dovecot-example.conf revision 861d373feea39d3fe8c3cda75ea25cf418a2e26c
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo## Dovecot 1.0 configuration file
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Default values are shown after each value, it's not required to uncomment
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# any of the lines. Exception to this are paths, they're just examples
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# with real defaults being based on configure options. The paths listed here
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# --with-ssldir=/etc/ssl
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Base directory where to store runtime data.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#base_dir = /var/run/dovecot/
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Protocols we want to be serving:
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# imap imaps pop3 pop3s
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#protocols = imap imaps
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# IP or host address where to listen in for connections. It's not currently
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# interfaces depending on the operating system. You can specify ports with
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# "host:port".
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# IP or host address where to listen in for SSL connections. Defaults
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# to above if not specified.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#ssl_listen =
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Disable SSL/TLS support.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#ssl_disable = no
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# dropping root privileges, so keep the key file unreadable by anyone but
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# root. Included doc/mkcert.sh can be used to easily generate self-signed
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# certificate, just make sure to update the domains in dovecot-openssl.cnf
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#ssl_cert_file = /etc/ssl/certs/dovecot.pem
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#ssl_key_file = /etc/ssl/private/dovecot.pem
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# SSL parameter file. Master process generates this file for login processes.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# It contains Diffie Hellman and RSA parameters.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# How often to regenerate the SSL parameters file. Generation is quite CPU
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# intensive operation. The value is in hours, 0 disables regeneration
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#ssl_parameters_regenerate = 24
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# SSL ciphers to use
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#ssl_cipher_list = all:!low
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Disable LOGIN command and all other plaintext authentications unless
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# IPv6 ::1 addresses are considered secure, this setting has no effect if
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# you connect from those addresses.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#disable_plaintext_auth = yes
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# For informational messages, use this logfile instead of the default
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#info_log_path =
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Prefix for each line written to log file. % codes are in strftime(3)
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#log_timestamp = "%b %d %H:%M:%S "
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo## Login processes
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Directory where authentication process places authentication UNIX sockets
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# which login needs to be able to connect to. The sockets are created when
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# running as root, so you don't have to worry about permissions.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# chroot login process to the login_dir. Only reason not to do this is if you
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# wish to run the whole Dovecot without roots.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#login_chroot = yes
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# User to use for the login process. Create a completely new user for this,
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# and don't use it anywhere else. The user must also belong to a group where
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# only it has access, it's used to control access for authentication process.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#login_user = dovecot
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Set max. process size in megabytes. If you don't use
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# login_process_per_connection you might need to grow this.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#login_process_size = 16
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Should each login be processed in it's own process (yes), or should one
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# login process be allowed to process multiple connections (no)? Yes is more
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# secure, espcially with SSL/TLS enabled. No is faster since there's no need
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# to create processes all the time.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#login_process_per_connection = yes
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Number of login processes to create. If login_process_per_user is
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# yes, this is the number of extra processes waiting for users to log in.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#login_processes_count = 3
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Maximum number of extra login processes to create. The extra process count
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# usually stays at login_processes_count, but when multiple users start logging
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# in at the same time more extra processes are created. To prevent fork-bombing
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# we check only once in a second if new processes should be created - if all
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# of them are used at the time, we double their amount until limit set by this
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# setting is reached. This setting is used only if login_process_per_use is yes.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#login_max_processes_count = 128
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Maximum number of connections allowed in login state. When this limit is
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# reached, the oldest connections are dropped. If login_process_per_user
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# is no, this is a per-process value, so the absolute maximum number of users
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# logging in actually login_processes_count * max_logging_users.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#login_max_logging_users = 256
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo## Mail processes
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Maximum number of running mail processes. When this limit is reached,
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# new users aren't allowed to log in.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#max_mail_processes = 1024
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# Show more verbose process titles (in ps). Currently shows user name and
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# IP address. Useful for seeing who are actually using the IMAP processes
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo# (eg. shared mailboxes or if same uid is used for multiple accounts).
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo#verbose_proctitle = no
# allow shell access for users. See doc/configuration.txt for more information.
# doc/mail-storages.txt. There's a few special variables you can use:
# MessagePart - FETCH BODY[1.2.3] (ie. body parts), RFC822.SIZE,
# SEARCH SMALLER, LARGER, also speeds up BODY/BODYSTRUCTURE
#auth_executable = /usr/libexec/dovecot/dovecot-auth
# userdb = ldap /etc/dovecot-ldap.conf
# passdb = ldap /etc/dovecot-ldap.conf
# userdb = passwd-file /etc/passwd.imap
# passdb = passwd-file /etc/passwd.imap