forked from saltstack-formulas/dovecot-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
150 lines (130 loc) · 4.97 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
dovecot:
extra_packages:
- dovecot-sieve
lookup:
enable_service_control: True
service_persistent: True
config:
local: |
# main
listen = *
login_trusted_networks = 192.168.100.0/24
shutdown_clients = yes
# auth
disable_plaintext_auth = yes
auth_cache_size = 10M
auth_cache_ttl = 1 hour
auth_mechanisms = plain
!include conf.d/auth-system.conf.ext
# logging
log_timestamp = "%Y-%m-%d %H:%M:%S "
# mail (for non-virtual users)
mail_location = maildir:~/Maildir
mail_privileged_group = mail
first_valid_uid = 1000
last_valid_uid = 2000
# master
service imap-login {
inet_listener imap {
address = 127.0.0.1
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
# lda
postmaster_address = [email protected]
hostname = example.com
protocol lda {
mail_plugins = $mail_plugins sieve
}
# imap
protocols = imap
mail_max_userip_connections = 50
# managesieve
service managesieve-login {
inet_listener sieve_deprecated {
address = 0.0.0.0
port = 2000
}
}
# sieve
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
# ssl
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_cert = </etc/ssl/private/dovecot-one.crt
ssl_key = </etc/ssl/private/dovecot-one.key
dovecotext:
ldap: |
hosts = 0.0.0.0
base = dc=example, dc=com
scope = subtree
pass_attrs = uid=user,userPassword=password,\
homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = SSHA
dict-sql: |
# Managed by salt
conf:
10-mail: |
mail_location = maildir:~/Maildir
confext:
auth-deny: |
passdb {
driver = passwd-file
deny = yes
# File contains a list of usernames, one per line
args = /etc/dovecot/deny-users
}
# see below: passwd_files
auth-sql: |
passdb {
driver = passwd-file
args = username_format=%u /etc/dovecot/auth.d/%d/passwd
}
# If you don't have any user-specific settings, you can avoid the user_query
# by using userdb static instead of userdb sql, for example:
# <doc/wiki/UserDatabase.Static.txt>
userdb {
driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u
args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
}
# See:
# - https://wiki.dovecot.org/AuthDatabase/PasswdFile
# - https://wiki.dovecot.org/Authentication/PasswordSchemes
passwd_files:
# Will create {{ dovecot.config.base }}/auth.d/example.tld.passwd
example.tld: |
user1:{BLF-CRYPT}HASH
user2:{BLF-CRYPT}HASH::::::allow_nets=192.168.0.0/24
ssl_certs:
one: |
-----BEGIN CERTIFICATE-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END CERTIFICATE-----
ssl_keys:
one: |
-----BEGIN RSA PRIVATE KEY-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END RSA PRIVATE KEY-----