dovecot-example.conf revision cb1fd563e6000153d1be76fd8722a096bd144b77
02c335c23bf5fa225a467c19f2c063fb0dc7b8c3Timo Sirainen## Dovecot configuration file
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# If you're in a hurry, see http://wiki.dovecot.org/QuickConfiguration
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# "dovecot -n" command gives a clean output of the changed settings. Use it
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# instead of copy&pasting this file when posting to the Dovecot mailing list.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# '#' character and everything after it is treated as comments. Extra spaces
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# and tabs are ignored. If you want to use either of these explicitly, put the
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# value inside quotes, eg.: key = "# char and trailing whitespace "
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Default values are shown for each setting, it's not required to uncomment
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# any of the lines. Exception to this are paths, they're just examples with
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# the real defaults being based on configure options. The paths listed here
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# --with-ssldir=/etc/ssl
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Base directory where to store runtime data.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Protocols we want to be serving: imap imaps pop3 pop3s
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# If you only want to use dovecot-auth, you can set this to "none".
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#protocols = imap imaps
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# IP or host address where to listen in for connections. It's not currently
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# interfaces depending on the operating system.
fe779565bda49a0ed0476724819c6e3c1340c94bTimo Sirainen# If you want to specify ports for each service, you will need to configure
fe779565bda49a0ed0476724819c6e3c1340c94bTimo Sirainen# these settings inside the protocol imap/pop3 { ... } section, so you can
fe779565bda49a0ed0476724819c6e3c1340c94bTimo Sirainen# specify different ports for IMAP/POP3. For example:
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# protocol imap {
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# listen = *:10143
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# ssl_listen = *:10943
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# protocol pop3 {
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# listen = *:10100
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Disable LOGIN command and all other plaintext authentications unless
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# matches the local IP (ie. you're connecting from the same computer), the
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# connection is considered secure and plaintext authentication is allowed.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#disable_plaintext_auth = yes
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Should all IMAP and POP3 processes be killed when Dovecot master process
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# shuts down. Setting this to "no" means that Dovecot can be upgraded without
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# forcing existing client connections to close (although that could also be
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# a problem if the upgrade is eg. because of a security fix). This however
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# means that after master process has died, the client processes can't write
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# to log files anymore.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#shutdown_clients = yes
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Log file to use for error messages, instead of sending them to syslog.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# /dev/stderr can be used to log into stderr.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Log file to use for informational and debug messages.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Default is the same as log_path.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#info_log_path =
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Prefix for each line written to log file. % codes are in strftime(3)
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#log_timestamp = "%b %d %H:%M:%S "
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Syslog facility to use if you're logging to syslog. Usually if you don't
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# want to use "mail", you'll use local0..local7. Also other standard
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# facilities are supported.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#syslog_facility = mail
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen## SSL settings
1c75bf24894a3fc0631caa4954e5130e9bb01d8dTimo Sirainen# IP or host address where to listen in for SSL connections. Defaults
1c75bf24894a3fc0631caa4954e5130e9bb01d8dTimo Sirainen# to above if not specified.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Disable SSL/TLS support.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#ssl_disable = no
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# dropping root privileges, so keep the key file unreadable by anyone but
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# root. Included doc/mkcert.sh can be used to easily generate self-signed
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# certificate, just make sure to update the domains in dovecot-openssl.cnf
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#ssl_cert_file = /etc/ssl/certs/dovecot.pem
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#ssl_key_file = /etc/ssl/private/dovecot.pem
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# If key file is password protected, give the password here. Alternatively
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# give it when starting dovecot with -p parameter.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#ssl_key_password =
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# File containing trusted SSL certificate authorities. Usually not needed.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# The CAfile should contain the CA-certificate(s) followed by the matching
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# CRL(s). CRL checking is new in dovecot .rc1
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#ssl_ca_file =
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Request client to send a certificate. If you also want to require it, set
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# ssl_require_client_cert=yes in auth section.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#ssl_verify_client_cert = no
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# How often to regenerate the SSL parameters file. Generation is quite CPU
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# intensive operation. The value is in hours, 0 disables regeneration
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#ssl_parameters_regenerate = 168
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# SSL ciphers to use
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#ssl_cipher_list = ALL:!LOW:!SSLv2
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Show protocol level SSL errors.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#verbose_ssl = no
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen## Login processes
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Directory where authentication process places authentication UNIX sockets
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# which login needs to be able to connect to. The sockets are created when
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# running as root, so you don't have to worry about permissions. Note that
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# everything in this directory is deleted when Dovecot is started.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# chroot login process to the login_dir. Only reason not to do this is if you
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_chroot = yes
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# User to use for the login process. Create a completely new user for this,
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# and don't use it anywhere else. The user must also belong to a group where
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# only it has access, it's used to control access for authentication process.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_user = dovecot
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Set max. process size in megabytes. If you don't use
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# login_process_per_connection you might need to grow this.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_process_size = 32
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Should each login be processed in it's own process (yes), or should one
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# login process be allowed to process multiple connections (no)? Yes is more
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# secure, espcially with SSL/TLS enabled. No is faster since there's no need
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# to create processes all the time.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_process_per_connection = yes
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Number of login processes to keep for listening new connections.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_processes_count = 3
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Maximum number of login processes to create. The listening process count
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# usually stays at login_processes_count, but when multiple users start logging
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# in at the same time more extra processes are created. To prevent fork-bombing
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# we check only once in a second if new processes should be created - if all
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# of them are used at the time, we double their amount until the limit set by
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# this setting is reached.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_max_processes_count = 128
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Maximum number of connections allowed per each login process. This setting
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# is used only if login_process_per_connection=no. Once the limit is reached,
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# the process notifies master so that it can create a new login process.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# You should make sure that the process has at least
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# 16 + login_max_connections * 2 available file descriptors.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_max_connections = 256
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Greeting message for clients.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#login_greeting = Dovecot ready.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Space-separated list of elements we want to log. The elements which have
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# a non-empty variable value are joined together to form a comma-separated
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Login log format. %$ contains login_log_format_elements string, %s contains
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# the data we want to log.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#login_log_format = %$: %s
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen## Mailbox locations and namespaces
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Location for users' mailboxes. This is the same as the old default_mail_env
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# setting. The default is empty, which means that Dovecot tries to find the
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# mailboxes automatically. This won't work if the user doesn't have any mail
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# yet, so you should explicitly tell Dovecot the full location.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# kept. This is called the "root mail directory", and it must be the first
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# path given in the mail_location setting.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# There are a few special variables you can use, eg.:
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# %u - username
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# %n - user part in user@domain, same as %u if there's no domain
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# %d - domain part in user@domain, empty if there's no domain
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# %h - home directory
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# See doc/wiki/Variables.txt for full list. Some examples:
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# mail_location = maildir:~/Maildir
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# mail_location = mbox:~/mail:INBOX=/var/mail/%u
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#mail_location =
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# If you need to set multiple mailbox locations or want to change default
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# namespace settings, you can do it by defining namespace sections.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# NOTE: Namespaces currently work ONLY with IMAP! POP3 and LDA currently ignore
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# namespaces completely, they use only the mail_location setting.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# You can have private, shared and public namespaces. The only difference
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# between them is how Dovecot announces them to client via NAMESPACE
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# extension. Shared namespaces are meant for user-owned mailboxes which are
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# shared to other users, while public namespaces are for more globally
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# accessible mailboxes.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# REMEMBER: If you add any namespaces, the default namespace must be added
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# explicitly, ie. mail_location does nothing unless you have a namespace
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# without a location setting. Default namespace is simply done by having a
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# namespace with empty prefix.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#namespace private {
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen # Hierarchy separator to use. You should use the same separator for all
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen # namespaces or some clients get confused. '/' is usually a good one.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen # The default however depends on the underlying mail storage format.
8855b8b57050fe3b6dc3f19283488512fae98648Timo Sirainen # Prefix required to access this namespace. This needs to be different for
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen # all namespaces. For example "Public/".
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen # Physical location of the mailbox. This is in same format as
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen # mail_location, which is also the default for it.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch # There can be only one INBOX, and this setting defines which namespace
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch # If namespace is hidden, it's not advertised to clients via NAMESPACE
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch # extension or shown in LIST replies. This is mostly useful when converting
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch # from another server with different namespaces which you want to depricate
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch # but still keep working. For example you can create hidden namespaces with
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch # prefixes "~/mail/", "~%u/mail/" and "mail/".
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch #hidden = yes
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Grant access to these extra groups for mail processes. Typical use would be
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# to give "mail" group write access to /var/mail to be able to create dotlocks.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#mail_extra_groups =
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Allow full filesystem access to clients. There's no access checks other than
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# what the operating system does for the active UID/GID. It works with both
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#mail_full_filesystem_access = no
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch## Mail processes
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Enable mail process debugging. This can help you figure out why Dovecot
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# isn't finding your mails.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#mail_debug = no
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# possible variables you can use.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#mail_log_prefix = "%Us(%u): "
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Max. number of lines a mail process is allowed to log per second before it's
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# throttled. 0 means unlimited. Typically there's no need to change this
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# unless you're using mail_log plugin, which may log a lot.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#mail_log_max_lines_per_sec = 10
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Don't use mmap() at all. This is required if you store indexes to shared
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# filesystems (NFS or clustered filesystem).
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#mmap_disable = no
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Rely on O_EXCL to work when creating dotlock files. The default is to use
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# hard linking. O_EXCL makes the dotlocking faster, but it doesn't always
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# work with NFS.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#dotlock_use_excl = no
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Don't use fsync() or fdatasync() calls. This makes the performance better
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# at the cost of potential data loss if the server (or the file server)
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#fsync_disable = no
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Disable mailbox list indexing.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#mailbox_list_index_disable = no
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Locking method for index files. Alternatives are fcntl, flock and dotlock.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Dotlocking uses some tricks which may create more disk I/O than other locking
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# methods. NOTE: If you use NFS, remember to change also mmap_disable setting!
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#lock_method = fcntl
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Drop all privileges before exec()ing the mail process. This is mostly
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# meant for debugging, otherwise you don't get core dumps. It could be a small
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# security risk if you use single UID for multiple users, as the users could
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# ptrace() each others processes then.
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#mail_drop_priv_before_exec = no
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Show more verbose process titles (in ps). Currently shows user name and
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# IP address. Useful for seeing who are actually using the IMAP processes
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# (eg. shared mailboxes or if same uid is used for multiple accounts).
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch#verbose_proctitle = no
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Valid UID range for users, defaults to 500 and above. This is mostly
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# to make sure that users can't log in as daemons or other system users.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Note that denying root logins is hardcoded to dovecot binary and can't
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# be done even if first_valid_uid is set to 0.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#first_valid_uid = 500
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#last_valid_uid = 0
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Valid GID range for users, defaults to non-root/wheel. Users having
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# non-valid GID as primary group ID aren't allowed to log in. If user
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# belongs to supplementary groups with non-valid GIDs, those groups are
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#first_valid_gid = 1
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#last_valid_gid = 0
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Maximum number of running mail processes. When this limit is reached,
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# new users aren't allowed to log in.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#max_mail_processes = 1024
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Set max. process size in megabytes. Most of the memory goes to mmap()ing
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# files, so it shouldn't harm much even if this limit is set pretty high.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#mail_process_size = 256
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Maximum allowed length for mail keyword name. It's only forced when trying
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# to create new keywords.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#mail_max_keyword_length = 50
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# Default umask to use for mail files and directories.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# ':' separated list of directories under which chrooting is allowed for mail
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# This setting doesn't affect login_chroot or auth chroot variables.
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# WARNING: Never add directories here which local users can modify, that
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# may lead to root exploit. Usually this should be done only if you don't
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# allow shell access for users. <doc/wiki/Chrooting.txt>
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen#valid_chroot_dirs =
8ccdf195768afdfbc32088d7be77dfca7dddd829Stephan Bosch# Default chroot directory for mail processes. This can be overridden for
02c75e04c6ff80726bb59e3ea34a7995ad1f6f7cTimo Sirainen# specific users in user database by giving /./ in user's home directory
# their mail directory anyway. <doc/wiki/Chrooting.txt>
# flags, date.sent, date.received, size.virtual, size.physical
#auth_executable = /usr/libexec/dovecot/dovecot-auth
# default (usually /etc/krb5.keytab) if not specified.
# path = /var/run/dovecot/auth-master