雑記帳

dovecotを動かすに当たり、設定のメモを残す。

まずは/etc/dovecot/dovecot.conf

root@pi:/etc/dovecot# diff dovecot.conf dovecot.conf.org
31,32d30
< # *** changed 20/03/12 ***
< listen = *, ::
51,55d48
< disable_plaintext_auth = no
< # ssl = yes
< # ssl_cert = </etc/letsencrypt/keys/0000_key-certbot.pem
< # ssl_key = </etc/letsencrypt/keys/0000_key-certbot.pem
< # auth_mechanisms = plain
root@pi:/etc/dovecot#

次に/etc/dovecot/conf.dに移る。

/etc/dovecot/conf.d/master.conf

root@pi:/etc/dovecot/conf.d# diff 10-master.conf 10-master.conf.org
38,39d37
< # **** changed 20/03/12 ****
<
42c40
< port = 110
---
> #port = 110
45,46c43,50
< port = 995
< ssl = yes
---
> #port = 995
> #ssl = yes
> }
> }
>
> service submission-login {
> inet_listener submission {
> #port = 587
76a81,85
> service submission {
> # Max. number of SMTP Submission processes (connections)
> #process_limit = 1024
> }
>
92,94c101,103
< mode = 0666
< user = postfix
< group = postfix
---
> #mode = 0666
> #user =
> #group =
98,100c107,109
< unix_listener /var/spool/postfix/private/auth {
< mode = 0666
< }
---
> #unix_listener /var/spool/postfix/private/auth {
> # mode = 0666
> #}
root@pi:/etc/dovecot/conf.d# diff 10-master.conf.org 10-master.conf
37a38,39
> # **** changed 20/03/12 ****
>
40c42
< #port = 110
---
> port = 110
43,50c45,46
< #port = 995
< #ssl = yes
< }
< }
<
< service submission-login {
< inet_listener submission {
< #port = 587
---
> port = 995
> ssl = yes
81,85d76
< service submission {
< # Max. number of SMTP Submission processes (connections)
< #process_limit = 1024
< }
<
101,103c92,94
< #mode = 0666
< #user =
< #group =
---
> mode = 0666
> user = postfix
> group = postfix
107,109c98,100
< #unix_listener /var/spool/postfix/private/auth {
< # mode = 0666
< #}
---
> unix_listener /var/spool/postfix/private/auth {
> mode = 0666
> }
root@pi:/etc/dovecot/conf.d#

/etc/dovecot/conf.d/auth.conf

root@pi:/etc/dovecot/conf.d# diff 10-auth.conf 10-auth.conf.org
86,87c86
< # *** enabled 20/03/12 ***
< auth_failure_delay = 10 secs
---
> #auth_failure_delay = 2 secs
101,102c100
< # *** added login 20/03/12 ***
< auth_mechanisms = plain login
---
> auth_mechanisms = plain
root@pi:/etc/dovecot/conf.d#

/etc/dovecot/conf.d/ssl.conf

Lets Encryptの鍵は/etc/ssl/private/...pem に格納される前提。

root@pi:/etc/dovecot/conf.d# diff 10-ssl.conf 10-ssl.conf.org
12,14c12,13
< # **** enabled 20/03/12 ****
< ssl_cert = </etc/ssl/private/pi_homelinux_net-cert.pem
< ssl_key = </etc/ssl//private/pi_homelinux_net-privkey.pem
---
> ssl_cert = </etc/dovecot/private/dovecot.pem
> ssl_key = </etc/dovecot/private/dovecot.key
31,34c30,34
< # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
< # directory is usually /etc/ssl/certs in Debian-based systems and the file is
< # /etc/pki/tls/cert.pem in RedHat-based systems.
< #ssl_client_ca_dir =
---
> # when Dovecot needs to act as an SSL client (e.g. imapc backend or
> # submission service). The directory is usually /etc/ssl/certs in
> # Debian-based systems and the file is /etc/pki/tls/cert.pem in
> # RedHat-based systems.
> ssl_client_ca_dir = /etc/ssl/certs
46,53c46,64
< # DH parameters length to use.
< #ssl_dh_parameters_length = 1024
<
< # SSL protocols to use
< #ssl_protocols = !SSLv3
<
< # SSL ciphers to use
< #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
---
> # SSL DH parameters
> # Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
> # Or migrate from old ssl-parameters.dat file with the command dovecot
> # gives on startup when ssl_dh is unset.
> ssl_dh = </usr/share/dovecot/dh.pem
>
> # Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
> # TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
> #ssl_min_protocol = TLSv1
>
> # SSL ciphers to use, the default is:
> #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
> # To disable non-EC DH, use:
> #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
>
> # Colon separated list of elliptic curves to use. Empty value (the default)
> # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
> # example of a valid value.
> #ssl_curve_list =
62c73,74
< # no_compression - Disable compression.
---
> # compression - Enable compression.
> # no_ticket - Disable SSL session tickets.
root@pi:/etc/dovecot/conf.d#

/etc/dovecot/conf.d/mail.conf

root@pi:/etc/dovecot/conf.d# diff 10-mail.conf 10-mail.conf.org
30c30
< mail_location = maildir:~/Maildir
---
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
114c114
< #mail_privileged_group =
---
> mail_privileged_group = mail
168c168,171
< # Directory in which LDA/LMTP temporarily stores incoming mails >128 kB.
---
> # Directory where mails can be temporarily stored. Usually it's used only for
> # mails larger than >= 128 kB. It's used by various parts of Dovecot, for
> # example LDA/LMTP while delivering large mails or zlib plugin for keeping
> # uncompressed mails.
223c226,235
< #mailbox_list_index = no
---
> #mailbox_list_index = yes
>
> # Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
> # of potentially returning out-of-date results after e.g. server crashes.
> # The results will be automatically fixed once the folders are opened.
> #mailbox_list_index_very_dirty_syncs = yes
>
> # Should INBOX be kept up-to-date in the mailbox list index? By default it's
> # not, because most of the mailbox accesses will open INBOX anyway.
> #mailbox_list_index_include_inbox = no
250a263,275
> # How many slow mail accesses sorting can perform before it returns failure.
> # With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
> # The untagged SORT reply is still returned, but it's likely not correct.
> #mail_sort_max_read_count = 0
>
> protocol !indexer-worker {
> # If folder vsize calculation requires opening more than this many mails from
> # disk (i.e. mail sizes aren't in cache already), return failure and finish
> # the calculation via indexer process. Disabled by default. This setting must
> # be 0 for indexer-worker processes.
> #mail_vsize_bg_after_count = 0
> }
>
350c375
< #mdbox_rotate_size = 2M
---
> #mdbox_rotate_size = 10M
385a411,420
>
> # Settings to control adding $HasAttachment or $HasNoAttachment keywords.
> # By default, all MIME parts with Content-Disposition=attachment, or inlines
> # with filename parameter are consired attachments.
> # add-flags-on-save - Add the keywords when saving new mails.
> # content-type=type or !type - Include/exclude content type. Excluding will
> # never consider the matched MIME part as attachment. Including will only
> # negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar).
> # exclude-inlined - Exclude any Content-Disposition=inline MIME part.
> #mail_attachment_detection_options =
root@pi:/etc/dovecot/conf.d#

とりあえず。