From 21cbfd354bc2586b26e1bcff00a388e50aa92bba Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Fri, 7 Jun 2024 15:53:38 -0400
Subject: Basic service configuration

Setup postfix and dovecot to work with virtual domains/mailboxes and
user accounts defined in the userconfig directory.  Services are also
configured to use TLS certificates that will later be provided by the
nginx-proxy acme service.

Basic formatting and informative comments are added to config files.

Signed-off-by: Malfurious <m@lfurio.us>
---
 dovecot/dovecot.conf | 101 ++++++++++-----------------------------------------
 1 file changed, 20 insertions(+), 81 deletions(-)

(limited to 'dovecot/dovecot.conf')

diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf
index 7e9953f..19f5ebd 100644
--- a/dovecot/dovecot.conf
+++ b/dovecot/dovecot.conf
@@ -13,89 +13,28 @@
 # source/destination IPs by placing the settings inside sections, for example:
 # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
 
-# Default values are shown for each setting, it's not required to uncomment
-# those. These are exceptions to this though: No sections (e.g. namespace {})
-# or plugin settings are added by default, they're listed only as examples.
-# Paths are also just examples with the real defaults being based on configure
-# options. The paths listed here are for configure --prefix=/usr
-# --sysconfdir=/etc --localstatedir=/var
+protocols = imap
+auth_mechanisms = plain
 
-# Enable installed protocols
-!include_try /usr/share/dovecot/protocols.d/*.protocol
+ssl_cert = </etc/certs/ENV_HOSTNAME/fullchain.pem
+ssl_key = </etc/certs/ENV_HOSTNAME/key.pem
+ssl_dh = </etc/certs/dhparam.pem
 
-# A comma separated list of IPs or hosts where to listen in for connections. 
-# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
-# If you want to specify non-default ports or anything more complex,
-# edit conf.d/master.conf.
-#listen = *, ::
-
-# Base directory where to store runtime data.
-#base_dir = /var/run/dovecot/
-
-# Name of this instance. In multi-instance setup doveadm and other commands
-# can use -i <instance_name> to select which instance is used (an alternative
-# to -c <config_path>). The instance name is also added to Dovecot processes
-# in ps output.
-#instance_name = dovecot
-
-# Greeting message for clients.
-#login_greeting = Dovecot ready.
-
-# Space separated list of trusted network ranges. Connections from these
-# IPs are allowed to override their IP addresses and ports (for logging and
-# for authentication checks). disable_plaintext_auth is also ignored for
-# these networks. Typically you'd specify your IMAP proxy servers here.
-#login_trusted_networks =
-
-# Space separated list of login access check sockets (e.g. tcpwrap)
-#login_access_sockets = 
-
-# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
-# proxying. This isn't necessary normally, but may be useful if the destination
-# IP is e.g. a load balancer's IP.
-#auth_proxy_self =
-
-# Show more verbose process titles (in ps). Currently shows user name and
-# IP address. Useful for seeing who are actually using the IMAP processes
-# (eg. shared mailboxes or if same uid is used for multiple accounts).
-#verbose_proctitle = no
-
-# Should all processes be killed when Dovecot master process shuts down.
-# Setting this to "no" means that Dovecot can be upgraded without
-# forcing existing client connections to close (although that could also be
-# a problem if the upgrade is e.g. because of a security fix).
-#shutdown_clients = yes
-
-# If non-zero, run mail commands via this many connections to doveadm server,
-# instead of running them directly in the same process.
-#doveadm_worker_count = 0
-# UNIX socket or host:port used for connecting to doveadm server
-#doveadm_socket_path = doveadm-server
-
-# Space separated list of environment variables that are preserved on Dovecot
-# startup and passed down to all of its child processes. You can also give
-# key=value pairs to always set specific settings.
-#import_environment = TZ
-
-##
-## Dictionary server settings
-##
-
-# Dictionary can be used to store key=value lists. This is used by several
-# plugins. The dictionary can be accessed either directly or though a
-# dictionary server. The following dict block maps dictionary names to URIs
-# when the server is used. These can then be referenced using URIs in format
-# "proxy::<name>".
-
-dict {
-  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
+# Users defined by the user-configured password file
+passdb {
+    driver = passwd-file
+    args = /etc/userconfig/passwd
+}
+userdb {
+    driver = passwd-file
+    args = /etc/userconfig/passwd
 }
 
-# Most of the actual configuration gets included below. The filenames are
-# first sorted by their ASCII value and parsed in that order. The 00-prefixes
-# in filenames are intended to make it easier to understand the ordering.
-!include conf.d/*.conf
 
-# A config file can also tried to be included without giving an error if
-# it's not found:
-!include_try local.conf
+# Location for users mailboxes
+#  %u - username
+#  %n - user part in user@domain, same as %u if there's no domain
+#  %d - domain part in user@domain, empty if there's no domain
+#  %h - home directory
+mail_home = /var/mail/vhost/%d/%n
+mail_location = maildir:~
-- 
cgit v1.2.3