Cross Reference: /dovecot/dovecot-example.conf
dovecot-example.conf revision 861d373feea39d3fe8c3cda75ea25cf418a2e26c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
c797f343be2f3619bb1f5569753166ec49d27bdbChristian Maeder## Dovecot 1.0 configuration file
c797f343be2f3619bb1f5569753166ec49d27bdbChristian Maeder
c797f343be2f3619bb1f5569753166ec49d27bdbChristian Maeder# Default values are shown after each value, it's not required to uncomment
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder# any of the lines. Exception to this are paths, they're just examples
c797f343be2f3619bb1f5569753166ec49d27bdbChristian Maeder# with real defaults being based on configure options. The paths listed here
b4fbc96e05117839ca409f5f20f97b3ac872d1edTill Mossakowski# are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
c797f343be2f3619bb1f5569753166ec49d27bdbChristian Maeder# --with-ssldir=/etc/ssl
c797f343be2f3619bb1f5569753166ec49d27bdbChristian Maeder
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder# Base directory where to store runtime data.
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder#base_dir = /var/run/dovecot/
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder# Protocols we want to be serving:
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder# imap imaps pop3 pop3s
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder#protocols = imap imaps
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder
b190f5c7cf3ddda73724efe5ce82b9585ed76be1Christian Maeder# IP or host address where to listen in for connections. It's not currently
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder# interfaces depending on the operating system. You can specify ports with
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder# "host:port".
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder#listen = *
b645cf3dc1e449038ed291bbd11fcc6e02b2fc7fChristian Maeder
04dada28736b4a237745e92063d8bdd49a362debChristian Maeder# IP or host address where to listen in for SSL connections. Defaults
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# to above if not specified.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#ssl_listen =
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# Disable SSL/TLS support.
89054b2b95a3f92e78324dc852f3d34704e2ca49Christian Maeder#ssl_disable = no
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
8b9fda012e5ee53b7b2320c0638896a0ff6e99f3Christian Maeder# dropping root privileges, so keep the key file unreadable by anyone but
8b9fda012e5ee53b7b2320c0638896a0ff6e99f3Christian Maeder# root. Included doc/mkcert.sh can be used to easily generate self-signed
8b9fda012e5ee53b7b2320c0638896a0ff6e99f3Christian Maeder# certificate, just make sure to update the domains in dovecot-openssl.cnf
8b9fda012e5ee53b7b2320c0638896a0ff6e99f3Christian Maeder#ssl_cert_file = /etc/ssl/certs/dovecot.pem
b190f5c7cf3ddda73724efe5ce82b9585ed76be1Christian Maeder#ssl_key_file = /etc/ssl/private/dovecot.pem
b190f5c7cf3ddda73724efe5ce82b9585ed76be1Christian Maeder
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# SSL parameter file. Master process generates this file for login processes.
04dada28736b4a237745e92063d8bdd49a362debChristian Maeder# It contains Diffie Hellman and RSA parameters.
b190f5c7cf3ddda73724efe5ce82b9585ed76be1Christian Maeder#ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat
b190f5c7cf3ddda73724efe5ce82b9585ed76be1Christian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# How often to regenerate the SSL parameters file. Generation is quite CPU
b645cf3dc1e449038ed291bbd11fcc6e02b2fc7fChristian Maeder# intensive operation. The value is in hours, 0 disables regeneration
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# entirely.
b190f5c7cf3ddda73724efe5ce82b9585ed76be1Christian Maeder#ssl_parameters_regenerate = 24
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# SSL ciphers to use
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#ssl_cipher_list = all:!low
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Disable LOGIN command and all other plaintext authentications unless
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# IPv6 ::1 addresses are considered secure, this setting has no effect if
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# you connect from those addresses.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#disable_plaintext_auth = yes
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#log_path =
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder# For informational messages, use this logfile instead of the default
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder#info_log_path =
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Prefix for each line written to log file. % codes are in strftime(3)
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# format.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#log_timestamp = "%b %d %H:%M:%S "
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder##
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder## Login processes
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder##
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder# Directory where authentication process places authentication UNIX sockets
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# which login needs to be able to connect to. The sockets are created when
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder# running as root, so you don't have to worry about permissions.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#login_dir = /var/run/dovecot/login
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
f4741f6b7da52b5417899c8fcbe4349b920b006eChristian Maeder# chroot login process to the login_dir. Only reason not to do this is if you
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# wish to run the whole Dovecot without roots.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#login_chroot = yes
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
f4741f6b7da52b5417899c8fcbe4349b920b006eChristian Maeder# User to use for the login process. Create a completely new user for this,
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder# and don't use it anywhere else. The user must also belong to a group where
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# only it has access, it's used to control access for authentication process.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#login_user = dovecot
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Set max. process size in megabytes. If you don't use
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# login_process_per_connection you might need to grow this.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#login_process_size = 16
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Should each login be processed in it's own process (yes), or should one
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# login process be allowed to process multiple connections (no)? Yes is more
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# secure, espcially with SSL/TLS enabled. No is faster since there's no need
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# to create processes all the time.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#login_process_per_connection = yes
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Number of login processes to create. If login_process_per_user is
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# yes, this is the number of extra processes waiting for users to log in.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#login_processes_count = 3
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Maximum number of extra login processes to create. The extra process count
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# usually stays at login_processes_count, but when multiple users start logging
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# in at the same time more extra processes are created. To prevent fork-bombing
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# we check only once in a second if new processes should be created - if all
15bb922b665fcd44c6230a1202785d0c7890e90cChristian Maeder# of them are used at the time, we double their amount until limit set by this
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# setting is reached. This setting is used only if login_process_per_use is yes.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#login_max_processes_count = 128
462ec4b2fa3e0e788eb60dcb4aebc518298f342cChristian Maeder
f4741f6b7da52b5417899c8fcbe4349b920b006eChristian Maeder# Maximum number of connections allowed in login state. When this limit is
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# reached, the oldest connections are dropped. If login_process_per_user
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# is no, this is a per-process value, so the absolute maximum number of users
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# logging in actually login_processes_count * max_logging_users.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#login_max_logging_users = 256
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder##
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder## Mail processes
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder##
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# Maximum number of running mail processes. When this limit is reached,
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# new users aren't allowed to log in.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#max_mail_processes = 1024
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Show more verbose process titles (in ps). Currently shows user name and
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# IP address. Useful for seeing who are actually using the IMAP processes
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# (eg. shared mailboxes or if same uid is used for multiple accounts).
04dada28736b4a237745e92063d8bdd49a362debChristian Maeder#verbose_proctitle = no
04dada28736b4a237745e92063d8bdd49a362debChristian Maeder
15bb922b665fcd44c6230a1202785d0c7890e90cChristian Maeder# Show protocol level SSL errors.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#verbose_ssl = no
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
04dada28736b4a237745e92063d8bdd49a362debChristian Maeder# Valid UID range for users, defaults to 500 and above. This is mostly
76fa667489c5e0868ac68de9f0253ac10f73d0b5Christian Maeder# to make sure that users can't log in as daemons or other system users.
76fa667489c5e0868ac68de9f0253ac10f73d0b5Christian Maeder# Note that denying root logins is hardcoded to dovecot binary and can't
76fa667489c5e0868ac68de9f0253ac10f73d0b5Christian Maeder# be done even if first_valid_uid is set to 0.
76fa667489c5e0868ac68de9f0253ac10f73d0b5Christian Maeder#first_valid_uid = 500
76fa667489c5e0868ac68de9f0253ac10f73d0b5Christian Maeder#last_valid_uid = 0
76fa667489c5e0868ac68de9f0253ac10f73d0b5Christian Maeder
76fa667489c5e0868ac68de9f0253ac10f73d0b5Christian Maeder# Valid GID range for users, defaults to non-root/wheel. Users having
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# non-valid GID as primary group ID aren't allowed to log in. If user
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# belongs to supplementary groups with non-valid GIDs, those groups are
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# not set.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#first_valid_gid = 1
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#last_valid_gid = 0
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# ':' separated list of directories under which chrooting is allowed for mail
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# This setting doesn't affect login_chroot or auth_chroot variables.
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# WARNING: Never add directories here which local users can modify, that
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# may lead to root exploit. Usually this should be done only if you don't
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# allow shell access for users. See doc/configuration.txt for more information.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#valid_chroot_dirs =
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
15bb922b665fcd44c6230a1202785d0c7890e90cChristian Maeder# Default chroot directory for mail processes. This can be overridden by
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# giving /./ in user's home directory (eg. /home/./user chroots into /home).
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#mail_chroot =
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# Default MAIL environment to use when it's not set. By leaving this empty
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# dovecot tries to do some automatic detection as described in
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# doc/mail-storages.txt. There's a few special variables you can use:
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# %u - username
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# %n - user part in user@domain, same as %u if there's no domain
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# %d - domain part in user@domain, empty if user there's no domain
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# %h - home directory
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder#
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# You can also limit a width of string by giving the number of max. characters
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# after the '%' character. For example %1u gives the first character of
e76e6a43f51438215737d6fc176c89da05bb86daChristian Maeder# username. Some examples:
ee9eddfa6953868fd6fbaff0d9ff68675a13675aChristian Maeder#
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# default_mail_env = maildir:/var/mail/%1u/%u/Maildir
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# default_mail_env = mbox:~/mail/:INBOX=/var/mail/%u
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# default_mail_env = mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder#
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#default_mail_env =
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# Space-separated list of fields to cache for all mails. Currently these
962d5c684e2b86d1f9c556c096b426e10cc74026Christian Maeder# fields are allowed followed by a list of commands they speed up:
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# Envelope - FETCH ENVELOPE and SEARCH FROM, TO, CC, BCC, SUBJECT,
962d5c684e2b86d1f9c556c096b426e10cc74026Christian Maeder# SENTBEFORE, SENTON, SENTSINCE, HEADER MESSAGE-ID,
962d5c684e2b86d1f9c556c096b426e10cc74026Christian Maeder# HEADER IN-REPLY-TO
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Body - FETCH BODY
962d5c684e2b86d1f9c556c096b426e10cc74026Christian Maeder# Bodystructure - FETCH BODY, BODYSTRUCTURE
962d5c684e2b86d1f9c556c096b426e10cc74026Christian Maeder# MessagePart - FETCH BODY[1.2.3] (ie. body parts), RFC822.SIZE,
962d5c684e2b86d1f9c556c096b426e10cc74026Christian Maeder# SEARCH SMALLER, LARGER, also speeds up BODY/BODYSTRUCTURE
962d5c684e2b86d1f9c556c096b426e10cc74026Christian Maeder# generation. This is always set with mbox mailboxes, and
962d5c684e2b86d1f9c556c096b426e10cc74026Christian Maeder# also default with Maildir.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# Different IMAP clients work in different ways, that's why Dovecot by default
b984ff0ba75221f64451c1e69b3977967d4e99a1Christian Maeder# only caches MessagePart which speeds up most operations. Whenever client
ee9eddfa6953868fd6fbaff0d9ff68675a13675aChristian Maeder# does something where caching could be used, the field is automatically marked
ee9eddfa6953868fd6fbaff0d9ff68675a13675aChristian Maeder# to be cached later. For example after FETCH BODY the BODY will be cached
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# for all new messages. Normally you should leave this alone, unless you know
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# what most of your IMAP clients are. Caching more fields than needed makes
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# the index files larger and generate useless I/O.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# With maildir there's one extra optimization - if nothing is cached, indexing
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# the maildir becomes much faster since it's not opening any of the mail files.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder# This could be useful if your IMAP clients access only new mails.
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder#mail_cache_fields = MessagePart
6cca02cb6a5ae882d887a879f8b7a71941c3715cChristian Maeder
ee9eddfa6953868fd6fbaff0d9ff68675a13675aChristian Maeder# Space-separated list of fields that Dovecot should never set to be cached.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# Useful if you want to save disk space at the cost of more I/O when the fields
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder# needed.
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder#mail_never_cache_fields =
c797f343be2f3619bb1f5569753166ec49d27bdbChristian Maeder
15bb922b665fcd44c6230a1202785d0c7890e90cChristian Maeder# Workarounds for various client bugs:
15bb922b665fcd44c6230a1202785d0c7890e90cChristian Maeder# oe6-fetch-no-newmail:
15bb922b665fcd44c6230a1202785d0c7890e90cChristian Maeder# Never send EXISTS/RECENT when replying to FETCH command. Outlook Express
b645cf3dc1e449038ed291bbd11fcc6e02b2fc7fChristian Maeder# seems to think they are FETCH replies and gives user "Message no longer
# in server" error. Note that OE6 still breaks even with this workaround
# if synchronization is set to "Headers Only".
# oe6-fetch-redundant-msgset:
# If client requests "nextuid:*" messageset, don't return the last message
# as RFC3501 would require. This may considerably improve Dovecot's caching
# decisions for OE6 users.
# outlook-idle:
# Outlook and Outlook Express never abort IDLE command, so if no mail
# arrives in half a hour, Dovecot closes the connection. This is still
# fine, except Outlook doesn't connect back so you don't see if new mail
# arrives.
#client_workarounds =
# Dovecot can notify client of new mail in selected mailbox soon after it's
# received. This setting specifies the minimum interval in seconds between
# new mail notifications to client - internally they may be checked more or
# less often. Setting this to 0 disables the checking.
# NOTE: Evolution client breaks with this option when it's trying to APPEND.
#mailbox_check_interval = 0
# Like mailbox_check_interval, but used for IDLE command.
#mailbox_idle_check_interval = 30
# Allow full filesystem access to clients. There's no access checks other than
# what the operating system does for the active UID/GID. It works with both
# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
# or ~user/.
#mail_full_filesystem_access = no
# Maximum allowed length for mail keyword name. It's only forced when trying
# to create new keywords.
#mail_max_keyword_length = 50
# Save mails with CR+LF instead of plain LF. This makes sending those mails
# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
# But it also creates a bit more disk I/O which may just make it slower.
#mail_save_crlf = no
# Use mmap() instead of read() to read mail files. read() seems to be a bit
# faster with my Linux/x86 and it's better with NFS, so that's the default.
# Note that OpenBSD 3.3 and older don't work right with mail_read_mmaped = yes.
#mail_read_mmaped = no
# Don't use mmap() at all. This is required if you store indexes in remote
# filesystems (NFS or clustered filesystem).
#mmap_disable = no
# Don't write() to mmaped files. This is required for some operating systems
# which use separate caches for them, such as OpenBSD.
#mmap_no_write = no
# Don't use fcntl() locking. Alternatives are dotlocking and other tricks
# which may be slower. Required for NFS.
#fcntl_locks_disable = no
# Copy mail to another folders using hard links. This is much faster than
# actually copying the file. This is problematic only if something modifies
# the mail in one folder but doesn't want it modified in the others. I don't
# know any MUA which would modify mail files directly. IMAP protocol also
# requires that the mails don't change, so it would be problematic in any case.
# If you care about performance, enable it.
#maildir_copy_with_hardlinks = no
# Check if mails' content has been changed by external programs. This slows
# down things as extra stat() needs to be called for each file. If changes are
# noticed, the message is treated as a new message, since IMAP protocol
# specifies that existing messages are immutable.
#maildir_check_content_changes = no
# Which locking methods to use for locking mbox. There's three available:
# dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
# solution. If you want to use /var/mail/ like directory, the users
# will need write access to that directory.
# fcntl : Use this if possible. Works with NFS too if lockd is used.
# flock : May not exist in all systems. Doesn't work with NFS.
#
# You can use both fcntl and flock too; if you do the order they're declared
# with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl
# and flock. Some operating systems don't allow using both of them
# simultaneously, eg. BSDs. If dotlock is used, it's always created first.
#mbox_locks = dotlock fcntl
# Should we create dotlock file even when we want only a read-lock? Setting
# this to yes hurts the performance when the mailbox is accessed simultaneously
# by multiple processes, but it's needed for reliable reading if no other
# locking methods are available.
#mbox_read_dotlock = no
# Maximum time in seconds to wait for lock (all of them) before aborting.
#mbox_lock_timeout = 300
# If dotlock exists but the mailbox isn't modified in any way, override the
# lock file after this many seconds.
#mbox_dotlock_change_timeout = 30
# umask to use for mail files and directories
#umask = 0077
# Drop all privileges before exec()ing the mail process. This is mostly
# meant for debugging, otherwise you don't get core dumps. Note that setting
# this to yes means that log file is opened as the logged in user, which
# might not work. It could also be a small security risk if you use single UID
# for multiple users, as the users could ptrace() each others processes then.
#mail_drop_priv_before_exec = no
# Set max. process size in megabytes. Most of the memory goes to mmap()ing
# files, so it shouldn't harm much even if this limit is set pretty high.
#mail_process_size = 256
##
## IMAP specific settings
##
protocol imap {
# Login executable location.
#login_executable = /usr/libexec/dovecot/imap-login
# IMAP executable location
#mail_executable = /usr/libexec/dovecot/imap
# This would write rawlogs into ~/dovecot.rawlog/ directory:
#mail_executable = /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/imap
# Maximum IMAP command line length in bytes. Some clients generate very long
# command lines with huge mailboxes, so you may need to raise this if you get
# "Too long argument" or "IMAP command line too large" errors often.
#imap_max_line_length = 65536
# Support for dynamically loadable modules.
#mail_use_modules = no
#mail_modules = /usr/lib/dovecot/imap
}
##
## POP3 specific settings
##
protocol pop3 {
# Login executable location.
#login_executable = /usr/libexec/dovecot/pop3-login
# POP3 executable location
#mail_executable = /usr/libexec/dovecot/pop3
# Support for dynamically loadable modules.
#mail_use_modules = no
#mail_modules = /usr/lib/dovecot/pop3
}
##
## Authentication processes
##
# You can have multiple authentication processes. With plaintext authentication
# the password is checked against each process, the first one which succeeds is
# used. This is useful if you want to allow both system users (/etc/passwd)
# and virtual users to login without duplicating the system users into virtual
# database.
# Executable location
#auth_executable = /usr/libexec/dovecot/dovecot-auth
# Set max. process size in megabytes.
#auth_process_size = 256
# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
# Many clients simply use the first one listed here, so keep the default realm
# first.
#auth_realms =
# Default realm to use if none was specified.
#auth_default_realm =
# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous
# More verbose logging. Useful for figuring out why authentication isn't
# working.
#auth_verbose = no
auth default {
# Space separated list of wanted authentication mechanisms:
# plain digest-md5 cram-md5 anonymous
mechanisms = plain
# Where user database is kept:
# passwd: /etc/passwd or similiar, using getpwnam()
# passwd-file <path>: passwd-like file with specified location
# static uid=<uid> gid=<gid> home=<dir template>: static settings
# vpopmail: vpopmail library
# ldap <config path>: LDAP, see doc/dovecot-ldap.conf
# pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf
userdb = passwd
# Where password database is kept:
# passwd: /etc/passwd or similiar, using getpwnam()
# shadow: /etc/shadow or similiar, using getspnam()
# pam [<service> | *]: PAM authentication
# passwd-file <path>: passwd-like file with specified location
# vpopmail: vpopmail authentication
# ldap <config path>: LDAP, see doc/dovecot-ldap.conf
# pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf
passdb = pam
# User to use for the process. This user needs access to only user and
# password databases, nothing else. Only shadow and pam authentication
# requires roots, so use something else if possible. Note that passwd
# authentication with BSDs internally accesses shadow files, which also
# requires roots.
user = root
# Directory where to chroot the process. Most authentication backends don't
# work if this is set, and there's no point chrooting if auth_user is root.
#chroot =
# Number of authentication processes to create
#count = 1
}
# PAM doesn't provide a way to get uid, gid or home directory. If you don't
# want to use a separate user database (passwd usually), you can use static
# userdb.
#auth onlypam {
# mechanisms = plain
# userdb = static uid=500 gid=500 home=/var/mail/%u
# passdb = pam
# user = dovecot-auth
#}
#auth ldap {
# mechanisms = plain
# userdb = ldap /etc/dovecot-ldap.conf
# passdb = ldap /etc/dovecot-ldap.conf
# user = dovecot-auth
#}
#auth virtualfile {
# mechanisms = plain digest-md5
# userdb = passwd-file /etc/passwd.imap
# passdb = passwd-file /etc/passwd.imap
# user = dovecot-auth
#}