doc/web/source/installation/dovecot_configuration.rst
author Pascal Volk <user@localhost.localdomain.org>
Sun, 23 Feb 2014 18:16:57 +0000
branchv0.7.x
changeset 737 81f4bfc34ed8
parent 697 61aaa7a98ec0
child 739 b65c3abf9ca8
permissions -rw-r--r--
VMM/cli/subcommands: userpassword: Added option --hash. vmm userpassword --hash {SCHEME}$HASH can be used to save a password hash, e.g. generated by doveadm pw, as new user password.

=====================
Dovecot configuration
=====================
This page describes in short how to configure Dovecot.

If you are upgrading your Dovecot installation from v1.\ **1**.x to
v1.\ **2**.x or v\ **1**.x to v\ **2**.x, you should also read Upgrading_
in the `Dovecot wiki`_.

Dovecot v1.x
------------
This setup uses two configuration files.
:file:`dovecot.conf`, the MainConfig_ of the Dovecot server and
:file:`dovecot-sql.conf`, containing the settings for passdb_ and userdb_
lookups.
For more details see also `AuthDatabase/SQL`_ in the Dovecot wiki.

dovecot.conf
^^^^^^^^^^^^
The following configuration example can be used as complete configuration
file. You can also adjust your existing settings.
Use :command:`dovecot -n | head -n 1` to locate your :file:`dovecot.conf`.

.. note:: Please modify the `postmaster_address` to meet your specific needs.

.. code-block:: text
 :emphasize-lines: 7

 # all your other settings
 #disable_plaintext_auth = no
 mail_location = maildir:~/Maildir
 first_valid_uid = 70000
 first_valid_gid = 70000
 protocol lda {
   postmaster_address = postmaster@YOUR-DOMAIN.TLD
   # uncomment this to use server side filtering (Dovecot v1.0.x/v1.1.x)
   #mail_plugins = cmusieve
   # uncomment this to use server side filtering (Dovecot v1.2.x)
   #mail_plugins = sieve
 }
 protocol pop3 {
   pop3_uidl_format = %08Xu%08Xv
 }
 # uncomment this to use the ManageSieve protocol, if supported by your installation
 #protocol managesieve {
 #  # only valid with Dovecot v1.0.x/v1.1.x.
 #  # see also: http://wiki.dovecot.org/ManageSieve/Configuration#v1.0.2BAC8-v1.1
 #  sieve = ~/.dovecot.sieve
 #  sieve_storage = ~/sieve
 #}
 auth default {
   mechanisms = cram-md5 login plain
   passdb sql {
     args = /etc/dovecot/dovecot-sql.conf
   }
   userdb sql {
     args = /etc/dovecot/dovecot-sql.conf
   }
   user = doveauth
   socket listen {
     master {
       path = /var/run/dovecot/auth-master
       mode = 0600
     }
     client {
       path = /var/spool/postfix/private/dovecot-auth
       mode = 0660
       user = postfix
       group = postfix
     }
   }
 }
 # uncomment this if you use the ManageSieve protocol with Dovecot v1.2.x
 #plugin {
 #  # Sieve and ManageSieve settings
 #  # see also: http://wiki.dovecot.org/ManageSieve/Configuration#v1.2
 #  sieve = ~/.dovecot.sieve
 #  sieve_dir = ~/sieve
 #}


.. _dovecot-sql-conf:

dovecot-sql.conf
^^^^^^^^^^^^^^^^
This lines contains all information that are required by Dovecot to access
the database and to do the lookups in passdb and userdb.

.. code-block:: text

 driver = pgsql
 connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
 default_pass_scheme = CRAM-MD5
 password_query = SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls
 user_query = SELECT SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')

Dovecot v2.x
------------
Beginning with Dovecot version 2.0 the configuration was split into multiple
files.
It isn't required to use multiple configuration files.
:file:`dovecot.conf` is still the most important configuration file.
Use the command :command:`doveconf -n | head -n 1` to locate your
:file:`dovecot.conf`.
You could put all settings in your :file:`dovecot.conf`.
You can also include multiple files into your :file:`dovecot.conf`.

I personally prefer it to comment out most of the :file:`dovecot.conf`
and include only my :file:`local.conf`, which contains all the necessary 
settings.
You can download my :download:`local.conf <../_static/local.conf>` and use
it in your setup.

If you want to use multiple configuration files, you have to apply the
following settings to the configuration files mentioned down below.
Everything that isn't mentioned, was commented out.

.. _dovecot2.conf:

dovecot.conf
^^^^^^^^^^^^
.. code-block:: text

 protocols = imap lmtp
 # uncomment if your users should be able to manage their sieve scripts
 #protocols = imap lmtp sieve

 # uncomment if you want to use the quota plugin
 #dict {
 #  quota = pgsql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext
 #}

See also :ref:`dovecot-dict-sql-conf-ext` below.

.. warning:: Adjust the paths of the :file:`dovecot-dict-sql.conf.ext`
   (above) and :file:`dovecot-sql.conf.ext` (below) files to suit your needs.


.. _conf-d-10-auth-conf:

conf.d/10-auth.conf
^^^^^^^^^^^^^^^^^^^
.. code-block:: text

 auth_mechanisms = plain login cram-md5
 passdb {
   driver = sql
   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
 }
 userdb {
   driver = sql
   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
 }
 #!include auth-system.conf.ext

See also :ref:`dovecot-sql-conf-ext` below.


conf.d/10-mail.conf
^^^^^^^^^^^^^^^^^^^
.. code-block:: text

 first_valid_gid = 70000
 first_valid_uid = 70000
 mail_access_groups = dovemail
 mail_location = maildir:~/Maildir
 
 # uncomment if you want to use the quota plugin
 #mail_plugins = quota

.. _conf-d-10-master.conf:

conf.d/10-master.conf
^^^^^^^^^^^^^^^^^^^^^
.. code-block:: text

 # if you don't want to use secure imap, you have to disable the imaps listener
 ##service imap-login {
 ##  inet_listener imaps {
 ##    port = 0
 ##  }
 ##}

 service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     user = postfix
     group = postfix
     mode = 0600
   }
 }

 service auth {
   user = doveauth
   unix_listener auth-userdb {
   }
   unix_listener /var/spool/postfix/private/dovecot-auth {
     user = postfix
     group = postfix
     mode = 0600
   }
 }

 service auth-worker {
   unix_listener auth-worker {
     user = doveauth
     group = $default_internal_user
     mode = 0660
   }
   user = doveauth
 }

 service dict {
   unix_listener dict {
     group = dovemail
     mode = 0660
   }
 }

conf.d/10-ssl.conf
^^^^^^^^^^^^^^^^^^
.. code-block:: text

 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
 #ssl = yes

 ssl_cert = </etc/ssl/certs/dovecot.pem
 ssl_key = </etc/ssl/private/dovecot.pem

 # if you want to disable SSL/TLS, you have set 'ssl = no' and disable the
 # imaps listener in conf.d/10-master.conf

conf.d/15-lda.conf
^^^^^^^^^^^^^^^^^^
.. note:: Please modify the `postmaster_address` to meet your specific needs.

.. code-block:: text
 :emphasize-lines: 1

 postmaster_address = postmaster@YOUR-DOMAIN.TLD
 recipient_delimiter = +
 protocol lda {
   # uncomment if you want to use the quota plugin
   #mail_plugins = $mail_plugins
   # uncomment if you want to use the quota and sieve plugins
   #mail_plugins = $mail_plugins sieve
 }

conf.d/20-imap.conf
^^^^^^^^^^^^^^^^^^^
.. code-block:: text

 protocol imap {
   # uncomment if you want to use the quota plugin
   #mail_plugins = $mail_plugins imap_quota
 }

conf.d/20-lmtp.conf
^^^^^^^^^^^^^^^^^^^
.. code-block:: text

 protocol lmtp {
   # uncomment if you want to use the quota plugin
   #mail_plugins = $mail_plugins
   # uncomment if you want to use the quota and sieve plugins
   #mail_plugins = $mail_plugins sieve
 }

conf.d/90-quota.conf
^^^^^^^^^^^^^^^^^^^^
.. code-block:: text

 # uncomment if you want to use the quota plugin
 #plugin {
 #  quota = dict:user:%{uid}:proxy::quota
 #  quota_rule = *:storage=0:messages=0
 #  quota_rule2 = Trash:storage=+100M
 #}

conf.d/90-sieve.conf
^^^^^^^^^^^^^^^^^^^^
.. code-block:: text

 # uncomment if you want to use sieve (and maybe managesieve)
 #plugin {
 #  recipient_delimiter = +
 #  sieve = ~/.dovecot.sieve
 #  sieve_dir = ~/sieve
 #}


.. _dovecot-sql-conf-ext:

dovecot-sql.conf.ext
^^^^^^^^^^^^^^^^^^^^
This file was referenced above in the `passdb` and `userdb` sections of
:ref:`conf-d-10-auth-conf`.

.. code-block:: text

 driver = pgsql
 connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
 
 password_query = \
  SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls
 
 # uncomment this user_query if you want to use the quota plugin
 #user_query = \
 # SELECT home, uid, gid, mail, quota_rule FROM dovecotquotauser('%Ln', '%Ld')

 # otherwise uncomment the following user_query
 #user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')
 
 iterate_query = \
  SELECT local_part AS username, domain_name.domainname AS domain \
    FROM users \
         LEFT JOIN domain_data USING (gid) \
         LEFT JOIN domain_name USING (gid)


.. _dovecot-dict-sql-conf-ext:

dovecot-dict-sql.conf.ext
^^^^^^^^^^^^^^^^^^^^^^^^^
If you want to use the quota plugin add this lines to your
:file:`dovecot-dict-sql.conf.ext`.
This file was referenced in the `dict` section of :ref:`dovecot2.conf`.

.. code-block:: text

 connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
 map {
   pattern = priv/quota/storage
   table = userquota
   username_field = uid
   value_field = bytes
 }
 map {
   pattern = priv/quota/messages
   table = userquota
   username_field = uid
   value_field = messages
 }

.. include:: ../ext_references.rst