Commit a15710d4 authored by Lars Beckers's avatar Lars Beckers
Browse files

dovecot: add options to finetune security concerns

parent d7579d52
Pipeline #2989 passed with stage
in 1 minute and 31 seconds
......@@ -37,6 +37,8 @@ dovecot_sieve: 'file:~/sieve;active=~/.dovecot.sieve'
# They may disappear without prior notice and/or may not work as expected.
dovecot_process_limit: 100
dovecot_client_limit: 1000
dovecot_disable_imap_starttls: false
dovecot_postfix_public_private_partnership: true
dovecot_imap_idle_interval: '29 mins'
dovecot_imap_max_userip_connections: 40
dovecot_lda_mailbox_autocreate: false
......
......@@ -15,9 +15,11 @@ default_client_limit = {{ dovecot_client_limit }}
#default_internal_user = dovecot
service imap-login {
{% if not dovecot_disable_imap_starttls %}
inet_listener imap {
port = 143
}
{% endif %}
inet_listener imaps {
port = 993
ssl = yes
......@@ -42,10 +44,10 @@ service imap-login {
#}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
# Create inet listener only if you can't use the above UNIX socket
......@@ -92,13 +94,17 @@ service auth {
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
{% if dovecot_postfix_public_private_partnership %}
mode = 0666
{% else %}
mode = 0660
{% endif %}
user = postfix
group = postfix
}
# Auth process is run as this user.
# user = $default_internal_user
user = dovecot
group = dovecot
#user = $default_internal_user
}
service auth-worker {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment