iankelling.org Git - distro-setup/blob - filesystem/etc/dovecot/local.conf

   1 # so I can use a different login that my shell login for mail.  this is
   2 # worth doing solely for the reason that if this login is compromised,
   3 # it won't also compromise my shell password.
   4 !include conf.d/auth-passwdfile.conf.ext
   5
   6 # settings derived from wiki and 10-ssl.conf
   7 ssl = required
   8 ssl_cert = </etc/exim4/exim.crt
   9 ssl_key = </etc/exim4/exim.key
  10 # https://github.com/certbot/certbot/raw/master/certbot-apache/certbot_apache/options-ssl-apache.conf
  11 # in my cert cronjob, I check if that has changed upstream.
  12 ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  13
  14 # ian: added this, more secure, per google etc
  15 ssl_prefer_server_ciphers = yes
  16
  17 # for debugging info, uncomment these.
  18 # logs go to syslog, and to /var/log/mail.log
  19 # auth_verbose=yes
  20 #mail_debug=yes