added buster support
This commit is contained in:
nd
parent
0ed250d6ee
commit
38ff3f3fe4
3 changed files with 18 additions and 17 deletions
|
|
@ -220,7 +220,7 @@ namespace inbox {
|
|||
|
||||
# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
|
||||
# also required for IMAP NOTIFY extension to be enabled.
|
||||
#mailbox_list_index = no
|
||||
mailbox_list_index = yes
|
||||
|
||||
# The minimum number of mails in a mailbox before updates are done to cache
|
||||
# file. This allows optimizing Dovecot's behavior to do less disk writes at
|
||||
|
|
|
|||
|
|
@ -140,3 +140,16 @@ service dict {
|
|||
}
|
||||
}
|
||||
|
||||
service stats {
|
||||
unix_listener stats-reader {
|
||||
user = vmail
|
||||
group = vmail
|
||||
mode = 0660
|
||||
}
|
||||
|
||||
unix_listener stats-writer {
|
||||
user = vmail
|
||||
group = vmail
|
||||
mode = 0660
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,12 +11,7 @@ ssl = required
|
|||
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
||||
ssl_cert = </etc/ssl/{{ inventory_hostname }}.crt
|
||||
ssl_key = </etc/ssl/private/{{ inventory_hostname }}.key
|
||||
|
||||
# If key file is password protected, give the password here. Alternatively
|
||||
# give it when starting dovecot with -p parameter. Since this file is often
|
||||
# world-readable, you may want to place this setting instead to a different
|
||||
# root owned 0600 file by using ssl_key_password = <path.
|
||||
#ssl_key_password =
|
||||
ssl_dh = </etc/ssl/dh-4096.pem
|
||||
|
||||
# PEM encoded trusted certificate authority. Set this only if you intend to use
|
||||
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
|
||||
|
|
@ -42,17 +37,10 @@ ssl_key = </etc/ssl/private/{{ inventory_hostname }}.key
|
|||
# auth_ssl_username_from_cert=yes.
|
||||
#ssl_cert_username_field = commonName
|
||||
|
||||
# DH parameters length to use.
|
||||
ssl_dh_parameters_length = 4092
|
||||
ssl_min_protocol = TLSv1.2
|
||||
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
ssl_prefer_server_ciphers = no
|
||||
|
||||
# SSL protocols to use
|
||||
ssl_protocols = TLSv1.2
|
||||
|
||||
# SSL ciphers to use
|
||||
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
|
||||
|
||||
# Prefer the server's order of ciphers over client's.
|
||||
ssl_prefer_server_ciphers = yes
|
||||
|
||||
# SSL crypto device to use, for valid values run "openssl engine"
|
||||
#ssl_crypto_device =
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue