設定


dovecot.conf

設定マスターファイル。
このファイルで他設定ファイルをまとめてIncludeしている。

## Dovecot configuration file

# Protocols we want to be serving.
#protocols = imap pop3 lmtp
規定値でこの3つ。

#listen = *, ::
ListenするIPアドレス(IPv4/v6)。規定値はall。

# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
規定値はconfigure時の$prefix/var/run/dovecot/

#instance_name = dovecot
インスタンス名。複数サーバ時は要ユニーク。
ウチは単体サーバなので規定値で。

#login_greeting = Dovecot ready.
グリーティングメッセージ。
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready. <xx.x.xxxx.XXXXXXXXXXXXXXXXXXX==@xxxxx>
    ↑これ。

#login_trusted_networks =
"普通はIMAP Proxy鯖のIPアドレスとか入れるよね"とある。
disable_plaintext_authの設定無視して平文おkになるので取扱注意。

#login_access_sockets =
TCP Wrapperなどのソケット指定。 サービスの設定も忘れずに。
TCP Wrapper使用時は要--with-libwrap。

#auth_proxy_self =
プロキシ動作時に、該当IPアドレスはプロキシしない(?)
"普通は要らないと思うけど、ロードバランサのIPアドレスとか入れると便利よ。"とある。

#verbose_proctitle = no
yesにすると、psコマンド実行時に以下のような情報が付与される。
/usr/local/sbin/dovecot
dovecot/anvil [2 connections]
dovecot/log
dovecot/config
dovecot/imap-login [1 connections (1 TLS)]
dovecot/auth [0 wait, 0 passdb, 0 userdb]
dovecot/ssl-params
dovecot/imap [hoge xxx.xxx.xxx.xxx]

#shutdown_clients = yes
noにすると、マスタープロセスを殺したときにクライアントは強制切断されなくなるが、
"セキュリティアップデートのときとか問題あるよね多分。"とある。

# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server

#import_environment = TZ
子プロセスに渡したい環境変数をスペース区切りでどうぞ。

dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
dict(ionary)というかindexというかlistというかの参照設定。

!include conf.d/*.conf
設定ファイルのインクルード設定。

!include_try local.conf
こっちだと、もしファイルがなくてもエラーにならない。

10-director.conf

プロキシんときに使うらしいが、わからないのでパス(´・ω・`)

##
## Director-specific settings.
##

# Director can be used by Dovecot proxy to keep a temporary user -> mail server
# mapping. As long as user has simultaneous connections, the user is always
# redirected to the same server. Each proxy server is running its own director
# process, and the directors are communicating the state to each others.
# Directors are mainly useful with NFS-like setups.

# List of IPs or hostnames to all director servers, including ourself.
# Ports can be specified as ip:port. The default port is the same as
# what director service's inet_listener is using.
#director_servers =

# List of IPs or hostnames to all backend mail servers. Ranges are allowed
# too, like 10.0.0.10-10.0.0.30.
#director_mail_servers =

# How long to redirect users to a specific server after it no longer has
# any connections.
#director_user_expire = 15 min

# TCP/IP port that accepts doveadm connections (instead of director connections)
# If you enable this, you'll also need to add inet_listener for the port.
#director_doveadm_port = 0

# To enable director service, uncomment the modes and assign a port.
service director {
  unix_listener login/director {
    #mode = 0666
  }
  fifo_listener login/proxy-notify {
    #mode = 0666
  }
  unix_listener director-userdb {
    #mode = 0600
  }
  inet_listener {
    #port =
  }
}

# Enable director for the wanted login services by telling them to
# connect to director socket instead of the default login socket:
service imap-login {
  #executable = imap-login director
}
service pop3-login {
  #executable = pop3-login director
}

# Enable director for LMTP proxying:
protocol lmtp {
  #auth_socket_path = director-userdb
}

10-auth.conf

認証に関する設定。

##
## 認証処理
##
disable_plaintext_auth = yes
yesで、TLS/SSLじゃない平文認証を無効にする。
ただしサーバと同IPアドレスからのアクセスは平文おkになるモヨリ。
あとlogin_trusted_networksのIPアドレスも。

#auth_cache_size = 0
0で、認証時キャッシュ無効。単位はkb。
キャッシュ有効時はbsdauth,PAM,vpopmailはcache_keyパラメタ設定(auth-system.conf.ext内)が必要。

#auth_cache_ttl = 1 hour
キャッシュのTTL。
"今のところ平文認証だけね。"とある。

#auth_cache_negative_ttl = 1 hour
ユーザが居ない、パスワード違う、などのキャッシュTTL。
0だとそういうのはキャッシュしない。

#auth_realms =
SASL認証機構のレルムリスト。

#auth_default_realm =
レルムの規定値指定。

#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
ユーザ名に使える文字リスト。SQLインジェクション防止の一手立てとして。

#auth_username_translation =
ユーザ名の文字列変換リスト。元先元先・・・でリストする。
"例えば#@/@だと#と/を@に変換するよ。"とある。

#auth_username_format =
ユーザ名書式。
%Luは全部小文字に、%nはユーザ名、%dはドメイン。

# If you want to allow master users to log in by specifying the master
# username within the normal username string (ie. not using SASL mechanism's
# support for it), you can specify the separator character here. The format
# is then <username><separator><master username>. UW-IMAP uses "*" as the
# separator, so that could be a good choice.
#auth_master_user_separator =

#auth_anonymous_username = anonymous
匿名SASLのときのユーザ名。

#auth_worker_max_count = 30
authプロセスの最大数。

#auth_gssapi_hostname =
GSSAPIプリンシパル名。
"未指定のときはgethostname()の戻り値、$ALLで全部のkeytabね。"とある。

#auth_krb5_keytab =
Kerberos認証のkeytabファイル指定。
"未指定時はシステム規定値ね。"とある。

#auth_use_winbind = no
yesで、NTLMおよびGSS-SPENGO認証のときにSambaのwinbindを使う。

#auth_winbind_helper_path = /usr/bin/ntlm_auth
Sambaのntlm_authヘルパコマンドの指定。

#auth_failure_delay = 2 secs
認証失敗時に返事するまでの遅延値。

#auth_ssl_require_client_cert = no
yesで、SSLクライアント証明書がなければ認証失敗。

#auth_ssl_username_from_cert = no
yesで、SSLクライアント証明書からユーザ名引っ張る。

auth_mechanisms = cram-md5 apop
認証機構のリスト。
ウチではIMAPにcram-md5、POP3にAPOPを使用。
APOPは平文を使うことに注意。
"使えるのは
plain login digest-md5 cram-md5 ntlm 
rpa apop anonymous gssapi otp skey gss-spnego
ね。"とある。

##
## パスワードとユーザーデータベース
##
ユーザ名とパスワードのリストやDB。
必要なファイルをIncludeする。
#!include auth-deny.conf.ext
#!include auth-master.conf.ext

#!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

10-logging.conf

ログに関する設定。

##
## ログ吐き先
##
#log_path = syslog
エラーメッセージ用ログファイル指定。
"syslogならsyslogに、/dev/stderrなら標準エラー出力にだすよ。"とある。

#info_log_path =
情報用ログファイル指定。
"規定値はlog_pathだよ。"とある。

#debug_log_path =
デバッグ情報用ログファイル指定。
"規定値はlog_pathだよ。"とある。

#syslog_facility = mail
syslogのファシリティ指定。

##
## 冗長出力とデバッグ出力
##
#auth_verbose = no
yesで、認証失敗時の理由も出力する。らしい。

#auth_verbose_passwords = no
パスワードが違ったとき、試したパスワードを出力する。らしい。
"no plain sha1のどれかね。sha1だとブルートフォースがすぐわかって便利よ。"とある。

#auth_debug = no
yesで、認証時のデバッグ出力を行う。

#auth_debug_passwords = no
yesで、パスワードが違ったとき、パスワードとスキームを出力する。らしい。
"auth_debugも有効にしてね。"とある。

#mail_debug = no
yesで、メールプロセス(?)のデバッグログを有効にする。

#verbose_ssl = no
yesで、SSL/TLSプロトコルの冗長出力を行う。

ログに変化はあるものの、今ひとつわからないので「らしい」とした(´・ω・`)


# mail_log plugin はもっと多くのメール処理イベントをログに出すよ。
plugin {
  # Events to log. Also available: flag_change append
  #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  # Available fields: uid, box, msgid, from, subject, size, vsize, flags
  # size and vsize are available only for expunge and copy events.
  #mail_log_fields = uid box msgid size
}

##
## ログ書式
##
#log_timestamp = "%b %d %H:%M:%S "
ログのプレフィクス。
"%書式はman 3 strftimeで。"的な。

#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
ログインログの要素。

#login_log_format = %$: %s
ログインログの書式。
"%$はlogin_log_format_elements、%sはデータね。"とある。

#mail_log_prefix = "%s(%u): "
メールプロセスログのプレフィクス。
"変数はVariables.txt読んでね。"とある。
$prefix/share/doc/dovecot/wiki/Variables.txt参照。

# Format to use for logging mail deliveries. You can use variables:
#  %$ - Delivery status message (e.g. "saved to INBOX")
#  %m - Message-ID
#  %s - Subject
#  %f - From address
#  %p - Physical size
#  %w - Virtual size
#deliver_log_format = msgid=%m: %$
LDA(Local Delivery Agent)のログ書式。

10-mail.conf

メールボックスに関する設定。

##
## Mailboxの場所とネームスペース
##
#mail_location =
規定値は空。以下の順番で自動で見つけてくれるモヨリ。
1. maildir: ~/Maildir
2. mbox: ~/mail, and /var/mail/%u if it exists
3. mbox: ~/Mail, and /var/mail/%u if it exists
ダメだった場合は明示してね。だそうで。

namespace inbox {
  # Namespace type: private, shared or public
  #type = private

  # Hierarchy separator to use. You should use the same separator for all
  # namespaces or some clients get confused. '/' is usually a good one.
  # The default however depends on the underlying mail storage format.
  #separator =

  # Prefix required to access this namespace. This needs to be different for
  # all namespaces. For example "Public/".
  #prefix =

  # Physical location of the mailbox. This is in same format as
  # mail_location, which is also the default for it.
  #location =

  # There can be only one INBOX, and this setting defines which namespace
  # has it.
  inbox = yes

  # If namespace is hidden, it's not advertised to clients via NAMESPACE
  # extension. You'll most likely also want to set list=no. This is mostly
  # useful when converting from another server with different namespaces which
  # you want to deprecate but still keep working. For example you can create
  # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
  #hidden = no
 
  # Show the mailboxes under this namespace with LIST command. This makes the
  # namespace visible for clients that don't support NAMESPACE extension.
  # "children" value lists child mailboxes, but hides the namespace prefix.
  #list = yes

  # Namespace handles its own subscriptions. If set to "no", the parent
  # namespace handles them (empty prefix should always have this as "yes")
  #subscriptions = yes
}

# Example shared namespace configuration
#namespace {
  #type = shared
  #separator = /

  # Mailboxes are visible under "shared/user@domain/"
  # %%n, %%d and %%u are expanded to the destination user.
  #prefix = shared/%%u/

  # Mail location for other users' mailboxes. Note that %variables and ~/
  # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
  # destination user's data.
  #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u

  # Use the default namespace for saving subscriptions.
  #subscriptions = no

  # List the shared/ namespace only if there are visible shared mailboxes.
  #list = children
#}
# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
#mail_shared_explicit_inbox = yes

# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names. <doc/wiki/UserIds.txt>
#mail_uid =
#mail_gid =

# Group to enable temporarily for privileged operations. Currently this is
# used only with INBOX when either its initial creation or dotlocking fails.
# Typically this is set to "mail" to give access to /var/mail.
#mail_privileged_group =

# Grant access to these supplementary groups for mail processes. Typically
# these are used to set up access to shared mailboxes. Note that it may be
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
#mail_access_groups =

# Allow full filesystem access to clients. There's no access checks other than
# what the operating system does for the active UID/GID. It works with both
# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
# or ~user/.
#mail_full_filesystem_access = no

##
## Mailプロセス
##
#mmap_disable = no
yesでmmap()を使わない。
IndexをNFSやクラスタFSに載せてる場合にdisableにする必要があるよ。とのこと。
 
#dotlock_use_excl = yes
yesでO_EXCLでロックファイルを作る。
今時のNFSは規定値だよね。とのこと。

#mail_fsync = optimized
fsync()するかどうか。規定値はoptimized。
alwaysはNFSで使うといい感じ。
neverは高速だけどなんかあったらデータ消失ね。とのこと。

#mail_nfs_storage = no
NFSにメールデータがあるならyes。NFSキャッシュを必要に応じてフラッシュする。
メールサーバが一つのときは要らないよ。とのこと。

# Mail index files also exist in NFS. Setting this to yes requires
# mmap_disable=yes and fsync_disable=no.
#mail_nfs_index = no
IndexもNFSにあるならyes。
yesで使うならmmap_disable=yes、fsync_disable=noにしないとだめだよ。とのこと。

# Locking method for index files. Alternatives are fcntl, flock and dotlock.
# Dotlocking uses some tricks which may create more disk I/O than other locking
# methods. NFS users: flock doesn't work, remember to change mmap_disable.
#lock_method = fcntl
Indexのロック方法。fcntl、flock、dotlock。

#mail_temp_dir = /tmp
LDA/LMTPが使う、128kb以上のメールの一時保管場所。

# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0

# Valid GID range for users, defaults to non-root/wheel. Users having
# non-valid GID as primary group ID aren't allowed to log in. If user
# belongs to supplementary groups with non-valid GIDs, those groups are
# not set.
#first_valid_gid = 1
#last_valid_gid = 0

# Maximum allowed length for mail keyword name. It's only forced when trying
# to create new keywords.
#mail_max_keyword_length = 50

# ':' separated list of directories under which chrooting is allowed for mail
# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
# This setting doesn't affect login_chroot, mail_chroot or auth chroot
# settings. If this setting is empty, "/./" in home dirs are ignored.
# WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you don't
# allow shell access for users. <doc/wiki/Chrooting.txt>
#valid_chroot_dirs =

# Default chroot directory for mail processes. This can be overridden for
# specific users in user database by giving /./ in user's home directory
# (eg. /home/./user chroots into /home). Note that usually there is no real
# need to do chrooting, Dovecot doesn't allow users to access files outside
# their mail directory anyway. If your home directories are prefixed with
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
#mail_chroot =

# UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda.
#auth_socket_path = /var/run/dovecot/auth-userdb

# Directory where to look up mail plugins.
#mail_plugin_dir = /usr/lib/dovecot

# Space separated list of plugins to load for all services. Plugins specific to
# IMAP, LDA, etc. are added to this list in their own .conf files.
#mail_plugins =

##
## Mailbox取扱最適化
##
 
# The minimum number of mails in a mailbox before updates are done to cache
# file. This allows optimizing Dovecot's behavior to do less disk writes at
# the cost of more disk reads.
#mail_cache_min_mail_count = 0

# When IDLE command is running, mailbox is checked once in a while to see if
# there are any new mails or other changes. This setting defines the minimum
# time to wait between those checks. Dovecot can also use dnotify, inotify and
# kqueue to find out immediately when changes occur.
#mailbox_idle_check_interval = 30 secs

# Save mails with CR+LF instead of plain LF. This makes sending those mails
# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
# But it also creates a bit more disk I/O which may just make it slower.
# Also note that if other software reads the mboxes/maildirs, they may handle
# the extra CRs wrong and cause problems.
#mail_save_crlf = no

# Max number of mails to keep open and prefetch to memory. This only works with
# some mailbox formats and/or operating systems.
#mail_prefetch_count = 0

# How often to scan for stale temporary files and delete them (0 = never).
# These should exist only after Dovecot dies in the middle of saving mails.
#mail_temp_scan_interval = 1w

##
## Maildir仕様設定
##
# By default LIST command returns all entries in maildir beginning with a dot.
# Enabling this option makes Dovecot return only entries which are directories.
# This is done by stat()ing each entry, so it causes more disk I/O.
# (For systems setting struct dirent->d_type, this check is free and it's
# done always regardless of this setting)
#maildir_stat_dirs = no

# When copying a message, do it with hard links whenever possible. This makes
# the performance much better, and it's unlikely to have any side effects.
#maildir_copy_with_hardlinks = yes

# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
# when its mtime changes unexpectedly or when we can't find the mail otherwise.
#maildir_very_dirty_syncs = no

# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
# getting the mail's physical size, except when recalculating Maildir++ quota.
# This can be useful in systems where a lot of the Maildir filenames have a
# broken size. The performance hit for enabling this is very small.
#maildir_broken_filename_sizes = no

##
## mbox仕様設定
##

# Which locking methods to use for locking mbox. There are four available:
#  dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
#           solution. If you want to use /var/mail/ like directory, the users
#           will need write access to that directory.
#  dotlock_try: Same as dotlock, but if it fails because of permissions or
#               because there isn't enough disk space, just skip it.
#  fcntl  : Use this if possible. Works with NFS too if lockd is used.
#  flock  : May not exist in all systems. Doesn't work with NFS.
#  lockf  : May not exist in all systems. Doesn't work with NFS.
#
# You can use multiple locking methods; if you do the order they're declared
# in is important to avoid deadlocks if other MTAs/MUAs are using multiple
# locking methods as well. Some operating systems don't allow using some of
# them simultaneously.
#mbox_read_locks = fcntl
#mbox_write_locks = dotlock fcntl

# Maximum time to wait for lock (all of them) before aborting.
#mbox_lock_timeout = 5 mins

# If dotlock exists but the mailbox isn't modified in any way, override the
# lock file after this much time.
#mbox_dotlock_change_timeout = 2 mins

# When mbox changes unexpectedly we have to fully read it to find out what
# changed. If the mbox is large this can take a long time. Since the change
# is usually just a newly appended mail, it'd be faster to simply read the
# new mails. If this setting is enabled, Dovecot does this but still safely
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
# how it's expected to be. The only real downside to this setting is that if
# some other MUA changes message flags, Dovecot doesn't notice it immediately.
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
# commands.
#mbox_dirty_syncs = yes

# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored.
#mbox_very_dirty_syncs = no

# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK
# commands and when closing the mailbox). This is especially useful for POP3
# where clients often delete all mails. The downside is that our changes
# aren't immediately visible to other MUAs.
#mbox_lazy_writes = yes

# If mbox size is smaller than this (e.g. 100k), don't write index files.
# If an index file already exists it's still read, just not updated.
#mbox_min_index_size = 0

# Mail header selection algorithm to use for MD5 POP3 UIDLs when
# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired
# algorithm, but it fails if the first Received: header isn't unique in all
# mails. An alternative algorithm is "all" that selects all headers.
#mbox_md5 = apop3d

##
## mdbox仕様設定
##

# Maximum dbox file size until it's rotated.
#mdbox_rotate_size = 2M

# Maximum dbox file age until it's rotated. Typically in days. Day begins
# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
#mdbox_rotate_interval = 0

# When creating new mdbox files, immediately preallocate their size to
# mdbox_rotate_size. This setting currently works only in Linux with some
# filesystems (ext4, xfs).
#mdbox_preallocate_space = no

##
## 添付ファイル
##
# sdbox と mdbox は添付ファイルを外部ファイルに保存できます。
# 他のバックエンドはサポートしてないです、今のところ。
# 警告:この機能はまだ十分にテストされてないので自己責任で使ってね。

# Directory root where to store mail attachments. Disabled, if empty.
#mail_attachment_dir =

# Attachments smaller than this aren't saved externally. It's also possible to
# write a plugin to disable saving specific attachments externally.
#mail_attachment_min_size = 128k

# Filesystem backend to use for saving attachments:
#  posix : No SiS done by Dovecot (but this might help FS's own deduplication)
#  sis posix : SiS with immediate byte-by-byte comparison during saving
#  sis-queue posix : SiS with delayed comparison and deduplication
#mail_attachment_fs = sis posix

# Hash format to use in attachment filenames. You can add any text and
# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
#mail_attachment_hash = %{sha1}

10-master.conf

各種プロセスの設定。

#default_process_limit = 100
プロセス数の規定値。
#default_client_limit = 1000
接続クライアント数の規定値。

#default_vsz_limit = 256M
プロセスのVSZ(VirtualMemorySize)上限。
メモリリークして食いつぶす前にプロセス殺すよ。とのこと。

#default_login_user = dovenull
各loginプロセスが内部で使うシステムユーザ。
Dovecotで一番信用できないユーザです。他にアクセスできないようなユーザにすること。とのこと。

#default_internal_user = dovecot
loginプロセス以外で使うシステムユーザ。

service imap-login {
  inet_listener imap {
    #port = 143
    IMAPのListenPort。標準は143。
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
    IMAPSのListenPort。標準は993。
  }

  #service_count = 1
  1で接続ごとにプロセス生成する(安全)。規定値。
  0で全部の接続を相手する(高速だが安全ではない)

  #process_min_avail = 0
  最小待ち受けアイドルプロセス数。
  プロセス生成コストと接続数をみて調整。

  #vsz_limit = $default_vsz_limit
  もしservice_count=0にするなら、増やさないとダメかもね。とのこと。
}

service pop3-login {
  inet_listener pop3 {
     #port = 110
     POP3のListenPort。標準は110。
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
    POP3SのListenPort。標準は995。
  }
}

使ってないのでパス。
service lmtp {
  unix_listener lmtp {
    #mode = 0666
  }

  # Create inet listener only if you can't use the above UNIX socket
  #inet_listener lmtp {
    # Avoid making LMTP visible for the entire internet
    #address =
    #port =
  #}
}

service imap {
  #vsz_limit = $default_vsz_limit
  巨大なメールボックスのときは増やした方がいいかもね。とのこと。

  #process_limit = 1024
  ログイン後の処理をするプロセスの最大数。
}

service pop3 {
  #process_limit = 1024
  ログイン後の処理をするプロセスの最大数。
}

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
  # full permissions to this socket are able to get a list of all usernames and
  # get the results of everyone's userdb lookups.
  #
  # The default 0666 mode allows anyone to connect to the socket, but the
  # userdb lookups will succeed only if the userdb returns an "uid" field that
  # matches the caller process's UID. Also if caller's uid or gid matches the
  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
  #
  # To give the caller full permissions to lookup all users, set the mode to
  # something else than 0666 and Dovecot lets the kernel enforce the
  # permissions (e.g. 0777 allows everyone full permissions).
  unix_listener auth-userdb {
    #mode = 0666
    #user =
    #group =
  }

  PostfixでDovecotSASLを使用するときの設定。
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

  # Auth process is run as this user.
  #user = $default_internal_user
}

service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  #user = root
}

service dict {
  # If dict proxy is used, mail processes should have access to its socket.
  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
  unix_listener dict {
    #mode = 0600
    #user =
    #group =
  }
}

10-ssl.conf

SSLに関する設定。

##
## SSL設定
##
#ssl = yes
yesでSSL/TLSを使う。
requiredは平文でない認証機構でもSSL/TLSを使う?

ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
鍵と証明書。

#ssl_key_password =
鍵にパスワードつけた場合、ここに書いておく。

#ssl_ca =
CA証明書。クライアント証明書認証を使うときだけ必要。
 
#ssl_require_crl = yes
yesで、クライアント証明書認証でCRLチェックに成功する必要がある。

#ssl_verify_client_cert = no
クライアント証明書を検証する。
auth_ssl_require_client_cert=yesにする必要がある。

#ssl_cert_username_field = commonName
ユーザ名が証明書のどのフィールドか定義する。
auth_ssl_username_from_cert=yesにする必要がある。

#ssl_parameters_regenerate = 168
SSLパラメータファイルを再生成する時間(hour)。0で再生成しない。

#ssl_protocols = !SSLv2
使用プロトコル。↑でTLSv1 SSLv3と同じかと。
TLSv1.1とか1.2は指定できなかった(´・ω・`)

#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
使用Chipherリスト。

#ssl_crypto_device =
SSLハードウェアエンジンの指定。

15-lda.conf

LDA(Local Delivery Agent)の設定。
LDAはコマンドとして呼ばれるのに対し、
LMTPはソケット待ち受けする。
ウチはバックエンドもないのでPostfixのLMTP共々使っていない。

##
## LDA仕様設定(LMTPでも使うよ)
##
#postmaster_address =
リジェクションメールなどの送信元メールアドレス。
規定値はpostmaster@<your domain>

#hostname =
ヘッダなどで使われるホスト名。
規定値はシステムのホスト名。

#quota_full_tempfail = no
Quotaフルのとき、バウンスの代わりにTemporary Failureを送る。

#sendmail_path = /usr/sbin/sendmail
メール送信コマンド。

#submission_host =
sendmailを使う代わりにSMTPで送付するためのホスト[:ポート]指定。
空だとsendmailを使う。

#rejection_subject = Rejected: %s
リジェクションメールのSubject:。

#rejection_reason = Your message to <%t> was automatically rejected:%n%r
メール本文。
%n = CRLF, %r = reason, %s = original subject, %t = recipient

#recipient_delimiter = +
メールアドレスのローカルパートと詳細のデリミタ。

#lda_original_recipient_header =
オリジナルの送信先アドレスが取れなかったときのアドレス。
X-Original-To:で使う。
dovecot-lda -aで上書き。

#lda_mailbox_autocreate = no
メールボックスがない時、自動的に作るか。
yesで、作る。

#lda_mailbox_autosubscribe = no
自動的に作ったメールボックスを自動的に購読するか。
yesで、購読する

プラグインを使うならここで設定。
規定値は$mail_plugins(10-mail.conf)。
protocol lda {
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
}

15-mailboxes.conf

メールボックスの定義。
ウチでは規定値のままいじってない。

##
## メールボックス定義
##
# 注意:前提として10-mail.confで"namespace inbox"が定義済みとします。
namespace inbox {

  #mailbox name {
    # auto=create will automatically create this mailbox.
    # auto=subscribe will both create and subscribe to the mailbox.
    #auto = no

    # Space separated list of IMAP SPECIAL-USE attributes as specified by
    # RFC 6154: \All \Archive \Drafts \Flagged \Junk \Sent \Trash
    #special_use =
  #}

  # These mailboxes are widely used and could perhaps be created automatically:
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Trash {
    special_use = \Trash
  }

  # For \Sent mailboxes there are two widely used names. We'll mark both of
  # them as \Sent. User typically deletes one of them if duplicates are created.
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }

  # If you have a virtual "All messages" mailbox:
  #mailbox virtual/All {
  #  special_use = \All
  #}

  # If you have a virtual "Flagged" mailbox:
  #mailbox virtual/Flagged {
  #  special_use = \Flagged
  #}
}

20-imap.conf

IMAPの設定。

##
## IMAP仕様設定
##
protocol imap {
  #imap_max_line_length = 64k
  IMAPコマンドラインの最大長。
  いくつかのクライアントは巨大メールボックスに対し超長いの送ってくるから
  そういうときは"Too long argument" とか "IMAP command line too large" みたいな
  エラー出るから値を大きくしてね。とのこと。

  #mail_max_userip_connections = 10
  同じIPアドレスからの最大接続数。

  #mail_plugins = $mail_plugins
  プラグインの設定。規定値はmail_plugins(10-mail.conf)

  #imap_logout_format = in=%i out=%o
  ログアウト時の書式。
  %i 合計受信byte数
  %o 合計送信byte数

  #imap_capability =
  IMAP CAPABILITYの指定。+をつけると追記。

  #imap_idle_notify_interval = 2 mins
  IDLE時の"OK Still here"通知間隔。

  # ID field names and values to send to clients. Using * as the value makes
  # Dovecot use the default value. The following fields have default values
  # currently: name, version, os, os-version, support-url, support-email.
  #imap_id_send =

  # ID fields sent by client to log. * means everything.
  #imap_id_log =

  # いろんなクライアントのバグ回避策:
  #   delay-newmail:
  #     NOOPとCHECKの応答でのみEXISTSとRECENTで新着メールを通知します。
  #     いくつかのクライアント、例えばOS X Mail(<v2.1)などは新着メール通知を無視します。
  #     Outlook Expressはもっと酷くて、delay-newmailオプションをつけない場合
  #     "Message no longer in server"エラーを表示するかも。
  #     注意:OE6で同期を"ヘッダのみ"にしている場合、このオプションを使用してもダメちゃんです。
  #   tb-extra-mailbox-sep:
  #     mboxとdboxでLAYOUT=fsを使うとThunderbirdは混乱して、メールボックス名に'/'を付与します。
  #     このオプションはDovecotに不正なメールボックス名として扱わず、余計な'/'を無視させます。
  #   tb-lsub-flags:
  #     mboxなどでLAYOUT=fsを使うとLSUBで\Noselectフラグをつけても表示しちゃいます。
  #     tb-lsub-flagsは"not selectable"ポップアップエラーのかわりに
  #     グレーアウトして選択できなくします。
  #
  # 半角スペースで区切って並べてね。
  #imap_client_workarounds =
}

20-lmtp.conf

LMTPの設定。
LDAの設定もつかうよ。

##
## LMTP仕様設定
##
# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
#lmtp_proxy = no

# When recipient address includes the detail (e.g. user+detail), try to save
# the mail to the detail mailbox. See also recipient_delimiter and
# lda_mailbox_autocreate settings.
#lmtp_save_to_detail_mailbox = no

protocol lmtp {
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
}

20-pop3.conf

POP3の設定。

##
## POP3 specific settings
##
protocol pop3 {
  # Don't try to set mails non-recent or seen with POP3 sessions. This is
  # mostly intended to reduce disk I/O. With maildir it doesn't move files
  # from new/ to cur/, with mbox it doesn't write Status-header.
  #pop3_no_flag_updates = no

  # Support LAST command which exists in old POP3 specs, but has been removed
  # from new ones. Some clients still wish to use this though. Enabling this
  # makes RSET command clear all \Seen flags from messages.
  #pop3_enable_last = no

  # If mail has X-UIDL header, use it as the mail's UIDL.
  #pop3_reuse_xuidl = no

  # Keep the mailbox locked for the entire POP3 session.
  #pop3_lock_session = no

  # POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
  # Many POP3 servers violate this by returning the sizes with LF linefeeds,
  # because it's faster to get. When this setting is enabled, Dovecot still
  # tries to do the right thing first, but if that requires opening the
  # message, it fallbacks to the easier (but incorrect) size.
  #pop3_fast_size_lookups = no

  # POP3 UIDL (unique mail identifier) format to use. You can use following
  # variables, along with the variable modifiers described in
  # doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
  #
  #  %v - Mailbox's IMAP UIDVALIDITY
  #  %u - Mail's IMAP UID
  #  %m - MD5 sum of the mailbox headers in hex (mbox only)
  #  %f - filename (maildir only)
  #  %g - Mail's GUID
  #
  # If you want UIDL compatibility with other POP3 servers, use:
  #  UW's ipop3d         : %08Xv%08Xu
  #  Courier             : %f or %v-%u (both might be used simultaneosly)
  #  Cyrus (<= 2.1.3)    : %u
  #  Cyrus (>= 2.1.4)    : %v.%u
  #  Dovecot v0.99.x     : %v.%u
  #  tpop3d              : %Mf
  #
  # Note that Outlook 2003 seems to have problems with %v.%u format which was
  # Dovecot's default, so if you're building a new server it would be a good
  # idea to change this. %08Xu%08Xv should be pretty fail-safe.
  #
  #pop3_uidl_format = %08Xu%08Xv

  # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
  # won't change those UIDLs. Currently this works only with Maildir.
  #pop3_save_uidl = no

  # What to do about duplicate UIDLs if they exist?
  #   allow: Show duplicates to clients.
  #   rename: Append a temporary -2, -3, etc. counter after the UIDL.
  #pop3_uidl_duplicates = allow

  # POP3 logout format string:
  #  %i - total number of bytes read from client
  #  %o - total number of bytes sent to client
  #  %t - number of TOP commands
  #  %p - number of bytes sent to client as a result of TOP command
  #  %r - number of RETR commands
  #  %b - number of bytes sent to client as a result of RETR command
  #  %d - number of deleted messages
  #  %m - number of messages (before deletion)
  #  %s - mailbox size in bytes (before deletion)
  #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
  #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s

  # Maximum number of POP3 connections allowed for a user from each IP address.
  # NOTE: The username is compared case-sensitively.
  #mail_max_userip_connections = 10
 
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins

  # Workarounds for various client bugs:
  #   outlook-no-nuls:
  #     Outlook and Outlook Express hang if mails contain NUL characters.
  #     This setting replaces them with 0x80 character.
  #   oe-ns-eoh:
  #     Outlook Express and Netscape Mail breaks if end of headers-line is
  #     missing. This option simply sends it if it's missing.
  # The list is space-separated.
  #pop3_client_workarounds =
}

90-acl.conf

ACLの設定。

##
## メールボックスアクセスコントロールリスト
##
# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
# You can also optionally give a global ACL directory path where ACLs are
# applied to all users' mailboxes. The global ACL directory contains
# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
# specifies how many seconds to wait between stat()ing dovecot-acl file
# to see if it changed.
plugin {
  #acl = vfile:/etc/dovecot/global-acls:cache_secs=300
}

# To let users LIST mailboxes shared by other users, Dovecot needs a
# shared mailbox dictionary. For example:
plugin {
  #acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
}

90-plugin.conf

Pluginの設定。
QuotaとかFullTextSearch?とかなんかいっぱい。

##
## Plugin settings
##
# All wanted plugins must be listed in mail_plugins setting before any of the
# settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and
# their configuration. Note that %variable expansion is done for all values.

plugin {
  #setting_name = value
}

90-quota.conf

Quotaについては別途ファイルがある。

##
## Quota configuration.
##

# Note that you also have to enable quota plugin in mail_plugins setting.
# <doc/wiki/Quota.txt>

##
## Quota limits
##

# Quota limits are set using "quota_rule" parameters. To get per-user quota
# limits, you can set/override them by returning "quota_rule" extra field
# from userdb. It's also possible to give mailbox-specific limits, for example
# to give additional 100 MB when saving to Trash:

plugin {
  #quota_rule = *:storage=1G
  #quota_rule2 = Trash:storage=+100M
}

##
## Quota warnings
##

# You can execute a given command when user exceeds a specified quota limit.
# Each quota root has separate limits. Only the command for the first
# exceeded limit is excecuted, so put the highest limit first.
# The commands are executed via script service by connecting to the named
# UNIX socket (quota-warning below).
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.

plugin {
  #quota_warning = storage=95%% quota-warning 95 %u
  #quota_warning2 = storage=80%% quota-warning 80 %u
}

# Example quota-warning service. The unix listener's permissions should be
# set in a way that mail processes can connect to it. Below example assumes
# that mail processes run as vmail user. If you use mode=0666, all system users
# can generate quota warnings to anyone.
#service quota-warning {
#  executable = script /usr/local/bin/quota-warning.sh
#  user = dovecot
#  unix_listener quota-warning {
#    user = vmail
#  }
#}

##
## Quota backends
##

# Multiple backends are supported:
#   dirsize: Find and sum all the files found from mail directory.
#            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
#   dict: Keep quota stored in dictionary (eg. SQL)
#   maildir: Maildir++ quota
#   fs: Read-only support for filesystem quota

plugin {
  #quota = dirsize:User quota
  #quota = maildir:User quota
  #quota = dict:User quota::proxy::quota
  #quota = fs:User quota
}

# Multiple quota roots are also possible, for example this gives each user
# their own 100MB quota and one shared 1GB quota within the domain:
plugin {
  #quota = dict:user::proxy::quota
  #quota2 = dict:domain:%d:proxy::quota_domain
  #quota_rule = *:storage=102400
  #quota2_rule = *:storage=1048576
}

トップ   編集 凍結解除 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2012-07-23 (月) 23:43:19 (1741d)