mail/dovecot/files/patch-dovecot-example.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

--- dovecot-example.conf.orig	2008-08-28 06:53:28.000000000 -0400
+++ dovecot-example.conf	2008-08-28 06:53:28.000000000 -0400
@@ -20,7 +20,7 @@
 
 # Protocols we want to be serving: imap imaps pop3 pop3s
 # If you only want to use dovecot-auth, you can set this to "none".
-#protocols = imap imaps
+protocols = %%PROTOCOLS%%
 
 # A space separated list of IP or host addresses where to listen in for
 # connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6
@@ -44,7 +44,7 @@
 # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = no
 
 # Should all IMAP and POP3 processes be killed when Dovecot master process
 # shuts down. Setting this to "no" means that Dovecot can be upgraded without
@@ -211,7 +211,7 @@
 #
 # <doc/wiki/MailLocation.txt>
 #
-#mail_location = 
+mail_location = mbox:~/mail/:INBOX=/var/mail/%u
 
 # If you need to set multiple mailbox locations or want to change default
 # namespace settings, you can do it by defining namespace sections.
@@ -271,7 +271,7 @@
 # Group to enable temporarily for privileged operations. Currently this is
 # used only with INBOX when either its initial creation or dotlocking fails.
 # Typically this is set to "mail" to give access to /var/mail.
-#mail_privileged_group =
+mail_privileged_group = mail
 
 # Grant access to these supplementary groups for mail processes. Typically
 # these are used to set up access to shared mailboxes. Note that it may be
@@ -310,7 +310,7 @@
 
 # Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
 # since version 3, so this should be safe to use nowadays by default.
-#dotlock_use_excl = yes
+dotlock_use_excl = yes
 
 # Don't use fsync() or fdatasync() calls. This makes the performance better
 # at the cost of potential data loss if the server (or the file server)
@@ -338,20 +338,20 @@
 # Show more verbose process titles (in ps). Currently shows user name and
 # IP address. Useful for seeing who are actually using the IMAP processes
 # (eg. shared mailboxes or if same uid is used for multiple accounts).
-#verbose_proctitle = no
+verbose_proctitle = yes
 
 # Valid UID range for users, defaults to 500 and above. This is mostly
 # to make sure that users can't log in as daemons or other system users.
 # Note that denying root logins is hardcoded to dovecot binary and can't
 # be done even if first_valid_uid is set to 0.
-#first_valid_uid = 500
+first_valid_uid = 1000
 #last_valid_uid = 0
 
 # Valid GID range for users, defaults to non-root/wheel. Users having
 # non-valid GID as primary group ID aren't allowed to log in. If user
 # belongs to supplementary groups with non-valid GIDs, those groups are
 # not set.
-#first_valid_gid = 1
+first_valid_gid = 1000
 #last_valid_gid = 0
 
 # Maximum number of running mail processes. When this limit is reached,
@@ -418,7 +418,7 @@
 
 # When copying a message, do it with hard links whenever possible. This makes
 # the performance much better, and it's unlikely to have any side effects.
-#maildir_copy_with_hardlinks = yes
+maildir_copy_with_hardlinks = yes
 
 # When copying a message, try to preserve the base filename. Only if the
 # destination mailbox already contains the same name (ie. the mail is being
@@ -426,7 +426,7 @@
 # done only by looking at dovecot-uidlist file, so if something outside
 # Dovecot does similar filename preserving copies, you may run into problems.
 # NOTE: This setting requires maildir_copy_with_hardlinks = yes to work.
-#maildir_copy_preserve_filename = no
+maildir_copy_preserve_filename = yes
 
 ##
 ## mbox-specific settings
@@ -533,7 +533,7 @@
   # Send IMAP capabilities in greeting message. This makes it unnecessary for
   # clients to request it with CAPABILITY command, so it saves one round-trip.
   # Many clients however don't understand it and ask the CAPABILITY anyway.
-  #login_greeting_capability = no
+  login_greeting_capability = yes
 
   # IMAP logout format string:
   #  %i - total number of bytes read from client
@@ -562,7 +562,7 @@
   #     but not both. Thunderbird separates these two by forcing server to
   #     accept '/' suffix in mailbox names in subscriptions list.
   # The list is space-separated.
-  #imap_client_workarounds = 
+  imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep
 }
   
 ##
@@ -585,7 +585,7 @@
   # Support LAST command which exists in old POP3 specs, but has been removed
   # from new ones. Some clients still wish to use this though. Enabling this
   # makes RSET command clear all \Seen flags from messages.
-  #pop3_enable_last = no
+  pop3_enable_last = yes
 
   # If mail has X-UIDL header, use it as the mail's UIDL.
   #pop3_reuse_xuidl = no
@@ -614,7 +614,7 @@
   # Dovecot's default, so if you're building a new server it would be a good
   # idea to change this. %08Xu%08Xv should be pretty fail-safe.
   #
-  #pop3_uidl_format = %08Xu%08Xv
+  pop3_uidl_format = %08Xu%08Xv
 
   # POP3 logout format string:
   #  %i - total number of bytes read from client
@@ -645,7 +645,7 @@
   #     Outlook Express and Netscape Mail breaks if end of headers-line is
   #     missing. This option simply sends it if it's missing.
   # The list is space-separated.
-  #pop3_client_workarounds = 
+  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
 }
 
 ##
@@ -667,7 +667,7 @@
 
   # If user is over quota, return with temporary failure instead of
   # bouncing the mail.
-  #quota_full_tempfail = no
+  quota_full_tempfail = yes
 
   # Format to use for logging mail deliveries. You can use variables:
   #  %$ - Delivery status message (e.g. "saved to INBOX")
@@ -736,7 +736,7 @@
 # the standard variables here, eg. %Lu would lowercase the username, %n would
 # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
 # "-AT-". This translation is done after auth_username_translation changes.
-#auth_username_format =
+auth_username_format = %Ln
 
 # If you want to allow master users to log in by specifying the master
 # username within the normal username string (ie. not using SASL mechanism's
@@ -792,7 +792,7 @@
   #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
   #   gss-spnego
   # NOTE: See also disable_plaintext_auth setting.
-  mechanisms = plain
+  mechanisms = plain login
 
   #
   # Password database is used to verify user's password (and nothing more).
@@ -854,6 +854,7 @@
     #   args = session=yes %Ls
     #   args = cache_key=%u dovecot
     #args = dovecot
+    args = session=yes dovecot
   }
 
   # System users (NSS, /etc/passwd, or similiar)
@@ -897,14 +898,16 @@
 
   # SQL database <doc/wiki/AuthDatabase.SQL.txt>
   #passdb sql {
-    # Path for SQL configuration file, see doc/dovecot-sql-example.conf
-    #args = 
+    # Path for SQL configuration file.
+    # See doc/dovecot-sql-example.conf
+    #args = /etc/dovecot-sql.conf
   #}
 
   # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
   #passdb ldap {
-    # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf
-    #args = 
+    # Path for LDAP configuration file.
+    # See doc/dovecot-ldap-example.conf
+    #args = /etc/dovecot-ldap.conf
   #}
 
   # vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt>
@@ -931,7 +934,7 @@
     # proceses. Useful with remote NSS lookups that may block.
     # NOTE: Be sure to use this setting with nss_ldap or users might get
     # logged in as each others!
-    #args = 
+    args = blocking=yes
   }
 
   # passwd-like file with specified location
@@ -960,14 +963,16 @@
 
   # SQL database <doc/wiki/AuthDatabase.SQL.txt>
   #userdb sql {
-    # Path for SQL configuration file, see doc/dovecot-sql-example.conf
-    #args = 
+    # Path for SQL configuration file.
+    # See doc/dovecot-sql-example.conf
+    #args = /etc/dovecot-sql.conf
   #}
 
   # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
   #userdb ldap {
-    # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf
-    #args = 
+    # Path for LDAP configuration file.
+    # See doc/dovecot-ldap-example.conf
+    #args = /etc/dovecot-ldap.conf
   #}
 
   # vpopmail <doc/wiki/AuthDatabase.VPopMail.txt>
@@ -1007,25 +1012,25 @@
   #ssl_username_from_cert = no
 
   # It's possible to export the authentication interface to other programs:
-  #socket listen {
-    #master {
+  socket listen {
+    master {
       # Master socket provides access to userdb information. It's typically
       # used to give Dovecot's local delivery agent access to userdb so it
       # can find mailbox locations.
-      #path = /var/run/dovecot/auth-master
-      #mode = 0600
+      path = /var/run/dovecot/auth-master
+      mode = 0600
       # Default user/group is the one who started dovecot-auth (root)
       #user = 
       #group = 
-    #}
-    #client {
+    }
+    client {
       # The client socket is generally safe to export to everyone. Typical use
       # is to export it to your SMTP server so it can do SMTP AUTH lookups
       # using it.
-      #path = /var/run/dovecot/auth-client
-      #mode = 0660
-    #}
-  #}
+      path = /var/run/dovecot/auth-client
+      mode = 0660
+    }
+  }
 }
 
 # If you wish to use another authentication server than dovecot-auth, you can
@@ -1055,8 +1060,9 @@
   #quota = mysql:/etc/dovecot-dict-quota.conf 
 }
 
-# Path to Berkeley DB's configuration file. See doc/dovecot-db-example.conf
-#dict_db_config = 
+# Path to Berkeley DB's configuration file.
+# See doc/dovecot-db-example.conf
+#dict_db_config = /etc/dovecot-db.conf
 
 ##
 ## Plugin settings
@@ -1093,8 +1099,8 @@
   # Each quota root has separate limits. Only the command for the first
   # exceeded limit is excecuted, so put the highest limit first.
   # Note that % needs to be escaped as %%, otherwise "% " expands to empty.
-  #   quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95
-  #   quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80
+  #   quota_warning = storage=95%% /usr/bin/quota-warning.sh 95
+  #   quota_warning2 = storage=80%% /usr/bin/quota-warning.sh 80
   #quota = maildir
 
   # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from maildir
@@ -1131,7 +1137,7 @@
   # you must set up:
   #   dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool
   #expire = Trash 7 Spam 30
-  #expire_dict = db:/var/lib/dovecot/expire.db
+  #expire_dict = db:/var/db/dovecot/expire.db
 
   # Lazy expunge plugin. Currently works only with maildirs. When a user
   # expunges mails, the mails are moved to a mailbox in another namespace