This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
qmail-ldapwithdovecotondebian [2008/03/20 23:09] 127.0.0.1 external edit |
qmail-ldapwithdovecotondebian [2020/02/13 22:55] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== qmail-ldap With Dovecot on Debian | + | ====== qmail-ldap With Dovecot |
- | <uri strref=" | + | |
+ | Reference: | ||
< | < | ||
- | aptitude | + | aptitude |
</ | </ | ||
+ | |||
+ | **/ | ||
< | < | ||
- | aptitude install dovecot-imapd dovecot-pop3d | + | ... |
+ | !include auth-ldap.conf.ext | ||
+ | .. | ||
</ | </ | ||
- | Patch qmail-ldap with this patch to add auth_dovecot: | ||
- | <uri strref=" | + | **/etc/dovecot/conf.d/10-mail.conf**: |
< | < | ||
- | qmail-1.03# patch -p1 & | + | ... |
+ | mail_uid = 200 | ||
+ | mail_gid = 200 | ||
+ | ... | ||
+ | first_valid_uid = 200 | ||
+ | ... | ||
</ | </ | ||
- | < | + | |
+ | **/ | ||
< | < | ||
- | --- ./ | + | hosts = localhost |
- | +++ ./ | + | |
- | @@ -18,7 +18,7 @@ | + | |
- | # Protocols we want to be serving: imap imaps pop3 pop3s | + | |
- | # If you only want to use dovecot-auth, | + | |
- | # | + | |
- | -protocols = | + | |
- | +protocols = imap imaps pop3 pop3s | + | |
- | # IP or host address where to listen in for connections. It's not currently | + | auth_bind |
- | # possible to specify multiple addresses. & | + | |
- | @@ -43,7 +43,7 @@ | + | |
- | # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP | + | |
- | # matches the local IP (ie. you're connecting from the same computer), the | + | |
- | # connection is considered secure and plaintext authentication is allowed. | + | |
- | -# | + | |
- | +disable_plaintext_auth = no | + | |
- | # Should all IMAP and POP3 processes be killed when Dovecot master process | + | base = ou=qmail, o=mrzesty |
- | # shuts down. Setting this to & | + | |
- | @@ -205,7 +205,7 @@ | + | |
- | # | + | |
- | # http:// | + | |
- | # | + | |
- | -# | + | |
- | +mail_location | + | |
- | # If you need to set multiple mailbox locations or want to change default | + | user_attrs |
- | # namespace settings, you can do it by defining namespace sections: | + | |
- | @@ -304,21 +304,21 @@ | + | |
- | # Show more verbose process titles (in ps). Currently shows user name and | + | |
- | # IP address. Useful for seeing who are actually using the IMAP processes | + | |
- | # (eg. shared mailboxes or if same uid is used for multiple accounts). | + | |
- | -# | + | |
- | +verbose_proctitle | + | |
- | # Valid UID range for users, defaults to 500 and above. This is mostly | + | user_filter |
- | # to make sure that users can't log in as daemons or other system users. | + | |
- | # Note that denying root logins is hardcoded to dovecot binary and can' | + | |
- | # be done even if first_valid_uid is set to 0. | + | |
- | -# | + | |
- | -# | + | |
- | +first_valid_uid | + | |
- | +last_valid_uid = 200 | + | |
- | # Valid GID range for users, defaults to non-root/ | + | pass_attrs |
- | # non-valid GID as primary group ID aren't allowed to log in. If user | + | |
- | # belongs to supplementary groups with non-valid GIDs, those groups are | + | |
- | # not set. | + | |
- | -# | + | |
- | -# | + | |
- | +first_valid_gid | + | |
- | +last_valid_gid = 200 | + | |
- | # Maximum number of running mail processes. When this limit is reached, | + | pass_filter = (& |
- | # new users aren't allowed to log in. | + | </ |
- | @@ -512,7 +512,7 @@ | + | |
- | # Support for dynamically loadable plugins. mail_plugins is a space separated | ||
- | # list of plugins to load. | ||
- | - # | ||
- | + mail_plugins = quota imap_quota | ||
- | # | ||
- | |||
- | # Send IMAP capabilities in greeting message. This makes it unnecessary for | ||
- | @@ -618,7 +618,7 @@ | ||
- | |||
- | # Support for dynamically loadable plugins. mail_plugins is a space separated | ||
- | # list of plugins to load. | ||
- | - # | ||
- | + mail_plugins = quota | ||
- | # | ||
- | |||
- | # Workarounds for various client bugs: | ||
- | @@ -743,7 +743,7 @@ | ||
- | auth default { | ||
- | # Space separated list of wanted authentication mechanisms: | ||
- | # | ||
- | - mechanisms = plain | ||
- | + mechanisms = plain login | ||
- | |||
- | # | ||
- | # Password database is used to verify user's password (and nothing more). | ||
- | @@ -779,7 +779,7 @@ | ||
- | # REMEMBER: You'll need / | ||
- | # authentication to actually work. | ||
- | # http:// | ||
- | - passdb pam { | ||
- | + #passdb pam { | ||
- | # | ||
- | # | ||
- | # session=yes makes Dovecot open and immediately close PAM session. Some | ||
- | @@ -808,7 +808,7 @@ | ||
- | # | ||
- | # | ||
- | #args = dovecot | ||
- | - } | ||
- | + #} | ||
- | |||
- | # /etc/passwd or similar, using getpwnam() | ||
- | # In many systems nowadays this uses Name Service Switch, which is | ||
- | @@ -839,10 +839,10 @@ | ||
- | # checkpassword executable authentication | ||
- | # NOTE: You will probably want to use & | ||
- | # http:// | ||
- | - #passdb checkpassword { | ||
- | + passdb checkpassword { | ||
- | # Path for checkpassword binary | ||
- | - #args = | ||
- | - #} | ||
- | + args = / | ||
- | + } | ||
- | |||
- | # SQL database | ||
- | # http:// | ||
- | @@ -877,8 +877,8 @@ | ||
- | # configured in / | ||
- | # with Dovecot. Don't use it, or users might log in as each others! | ||
- | # http:// | ||
- | - userdb passwd { | ||
- | - } | ||
- | + #userdb passwd { | ||
- | + #} | ||
- | |||
- | # passwd-like file with specified location | ||
- | # http:// | ||
- | @@ -922,8 +922,8 @@ | ||
- | # This can be made to work with SQL and LDAP databases, see their example | ||
- | # configuration files for more information how to do it. | ||
- | # http:// | ||
- | - #userdb prefetch { | ||
- | - #} | ||
- | + userdb prefetch { | ||
- | + } | ||
- | |||
- | # User to use for the process. This user needs access to only user and | ||
- | # password databases, nothing else. Only shadow and pam authentication | ||
- | @@ -1026,7 +1026,7 @@ | ||
- | # | ||
- | # | ||
- | # | ||
- | - #quota = maildir | ||
- | + quota = maildir | ||
- | |||
- | # ACL plugin. vfile backend reads ACLs from & | ||
- | # directory. You can also optionally give a global ACL directory path where | ||
- | </ | ||
====== Fail2ban ====== | ====== Fail2ban ====== | ||
Activate fail2ban to block brute force attacks. | Activate fail2ban to block brute force attacks. |