2019-07-15 10:48:16 +00:00
|
|
|
default_process_limit = 200
|
|
|
|
#default_client_limit = 1000
|
|
|
|
|
|
|
|
# Default VSZ (virtual memory size) limit for service processes. This is mainly
|
|
|
|
# intended to catch and kill processes that leak memory before they eat up
|
|
|
|
# everything.
|
|
|
|
#default_vsz_limit = 256M
|
|
|
|
|
|
|
|
# Login user is internally used by login processes. This is the most untrusted
|
|
|
|
# user in Dovecot system. It shouldn't have access to anything at all.
|
|
|
|
#default_login_user = dovenull
|
|
|
|
|
|
|
|
# Internal user is used by unprivileged processes. It should be separate from
|
|
|
|
# login user, so that login processes can't disturb other processes.
|
|
|
|
#default_internal_user = dovecot
|
|
|
|
|
|
|
|
service imap-login {
|
|
|
|
inet_listener imap {
|
|
|
|
#port = 143
|
|
|
|
#disable non-ssl imap
|
2019-07-15 20:51:36 +00:00
|
|
|
port = 0
|
2019-07-15 10:48:16 +00:00
|
|
|
}
|
|
|
|
inet_listener imaps {
|
2019-07-15 20:51:36 +00:00
|
|
|
port = 993
|
|
|
|
ssl = yes
|
2019-07-15 10:48:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Number of connections to handle before starting a new process. Typically
|
|
|
|
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
|
|
|
# is faster. <doc/wiki/LoginProcess.txt>
|
|
|
|
#service_count = 1
|
|
|
|
|
|
|
|
# Number of processes to always keep waiting for more connections.
|
|
|
|
#process_min_avail = 0
|
|
|
|
|
|
|
|
# If you set service_count=0, you probably need to grow this.
|
|
|
|
#vsz_limit = $default_vsz_limit
|
|
|
|
}
|
|
|
|
|
|
|
|
service pop3-login {
|
|
|
|
inet_listener pop3 {
|
|
|
|
#port = 110
|
|
|
|
}
|
|
|
|
inet_listener pop3s {
|
|
|
|
#port = 995
|
|
|
|
#ssl = yes
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
service lmtp {
|
|
|
|
unix_listener lmtp {
|
|
|
|
#mode = 0666
|
|
|
|
}
|
|
|
|
|
|
|
|
# Create inet listener only if you can't use the above UNIX socket
|
|
|
|
inet_listener lmtp {
|
|
|
|
# Avoid making LMTP visible for the entire internet
|
|
|
|
#address = 127.0.0.1
|
|
|
|
port = 24
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
service imap {
|
|
|
|
# Most of the memory goes to mmap()ing files. You may need to increase this
|
|
|
|
# limit if you have huge mailboxes.
|
|
|
|
#vsz_limit = $default_vsz_limit
|
|
|
|
|
|
|
|
# Max. number of IMAP processes (connections)
|
|
|
|
#process_limit = 1024
|
|
|
|
}
|
|
|
|
|
|
|
|
service pop3 {
|
|
|
|
# Max. number of POP3 processes (connections)
|
|
|
|
#process_limit = 1024
|
|
|
|
}
|
|
|
|
|
|
|
|
service auth {
|
|
|
|
# auth_socket_path points to this userdb socket by default. It's typically
|
|
|
|
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
|
|
|
|
# full permissions to this socket are able to get a list of all usernames and
|
|
|
|
# get the results of everyone's userdb lookups.
|
|
|
|
#
|
|
|
|
# The default 0666 mode allows anyone to connect to the socket, but the
|
|
|
|
# userdb lookups will succeed only if the userdb returns an "uid" field that
|
|
|
|
# matches the caller process's UID. Also if caller's uid or gid matches the
|
|
|
|
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
|
|
|
|
#
|
|
|
|
# To give the caller full permissions to lookup all users, set the mode to
|
|
|
|
# something else than 0666 and Dovecot lets the kernel enforce the
|
|
|
|
# permissions (e.g. 0777 allows everyone full permissions).
|
|
|
|
unix_listener auth-userdb {
|
|
|
|
#mode = 0666
|
|
|
|
#user =
|
|
|
|
#group =
|
|
|
|
}
|
|
|
|
|
|
|
|
# Postfix smtp-auth
|
|
|
|
#unix_listener /var/spool/postfix/private/auth {
|
|
|
|
# mode = 0666
|
|
|
|
#}
|
|
|
|
|
|
|
|
# Auth process is run as this user.
|
|
|
|
#user = $default_internal_user
|
|
|
|
}
|
|
|
|
|
|
|
|
service auth-worker {
|
|
|
|
# Auth worker process is run as root by default, so that it can access
|
|
|
|
# /etc/shadow. If this isn't necessary, the user should be changed to
|
|
|
|
# $default_internal_user.
|
|
|
|
#user = root
|
|
|
|
}
|
|
|
|
|
|
|
|
service dict {
|
|
|
|
# If dict proxy is used, mail processes should have access to its socket.
|
|
|
|
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
|
|
|
|
unix_listener dict {
|
|
|
|
#mode = 0600
|
|
|
|
#user =
|
|
|
|
#group =
|
|
|
|
}
|
|
|
|
}
|