diff options
| author | Lee Starnes <lee@canned-death.us> | 2020-05-06 00:53:22 +0000 |
|---|---|---|
| committer | A. Wilcox <awilcox@wilcox-tech.com> | 2020-05-06 00:53:22 +0000 |
| commit | ed2e5d142804bd69d296c39c6b861b8401718469 (patch) | |
| tree | b8ece634ba552bad49e2d395bbb89d3430c5a028 /user/dovecot/default-config.patch | |
| parent | 7d6a83dbf478235cc84f3cdbd0d1ccb82c8514a1 (diff) | |
| download | packages-ed2e5d142804bd69d296c39c6b861b8401718469.tar.gz packages-ed2e5d142804bd69d296c39c6b861b8401718469.tar.bz2 packages-ed2e5d142804bd69d296c39c6b861b8401718469.tar.xz packages-ed2e5d142804bd69d296c39c6b861b8401718469.zip | |
user/dovecot: review fixes
- move default SSL key and cert stuff to a patch
- use auth-system.conf instead of auth-passwdfile.conf because we have PAM
- explain manual removal of *.la
- other Adelification fixes
Diffstat (limited to 'user/dovecot/default-config.patch')
| -rw-r--r-- | user/dovecot/default-config.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/user/dovecot/default-config.patch b/user/dovecot/default-config.patch new file mode 100644 index 000000000..0f8a7385a --- /dev/null +++ b/user/dovecot/default-config.patch @@ -0,0 +1,46 @@ +--- a/doc/example-config/conf.d/10-mail.conf ++++ b/doc/example-config/conf.d/10-mail.conf +@@ -208,10 +208,10 @@ + + # UNIX socket path to master authentication server to find users. + # This is used by imap (for shared users) and lda. +-#auth_socket_path = /var/run/dovecot/auth-userdb ++#auth_socket_path = /run/dovecot/auth-userdb + + # Directory where to look up mail plugins. +-#mail_plugin_dir = /usr/lib/dovecot ++#mail_plugin_dir = /usr/lib/dovecot/modules + + # Space separated list of plugins to load for all services. Plugins specific to + # IMAP, LDA, etc. are added to this list in their own .conf files. +@@ -322,6 +322,7 @@ protocol !indexer-worker { + # them simultaneously. + #mbox_read_locks = fcntl + #mbox_write_locks = dotlock fcntl ++mbox_write_locks = fcntl + + # Maximum time to wait for lock (all of them) before aborting. + #mbox_lock_timeout = 5 mins +--- a/doc/example-config/conf.d/10-ssl.conf ++++ b/doc/example-config/conf.d/10-ssl.conf +@@ -3,7 +3,10 @@ + ## + + # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> +-#ssl = yes ++# Disable plain (unencrypted) POP3 and IMAP, allowed are only POP3+TLS, ++# POP3S, IMAP+TLS and IMAPS. ++# Plain IMAP and POP3 are still allowed for local connections. ++ssl = required + + # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before + # dropping root privileges, so keep the key file unreadable by anyone but +@@ -67,7 +67,7 @@ + #ssl_curve_list = + + # Prefer the server's order of ciphers over client's. +-#ssl_prefer_server_ciphers = no ++ssl_prefer_server_ciphers = yes + + # SSL crypto device to use, for valid values run "openssl engine" + #ssl_crypto_device = |