Commits

Zhang Huangbin  committed 7807d21

All clients are forced to use IMAPS and POPS (via STARTTLS).
Drop support for Dovecot-1.1. At least Dovecot-1.2 is required.

  • Participants
  • Parent commits 18bcb9b

Comments (0)

Files changed (4)

File iRedMail/ChangeLog

 iRedMail-0.8.0-beta4:
+    * All clients are forced to use IMAPS and POPS (via STARTTLS).
+    * Drop support for Dovecot-1.1. At least Dovecot-1.2 is required.
     * Fixed:
         + DEBUG=NO in conf/global breaks postfix installation on FreeBSD.
 

File iRedMail/functions/dovecot1.sh

     ECHO_DEBUG "Enable TLS support."
 
     if [ X"${ENABLE_DOVECOT_SSL}" == X"YES" ]; then
-        # Enable ssl. Different setting in v1.1, v1.2.
-        if [ X"${DOVECOT_VERSION}" == X"1.1" ]; then
-            cat >> ${DOVECOT_CONF} <<EOF
+        cat >> ${DOVECOT_CONF} <<EOF
 # SSL support.
-ssl_disable = no
-EOF
-        elif [ X"${DOVECOT_VERSION}" == X"1.2" ]; then
-            cat >> ${DOVECOT_CONF} <<EOF
-# SSL support.
-ssl = yes
-EOF
-        fi
-
-        cat >> ${DOVECOT_CONF} <<EOF
+ssl = required
 verbose_ssl = no
 ssl_key_file = ${SSL_KEY_FILE}
 ssl_cert_file = ${SSL_CERT_FILE}
 ${CONF_MSG}
 EOF
 
-        if [ X"${DOVECOT_VERSION}" == X"1.1" ]; then
-            cat >> ${DOVECOT_CONF} <<EOF
-umask = 0077
-EOF
-        fi
-
         cat >> ${DOVECOT_CONF} <<EOF
 # Provided services.
 protocols = ${DOVECOT_PROTOCOLS}
 
-# Listen addresses. for Dovecot-1.1.x.
+# Listen addresses. for Dovecot-1.x.
 # ipv4: *
 # ipv6: [::]
 #listen = *, [::]
 # "pool_system_malloc(100248): Out of memory".
 mail_process_size = 1024
 
-disable_plaintext_auth = no
+# With disable_plaintext_auth=yes, STARTTLS or SSL is mandatory.
+disable_plaintext_auth = yes
 
 # Performance Tuning. Reference:
 #   http://wiki.dovecot.org/LoginProcess

File iRedMail/functions/dovecot2.sh

     perl -pi -e 's#PH_GLOBAL_SIEVE_FILE#$ENV{DOVECOT_GLOBAL_SIEVE_FILE}#' ${DOVECOT_CONF}
 
     # SSL.
-    perl -pi -e 's#PH_ENABLE_SSL#yes#' ${DOVECOT_CONF}
-    perl -pi -e 's#PH_SSL_CERT#<$ENV{SSL_CERT_FILE}#' ${DOVECOT_CONF}
-    perl -pi -e 's#PH_SSL_KEY#<$ENV{SSL_KEY_FILE}#' ${DOVECOT_CONF}
+    perl -pi -e 's#PH_SSL_CERT#$ENV{SSL_CERT_FILE}#' ${DOVECOT_CONF}
+    perl -pi -e 's#PH_SSL_KEY#$ENV{SSL_KEY_FILE}#' ${DOVECOT_CONF}
 
 
     # Generate dovecot quota warning script.

File iRedMail/samples/dovecot/dovecot2.conf

 # SSL: Global settings.
 # Refer to wiki site for per protocol, ip, server name SSL settings:
 # http://wiki2.dovecot.org/SSL/DovecotConfiguration
-ssl = PH_ENABLE_SSL
+ssl = required
 verbose_ssl = no
-ssl_cert = PH_SSL_CERT
-ssl_key = PH_SSL_KEY
+ssl_cert = <PH_SSL_CERT
+ssl_key = <PH_SSL_KEY
 
-
-disable_plaintext_auth = no
+# With disable_plaintext_auth=yes, STARTTLS or SSL is mandatory.
+disable_plaintext_auth = yes
+# Allow plain text password per IP address/net
+#remote 192.168.0.0/24 {
+#   disable_plaintext_auth = no
+#}
 
 # Mail location and mailbox format.
 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/