![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
設定マスターファイル。
このファイルで他設定ファイルをまとめてIncludeしている。
## Dovecot configuration file
# Protocols we want to be serving.
#protocols = imap pop3 lmtp
規定値でこの3つ。
#listen = *, ::
ListenするIPアドレス(IPv4/v6)。規定値はall。
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
規定値はconfigure時の$prefix/var/run/dovecot/
#instance_name = dovecot
インスタンス名。複数サーバ時は要ユニーク。
ウチは単体サーバなので規定値で。
#login_greeting = Dovecot ready.
グリーティングメッセージ。
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready. <xx.x.xxxx.XXXXXXXXXXXXXXXXXXX==@xxxxx>
↑これ。
#login_trusted_networks =
"普通はIMAP Proxy鯖のIPアドレスとか入れるよね"とある。
disable_plaintext_authの設定無視して平文おkになるので取扱注意。
#login_access_sockets =
TCP Wrapperなどのソケット指定。 サービスの設定も忘れずに。
TCP Wrapper使用時は要--with-libwrap。
#auth_proxy_self =
プロキシ動作時に、該当IPアドレスはプロキシしない(?)
"普通は要らないと思うけど、ロードバランサのIPアドレスとか入れると便利よ。"とある。
#verbose_proctitle = no
yesにすると、psコマンド実行時に以下のような情報が付与される。
/usr/local/sbin/dovecot
dovecot/anvil [2 connections]
dovecot/log
dovecot/config
dovecot/imap-login [1 connections (1 TLS)]
dovecot/auth [0 wait, 0 passdb, 0 userdb]
dovecot/ssl-params
dovecot/imap [hoge xxx.xxx.xxx.xxx]
#shutdown_clients = yes
noにすると、マスタープロセスを殺したときにクライアントは強制切断されなくなるが、
"セキュリティアップデートのときとか問題あるよね多分。"とある。
# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
#import_environment = TZ
子プロセスに渡したい環境変数をスペース区切りでどうぞ。
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
dict(ionary)というかindexというかlistというかの参照設定。
!include conf.d/*.conf
設定ファイルのインクルード設定。
!include_try local.conf
こっちだと、もしファイルがなくてもエラーにならない。
プロキシんときに使うらしいが、わからないのでパス(´・ω・`)
##
## Director-specific settings.
##
# Director can be used by Dovecot proxy to keep a temporary user -> mail server
# mapping. As long as user has simultaneous connections, the user is always
# redirected to the same server. Each proxy server is running its own director
# process, and the directors are communicating the state to each others.
# Directors are mainly useful with NFS-like setups.
# List of IPs or hostnames to all director servers, including ourself.
# Ports can be specified as ip:port. The default port is the same as
# what director service's inet_listener is using.
#director_servers =
# List of IPs or hostnames to all backend mail servers. Ranges are allowed
# too, like 10.0.0.10-10.0.0.30.
#director_mail_servers =
# How long to redirect users to a specific server after it no longer has
# any connections.
#director_user_expire = 15 min
# TCP/IP port that accepts doveadm connections (instead of director connections)
# If you enable this, you'll also need to add inet_listener for the port.
#director_doveadm_port = 0
# To enable director service, uncomment the modes and assign a port.
service director {
unix_listener login/director {
#mode = 0666
}
fifo_listener login/proxy-notify {
#mode = 0666
}
unix_listener director-userdb {
#mode = 0600
}
inet_listener {
#port =
}
}
# Enable director for the wanted login services by telling them to
# connect to director socket instead of the default login socket:
service imap-login {
#executable = imap-login director
}
service pop3-login {
#executable = pop3-login director
}
# Enable director for LMTP proxying:
protocol lmtp {
#auth_socket_path = director-userdb
}
認証に関する設定。
## ## 認証処理 ## disable_plaintext_auth = yes yesで、TLS/SSLじゃない平文認証を無効にする。 ただしサーバと同IPアドレスからのアクセスは平文おkになるモヨリ。 あとlogin_trusted_networksのIPアドレスも。 #auth_cache_size = 0 0で、認証時キャッシュ無効。単位はkb。 キャッシュ有効時はbsdauth,PAM,vpopmailはcache_keyパラメタ設定(auth-system.conf.ext内)が必要。 #auth_cache_ttl = 1 hour キャッシュのTTL。 "今のところ平文認証だけね。"とある。 #auth_cache_negative_ttl = 1 hour ユーザが居ない、パスワード違う、などのキャッシュTTL。 0だとそういうのはキャッシュしない。 #auth_realms = SASL認証機構のレルムリスト。 #auth_default_realm = レルムの規定値指定。 #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ ユーザ名に使える文字リスト。SQLインジェクション防止の一手立てとして。 #auth_username_translation = ユーザ名の文字列変換リスト。元先元先・・・でリストする。 "例えば#@/@だと#と/を@に変換するよ。"とある。 #auth_username_format = ユーザ名書式。 %Luは全部小文字に、%nはユーザ名、%dはドメイン。 # If you want to allow master users to log in by specifying the master # username within the normal username string (ie. not using SASL mechanism's # support for it), you can specify the separator character here. The format # is then <username><separator><master username>. UW-IMAP uses "*" as the # separator, so that could be a good choice. #auth_master_user_separator = #auth_anonymous_username = anonymous 匿名SASLのときのユーザ名。 #auth_worker_max_count = 30 authプロセスの最大数。 #auth_gssapi_hostname = GSSAPIプリンシパル名。 "未指定のときはgethostname()の戻り値、$ALLで全部のkeytabね。"とある。 #auth_krb5_keytab = Kerberos認証のkeytabファイル指定。 "未指定時はシステム規定値ね。"とある。 #auth_use_winbind = no yesで、NTLMおよびGSS-SPENGO認証のときにSambaのwinbindを使う。 #auth_winbind_helper_path = /usr/bin/ntlm_auth Sambaのntlm_authヘルパコマンドの指定。 #auth_failure_delay = 2 secs 認証失敗時に返事するまでの遅延値。 #auth_ssl_require_client_cert = no yesで、SSLクライアント証明書がなければ認証失敗。 #auth_ssl_username_from_cert = no yesで、SSLクライアント証明書からユーザ名引っ張る。 auth_mechanisms = cram-md5 apop 認証機構のリスト。 ウチではIMAPにcram-md5、POP3にAPOPを使用。 APOPは平文を使うことに注意。 "使えるのは plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey gss-spnego ね。"とある。 ## ## パスワードとユーザーデータベース ## ユーザ名とパスワードのリストやDB。 必要なファイルをIncludeする。 #!include auth-deny.conf.ext #!include auth-master.conf.ext #!include auth-system.conf.ext #!include auth-sql.conf.ext #!include auth-ldap.conf.ext !include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-vpopmail.conf.ext #!include auth-static.conf.ext
ログに関する設定。
##
## ログ吐き先
##
#log_path = syslog
エラーメッセージ用ログファイル指定。
"syslogならsyslogに、/dev/stderrなら標準エラー出力にだすよ。"とある。
#info_log_path =
情報用ログファイル指定。
"規定値はlog_pathだよ。"とある。
#debug_log_path =
デバッグ情報用ログファイル指定。
"規定値はlog_pathだよ。"とある。
#syslog_facility = mail
syslogのファシリティ指定。
##
## 冗長出力とデバッグ出力
##
#auth_verbose = no
yesで、認証失敗時の理由も出力する。らしい。
#auth_verbose_passwords = no
パスワードが違ったとき、試したパスワードを出力する。らしい。
"no plain sha1のどれかね。sha1だとブルートフォースがすぐわかって便利よ。"とある。
#auth_debug = no
yesで、認証時のデバッグ出力を行う。
#auth_debug_passwords = no
yesで、パスワードが違ったとき、パスワードとスキームを出力する。らしい。
"auth_debugも有効にしてね。"とある。
#mail_debug = no
yesで、メールプロセス(?)のデバッグログを有効にする。
#verbose_ssl = no
yesで、SSL/TLSプロトコルの冗長出力を行う。
ログに変化はあるものの、今ひとつわからないので「らしい」とした(´・ω・`)
# mail_log plugin はもっと多くのメール処理イベントをログに出すよ。
plugin {
# Events to log. Also available: flag_change append
#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
# Available fields: uid, box, msgid, from, subject, size, vsize, flags
# size and vsize are available only for expunge and copy events.
#mail_log_fields = uid box msgid size
}
##
## ログ書式
##
#log_timestamp = "%b %d %H:%M:%S "
ログのプレフィクス。
"%書式はman 3 strftimeで。"的な。
#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
ログインログの要素。
#login_log_format = %$: %s
ログインログの書式。
"%$はlogin_log_format_elements、%sはデータね。"とある。
#mail_log_prefix = "%s(%u): "
メールプロセスログのプレフィクス。
"変数はVariables.txt読んでね。"とある。
$prefix/share/doc/dovecot/wiki/Variables.txt参照。
# Format to use for logging mail deliveries. You can use variables:
# %$ - Delivery status message (e.g. "saved to INBOX")
# %m - Message-ID
# %s - Subject
# %f - From address
# %p - Physical size
# %w - Virtual size
#deliver_log_format = msgid=%m: %$
LDA(Local Delivery Agent)のログ書式。
メールボックスに関する設定。
##
## Mailboxの場所とネームスペース
##
#mail_location =
規定値は空。以下の順番で自動で見つけてくれるモヨリ。
1. maildir: ~/Maildir
2. mbox: ~/mail, and /var/mail/%u if it exists
3. mbox: ~/Mail, and /var/mail/%u if it exists
ダメだった場合は明示してね。だそうで。
namespace inbox {
# Namespace type: private, shared or public
#type = private
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format.
#separator =
# Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/".
#prefix =
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
#location =
# There can be only one INBOX, and this setting defines which namespace
# has it.
inbox = yes
# If namespace is hidden, it's not advertised to clients via NAMESPACE
# extension. You'll most likely also want to set list=no. This is mostly
# useful when converting from another server with different namespaces which
# you want to deprecate but still keep working. For example you can create
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
#hidden = no
# Show the mailboxes under this namespace with LIST command. This makes the
# namespace visible for clients that don't support NAMESPACE extension.
# "children" value lists child mailboxes, but hides the namespace prefix.
#list = yes
# Namespace handles its own subscriptions. If set to "no", the parent
# namespace handles them (empty prefix should always have this as "yes")
#subscriptions = yes
}
# Example shared namespace configuration
#namespace {
#type = shared
#separator = /
# Mailboxes are visible under "shared/user@domain/"
# %%n, %%d and %%u are expanded to the destination user.
#prefix = shared/%%u/
# Mail location for other users' mailboxes. Note that %variables and ~/
# expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
# destination user's data.
#location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
# Use the default namespace for saving subscriptions.
#subscriptions = no
# List the shared/ namespace only if there are visible shared mailboxes.
#list = children
#}
# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
#mail_shared_explicit_inbox = yes
# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names. <doc/wiki/UserIds.txt>
#mail_uid =
#mail_gid =
# Group to enable temporarily for privileged operations. Currently this is
# used only with INBOX when either its initial creation or dotlocking fails.
# Typically this is set to "mail" to give access to /var/mail.
#mail_privileged_group =
# Grant access to these supplementary groups for mail processes. Typically
# these are used to set up access to shared mailboxes. Note that it may be
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
#mail_access_groups =
# Allow full filesystem access to clients. There's no access checks other than
# what the operating system does for the active UID/GID. It works with both
# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
# or ~user/.
#mail_full_filesystem_access = no
##
## Mailプロセス
##
#mmap_disable = no
yesでmmap()を使わない。
IndexをNFSやクラスタFSに載せてる場合にdisableにする必要があるよ。とのこと。
#dotlock_use_excl = yes
yesでO_EXCLでロックファイルを作る。
今時のNFSは規定値だよね。とのこと。
#mail_fsync = optimized
fsync()するかどうか。規定値はoptimized。
alwaysはNFSで使うといい感じ。
neverは高速だけどなんかあったらデータ消失ね。とのこと。
#mail_nfs_storage = no
NFSにメールデータがあるならyes。NFSキャッシュを必要に応じてフラッシュする。
メールサーバが一つのときは要らないよ。とのこと。
# Mail index files also exist in NFS. Setting this to yes requires
# mmap_disable=yes and fsync_disable=no.
#mail_nfs_index = no
IndexもNFSにあるならyes。
yesで使うならmmap_disable=yes、fsync_disable=noにしないとだめだよ。とのこと。
# Locking method for index files. Alternatives are fcntl, flock and dotlock.
# Dotlocking uses some tricks which may create more disk I/O than other locking
# methods. NFS users: flock doesn't work, remember to change mmap_disable.
#lock_method = fcntl
Indexのロック方法。fcntl、flock、dotlock。
#mail_temp_dir = /tmp
LDA/LMTPが使う、128kb以上のメールの一時保管場所。
# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0
# Valid GID range for users, defaults to non-root/wheel. Users having
# non-valid GID as primary group ID aren't allowed to log in. If user
# belongs to supplementary groups with non-valid GIDs, those groups are
# not set.
#first_valid_gid = 1
#last_valid_gid = 0
# Maximum allowed length for mail keyword name. It's only forced when trying
# to create new keywords.
#mail_max_keyword_length = 50
# ':' separated list of directories under which chrooting is allowed for mail
# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
# This setting doesn't affect login_chroot, mail_chroot or auth chroot
# settings. If this setting is empty, "/./" in home dirs are ignored.
# WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you don't
# allow shell access for users. <doc/wiki/Chrooting.txt>
#valid_chroot_dirs =
# Default chroot directory for mail processes. This can be overridden for
# specific users in user database by giving /./ in user's home directory
# (eg. /home/./user chroots into /home). Note that usually there is no real
# need to do chrooting, Dovecot doesn't allow users to access files outside
# their mail directory anyway. If your home directories are prefixed with
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
#mail_chroot =
# UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda.
#auth_socket_path = /var/run/dovecot/auth-userdb
# Directory where to look up mail plugins.
#mail_plugin_dir = /usr/lib/dovecot
# Space separated list of plugins to load for all services. Plugins specific to
# IMAP, LDA, etc. are added to this list in their own .conf files.
#mail_plugins =
##
## Mailbox取扱最適化
##
# The minimum number of mails in a mailbox before updates are done to cache
# file. This allows optimizing Dovecot's behavior to do less disk writes at
# the cost of more disk reads.
#mail_cache_min_mail_count = 0
# When IDLE command is running, mailbox is checked once in a while to see if
# there are any new mails or other changes. This setting defines the minimum
# time to wait between those checks. Dovecot can also use dnotify, inotify and
# kqueue to find out immediately when changes occur.
#mailbox_idle_check_interval = 30 secs
# Save mails with CR+LF instead of plain LF. This makes sending those mails
# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
# But it also creates a bit more disk I/O which may just make it slower.
# Also note that if other software reads the mboxes/maildirs, they may handle
# the extra CRs wrong and cause problems.
#mail_save_crlf = no
# Max number of mails to keep open and prefetch to memory. This only works with
# some mailbox formats and/or operating systems.
#mail_prefetch_count = 0
# How often to scan for stale temporary files and delete them (0 = never).
# These should exist only after Dovecot dies in the middle of saving mails.
#mail_temp_scan_interval = 1w
##
## Maildir仕様設定
##
# By default LIST command returns all entries in maildir beginning with a dot.
# Enabling this option makes Dovecot return only entries which are directories.
# This is done by stat()ing each entry, so it causes more disk I/O.
# (For systems setting struct dirent->d_type, this check is free and it's
# done always regardless of this setting)
#maildir_stat_dirs = no
# When copying a message, do it with hard links whenever possible. This makes
# the performance much better, and it's unlikely to have any side effects.
#maildir_copy_with_hardlinks = yes
# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
# when its mtime changes unexpectedly or when we can't find the mail otherwise.
#maildir_very_dirty_syncs = no
# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
# getting the mail's physical size, except when recalculating Maildir++ quota.
# This can be useful in systems where a lot of the Maildir filenames have a
# broken size. The performance hit for enabling this is very small.
#maildir_broken_filename_sizes = no
##
## mbox仕様設定
##
# Which locking methods to use for locking mbox. There are four available:
# dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
# solution. If you want to use /var/mail/ like directory, the users
# will need write access to that directory.
# dotlock_try: Same as dotlock, but if it fails because of permissions or
# because there isn't enough disk space, just skip it.
# fcntl : Use this if possible. Works with NFS too if lockd is used.
# flock : May not exist in all systems. Doesn't work with NFS.
# lockf : May not exist in all systems. Doesn't work with NFS.
#
# You can use multiple locking methods; if you do the order they're declared
# in is important to avoid deadlocks if other MTAs/MUAs are using multiple
# locking methods as well. Some operating systems don't allow using some of
# them simultaneously.
#mbox_read_locks = fcntl
#mbox_write_locks = dotlock fcntl
# Maximum time to wait for lock (all of them) before aborting.
#mbox_lock_timeout = 5 mins
# If dotlock exists but the mailbox isn't modified in any way, override the
# lock file after this much time.
#mbox_dotlock_change_timeout = 2 mins
# When mbox changes unexpectedly we have to fully read it to find out what
# changed. If the mbox is large this can take a long time. Since the change
# is usually just a newly appended mail, it'd be faster to simply read the
# new mails. If this setting is enabled, Dovecot does this but still safely
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
# how it's expected to be. The only real downside to this setting is that if
# some other MUA changes message flags, Dovecot doesn't notice it immediately.
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
# commands.
#mbox_dirty_syncs = yes
# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored.
#mbox_very_dirty_syncs = no
# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK
# commands and when closing the mailbox). This is especially useful for POP3
# where clients often delete all mails. The downside is that our changes
# aren't immediately visible to other MUAs.
#mbox_lazy_writes = yes
# If mbox size is smaller than this (e.g. 100k), don't write index files.
# If an index file already exists it's still read, just not updated.
#mbox_min_index_size = 0
# Mail header selection algorithm to use for MD5 POP3 UIDLs when
# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired
# algorithm, but it fails if the first Received: header isn't unique in all
# mails. An alternative algorithm is "all" that selects all headers.
#mbox_md5 = apop3d
##
## mdbox仕様設定
##
# Maximum dbox file size until it's rotated.
#mdbox_rotate_size = 2M
# Maximum dbox file age until it's rotated. Typically in days. Day begins
# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
#mdbox_rotate_interval = 0
# When creating new mdbox files, immediately preallocate their size to
# mdbox_rotate_size. This setting currently works only in Linux with some
# filesystems (ext4, xfs).
#mdbox_preallocate_space = no
##
## 添付ファイル
##
# sdbox と mdbox は添付ファイルを外部ファイルに保存できます。
# 他のバックエンドはサポートしてないです、今のところ。
# 警告:この機能はまだ十分にテストされてないので自己責任で使ってね。
# Directory root where to store mail attachments. Disabled, if empty.
#mail_attachment_dir =
# Attachments smaller than this aren't saved externally. It's also possible to
# write a plugin to disable saving specific attachments externally.
#mail_attachment_min_size = 128k
# Filesystem backend to use for saving attachments:
# posix : No SiS done by Dovecot (but this might help FS's own deduplication)
# sis posix : SiS with immediate byte-by-byte comparison during saving
# sis-queue posix : SiS with delayed comparison and deduplication
#mail_attachment_fs = sis posix
# Hash format to use in attachment filenames. You can add any text and
# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
#mail_attachment_hash = %{sha1}
各種プロセスの設定。
#default_process_limit = 100
プロセス数の規定値。
#default_client_limit = 1000
接続クライアント数の規定値。
#default_vsz_limit = 256M
プロセスのVSZ(VirtualMemorySize)上限。
メモリリークして食いつぶす前にプロセス殺すよ。とのこと。
#default_login_user = dovenull
各loginプロセスが内部で使うシステムユーザ。
Dovecotで一番信用できないユーザです。他にアクセスできないようなユーザにすること。とのこと。
#default_internal_user = dovecot
loginプロセス以外で使うシステムユーザ。
service imap-login {
inet_listener imap {
#port = 143
IMAPのListenPort。標準は143。
}
inet_listener imaps {
#port = 993
#ssl = yes
IMAPSのListenPort。標準は993。
}
#service_count = 1
1で接続ごとにプロセス生成する(安全)。規定値。
0で全部の接続を相手する(高速だが安全ではない)
#process_min_avail = 0
最小待ち受けアイドルプロセス数。
プロセス生成コストと接続数をみて調整。
#vsz_limit = $default_vsz_limit
もしservice_count=0にするなら、増やさないとダメかもね。とのこと。
}
service pop3-login {
inet_listener pop3 {
#port = 110
POP3のListenPort。標準は110。
}
inet_listener pop3s {
#port = 995
#ssl = yes
POP3SのListenPort。標準は995。
}
}
使ってないのでパス。
service lmtp {
unix_listener lmtp {
#mode = 0666
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}
service imap {
#vsz_limit = $default_vsz_limit
巨大なメールボックスのときは増やした方がいいかもね。とのこと。
#process_limit = 1024
ログイン後の処理をするプロセスの最大数。
}
service pop3 {
#process_limit = 1024
ログイン後の処理をするプロセスの最大数。
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
PostfixでDovecotSASLを使用するときの設定。
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
}
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
#user = root
}
service dict {
# If dict proxy is used, mail processes should have access to its socket.
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
}
}
SSLに関する設定。
## ## SSL設定 ## #ssl = yes yesでSSL/TLSを使う。 requiredは平文でない認証機構でもSSL/TLSを使う? ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem 鍵と証明書。 #ssl_key_password = 鍵にパスワードつけた場合、ここに書いておく。 #ssl_ca = CA証明書。クライアント証明書認証を使うときだけ必要。 #ssl_require_crl = yes yesで、クライアント証明書認証でCRLチェックに成功する必要がある。 #ssl_verify_client_cert = no クライアント証明書を検証する。 auth_ssl_require_client_cert=yesにする必要がある。 #ssl_cert_username_field = commonName ユーザ名が証明書のどのフィールドか定義する。 auth_ssl_username_from_cert=yesにする必要がある。 #ssl_parameters_regenerate = 168 SSLパラメータファイルを再生成する時間(hour)。0で再生成しない。 #ssl_protocols = !SSLv2 使用プロトコル。↑でTLSv1 SSLv3と同じかと。 TLSv1.1とか1.2は指定できなかった(´・ω・`) #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL 使用Chipherリスト。 #ssl_crypto_device = SSLハードウェアエンジンの指定。
LDA(Local Delivery Agent)の設定。
LDAはコマンドとして呼ばれるのに対し、
LMTPはソケット待ち受けする。
ウチはバックエンドもないのでPostfixのLMTP共々使っていない。
##
## LDA仕様設定(LMTPでも使うよ)
##
#postmaster_address =
リジェクションメールなどの送信元メールアドレス。
規定値はpostmaster@<your domain>
#hostname =
ヘッダなどで使われるホスト名。
規定値はシステムのホスト名。
#quota_full_tempfail = no
Quotaフルのとき、バウンスの代わりにTemporary Failureを送る。
#sendmail_path = /usr/sbin/sendmail
メール送信コマンド。
#submission_host =
sendmailを使う代わりにSMTPで送付するためのホスト[:ポート]指定。
空だとsendmailを使う。
#rejection_subject = Rejected: %s
リジェクションメールのSubject:。
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
メール本文。
%n = CRLF, %r = reason, %s = original subject, %t = recipient
#recipient_delimiter = +
メールアドレスのローカルパートと詳細のデリミタ。
#lda_original_recipient_header =
オリジナルの送信先アドレスが取れなかったときのアドレス。
X-Original-To:で使う。
dovecot-lda -aで上書き。
#lda_mailbox_autocreate = no
メールボックスがない時、自動的に作るか。
yesで、作る。
#lda_mailbox_autosubscribe = no
自動的に作ったメールボックスを自動的に購読するか。
yesで、購読する
プラグインを使うならここで設定。
規定値は$mail_plugins(10-mail.conf)。
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
}
メールボックスの定義。
ウチでは規定値のままいじってない。
##
## メールボックス定義
##
# 注意:前提として10-mail.confで"namespace inbox"が定義済みとします。
namespace inbox {
#mailbox name {
# auto=create will automatically create this mailbox.
# auto=subscribe will both create and subscribe to the mailbox.
#auto = no
# Space separated list of IMAP SPECIAL-USE attributes as specified by
# RFC 6154: \All \Archive \Drafts \Flagged \Junk \Sent \Trash
#special_use =
#}
# These mailboxes are widely used and could perhaps be created automatically:
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
# For \Sent mailboxes there are two widely used names. We'll mark both of
# them as \Sent. User typically deletes one of them if duplicates are created.
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
# If you have a virtual "All messages" mailbox:
#mailbox virtual/All {
# special_use = \All
#}
# If you have a virtual "Flagged" mailbox:
#mailbox virtual/Flagged {
# special_use = \Flagged
#}
}
IMAPの設定。
##
## IMAP仕様設定
##
protocol imap {
#imap_max_line_length = 64k
IMAPコマンドラインの最大長。
いくつかのクライアントは巨大メールボックスに対し超長いの送ってくるから
そういうときは"Too long argument" とか "IMAP command line too large" みたいな
エラー出るから値を大きくしてね。とのこと。
#mail_max_userip_connections = 10
同じIPアドレスからの最大接続数。
#mail_plugins = $mail_plugins
プラグインの設定。規定値はmail_plugins(10-mail.conf)
#imap_logout_format = in=%i out=%o
ログアウト時の書式。
%i 合計受信byte数
%o 合計送信byte数
#imap_capability =
IMAP CAPABILITYの指定。+をつけると追記。
#imap_idle_notify_interval = 2 mins
IDLE時の"OK Still here"通知間隔。
# ID field names and values to send to clients. Using * as the value makes
# Dovecot use the default value. The following fields have default values
# currently: name, version, os, os-version, support-url, support-email.
#imap_id_send =
# ID fields sent by client to log. * means everything.
#imap_id_log =
# いろんなクライアントのバグ回避策:
# delay-newmail:
# NOOPとCHECKの応答でのみEXISTSとRECENTで新着メールを通知します。
# いくつかのクライアント、例えばOS X Mail(<v2.1)などは新着メール通知を無視します。
# Outlook Expressはもっと酷くて、delay-newmailオプションをつけない場合
# "Message no longer in server"エラーを表示するかも。
# 注意:OE6で同期を"ヘッダのみ"にしている場合、このオプションを使用してもダメちゃんです。
# tb-extra-mailbox-sep:
# mboxとdboxでLAYOUT=fsを使うとThunderbirdは混乱して、メールボックス名に'/'を付与します。
# このオプションはDovecotに不正なメールボックス名として扱わず、余計な'/'を無視させます。
# tb-lsub-flags:
# mboxなどでLAYOUT=fsを使うとLSUBで\Noselectフラグをつけても表示しちゃいます。
# tb-lsub-flagsは"not selectable"ポップアップエラーのかわりに
# グレーアウトして選択できなくします。
#
# 半角スペースで区切って並べてね。
#imap_client_workarounds =
}
LMTPの設定。
LDAの設定もつかうよ。
##
## LMTP仕様設定
##
# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
#lmtp_proxy = no
# When recipient address includes the detail (e.g. user+detail), try to save
# the mail to the detail mailbox. See also recipient_delimiter and
# lda_mailbox_autocreate settings.
#lmtp_save_to_detail_mailbox = no
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
}
POP3の設定。
##
## POP3 specific settings
##
protocol pop3 {
# Don't try to set mails non-recent or seen with POP3 sessions. This is
# mostly intended to reduce disk I/O. With maildir it doesn't move files
# from new/ to cur/, with mbox it doesn't write Status-header.
#pop3_no_flag_updates = no
# Support LAST command which exists in old POP3 specs, but has been removed
# from new ones. Some clients still wish to use this though. Enabling this
# makes RSET command clear all \Seen flags from messages.
#pop3_enable_last = no
# If mail has X-UIDL header, use it as the mail's UIDL.
#pop3_reuse_xuidl = no
# Keep the mailbox locked for the entire POP3 session.
#pop3_lock_session = no
# POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
# Many POP3 servers violate this by returning the sizes with LF linefeeds,
# because it's faster to get. When this setting is enabled, Dovecot still
# tries to do the right thing first, but if that requires opening the
# message, it fallbacks to the easier (but incorrect) size.
#pop3_fast_size_lookups = no
# POP3 UIDL (unique mail identifier) format to use. You can use following
# variables, along with the variable modifiers described in
# doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
#
# %v - Mailbox's IMAP UIDVALIDITY
# %u - Mail's IMAP UID
# %m - MD5 sum of the mailbox headers in hex (mbox only)
# %f - filename (maildir only)
# %g - Mail's GUID
#
# If you want UIDL compatibility with other POP3 servers, use:
# UW's ipop3d : %08Xv%08Xu
# Courier : %f or %v-%u (both might be used simultaneosly)
# Cyrus (<= 2.1.3) : %u
# Cyrus (>= 2.1.4) : %v.%u
# Dovecot v0.99.x : %v.%u
# tpop3d : %Mf
#
# Note that Outlook 2003 seems to have problems with %v.%u format which was
# Dovecot's default, so if you're building a new server it would be a good
# idea to change this. %08Xu%08Xv should be pretty fail-safe.
#
#pop3_uidl_format = %08Xu%08Xv
# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
# won't change those UIDLs. Currently this works only with Maildir.
#pop3_save_uidl = no
# What to do about duplicate UIDLs if they exist?
# allow: Show duplicates to clients.
# rename: Append a temporary -2, -3, etc. counter after the UIDL.
#pop3_uidl_duplicates = allow
# POP3 logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %t - number of TOP commands
# %p - number of bytes sent to client as a result of TOP command
# %r - number of RETR commands
# %b - number of bytes sent to client as a result of RETR command
# %d - number of deleted messages
# %m - number of messages (before deletion)
# %s - mailbox size in bytes (before deletion)
# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
# Maximum number of POP3 connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# Workarounds for various client bugs:
# outlook-no-nuls:
# Outlook and Outlook Express hang if mails contain NUL characters.
# This setting replaces them with 0x80 character.
# oe-ns-eoh:
# Outlook Express and Netscape Mail breaks if end of headers-line is
# missing. This option simply sends it if it's missing.
# The list is space-separated.
#pop3_client_workarounds =
}
ACLの設定。
##
## メールボックスアクセスコントロールリスト
##
# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
# You can also optionally give a global ACL directory path where ACLs are
# applied to all users' mailboxes. The global ACL directory contains
# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
# specifies how many seconds to wait between stat()ing dovecot-acl file
# to see if it changed.
plugin {
#acl = vfile:/etc/dovecot/global-acls:cache_secs=300
}
# To let users LIST mailboxes shared by other users, Dovecot needs a
# shared mailbox dictionary. For example:
plugin {
#acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
}
Pluginの設定。
QuotaとかFullTextSearchとかなんかいっぱい。
##
## Plugin settings
##
# All wanted plugins must be listed in mail_plugins setting before any of the
# settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and
# their configuration. Note that %variable expansion is done for all values.
plugin {
#setting_name = value
}
Quotaについては別途ファイルがある。
##
## Quota configuration.
##
# Note that you also have to enable quota plugin in mail_plugins setting.
# <doc/wiki/Quota.txt>
##
## Quota limits
##
# Quota limits are set using "quota_rule" parameters. To get per-user quota
# limits, you can set/override them by returning "quota_rule" extra field
# from userdb. It's also possible to give mailbox-specific limits, for example
# to give additional 100 MB when saving to Trash:
plugin {
#quota_rule = *:storage=1G
#quota_rule2 = Trash:storage=+100M
}
##
## Quota warnings
##
# You can execute a given command when user exceeds a specified quota limit.
# Each quota root has separate limits. Only the command for the first
# exceeded limit is excecuted, so put the highest limit first.
# The commands are executed via script service by connecting to the named
# UNIX socket (quota-warning below).
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
plugin {
#quota_warning = storage=95%% quota-warning 95 %u
#quota_warning2 = storage=80%% quota-warning 80 %u
}
# Example quota-warning service. The unix listener's permissions should be
# set in a way that mail processes can connect to it. Below example assumes
# that mail processes run as vmail user. If you use mode=0666, all system users
# can generate quota warnings to anyone.
#service quota-warning {
# executable = script /usr/local/bin/quota-warning.sh
# user = dovecot
# unix_listener quota-warning {
# user = vmail
# }
#}
##
## Quota backends
##
# Multiple backends are supported:
# dirsize: Find and sum all the files found from mail directory.
# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
# dict: Keep quota stored in dictionary (eg. SQL)
# maildir: Maildir++ quota
# fs: Read-only support for filesystem quota
plugin {
#quota = dirsize:User quota
#quota = maildir:User quota
#quota = dict:User quota::proxy::quota
#quota = fs:User quota
}
# Multiple quota roots are also possible, for example this gives each user
# their own 100MB quota and one shared 1GB quota within the domain:
plugin {
#quota = dict:user::proxy::quota
#quota2 = dict:domain:%d:proxy::quota_domain
#quota_rule = *:storage=102400
#quota2_rule = *:storage=1048576
}
