git » chasquid » smarthost » tree

[smarthost] / docker / dovecot.conf

#
# Logging
#
log_path = /data/dovecot/dovecot.log

#
# Email storage
#

# Store emails in /data/mail/home/domain/user, which will be inside the
# container's volume.
mail_home = /data/mail/home/%d/%n

# Use Dovecot's native format.
mail_location = mdbox:~/mdbox

# User and group used to store and access mailboxes.
mail_uid = dovecot
mail_gid = dovecot

# As we're using virtual mailboxes, the system user will be "dovecot", which
# has uid in the 100-500 range. By default using uids <500 is blocked, so we
# need to explicitly lower the value to allow storage of mail as "dovecot".
first_valid_uid = 100
first_valid_gid = 100

#
# Authentication
#

# Static file, in /data/dovecot/users.
auth_mechanisms = plain
passdb {
  driver = passwd-file
  args = scheme=CRYPT username_format=%u /data/dovecot/users
}
userdb {
  driver = passwd-file
  args = /data/dovecot/users
}


#
# TLS
#

# TLS is mandatory.
# The entrypoint generates auto-ssl.conf, with all the certificates.
ssl = required
!include_try /etc/dovecot/auto-ssl.conf

# Only allow TLS 1.2 and up.
ssl_min_protocol = TLSv1.2


#
# Protocols
#
protocols = lmtp imap pop3 sieve

#
# IMAP
#
service imap-login {
  inet_listener imap {
    # Disable plain text IMAP, just in case.
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

service imap {
}

#
# POP3
#
service pop3-login {
  inet_listener pop3 {
    # Disable plain text POP3, just in case.
    port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

service pop3 {
}

#
# Sieve/managesieve
#
service managesieve-login {
}
service managesieve {
}
protocol sieve {
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}

#
# Internal services
#
service auth {
  unix_listener auth-userdb {
  }

  # Grant chasquid access to request user authentication.
  unix_listener auth-chasquid-userdb {
    mode = 0660
    user = chasquid
  }
  unix_listener auth-chasquid-client {
    mode = 0660
    user = chasquid
  }
}
service auth-worker {
}
dict {
}
service lmtp {
  # This is used by mda-lmtp.
  unix_listener lmtp {
  }
}