From 7469b90fce44ca6ab27d88e991c74b71ab8f29e8 Mon Sep 17 00:00:00 2001 From: Christian Mollekopf Date: Tue, 27 Mar 2018 21:21:53 +0200 Subject: Disable password verification for now. --- docker/Dockerfile | 1 + docker/imapd.conf | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 docker/imapd.conf diff --git a/docker/Dockerfile b/docker/Dockerfile index 5c7bd97f..f6eac989 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -80,3 +80,4 @@ RUN gpg2 --batch --generate-key /home/developer/keyconfig RUN git clone https://github.com/Lekensteyn/qt5printers.git ~/.gdb/qt5printers/ ADD rsyslog.conf /etc/rsyslog.conf +ADD imapd.conf /etc/imapd.conf diff --git a/docker/imapd.conf b/docker/imapd.conf new file mode 100644 index 00000000..86b320ab --- /dev/null +++ b/docker/imapd.conf @@ -0,0 +1,137 @@ +# Suggested minimal imapd.conf +# See imapd.conf(5) for more information and more options + +# Space-separated users who have admin rights for all services. +# NB: THIS MUST BE CONFIGURED +admins: cyrus + +################################################################### +## File, socket and DB location settings. +################################################################### + +# Configuration directory +configdirectory: /var/lib/imap + +# Directories for proc and lock files +proc_path: /run/cyrus/proc +mboxname_lockpath: /run/cyrus/lock + +# Locations for DB files +# The following DB are recreated upon initialization, so should live in +# ephemeral storage for best performance. +duplicate_db_path: /run/cyrus/db/deliver.db +ptscache_db_path: /run/cyrus/db/ptscache.db +statuscache_db_path: /run/cyrus/db/statuscache.db +tls_sessions_db_path: /run/cyrus/db/tls_sessions.db + +# Which partition to use for default mailboxes +defaultpartition: default +partition-default: /var/spool/imap + +# If sieveusehomedir is false (the default), this directory is searched +# for Sieve scripts. +sievedir: /var/lib/imap/sieve + +################################################################### +## Important: KEEP THESE IN SYNC WITH cyrus.conf +################################################################### + +lmtpsocket: /run/cyrus/socket/lmtp +idlesocket: /run/cyrus/socket/idle +notifysocket: /run/cyrus/socket/notify + +# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap +# etc.) +syslog_prefix: cyrus + +################################################################### +## Server behaviour settings +################################################################### + +# Space-separated list of HTTP modules that will be enabled in +# httpd(8). This option has no effect on modules that are disabled at +# compile time due to missing dependencies (e.g. libical). +# Fedora default: enable all modules besides admin +httpmodules: caldav carddav domainkey freebusy ischedule jmap rss tzdist webdav + +# If enabled, the partitions will also be hashed, in addition to the +# hashing done on configuration directories. This is recommended if one +# partition has a very bushy mailbox tree. +hashimapspool: true + +# Disable virtual domains by default +virtdomains: off + +################################################################### +## User experience settings +################################################################### + +# Minimum time between POP mail fetches in minutes +popminpoll: 1 + +# Conversation support is required for jmap +conversations: 1 +conversations_db: twoskip + +# This will default to on in 3.1, and improves compatibility with some Apple +# devices. Upstream https://github.com/cyrusimap/cyrus-imapd/issues/1556 +specialusealways: 1 + +################################################################### +## User Authentication settings +################################################################### + +# Allow plaintext logins by default (SASL PLAIN) +allowplaintext: yes + +################################################################### +## SASL library options (these are handled directly by the SASL +## libraries, refer to SASL documentation for an up-to-date list of +## these) +################################################################### + +# The mechanism(s) used by the server to verify plaintext passwords. +# Possible values are "saslauthd", "auxprop", "pwcheck" and +# "alwaystrue". They are tried in order, you can specify more than one, +# separated by spaces. +# FIXME saslauthd doesn't work with caldav/carddav for unknown reasons. +# It seems to work fine on the commandline, and from the logs the only thing +# that could be going wrong is authentication via pam, but for imap it seems +# to work anyways.... +sasl_pwcheck_method: alwaystrue + +# If enabled, the SASL library will automatically create authentication +# secrets when given a plaintext password. Refer to SASL documentation +sasl_auto_transition: no + +################################################################### +## SSL/TLS Options +################################################################### + +# These three files will automatically be generated by the systemd unit when +# the service starts for the first time. +tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem +tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd-key.pem +tls_client_ca_file: /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem + +# File containing the global certificate used for ALL services (imap, +# pop3, lmtp, sieve) +#tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem + +# File containing the private key belonging to the global server +# certificate. +#tls_server_key: /etc/ssl/private/ssl-cert-snakeoil.key + + +# File containing one or more Certificate Authority (CA) certificates. +#tls_client_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem + +# Path to directory with certificates of CAs. +tls_client_ca_dir: /etc/ssl/certs + +# The length of time (in minutes) that a TLS session will be cached for +# later reuse. The maximum value is 1440 (24 hours), the default. A +# value of 0 will disable session caching. +tls_session_timeout: 1440 +altnamespace: 0 +unixhierarchysep: 0 -- cgit v1.2.3