Commit 9b9fddb8 authored by Lars Beckers's avatar Lars Beckers
Browse files

dovecot: add options to finetune security concerns

parent 6b97c423
...@@ -37,6 +37,8 @@ dovecot_sieve: 'file:~/sieve;active=~/.dovecot.sieve' ...@@ -37,6 +37,8 @@ dovecot_sieve: 'file:~/sieve;active=~/.dovecot.sieve'
# They may disappear without prior notice and/or may not work as expected. # They may disappear without prior notice and/or may not work as expected.
dovecot_process_limit: 100 dovecot_process_limit: 100
dovecot_client_limit: 1000 dovecot_client_limit: 1000
dovecot_disable_imap_starttls: false
dovecot_postfix_public_private_partnership: true
dovecot_imap_idle_interval: '29 mins' dovecot_imap_idle_interval: '29 mins'
dovecot_imap_max_userip_connections: 40 dovecot_imap_max_userip_connections: 40
dovecot_lda_mailbox_autocreate: false dovecot_lda_mailbox_autocreate: false
......
...@@ -15,9 +15,11 @@ default_client_limit = {{ dovecot_client_limit }} ...@@ -15,9 +15,11 @@ default_client_limit = {{ dovecot_client_limit }}
#default_internal_user = dovecot #default_internal_user = dovecot
service imap-login { service imap-login {
{% if not dovecot_disable_imap_starttls %}
inet_listener imap { inet_listener imap {
port = 143 port = 143
} }
{% endif %}
inet_listener imaps { inet_listener imaps {
port = 993 port = 993
ssl = yes ssl = yes
...@@ -42,10 +44,10 @@ service imap-login { ...@@ -42,10 +44,10 @@ service imap-login {
#} #}
service lmtp { service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix mode = 0600
mode = 0600 user = postfix
user = postfix group = postfix
} }
# Create inet listener only if you can't use the above UNIX socket # Create inet listener only if you can't use the above UNIX socket
...@@ -92,13 +94,17 @@ service auth { ...@@ -92,13 +94,17 @@ service auth {
# Postfix smtp-auth # Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth { unix_listener /var/spool/postfix/private/auth {
{% if dovecot_postfix_public_private_partnership %}
mode = 0666 mode = 0666
{% else %}
mode = 0660
{% endif %}
user = postfix
group = postfix
} }
# Auth process is run as this user. # Auth process is run as this user.
# user = $default_internal_user #user = $default_internal_user
user = dovecot
group = dovecot
{% if dovecot_client_limit != 1000 %} {% if dovecot_client_limit != 1000 %}
client_limit = {{ dovecot_client_limit * 2 }} client_limit = {{ dovecot_client_limit * 2 }}
{% endif %} {% endif %}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment