From 9a550c0f5939577fac33fc8d9c5fdbd89056ec1a Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 28 Oct 2016 09:22:49 +0200 Subject: [PATCH] Create README.md --- README.md | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..169a3ee --- /dev/null +++ b/README.md @@ -0,0 +1,132 @@ +[Dovecot](http://www.dovecot.org/) with imap, starttls, ldap authentication, sieve rules in ldap. + +Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for example if you have a redirect sieve rule). + +## Volumes +- `/var/lib/vmail/mail` +- `/etc/ssl/mail:ro`: certificates have to be here. + +## Environment Variables +### HOSTNAME +Fully qualified name of the mail host. + +### SSMTP_MAIL_RELAY +Hostname and port for the used smtp relay (for example `mail.example.com:587`). + +### SSMTP_USER +User to authenticate agains the smtp relay. + +### SSMTP_PASSWORD +Password to authenticate agains the smtp relay. + +### SSMTP_AUTH_METHOD +- default: LOGIN + +Which authentication mechanism to use for the smtp relay. + +### SSMTP_USE_STARTTLS +- default: yes + +Whether to use starttls for the smtp relay. + +### LDAP_URI +Complete uri for the authentication ldap host. + +### LDAP_SIEVE_HOST +Has to be the same as `LDAP_URI` but in a different format (like `ldap:389`). + +### LDAP_BIND_DN +DN used to authenticate against ldap. + +### LDAP_BIND_PASSWORD +Password used to authenticate against ldap. + +### LDAP_BASE_DN +Base DN to look for users on the ldap host. + +### LDAP_SCOPE +- default: subtree + +Search scope of ldap queries. + +### LDAP_USER_FILTER + +### LDAP_PASS_FILTER +Specifies the filter on how user is found on the ldap host. +[Dovecot variables](http://wiki2.dovecot.org/Variables) can be used. + +### LDAP_USER_ATTRIBUTE +- default: cn + +The ldap attribute which stands for the username. + +### LDAP_PASSWORD_ATTRIBUTE +- default: userPassword + +The ldap attribute which stands for the password. + +### LDAP_SIEVE_ATTRIBUTE +- default: sieve + +The ldap attribute which contains the sieve rules. + +### LDAP_USE_TLS +- default: yes + +Whether to use tls when connecting to the ldap host. + +### LDAP_DEFAULT_PASSSCHEME +- default: SSHA + +Default password scheme used on the ldap host. + +### ALLOWED_USERNAME_CHARS +- default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ + +List of characters allowed in a username. + +### AUTH_MECHANISMS +- default: plain login + +Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms). + +### CERTNAME +- default: fullchain.pem + +Name of the certificate file. + +### Keyname +- default: privkey.pem + +Name of the key file. + +### SSL_DH_LENGTH +- default: 2048 + +Length of the Diffie-Helman key in bits. + +### SSL_PROTOCOLS +- default: !SSLv2 !SSLv3 + +Space seperated list of allowed ssl protocols (`!`disables a protocol). + +### SSL_CIPHERLIST +- default: ALL:!ADH:!LOW:!SSLv2:!EXP:!aNULL:!RC4:+HIGH:+MEDIUM + +Colon seperated list of supported ciphers (`!`disables a cipher). + +### IMAP_MAX_USER_CONNECTIONS +- default: 10 + +Maximum number of connections from the same user + ip. + +## Ports +- 143 + +## Capabilities +- CHOWN +- DAC_OVERRIDE +- FOWNER +- NET_BIND_SERVICE +- SETGID +- SETUID