auth_mechanisms = plain login disable_plaintext_auth = no info_log_path = /dev/stdout log_path = /dev/stderr ## Mailbox location ## UID/GID 1000 = 'vmail' in dovecot container image ## UID/GID 8 = 'mail' in dovecot container image default_internal_user = mail default_login_user = mail default_internal_group = mail mail_uid = 8 mail_gid = 8 first_valid_uid = 8 last_valid_uid = 8 first_valid_gid = 8 last_valid_gid = 8 mail_privileged_group = mail ## Inbox namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } ## Services ## UID/GID 100 (postfix) = '_apt' in dovecot container image ## UID/GID 101 (postfix) = 'ssl-cert' in dovecot container image ## For service unix sockets, Dovecot is too retarded to interpret raw UID/GID integers ## So we must reference these users by their local names. protocols = imap lmtp service auth { chroot = unix_listener /socket/sasl { mode = 0666 } vsz_limit = 2 G } service imap-login { chroot = inet_listener imap { port = 0 } inet_listener imaps { address = * port = 10993 ssl = yes } } service lmtp { chroot = unix_listener /socket/lmtp { mode = 0666 } } service stats { chroot = inet_listener http { address = * port = 9090 } } service anvil { chroot = } ## TLS ssl = required verbose_ssl = no ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA ssl_prefer_server_ciphers = yes ## Authentication passdb { driver = ldap args = /config/dovecot-ldap-pass.conf.ext } ## Users userdb { driver = ldap args = /config/dovecot-ldap-users.conf.ext } mail_home = /mail/%n/home mail_location = sdbox:/mail/%n/mailbox:LAYOUT=fs verbose_proctitle = yes ## Protocols protocol imap { imap_idle_notify_interval = 5 mins mail_max_userip_connections = 20 ssl_cert =