dovecot/README.md

129 lines
3.0 KiB
Markdown
Raw Normal View History

2016-10-28 07:22:49 +00:00
[Dovecot](http://www.dovecot.org/) with imap, starttls, ldap authentication, sieve rules in ldap.
Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for example if you have a redirect sieve rule).
2016-10-31 10:28:08 +00:00
# Volumes
2016-10-28 07:22:49 +00:00
- `/var/lib/vmail/mail`
- `/etc/ssl/mail:ro`: certificates have to be here.
2016-10-31 10:28:08 +00:00
# Environment Variables
## HOSTNAME
2016-10-28 07:22:49 +00:00
Fully qualified name of the mail host.
2016-10-31 10:28:08 +00:00
## SSMTP_MAIL_RELAY
2016-10-28 07:22:49 +00:00
Hostname and port for the used smtp relay (for example `mail.example.com:587`).
2016-10-31 10:28:08 +00:00
## SSMTP_USER
2016-10-28 07:22:49 +00:00
User to authenticate agains the smtp relay.
2016-10-31 10:28:08 +00:00
## SSMTP_PASSWORD
2016-10-28 07:22:49 +00:00
Password to authenticate agains the smtp relay.
2016-10-31 10:28:08 +00:00
## SSMTP_AUTH_METHOD
2016-10-28 07:22:49 +00:00
- default: LOGIN
Which authentication mechanism to use for the smtp relay.
2016-10-31 10:28:08 +00:00
## SSMTP_USE_STARTTLS
2016-10-28 07:22:49 +00:00
- default: yes
Whether to use starttls for the smtp relay.
2018-02-27 12:56:32 +00:00
## LDAP_HOST
Ldap hostname (can include the port).
2016-10-28 07:22:49 +00:00
2016-10-31 10:28:08 +00:00
## LDAP_SIEVE_HOST
2016-10-28 07:22:49 +00:00
Has to be the same as `LDAP_URI` but in a different format (like `ldap:389`).
2016-10-31 10:28:08 +00:00
## LDAP_BIND_DN
2016-10-28 07:22:49 +00:00
DN used to authenticate against ldap.
2016-10-31 10:28:08 +00:00
## LDAP_BIND_PASSWORD
2016-10-28 07:22:49 +00:00
Password used to authenticate against ldap.
2016-10-31 10:28:08 +00:00
## LDAP_BASE_DN
2016-10-28 07:22:49 +00:00
Base DN to look for users on the ldap host.
2016-10-31 10:28:08 +00:00
## LDAP_SCOPE
2016-10-28 07:22:49 +00:00
- default: subtree
Search scope of ldap queries.
2016-10-31 10:28:08 +00:00
## LDAP_PASS_FILTER
2017-09-22 11:14:50 +00:00
Specifies the filter on how user is found on the ldap host.
2016-10-28 07:22:49 +00:00
[Dovecot variables](http://wiki2.dovecot.org/Variables) can be used.
2016-10-31 10:28:08 +00:00
## LDAP_USER_ATTRIBUTE
2016-10-28 07:22:49 +00:00
- default: cn
The ldap attribute which stands for the username.
2016-10-31 10:28:08 +00:00
## LDAP_PASSWORD_ATTRIBUTE
2016-10-28 07:22:49 +00:00
- default: userPassword
The ldap attribute which stands for the password.
2016-10-31 10:28:08 +00:00
## LDAP_SIEVE_ATTRIBUTE
2016-10-28 07:22:49 +00:00
- default: sieve
The ldap attribute which contains the sieve rules.
2016-10-31 10:28:08 +00:00
## LDAP_USE_TLS
2016-10-28 07:22:49 +00:00
- default: yes
Whether to use tls when connecting to the ldap host.
2018-02-27 12:56:32 +00:00
## LDAP_APP_PASSWORDS_BASE_DN
Base DN to look for app passwords for a user.
## LDAP_APP_PASSWORDS_FILTER
Specifies the filter on what counts as an app password.
2016-10-31 10:28:08 +00:00
## ALLOWED_USERNAME_CHARS
2016-10-28 07:22:49 +00:00
- default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
List of characters allowed in a username.
2016-10-31 10:28:08 +00:00
## AUTH_MECHANISMS
2018-02-27 16:02:32 +00:00
- default: plain
2016-10-28 07:22:49 +00:00
Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).
2017-09-22 11:14:50 +00:00
## CERT_DOMAIN
Name of the certificate domain.
2016-10-28 07:22:49 +00:00
2016-10-31 10:28:08 +00:00
## SSL_DH_LENGTH
2016-10-28 07:22:49 +00:00
- default: 2048
Length of the Diffie-Helman key in bits.
2018-02-16 08:33:18 +00:00
## SSL_MIN_PROTOCOL
2019-02-18 12:30:33 +00:00
- default: TLSv1.2
2016-10-28 07:22:49 +00:00
2018-02-16 08:33:18 +00:00
Ssl minimum protocol version.
2016-10-28 07:22:49 +00:00
2016-10-31 10:28:08 +00:00
## SSL_CIPHERLIST
2019-02-18 12:30:33 +00:00
- default: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
2016-10-28 07:22:49 +00:00
Colon seperated list of supported ciphers (`!`disables a cipher).
2018-02-16 08:33:18 +00:00
Go [here](https://www.openssl.org/docs/manmaster/man1/ciphers.html) for a list
of ciphers.
2016-10-31 10:28:08 +00:00
## IMAP_MAX_USER_CONNECTIONS
2016-10-28 07:22:49 +00:00
- default: 10
Maximum number of connections from the same user + ip.
2016-10-31 10:28:08 +00:00
# Ports
2016-10-28 07:22:49 +00:00
- 143
2016-10-31 10:28:08 +00:00
# Capabilities
2016-10-28 07:22:49 +00:00
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- SETGID
- SETUID
2016-10-28 11:05:52 +00:00
- SYS_CHROOT