scottk/Mailu
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/Mailu.git synced 2025-11-25 02:35:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6173f5e434c0897f74ad6f400f9e63e24e7b233c
Mailu/core/nginx/dovecot/proxy.conf
Florent Daigniere 8e28050510 Don't let people disable 465 and 993 
This is what we use for the other type of autoconfig... and really what
everyone should be using.

(cherry picked from commit 5fb44bd719)
2024-06-26 12:26:15 +00:00

165 lines
3.5 KiB
Plaintext
Raw Blame History

###############
# General
###############
log_path = /dev/stderr
auth_verbose=yes
mail_debug=yes
login_log_format_elements = user=<%u> method=%m rip=%r rport=%b lip=%l lport=%a mpid=%e %c
protocols = sieve imap pop3 lmtp submission
postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
hostname = {{ HOSTNAMES.split(",")[0] }}
submission_host = {{ SMTP_ADDRESS }}
submission_relay_host = {{ SMTP_ADDRESS }}
submission_relay_port = 10025
submission_relay_trusted = yes
submission_relay_ssl = no
submission_max_mail_size = {{ MESSAGE_SIZE_LIMIT }}
submission_backend_capabilities = 8BITMIME DSN VRFY
submission_client_workarounds = mailbox-for-path whitespace-before-path
# disable BURL
imap_urlauth_host=
lmtp_proxy = yes
lmtp_client_workarounds = whitespace-before-path mailbox-for-path
{%- if SUBNET6 %}
listen = *,::
{% else %}
listen = *
{% endif %}
default_internal_user = dovecot
default_login_user = mail
default_internal_group = dovecot
haproxy_trusted_networks = {% if REAL_IP_FROM %}{% for from_ip in REAL_IP_FROM.split(',') %}{{ from_ip }} {% endfor %}{% endif %}
###############
# Authentication
###############
auth_username_chars =
auth_mechanisms = plain login
{%- if TLS %}
ssl = required
ssl_cert = <{{ TLS[0] }}
ssl_key = <{{ TLS[1] }}
{%- if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %}
ssl_alt_cert = <{{ TLS[2] }}
ssl_alt_key = <{{ TLS[3] }}
{% endif %}
# intermediate configuration
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
ssl_prefer_server_ciphers = no
ssl_options = no_compression no_ticket
{% else %}
disable_plaintext_auth = no
ssl = no
{% endif %}
passdb {
driver = lua
args = file=/etc/dovecot/login.lua blocking=yes
}
service auth-worker {
user = dovenull
group = dovenull
unix_listener auth-worker {
}
}
service anvil {
unix_listener anvil-auth-penalty {
mode = 0
}
}
{%- if PORT_4190 %}
service managesieve-login {
executable = managesieve-login
inet_listener sieve {
port = 4190
{%- if PROXY_PROTOCOL_4190 %}
haproxy = yes
{% endif %}
}
inet_listener sieve-webmail {
port = 14190
}
}
{% endif %}
protocol imap {
mail_max_userip_connections = 20
imap_idle_notify_interval = 29mins
}
service imap-login {
inet_listener imap {
port = {% if PORT_143 %}143{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_143 %}
haproxy = yes
{% endif %}
}
{%- if TLS_993 %}
inet_listener imaps {
port = 993
ssl = yes
{%- if PROXY_PROTOCOL_993 %}
haproxy = yes
{% endif %}
}
{% endif %}
inet_listener imap-webmail {
port = 10143
}
}
service pop3-login {
inet_listener pop3 {
port = {% if PORT_110 %}110{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_110 %}
haproxy = yes
{% endif %}
}
{%- if TLS_995 and PORT_995 %}
inet_listener pop3s {
port = 995
ssl = yes
{%- if PROXY_PROTOCOL_995 %}
haproxy = yes
{% endif %}
}
{% endif %}
}
recipient_delimiter = {{ RECIPIENT_DELIMITER }}
service lmtp {
user = $default_internal_user
inet_listener lmtp {
port = 2525
}
}
service submission-login {
inet_listener submission {
port = {% if PORT_587 %}587{% else %}0{% endif %}
{%- if PROXY_PROTOCOL_587 %}
haproxy = yes
{% endif %}
}
{%- if TLS_465 %}
inet_listener submissions {
port = 465
ssl = yes
{%- if PROXY_PROTOCOL_465 %}
haproxy = yes
{% endif %}
}
{% endif %}
inet_listener submission-webmail {
port = 10025
}
}
Reference in New Issue View Git Blame Copy Permalink