templates/default/conf.d/10-master.conf.erb
# Generated by Chef
<%= DovecotCookbook::Conf.attribute(@conf, 'default_process_limit', 100) %>
<%= DovecotCookbook::Conf.attribute(@conf, 'default_client_limit', 1000) %>
# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
<%= DovecotCookbook::Conf.attribute(@conf, 'default_vsz_limit', '256M') %>
# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
<%= DovecotCookbook::Conf.attribute(@conf, 'default_login_user', 'dovenull') %>
# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
<%= DovecotCookbook::Conf.attribute(@conf, 'default_internal_user', 'dovecot') %>
<% if @services['doveadm'].kind_of?(Hash) and @services['doveadm'].length > 0 -%>
<%= DovecotCookbook::Conf.service('doveadm', @services['doveadm']) %>
<% end -%>
<% if @services['imap-login'].kind_of?(Hash) and @services['imap-login'].length > 0 -%>
<%= DovecotCookbook::Conf.service('imap-login', @services['imap-login']) %>
<% else -%>
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps {
#port = 993
#ssl = yes
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit
}
<% end -%>
<% if @services['pop3-login'].kind_of?(Hash) and @services['pop3-login'].length > 0 -%>
<%= DovecotCookbook::Conf.service('pop3-login', @services['pop3-login']) %>
<% else -%>
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
<% end -%>
<% if @services['lmtp'].kind_of?(Hash) and @services['lmtp'].length > 0 -%>
<%= DovecotCookbook::Conf.service('lmtp', @services['lmtp']) %>
<% else -%>
service lmtp {
unix_listener lmtp {
#mode = 0666
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}
<% end -%>
<% if @services['imap'].kind_of?(Hash) and @services['imap'].length > 0 -%>
<%= DovecotCookbook::Conf.service('imap', @services['imap']) %>
<% else -%>
service imap {
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = $default_vsz_limit
# Max. number of IMAP processes (connections)
#process_limit = 1024
}
<% end -%>
<% if @services['pop3'].kind_of?(Hash) and @services['pop3'].length > 0 -%>
<%= DovecotCookbook::Conf.service('pop3', @services['pop3']) %>
<% else -%>
service pop3 {
# Max. number of POP3 processes (connections)
#process_limit = 1024
}
<% end -%>
<% if @services['auth'].kind_of?(Hash) and @services['auth'].length > 0 -%>
<%= DovecotCookbook::Conf.service('auth', @services['auth']) %>
<% else -%>
service auth {
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
# Auth process is run as this user.
#user = $default_internal_user
}
<% end -%>
<% if @services['auth-worker'].kind_of?(Hash) and @services['auth-worker'].length > 0 -%>
<%= DovecotCookbook::Conf.service('auth-worker', @services['auth-worker']) %>
<% else -%>
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
#user = root
}
<% end -%>
<% if @services['dict'].kind_of?(Hash) and @services['dict'].length > 0 -%>
<%= DovecotCookbook::Conf.service('dict', @services['dict']) %>
<% else -%>
service dict {
# If dict proxy is used, mail processes should have access to its socket.
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
}
}
<% end -%>
<% if @services['anvil'].kind_of?(Hash) and @services['anvil'].length > 0 -%>
<%= DovecotCookbook::Conf.service('anvil', @services['anvil']) %>
<% end -%>
<% if @services['stats'].kind_of?(Hash) and @services['stats'].length > 0 -%>
<%= DovecotCookbook::Conf.service('stats', @services['stats']) %>
<% end -%>