Systemy Operacyjne
Usługi systemowe
Bazy Danych
Programowanie
CONTENT
  • CHANGES
Szukaj
counter

#top Konfiguracja


#top Timeout


Dokumentacja Dovecot: Timeouts (Dovecot 1.*) | Timeouts (Dovecot 2.*)
Dokumentacja Dovecot: mbox_lock_timeout (Dovecot 1.*) | mbox_lock_timeout (Dovecot 2.*)
Dokumentacja Dovecot: mbox_dotlock_change_timeout (Dovecot 1.*) | mbox_dotlock_change_timeout (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-mail.conf

EXAMPLES
# Maximum time to wait for lock (all of them) before aborting.
mbox_lock_timeout = 5 mins

# If dotlock exists but the mailbox isn't modified in any way, override the
# lock file after this much time.
mbox_dotlock_change_timeout = 2 mins




Dokumentacja Dovecot: Login processes (Dovecot 1.*) | Login processes (Dovecot 2.*)
Dokumentacja Dovecot: login_greeting (Dovecot 1.*) | login_greeting (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-master.conf

EXAMPLES
# Greeting message for clients.
login_greeting = Dovecot ready.



#top Autocreate plugin


Plugins / Autocreate plugin - Automatically create/subscribe mailboxes when user logs in

Dokumentacja Dovecot: Plugins / Autocreate plugin (Dovecot 1.*) | Plugins / Autocreate plugin (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/90-sieve.conf

EXAMPLES
(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot.conf:
protocol imap {
[...]
  # Support for dynamically loadable plugins. mail_plugins is a space separated
  # list of plugins to load.
  #mail_plugins =
  mail_plugins = autocreate
  #mail_plugin_dir = /usr/lib/dovecot/imap
[...]
}
[...]
plugin {
[...] # at the end plugin section
  # mail_plugins autocreate (auto create imap folders for new users)
  autocreate = Sent
  autocreate2 = Trash
  autocreate3 = Drafts
  autocreate4 = Templates
  autocreate5 = Trash
  autocreate6 = SPAM
  autosubscribe = Sent
  autosubscribe2 = Trash
  autosubscribe3 = Drafts
  autosubscribe4 = Templates
  autosubscribe5 = Trash
  autosubscribe6 = SPAM
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/20-imap.conf:
protocol imap {
[...]
  #mail_plugins = $mail_plugins
  mail_plugins = autocreate
[...]
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/90-sieve.conf:
[...]
plugin {
[...] # at the end plugin section
  # mail_plugins autocreate (auto create imap folders for new users)
  autocreate = Sent
  autocreate2 = Trash
  autocreate3 = Drafts
  autocreate4 = Templates
  autocreate5 = Trash
  autocreate6 = SPAM
  autosubscribe = Sent
  autosubscribe2 = Trash
  autosubscribe3 = Drafts
  autosubscribe4 = Templates
  autosubscribe5 = Trash
  autosubscribe6 = SPAM
}



#top Dovecot LMTP and Postfix


Dokumentacja Dovecot: LMTP (Dovecot 1.*) | LMTP (Dovecot 2.*)
Dokumentacja Dovecot: Postfix with Dovecot LMTP (Dovecot 1.*) | Postfix with Dovecot LMTP (Dovecot 2.*)
Dovecot 2.*: /etc/dovecot/conf.d/10-master.conf
Dovecot 2.*: /etc/dovecot/conf.d/20-lmtp.conf

EXAMPLES
(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/10-master.conf:
service lmtp {
  #inet_listener /var/spool/postfix/private/dovecot-lmtp {
  #  address = 0.0.0.0 ::
  #  port = 24
  #}
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0660
    user = postfix
    group = postfix
  }
[...]
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/20-lmtp.conf:
protocol lmtp {
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
  #mail_plugins = sieve
  mail_plugins = sieve
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/postfix/main.cf:
# for unix users
mailbox_transport = lmtp:unix:private/dovecot-lmtp
# for vmail users
virtual_transport = lmtp:unix:private/dovecot-lmtp

Po wysłaniu wiadomości do użytkowników: sp@cen06x64.xen.wbcd.pl, ola@cen06x64.xen.wbcd.pl, ala@cen06x64.xen.wbcd.pl, ela@cen06x64.xen.wbcd.pl, ula@cen06x64.xen.wbcd.pl w logach serwera pocztowego można zaobserwować następujące informacje:
tail -F /var/log/mail/mail.log


Mar 16 21:38:01 cen06x64 dovecot: lmtp(2422): Connect from local
Mar 16 21:38:01 cen06x64 dovecot: lmtp(2422, ala@cen06x64.xen.wbcd.pl): UHveOvySylh2CQAAY08OxA: msgid=<20170316.213818@xnd.nat.wbcd.pl>: saved mail to INBOX
Mar 16 21:38:02 cen06x64 postfix/lmtp[4153]: 023B316711: to=<ala@cen06x64.xen.wbcd.pl>, relay=cen06x64.xen.wbcd.pl[private/dovecot-lmtp], delay=1.2, delays=0.77/0.14/0/0.3, dsn=2.0.0, status=sent (250 2.0.0 <ala@cen06x64.xen.wbcd.pl> UHveOvySylh2CQAAY08OxA Saved)
Mar 16 21:38:02 cen06x64 dovecot: lmtp(2422, ela@cen06x64.xen.wbcd.pl): UHveOvySylh2CQAAY08OxA: msgid=<20170316.213818@xnd.nat.wbcd.pl>: saved mail to INBOX
Mar 16 21:38:02 cen06x64 postfix/lmtp[4153]: 023B316711: to=<ela@cen06x64.xen.wbcd.pl>, relay=cen06x64.xen.wbcd.pl[private/dovecot-lmtp], delay=1.3, delays=0.77/0.14/0/0.44, dsn=2.0.0, status=sent (250 2.0.0 <ela@cen06x64.xen.wbcd.pl> UHveOvySylh2CQAAY08OxA Saved)
Mar 16 21:38:02 cen06x64 dovecot: lmtp(2422, ola@cen06x64.xen.wbcd.pl): UHveOvySylh2CQAAY08OxA: msgid=<20170316.213818@xnd.nat.wbcd.pl>: saved mail to INBOX
Mar 16 21:38:02 cen06x64 postfix/lmtp[4153]: 023B316711: to=<ola@cen06x64.xen.wbcd.pl>, relay=cen06x64.xen.wbcd.pl[private/dovecot-lmtp], delay=1.5, delays=0.77/0.14/0/0.58, dsn=2.0.0, status=sent (250 2.0.0 <ola@cen06x64.xen.wbcd.pl> UHveOvySylh2CQAAY08OxA Saved)
Mar 16 21:38:02 cen06x64 dovecot: lmtp(2422, sp@cen06x64.xen.wbcd.pl): UHveOvySylh2CQAAY08OxA: msgid=<20170316.213818@xnd.nat.wbcd.pl>: saved mail to INBOX
Mar 16 21:38:02 cen06x64 postfix/lmtp[4153]: 023B316711: to=<sp@cen06x64.xen.wbcd.pl>, relay=cen06x64.xen.wbcd.pl[private/dovecot-lmtp], delay=1.6, delays=0.77/0.14/0/0.65, dsn=2.0.0, status=sent (250 2.0.0 <sp@cen06x64.xen.wbcd.pl> UHveOvySylh2CQAAY08OxA Saved)
Mar 16 21:38:02 cen06x64 dovecot: lmtp(2422, ula@cen06x64.xen.wbcd.pl): UHveOvySylh2CQAAY08OxA: msgid=<20170316.213818@xnd.nat.wbcd.pl>: saved mail to INBOX
Mar 16 21:38:02 cen06x64 postfix/lmtp[4153]: 023B316711: to=<ula@cen06x64.xen.wbcd.pl>, relay=cen06x64.xen.wbcd.pl[private/dovecot-lmtp], delay=1.7, delays=0.77/0.14/0/0.77, dsn=2.0.0, status=sent (250 2.0.0 <ula@cen06x64.xen.wbcd.pl> UHveOvySylh2CQAAY08OxA Saved)
Mar 16 21:38:02 cen06x64 dovecot: lmtp(2422): Disconnect from local: Client quit



oraz dodatkowo przy użyciu komendy ls z włączoną opcją -i można potwierdzić, że wysłana wiadomości do wielu odbiorców została zapisana jako jeden plik (pierwsza kolumna to numer węzła (inode))
-i, --inode
       print the index number of each file

Rezultat po wysłaniu pierwszej wiadomości:
ll -i /home/vmail/cen06x64.xen.wbcd.pl/*/Maildir/new/*


24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/ala/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/ela/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/ola/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/ula/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757

Rezultat po wysłaniu drugiej wiadomości:
ll -i /home/vmail/cen06x64.xen.wbcd.pl/*/Maildir/new/*


24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/ala/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24484 -rw-------. 5 vmail vmail 737 2017-03-16 21:40 /home/vmail/cen06x64.xen.wbcd.pl/ala/Maildir/new/1489696822.M593131P4768.cen06x64.xen.wbcd.pl,S=737,W=757
24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/ela/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24484 -rw-------. 5 vmail vmail 737 2017-03-16 21:40 /home/vmail/cen06x64.xen.wbcd.pl/ela/Maildir/new/1489696822.M593131P4768.cen06x64.xen.wbcd.pl,S=737,W=757
24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/ola/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24484 -rw-------. 5 vmail vmail 737 2017-03-16 21:40 /home/vmail/cen06x64.xen.wbcd.pl/ola/Maildir/new/1489696822.M593131P4768.cen06x64.xen.wbcd.pl,S=737,W=757
24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24484 -rw-------. 5 vmail vmail 737 2017-03-16 21:40 /home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/new/1489696822.M593131P4768.cen06x64.xen.wbcd.pl,S=737,W=757
24448 -rw-------. 5 vmail vmail 737 2017-03-16 21:38 /home/vmail/cen06x64.xen.wbcd.pl/ula/Maildir/new/1489696681.M850041P2422.cen06x64.xen.wbcd.pl,S=737,W=757
24484 -rw-------. 5 vmail vmail 737 2017-03-16 21:40 /home/vmail/cen06x64.xen.wbcd.pl/ula/Maildir/new/1489696822.M593131P4768.cen06x64.xen.wbcd.pl,S=737,W=757



#top Plugins zlib


Plugins / Zlib plugin - Access compressed mails

Dokumentacja Dovecot: Plugins / Zlib plugin (Dovecot 1.*) | Plugins / Zlib plugin (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/15-lda.conf /etc/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/90-plugin.conf

EXAMPLES
(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot.conf:
protocol imap {
[...]
  mail_plugins = zlib
[...]
}
[...]
protocol lda {
[...]
  mail_plugins = zlib
[...]
}
[...]
plugin {
[...]
  # Enable these only if you want compression while saving:
  zlib_save_level = 9 # 1..9; default is 6
  zlib_save = bz2 # or bz2, xz or lz4
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/15-lda.conf:
protocol lda {
[...]
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
  mail_plugins = $mail_plugins sieve zlib
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/20-imap.conf:
protocol imap {
[...]
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
  mail_plugins = $mail_plugins autocreate zlib
[...]
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/90-plugin.conf:
plugin {
  #setting_name = value
  # Enable these only if you want compression while saving:
  zlib_save_level = 9 # 1..9; default is 6
  zlib_save = bz2 # gz or bz2, xz or lz4
}



Przy pomocy polecenia ls (w poniższym przykładzie został użyty alias dla tego polecenia z opcją listowania długiego)
ll /home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/cur/
uzyskany rezultat powinien być analogiczny do poniższego:
total 8
-rw-------. 1 vmail vmail  765 2017-08-22 19:45 1503423922.M429P3091521.cen06x64.xen.wbcd.pl,S=765,W=784:2,S
-rw-------. 1 vmail vmail  520 2017-08-22 19:48 1503424092.M908753P6405.cen06x64.xen.wbcd.pl,S=765,W=784:2,S

Przy pomocy polecenia file można wyświetlić jakiego typu zawartość zawiera plik:
file /home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/cur/*
uzyskany rezultat powinien być analogiczny do poniższego:
/home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/cur/1503423922.M429P3091521.cen06x64.xen.wbcd.pl,S=765,W=784:2,S:   smtp mail text
/home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/cur/1503424092.M908753P6405.cen06x64.xen.wbcd.pl,S=765,W=784:2,S:   bzip2 compressed data, block size = 900k

Dodatkowo przy użyciu narzędzia imapcmds można wyświetlić zawartość folderu INBOX, aby potwierdzić poprawną obsługę skompresowanych wiadomości. Należy zauważyć, że zgodnie z poniższym listingiem obydwie wiadomości są rozmiaru 784 Bajty. Wiadomość nie skompresowana zajmuje 765 Bajtów miejsca na dysku, natomiast wiadomość skompresowana zajmuje 520 Bajtów miejsca na dysku.
uid=  416 S      date=2017/08/22 19:45:22 size=    784B subject=|Cron <nobody@cen06x64.xen.wbcd.pl> /usr/sbin/vnstat.cron| from=|root@cen06x64.xen.wbcd.pl (Cron Daemon)| to=|root@cen06x64.xen.wbcd.pl|
uid=  417 S      date=2017/08/22 19:45:22 size=    784B subject=|Cron <nobody@cen06x64.xen.wbcd.pl> /usr/sbin/vnstat.cron| from=|root@cen06x64.xen.wbcd.pl (Cron Daemon)| to=|root@cen06x64.xen.wbcd.pl|

Zgodnie z dokumentacją (Zlib plugin / Zlib plugin):
Since v2.0+ Dovecot supports compression while saving mails (via LDA or IMAP APPEND command).
Dla wersji Dovecot 1.* (do 2.0) Compression kompresja musi zostać wykonana manualnie, poprzez cykliczne wykonywanie kompresji poszczególnych wiadomości, które nie zostały jeszcze skompresowane.

Zgodnie z dokumentacją (Zlib plugin / Maildir / Zlib plugin / Maildir):
The compression is detected by reading the first few bytes from the file and figuring out if it's a valid
gzip or bzip2 header. The file name doesn't matter. This means that an IMAP client can also try to exploit
security holes in zlib/bzlib by writing specially crafted mails using IMAP's APPEND command.
v1.2.5+ fixes this by not allowing clients to save mails that are detected as compressed.
Dovecot poprzez odczyt kilku pierwszych bajtów wiadomości dokonuje sprawdzenia w jakim formacie kompresji została zapisana wiadomość (gzip,bzip2,plain text), nazwa pliku nie ma znaczenia. Toteż pliki w których Dovecot zapisuje poszczególne wiadomości nie posiadają rozszerzenia (suffix) .gz lub .bz2 (odpowiednio dla gzip lub bzi2).

UWAGA: przed wykonaniem kompresji wiadomości należy najpierw sprawdzić czy dana wiadomość nie została już wcześniej skompresowana,
w przeciwnym razie podwójna kompresja może uniemożliwić poprawny odczyt wiadomości:
tail -F /var/log/mail/mail.log

dovecot: imap(sp@cen06x64.xen.wbcd.pl): Error: FETCH [] for mailbox INBOX UID 416 got too little data: 523 vs 784
dovecot: imap(sp@cen06x64.xen.wbcd.pl): Error: Maildir filename has wrong W value: /home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/cur/1503423922.M429P3091521.cen06x64.xen.wbcd.pl,S=765,W=784:2,S
dovecot: imap(sp@cen06x64.xen.wbcd.pl): Error: Corrupted index cache file /home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/dovecot.index.cache: Broken virtual size for mail UID 416
dovecot: imap(sp@cen06x64.xen.wbcd.pl): Disconnected: FETCH failed bytes=48/1203

Script to find and bzip2 not compressed messages:
time find /home/vmail/cen06x64.xen.wbcd.pl/sp/Maildir/ -type f | grep  -E "/new/|/cur/" | while read name;do
	LANG=C file $name | grep -q 'compressed data'; result=$?;
	if [ $result -eq 1 ];then
		time bzip2 --best $name;
		mv -v $name.bz2 $name;
	fi;
done



#top Multiple Authentication Databases


Dokumentacja Dovecot: Authentication / MultipleDatabases (Dovecot 1.*) | Authentication / MultipleDatabases (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-auth.conf

EXAMPLES
(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot.conf:
# Mail location for both system and virtual users:
mail_location = maildir:~/Maildir

auth default {
  mechanisms = plain

  # try to authenticate using SQL database first
  passdb sql {
    args = /etc/dovecot-sql.conf
  }
  # fallback to PAM
  passdb pam {
  }

  # look up users from SQL first (even if authentication was done using PAM!)
  userdb sql {
    args = /etc/dovecot-sql.conf
  }
  # if not found, fallback to /etc/passwd
  userdb passwd {
  }
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/10-auth.conf:
#!include auth-deny.conf.ext
#!include auth-master.conf.ext

#!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

!include auth-sql.conf.ext
!include auth-system.conf.ext

NOTICE: domyślne ustawienia w poniższych plikach nie wymagają zmiany (przedstawione dla porównania konfiguracji)
Zawartość pliku /etc/dovecot/conf.d/auth-sql.conf.ext:
# Authentication for SQL users. Included from auth.conf.
#
# <doc/wiki/AuthDatabase.SQL.txt>

passdb {
  driver = sql

  # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
  args = /etc/dovecot/dovecot-sql.conf.ext
}

# "prefetch" user database means that the passdb already provided the
# needed information and there's no need to do a separate userdb lookup.
# <doc/wiki/UserDatabase.Prefetch.txt>
#userdb {
#  driver = prefetch
#}

userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}

# If you don't have any user-specific settings, you can avoid the user_query
# by using userdb static instead of userdb sql, for example:
# <doc/wiki/UserDatabase.Static.txt>
#userdb {
  #driver = static
  #args = uid=vmail gid=vmail home=/var/vmail/%u
#}

Zawartość pliku /etc/dovecot/conf.d/auth-system.conf.ext:
# Authentication for system users. Included from auth.conf.
#
# <doc/wiki/PasswordDatabase.txt>
# <doc/wiki/UserDatabase.txt>

# PAM authentication. Preferred nowadays by most systems.
# PAM is typically used with either userdb passwd or userdb static.
# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
passdb {
  driver = pam
  # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
  # [cache_key=<key>] [<service name>]
  #args = dovecot
}

# System users (NSS, /etc/passwd, or similiar).
# In many systems nowadays this uses Name Service Switch, which is
# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
#passdb {
  #driver = passwd
  # [blocking=no]
  #args =
#}

# Shadow passwords for system users (NSS, /etc/shadow or similiar).
# Deprecated by PAM nowadays.
# <doc/wiki/PasswordDatabase.Shadow.txt>
#passdb {
  #driver = shadow
  # [blocking=no]
  #args =
#}

# PAM-like authentication for OpenBSD.
# <doc/wiki/PasswordDatabase.BSDAuth.txt>
#passdb {
  #driver = bsdauth
  # [blocking=no] [cache_key=<key>]
  #args =
#}

##
## User databases
##

# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
userdb {
  # <doc/wiki/AuthDatabase.Passwd.txt>
  driver = passwd
  # [blocking=no]
  #args =
}

# Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
#userdb {
  #driver = static
  # Can return anything a userdb could normally return. For example:
  #
  #  args = uid=500 gid=500 home=/var/mail/%u
  #
  # LDA and LMTP needs to look up users only from the userdb. This of course
  # doesn't work with static userdb because there is no list of users.
  # Normally static userdb handles this by doing a passdb lookup. This works
  # with most passdbs, with PAM being the most notable exception. If you do
  # the user verification another way, you can add allow_all_users=yes to
  # the args in which case the passdb lookup is skipped.
  #
  #args =
#}



#top Pigeonhole Sieve Configuration


Dokumentacja Dovecot: LDA / Sieve (Dovecot 1.*) | Pigeonhole / Sieve (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/15-lda.conf /etc/dovecot/conf.d/20-lmtp.conf /etc/dovecot/conf.d/90-sieve.conf

EXAMPLES
(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot.conf:
protocol lda {
[...]
  postmaster_address = postmaster@cen05.xen.wbcd.pl
[...]
  # Support for dynamically loadable plugins. mail_plugins is a space separated
  # list of plugins to load.
  #mail_plugins =
  mail_plugins = sieve
[...]
}

[...]

plugin {
[...]
  # Sieve plugin (http://wiki.dovecot.org/LDA/Sieve) and ManageSieve service
  #
  # Location of the active script. When ManageSieve is used this is actually
  # a symlink pointing to the active script in the sieve storage directory.
  #sieve=~/.dovecot.sieve
  sieve=/home/vmail/%d/%n/.dovecot.sieve
  #
  # The path to the directory where the personal Sieve scripts are stored. For
  # ManageSieve this is where the uploaded scripts are stored.
  #sieve_dir=~/sieve
  sieve_dir=/home/vmail/%d/%n/sieve
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/15-lda.conf:
protocol lda {
  # Space separated list of plugins to load (default is global mail_plugins).
  mail_plugins = sieve
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/20-lmtp.conf:
protocol lmtp {
  # Space separated list of plugins to load (default is global mail_plugins).
  mail_plugins = sieve
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/90-sieve.conf:
##
## SIEVE specific settings
##
plugin {
  # The path to the user's main active script.
  # usually this means $HOME/.dovecot.sieve (/home/user/.dovecot.sieve)
  #sieve = ~/.dovecot.sieve
  sieve=/home/vmail/%d/%n/.dovecot.sieve

  # A path to a global sieve script file, which gets executed ONLY
  # if user's private Sieve script doesn't exist. Be sure to
  # pre-compile this script manually using the sievec command line
  # tool.
  #sieve_global_path = /var/lib/dovecot/sieve/default.sieve
  # optionally - but not needed
  # mkdir -p /var/lib/dovecot/sieve
  # touch /var/lib/dovecot/sieve/default.sieve
  #sieve_global_path = /var/lib/dovecot/sieve/default.sieve

  # Directory for :personal include scripts for the include extension.
  #sieve_dir = ~/sieve
  sieve_dir=/home/vmail/%d/%n/sieve

  # Directory for :global include scripts for the include extension.
  #sieve_global_dir =
  # optionally - but not needed
  # mkdir -p /var/lib/dovecot/sieve/default.sieve
  #sieve_global_dir = /var/lib/dovecot/sieve/global/
}



#top ManageSieve


Dokumentacja Dovecot: ManageSieve (Dovecot 1.*) | Pigeonhole / ManageSieve (Dovecot 2.*)
Dokumentacja Dovecot: ManageSieve / Configuration (Dovecot 1.*) | Pigeonhole / ManageSieve / Configuration (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/20-managesieve.conf

EXAMPLES
(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot.conf:
protocol managesieve {
  listen = *:4190, [::]:4190
}
[...]
protocol managesieve {
  [...]
  # If, for some inobvious reason, the sieve_storage remains unset, the
  # ManageSieve daemon uses the specification of the mail_location to find out
  # where to store the sieve files (see explaination in README.managesieve).
  # The example below, when uncommented, overrides any global mail_location
  # specification and stores all the scripts in '~/mail/sieve' if sieve_storage
  # is unset. However, you should always use the sieve_storage setting.
  # mail_location = mbox:~/mail
  mail_location = maildir:/home/vmail/%d/%n/Maildir
}

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/20-managesieve.conf:
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }

  #inet_listener sieve_deprecated {
  #  port = 2000
  #}
[...]
}



#top Dovecot IMAP Proxy


Dokumentacja Dovecot: PasswordDatabase / ExtraFields / Proxy (Dovecot 1.*) | PasswordDatabase / ExtraFields / Proxy (Dovecot 2.*)
Dokumentacja Dovecot: PasswordDatabase / ExtraFields (Dovecot 1.*) | PasswordDatabase / ExtraFields (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot-sql.conf
Dovecot 2.*: /etc/dovecot/dovecot-sql.conf.ext

EXAMPLES
Dla poprawienia czytelności zapytanie zostało zapisane w kilku osobnych liniach, jednakże w pliku konfiguracyjnym powinno zostać zapisane w jednej linii. Pierwsza linia pozwala na zalogowanie się na serwerze wbcd.pl, pozostałe linie pozwalają na logowanie się na zewnętrznych serwerach będących maszynami wirtualnymi z dodatkowo włączoną opcją STARTTLS, dzięki czemu połączenie do zewnętrznych serwerów jest również szyfrowane.
SELECT SUBSTRING_INDEX(email,'@',1) AS username, SUBSTRING_INDEX(email,'@',-1) AS domain, password, NULL as nopassword, NULL AS host, NULL AS destuser, NULL AS proxy, NULL AS starttls FROM wbcd_users WHERE email = '%n@%d'
UNION ALL
SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen05.xen.wbcd.pl'    AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen05.xen.wbcd.pl'
UNION ALL
SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06-1.xen.wbcd.pl'  AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06-1.xen.wbcd.pl'
UNION ALL
SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06-2.xen.wbcd.pl'  AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06-2.xen.wbcd.pl'
UNION ALL
SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen05dev.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen05dev.xen.wbcd.pl'
UNION ALL
SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06dev.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06dev.xen.wbcd.pl'
UNION ALL
SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06x64.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06x64.xen.wbcd.pl'
UNION ALL
SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen07x64.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen07x64.xen.wbcd.pl'
LIMIT 1

(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot-sql.conf:
password_query = SELECT SUBSTRING_INDEX(email,'@',1) AS username, SUBSTRING_INDEX(email,'@',-1) AS domain, password, NULL AS nopassword, NULL AS host, NULL AS destuser, NULL AS proxy, NULL AS starttls FROM wbcd_users WHERE email = '%n@%d'     UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen05.xen.wbcd.pl'    AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen05.xen.wbcd.pl'        UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06-1.xen.wbcd.pl'  AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06-1.xen.wbcd.pl'      UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06-2.xen.wbcd.pl'  AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06-2.xen.wbcd.pl'      UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen05dev.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen05dev.xen.wbcd.pl'     UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06dev.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06dev.xen.wbcd.pl'     UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06x64.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06x64.xen.wbcd.pl'     UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen07x64.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen07x64.xen.wbcd.pl'     LIMIT 1

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/dovecot-sql.conf.ext:
password_query = SELECT SUBSTRING_INDEX(email,'@',1) AS username, SUBSTRING_INDEX(email,'@',-1) AS domain, password, NULL AS nopassword, NULL AS host, NULL AS destuser, NULL AS proxy, NULL AS starttls FROM wbcd_users WHERE email = '%n@%d'     UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen05.xen.wbcd.pl'    AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen05.xen.wbcd.pl'        UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06-1.xen.wbcd.pl'  AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06-1.xen.wbcd.pl'      UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06-2.xen.wbcd.pl'  AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06-2.xen.wbcd.pl'      UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen05dev.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen05dev.xen.wbcd.pl'     UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06dev.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06dev.xen.wbcd.pl'     UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen06x64.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen06x64.xen.wbcd.pl'     UNION ALL     SELECT '%n' AS username, '%d' AS domain, NULL AS password, 'Y' AS nopassword, 'cen07x64.xen.wbcd.pl' AS host, '%n@%d' AS destuser, 'Y' AS proxy, 'any-cert' AS starttls FROM wbcd_users WHERE '%d'='cen07x64.xen.wbcd.pl'     LIMIT 1

Po zalogowaniu się z użyciem kont dostępnych na zewnętrznych serwerach w logach pojawią analogicznie do poniższych komunikaty (host wbcd.pl łączy się do maszyn wirtualnych: cen05dev.xen.wbcd.pl cen06dev.xen.wbcd.pl cen06x64.xen.wbcd.pl działając jako typowy serwer Proxy przekazując wszystkie komendy protokołu IMAP do serwerów oraz zwracając uzyskane odpowiedzi do klienta):
May 17 12:56:52 wbcd dovecot: imap-login: proxy(sp@cen05dev.xen.wbcd.pl): started proxying to cen05dev.xen.wbcd.pl:143: user=<sp@cen05dev.xen.wbcd.pl>, method=PLAIN, rip=10.0.0.3, lip=10.5.5.5, mpid=0, TLS
May 17 12:56:52 wbcd dovecot: imap-login: proxy(sp@cen05dev.xen.wbcd.pl): disconnecting 10.0.0.3

May 17 12:57:02 wbcd dovecot: imap-login: proxy(sp@cen06dev.xen.wbcd.pl): started proxying to cen06dev.xen.wbcd.pl:143: user=<sp@cen06dev.xen.wbcd.pl>, method=PLAIN, rip=10.0.0.3, lip=10.5.5.5, mpid=0, TLS
May 17 12:57:02 wbcd dovecot: imap-login: proxy(sp@cen06dev.xen.wbcd.pl): disconnecting 10.0.0.3

May 17 12:58:16 wbcd dovecot: imap-login: proxy(sp@cen06x64.xen.wbcd.pl): started proxying to cen06x64.xen.wbcd.pl:143: user=<sp@cen06x64.xen.wbcd.pl>, method=PLAIN, rip=10.0.0.3, lip=10.5.5.5, mpid=0, TLS
May 17 12:58:16 wbcd dovecot: imap-login: proxy(sp@cen06x64.xen.wbcd.pl): disconnecting 10.0.0.3



#top TLS Engine


#top TLS Enable


Dokumentacja Dovecot: Dovecot SSL configuration (Dovecot 1.*) | Dovecot SSL configuration (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-ssl.conf

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes



#top TLS Cert/Key File


Dokumentacja Dovecot: Dovecot SSL configuration (Dovecot 1.*) | Dovecot SSL configuration (Dovecot 2.*)
Dokumentacja Dovecot: Multiple SSL certificates (Dovecot 1.*) | Multiple SSL certificates (Dovecot 2.*)
Dokumentacja Dovecot: Chained SSL certificates (Dovecot 1.*) | Chained SSL certificates (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-ssl.conf

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem

# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
#ssl_ca =


#top TLS Protocols


Dokumentacja Dovecot: SSL (Dovecot 1.*) | SSL (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-ssl.conf

Brak konfiguracji obsługi protokołów TLS/SSL (włączenie/wyłączenie) w sposób bezpośredni dla wersji wcześniejszych niż Dovecot 2.2.10 !!! Konfiguracja obsługi protokołów TLS/SSL (włączenie/wyłączenie) jest do uzyskania w sposób pośredni poprzez konfigurację obsługiwanych CipherSuite (TLS CipherSuite).
Zgodnie z informacjami zawartymi w ChangeLog opcja konfiguracyjna ssl_protocols została dodana do Dovecot w wersji 2.2.10.
dovecot-2.2.10/ChangeLog https://www.dovecot.org/list/dovecot/2015-January.txt
2011-10-01  Timo Sirainen  <tss@iki.fi>
[...]
    * doc/example-config/conf.d/10-ssl.conf, src/login-common/login-
    settings.c, src/login-common/login-settings.h, src/login-common/ssl-
    proxy-openssl.c:
    Added ssl_protocols setting.
    [406a1d52390b]

Wyłączenie SSLv2 i SSLv3 ze względów bezpieczeństwa (Obsługa SSLv2 i SSLv3 nie jest zalecana ze względów bezpieczeństwa).
(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot.conf:
# SSL ciphers to use
# ssl_cipher_list = ALL:!LOW:!SSLv2
ssl_cipher_list = ALL:!LOW:!SSLv2

Niestety, w serwerze Dovecot w wersji 1.* dostępnym w dystrybucji CentOS w wersjach 5.*, ze względu na dostępną wersję biblioteki OpenSSL OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008, próba wykluczenia obsługi protokołu SSLv3 skutkuje pojawieniem się komunikatów analogicznych do przedstawionych poniższej w logach serwera pocztowego:
dovecot: imap-login: Fatal: Can't set cipher list to 'ALL:!LOW:!SSLv3:!SSLv2': error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match
dovecot: managesieve-login: Fatal: Can't set cipher list to 'ALL:!LOW:!SSLv3:!SSLv2': error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match
dovecot: pop3-login: Fatal: Can't set cipher list to 'ALL:!LOW:!SSLv3:!SSLv2': error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match
dovecot: dovecot: child 3496 (login) returned error 89 (Fatal failure)

Wyłączenie SSLv2 i SSLv3 ze względów bezpieczeństwa (Obsługa SSLv2 i SSLv3 nie jest zalecana ze względów bezpieczeństwa).
(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/10-ssl.conf:
# SSL ciphers to use
# ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL

Wyłączenie SSLv2 i SSLv3 ze względów bezpieczeństwa (Obsługa SSLv2 i SSLv3 nie jest zalecana ze względów bezpieczeństwa).
(Dovecot od wersji 2.2.10) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/10-ssl.conf:
# SSL protocols to use
#ssl_protocols = !SSLv2
ssl_protocols = !SSLv2 !SSLv3
# SSL ciphers to use
# ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL



#top TLS CipherSuite


Dokumentacja Dovecot: SSL security settings (Dovecot 1.*) | SSL security settings (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-ssl.conf

Wyłączenie CipherSuite RC4 ze względów bezpieczeństwa (Obsługa CipherSuite RC4 nie jest zalecana ze względów bezpieczeństwa).
(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot.conf:
# default value
# ssl_cipher_list = ALL:!LOW:!SSLv2
ssl_cipher_list = ALL:!LOW:!SSLv2:!RC4

Wyłączenie CipherSuite RC4 ze względów bezpieczeństwa (Obsługa CipherSuite RC4 nie jest zalecana ze względów bezpieczeństwa).
(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/10-ssl.conf:
# default value
# ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_cipher_list = ALL:!LOW:!SSLv2:!RC4:!EXP:!aNULL



#top TLS Compression


Dokumentacja Dovecot: SSL (Dovecot 1.*) | SSL (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-ssl.conf

#
#



#top TLS Options


Dokumentacja Dovecot: SSL verbosity (Dovecot 1.*) | SSL verbosity (Dovecot 2.*)
Dokumentacja Dovecot: Client certificate verification/authentication (Dovecot 1.*) | Client certificate verification/authentication (Dovecot 2.*)
Dovecot 1.*: /etc/dovecot.conf
Dovecot 2.*: /etc/dovecot/conf.d/10-ssl.conf
Zgodnie z informacjami zawartymi w ChangeLog opcja konfiguracyjna ssl_prefer_server_ciphers została dodana do Dovecot i jest dostępna począwszy od wersji 2.2.10 (Dovecot w wersji 2.2.10 jest dostępny w dystrybucji CentOS w wersjach od 7.*).
dovecot-2.2.10/ChangeLog
2013-09-22  Timo Sirainen  <tss@iki.fi>
[...]
    * doc/example-config/conf.d/10-ssl.conf, src/lib-master/master-
    service-ssl-settings.c, src/lib-master/master-service-ssl-
    settings.h, src/lib-master/master-service-ssl.c, src/lib-ssl-
    iostream/iostream-openssl-context.c, src/lib-ssl-iostream/iostream-
    openssl.c, src/lib-ssl-iostream/iostream-ssl.h, src/login-common
    /ssl-proxy-openssl.c:
    Added ssl_prefer_server_ciphers setting.
    [897484f45a87]

(Dovecot 1.*) Zmiany jakie należy wprowadzić w /etc/dovecot.conf:
##
## SSL settings
##
[...]
# Request client to send a certificate. If you also want to require it, set
# ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no
[...]
# Show protocol level SSL errors.
#verbose_ssl = no

(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/10-ssl.conf:
# Show protocol level SSL errors.
#verbose_ssl = no
(Dovecot 2.*) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/10-ssl.conf:
# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no

(Dovecot 2.2.10) Zmiany jakie należy wprowadzić w /etc/dovecot/conf.d/10-ssl.conf:
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
ssl_prefer_server_ciphers = yes











































Zmodyfikowany ostatnio: 2018/01/01 16:08:01 (6 lat temu), textsize: 43,5 kB, htmlsize: 66,6 kB
Zapraszam do komentowania, zgłaszania sugestii, propozycji, własnych przykładów, ...
Dodaj komentarzKomentarze użytkowników