Dovecot custom configuration

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Hi,

I am trying to config Dovecot.

I edit /etc/dovecot.conf and set
disable_plaintext_auth = yes

cd /usr/local/directadmin/custombuild
./build dovecot_conf

doveconf -n | grep -iE "plaintext"
disable_plaintext_auth = no

OK it rewrites my settings.

Now can I use custom settings for Dovecot ?

Where?
/usr/local/directadmin/custombuild/custom/dovecot/dovecot.conf
or
/usr/local/directadmin/custombuild/custom/dovecot/conf/dovecot.conf

I tried on both places and do not seem to work.

I also like to force TLS with Dovecot for IMAPS/POPS and Exim.
How can I do that ?

Can I also use custom Roundcube files ?
/usr/local/directadmin/custombuild/custom/roundcube/

How to build those conf ?

Thanks a lot.
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,340
Location
LT, EU
As I've mentioned in another thread of yours - custom/ path must have the same structure as configure/. If dovecot.conf is found here:
/usr/local/directadmin/custombuild/configure/dovecot/dovecot.conf

It means it'd be here in custom path:
/usr/local/directadmin/custombuild/custom/dovecot/dovecot.conf

Regarding RoundCube, the following can be used:
Code:
custom/roundcube/config.inc.php
custom/roundcube/plugins
custom/roundcube/skins
custom/roundcube/vendor
custom/roundcube/program
custom/roundcube/.htaccess
custom/roundcube/composer.json
Please let me know if there are any other questions on this :)

Thank you!
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Thanks a lot Martynas I will try it.

I just can´t believe there isn´t a DA guide where we can see all working customizations because as other user told me Exim custom settings do not work.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,340
Location
LT, EU
Thanks a lot Martynas I will try it.

I just can´t believe there isn´t a DA guide where we can see all working customizations because as other user told me Exim custom settings do not work.
There is :) If something is missing - just say.

Using custom configs for PhpMyAdmin, SquirrelMail and Roundcube
Changing your SSL/TLS/cipher lists in dovecot
Adding custom modules to apache for custombuild
Add custom modules to php with custombuild

Exim related ones:
Current SSL cipher lists for DirectAdmin servers
I need exim to allow messages larger than 20 Megabytes
Hide your exim version in the banner

Just pasted these as example, but there are more of them at help.directadmin.com.
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Well Martynas I thinks you don't want to understand what I said .
I already follow all that guides but remenber users need to search all of those guides and forum post to get there, for someone who already knows DA its seems easy.
Why not have a guide that merge all custom settings ?
I do like DA with his active forum but I must admit that DA deserves a better and organized documentation for getting more customers.
For example do DA have any updated guide for end users ?
Keep this good work and support and just work on DA documentation.
Thanks
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Hi Martynas,

Sorry to come back to this post but I am trying to set Exim to use domain LE certificates so I am trying to set /etc/exim.variables.conf.custom
/etc/exim.variables.conf.custom

smtp_banner="${primary_hostname} mail server"
daemon_smtp_ports=25 : 587 : 465
tls_on_connect_ports=465
disable_ipv6=true
mesage_size_limit=10M
recipients_max=20
openssl_options=+no_sslv2 +no_sslv3
tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

cd r/local/directadmin/custombuild
./build exim_conf

Is there any DA guide to use LE certificates with Exim and Dovecot ?

UPDATE: I think I found it is not a guide but a forum post .....from you.

I will try it tomorow.

Thanks
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,340
Location
LT, EU
Domain LE certs are used automatically, you don't need to do anything for this.
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Hi Martynas,
On that thread you say to set /etc/exim.variables.conf.custom with

tls_privatekey = ${if exists{/etc/exim.key.${tls_sni}}{/etc/exim.key.${tls_sni}}{/etc/exim.key}}
tls_certificate = ${if exists{/etc/exim.cert.${tls_sni}}{/etc/exim.cert.${tls_sni}}{/etc/exim.cert}}

And Dovecot with something similar to this:
local_name mail.example.org {
ssl_cert = </etc/ssl/certs/mail.example.org.crt
ssl_key = </etc/ssl/private/mail.example.org.key
}

local_name mail.example2.org {
ssl_cert = </etc/ssl/certs/mail.example2.org.crt
ssl_key = </etc/ssl/private/mail.example2.org.key
}

Now you say that is not needed ??!!!!
Can you please make it clear?
Thanks

UPDATE: I see ./build exim_conf insert automatically the tls_privatekey and tls_certificate in /etc/exim.variables.conf
UPDATE: but I do not see the other code on dovecot.conf

I think we need to add the above configuration in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
because /usr/local/directadmin/custombuild/configure/dovecot/conf/ssl.conf just have
ssl_cert = </etc/exim.cert
ssl_key = </etc/exim.key
ssl_dh = </etc/dovecot/dh.pem

So when we call ./build dovecot_conf it will use this certificates and not the domains certificates.
It looks like ./build dovecot_conf will not add the domains certificate as ./build exim_conf does.
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,340
Location
LT, EU
No, mail_sni is enabled by default, and nothing needs to be done in DA to support domain SSL certificates in dovecot/exim/pure-ftpd/apache/nginx/litespeed/openlitespeed :)
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
No, mail_sni is enabled by default, and nothing needs to be done in DA to support domain SSL certificates in dovecot/exim/pure-ftpd/apache/nginx/litespeed/openlitespeed :)
That´s a nice feature, I did know that it setup everything...
 
Top