop all privileges before exec()ing the mail process. This is mostly
|
|
+# meant for debugging, otherwise you don't get core dumps. Note that setting
|
|
+# this to yes means that log file is opened as the logged in user, which
|
|
+# might not work. It could also be a small security risk if you use single UID
|
|
+# for multiple users, as the users could ptrace() each others processes then.
|
|
+#mail_drop_priv_before_exec = no
|
|
+
|
|
+##
|
|
+## IMAP process
|
|
+##
|
|
+
|
|
+# Executable location
|
|
+#imap_executable = @libexecdir@/dovecot/imap
|
|
+
|
|
+# Set max. process size in megabytes. Most of the memory goes to mmap()ing
|
|
+# files, so it shouldn't harm much even if this limit is set pretty high.
|
|
+#imap_process_size = 256
|
|
+
|
|
+# Support for dynamically loadable modules.
|
|
+#imap_use_modules = no
|
|
+#imap_modules = @moduledir@/imap
|
|
+
|
|
+##
|
|
+## POP3 process
|
|
+##
|
|
+
|
|
+# Executable location
|
|
+#pop3_executable = @libexecdir@/dovecot/pop3
|
|
+
|
|
+# Set max. process size in megabytes. Most of the memory goes to mmap()ing
|
|
+# files, so it shouldn't harm much even if this limit is set pretty high.
|
|
+#pop3_process_size = 256
|
|
+
|
|
+# Support for dynamically loadable modules.
|
|
+#pop3_use_modules = no
|
|
+#pop3_modules = @moduledir@/pop3
|
|
+
|
|
+##
|
|
+## Authentication processes
|
|
+##
|
|
+
|
|
+# An Authentication process is a child process used by Dovecot that
|
|
+# handles the authentication steps. The steps cover an authentication
|
|
+# mechanism (auth_mechanisms, how the client authenticates in the IMAP or
|
|
+# POP3 protocol), which password database should be queried (auth_passdb),
|
|
+# and which user database should be queried (auth_userdb, to obtain
|
|
+# UID, GID, and location of the user's mailbox/home directory).
|
|
+#
|
|
+# You can have multiple processes, though a typical configuration will
|
|
+# have only one. Each time "auth = xx" is seen, a new process
|
|
+# definition is started. The point of multiple processes is to be able
|
|
+# to set stricter permissions. (See auth_user below.)
|
|
+#
|
|
+# Just remember that only one Authentication process is asked for the
|
|
+# password, so you can't have different passwords accessible through
|
|
+# different process definitions (unless they have different
|
|
+# auth_mechanisms, and you're ok with having different password for
|
|
+# each mechanisms).
|
|
+
|
|
+# Authentication process name.
|
|
+auth = default
|
|
+
|
|
+# Specifies how the client authenticates in the IMAP protocol.
|
|
+# Space separated list of permitted authentication mechanisms:
|
|
+# anonymous plain digest-md5 cram-md5
|
|
+#
|
|
+# anonymous - No authentication required.
|
|
+# plain - The password is sent as plain text. All IMAP/POP3 clients
|
|
+# support this, and the password can be encrypted by Dovecot to match
|
|
+# any of the encryption schemes used in password databases.
|
|
+# digest-md5 and cram-md5 - both encrypt the password so it is more
|
|
+# secure in transit, but are not well supported by clients, and
|
|
+# require that the password database use a matching encryption
|
|
+# scheme (or be in plaintext).
|
|
+#
|
|
+# See auth.txt for more details.
|
|
+#
|
|
+# If you are using SSL there is less benefit to digest-md5 and
|
|
+# cram-md5 as the communication is already encrypted.
|
|
+auth_mechanisms = plain
|
|
+
|
|
+# Space separated list of realms for SASL authentication mechanisms that need
|
|
+# them. You can leave it empty if you don't want to support multiple realms.
|
|
+# Many clients simply use the first one listed here, so keep the default realm
|
|
+# first.
|
|
+#auth_realms =
|
|
+
|
|
+# Default realm/domain to use if none was specified. This is used for both
|
|
+# SASL realms and appending @domain to username in plaintext logins.
|
|
+#auth_default_realm =
|
|
+
|
|
+# Where user database is kept:
|
|
+# passwd: /etc/passwd or similiar, using getpwnam()
|
|
+# passwd-file <path>: passwd-like file with specified location
|
|
+# static uid=<uid> gid=<gid> home=<dir template>: static settings
|
|
+# vpopmail: vpopmail library
|
|
+# ldap <config path>: LDAP, see doc/dovecot-ldap.conf
|
|
+# pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf
|
|
+auth_userdb = passwd
|
|
+
|
|
+# Where password database is kept:
|
|
+# passwd: /etc/passwd or similiar, using getpwnam()
|
|
+# shadow: /etc/shadow or similiar, using getspnam()
|
|
+# pam [<service> | *]: PAM authentication
|
|
+# passwd-file <path>: passwd-like file with specified location
|
|
+# vpopmail: vpopmail authentication
|
|
+# ldap <config path>: LDAP, see doc/dovecot-ldap.conf
|
|
+# pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf
|
|
+auth_passdb = pgsql @sysconfdir@/dovecot-pgsql.conf
|
|
+
|
|
+#auth_executable = @libexecdir@/dovecot/dovecot-auth
|
|
+
|
|
+# Set max. process size in megabytes.
|
|
+#auth_process_size = 256
|
|
+
|
|
+# User to use for the process. This user needs access to only user and
|
|
+# password databases, nothing else. Only shadow and pam authentication
|
|
+# requires roots, so use something else if possible. Note that passwd
|
|
+# authentication with BSDs internally accesses shadow files, which also
|
|
+# requires roots.
|
|
+auth_user = root
|
|
+
|
|
+# Directory where to chroot the process. Most authentication backends don't
|
|
+# work if this is set, and there's no point chrooting if auth_user is root.
|
|
+#auth_chroot =
|
|
+
|
|
+# Number of authentication processes to create
|
|
+#auth_count = 1
|
|
+
|
|
+# List of allowed characters in username. If the user-given username contains
|
|
+# a character not listed in here, the login automatically fails. This is just
|
|
+# an extra check to make sure user can't exploit any potential quote escaping
|
|
+# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
|
|
+# set this value to empty.
|
|
+#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
|
|
+
|
|
+# Username to use for users logging in with ANONYMOUS SASL mechanism
|
|
+#auth_anonymous_username = anonymous
|
|
+
|
|
+# More verbose logging. Useful for figuring out why authentication isn't
|
|
+# working.
|
|
+#auth_verbose = no
|
|
+
|
|
+# Even more verbose logging for debugging purposes. Shows for example SQL
|
|
+# queries.
|
|
+#auth_debug = no
|
|
+
|
|
+# digest-md5 authentication process. It requires special MD5 passwords which
|
|
+# /etc/shadow and PAM doesn't support, so we never need roots to handle it.
|
|
+# Note that the passwd-file is opened before chrooting and dropping root
|
|
+# privileges, so it may be 0600-root owned file.
|
|
+
|
|
+#auth = digest_md5
|
|
+#auth_mechanisms = digest-md5
|
|
+#auth_realms =
|
|
+#auth_userdb = passwd-file /etc/passwd.imap
|
|
+#auth_passdb = passwd-file /etc/passwd.imap
|
|
+#auth_user = imapauth
|
|
+#auth_chroot =
|
|
+
|
|
+# if you plan to use only passwd-file, you don't need the two auth processes,
|
|
+# simply set "auth_methods = plain digest-md5"
|