# -------------------------------------------------------------------------- # Please create a file "extra.conf" for persistent overrides to dovecot.conf # -------------------------------------------------------------------------- # LDAP example: #passdb { # args = /etc/dovecot/ldap/passdb.conf # driver = ldap #} auth_mechanisms = plain login #mail_debug = yes #auth_debug = yes log_path = syslog disable_plaintext_auth = yes # Uncomment on NFS share #mmap_disable = yes #mail_fsync = always #mail_nfs_index = yes #mail_nfs_storage = yes login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k" mail_home = /var/vmail/%d/%n mail_location = maildir:~/ mail_plugins = </etc/dovecot/mail_plugins mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix: mail_attachment_dir = /var/attachments mail_attachment_min_size = 128k # Significantly speeds up very large mailboxes, but is only safe to enable if # you do not manually modify the files in the `cur` directories in # mailcowdockerized_vmail-vol-1. # https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-performance/ maildir_very_dirty_syncs = yes # Dovecot 2.2 #ssl_protocols = !SSLv3 # Dovecot 2.3 ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM # Default in Dovecot 2.3 ssl_options = no_compression no_ticket # New in Dovecot 2.3 ssl_dh = </etc/ssl/mail/dhparams.pem # Dovecot 2.2 #ssl_dh_parameters_length = 2048 log_timestamp = "%Y-%m-%d %H:%M:%S " recipient_delimiter = + auth_master_user_separator = * mail_shared_explicit_inbox = yes mail_prefetch_count = 30 passdb { driver = lua args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes result_success = return-ok result_failure = continue result_internalfail = continue } # try a master passwd passdb { driver = passwd-file args = /etc/dovecot/dovecot-master.passwd master = yes skip = authenticated } # check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail # a return of the following passdb is mandatory passdb { driver = lua args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes } # Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing) service doveadm { inet_listener { port = 12345 } vsz_limit=2048 MB } !include /etc/dovecot/dovecot.folders.conf protocols = imap sieve lmtp pop3 service dict { unix_listener dict { mode = 0660 user = vmail group = vmail } } service log { user = dovenull } service config { unix_listener config { user = root group = vmail mode = 0660 } } service auth { inet_listener auth-inet { port = 10001 } unix_listener auth-master { mode = 0600 user = vmail } unix_listener auth-userdb { mode = 0600 user = vmail } vsz_limit = 2G } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_haproxy { port = 14190 haproxy = yes } service_count = 1 process_min_avail = 2 vsz_limit = 1G } service imap-login { service_count = 1 process_limit = 10000 vsz_limit = 1G user = dovenull inet_listener imap_haproxy { port = 10143 haproxy = yes } inet_listener imaps_haproxy { port = 10993 ssl = yes haproxy = yes } } service pop3-login { service_count = 1 vsz_limit = 1G inet_listener pop3_haproxy { port = 10110 haproxy = yes } inet_listener pop3s_haproxy { port = 10995 ssl = yes haproxy = yes } } service imap { executable = imap user = vmail vsz_limit = 1G } service managesieve { process_limit = 256 } service lmtp { inet_listener lmtp-inet { port = 24 } user = vmail } listen = *,[::] ssl_cert = </etc/ssl/mail/cert.pem ssl_key = </etc/ssl/mail/key.pem userdb { driver = passwd-file args = /etc/dovecot/dovecot-master.userdb } userdb { args = /etc/dovecot/sql/dovecot-dict-sql-userdb.conf driver = sql skip = found } protocol imap { mail_plugins = </etc/dovecot/mail_plugins_imap imap_metadata = yes } mail_attribute_dict = file:%h/dovecot-attributes protocol lmtp { mail_plugins = </etc/dovecot/mail_plugins_lmtp auth_socket_path = /var/run/dovecot/auth-master } protocol sieve { managesieve_logout_format = bytes=%i/%o } plugin { # Allow "any" or "authenticated" to be used in ACLs acl_anyone = </etc/dovecot/acl_anyone acl_shared_dict = file:/var/vmail/shared-mailboxes.db acl = vfile acl_user = %u fts = solr fts_autoindex = yes fts_solr = url=http://solr:8983/solr/dovecot-fts/ quota = dict:Userquota::proxy::sqlquota quota_rule2 = Trash:storage=+100%% sieve = /var/vmail/sieve/%u.sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_vacation_send_from_recipient = yes sieve_redirect_envelope_from = recipient # From elsewhere to Spam folder imapsieve_mailbox1_name = Junk imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve # END # From Spam folder to elsewhere imapsieve_mailbox2_name = * imapsieve_mailbox2_from = Junk imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve # END master_user = %u quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve_pipe_bin_dir = /usr/lib/dovecot/sieve sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_extensions = +notify +imapflags +vacation-seconds +editheader sieve_max_script_size = 1M sieve_max_redirects = 100 sieve_max_actions = 101 sieve_quota_max_scripts = 0 sieve_quota_max_storage = 0 listescape_char = "\\" sieve_vacation_min_period = 5s sieve_vacation_max_period = 0 sieve_vacation_default_period = 60s sieve_before = /var/vmail/sieve/global_sieve_before.sieve sieve_before2 = dict:proxy::sieve_before;name=active;bindir=/var/vmail/sieve_before_bindir sieve_after = dict:proxy::sieve_after;name=active;bindir=/var/vmail/sieve_after_bindir sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve sieve_duplicate_default_period = 1m sieve_duplicate_max_period = 7d # -- Global keys mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem mail_crypt_save_version = 2 # Enable compression while saving, lz4 Dovecot v2.2.11+ zlib_save = lz4 mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_log_cached_only = yes # Try set mail_replica !include_try /etc/dovecot/mail_replica.conf } service quota-warning { executable = script /usr/local/bin/quota_notify.py # use some unprivileged user for executing the quota warnings user = vmail unix_listener quota-warning { user = vmail } } dict { sqlquota = mysql:/etc/dovecot/sql/dovecot-dict-sql-quota.conf sieve_after = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf sieve_before = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf } remote 127.0.0.1 { disable_plaintext_auth = no } submission_host = postfix:588 mail_max_userip_connections = 500 service stats { unix_listener stats-writer { mode = 0660 user = vmail } } imap_max_line_length = 2 M #auth_cache_verify_password_with_worker = yes #auth_cache_negative_ttl = 0 #auth_cache_ttl = 30 s #auth_cache_size = 2 M service replicator { process_min_avail = 1 } service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service replicator { unix_listener replicator-doveadm { mode = 0666 } } replication_max_conns = 10 doveadm_port = 12345 replication_dsync_parameters = -d -l 30 -U -n INBOX # <Includes> !include_try /etc/dovecot/sni.conf !include_try /etc/dovecot/sogo_trusted_ip.conf !include_try /etc/dovecot/extra.conf !include_try /etc/dovecot/sogo-sso.conf !include_try /etc/dovecot/shared_namespace.conf # </Includes> default_client_limit = 10400 default_vsz_limit = 1024 M