1 files changed, 74 insertions, 0 deletions

diff --git a/roles/dovecot/files/dovecot.conf b/roles/dovecot/files/dovecot.conf
new file mode 100644
index 0000000..35e8c3f
--- /dev/null
+++ b/roles/dovecot/files/dovecot.conf
@@ -0,0 +1,74 @@
+# Protocols we want to be serving.
+protocols = imap pop3
+
+# Path to the mail directory.
+mail_location = maildir:/var/mail/%d/%n/Maildir
+
+# Path to SSL certificate files.
+ssl_cert = </etc/letsencrypt/live/mail.ilvokhin.com/fullchain.pem
+ssl_key = </etc/letsencrypt/live/mail.ilvokhin.com/privkey.pem
+
+# Disable plaintext authentication, only SSL is allowed.
+disable_plaintext_auth = yes
+
+service auth {
+    # Postfix smtp-auth.
+    unix_listener /var/spool/postfix/private/auth {
+        mode = 0666
+        user = postfix
+        group = postfix
+    }
+}
+
+namespace {
+    inbox = yes
+    separator = /
+
+    # Create usual mail hierarchy.
+    mailbox Sent {
+        auto = subscribe
+        special_use = \Sent
+    }
+
+    mailbox Drafts {
+        auto = subscribe
+        special_use = \Drafts
+    }
+
+    mailbox Trash {
+        auto = subscribe
+        special_use = \Trash
+    }
+
+    mailbox Junk {
+        auto = subscribe
+        special_use = \Junk
+    }
+}
+
+# Use separate passwd file for storing passwords.
+passdb {
+    driver = passwd-file
+    args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwd
+}
+
+# Use the same separate passwd file for user lookup.
+userdb {
+    driver = passwd-file
+    args = username_format=%u /etc/dovecot/passwd
+    override_fields = uid=vmail gid=vmail
+}
+
+service imap-login {
+    # Do not listen for plain IMAP.
+    inet_listener imap {
+        port = 0
+    }
+}
+
+service pop3-login {
+    # Do not listen for plain POP3.
+    inet_listener pop3 {
+        port = 0
+    }
+}