aboutsummaryrefslogtreecommitdiffstats
path: root/roles/dovecot/templates/etc
diff options
context:
space:
mode:
Diffstat (limited to 'roles/dovecot/templates/etc')
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j210
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j231
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j231
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j210
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j210
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j236
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j23
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j23
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j211
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j26
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j234
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j25
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j230
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j24
-rw-r--r--roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j23
-rw-r--r--roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j216
-rw-r--r--roles/dovecot/templates/etc/dovecot/dovecot.conf.j25
17 files changed, 248 insertions, 0 deletions
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2
new file mode 100644
index 0000000..2185d6d
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2
@@ -0,0 +1,10 @@
+auth_default_realm = {{ freeipa_realm }}
+
+auth_username_format = %Ln
+
+auth_gssapi_hostname = "$ALL"
+
+auth_mechanisms = gssapi plain login
+
+!include auth-system.conf.ext
+!include auth-ldap.conf.ext
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2
new file mode 100644
index 0000000..9a3884a
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2
@@ -0,0 +1,31 @@
+mail_location = mdbox:~/mdbox
+
+namespace inbox {
+ type = private
+ separator = /
+ inbox = yes
+ subscriptions = yes
+}
+
+namespace virtual {
+ location = virtual:/etc/dovecot/virtual:INDEX=~/.virtual:CONTROL=~/.virtual:VOLATILEDIR=~/.virtual:LAYOUT=fs
+
+ type = private
+ separator = /
+ prefix = Virtual/
+}
+
+mail_plugins = $mail_plugins quota virtual fts fts_solr
+
+mail_privileged_group = {{ dovecot_vmail_user }}
+
+first_valid_uid = {{ dovecot_vmail_user_result.uid }}
+last_valid_uid = {{ dovecot_vmail_user_result.uid }}
+
+first_valid_gid = {{ dovecot_vmail_user_result.group }}
+last_valid_gid = {{ dovecot_vmail_user_result.group }}
+
+# recommended configuration for quota:count
+protocol !indexer-worker {
+ mail_vsize_bg_after_count = 100
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2
new file mode 100644
index 0000000..a2af8b3
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-master.conf.j2
@@ -0,0 +1,31 @@
+service imap-login {
+ inet_listener imap {
+ port = 143
+ }
+
+ inet_listener imaps {
+ port = 993
+ ssl = yes
+ }
+}
+
+service lmtp {
+ user = {{ dovecot_vmail_user }}
+ inet_listener lmtp {
+ port = {{ dovecot_lmtp_port }}
+ }
+}
+
+service auth-worker {
+ user = $default_internal_user
+}
+
+# Allow the vmail user to write to stats. This isn't strictly necessary, but
+# prevents dovecot-lda from spamming the mail log with errors.
+service stats {
+ unix_listener stats-writer {
+ user = dovecot
+ group = {{ dovecot_vmail_user }}
+ mode = 0660
+ }
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2
new file mode 100644
index 0000000..e677b44
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/10-ssl.conf.j2
@@ -0,0 +1,10 @@
+ssl = required
+
+ssl_cert = <{{ dovecot_certificate_path }}
+ssl_key = <{{ dovecot_certificate_key_path }}
+
+ssl_dh = <{{ dovecot_dhparams_path }}
+
+ssl_min_protocol = TLSv1.2
+
+ssl_cipher_list = {{ dovecot_ssl_cipher_list }}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2
new file mode 100644
index 0000000..0ed20f5
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/15-lda.conf.j2
@@ -0,0 +1,10 @@
+recipient_delimiter = {{ dovecot_recipient_delimiter }}
+lda_original_recipient_header = X-Original-To
+
+lda_mailbox_autocreate = yes
+
+lda_mailbox_autosubscribe = no
+
+protocol lda {
+ mail_plugins = $mail_plugins sieve
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2
new file mode 100644
index 0000000..af47fcc
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/15-mailboxes.conf.j2
@@ -0,0 +1,36 @@
+namespace inbox {
+
+ mailbox Drafts {
+ auto = subscribe
+ special_use = \Drafts
+ }
+
+ mailbox Junk {
+ auto = subscribe
+ special_use = \Junk
+ }
+
+ mailbox Trash {
+ auto = subscribe
+ special_use = \Trash
+ }
+
+ mailbox Sent {
+ auto = subscribe
+ special_use = \Sent
+ }
+
+ mailbox Archive {
+ auto = subscribe
+ special_use = \Archive
+ }
+
+ # "auto = subscribe" on virtual folders causes dovecot to coredump.
+ mailbox "Virtual/All Messages" {
+ special_use = \All
+ }
+
+ mailbox Virtual/Flagged {
+ special_use = \Flagged
+ }
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2
new file mode 100644
index 0000000..ae67bae
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-imap.conf.j2
@@ -0,0 +1,3 @@
+protocol imap {
+ mail_plugins = $mail_plugins imap_quota imap_sieve
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2
new file mode 100644
index 0000000..2619ce5
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-lmtp.conf.j2
@@ -0,0 +1,3 @@
+protocol lmtp {
+ mail_plugins = $mail_plugins sieve
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2
new file mode 100644
index 0000000..f4adea9
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/20-managesieve.conf.j2
@@ -0,0 +1,11 @@
+protocols = $protocols sieve
+
+service managesieve-login {
+ inet_listener sieve {
+ port = 4190
+ }
+
+ inet_listener sieve_deprecated {
+ port = 0
+ }
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2
new file mode 100644
index 0000000..dbe2102
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-fts.conf.j2
@@ -0,0 +1,6 @@
+plugin {
+ fts_autoindex = yes
+ fts = solr
+ fts_solr = url=http://localhost:{{ dovecot_solr_port }}/solr/dovecot/
+ fts_tika = http://localhost:{{ dovecot_tika_port }}/tika/
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2
new file mode 100644
index 0000000..e1d4449
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-quota.conf.j2
@@ -0,0 +1,34 @@
+plugin {
+ quota = count:User quota
+ quota_vsizes = yes
+ quota_rule = *:storage={{ dovecot_default_user_quota }}
+ quota_grace = {{ dovecot_quota_grace_percent }}%%
+
+ quota_max_mail_size = {{ dovecot_max_mail_size }}
+
+ quota_status_success = DUNNO
+ quota_status_nouser = DUNNO
+ quota_status_overquota = "552 5.2.2 Mailbox is full"
+
+ {% for percent in dovecot_quota_warning_percent | sort(reverse=True) %}
+ quota_warning{% if not loop.first %}{{ loop.index }}{% endif %} = storage={{ percent }}%% quota-warning {{ percent }} %u
+ {% endfor %}
+}
+
+service quota-warning {
+ executable = script {{ dovecot_quota_warning_script }}
+ user = {{ dovecot_vmail_user }}
+ unix_listener quota-warning {
+ user = dovecot
+ group = {{ dovecot_vmail_user }}
+ mode = 0660
+ }
+}
+
+service quota-status {
+ executable = quota-status -p postfix
+ inet_listener {
+ port = {{ dovecot_quota_status_port }}
+ }
+ client_limit = 5
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2
new file mode 100644
index 0000000..bab3d4f
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve-extprograms.conf.j2
@@ -0,0 +1,5 @@
+plugin {
+ sieve_pipe_bin_dir = {{ dovecot_sieve_pipe_bin_dir }}
+ sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
+ sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2
new file mode 100644
index 0000000..51ec533
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/90-sieve.conf.j2
@@ -0,0 +1,30 @@
+plugin {
+ sieve = file:~/sieve;active=~/.dovecot.sieve
+
+ sieve_before = {{ dovecot_sieve_before_dir }}
+
+ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
+
+ sieve_plugins = sieve_extprograms sieve_imapsieve
+
+ sieve_quota_max_scripts = 10
+ sieve_quota_max_storage = 2M
+
+ sieve_user_email = %Ln@{{ dovecot_default_domain }}
+
+ # The default value for this is "sender", but that will totally break SPF
+ sieve_redirect_envelope_from = orig_recipient
+
+ # From elsewhere to Junk folder
+ imapsieve_mailbox1_name = Junk
+ imapsieve_mailbox1_causes = COPY
+ imapsieve_mailbox1_before = file:{{ dovecot_sieve_dir }}/report-spam.sieve
+
+ # From Junk folder to elsewhere
+ imapsieve_mailbox2_name = *
+ imapsieve_mailbox2_from = Junk
+ imapsieve_mailbox2_causes = COPY
+ imapsieve_mailbox2_before = file:{{ dovecot_sieve_dir }}/report-ham.sieve
+
+ sieve_global_extensions = +vnd.dovecot.pipe
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2
new file mode 100644
index 0000000..7b5ab0e
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/auth-ldap.conf.ext.j2
@@ -0,0 +1,4 @@
+userdb {
+ driver = ldap
+ args = /etc/dovecot/dovecot-ldap.conf.ext
+}
diff --git a/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2
new file mode 100644
index 0000000..a53dd53
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/conf.d/auth-system.conf.ext.j2
@@ -0,0 +1,3 @@
+passdb {
+ driver = pam
+}
diff --git a/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2 b/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2
new file mode 100644
index 0000000..3f03c82
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/dovecot-ldap.conf.ext.j2
@@ -0,0 +1,16 @@
+hosts = {{ freeipa_hosts | join(' ') }}
+
+sasl_bind = yes
+sasl_mech = gssapi
+sasl_realm = {{ freeipa_realm }}
+
+base = {{ freeipa_user_basedn }}
+
+user_filter = (&(uid=%Ln)(memberof=cn={{ dovecot_access_group }},{{ freeipa_group_basedn }}))
+user_attrs= \
+ =uid={{ dovecot_vmail_user }}, \
+ =gid={{ dovecot_vmail_user }}, \
+ =home={{ dovecot_vmail_dir }}/%{ldap:uid}
+
+iterate_attrs = uid=user
+iterate_filter = (memberof=cn={{ dovecot_access_group }},{{ freeipa_group_basedn }})
diff --git a/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2 b/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2
new file mode 100644
index 0000000..bfc16bf
--- /dev/null
+++ b/roles/dovecot/templates/etc/dovecot/dovecot.conf.j2
@@ -0,0 +1,5 @@
+protocols = imap lmtp
+
+import_environment = $import_environment GSS_USE_PROXY=yes
+
+!include conf.d/*.conf
generated by cgit (git 2.34.1) at 2024-09-19 18:10:49 -0400