This shows you the differences between two versions of the page.
qmail-ldapwithdovecotondebian [2008/03/20 23:09] 127.0.0.1 external edit |
qmail-ldapwithdovecotondebian [2020/02/13 22:55] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | |||
- | ====== qmail-ldap With Dovecot on Debian ====== | ||
- | <uri strref=" | ||
- | |||
- | < | ||
- | aptitude remove courier-authdaemon courier-authlib courier-authlib-userdb | ||
- | </ | ||
- | < | ||
- | aptitude install dovecot-imapd dovecot-pop3d | ||
- | </ | ||
- | Patch qmail-ldap with this patch to add auth_dovecot: | ||
- | |||
- | <uri strref=" | ||
- | |||
- | < | ||
- | qmail-1.03# patch -p1 < ../ | ||
- | </ | ||
- | < | ||
- | |||
- | < | ||
- | --- ./ | ||
- | +++ ./ | ||
- | @@ -18,7 +18,7 @@ | ||
- | # Protocols we want to be serving: imap imaps pop3 pop3s | ||
- | # If you only want to use dovecot-auth, | ||
- | # | ||
- | -protocols = | ||
- | +protocols = imap imaps pop3 pop3s | ||
- | |||
- | # IP or host address where to listen in for connections. It's not currently | ||
- | # possible to specify multiple addresses. & | ||
- | @@ -43,7 +43,7 @@ | ||
- | # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP | ||
- | # matches the local IP (ie. you're connecting from the same computer), the | ||
- | # connection is considered secure and plaintext authentication is allowed. | ||
- | -# | ||
- | +disable_plaintext_auth = no | ||
- | |||
- | # Should all IMAP and POP3 processes be killed when Dovecot master process | ||
- | # shuts down. Setting this to & | ||
- | @@ -205,7 +205,7 @@ | ||
- | # | ||
- | # http:// | ||
- | # | ||
- | -# | ||
- | +mail_location = maildir: | ||
- | |||
- | # If you need to set multiple mailbox locations or want to change default | ||
- | # namespace settings, you can do it by defining namespace sections: | ||
- | @@ -304,21 +304,21 @@ | ||
- | # Show more verbose process titles (in ps). Currently shows user name and | ||
- | # IP address. Useful for seeing who are actually using the IMAP processes | ||
- | # (eg. shared mailboxes or if same uid is used for multiple accounts). | ||
- | -# | ||
- | +verbose_proctitle = yes | ||
- | |||
- | # Valid UID range for users, defaults to 500 and above. This is mostly | ||
- | # to make sure that users can't log in as daemons or other system users. | ||
- | # Note that denying root logins is hardcoded to dovecot binary and can't | ||
- | # be done even if first_valid_uid is set to 0. | ||
- | -# | ||
- | -# | ||
- | +first_valid_uid = 200 | ||
- | +last_valid_uid = 200 | ||
- | |||
- | # Valid GID range for users, defaults to non-root/ | ||
- | # non-valid GID as primary group ID aren't allowed to log in. If user | ||
- | # belongs to supplementary groups with non-valid GIDs, those groups are | ||
- | # not set. | ||
- | -# | ||
- | -# | ||
- | +first_valid_gid = 200 | ||
- | +last_valid_gid = 200 | ||
- | |||
- | # Maximum number of running mail processes. When this limit is reached, | ||
- | # new users aren't allowed to log in. | ||
- | @@ -512,7 +512,7 @@ | ||
- | |||
- | # Support for dynamically loadable plugins. mail_plugins is a space separated | ||
- | # list of plugins to load. | ||
- | - # | ||
- | + mail_plugins = quota imap_quota | ||
- | # | ||
- | |||
- | # Send IMAP capabilities in greeting message. This makes it unnecessary for | ||
- | @@ -618,7 +618,7 @@ | ||
- | |||
- | # Support for dynamically loadable plugins. mail_plugins is a space separated | ||
- | # list of plugins to load. | ||
- | - # | ||
- | + mail_plugins = quota | ||
- | # | ||
- | |||
- | # Workarounds for various client bugs: | ||
- | @@ -743,7 +743,7 @@ | ||
- | auth default { | ||
- | # Space separated list of wanted authentication mechanisms: | ||
- | # | ||
- | - mechanisms = plain | ||
- | + mechanisms = plain login | ||
- | |||
- | # | ||
- | # Password database is used to verify user's password (and nothing more). | ||
- | @@ -779,7 +779,7 @@ | ||
- | # REMEMBER: You'll need / | ||
- | # authentication to actually work. | ||
- | # http:// | ||
- | - passdb pam { | ||
- | + #passdb pam { | ||
- | # | ||
- | # | ||
- | # session=yes makes Dovecot open and immediately close PAM session. Some | ||
- | @@ -808,7 +808,7 @@ | ||
- | # | ||
- | # | ||
- | #args = dovecot | ||
- | - } | ||
- | + #} | ||
- | |||
- | # /etc/passwd or similar, using getpwnam() | ||
- | # In many systems nowadays this uses Name Service Switch, which is | ||
- | @@ -839,10 +839,10 @@ | ||
- | # checkpassword executable authentication | ||
- | # NOTE: You will probably want to use & | ||
- | # http:// | ||
- | - #passdb checkpassword { | ||
- | + passdb checkpassword { | ||
- | # Path for checkpassword binary | ||
- | - #args = | ||
- | - #} | ||
- | + args = / | ||
- | + } | ||
- | |||
- | # SQL database | ||
- | # http:// | ||
- | @@ -877,8 +877,8 @@ | ||
- | # configured in / | ||
- | # with Dovecot. Don't use it, or users might log in as each others! | ||
- | # http:// | ||
- | - userdb passwd { | ||
- | - } | ||
- | + #userdb passwd { | ||
- | + #} | ||
- | |||
- | # passwd-like file with specified location | ||
- | # http:// | ||
- | @@ -922,8 +922,8 @@ | ||
- | # This can be made to work with SQL and LDAP databases, see their example | ||
- | # configuration files for more information how to do it. | ||
- | # http:// | ||
- | - #userdb prefetch { | ||
- | - #} | ||
- | + userdb prefetch { | ||
- | + } | ||
- | |||
- | # User to use for the process. This user needs access to only user and | ||
- | # password databases, nothing else. Only shadow and pam authentication | ||
- | @@ -1026,7 +1026,7 @@ | ||
- | # | ||
- | # | ||
- | # | ||
- | - #quota = maildir | ||
- | + quota = maildir | ||
- | |||
- | # ACL plugin. vfile backend reads ACLs from & | ||
- | # directory. You can also optionally give a global ACL directory path where | ||
- | </ | ||
- | ====== Fail2ban ====== | ||
- | Activate fail2ban to block brute force attacks. | ||
- | |||
- | <link idref=" | ||
- | |||