10-master.conf.erb 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. # Generated by Chef
  2. <%= Dovecot::Conf.attribute(@conf, 'default_process_limit', 100) %>
  3. <%= Dovecot::Conf.attribute(@conf, 'default_client_limit', 1000) %>
  4. # Default VSZ (virtual memory size) limit for service processes. This is mainly
  5. # intended to catch and kill processes that leak memory before they eat up
  6. # everything.
  7. <%= Dovecot::Conf.attribute(@conf, 'default_vsz_limit', '256M') %>
  8. # Login user is internally used by login processes. This is the most untrusted
  9. # user in Dovecot system. It shouldn't have access to anything at all.
  10. <%= Dovecot::Conf.attribute(@conf, 'default_login_user', 'dovenull') %>
  11. # Internal user is used by unprivileged processes. It should be separate from
  12. # login user, so that login processes can't disturb other processes.
  13. <%= Dovecot::Conf.attribute(@conf, 'default_internal_user', 'dovecot') %>
  14. <% if @services['imap-login'].kind_of?(Hash) and @services['imap-login'].length > 0 -%>
  15. <%= Dovecot::Conf.service('imap-login', @services['imap-login']) %>
  16. <% else -%>
  17. service imap-login {
  18. inet_listener imap {
  19. #port = 143
  20. }
  21. inet_listener imaps {
  22. #port = 993
  23. #ssl = yes
  24. }
  25. # Number of connections to handle before starting a new process. Typically
  26. # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  27. # is faster. <doc/wiki/LoginProcess.txt>
  28. #service_count = 1
  29. # Number of processes to always keep waiting for more connections.
  30. #process_min_avail = 0
  31. # If you set service_count=0, you probably need to grow this.
  32. #vsz_limit = 64M
  33. }
  34. <% end -%>
  35. <% if @services['pop3-login'].kind_of?(Hash) and @services['pop3-login'].length > 0 -%>
  36. <%= Dovecot::Conf.service('pop3-login', @services['pop3-login']) %>
  37. <% else -%>
  38. service pop3-login {
  39. inet_listener pop3 {
  40. #port = 110
  41. }
  42. inet_listener pop3s {
  43. #port = 995
  44. #ssl = yes
  45. }
  46. }
  47. <% end -%>
  48. <% if @services['lmtp'].kind_of?(Hash) and @services['lmtp'].length > 0 -%>
  49. <%= Dovecot::Conf.service('lmtp', @services['lmtp']) %>
  50. <% else -%>
  51. service lmtp {
  52. unix_listener lmtp {
  53. #mode = 0666
  54. }
  55. # Create inet listener only if you can't use the above UNIX socket
  56. #inet_listener lmtp {
  57. # Avoid making LMTP visible for the entire internet
  58. #address =
  59. #port =
  60. #}
  61. }
  62. <% end -%>
  63. <% if @services['imap'].kind_of?(Hash) and @services['imap'].length > 0 -%>
  64. <%= Dovecot::Conf.service('imap', @services['imap']) %>
  65. <% else -%>
  66. service imap {
  67. # Most of the memory goes to mmap()ing files. You may need to increase this
  68. # limit if you have huge mailboxes.
  69. #vsz_limit = 256M
  70. # Max. number of IMAP processes (connections)
  71. #process_limit = 1024
  72. }
  73. <% end -%>
  74. <% if @services['pop3'].kind_of?(Hash) and @services['pop3'].length > 0 -%>
  75. <%= Dovecot::Conf.service('pop3', @services['pop3']) %>
  76. <% else -%>
  77. service pop3 {
  78. # Max. number of POP3 processes (connections)
  79. #process_limit = 1024
  80. }
  81. <% end -%>
  82. <% if @services['auth'].kind_of?(Hash) and @services['auth'].length > 0 -%>
  83. <%= Dovecot::Conf.service('auth', @services['auth']) %>
  84. <% else -%>
  85. service auth {
  86. # auth_socket_path points to this userdb socket by default. It's typically
  87. # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  88. # permissions make it readable only by root, but you may need to relax these
  89. # permissions. Users that have access to this socket are able to get a list
  90. # of all usernames and get results of everyone's userdb lookups.
  91. unix_listener auth-userdb {
  92. #mode = 0600
  93. #user =
  94. #group =
  95. }
  96. # Postfix smtp-auth
  97. #unix_listener /var/spool/postfix/private/auth {
  98. # mode = 0666
  99. #}
  100. # Auth process is run as this user.
  101. #user = $default_internal_user
  102. }
  103. <% end -%>
  104. <% if @services['auth-worker'].kind_of?(Hash) and @services['auth-worker'].length > 0 -%>
  105. <%= Dovecot::Conf.service('auth-worker', @services['auth-worker']) %>
  106. <% else -%>
  107. service auth-worker {
  108. # Auth worker process is run as root by default, so that it can access
  109. # /etc/shadow. If this isn't necessary, the user should be changed to
  110. # $default_internal_user.
  111. #user = root
  112. }
  113. <% end -%>
  114. <% if @services['dict'].kind_of?(Hash) and @services['dict'].length > 0 -%>
  115. <%= Dovecot::Conf.service('dict', @services['dict']) %>
  116. <% else -%>
  117. service dict {
  118. # If dict proxy is used, mail processes should have access to its socket.
  119. # For example: mode=0660, group=vmail and global mail_access_groups=vmail
  120. unix_listener dict {
  121. #mode = 0600
  122. #user =
  123. #group =
  124. }
  125. }
  126. <% end -%>