123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 |
- <%= Dovecot::Conf.attribute(@conf, 'default_process_limit', 100) %>
- <%= Dovecot::Conf.attribute(@conf, 'default_client_limit', 1000) %>
- # Default VSZ (virtual memory size) limit for service processes. This is mainly
- # intended to catch and kill processes that leak memory before they eat up
- # everything.
- <%= Dovecot::Conf.attribute(@conf, 'default_vsz_limit', '256M') %>
- # Login user is internally used by login processes. This is the most untrusted
- # user in Dovecot system. It shouldn't have access to anything at all.
- <%= Dovecot::Conf.attribute(@conf, 'default_login_user', 'dovenull') %>
- # Internal user is used by unprivileged processes. It should be separate from
- # login user, so that login processes can't disturb other processes.
- <%= Dovecot::Conf.attribute(@conf, 'default_internal_user', 'dovecot') %>
- <% if @services['imap-login'].kind_of?(Hash) and @services['imap-login'].length > 0 -%>
- <%= Dovecot::Conf.service('imap-login', @services['imap-login']) %>
- <% else -%>
- service imap-login {
- inet_listener imap {
- #port = 143
- }
- inet_listener imaps {
- #port = 993
- #ssl = yes
- }
- # Number of connections to handle before starting a new process. Typically
- # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
- # is faster. <doc/wiki/LoginProcess.txt>
- #service_count = 1
- # Number of processes to always keep waiting for more connections.
- #process_min_avail = 0
- # If you set service_count=0, you probably need to grow this.
- #vsz_limit = 64M
- }
- <% end -%>
- <% if @services['pop3-login'].kind_of?(Hash) and @services['pop3-login'].length > 0 -%>
- <%= Dovecot::Conf.service('pop3-login', @services['pop3-login']) %>
- <% else -%>
- service pop3-login {
- inet_listener pop3 {
- #port = 110
- }
- inet_listener pop3s {
- #port = 995
- #ssl = yes
- }
- }
- <% end -%>
- <% if @services['lmtp'].kind_of?(Hash) and @services['lmtp'].length > 0 -%>
- <%= Dovecot::Conf.service('lmtp', @services['lmtp']) %>
- <% else -%>
- service lmtp {
- unix_listener lmtp {
- #mode = 0666
- }
- # Create inet listener only if you can't use the above UNIX socket
- #inet_listener lmtp {
- # Avoid making LMTP visible for the entire internet
- #address =
- #port =
- #}
- }
- <% end -%>
- <% if @services['imap'].kind_of?(Hash) and @services['imap'].length > 0 -%>
- <%= Dovecot::Conf.service('imap', @services['imap']) %>
- <% else -%>
- service imap {
- # Most of the memory goes to mmap()ing files. You may need to increase this
- # limit if you have huge mailboxes.
- #vsz_limit = 256M
- # Max. number of IMAP processes (connections)
- #process_limit = 1024
- }
- <% end -%>
- <% if @services['pop3'].kind_of?(Hash) and @services['pop3'].length > 0 -%>
- <%= Dovecot::Conf.service('pop3', @services['pop3']) %>
- <% else -%>
- service pop3 {
- # Max. number of POP3 processes (connections)
- #process_limit = 1024
- }
- <% end -%>
- <% if @services['auth'].kind_of?(Hash) and @services['auth'].length > 0 -%>
- <%= Dovecot::Conf.service('auth', @services['auth']) %>
- <% else -%>
- service auth {
- # auth_socket_path points to this userdb socket by default. It's typically
- # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
- # permissions make it readable only by root, but you may need to relax these
- # permissions. Users that have access to this socket are able to get a list
- # of all usernames and get results of everyone's userdb lookups.
- unix_listener auth-userdb {
- #mode = 0600
- #user =
- #group =
- }
- # Postfix smtp-auth
- #unix_listener /var/spool/postfix/private/auth {
- # mode = 0666
- #}
- # Auth process is run as this user.
- #user = $default_internal_user
- }
- <% end -%>
- <% if @services['auth-worker'].kind_of?(Hash) and @services['auth-worker'].length > 0 -%>
- <%= Dovecot::Conf.service('auth-worker', @services['auth-worker']) %>
- <% else -%>
- service auth-worker {
- # Auth worker process is run as root by default, so that it can access
- # /etc/shadow. If this isn't necessary, the user should be changed to
- # $default_internal_user.
- #user = root
- }
- <% end -%>
- <% if @services['dict'].kind_of?(Hash) and @services['dict'].length > 0 -%>
- <%= Dovecot::Conf.service('dict', @services['dict']) %>
- <% else -%>
- service dict {
- # If dict proxy is used, mail processes should have access to its socket.
- # For example: mode=0660, group=vmail and global mail_access_groups=vmail
- unix_listener dict {
- #mode = 0600
- #user =
- #group =
- }
- }
- <% end -%>
|