summaryrefslogtreecommitdiff
path: root/dovecot-2.0-defaultconfig.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dovecot-2.0-defaultconfig.patch')
-rw-r--r--dovecot-2.0-defaultconfig.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/dovecot-2.0-defaultconfig.patch b/dovecot-2.0-defaultconfig.patch
new file mode 100644
index 0000000..21f00ec
--- /dev/null
+++ b/dovecot-2.0-defaultconfig.patch
@@ -0,0 +1,42 @@
+diff -up dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf
+--- dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings 2021-08-06 11:25:51.000000000 +0200
++++ dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf 2021-10-27 11:13:45.666956339 +0200
+@@ -175,7 +175,7 @@ namespace inbox {
+ # to make sure that users can't log in as daemons or other system users.
+ # Note that denying root logins is hardcoded to dovecot binary and can't
+ # be done even if first_valid_uid is set to 0.
+-#first_valid_uid = 500
++first_valid_uid = 1000
+ #last_valid_uid = 0
+
+ # Valid GID range for users, defaults to non-root/wheel. Users having
+@@ -322,6 +322,7 @@ protocol !indexer-worker {
+ # them simultaneously.
+ #mbox_read_locks = fcntl
+ #mbox_write_locks = dotlock fcntl
++mbox_write_locks = fcntl
+
+ # Maximum time to wait for lock (all of them) before aborting.
+ #mbox_lock_timeout = 5 mins
+diff -up dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings 2021-08-06 11:25:51.000000000 +0200
++++ dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf 2021-10-27 11:13:02.834533975 +0200
+@@ -3,7 +3,9 @@
+ ##
+
+ # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+-#ssl = yes
++# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
++# plain imap and pop3 are still allowed for local connections
++ssl = required
+
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+@@ -64,6 +66,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
+ #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+ # To disable non-EC DH, use:
+ #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
++ssl_cipher_list = PROFILE=SYSTEM
+
+ # Colon separated list of elliptic curves to use. Empty value (the default)
+ # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 21:25:52 +0000