e98464c424
This patch adds a new docker directory, which contains a Dockerfile plus some additional configuration for creating a container that runs chasquid+dovecot+letsencrypt. It also updates the gitlab CI pipeline to automatically build and publish an image on each commit. This is experimental and likely to break.
135 lines
2.0 KiB
Plaintext
135 lines
2.0 KiB
Plaintext
|
|
#
|
|
# Logging
|
|
#
|
|
log_path = /data/dovecot/dovecot.log
|
|
|
|
#
|
|
# Email storage
|
|
#
|
|
|
|
# Store emails in /data/mail/home/domain/user, which will be inside the
|
|
# container's volume.
|
|
mail_home = /data/mail/home/%d/%n
|
|
|
|
# Use Dovecot's native format.
|
|
mail_location = mdbox:~/mdbox
|
|
|
|
# User and group used to store and access mailboxes.
|
|
mail_uid = dovecot
|
|
mail_gid = dovecot
|
|
|
|
# As we're using virtual mailboxes, the system user will be "dovecot", which
|
|
# has uid in the 100-500 range. By default using uids <500 is blocked, so we
|
|
# need to explicitly lower the value to allow storage of mail as "dovecot".
|
|
first_valid_uid = 100
|
|
first_valid_gid = 100
|
|
|
|
#
|
|
# Authentication
|
|
#
|
|
|
|
# Static file, in /data/dovecot/users.
|
|
auth_mechanisms = plain
|
|
passdb {
|
|
driver = passwd-file
|
|
args = scheme=CRYPT username_format=%u /data/dovecot/users
|
|
}
|
|
userdb {
|
|
driver = passwd-file
|
|
args = /data/dovecot/users
|
|
}
|
|
|
|
|
|
#
|
|
# TLS
|
|
#
|
|
|
|
# TLS is mandatory.
|
|
# The entrypoint generates auto-ssl.conf, with all the certificates.
|
|
ssl = required
|
|
!include_try /etc/dovecot/auto-ssl.conf
|
|
|
|
# Only allow TLS 1.2 and up.
|
|
ssl_min_protocol = TLSv1.2
|
|
|
|
|
|
#
|
|
# Protocols
|
|
#
|
|
protocols = lmtp imap pop3 sieve
|
|
|
|
#
|
|
# IMAP
|
|
#
|
|
service imap-login {
|
|
inet_listener imap {
|
|
# Disable plain text IMAP, just in case.
|
|
port = 0
|
|
}
|
|
inet_listener imaps {
|
|
port = 993
|
|
ssl = yes
|
|
}
|
|
}
|
|
|
|
service imap {
|
|
}
|
|
|
|
#
|
|
# POP3
|
|
#
|
|
service pop3-login {
|
|
inet_listener pop3 {
|
|
# Disable plain text POP3, just in case.
|
|
port = 0
|
|
}
|
|
inet_listener pop3s {
|
|
port = 995
|
|
ssl = yes
|
|
}
|
|
}
|
|
|
|
service pop3 {
|
|
}
|
|
|
|
#
|
|
# Sieve/managesieve
|
|
#
|
|
service managesieve-login {
|
|
}
|
|
service managesieve {
|
|
}
|
|
protocol sieve {
|
|
}
|
|
plugin {
|
|
sieve = file:~/sieve;active=~/.dovecot.sieve
|
|
}
|
|
|
|
#
|
|
# Internal services
|
|
#
|
|
service auth {
|
|
unix_listener auth-userdb {
|
|
}
|
|
|
|
# Grant chasquid access to request user authentication.
|
|
unix_listener auth-chasquid-userdb {
|
|
mode = 0660
|
|
user = chasquid
|
|
}
|
|
unix_listener auth-chasquid-client {
|
|
mode = 0660
|
|
user = chasquid
|
|
}
|
|
}
|
|
service auth-worker {
|
|
}
|
|
dict {
|
|
}
|
|
service lmtp {
|
|
# This is used by mda-lmtp.
|
|
unix_listener lmtp {
|
|
}
|
|
}
|