samuelloza · October 10, 2016 13:31
diff --git a/Servidores de correo evitar SPAM b/Servidores de correo evitar SPAM
 Verificar si todo esta en orden
   http://www.mail-tester.com/web-vUjIFq
 configurar postfix + opendkim
  https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
 En el tutorial explica mal la parte de DNS
  1.- Crear registro A -> mail
  2.- Crear Mx 0       -> mail.example.com
  3.- Crear TXT @      -> "v=spf1 mx ip4:...."
  4.- Crear TXT mail._domainkey ->"v=DKIM1; g=*; k=rsa; ...."
  
 ssl y spam
 https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps
  
 BackUps correos
 editar nano /etc/postfix/main.cf agregar al final
 ___________________
 #mails backups
 sender_bcc_maps    = hash:/etc/postfix/archive_domain
 recipient_bcc_maps = hash:/etc/postfix/archive_domain
 ____________
 nano /etc/postfix/archive_domain
 [email protected] [email protected]
 ___________
 Crear la .db de archive_domain
 postmap /etc/postfix/archive_domain
 service postfix reload
 ########################
 main.cf
 sender_bcc_maps = regexp:/etc/postfix/archive_domain
 recipient_bcc_maps = regexp:/etc/postfix/archive_domain
 ________________________________
 /etc/postfix/archive_domain:
 /^([^@]+)\@example\.com$/    [email protected]

 http://serverfault.com/questions/407302/how-can-i-configure-postfix-to-retain-copies-of-all-email-sent-through-it
  
  
  HTTPS 
  
  http://docs.sentora.org/?node=102
  
  ---->JAIL USER SSH
        http://www.cyberciti.biz/faq/debian-ubuntu-restricting-ssh-user-session-to-a-directory-chrooted-jail/
  ---->Bloquear IPS
        https://elbauldelprogramador.com/20-ejemplos-de-iptables-para-sysadmins/#bloqueando-una-direcin-ip-block-ip
  
  -------------COnfiguracion segura en mail ----------------------
  
 root@panel:~# cat /etc/postfix/main.cf

 # postfix config file

 # uncomment for debugging if needed
 soft_bounce=yes

 # postfix main
 mail_owner = postfix
 setgid_group = postdrop
 delay_warning_time = 4

 # postfix paths
 html_directory = no
 command_directory = /usr/sbin
 daemon_directory = /usr/lib/postfix
 queue_directory = /var/spool/postfix
 sendmail_path = /usr/sbin/sendmail.postfix
 newaliases_path = /usr/bin/newaliases.postfix
 mailq_path = /usr/bin/mailq.postfix
 manpage_directory = /usr/share/man
 sample_directory = /usr/share/doc/postfix-2.2.2/samples
 readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

 # network settings
 inet_interfaces = all
 mydomain = panel.qkiez.com
 myhostname = panel.qkiez.com
 mynetworks = 127.0.0.1, 45.55.210.55
 mydestination = localhost.$mydomain, localhost
 relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf

 # mail delivery
 recipient_delimiter = +

 # mappings
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 #transport_maps = hash:/etc/postfix/transport
 #local_recipient_maps =

 # virtual setup
 virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
                     regexp:/etc/sentora/configs/postfix/virtual_regexp
 virtual_mailbox_base = /var/sentora/vmail
 virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
 virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
 virtual_minimum_uid = 999
 virtual_uid_maps = static:999
 virtual_gid_maps = static:8
 virtual_transport = dovecot
 dovecot_destination_recipient_limit = 1

 # debugging
 debug_peer_level = 2
 debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

 # authentication
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain = $myhostname
 broken_sasl_auth_clients = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth

 # tls config
 smtp_use_tls = yes
 smtpd_use_tls = yes
 ##
 smtpd_tls_security_level = may
 smtp_tls_note_starttls_offer = yes
 smtpd_tls_loglevel = 3
 smtpd_tls_received_header = yes
 smtpd_tls_session_cache_timeout = 3600s
 tls_random_source = dev:/dev/urandom
 smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
 ##
 #smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
 smtpd_tls_key_file  = /etc/letsencrypt/live/panel.qkiez.com/privkey.pem
 smtpd_tls_cert_file = /etc/letsencrypt/live/panel.qkiez.com/cert.pem
 smtpd_tls_CAfile    = /etc/letsencrypt/live/panel.qkiez.com/chain.pem

 # rules restrictions
 smtpd_client_restrictions =
 smtpd_helo_restrictions =
 smtpd_sender_restrictions =
 smtpd_recipient_restrictions = permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain
 # uncomment for realtime black list checks. (Warn: will also reject false positive)
 #       ,reject_rbl_client zen.spamhaus.org
 #       ,reject_rbl_client bl.spamcop.net
 #       ,reject_rbl_client dnsbl.sorbs.net

 smtpd_helo_required = yes
 unknown_local_recipient_reject_code = 550
 disable_vrfy_command = yes
 smtpd_data_restrictions = reject_unauth_pipelining
 smtpd_banner = $myhostname ESMTP

 #SMTP
 smtp_tls_security_level = may
 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtp_tls_protocols = !SSLv2, !SSLv3
 smtp_tls_loglevel = 3
 smtp_tls_CAfile = /etc/letsencrypt/live/panel.qkiez.com/chain.pem


 message_size_limit = 20480000

 milter_protocol = 2
 milter_default_action = accept

 smtpd_milters = inet:localhost:12301
 non_smtpd_milters = inet:localhost:12301
 --------------------------------------------------------------
 root@panel:~# cat /etc/dovecot/conf.d/10-ssl.conf 
 ##
 ## SSL settings
 ##

 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
 ssl = yes

 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
 ssl_cert = </etc/letsencrypt/live/panel.qkiez.com/fullchain.pem
 ssl_key = </etc/letsencrypt/live/panel.qkiez.com/privkey.pem

 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often
 # world-readable, you may want to place this setting instead to a different
 # root owned 0600 file by using ssl_key_password = <path.
 #ssl_key_password =

 # PEM encoded trusted certificate authority. Set this only if you intend to use
 # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
 # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
 #ssl_ca = 

 # Require that CRL check succeeds for client certificates.
 #ssl_require_crl = yes

 # Directory and/or file for trusted SSL CA certificates. These are used only
 # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
 # directory is usually /etc/ssl/certs in Debian-based systems and the file is
 # /etc/pki/tls/cert.pem in RedHat-based systems.
 #ssl_client_ca_dir =
 #ssl_client_ca_file =

 # Request client to send a certificate. If you also want to require it, set
 # auth_ssl_require_client_cert=yes in auth section.
 #ssl_verify_client_cert = no

 # Which field from certificate to use for username. commonName and
 # x500UniqueIdentifier are the usual choices. You'll also need to set
 # auth_ssl_username_from_cert=yes.
 #ssl_cert_username_field = commonName

 # DH parameters length to use.
 #ssl_dh_parameters_length = 1024

 # SSL protocols to use
 #ssl_protocols = !SSLv2

 # SSL ciphers to use
 #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

 # Prefer the server's order of ciphers over client's.
 #ssl_prefer_server_ciphers = no

 # SSL crypto device to use, for valid values run "openssl engine"
 #ssl_crypto_device =
 root@panel:~# 
 ---------------------------------------------------------
 root@panel:~# cat /etc/dovecot/dovecot.conf
 ##
 ## Dovecot config file
 ##
 listen = *
 disable_plaintext_auth = no
 ssl = yes

 ssl_key  = </etc/letsencrypt/live/panel.qkiez.com/privkey.pem
 ssl_cert = </etc/letsencrypt/live/panel.qkiez.com/cert.pem
 #ssl_ca   = /etc/letsencrypt/live/panel.qkiez.com/chain.pem

 log_timestamp = %Y-%m-%d %H:%M:%S 
 #log_timestamp was present only in Ubuntu file
 protocols = imap pop3 lmtp sieve
 auth_mechanisms = plain login
 passdb {
  driver = sql
  args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
 }
 userdb {
  driver = prefetch
 }
 userdb {
  driver = sql
  args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
 }
 mail_location = maildir:/var/sentora/vmail/%d/%n
 first_valid_uid = 999
 last_valid_uid = 999

 first_valid_gid = 8
 last_valid_gid = 8
 #mail_plugins =
 mailbox_idle_check_interval = 30 secs
 maildir_copy_with_hardlinks = yes
 service imap-login {
  inet_listener imap {
    port = 143
  }
 }
 service pop3-login {
  inet_listener pop3 {
    port = 110
  }
 }
 service lmtp {
  unix_listener lmtp {
    #mode = 0666
  }
 }
 service imap {
  vsz_limit = 256M
 }
 service pop3 {
 }
 service auth {
  unix_listener auth-userdb {
    mode = 0666
    user = vmail
    group = mail
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
 }

 service auth-worker {
 }
 service dict {
  unix_listener dict {
    mode = 0666
    user = vmail
    group = mail
  }
 }
 service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  service_count = 1
  process_min_avail = 0
  vsz_limit = 64M
 }
 service managesieve {
 }
 lda_mailbox_autocreate = yes
 lda_mailbox_autosubscribe = yes
 protocol lda {
  mail_plugins = quota sieve
  postmaster_address = [email protected]
 }
 protocol imap {
  mail_plugins = quota imap_quota trash
  imap_client_workarounds = delay-newmail
 }
 lmtp_save_to_detail_mailbox = yes

 protocol lmtp {
  mail_plugins = quota sieve
 }
 protocol pop3 {
  mail_plugins = quota
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv 
 #pop3_uidl_format was present only in ubuntu file
 }
 protocol sieve {
  managesieve_max_line_length = 65536
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_max_compile_errors = 5
 }
 dict {
  quotadict = mysql:/etc/sentora/configs/dovecot2/dovecot-dict-quota.conf
 }
 plugin {
 # quota = dict:User quota::proxy::quotadict
  quota = maildir:User quota
  acl = vfile:/etc/dovecot/acls
  trash = /etc/sentora/configs/dovecot2/dovecot-trash.conf
  sieve_global_path = /var/sentora/sieve/globalfilter.sieve
  sieve = ~/dovecot.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /var/sentora/sieve/
  #sieve_extensions = +notify +imapflags
  sieve_max_script_size = 1M
  #sieve_max_actions = 32
  #sieve_max_redirects = 4
 }

 log_path = /var/log/dovecot.log
 info_log_path = /var/log/dovecot-info.log
 debug_log_path = /var/log/dovecot-debug.log
 mail_debug=yes
	Verificar si todo esta en orden
	http://www.mail-tester.com/web-vUjIFq
	configurar postfix + opendkim
	https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
	En el tutorial explica mal la parte de DNS
	1.- Crear registro A -> mail
	2.- Crear Mx 0 -> mail.example.com
	3.- Crear TXT @ -> "v=spf1 mx ip4:...."
	4.- Crear TXT mail._domainkey ->"v=DKIM1; g=*; k=rsa; ...."

	ssl y spam
	https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps

	BackUps correos
	editar nano /etc/postfix/main.cf agregar al final
	___________________
	#mails backups
	sender_bcc_maps = hash:/etc/postfix/archive_domain
	recipient_bcc_maps = hash:/etc/postfix/archive_domain
	____________
	nano /etc/postfix/archive_domain
	[email protected] [email protected]
	___________
	Crear la .db de archive_domain
	postmap /etc/postfix/archive_domain
	service postfix reload
	########################
	main.cf
	sender_bcc_maps = regexp:/etc/postfix/archive_domain
	recipient_bcc_maps = regexp:/etc/postfix/archive_domain
	________________________________
	/etc/postfix/archive_domain:
	/^([^@]+)\@example\.com$/ [email protected]

	http://serverfault.com/questions/407302/how-can-i-configure-postfix-to-retain-copies-of-all-email-sent-through-it


	HTTPS

	http://docs.sentora.org/?node=102

	---->JAIL USER SSH
	http://www.cyberciti.biz/faq/debian-ubuntu-restricting-ssh-user-session-to-a-directory-chrooted-jail/
	---->Bloquear IPS
	https://elbauldelprogramador.com/20-ejemplos-de-iptables-para-sysadmins/#bloqueando-una-direcin-ip-block-ip

	-------------COnfiguracion segura en mail ----------------------

	root@panel:~# cat /etc/postfix/main.cf

	# postfix config file

	# uncomment for debugging if needed
	soft_bounce=yes

	# postfix main
	mail_owner = postfix
	setgid_group = postdrop
	delay_warning_time = 4

	# postfix paths
	html_directory = no
	command_directory = /usr/sbin
	daemon_directory = /usr/lib/postfix
	queue_directory = /var/spool/postfix
	sendmail_path = /usr/sbin/sendmail.postfix
	newaliases_path = /usr/bin/newaliases.postfix
	mailq_path = /usr/bin/mailq.postfix
	manpage_directory = /usr/share/man
	sample_directory = /usr/share/doc/postfix-2.2.2/samples
	readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

	# network settings
	inet_interfaces = all
	mydomain = panel.qkiez.com
	myhostname = panel.qkiez.com
	mynetworks = 127.0.0.1, 45.55.210.55
	mydestination = localhost.$mydomain, localhost
	relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf

	# mail delivery
	recipient_delimiter = +

	# mappings
	alias_maps = hash:/etc/aliases
	alias_database = hash:/etc/aliases
	#transport_maps = hash:/etc/postfix/transport
	#local_recipient_maps =

	# virtual setup
	virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
	regexp:/etc/sentora/configs/postfix/virtual_regexp
	virtual_mailbox_base = /var/sentora/vmail
	virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
	virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
	virtual_minimum_uid = 999
	virtual_uid_maps = static:999
	virtual_gid_maps = static:8
	virtual_transport = dovecot
	dovecot_destination_recipient_limit = 1

	# debugging
	debug_peer_level = 2
	debugger_command =
	PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	xxgdb $daemon_directory/$process_name $process_id & sleep 5

	# authentication
	smtpd_sasl_auth_enable = yes
	smtpd_sasl_security_options = noanonymous
	smtpd_sasl_local_domain = $myhostname
	broken_sasl_auth_clients = yes
	smtpd_sasl_type = dovecot
	smtpd_sasl_path = private/auth

	# tls config
	smtp_use_tls = yes
	smtpd_use_tls = yes
	##
	smtpd_tls_security_level = may
	smtp_tls_note_starttls_offer = yes
	smtpd_tls_loglevel = 3
	smtpd_tls_received_header = yes
	smtpd_tls_session_cache_timeout = 3600s
	tls_random_source = dev:/dev/urandom
	smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
	##
	#smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
	smtpd_tls_key_file = /etc/letsencrypt/live/panel.qkiez.com/privkey.pem
	smtpd_tls_cert_file = /etc/letsencrypt/live/panel.qkiez.com/cert.pem
	smtpd_tls_CAfile = /etc/letsencrypt/live/panel.qkiez.com/chain.pem

	# rules restrictions
	smtpd_client_restrictions =
	smtpd_helo_restrictions =
	smtpd_sender_restrictions =
	smtpd_recipient_restrictions = permit_sasl_authenticated,
	permit_mynetworks,
	reject_unauth_destination,
	reject_non_fqdn_sender,
	reject_non_fqdn_recipient,
	reject_unknown_recipient_domain
	# uncomment for realtime black list checks. (Warn: will also reject false positive)
	# ,reject_rbl_client zen.spamhaus.org
	# ,reject_rbl_client bl.spamcop.net
	# ,reject_rbl_client dnsbl.sorbs.net

	smtpd_helo_required = yes
	unknown_local_recipient_reject_code = 550
	disable_vrfy_command = yes
	smtpd_data_restrictions = reject_unauth_pipelining
	smtpd_banner = $myhostname ESMTP

	#SMTP
	smtp_tls_security_level = may
	smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
	smtp_tls_protocols = !SSLv2, !SSLv3
	smtp_tls_loglevel = 3
	smtp_tls_CAfile = /etc/letsencrypt/live/panel.qkiez.com/chain.pem


	message_size_limit = 20480000

	milter_protocol = 2
	milter_default_action = accept

	smtpd_milters = inet:localhost:12301
	non_smtpd_milters = inet:localhost:12301
	--------------------------------------------------------------
	root@panel:~# cat /etc/dovecot/conf.d/10-ssl.conf
	##
	## SSL settings
	##

	# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
	ssl = yes

	# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
	# dropping root privileges, so keep the key file unreadable by anyone but
	# root. Included doc/mkcert.sh can be used to easily generate self-signed
	# certificate, just make sure to update the domains in dovecot-openssl.cnf
	ssl_cert = </etc/letsencrypt/live/panel.qkiez.com/fullchain.pem
	ssl_key = </etc/letsencrypt/live/panel.qkiez.com/privkey.pem

	# If key file is password protected, give the password here. Alternatively
	# give it when starting dovecot with -p parameter. Since this file is often
	# world-readable, you may want to place this setting instead to a different
	# root owned 0600 file by using ssl_key_password = <path.
	#ssl_key_password =

	# PEM encoded trusted certificate authority. Set this only if you intend to use
	# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
	# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
	#ssl_ca =

	# Require that CRL check succeeds for client certificates.
	#ssl_require_crl = yes

	# Directory and/or file for trusted SSL CA certificates. These are used only
	# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
	# directory is usually /etc/ssl/certs in Debian-based systems and the file is
	# /etc/pki/tls/cert.pem in RedHat-based systems.
	#ssl_client_ca_dir =
	#ssl_client_ca_file =

	# Request client to send a certificate. If you also want to require it, set
	# auth_ssl_require_client_cert=yes in auth section.
	#ssl_verify_client_cert = no

	# Which field from certificate to use for username. commonName and
	# x500UniqueIdentifier are the usual choices. You'll also need to set
	# auth_ssl_username_from_cert=yes.
	#ssl_cert_username_field = commonName

	# DH parameters length to use.
	#ssl_dh_parameters_length = 1024

	# SSL protocols to use
	#ssl_protocols = !SSLv2

	# SSL ciphers to use
	#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

	# Prefer the server's order of ciphers over client's.
	#ssl_prefer_server_ciphers = no

	# SSL crypto device to use, for valid values run "openssl engine"
	#ssl_crypto_device =
	root@panel:~#
	---------------------------------------------------------
	root@panel:~# cat /etc/dovecot/dovecot.conf
	##
	## Dovecot config file
	##
	listen = *
	disable_plaintext_auth = no
	ssl = yes

	ssl_key = </etc/letsencrypt/live/panel.qkiez.com/privkey.pem
	ssl_cert = </etc/letsencrypt/live/panel.qkiez.com/cert.pem
	#ssl_ca = /etc/letsencrypt/live/panel.qkiez.com/chain.pem

	log_timestamp = %Y-%m-%d %H:%M:%S
	#log_timestamp was present only in Ubuntu file
	protocols = imap pop3 lmtp sieve
	auth_mechanisms = plain login
	passdb {
	driver = sql
	args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
	}
	userdb {
	driver = prefetch
	}
	userdb {
	driver = sql
	args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
	}
	mail_location = maildir:/var/sentora/vmail/%d/%n
	first_valid_uid = 999
	last_valid_uid = 999

	first_valid_gid = 8
	last_valid_gid = 8
	#mail_plugins =
	mailbox_idle_check_interval = 30 secs
	maildir_copy_with_hardlinks = yes
	service imap-login {
	inet_listener imap {
	port = 143
	}
	}
	service pop3-login {
	inet_listener pop3 {
	port = 110
	}
	}
	service lmtp {
	unix_listener lmtp {
	#mode = 0666
	}
	}
	service imap {
	vsz_limit = 256M
	}
	service pop3 {
	}
	service auth {
	unix_listener auth-userdb {
	mode = 0666
	user = vmail
	group = mail
	}

	# Postfix smtp-auth
	unix_listener /var/spool/postfix/private/auth {
	mode = 0666
	user = postfix
	group = postfix
	}
	}

	service auth-worker {
	}
	service dict {
	unix_listener dict {
	mode = 0666
	user = vmail
	group = mail
	}
	}
	service managesieve-login {
	inet_listener sieve {
	port = 4190
	}
	service_count = 1
	process_min_avail = 0
	vsz_limit = 64M
	}
	service managesieve {
	}
	lda_mailbox_autocreate = yes
	lda_mailbox_autosubscribe = yes
	protocol lda {
	mail_plugins = quota sieve
	postmaster_address = [email protected]
	}
	protocol imap {
	mail_plugins = quota imap_quota trash
	imap_client_workarounds = delay-newmail
	}
	lmtp_save_to_detail_mailbox = yes

	protocol lmtp {
	mail_plugins = quota sieve
	}
	protocol pop3 {
	mail_plugins = quota
	pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
	pop3_uidl_format = %08Xu%08Xv
	#pop3_uidl_format was present only in ubuntu file
	}
	protocol sieve {
	managesieve_max_line_length = 65536
	managesieve_implementation_string = Dovecot Pigeonhole
	managesieve_max_compile_errors = 5
	}
	dict {
	quotadict = mysql:/etc/sentora/configs/dovecot2/dovecot-dict-quota.conf
	}
	plugin {
	# quota = dict:User quota::proxy::quotadict
	quota = maildir:User quota
	acl = vfile:/etc/dovecot/acls
	trash = /etc/sentora/configs/dovecot2/dovecot-trash.conf
	sieve_global_path = /var/sentora/sieve/globalfilter.sieve
	sieve = ~/dovecot.sieve
	sieve_dir = ~/sieve
	sieve_global_dir = /var/sentora/sieve/
	#sieve_extensions = +notify +imapflags
	sieve_max_script_size = 1M
	#sieve_max_actions = 32
	#sieve_max_redirects = 4
	}

	log_path = /var/log/dovecot.log
	info_log_path = /var/log/dovecot-info.log
	debug_log_path = /var/log/dovecot-debug.log
	mail_debug=yes