dovecot/README.md

[Dovecot](http://www.dovecot.org/) with imap, starttls, ldap authentication, sieve rules in ldap.

Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for example if you have a redirect sieve rule).

# Volumes
- `/var/lib/vmail/mail`
- `/etc/ssl/mail:ro`: certificates have to be here.

# Environment Variables
## HOSTNAME
Fully qualified name of the mail host.

## SSMTP_MAIL_RELAY
Hostname and port for the used smtp relay (for example `mail.example.com:587`).

## SSMTP_USER
User to authenticate agains the smtp relay.

## SSMTP_PASSWORD
Password to authenticate agains the smtp relay.

## SSMTP_AUTH_METHOD
- default: LOGIN

Which authentication mechanism to use for the smtp relay.

## SSMTP_USE_STARTTLS
- default: yes

Whether to use starttls for the smtp relay.

## LDAP_HOST
Ldap hostname (can include the port).

## LDAP_SIEVE_HOST
Has to be the same as `LDAP_URI` but in a different format (like `ldap:389`).

## LDAP_BIND_DN
DN used to authenticate against ldap.

## LDAP_BIND_PASSWORD
Password used to authenticate against ldap.

## LDAP_BASE_DN
Base DN to look for users on the ldap host.

## LDAP_SCOPE
- default: subtree

Search scope of ldap queries.

## LDAP_PASS_FILTER
Specifies the filter on how user is found on the ldap host.
[Dovecot variables](http://wiki2.dovecot.org/Variables) can be used.

## LDAP_USER_ATTRIBUTE
- default: cn

The ldap attribute which stands for the username.

## LDAP_PASSWORD_ATTRIBUTE
- default: userPassword

The ldap attribute which stands for the password.

## LDAP_SIEVE_ATTRIBUTE
- default: sieve

The ldap attribute which contains the sieve rules.

## LDAP_USE_TLS
- default: yes

Whether to use tls when connecting to the ldap host.

## LDAP_APP_PASSWORDS_BASE_DN
Base DN to look for app passwords for a user.

## LDAP_APP_PASSWORDS_FILTER
Specifies the filter on what counts as an app password.

## ALLOWED_USERNAME_CHARS
- default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

List of characters allowed in a username.

## AUTH_MECHANISMS
- default: plain

Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).

## CERT_DOMAIN
Name of the certificate domain.

## SSL_DH_LENGTH
- default: 2048

Length of the Diffie-Helman key in bits.

## SSL_MIN_PROTOCOL
- default: TLSv1.2

Ssl minimum protocol version.

## SSL_CIPHERLIST
- default: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Colon seperated list of supported ciphers (`!`disables a cipher).

Go [here](https://www.openssl.org/docs/manmaster/man1/ciphers.html) for a list
of ciphers.

## IMAP_MAX_USER_CONNECTIONS
- default: 10

Maximum number of connections from the same user + ip.

# Ports
- 143

# Capabilities
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- SETGID
- SETUID
- SYS_CHROOT
Create README.md 2016-10-28 07:22:49 +00:00			`[Dovecot](http://www.dovecot.org/) with imap, starttls, ldap authentication, sieve rules in ldap.`

			`Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for example if you have a redirect sieve rule).`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`# Volumes`
Create README.md 2016-10-28 07:22:49 +00:00			- `/var/lib/vmail/mail`
			- `/etc/ssl/mail:ro`: certificates have to be here.

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`# Environment Variables`
			`## HOSTNAME`
Create README.md 2016-10-28 07:22:49 +00:00			`Fully qualified name of the mail host.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## SSMTP_MAIL_RELAY`
Create README.md 2016-10-28 07:22:49 +00:00			Hostname and port for the used smtp relay (for example `mail.example.com:587`).

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## SSMTP_USER`
Create README.md 2016-10-28 07:22:49 +00:00			`User to authenticate agains the smtp relay.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## SSMTP_PASSWORD`
Create README.md 2016-10-28 07:22:49 +00:00			`Password to authenticate agains the smtp relay.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## SSMTP_AUTH_METHOD`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: LOGIN`

			`Which authentication mechanism to use for the smtp relay.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## SSMTP_USE_STARTTLS`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: yes`

			`Whether to use starttls for the smtp relay.`

add lua app password script 2018-02-27 12:56:32 +00:00			`## LDAP_HOST`
			`Ldap hostname (can include the port).`
Create README.md 2016-10-28 07:22:49 +00:00
Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_SIEVE_HOST`
Create README.md 2016-10-28 07:22:49 +00:00			Has to be the same as `LDAP_URI` but in a different format (like `ldap:389`).

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_BIND_DN`
Create README.md 2016-10-28 07:22:49 +00:00			`DN used to authenticate against ldap.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_BIND_PASSWORD`
Create README.md 2016-10-28 07:22:49 +00:00			`Password used to authenticate against ldap.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_BASE_DN`
Create README.md 2016-10-28 07:22:49 +00:00			`Base DN to look for users on the ldap host.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_SCOPE`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: subtree`

			`Search scope of ldap queries.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_PASS_FILTER`
use gitlab docker registry 2017-09-22 11:14:50 +00:00			`Specifies the filter on how user is found on the ldap host.`
Create README.md 2016-10-28 07:22:49 +00:00			`[Dovecot variables](http://wiki2.dovecot.org/Variables) can be used.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_USER_ATTRIBUTE`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: cn`

			`The ldap attribute which stands for the username.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_PASSWORD_ATTRIBUTE`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: userPassword`

			`The ldap attribute which stands for the password.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_SIEVE_ATTRIBUTE`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: sieve`

			`The ldap attribute which contains the sieve rules.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## LDAP_USE_TLS`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: yes`

			`Whether to use tls when connecting to the ldap host.`

add lua app password script 2018-02-27 12:56:32 +00:00			`## LDAP_APP_PASSWORDS_BASE_DN`
			`Base DN to look for app passwords for a user.`

			`## LDAP_APP_PASSWORDS_FILTER`
			`Specifies the filter on what counts as an app password.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## ALLOWED_USERNAME_CHARS`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@`

			`List of characters allowed in a username.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## AUTH_MECHANISMS`
fix lua auth script 2018-02-27 16:02:32 +00:00			`- default: plain`
Create README.md 2016-10-28 07:22:49 +00:00
			`Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).`

use gitlab docker registry 2017-09-22 11:14:50 +00:00			`## CERT_DOMAIN`
			`Name of the certificate domain.`
Create README.md 2016-10-28 07:22:49 +00:00
Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## SSL_DH_LENGTH`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: 2048`

			`Length of the Diffie-Helman key in bits.`

upgarde settings to dovecot 2.3 2018-02-16 08:33:18 +00:00			`## SSL_MIN_PROTOCOL`
update cipher lists 2019-02-18 12:30:33 +00:00			`- default: TLSv1.2`
Create README.md 2016-10-28 07:22:49 +00:00
upgarde settings to dovecot 2.3 2018-02-16 08:33:18 +00:00			`Ssl minimum protocol version.`
Create README.md 2016-10-28 07:22:49 +00:00
Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## SSL_CIPHERLIST`
update cipher lists 2019-02-18 12:30:33 +00:00			`- default: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256`
Create README.md 2016-10-28 07:22:49 +00:00
			Colon seperated list of supported ciphers (`!`disables a cipher).

upgarde settings to dovecot 2.3 2018-02-16 08:33:18 +00:00			`Go [here](https://www.openssl.org/docs/manmaster/man1/ciphers.html) for a list`
			`of ciphers.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`## IMAP_MAX_USER_CONNECTIONS`
Create README.md 2016-10-28 07:22:49 +00:00			`- default: 10`

			`Maximum number of connections from the same user + ip.`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`# Ports`
Create README.md 2016-10-28 07:22:49 +00:00			`- 143`

Update README.md [skip build] 2016-10-31 10:28:08 +00:00			`# Capabilities`
Create README.md 2016-10-28 07:22:49 +00:00			`- CHOWN`
			`- DAC_OVERRIDE`
			`- FOWNER`
			`- NET_BIND_SERVICE`
			`- SETGID`
			`- SETUID`
Update README.md 2016-10-28 11:05:52 +00:00			`- SYS_CHROOT`