User Tools
qmail-ldapwithdovecotondebian
Differences
This shows you the differences between two versions of the page.
|
qmail-ldapwithdovecotondebian [2008/03/20 23:09] 127.0.0.1 external edit |
qmail-ldapwithdovecotondebian [2020/02/13 22:55] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | |||
| - | ====== qmail-ldap With Dovecot on Debian ====== | ||
| - | <uri strref=" | ||
| - | |||
| - | < | ||
| - | aptitude remove courier-authdaemon courier-authlib courier-authlib-userdb | ||
| - | </ | ||
| - | < | ||
| - | aptitude install dovecot-imapd dovecot-pop3d | ||
| - | </ | ||
| - | Patch qmail-ldap with this patch to add auth_dovecot: | ||
| - | |||
| - | <uri strref=" | ||
| - | |||
| - | < | ||
| - | qmail-1.03# patch -p1 < ../ | ||
| - | </ | ||
| - | < | ||
| - | |||
| - | < | ||
| - | --- ./ | ||
| - | +++ ./ | ||
| - | @@ -18,7 +18,7 @@ | ||
| - | # Protocols we want to be serving: imap imaps pop3 pop3s | ||
| - | # If you only want to use dovecot-auth, | ||
| - | # | ||
| - | -protocols = | ||
| - | +protocols = imap imaps pop3 pop3s | ||
| - | |||
| - | # IP or host address where to listen in for connections. It's not currently | ||
| - | # possible to specify multiple addresses. & | ||
| - | @@ -43,7 +43,7 @@ | ||
| - | # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP | ||
| - | # matches the local IP (ie. you're connecting from the same computer), the | ||
| - | # connection is considered secure and plaintext authentication is allowed. | ||
| - | -# | ||
| - | +disable_plaintext_auth = no | ||
| - | |||
| - | # Should all IMAP and POP3 processes be killed when Dovecot master process | ||
| - | # shuts down. Setting this to & | ||
| - | @@ -205,7 +205,7 @@ | ||
| - | # | ||
| - | # http:// | ||
| - | # | ||
| - | -# | ||
| - | +mail_location = maildir: | ||
| - | |||
| - | # If you need to set multiple mailbox locations or want to change default | ||
| - | # namespace settings, you can do it by defining namespace sections: | ||
| - | @@ -304,21 +304,21 @@ | ||
| - | # Show more verbose process titles (in ps). Currently shows user name and | ||
| - | # IP address. Useful for seeing who are actually using the IMAP processes | ||
| - | # (eg. shared mailboxes or if same uid is used for multiple accounts). | ||
| - | -# | ||
| - | +verbose_proctitle = yes | ||
| - | |||
| - | # Valid UID range for users, defaults to 500 and above. This is mostly | ||
| - | # to make sure that users can't log in as daemons or other system users. | ||
| - | # Note that denying root logins is hardcoded to dovecot binary and can't | ||
| - | # be done even if first_valid_uid is set to 0. | ||
| - | -# | ||
| - | -# | ||
| - | +first_valid_uid = 200 | ||
| - | +last_valid_uid = 200 | ||
| - | |||
| - | # Valid GID range for users, defaults to non-root/ | ||
| - | # non-valid GID as primary group ID aren't allowed to log in. If user | ||
| - | # belongs to supplementary groups with non-valid GIDs, those groups are | ||
| - | # not set. | ||
| - | -# | ||
| - | -# | ||
| - | +first_valid_gid = 200 | ||
| - | +last_valid_gid = 200 | ||
| - | |||
| - | # Maximum number of running mail processes. When this limit is reached, | ||
| - | # new users aren't allowed to log in. | ||
| - | @@ -512,7 +512,7 @@ | ||
| - | |||
| - | # Support for dynamically loadable plugins. mail_plugins is a space separated | ||
| - | # list of plugins to load. | ||
| - | - # | ||
| - | + mail_plugins = quota imap_quota | ||
| - | # | ||
| - | |||
| - | # Send IMAP capabilities in greeting message. This makes it unnecessary for | ||
| - | @@ -618,7 +618,7 @@ | ||
| - | |||
| - | # Support for dynamically loadable plugins. mail_plugins is a space separated | ||
| - | # list of plugins to load. | ||
| - | - # | ||
| - | + mail_plugins = quota | ||
| - | # | ||
| - | |||
| - | # Workarounds for various client bugs: | ||
| - | @@ -743,7 +743,7 @@ | ||
| - | auth default { | ||
| - | # Space separated list of wanted authentication mechanisms: | ||
| - | # | ||
| - | - mechanisms = plain | ||
| - | + mechanisms = plain login | ||
| - | |||
| - | # | ||
| - | # Password database is used to verify user's password (and nothing more). | ||
| - | @@ -779,7 +779,7 @@ | ||
| - | # REMEMBER: You'll need / | ||
| - | # authentication to actually work. | ||
| - | # http:// | ||
| - | - passdb pam { | ||
| - | + #passdb pam { | ||
| - | # | ||
| - | # | ||
| - | # session=yes makes Dovecot open and immediately close PAM session. Some | ||
| - | @@ -808,7 +808,7 @@ | ||
| - | # | ||
| - | # | ||
| - | #args = dovecot | ||
| - | - } | ||
| - | + #} | ||
| - | |||
| - | # /etc/passwd or similar, using getpwnam() | ||
| - | # In many systems nowadays this uses Name Service Switch, which is | ||
| - | @@ -839,10 +839,10 @@ | ||
| - | # checkpassword executable authentication | ||
| - | # NOTE: You will probably want to use & | ||
| - | # http:// | ||
| - | - #passdb checkpassword { | ||
| - | + passdb checkpassword { | ||
| - | # Path for checkpassword binary | ||
| - | - #args = | ||
| - | - #} | ||
| - | + args = / | ||
| - | + } | ||
| - | |||
| - | # SQL database | ||
| - | # http:// | ||
| - | @@ -877,8 +877,8 @@ | ||
| - | # configured in / | ||
| - | # with Dovecot. Don't use it, or users might log in as each others! | ||
| - | # http:// | ||
| - | - userdb passwd { | ||
| - | - } | ||
| - | + #userdb passwd { | ||
| - | + #} | ||
| - | |||
| - | # passwd-like file with specified location | ||
| - | # http:// | ||
| - | @@ -922,8 +922,8 @@ | ||
| - | # This can be made to work with SQL and LDAP databases, see their example | ||
| - | # configuration files for more information how to do it. | ||
| - | # http:// | ||
| - | - #userdb prefetch { | ||
| - | - #} | ||
| - | + userdb prefetch { | ||
| - | + } | ||
| - | |||
| - | # User to use for the process. This user needs access to only user and | ||
| - | # password databases, nothing else. Only shadow and pam authentication | ||
| - | @@ -1026,7 +1026,7 @@ | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | - #quota = maildir | ||
| - | + quota = maildir | ||
| - | |||
| - | # ACL plugin. vfile backend reads ACLs from & | ||
| - | # directory. You can also optionally give a global ACL directory path where | ||
| - | </ | ||
| - | ====== Fail2ban ====== | ||
| - | Activate fail2ban to block brute force attacks. | ||
| - | |||
| - | <link idref=" | ||
| - | |||
qmail-ldapwithdovecotondebian.txt ยท Last modified: 2020/02/13 22:55 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
