vihuvac · October 1, 2013 16:06
diff --git a/10-master.conf b/10-master.conf
 #default_process_limit = 100
 #default_client_limit = 1000

 # Default VSZ (virtual memory size) limit for service processes. This is mainly
 # intended to catch and kill processes that leak memory before they eat up
 # everything.
 #default_vsz_limit = 256M

 # Login user is internally used by login processes. This is the most untrusted
 # user in Dovecot system. It shouldn't have access to anything at all.
 #default_login_user = dovenull

 # Internal user is used by unprivileged processes. It should be separate from
 # login user, so that login processes can't disturb other processes.
 #default_internal_user = dovecot

 service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }

  # Number of connections to handle before starting a new process. Typically
  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  # is faster. <doc/wiki/LoginProcess.txt>
  #service_count = 1

  # Number of processes to always keep waiting for more connections.
  #process_min_avail = 0

  # If you set service_count=0, you probably need to grow this.
  #vsz_limit = 64M
 }

 service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
  }
 }

 service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   mode = 0600
   user = postfix
   group = postfix
  }
  # Create inet listener only if you can't use the above UNIX socket
  #inet_listener lmtp {
    # Avoid making LMTP visible for the entire internet
    #address =
    #port = 
  #}
 }

 service imap {
  # Most of the memory goes to mmap()ing files. You may need to increase this
  # limit if you have huge mailboxes.
  #vsz_limit = 256M

  # Max. number of IMAP processes (connections)
  #process_limit = 1024
 }

 service pop3 {
  # Max. number of POP3 processes (connections)
  #process_limit = 1024
 }

 service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone's userdb lookups.
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    #group = vmail
  }

  # Postfix smtp-auth
  #unix_listener /var/spool/postfix/private/auth {
  #  mode = 0666
  #}

  # Auth process is run as this user.
  user = dovecot
 }

 service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  user = vmail
 }

 service dict {
  # If dict proxy is used, mail processes should have access to its socket.
  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
  unix_listener dict {
    #mode = 0600
    #user = 
    #group = 
  }
 }
	#default_process_limit = 100
	#default_client_limit = 1000

	# Default VSZ (virtual memory size) limit for service processes. This is mainly
	# intended to catch and kill processes that leak memory before they eat up
	# everything.
	#default_vsz_limit = 256M

	# Login user is internally used by login processes. This is the most untrusted
	# user in Dovecot system. It shouldn't have access to anything at all.
	#default_login_user = dovenull

	# Internal user is used by unprivileged processes. It should be separate from
	# login user, so that login processes can't disturb other processes.
	#default_internal_user = dovecot

	service imap-login {
	inet_listener imap {
	port = 0
	}
	inet_listener imaps {
	#port = 993
	#ssl = yes
	}

	# Number of connections to handle before starting a new process. Typically
	# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
	# is faster. <doc/wiki/LoginProcess.txt>
	#service_count = 1

	# Number of processes to always keep waiting for more connections.
	#process_min_avail = 0

	# If you set service_count=0, you probably need to grow this.
	#vsz_limit = 64M
	}

	service pop3-login {
	inet_listener pop3 {
	port = 0
	}
	inet_listener pop3s {
	#port = 995
	#ssl = yes
	}
	}

	service lmtp {
	unix_listener /var/spool/postfix/private/dovecot-lmtp {
	mode = 0600
	user = postfix
	group = postfix
	}
	# Create inet listener only if you can't use the above UNIX socket
	#inet_listener lmtp {
	# Avoid making LMTP visible for the entire internet
	#address =
	#port =
	#}
	}

	service imap {
	# Most of the memory goes to mmap()ing files. You may need to increase this
	# limit if you have huge mailboxes.
	#vsz_limit = 256M

	# Max. number of IMAP processes (connections)
	#process_limit = 1024
	}

	service pop3 {
	# Max. number of POP3 processes (connections)
	#process_limit = 1024
	}

	service auth {
	# auth_socket_path points to this userdb socket by default. It's typically
	# used by dovecot-lda, doveadm, possibly imap process, etc. Its default
	# permissions make it readable only by root, but you may need to relax these
	# permissions. Users that have access to this socket are able to get a list
	# of all usernames and get results of everyone's userdb lookups.
	unix_listener /var/spool/postfix/private/auth {
	mode = 0666
	user = postfix
	group = postfix
	}

	unix_listener auth-userdb {
	mode = 0600
	user = vmail
	#group = vmail
	}

	# Postfix smtp-auth
	#unix_listener /var/spool/postfix/private/auth {
	# mode = 0666
	#}

	# Auth process is run as this user.
	user = dovecot
	}

	service auth-worker {
	# Auth worker process is run as root by default, so that it can access
	# /etc/shadow. If this isn't necessary, the user should be changed to
	# $default_internal_user.
	user = vmail
	}

	service dict {
	# If dict proxy is used, mail processes should have access to its socket.
	# For example: mode=0660, group=vmail and global mail_access_groups=vmail
	unix_listener dict {
	#mode = 0600
	#user =
	#group =
	}
	}