Dovecot custom configuration

[crenet]

Hi,

I am trying to config Dovecot.

I edit /etc/dovecot.conf and set
disable_plaintext_auth = yes

cd /usr/local/directadmin/custombuild
./build dovecot_conf

doveconf -n | grep -iE "plaintext"
disable_plaintext_auth = no

OK it rewrites my settings.

Now can I use custom settings for Dovecot ?

Where?
/usr/local/directadmin/custombuild/custom/dovecot/dovecot.conf
or
/usr/local/directadmin/custombuild/custom/dovecot/conf/dovecot.conf

I tried on both places and do not seem to work.

I also like to force TLS with Dovecot for IMAPS/POPS and Exim.
How can I do that ?

Can I also use custom Roundcube files ?
/usr/local/directadmin/custombuild/custom/roundcube/

How to build those conf ?

Thanks a lot.

 

[smtalk]

As I've mentioned in another thread of yours - custom/ path must have the same structure as configure/. If dovecot.conf is found here:
/usr/local/directadmin/custombuild/configure/dovecot/dovecot.conf

It means it'd be here in custom path:
/usr/local/directadmin/custombuild/custom/dovecot/dovecot.conf

Regarding RoundCube, the following can be used:

custom/roundcube/config.inc.php
custom/roundcube/plugins
custom/roundcube/skins
custom/roundcube/vendor
custom/roundcube/program
custom/roundcube/.htaccess
custom/roundcube/composer.json

Please let me know if there are any other questions on this

Thank you!

 

[crenet]

Thanks a lot Martynas I will try it.

I just can´t believe there isn´t a DA guide where we can see all working customizations because as other user told me Exim custom settings do not work.

 

[smtalk]

Thanks a lot Martynas I will try it.

I just can´t believe there isn´t a DA guide where we can see all working customizations because as other user told me Exim custom settings do not work.

There is If something is missing - just say.

Using custom configs for PhpMyAdmin, SquirrelMail and Roundcube
Changing your SSL/TLS/cipher lists in dovecot
Adding custom modules to apache for custombuild
Add custom modules to php with custombuild

Exim related ones:
Current SSL cipher lists for DirectAdmin servers
I need exim to allow messages larger than 20 Megabytes
Hide your exim version in the banner

Just pasted these as example, but there are more of them at help.directadmin.com.

 

[crenet]

Well Martynas I thinks you don't want to understand what I said .
I already follow all that guides but remenber users need to search all of those guides and forum post to get there, for someone who already knows DA its seems easy.
Why not have a guide that merge all custom settings ?
I do like DA with his active forum but I must admit that DA deserves a better and organized documentation for getting more customers.
For example do DA have any updated guide for end users ?
Keep this good work and support and just work on DA documentation.
Thanks

 

[crenet]

Hi Martynas,

Sorry to come back to this post but I am trying to set Exim to use domain LE certificates so I am trying to set /etc/exim.variables.conf.custom
/etc/exim.variables.conf.custom

smtp_banner="${primary_hostname} mail server"
daemon_smtp_ports=25 : 587 : 465
tls_on_connect_ports=465
disable_ipv6=true
mesage_size_limit=10M
recipients_max=20
openssl_options=+no_sslv2 +no_sslv3
tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-SHA256:AES128-SHA:AES256-SHAES-CBC3-SHA:!DSS

cd r/local/directadmin/custombuild
./build exim_conf

Is there any DA guide to use LE certificates with Exim and Dovecot ?

UPDATE: I think I found it is not a guide but a forum post .....from you.

SpamBlocker 4.3.0, BlockCracking, Easy Spam Figther, and new exim.pl

Have you checked the exim logs?/var/log/exim/mainlog /var/log/exim/rejectlog /var/log/exim/paniclogI've just tested a simple pipe to file through php, and it did work for me. (SB 4.3.3, SA, ESF, BC) Perhaps a path is blocked in your case, using a newer SB feature, which should have something...

forum.directadmin.com

I will try it tomorow.

Thanks

 

[smtalk]

Domain LE certs are used automatically, you don't need to do anything for this.

 

[crenet]

Hi Martynas,
On that thread you say to set /etc/exim.variables.conf.custom with

tls_privatekey = ${if exists{/etc/exim.key.${tls_sni}}{/etc/exim.key.${tls_sni}}{/etc/exim.key}}
tls_certificate = ${if exists{/etc/exim.cert.${tls_sni}}{/etc/exim.cert.${tls_sni}}{/etc/exim.cert}}

And Dovecot with something similar to this:
local_name mail.example.org {
ssl_cert = </etc/ssl/certs/mail.example.org.crt
ssl_key = </etc/ssl/private/mail.example.org.key
}

local_name mail.example2.org {
ssl_cert = </etc/ssl/certs/mail.example2.org.crt
ssl_key = </etc/ssl/private/mail.example2.org.key
}

Now you say that is not needed ??!!!!
Can you please make it clear?
Thanks

UPDATE: I see ./build exim_conf insert automatically the tls_privatekey and tls_certificate in /etc/exim.variables.conf
UPDATE: but I do not see the other code on dovecot.conf

I think we need to add the above configuration in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
because /usr/local/directadmin/custombuild/configure/dovecot/conf/ssl.conf just have
ssl_cert = </etc/exim.cert
ssl_key = </etc/exim.key
ssl_dh = </etc/dovecot/dh.pem

So when we call ./build dovecot_conf it will use this certificates and not the domains certificates.
It looks like ./build dovecot_conf will not add the domains certificate as ./build exim_conf does.

 

[smtalk]

No, mail_sni is enabled by default, and nothing needs to be done in DA to support domain SSL certificates in dovecot/exim/pure-ftpd/apache/nginx/litespeed/openlitespeed

 

[crenet]

No, mail_sni is enabled by default, and nothing needs to be done in DA to support domain SSL certificates in dovecot/exim/pure-ftpd/apache/nginx/litespeed/openlitespeed

That´s a nice feature, I did know that it setup everything...