diff --git a/squeeze/95_alternc.conf b/squeeze/95_alternc.conf deleted file mode 100644 index 7606a750..00000000 --- a/squeeze/95_alternc.conf +++ /dev/null @@ -1,350 +0,0 @@ -diff --git a/etc/alternc/templates/dovecot/conf.d/95_alternc.conf b/etc/alternc/templates/dovecot/conf.d/95_alternc.conf -deleted file mode 100644 -index dda55336..00000000 ---- a/etc/alternc/templates/dovecot/conf.d/95_alternc.conf -+++ /dev/null -@@ -1,344 +0,0 @@ --# AUTO GENERATED FILE --# Modify template in /etc/alternc/templates/ --# and launch alternc.install if you want --# to modify this file. --# --## Dovecot configuration file --# This is a concatenation of all /etc/dovecot/conf.d/* from DEBIAN package --# with rules adapted to AlternC best practices and link with MySQL tables. -- --protocols = imap pop3 sieve -- --default_process_limit = 1000 -- --## ------------------------------------------------------------------------- --## 10-auth -- --# Disable LOGIN command and all other plaintext authentications unless --# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP --# matches the local IP (ie. you're connecting from the same computer), the --# connection is considered secure and plaintext authentication is allowed. --disable_plaintext_auth = no -- --# Space separated list of wanted authentication mechanisms: --# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey --# gss-spnego --# NOTE: See also disable_plaintext_auth setting. --auth_mechanisms = plain login -- --## --## Password and user databases --## -- --# --# Password database is used to verify user's password (and nothing more). --# You can have multiple passdbs and userdbs. This is useful if you want to --# allow both system users (/etc/passwd) and virtual users to login without --# duplicating the system users into virtual database. --# --# --# --# User database specifies where mails are located and what user/group IDs --# own them. For single-UID configuration use "static" userdb. --# --# -- --#!include auth-deny.conf.ext --#!include auth-master.conf.ext -- --#!include auth-system.conf.ext --#!include auth-sql.conf.ext --#!include auth-ldap.conf.ext --#!include auth-passwdfile.conf.ext --#!include auth-checkpassword.conf.ext --#!include auth-vpopmail.conf.ext --#!include auth-static.conf.ext -- -- --# ---------------------------------------------------------------------------- --# 10-login.conf -- --# Prefix for each line written to log file. % codes are in strftime(3) --# format. --#log_timestamp = "%b %d %H:%M:%S " --log_timestamp = "%Y-%m-%d %H:%M:%S " -- --# ---------------------------------------------------------------------------- --# 10-mail.conf -- -- --# Location for users' mailboxes. This is the same as the old default_mail_env --# setting. The default is empty, which means that Dovecot tries to find the --# mailboxes automatically. This won't work if the user doesn't have any mail --# yet, so you should explicitly tell Dovecot the full location. --# --# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) --# isn't enough. You'll also need to tell Dovecot where the other mailboxes are --# kept. This is called the "root mail directory", and it must be the first --# path given in the mail_location setting. --# --# There are a few special variables you can use, eg.: --# --# %u - username --# %n - user part in user@domain, same as %u if there's no domain --# %d - domain part in user@domain, empty if there's no domain --# %h - home directory --# --# See for full list. --# Some examples: --# --# mail_location = maildir:~/Maildir --# mail_location = mbox:~/mail:INBOX=/var/mail/%u --# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n --# --# --# --mail_location = maildir:~/Maildir -- -- --# Group to enable temporarily for privileged operations. Currently this is --# used only with INBOX when either its initial creation or dotlocking fails. --# Typically this is set to "mail" to give access to /var/mail. --#mail_privileged_group = --mail_privileged_group = vmail -- -- --# Valid UID range for users, defaults to 500 and above. This is mostly --# to make sure that users can't log in as daemons or other system users. --# Note that denying root logins is hardcoded to dovecot binary and can't --# be done even if first_valid_uid is set to 0. --first_valid_uid = 2000 --last_valid_uid = 65000 -- --# ---------------------------------------------------------------------------- --# 10-master.conf -- --passdb { -- driver = sql -- args = /etc/dovecot/alternc-sql.conf --} -- --userdb { -- driver = sql -- args = /etc/dovecot/alternc-sql.conf --} --userdb { -- driver = prefetch --} -- --service auth { -- unix_listener /var/spool/postfix/private/auth { -- group = postfix -- mode = 0660 -- user = postfix -- } -- unix_listener auth-master { -- mode = 0600 -- user = vmail -- } -- -- # set this to (default_client_limit * number of services using it) -- client_limit = 5000 --} -- --service anvil { -- # set this to (default_client_limit * number of services using it) -- client_limit = 5000 --} -- -- --# ---------------------------------------------------------------------------- --# 10-ssl.conf -- --# SSL/TLS support: yes, no, required. --ssl = yes -- --# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before --# dropping root privileges, so keep the key file unreadable by anyone but --# root. --#ssl_cert = (e.g. %Uf for the -- # filename in uppercase) -- # -- # %v - Mailbox's IMAP UIDVALIDITY -- # %u - Mail's IMAP UID -- # %m - MD5 sum of the mailbox headers in hex (mbox only) -- # %f - filename (maildir only) -- # -- # If you want UIDL compatibility with other POP3 servers, use: -- # UW's ipop3d : %08Xv%08Xu -- # Courier : %f or %v-%u (both might be used simultaneosly) -- # Cyrus (<= 2.1.3) : %u -- # Cyrus (>= 2.1.4) : %v.%u -- # Dovecot v0.99.x : %v.%u -- # tpop3d : %Mf -- # -- # Note that Outlook 2003 seems to have problems with %v.%u format which was -- # Dovecot's default, so if you're building a new server it would be a good -- # idea to change this. %08Xu%08Xv should be pretty fail-safe. -- # -- pop3_uidl_format = %08Xu%08Xv -- -- # Support for dynamically loadable plugins. mail_plugins is a space separated -- # list of plugins to load. -- mail_plugins = quota -- #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 -- --} -- --service pop3 { -- executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/pop3 --} -- --# ---------------------------------------------------------------------------- --# 90-plugin.conf -- --plugin { -- -- # Quota plugin. Multiple backends are supported: -- # dirsize: Find and sum all the files found from mail directory. -- # Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. -- # dict: Keep quota stored in dictionary (eg. SQL) -- # maildir: Maildir++ quota -- # fs: Read-only support for filesystem quota -- # -- # Quota limits are set using "quota_rule" parameters, either in here or in -- # userdb. It's also possible to give mailbox-specific limits, for example: -- # quota_rule = *:storage=1048576 -- quota_rule = *:storage=100M -- quota_rule2 = Trash:storage=+10%% -- # quota_rule2 = Trash:storage=102400 -- # User has now 1GB quota, but when saving to Trash mailbox the user gets -- # additional 100MB. -- # -- # Multiple quota roots are also possible, for example: -- # quota = dict:user::proxy::quota -- # quota2 = dict:domain:%d:proxy::quota_domain -- # quota_rule = *:storage=102400 -- # quota2_rule = *:storage=1048576 -- # Gives each user their own 100MB quota and one shared 1GB quota within -- # the domain. -- # -- # You can execute a given command when user exceeds a specified quota limit. -- # Each quota root has separate limits. Only the command for the first -- # exceeded limit is excecuted, so put the highest limit first. -- # Note that % needs to be escaped as %%, otherwise "% " expands to empty. -- # quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95 -- # quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80 -- quota_warning = storage=95%% /usr/lib/alternc/quota-warning.sh 95 -- quota_warning2 = storage=80%% /usr/lib/alternc/quota-warning.sh 80 -- #quota = maildir -- quota = dict:user::proxy::quotadict -- -- -- # Sieve plugin (http://wiki.dovecot.org/LDA/Sieve) and ManageSieve service -- # -- # Location of the active script. When ManageSieve is used this is actually -- # a symlink pointing to the active script in the sieve storage directory. -- sieve=~/.dovecot.sieve -- # -- # The path to the directory where the personal Sieve scripts are stored. For -- # ManageSieve this is where the uploaded scripts are stored. -- sieve_dir=~/sieve --} -- --# Dictionary can be used by some plugins to store key=value lists, such as --# quota, expire and acl plugins. The dictionary can be used either directly or --# though a dictionary server. The following dict block maps dictionary names to --# URIs when the server is used. These can then be referenced using URIs in --# format "proxy::". -- --dict { -- quotadict = mysql:/etc/dovecot/alternc-dict-quota.conf -- #expire = db:/var/lib/dovecot/expire.db --} -- -- --service auth-worker { -- user = vmail --} -- --service dict { -- unix_listener dict { -- mode = 0660 -- user = vmail -- group = vmail -- } --} diff --git a/squeeze/alternc-roundcube.postinst b/squeeze/alternc-roundcube.postinst deleted file mode 100644 index 5c54e746..00000000 --- a/squeeze/alternc-roundcube.postinst +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/debian/alternc-roundcube.postinst b/debian/alternc-roundcube.postinst -index 0d99169d..6dfe23c9 100644 ---- a/debian/alternc-roundcube.postinst -+++ b/debian/alternc-roundcube.postinst -@@ -27,10 +27,10 @@ case "$1" in - chown -R www-data:root /etc/roundcube/debian-db.php - chmod -R 460 /etc/roundcube/debian-db.php - -- dpkg-statoverride --list /etc/roundcube/config.inc.php >/dev/null && -- dpkg-statoverride --remove /etc/roundcube/config.inc.php -- chown -R www-data:root /etc/roundcube/config.inc.php -- chmod -R 460 /etc/roundcube/config.inc.php -+ dpkg-statoverride --list /etc/roundcube/main.inc.php >/dev/null && -+ dpkg-statoverride --remove /etc/roundcube/main.inc.php -+ chown -R www-data:root /etc/roundcube/main.inc.php -+ chmod -R 460 /etc/roundcube/main.inc.php - - dpkg-statoverride --list /var/log/roundcube >/dev/null && - dpkg-statoverride --remove /var/log/roundcube diff --git a/squeeze/alternc-ssl.install.php b/squeeze/alternc-ssl.install.php deleted file mode 100644 index 9d524944..00000000 --- a/squeeze/alternc-ssl.install.php +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/ssl/alternc-ssl.install.php b/ssl/alternc-ssl.install.php -index ba568910..041eef80 100644 ---- a/ssl/alternc-ssl.install.php -+++ b/ssl/alternc-ssl.install.php -@@ -9,7 +9,9 @@ if ($argv[1] == "templates") { - // install ssl.conf - echo "[alternc-ssl] Installing ssl.conf template\n"; - copy("/etc/alternc/templates/apache2/mods-available/ssl.conf","/etc/apache2/mods-available/ssl.conf"); -- mkdir("/var/run/alternc-ssl"); -+ if (!is_dir('/var/run/alternc-ssl')) { -+ mkdir("/var/run/alternc-ssl"); -+ } - chown("/var/run/alternc-ssl","alterncpanel"); - chgrp("/var/run/alternc-ssl","alterncpanel"); - // replace open_basedir line if necessary : -@@ -64,4 +66,23 @@ if ($argv[1] == "before-reload") { - $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='php52-mixssl';"); - } - -+ // Enable name-based virtual hosts in Apache2 : -+ $f = fopen("/etc/apache2/ports.conf", "rb"); -+ if (!$f) { -+ echo "FATAL: there is no /etc/apache2/ports.conf ! I can't configure name-based virtual hosts\n"; -+ } else { -+ $found = false; -+ while ($s = fgets($f, 1024)) { -+ if (preg_match(":^[^#]*NameVirtualHost.*443:", $s)) { -+ $found = true; -+ break; -+ } -+ } -+ fclose($f); -+ if (!$found) { -+ $f = fopen("/etc/apache2/ports.conf", "ab"); -+ fputs($f, "\n\n NameVirtualHost *:443\n\n\n"); -+ fclose($f); -+ } -+ } - } // before-reload diff --git a/squeeze/alternc.install b/squeeze/alternc.install deleted file mode 100644 index e036cac2..00000000 --- a/squeeze/alternc.install +++ /dev/null @@ -1,147 +0,0 @@ -diff --git a/install/alternc.install b/install/alternc.install -index 95060b7c..10bcbacc 100644 ---- a/install/alternc.install -+++ b/install/alternc.install -@@ -79,7 +79,7 @@ if [ -e /etc/default/saslauthd ]; then - fi - - if [ -e /etc/dovecot/dovecot.conf ]; then -- CONFIG_FILES="$CONFIG_FILES etc/dovecot/alternc-sql.conf etc/dovecot/alternc-dict-quota.conf etc/dovecot/conf.d/95_alternc.conf" -+ CONFIG_FILES="$CONFIG_FILES etc/dovecot/dovecot.conf etc/dovecot/dovecot-sql.conf etc/dovecot/dovecot-dict-quota.conf" - fi - - INSTALLED_CONFIG_TAR="/var/lib/alternc/backups/etc-installed.tar.gz" -@@ -279,20 +279,12 @@ rm -f $SED_SCRIPT - # Ad-hoc fixes - # - --php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.*\)\.so$/\1/' | tail -1`" --if [ "$php" = "7.0" ] --then -- ln -fs /etc/alternc/alternc.ini /etc/php/$php/apache2/conf.d/alternc.ini || true -- ln -fs /etc/alternc/alternc.ini /etc/php/$php/cli/conf.d/alternc.ini || true --else -- ln -fs /etc/alternc/alternc.ini /etc/php$php/apache2/conf.d/alternc.ini || true -- ln -fs /etc/alternc/alternc.ini /etc/php$php/cli/conf.d/alternc.ini || true --fi -- -+php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.\)\.so$/php\1/' | tail -1`" -+ln -fs /etc/alternc/alternc.ini /etc/$php/apache2/conf.d/alternc.ini || true -+ln -fs /etc/alternc/alternc.ini /etc/$php/cli/conf.d/alternc.ini || true - if [ -x /usr/sbin/apache2 ]; then - # hook - run-parts --arg=apache2 /usr/lib/alternc/install.d -- a2enmod mpm_itk - - s="" - # unused from AlternC 1.0, FIXME: remove it later -@@ -301,9 +293,9 @@ if [ -x /usr/sbin/apache2 ]; then - a2dismod vhost_alias - s="apache2" - fi -- if ! [ -L /etc/apache2/mods-enabled/php$php.load ] -+ if ! [ -L /etc/apache2/mods-enabled/$php.load ] - then -- a2enmod php$php -+ a2enmod $php - fi - if ! [ -L /etc/apache2/mods-enabled/rewrite.load ] - then -@@ -319,14 +311,13 @@ if [ -x /usr/sbin/apache2 ]; then - a2enmod ssl - s="apache2" - fi -- if [ ! -h /etc/apache2/conf-available/alternc-ssl.conf ] && [ -e /etc/apache2/conf-available/ ]; then -- ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf-available/alternc-ssl.conf -- a2enconf alternc-ssl -+ if [ ! -h /etc/apache2/conf.d/alternc-ssl.conf ] && [ -e /etc/apache2/conf.d/ ]; then -+ ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf.d/alternc-ssl.conf - s="apache2" - fi - - # We enable dovecot SSL certificate instructions: (on wheezy we should use a new file in /etc/dovecot/conf.d/ ) -- ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = /etc/dovecot/conf.d/96_ssl.conf -+ sed -i -e 's#^ssl_cert_file.*$#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem#' -e 's#^ssl_key_file.*$#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key#' /etc/dovecot/dovecot.conf - - else - # We disable proftpd tls module -@@ -335,18 +326,17 @@ if [ -x /usr/sbin/apache2 ]; then - cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/ - - # We disable dovecot SSL certificate instructions: (on wheezy we should remove a file in /etc/dovecot/conf.d/ ) -- ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = /etc/dovecot/conf.d/96_ssl.conf -+ sed -i -e 's#^ssl_cert_file.*$#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem#' -e 's#^ssl_key_file.*$#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key#' /etc/dovecot/dovecot.conf - - echo "SSL not configured" - echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install" - fi -- if [ ! -h /etc/apache2/conf-available/alternc.conf ] && [ -e /etc/apache2/conf-available/ ]; then -- ln -sf /etc/alternc/apache2.conf /etc/apache2/conf-available/alternc.conf -- a2enconf alternc.conf -+ if [ ! -h /etc/apache2/conf.d/alternc.conf ] && [ -e /etc/apache2/conf.d/ ]; then -+ ln -sf /etc/alternc/apache2.conf /etc/apache2/conf.d/alternc.conf - s="apache2" - fi -- if [ -e /etc/apache2/sites-enabled/000-default.conf ]; then -- a2dissite 000-default -+ if [ -e /etc/apache2/sites-enabled/000-default ]; then -+ a2dissite default - s="apache2" - fi - SERVICES="$SERVICES $s" -@@ -440,7 +430,7 @@ OLDDESTINATION=`postconf mydestination | awk -F '=' '{print $2}'` - echo "$OLDDESTINATION" | grep -q -v "$FQDN" && postconf -e "mydestination = $FQDN, $OLDDESTINATION" - - # Remove phpmyadmin apache2 configuration --a2disconf phpmyadmin -+rm -f /etc/apache2/conf.d/phpmyadmin.conf || true - - # Configure PHPMyAdmin - include_str='include("/etc/alternc/phpmyadmin.inc.php")' -@@ -592,14 +582,9 @@ else - mysql --defaults-file=/etc/alternc/my.cnf -e "UPDATE db_servers SET host='$MYSQL_HOST', login='$MYSQL_USER', password='$MYSQL_PASS', client='$MYSQL_HOST_CLIENT' WHERE name='Default';" - fi - --# giving vmail user read access on dovecot sql file --chgrp vmail /etc/dovecot/alternc-sql.conf --chmod g+r /etc/dovecot/alternc-sql.conf --# Override some dovecot 2.0 configuration that may have happened during dovecot postinst: --sed -i -e 's/^ *!include/#!include/' /etc/dovecot/conf.d/10-auth.conf -- --# Changing owner of web panel's files --chown -R alterncpanel:alterncpanel "/usr/share/alternc/panel/" -+#giving vmail user read access on dovecot sql file -+chgrp vmail /etc/dovecot/dovecot.conf -+chmod g+r /etc/dovecot/dovecot.conf - - # We force the re-computing of the DNS zones, since we may have changed the IP address (see #460) - /usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='UPDATE' WHERE gesdns=1;" -@@ -612,7 +597,7 @@ grep -q "^localhost\$" /etc/opendkim/TrustedHosts || echo "localhost" >>/etc/ope - grep -q "^$PUBLIC_IP\$" /etc/opendkim/TrustedHosts || echo "$PUBLIC_IP" >>/etc/opendkim/TrustedHosts - - # Add opendkim to service to restart --SERVICES="$SERVICES opendkim bind9" -+SERVICES="$SERVICES opendkim" - - # hook - run-parts --arg=before-reload /usr/lib/alternc/install.d -@@ -620,7 +605,7 @@ run-parts --arg=before-reload /usr/lib/alternc/install.d - ####################################################################### - # Reload services - # --for service in postfix dovecot cron proftpd ; do -+for service in postfix bind9 apache2 dovecot cron proftpd ; do - invoke-rc.d $service force-reload || true - done - -@@ -628,10 +613,6 @@ done - for service in $SERVICES; do - test -x /etc/init.d/$service && invoke-rc.d $service stop || true - done -- --# on Jessie, apache2 does not stop/start properly due to "service" and "apache2ctl" having different behavior pid-file-wise --killall apache2 -- - for service in $SERVICES; do - test -x /etc/init.d/$service && invoke-rc.d $service start || true - done diff --git a/squeeze/apache2.conf b/squeeze/apache2.conf deleted file mode 100644 index a5920e1e..00000000 --- a/squeeze/apache2.conf +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/etc/alternc/templates/alternc/apache2.conf b/etc/alternc/templates/alternc/apache2.conf -index 0732de07..514d695d 100644 ---- a/etc/alternc/templates/alternc/apache2.conf -+++ b/etc/alternc/templates/alternc/apache2.conf -@@ -9,9 +9,12 @@ - # Define the default user and group for mpm-itk - AssignUserId www-data www-data - -+# Logformat information -+Include /etc/alternc/apache_logformat.conf -+ - # Deny access to the root filesystem - -- Options +FollowSymLinks -+ Options FollowSymLinks - AllowOverride None - Order allow,deny - Deny from all -@@ -42,7 +45,7 @@ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - - - AllowOverride AuthConfig FileInfo Limit Options Indexes -- Options -Indexes +Includes -FollowSymLinks +MultiViews +SymLinksIfOwnerMatch -+ Options Indexes Includes -FollowSymLinks MultiViews SymLinksIfOwnerMatch - Order allow,deny - Allow from all - php_admin_flag safe_mode_gid off -@@ -62,13 +65,13 @@ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - - - AllowOverride AuthConfig Options FileInfo Limit Indexes -- Options +Indexes +Includes +FollowSymLinks +MultiViews -+ Options Indexes Includes FollowSymLinks MultiViews - Order allow,deny - Allow from all - - - AllowOverride AuthConfig Options FileInfo Limit Indexes -- Options +Indexes +Includes +FollowSymLinks +MultiViews -+ Options Indexes Includes FollowSymLinks MultiViews - Order allow,deny - Allow from all - diff --git a/squeeze/bureau.conf b/squeeze/bureau.conf deleted file mode 100644 index 208ca040..00000000 --- a/squeeze/bureau.conf +++ /dev/null @@ -1,11 +0,0 @@ -diff --git a/etc/alternc/templates/alternc/bureau.conf b/etc/alternc/templates/alternc/bureau.conf -index 65bca635..aa7066b9 100644 ---- a/etc/alternc/templates/alternc/bureau.conf -+++ b/etc/alternc/templates/alternc/bureau.conf -@@ -33,5 +33,5 @@ - - - # will be used to define aliases such as /javascript /webmail /squirrelmail ... -- IncludeOptional /etc/alternc/apache-panel.d/*.conf -+ Include /etc/alternc/apache-panel.d/*.conf - diff --git a/squeeze/changelog b/squeeze/changelog deleted file mode 100644 index 77c98890..00000000 --- a/squeeze/changelog +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/debian/changelog b/debian/changelog -index 3ed86856..943f76d2 100644 ---- a/debian/changelog -+++ b/debian/changelog -@@ -1,17 +1,3 @@ --alternc (3.3.10) stable; urgency=low -- -- * Version identical to 3.1 for Squeeze -- * Includes small patches / dependency for apache & dovecot 2.0 for Jessie -- -- -- Benjamin Sonntag Fri, 15 Jan 2016 15:26:00 +0100 -- --alternc (3.2.10) oldstable; urgency=low -- -- * Version identical to 3.1 for Squeeze -- * Includes a small dovecot patch / dependency for dovecot 2.0 for Wheezy -- -- -- Benjamin Sonntag Fri, 15 Jan 2016 15:26:00 +0100 -- - alternc (3.1.11) oldoldstable; urgency=low - - * fix This is a big security upgrade of AlternC 3.x diff --git a/squeeze/config.inc.php b/squeeze/config.inc.php deleted file mode 100644 index 891252d2..00000000 --- a/squeeze/config.inc.php +++ /dev/null @@ -1,449 +0,0 @@ -diff --git a/roundcube/templates/roundcube/plugins/password/config.inc.php b/roundcube/templates/roundcube/plugins/password/config.inc.php -index 6d49ef6e..f2741c57 100644 ---- a/roundcube/templates/roundcube/plugins/password/config.inc.php -+++ b/roundcube/templates/roundcube/plugins/password/config.inc.php -@@ -1,56 +1,47 @@ - /dev/null'; -+$rcmail_config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null'; - - - // XMail Driver options - // --------------------- --$config['xmail_host'] = 'localhost'; --$config['xmail_user'] = 'YourXmailControlUser'; --$config['xmail_pass'] = 'YourXmailControlPass'; --$config['xmail_port'] = 6017; -+$rcmail_config['xmail_host'] = 'localhost'; -+$rcmail_config['xmail_user'] = 'YourXmailControlUser'; -+$rcmail_config['xmail_pass'] = 'YourXmailControlPass'; -+$rcmail_config['xmail_port'] = 6017; - - - // hMail Driver options -@@ -312,9 +293,9 @@ $config['xmail_port'] = 6017; - // Remote hMailServer configuration - // true: HMailserver is on a remote box (php.ini: com.allow_dcom = true) - // false: Hmailserver is on same box as PHP --$config['hmailserver_remote_dcom'] = false; -+$rcmail_config['hmailserver_remote_dcom'] = false; - // Windows credentials --$config['hmailserver_server'] = array( -+$rcmail_config['hmailserver_server'] = array( - 'Server' => 'localhost', // hostname or ip address - 'Username' => 'administrator', // windows username - 'Password' => 'password' // windows user password -@@ -332,70 +313,6 @@ $config['hmailserver_server'] = array( - // 5: domain-username - // 6: username_domain - // 7: domain_username --$config['password_virtualmin_format'] = 0; -- -- --// pw_usermod Driver options --// -------------------------- --// Use comma delimited exlist to disable password change for users --// Add the following line to visudo to tighten security: --// www ALL=NOPASSWORD: /usr/sbin/pw --$config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n'; -- -- --// DBMail Driver options --// ------------------- --// Additional arguments for the dbmail-users call --$config['password_dbmail_args'] = '-p sha512'; -- -- --// Expect Driver options --// --------------------- --// Location of expect binary --$config['password_expect_bin'] = '/usr/bin/expect'; -- --// Location of expect script (see helpers/passwd-expect) --$config['password_expect_script'] = ''; -- --// Arguments for the expect script. See the helpers/passwd-expect file for details. --// This is probably a good starting default: --// -telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log --$config['password_expect_params'] = ''; -- -- --// smb Driver options --// --------------------- --// Samba host (default: localhost) --// Supported replacement variables: --// %n - hostname ($_SERVER['SERVER_NAME']) --// %t - hostname without the first part --// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) --$config['password_smb_host'] = 'localhost'; --// Location of smbpasswd binary --$config['password_smb_cmd'] = '/usr/bin/smbpasswd'; -- --// gearman driver options --// --------------------- --// Gearman host (default: localhost) --$config['password_gearman_host'] = 'localhost'; -- -- -- --// Plesk/PPA Driver options --// -------------------- --// You need to allow RCP for IP of roundcube-server in Plesk/PPA Panel -- --// Plesk RCP Host --$config['password_plesk_host'] = '10.0.0.5'; -- --// Plesk RPC Username --$config['password_plesk_user'] = 'admin'; -- --// Plesk RPC Password --$config['password_plesk_pass'] = 'password'; -- --// Plesk RPC Port --$config['password_plesk_rpc_port'] = '8443'; -+$rcmail_config['password_virtualmin_format'] = 0; - --// Plesk RPC Path --$config['password_plesk_rpc_path'] = 'enterprise/control/agent.php'; -+?> diff --git a/squeeze/control b/squeeze/control deleted file mode 100644 index 0a1d6937..00000000 --- a/squeeze/control +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/debian/control b/debian/control -index 551f6171..394506f9 100644 ---- a/debian/control -+++ b/debian/control -@@ -38,19 +38,16 @@ Depends: debianutils (>= 1.13.1) - , sudo - , adduser - , dnsutils -- , dovecot-core (>=1:2.1.7) -- , dovecot-imapd (>=1:2.1.7) -- , dovecot-pop3d (>=1:2.1.7) -- , dovecot-mysql -+ , dovecot-common (>=1:1.2.15) -+ , dovecot-common(<< 1:2.0) -+ , dovecot-imapd (>= 1:1.2.15) -+ , dovecot-pop3d (>= 1:1.2.15) - , vlogger - , mailutils | mailx - , zip - , incron - , cron - , opendkim -- , opendkim-tools -- , dovecot-sieve -- , dovecot-managesieved - , mysql-client(>= 5.0) | mariadb-client - , php5-curl | php7.0-curl - , quota -@@ -126,18 +123,15 @@ Depends: debianutils (>= 1.13.1) - , gettext (>= 0.10.40-5) - , adduser - , sudo -- , dovecot-core (>=1:2.1.7) -- , dovecot-imapd (>=1:2.1.7) -- , dovecot-pop3d (>=1:2.1.7) -- , dovecot-mysql -+ , dovecot-common (>=1:1.2.15) -+ , dovecot-common(<< 1:2.0) -+ , dovecot-imapd (>= 1:1.2.15) -+ , dovecot-pop3d (>= 1:1.2.15) - , vlogger - , mailutils | mailx - , incron - , cron - , opendkim -- , opendkim-tools -- , dovecot-sieve -- , dovecot-managesieved - , mysql-client(>= 5.0) | mariadb-client - , php5-curl - , ${misc:Depends} diff --git a/squeeze/dovecot-dict-quota.conf b/squeeze/dovecot-dict-quota.conf deleted file mode 100644 index d1987934..00000000 --- a/squeeze/dovecot-dict-quota.conf +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/etc/alternc/templates/dovecot/dovecot-dict-quota.conf b/etc/alternc/templates/dovecot/dovecot-dict-quota.conf -new file mode 100644 -index 00000000..8ad06548 ---- /dev/null -+++ b/etc/alternc/templates/dovecot/dovecot-dict-quota.conf -@@ -0,0 +1,47 @@ -+# AUTO GENERATED FILE -+# Modify template in /etc/alternc/templates/ -+# and launch alternc.install if you want -+# to modify this file. -+# -+ -+connect=host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% -+#connect = host=localhost dbname=mails user=testuser password=pass -+ -+# CREATE TABLE quota ( -+# username varchar(100) not null, -+# bytes bigint not null default 0, -+# messages integer not null default 0, -+# primary key (username) -+# ); -+ -+map { -+ pattern = priv/quota/storage -+ table = dovecot_quota -+ username_field = user -+ value_field = quota_dovecot -+} -+map { -+ pattern = priv/quota/messages -+ table = dovecot_quota -+ username_field = user -+ value_field = nb_messages -+} -+ -+# CREATE TABLE expires ( -+# username varchar(100) not null, -+# mailbox varchar(255) not null, -+# expire_stamp integer not null, -+# primary key (username, mailbox) -+# ); -+ -+#map { -+ # pattern = shared/expire/$user/$mailbox -+ # table = expires -+ # value_field = expire_stamp -+ -+ # fields { -+ # username = $user -+ # mailbox = $mailbox -+ # } -+#} -+ diff --git a/squeeze/dovecot-sql.conf b/squeeze/dovecot-sql.conf deleted file mode 100644 index 79c743ff..00000000 --- a/squeeze/dovecot-sql.conf +++ /dev/null @@ -1,138 +0,0 @@ -diff --git a/etc/alternc/templates/dovecot/dovecot-sql.conf b/etc/alternc/templates/dovecot/dovecot-sql.conf -new file mode 100644 -index 00000000..befef217 ---- /dev/null -+++ b/etc/alternc/templates/dovecot/dovecot-sql.conf -@@ -0,0 +1,132 @@ -+# AUTO GENERATED FILE -+# Modify template in /etc/alternc/templates/ -+# and launch alternc.install if you want -+# to modify this file. -+# -+ -+# This file is opened as root, so it should be owned by root and mode 0600. -+# -+# http://wiki.dovecot.org/AuthDatabase/SQL -+# -+# For the sql passdb module, you'll need a database with a table that -+# contains fields for at least the username and password. If you want to -+# use the user@domain syntax, you might want to have a separate domain -+# field as well. -+# -+# If your users all have the same uig/gid, and have predictable home -+# directories, you can use the static userdb module to generate the home -+# dir based on the username and domain. In this case, you won't need fields -+# for home, uid, or gid in the database. -+# -+# If you prefer to use the sql userdb module, you'll want to add fields -+# for home, uid, and gid. Here is an example table: -+# -+# CREATE TABLE users ( -+# username VARCHAR(128) NOT NULL, -+# domain VARCHAR(128) NOT NULL, -+# password VARCHAR(64) NOT NULL, -+# home VARCHAR(255) NOT NULL, -+# uid INTEGER NOT NULL, -+# gid INTEGER NOT NULL, -+# active CHAR(1) DEFAULT 'Y' NOT NULL -+# ); -+ -+# Database driver: mysql, pgsql, sqlite -+driver = mysql -+ -+# Database connection string. This is driver-specific setting. -+# -+# pgsql: -+# For available options, see the PostgreSQL documention for the -+# PQconnectdb function of libpq. -+# -+# mysql: -+# Basic options emulate PostgreSQL option names: -+# host, port, user, password, dbname -+# -+# But also adds some new settings: -+# client_flags - See MySQL manual -+# ssl_ca, ssl_ca_path - Set either one or both to enable SSL -+# ssl_cert, ssl_key - For sending client-side certificates to server -+# ssl_cipher - Set minimum allowed cipher security (default: HIGH) -+# option_file - Read options from the given file instead of -+# the default my.cnf location -+# option_group - Read options from the given group (default: client) -+# -+# You can connect to UNIX sockets by using host: host=/var/run/mysqld/mysqld.sock -+# Note that currently you can't use spaces in parameters. -+# -+# MySQL supports multiple host parameters for load balancing / HA. -+# -+# sqlite: -+# The path to the database file. -+# -+# Examples: -+# connect = host=192.168.1.1 dbname=users -+# connect = host=sql.example.com dbname=virtual user=virtual password=blarg -+# connect = /etc/dovecot/authdb.sqlite -+# -+connect = host=%%dbhost%% dbname=%%dbname%% user=%%db_mail_user%% password=%%db_mail_pwd%% -+ -+# Default password scheme. -+# -+# List of supported schemes is in -+# http://wiki.dovecot.org/Authentication/PasswordSchemes -+# -+default_pass_scheme = MD5 -+ -+# passdb query to retrieve the password. It can return fields: -+# password - The user's password. This field must be returned. -+# user - user@domain from the database. Needed with case-insensitive lookups. -+# username and domain - An alternative way to represent the "user" field. -+# -+# The "user" field is often necessary with case-insensitive lookups to avoid -+# e.g. "name" and "nAme" logins creating two different mail directories. If -+# your user and domain names are in separate fields, you can return "username" -+# and "domain" fields instead of "user". -+# -+# The query can also return other fields which have a special meaning, see -+# http://wiki.dovecot.org/PasswordDatabase/ExtraFields -+# -+# Commonly used available substitutions (see http://wiki.dovecot.org/Variables -+# for full list): -+# %u = entire user@domain -+# %n = user part of user@domain -+# %d = domain part of user@domain -+# -+# Note that these can be used only as input to SQL query. If the query outputs -+# any of these substitutions, they're not touched. Otherwise it would be -+# difficult to have eg. usernames containing '%' characters. -+# -+# Example: -+# password_query = SELECT userid AS user, pw AS password \ -+# FROM users WHERE userid = '%u' AND active = 'Y' -+# -+#password_query = \ -+# SELECT username, domain, password \ -+# FROM users WHERE username = '%n' AND domain = '%d' -+ -+# userdb query to retrieve the user information. It can return fields: -+# uid - System UID (overrides mail_uid setting) -+# gid - System GID (overrides mail_gid setting) -+# home - Home directory -+# mail - Mail location (overrides mail_location setting) -+# -+# None of these are strictly required. If you use a single UID and GID, and -+# home or mail directory fits to a template string, you could use userdb static -+# instead. For a list of all fields that can be returned, see -+# http://wiki.dovecot.org/UserDatabase/ExtraFields -+# -+# Examples: -+# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' -+# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' -+# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' -+# -+user_query = SELECT userdb_home AS home, userdb_uid AS uid, 1998 AS gid, userdb_quota_rule AS quota_rule FROM dovecot_view WHERE user = '%u'; -+ -+# If you wish to avoid two SQL lookups (passdb + userdb), you can use -+# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll -+# also have to return userdb fields in password_query prefixed with "userdb_" -+# string. For example: -+password_query = SELECT user, password, userdb_home, userdb_uid, 1998 AS userdb_gid,userdb_quota_rule FROM dovecot_view where user= '%u'; -+ diff --git a/squeeze/dovecot.conf b/squeeze/dovecot.conf deleted file mode 100644 index 4121ec18..00000000 --- a/squeeze/dovecot.conf +++ /dev/null @@ -1,1302 +0,0 @@ -diff --git a/etc/alternc/templates/dovecot/dovecot.conf b/etc/alternc/templates/dovecot/dovecot.conf -new file mode 100644 -index 00000000..4af42e21 ---- /dev/null -+++ b/etc/alternc/templates/dovecot/dovecot.conf -@@ -0,0 +1,1296 @@ -+# AUTO GENERATED FILE -+# Modify template in /etc/alternc/templates/ -+# and launch alternc.install if you want -+# to modify this file. -+# -+## Dovecot configuration file -+ -+# If you're in a hurry, see http://wiki.dovecot.org/QuickConfiguration -+ -+# "dovecot -n" command gives a clean output of the changed settings. Use it -+# instead of copy&pasting this file when posting to the Dovecot mailing list. -+ -+# '#' character and everything after it is treated as comments. Extra spaces -+# and tabs are ignored. If you want to use either of these explicitly, put the -+# value inside quotes, eg.: key = "# char and trailing whitespace " -+ -+# Default values are shown for each setting, it's not required to uncomment -+# those. These are exceptions to this though: No sections (e.g. namespace {}) -+# or plugin settings are added by default, they're listed only as examples. -+# Paths are also just examples with the real defaults being based on configure -+# options. The paths listed here are for configure --prefix=/usr -+# --sysconfdir=/etc --localstatedir=/var --with-ssldir=/etc/ssl -+ -+# Base directory where to store runtime data. -+#base_dir = /var/run/dovecot -+ -+# Protocols we want to be serving: imap imaps pop3 pop3s managesieve -+# If you only want to use dovecot-auth, you can set this to "none". -+protocols = imap imaps pop3 pop3s managesieve -+ -+# A space separated list of IP or host addresses where to listen in for -+# connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6 -+# interfaces. Use "*, [::]" for listening both IPv4 and IPv6. -+# -+# If you want to specify ports for each service, you will need to configure -+# these settings inside the protocol imap/pop3/managesieve { ... } section, -+# so you can specify different ports for IMAP/POP3/MANAGESIEVE. For example: -+# protocol imap { -+# listen = *:10143 -+# ssl_listen = *:10943 -+# .. -+# } -+# protocol pop3 { -+# listen = *:10100 -+# .. -+# } -+# protocol managesieve { -+# listen = *:12000 -+# .. -+# } -+listen = * -+ -+# Disable LOGIN command and all other plaintext authentications unless -+# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP -+# matches the local IP (ie. you're connecting from the same computer), the -+# connection is considered secure and plaintext authentication is allowed. -+disable_plaintext_auth = yes -+ -+# Should all IMAP and POP3 processes be killed when Dovecot master process -+# shuts down. Setting this to "no" means that Dovecot can be upgraded without -+# forcing existing client connections to close (although that could also be -+# a problem if the upgrade is eg. because of a security fix). This however -+# means that after master process has died, the client processes can't write -+# to log files anymore. -+#shutdown_clients = yes -+ -+## -+## Logging -+## -+ -+# Log file to use for error messages, instead of sending them to syslog. -+# /dev/stderr can be used to log into stderr. -+#log_path = -+ -+# Log file to use for informational and debug messages. -+# Default is the same as log_path. -+#info_log_path = -+ -+# Prefix for each line written to log file. % codes are in strftime(3) -+# format. -+#log_timestamp = "%b %d %H:%M:%S " -+log_timestamp = "%Y-%m-%d %H:%M:%S " -+ -+# Syslog facility to use if you're logging to syslog. Usually if you don't -+# want to use "mail", you'll use local0..local7. Also other standard -+# facilities are supported. -+#syslog_facility = mail -+ -+## -+## SSL settings -+## -+ -+# IP or host address where to listen in for SSL connections. Remember to also -+# add imaps and/or pop3s to protocols setting. Defaults to same as "listen" -+# setting if not specified. -+#ssl_listen = -+ -+# SSL/TLS support: yes, no, required. -+ssl = required -+ -+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -+# dropping root privileges, so keep the key file unreadable by anyone but -+# root. -+ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem -+#ssl_cert_file = /etc/alternc/apache.pem -+ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key -+#ssl_key_file = /etc/alternc/apache.pem -+ -+# If key file is password protected, give the password here. Alternatively -+# give it when starting dovecot with -p parameter. Since this file is often -+# world-readable, you may want to place this setting instead to a different -+# root owned 0600 file by using !include_try . -+#ssl_key_password = -+ -+# File containing trusted SSL certificate authorities. Set this only if you -+# intend to use ssl_verify_client_cert=yes. The CAfile should contain the -+# CA-certificate(s) followed by the matching CRL(s). -+#ssl_ca_file = -+ -+# Request client to send a certificate. If you also want to require it, set -+# ssl_require_client_cert=yes in auth section. -+#ssl_verify_client_cert = no -+ -+# Which field from certificate to use for username. commonName and -+# x500UniqueIdentifier are the usual choices. You'll also need to set -+# ssl_username_from_cert=yes. -+#ssl_cert_username_field = commonName -+ -+# How often to regenerate the SSL parameters file. Generation is quite CPU -+# intensive operation. The value is in hours, 0 disables regeneration -+# entirely. -+#ssl_parameters_regenerate = 168 -+ -+# SSL ciphers to use -+#ssl_cipher_list = ALL:!LOW:!SSLv2 -+ -+# Show protocol level SSL errors. -+#verbose_ssl = no -+ -+## -+## Login processes -+## -+ -+# -+ -+# Directory where authentication process places authentication UNIX sockets -+# which login needs to be able to connect to. The sockets are created when -+# running as root, so you don't have to worry about permissions. Note that -+# everything in this directory is deleted when Dovecot is started. -+#login_dir = /var/run/dovecot/login -+ -+# chroot login process to the login_dir. Only reason not to do this is if you -+# wish to run the whole Dovecot without roots. -+#login_chroot = yes -+ -+# User to use for the login process. Create a completely new user for this, -+# and don't use it anywhere else. The user must also belong to a group where -+# only it has access, it's used to control access for authentication process. -+# Note that this user is NOT used to access mails. -+#login_user = dovecot -+ -+# Set max. process size in megabytes. If you don't use -+# login_process_per_connection you might need to grow this. -+#login_process_size = 64 -+ -+# Should each login be processed in it's own process (yes), or should one -+# login process be allowed to process multiple connections (no)? Yes is more -+# secure, espcially with SSL/TLS enabled. No is faster since there's no need -+# to create processes all the time. -+#login_process_per_connection = yes -+ -+# Number of login processes to keep for listening new connections. -+#login_processes_count = 3 -+ -+# Maximum number of login processes to create. The listening process count -+# usually stays at login_processes_count, but when multiple users start logging -+# in at the same time more extra processes are created. To prevent fork-bombing -+# we check only once in a second if new processes should be created - if all -+# of them are used at the time, we double their amount until the limit set by -+# this setting is reached. -+#login_max_processes_count = 128 -+ -+# Maximum number of connections allowed per each login process. This setting -+# is used only if login_process_per_connection=no. Once the limit is reached, -+# the process notifies master so that it can create a new login process. -+#login_max_connections = 256 -+ -+# Greeting message for clients. -+#login_greeting = Dovecot ready. -+ -+# Space separated list of trusted network ranges. Connections from these -+# IPs are allowed to override their IP addresses and ports (for logging and -+# for authentication checks). disable_plaintext_auth is also ignored for -+# these networks. Typically you'd specify your IMAP proxy servers here. -+#login_trusted_networks = -+ -+# Space-separated list of elements we want to log. The elements which have -+# a non-empty variable value are joined together to form a comma-separated -+# string. -+#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c -+ -+# Login log format. %$ contains login_log_format_elements string, %s contains -+# the data we want to log. -+#login_log_format = %$: %s -+ -+## -+## Mailbox locations and namespaces -+## -+ -+# Location for users' mailboxes. This is the same as the old default_mail_env -+# setting. The default is empty, which means that Dovecot tries to find the -+# mailboxes automatically. This won't work if the user doesn't have any mail -+# yet, so you should explicitly tell Dovecot the full location. -+# -+# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) -+# isn't enough. You'll also need to tell Dovecot where the other mailboxes are -+# kept. This is called the "root mail directory", and it must be the first -+# path given in the mail_location setting. -+# -+# There are a few special variables you can use, eg.: -+# -+# %u - username -+# %n - user part in user@domain, same as %u if there's no domain -+# %d - domain part in user@domain, empty if there's no domain -+# %h - home directory -+# -+# See for full list. -+# Some examples: -+# -+# mail_location = maildir:~/Maildir -+# mail_location = mbox:~/mail:INBOX=/var/mail/%u -+# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n -+# -+# -+# -+mail_location = maildir:~/Maildir -+ -+# If you need to set multiple mailbox locations or want to change default -+# namespace settings, you can do it by defining namespace sections. -+# -+# You can have private, shared and public namespaces. Private namespaces -+# are for user's personal mails. Shared namespaces are for accessing other -+# users' mailboxes that have been shared. Public namespaces are for shared -+# mailboxes that are managed by sysadmin. If you create any shared or public -+# namespaces you'll typically want to enable ACL plugin also, otherwise all -+# users can access all the shared mailboxes, assuming they have permissions -+# on filesystem level to do so. -+# -+# REMEMBER: If you add any namespaces, the default namespace must be added -+# explicitly, ie. mail_location does nothing unless you have a namespace -+# without a location setting. Default namespace is simply done by having a -+# namespace with empty prefix. -+#namespace private { -+ # Hierarchy separator to use. You should use the same separator for all -+ # namespaces or some clients get confused. '/' is usually a good one. -+ # The default however depends on the underlying mail storage format. -+ # separator = . -+ -+ # Prefix required to access this namespace. This needs to be different for -+ # all namespaces. For example "Public/". -+ # prefix = INBOX. -+ -+ # Physical location of the mailbox. This is in same format as -+ # mail_location, which is also the default for it. -+ #location = -+ -+ # There can be only one INBOX, and this setting defines which namespace -+ # has it. -+ #inbox = yes -+ -+ # If namespace is hidden, it's not advertised to clients via NAMESPACE -+ # extension. You'll most likely also want to set list=no. This is mostly -+ # useful when converting from another server with different namespaces which -+ # you want to deprecate but still keep working. For example you can create -+ # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". -+ #hidden = yes -+ -+ # Show the mailboxes under this namespace with LIST command. This makes the -+ # namespace visible for clients that don't support NAMESPACE extension. -+ # "children" value lists child mailboxes, but hides the namespace prefix. -+ #list = yes -+ -+ # Namespace handles its own subscriptions. If set to "no", the parent -+ # namespace handles them (empty prefix should always have this as "yes") -+ #subscriptions = yes -+#} -+ -+# Example shared namespace configuration -+#namespace shared { -+ #separator = / -+ -+ # Mailboxes are visible under "shared/user@domain/" -+ # %%n, %%d and %%u are expanded to the destination user. -+ #prefix = shared/%%u/ -+ -+ # Mail location for other users' mailboxes. Note that %variables and ~/ -+ # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the -+ # destination user's data. -+ #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u -+ -+ # Use the default namespace for saving subscriptions. -+ #subscriptions = no -+ -+ # List the shared/ namespace only if there are visible shared mailboxes. -+ #list = children -+#} -+ -+# System user and group used to access mails. If you use multiple, userdb -+# can override these by returning uid or gid fields. You can use either numbers -+# or names. -+#mail_uid = -+#mail_gid = -+ -+# Group to enable temporarily for privileged operations. Currently this is -+# used only with INBOX when either its initial creation or dotlocking fails. -+# Typically this is set to "mail" to give access to /var/mail. -+#mail_privileged_group = -+mail_privileged_group = vmail -+ -+# Grant access to these supplementary groups for mail processes. Typically -+# these are used to set up access to shared mailboxes. Note that it may be -+# dangerous to set these if users can create symlinks (e.g. if "mail" group is -+# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' -+# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). -+#mail_access_groups = -+ -+# Allow full filesystem access to clients. There's no access checks other than -+# what the operating system does for the active UID/GID. It works with both -+# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ -+# or ~user/. -+#mail_full_filesystem_access = no -+ -+## -+## Mail processes -+## -+ -+# Enable mail process debugging. This can help you figure out why Dovecot -+# isn't finding your mails. -+#mail_debug = no -+ -+# Log prefix for mail processes. See -+# for list of possible variables you can use. -+#mail_log_prefix = "%Us(%u): " -+ -+# Max. number of lines a mail process is allowed to log per second before it's -+# throttled. 0 means unlimited. Typically there's no need to change this -+# unless you're using mail_log plugin, which may log a lot. This setting is -+# ignored while mail_debug=yes to avoid pointless throttling. -+#mail_log_max_lines_per_sec = 10 -+ -+# Don't use mmap() at all. This is required if you store indexes to shared -+# filesystems (NFS or clustered filesystem). -+#mmap_disable = no -+ -+# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL -+# since version 3, so this should be safe to use nowadays by default. -+#dotlock_use_excl = yes -+ -+# Don't use fsync() or fdatasync() calls. This makes the performance better -+# at the cost of potential data loss if the server (or the file server) -+# goes down. -+#fsync_disable = no -+ -+# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches -+# whenever needed. If you're using only a single mail server this isn't needed. -+#mail_nfs_storage = no -+# Mail index files also exist in NFS. Setting this to yes requires -+# mmap_disable=yes and fsync_disable=no. -+#mail_nfs_index = no -+ -+# Locking method for index files. Alternatives are fcntl, flock and dotlock. -+# Dotlocking uses some tricks which may create more disk I/O than other locking -+# methods. NFS users: flock doesn't work, remember to change mmap_disable. -+#lock_method = fcntl -+ -+# Drop all privileges before exec()ing the mail process. This is mostly -+# meant for debugging, otherwise you don't get core dumps. It could be a small -+# security risk if you use single UID for multiple users, as the users could -+# ptrace() each others processes then. -+#mail_drop_priv_before_exec = no -+ -+# Show more verbose process titles (in ps). Currently shows user name and -+# IP address. Useful for seeing who are actually using the IMAP processes -+# (eg. shared mailboxes or if same uid is used for multiple accounts). -+#verbose_proctitle = no -+ -+# Valid UID range for users, defaults to 500 and above. This is mostly -+# to make sure that users can't log in as daemons or other system users. -+# Note that denying root logins is hardcoded to dovecot binary and can't -+# be done even if first_valid_uid is set to 0. -+first_valid_uid = 2000 -+last_valid_uid = 65000 -+ -+# Valid GID range for users, defaults to non-root/wheel. Users having -+# non-valid GID as primary group ID aren't allowed to log in. If user -+# belongs to supplementary groups with non-valid GIDs, those groups are -+# not set. -+#first_valid_gid = 1 -+#last_valid_gid = 0 -+ -+# Maximum number of running mail processes. When this limit is reached, -+# new users aren't allowed to log in. -+#max_mail_processes = 512 -+ -+# Set max. process size in megabytes. Most of the memory goes to mmap()ing -+# files, so it shouldn't harm much even if this limit is set pretty high. -+#mail_process_size = 256 -+ -+# Maximum allowed length for mail keyword name. It's only forced when trying -+# to create new keywords. -+#mail_max_keyword_length = 50 -+ -+# ':' separated list of directories under which chrooting is allowed for mail -+# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). -+# This setting doesn't affect login_chroot, mail_chroot or auth chroot -+# settings. If this setting is empty, "/./" in home dirs are ignored. -+# WARNING: Never add directories here which local users can modify, that -+# may lead to root exploit. Usually this should be done only if you don't -+# allow shell access for users. -+#valid_chroot_dirs = -+ -+# Default chroot directory for mail processes. This can be overridden for -+# specific users in user database by giving /./ in user's home directory -+# (eg. /home/./user chroots into /home). Note that usually there is no real -+# need to do chrooting, Dovecot doesn't allow users to access files outside -+# their mail directory anyway. If your home directories are prefixed with -+# the chroot directory, append "/." to mail_chroot. -+#mail_chroot = -+ -+## -+## Mailbox handling optimizations -+## -+ -+# The minimum number of mails in a mailbox before updates are done to cache -+# file. This allows optimizing Dovecot's behavior to do less disk writes at -+# the cost of more disk reads. -+#mail_cache_min_mail_count = 0 -+ -+# When IDLE command is running, mailbox is checked once in a while to see if -+# there are any new mails or other changes. This setting defines the minimum -+# time in seconds to wait between those checks. Dovecot can also use dnotify, -+# inotify and kqueue to find out immediately when changes occur. -+#mailbox_idle_check_interval = 30 -+ -+# Save mails with CR+LF instead of plain LF. This makes sending those mails -+# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. -+# But it also creates a bit more disk I/O which may just make it slower. -+# Also note that if other software reads the mboxes/maildirs, they may handle -+# the extra CRs wrong and cause problems. -+#mail_save_crlf = no -+ -+## -+## Maildir-specific settings -+## -+ -+# By default LIST command returns all entries in maildir beginning with a dot. -+# Enabling this option makes Dovecot return only entries which are directories. -+# This is done by stat()ing each entry, so it causes more disk I/O. -+# (For systems setting struct dirent->d_type, this check is free and it's -+# done always regardless of this setting) -+#maildir_stat_dirs = no -+ -+# When copying a message, do it with hard links whenever possible. This makes -+# the performance much better, and it's unlikely to have any side effects. -+#maildir_copy_with_hardlinks = yes -+ -+# When copying a message, try to preserve the base filename. Only if the -+# destination mailbox already contains the same name (ie. the mail is being -+# copied there twice), a new name is given. The destination filename check is -+# done only by looking at dovecot-uidlist file, so if something outside -+# Dovecot does similar filename preserving copies, you may run into problems. -+# NOTE: This setting requires maildir_copy_with_hardlinks = yes to work. -+#maildir_copy_preserve_filename = no -+ -+# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only -+# when its mtime changes unexpectedly or when we can't find the mail otherwise. -+#maildir_very_dirty_syncs = no -+ -+## -+## mbox-specific settings -+## -+ -+# Which locking methods to use for locking mbox. There are four available: -+# dotlock: Create .lock file. This is the oldest and most NFS-safe -+# solution. If you want to use /var/mail/ like directory, the users -+# will need write access to that directory. -+# dotlock_try: Same as dotlock, but if it fails because of permissions or -+# because there isn't enough disk space, just skip it. -+# fcntl : Use this if possible. Works with NFS too if lockd is used. -+# flock : May not exist in all systems. Doesn't work with NFS. -+# lockf : May not exist in all systems. Doesn't work with NFS. -+# -+# You can use multiple locking methods; if you do the order they're declared -+# in is important to avoid deadlocks if other MTAs/MUAs are using multiple -+# locking methods as well. Some operating systems don't allow using some of -+# them simultaneously. -+# -+# The Debian value for mbox_write_locks differs from upstream Dovecot. It is -+# changed to be compliant with Debian Policy (section 11.6) for NFS safety. -+# Dovecot: mbox_write_locks = dotlock fcntl -+# Debian: mbox_write_locks = fcntl dotlock -+# -+#mbox_read_locks = fcntl -+#mbox_write_locks = fcntl dotlock -+ -+# Maximum time in seconds to wait for lock (all of them) before aborting. -+#mbox_lock_timeout = 300 -+ -+# If dotlock exists but the mailbox isn't modified in any way, override the -+# lock file after this many seconds. -+#mbox_dotlock_change_timeout = 120 -+ -+# When mbox changes unexpectedly we have to fully read it to find out what -+# changed. If the mbox is large this can take a long time. Since the change -+# is usually just a newly appended mail, it'd be faster to simply read the -+# new mails. If this setting is enabled, Dovecot does this but still safely -+# fallbacks to re-reading the whole mbox file whenever something in mbox isn't -+# how it's expected to be. The only real downside to this setting is that if -+# some other MUA changes message flags, Dovecot doesn't notice it immediately. -+# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK -+# commands. -+#mbox_dirty_syncs = yes -+ -+# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, -+# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. -+#mbox_very_dirty_syncs = no -+ -+# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK -+# commands and when closing the mailbox). This is especially useful for POP3 -+# where clients often delete all mails. The downside is that our changes -+# aren't immediately visible to other MUAs. -+#mbox_lazy_writes = yes -+ -+# If mbox size is smaller than this (in kilobytes), don't write index files. -+# If an index file already exists it's still read, just not updated. -+#mbox_min_index_size = 0 -+ -+## -+## dbox-specific settings -+## -+ -+# Maximum dbox file size in kilobytes until it's rotated. -+#dbox_rotate_size = 2048 -+ -+# Minimum dbox file size in kilobytes before it's rotated -+# (overrides dbox_rotate_days) -+#dbox_rotate_min_size = 16 -+ -+# Maximum dbox file age in days until it's rotated. Day always begins from -+# midnight, so 1 = today, 2 = yesterday, etc. 0 = check disabled. -+#dbox_rotate_days = 0 -+ -+## -+## IMAP specific settings -+## -+ -+protocol imap { -+ # Login executable location. -+ #login_executable = /usr/lib/dovecot/imap-login -+ -+ # IMAP executable location. Changing this allows you to execute other -+ # binaries before the imap process is executed. -+ # -+ # This would write rawlogs into user's ~/dovecot.rawlog/, if it exists: -+ # mail_executable = /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap -+ # -+ # -+ # This would attach gdb into the imap process and write backtraces into -+ # /tmp/gdbhelper.* files: -+ # mail_executable = /usr/lib/dovecot/gdbhelper /usr/lib/dovecot/imap -+ # -+ mail_executable = /usr/lib/alternc/popimap-log-login.sh /usr/lib/dovecot/imap -+ -+ # Maximum IMAP command line length in bytes. Some clients generate very long -+ # command lines with huge mailboxes, so you may need to raise this if you get -+ # "Too long argument" or "IMAP command line too large" errors often. -+ #imap_max_line_length = 65536 -+ -+ # Maximum number of IMAP connections allowed for a user from each IP address. -+ # NOTE: The username is compared case-sensitively. -+ #mail_max_userip_connections = 10 -+ -+ # Support for dynamically loadable plugins. mail_plugins is a space separated -+ # list of plugins to load. -+ #mail_plugins = -+ mail_plugins = quota imap_quota -+ #mail_plugin_dir = /usr/lib/dovecot/modules/imap -+ -+ # IMAP logout format string: -+ # %i - total number of bytes read from client -+ # %o - total number of bytes sent to client -+ #imap_logout_format = bytes=%i/%o -+ -+ # Override the IMAP CAPABILITY response. -+ #imap_capability = -+ -+ # How many seconds to wait between "OK Still here" notifications when -+ # client is IDLEing. -+ #imap_idle_notify_interval = 120 -+ -+ # ID field names and values to send to clients. Using * as the value makes -+ # Dovecot use the default value. The following fields have default values -+ # currently: name, version, os, os-version, support-url, support-email. -+ #imap_id_send = -+ -+ # ID fields sent by client to log. * means everything. -+ #imap_id_log = -+ -+ # Workarounds for various client bugs: -+ # delay-newmail: -+ # Send EXISTS/RECENT new mail notifications only when replying to NOOP -+ # and CHECK commands. Some clients ignore them otherwise, for example OSX -+ # Mail ( (e.g. %Uf for the -+ # filename in uppercase) -+ # -+ # %v - Mailbox's IMAP UIDVALIDITY -+ # %u - Mail's IMAP UID -+ # %m - MD5 sum of the mailbox headers in hex (mbox only) -+ # %f - filename (maildir only) -+ # -+ # If you want UIDL compatibility with other POP3 servers, use: -+ # UW's ipop3d : %08Xv%08Xu -+ # Courier : %f or %v-%u (both might be used simultaneosly) -+ # Cyrus (<= 2.1.3) : %u -+ # Cyrus (>= 2.1.4) : %v.%u -+ # Dovecot v0.99.x : %v.%u -+ # tpop3d : %Mf -+ # -+ # Note that Outlook 2003 seems to have problems with %v.%u format which was -+ # Dovecot's default, so if you're building a new server it would be a good -+ # idea to change this. %08Xu%08Xv should be pretty fail-safe. -+ # -+ pop3_uidl_format = %08Xu%08Xv -+ -+ # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes -+ # won't change those UIDLs. Currently this works only with Maildir. -+ #pop3_save_uidl = no -+ -+ # POP3 logout format string: -+ # %i - total number of bytes read from client -+ # %o - total number of bytes sent to client -+ # %t - number of TOP commands -+ # %p - number of bytes sent to client as a result of TOP command -+ # %r - number of RETR commands -+ # %b - number of bytes sent to client as a result of RETR command -+ # %d - number of deleted messages -+ # %m - number of messages (before deletion) -+ # %s - mailbox size in bytes (before deletion) -+ #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s -+ -+ # Maximum number of POP3 connections allowed for a user from each IP address. -+ # NOTE: The username is compared case-sensitively. -+ #mail_max_userip_connections = 3 -+ -+ # Support for dynamically loadable plugins. mail_plugins is a space separated -+ # list of plugins to load. -+ #mail_plugins = -+ mail_plugins = quota -+ #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 -+ -+ # Workarounds for various client bugs: -+ # outlook-no-nuls: -+ # Outlook and Outlook Express hang if mails contain NUL characters. -+ # This setting replaces them with 0x80 character. -+ # oe-ns-eoh: -+ # Outlook Express and Netscape Mail breaks if end of headers-line is -+ # missing. This option simply sends it if it's missing. -+ # The list is space-separated. -+ #pop3_client_workarounds = -+} -+ -+## -+## ManageSieve specific settings -+## -+ -+protocol managesieve { -+ # Login executable location. -+ #login_executable = /usr/lib/dovecot/managesieve-login -+ -+ # ManageSieve executable location. See IMAP's mail_executable above for -+ # examples how this could be changed. -+ mail_executable = /usr/lib/dovecot/managesieve -+ -+ # Maximum ManageSieve command line length in bytes. This setting is -+ # directly borrowed from IMAP. But, since long command lines are very -+ # unlikely with ManageSieve, changing this will not be very useful. -+ #managesieve_max_line_length = 65536 -+ -+ # ManageSieve logout format string: -+ # %i - total number of bytes read from client -+ # %o - total number of bytes sent to client -+ #managesieve_logout_format = bytes=%i/%o -+ -+ # If, for some inobvious reason, the sieve_storage remains unset, the -+ # ManageSieve daemon uses the specification of the mail_location to find out -+ # where to store the sieve files (see explaination in README.managesieve). -+ # The example below, when uncommented, overrides any global mail_location -+ # specification and stores all the scripts in '~/mail/sieve' if sieve_storage -+ # is unset. However, you should always use the sieve_storage setting. -+ # mail_location = mbox:~/mail -+ -+ # To fool ManageSieve clients that are focused on timesieved you can -+ # specify the IMPLEMENTATION capability that the dovecot reports to clients -+ # (default: "dovecot"). -+ #managesieve_implementation_string = Cyrus timsieved v2.2.13 -+} -+ -+## -+## LDA specific settings -+## -+ -+protocol lda { -+ # Address to use when sending rejection mails (e.g. postmaster@example.com). -+ postmaster_address = postmaster@localhost -+ -+ # Hostname to use in various parts of sent mails, eg. in Message-Id. -+ # Default is the system's real hostname. -+ #hostname = -+ -+ # Support for dynamically loadable plugins. mail_plugins is a space separated -+ # list of plugins to load. -+ mail_plugins = quota sieve -+ #mail_plugin_dir = /usr/lib/dovecot/modules/lda -+ -+ # If user is over quota, return with temporary failure instead of -+ # bouncing the mail. -+ #quota_full_tempfail = no -+ -+ # Format to use for logging mail deliveries. You can use variables: -+ # %$ - Delivery status message (e.g. "saved to INBOX") -+ # %m - Message-ID -+ # %s - Subject -+ # %f - From address -+ #deliver_log_format = msgid=%m: %$ -+ -+ # Binary to use for sending mails. -+ #sendmail_path = /usr/sbin/sendmail -+ -+ # Subject: header to use for rejection mails. You can use the same variables -+ # as for rejection_reason below. -+ #rejection_subject = Rejected: %s -+ -+ # Human readable error message for rejection mails. You can use variables: -+ # %n = CRLF, %r = reason, %s = original subject, %t = recipient -+ #rejection_reason = Your message to <%t> was automatically rejected:%n%r -+ -+ # UNIX socket path to master authentication server to find users. -+ auth_socket_path = /var/run/dovecot/auth-master -+} -+ -+## -+## Authentication processes -+## -+ -+# Executable location -+#auth_executable = /usr/lib/dovecot/dovecot-auth -+ -+# Set max. process size in megabytes. -+#auth_process_size = 256 -+ -+# Authentication cache size in kilobytes. 0 means it's disabled. -+# Note that bsdauth, PAM and vpopmail require cache_key to be set for caching -+# to be used. -+#auth_cache_size = 0 -+# Time to live in seconds for cached data. After this many seconds the cached -+# record is no longer used, *except* if the main database lookup returns -+# internal failure. We also try to handle password changes automatically: If -+# user's previous authentication was successful, but this one wasn't, the -+# cache isn't used. For now this works only with plaintext authentication. -+#auth_cache_ttl = 3600 -+# TTL for negative hits (user not found, password mismatch). -+# 0 disables caching them completely. -+#auth_cache_negative_ttl = 3600 -+ -+# Space separated list of realms for SASL authentication mechanisms that need -+# them. You can leave it empty if you don't want to support multiple realms. -+# Many clients simply use the first one listed here, so keep the default realm -+# first. -+#auth_realms = -+ -+# Default realm/domain to use if none was specified. This is used for both -+# SASL realms and appending @domain to username in plaintext logins. -+#auth_default_realm = -+ -+# List of allowed characters in username. If the user-given username contains -+# a character not listed in here, the login automatically fails. This is just -+# an extra check to make sure user can't exploit any potential quote escaping -+# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, -+# set this value to empty. -+#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ -+ -+# Username character translations before it's looked up from databases. The -+# value contains series of from -> to characters. For example "#@/@" means -+# that '#' and '/' characters are translated to '@'. -+#auth_username_translation = -+ -+# Username formatting before it's looked up from databases. You can use -+# the standard variables here, eg. %Lu would lowercase the username, %n would -+# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into -+# "-AT-". This translation is done after auth_username_translation changes. -+#auth_username_format = -+ -+# If you want to allow master users to log in by specifying the master -+# username within the normal username string (ie. not using SASL mechanism's -+# support for it), you can specify the separator character here. The format -+# is then . UW-IMAP uses "*" as the -+# separator, so that could be a good choice. -+#auth_master_user_separator = -+ -+# Username to use for users logging in with ANONYMOUS SASL mechanism -+#auth_anonymous_username = anonymous -+ -+# Log unsuccessful authentication attempts and the reasons why they failed. -+#auth_verbose = no -+ -+# Even more verbose logging for debugging purposes. Shows for example SQL -+# queries. -+#auth_debug = no -+ -+# In case of password mismatches, log the passwords and used scheme so the -+# problem can be debugged. Enabling this also enables auth_debug. -+#auth_debug_passwords = no -+ -+# Maximum number of dovecot-auth worker processes. They're used to execute -+# blocking passdb and userdb queries (eg. MySQL and PAM). They're -+# automatically created and destroyed as needed. -+#auth_worker_max_count = 30 -+ -+# Host name to use in GSSAPI principal names. The default is to use the -+# name returned by gethostname(). Use "$ALL" to allow all keytab entries. -+#auth_gssapi_hostname = -+ -+# Kerberos keytab to use for the GSSAPI mechanism. Will use the system -+# default (usually /etc/krb5.keytab) if not specified. -+#auth_krb5_keytab = -+ -+# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and -+# ntlm_auth helper. -+# -+#auth_use_winbind = no -+ -+# Path for Samba's ntlm_auth helper binary. -+#auth_winbind_helper_path = /usr/bin/ntlm_auth -+ -+# Number of seconds to delay before replying to failed authentications. -+#auth_failure_delay = 2 -+ -+auth default { -+ # Space separated list of wanted authentication mechanisms: -+ # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey -+ # gss-spnego -+ # NOTE: See also disable_plaintext_auth setting. -+ mechanisms = plain login -+ -+ # -+ # Password database is used to verify user's password (and nothing more). -+ # You can have multiple passdbs and userdbs. This is useful if you want to -+ # allow both system users (/etc/passwd) and virtual users to login without -+ # duplicating the system users into virtual database. -+ # -+ # -+ # -+ # By adding master=yes setting inside a passdb you make the passdb a list -+ # of "master users", who can log in as anyone else. Unless you're using PAM, -+ # you probably still want the destination user to be looked up from passdb -+ # that it really exists. This can be done by adding pass=yes setting to the -+ # master passdb. -+ -+ # Users can be temporarily disabled by adding a passdb with deny=yes. -+ # If the user is found from that database, authentication will fail. -+ # The deny passdb should always be specified before others, so it gets -+ # checked first. Here's an example: -+ -+ #passdb passwd-file { -+ # File contains a list of usernames, one per line -+ #args = /etc/dovecot/dovecot.deny -+ #deny = yes -+ #} -+ -+ # PAM authentication. Preferred nowadays by most systems. -+ # Note that PAM can only be used to verify if user's password is correct, -+ # so it can't be used as userdb. If you don't want to use a separate user -+ # database (passwd usually), you can use static userdb. -+ # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM -+ # authentication to actually work. -+ #passdb pam { -+ # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=] -+ # [cache_key=] [] -+ # -+ # session=yes makes Dovecot open and immediately close PAM session. Some -+ # PAM plugins need this to work, such as pam_mkhomedir. -+ # -+ # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins -+ # need that. They aren't ever deleted though, so this isn't enabled by -+ # default. -+ # -+ # max_requests specifies how many PAM lookups to do in one process before -+ # recreating the process. The default is 100, because many PAM plugins -+ # leak memory. -+ # -+ # cache_key can be used to enable authentication caching for PAM -+ # (auth_cache_size also needs to be set). It isn't enabled by default -+ # because PAM modules can do all kinds of checks besides checking password, -+ # such as checking IP address. Dovecot can't know about these checks -+ # without some help. cache_key is simply a list of variables (see -+ # /usr/share/doc/dovecot-common/wiki/Variables.txt) which must match -+ # for the cached data to be used. -+ # Here are some examples: -+ # %u - Username must match. Probably sufficient for most uses. -+ # %u%r - Username and remote IP address must match. -+ # %u%s - Username and service (ie. IMAP, POP3) must match. -+ # -+ # The service name can contain variables, for example %Ls expands to -+ # pop3 or imap. -+ # -+ # Some examples: -+ # args = session=yes %Ls -+ # args = cache_key=%u dovecot -+ #args = dovecot -+ #} -+ -+ # System users (NSS, /etc/passwd, or similiar) -+ # In many systems nowadays this uses Name Service Switch, which is -+ # configured in /etc/nsswitch.conf. -+ #passdb passwd { -+ # [blocking=yes] - See userdb passwd for explanation -+ #args = -+ #} -+ -+ # Shadow passwords for system users (NSS, /etc/shadow or similiar). -+ # Deprecated by PAM nowadays. -+ # -+ #passdb shadow { -+ # [blocking=yes] - See userdb passwd for explanation -+ #args = -+ #} -+ -+ # PAM-like authentication for OpenBSD. -+ # -+ #passdb bsdauth { -+ # [cache_key=] - See cache_key in PAM for explanation. -+ #args = -+ #} -+ -+ # passwd-like file with specified location -+ # -+ #passdb passwd-file { -+ # [scheme=] [username_format=] -+ # -+ #args = -+ #} -+ -+ # checkpassword executable authentication -+ # NOTE: You will probably want to use "userdb prefetch" with this. -+ # -+ #passdb checkpassword { -+ # Path for checkpassword binary -+ #args = -+ #} -+ -+ # SQL database -+ passdb sql { -+ # Path for SQL configuration file -+ args = /etc/dovecot/dovecot-sql.conf -+ } -+ -+ # LDAP database -+ #passdb ldap { -+ # Path for LDAP configuration file -+ #args = /etc/dovecot/dovecot-ldap.conf -+ #} -+ -+ # vpopmail authentication -+ #passdb vpopmail { -+ # [cache_key=] - See cache_key in PAM for explanation. -+ # [quota_template=