forked from saltstack-formulas/dovecot-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
121 lines (105 loc) · 3.97 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
dovecot:
lookup:
enable_service_control: True
config:
local: |
# main
listen = *
login_trusted_networks = 192.168.100.0/24
shutdown_clients = yes
# auth
disable_plaintext_auth = yes
auth_cache_size = 10M
auth_cache_ttl = 1 hour
auth_mechanisms = plain
!include conf.d/auth-system.conf.ext
# logging
log_timestamp = "%Y-%m-%d %H:%M:%S "
# mail (for non-virtual users)
mail_location = maildir:~/Maildir
mail_privileged_group = mail
first_valid_uid = 1000
last_valid_uid = 2000
# master
service imap-login {
inet_listener imap {
address = 127.0.0.1
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
# lda
postmaster_address = postmaster@example.com
hostname = example.com
protocol lda {
mail_plugins = $mail_plugins sieve
}
# imap
protocols = imap
mail_max_userip_connections = 50
# managesieve
service managesieve-login {
inet_listener sieve_deprecated {
address = 0.0.0.0
port = 2000
}
}
# sieve
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
# ssl
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_cert = </etc/ssl/private/dovecot-one.crt
ssl_key = </etc/ssl/private/dovecot-one.key
dovecotext:
ldap: |
hosts = 0.0.0.0
base = dc=example, dc=com
scope = subtree
pass_attrs = uid=user,userPassword=password,\
homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = SSHA
dict-sql: |
# Managed by salt
conf:
10-mail: |
mail_location = maildir:~/Maildir
confext:
auth-deny: |
passdb {
driver = passwd-file
deny = yes
# File contains a list of usernames, one per line
args = /etc/dovecot/deny-users
}
ssl_certs:
one: |
-----BEGIN CERTIFICATE-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END CERTIFICATE-----
ssl_keys:
one |
-----BEGIN RSA PRIVATE KEY-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END RSA PRIVATE KEY-----