On Sun, Mar 15, 2026 at 04:55:46PM -0400, John Hill via Postfix-users wrote:
> I am on 3.7.11 Debian 12, no problems that I am aware of. I considered doing
> a dist upgrade as I have in the past but dovecot scared me off.
You'll want to create a new dovecot configuration and verify its
correctness in a test environment. Radically changed Configuration
syntax aside, once Dovecot is up and running I have no issues to report.
FWIW, my configuraiton is below, it supports a mix of GSSAPI users with
the server keytab in /var/spool/keytabs/imap, and PLAIN users with a
dedicated dovecot-specific passwd file that is independent of
/etc/passwd (so no PAM, just explicit IMAP-only passwords, that are
randomly generated and conveyed to the users rather than user selected).
--
Viktor. 🇺🇦 Слава Україні!
dovecot_config_version = 2.4.2
dovecot_storage_version = 2.4.2
auth_realms = ...
auth_mechanisms = gssapi plain
auth_gssapi_hostname = "$ALL"
auth_krb5_keytab = /var/spool/keytabs/imap
default_vsz_limit = 1024M
protocols = imap
service imap-login {
inet_listener imap {
port = 0
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_server {
cert_file = /etc/letsencrypt/live/...
key_file = /etc/letsencrypt/live/...
dh_file = /etc/dovecot/dh.pem
}
ssl_cipher_list = DEFAULT:!kRSA:!SHA1
ssl_min_protocol = TLSv1.2
userdb static {
# Needed for GSSAPI users
allow_all_users = yes
fields {
uid=504
gid=504
mail_driver=maildir
mail_path=/home/dovecot/%{user | username}
}
}
# Needed for GSSAPI users
passdb static {
passdb_mechanisms_filter = gssapi
fields {
password = dummy
}
}
# Needed for PLAIN users
passdb passwd-file {
passdb_mechanisms_filter = plain
driver = passwd-file
passwd_file_path = /etc/dovecot/passwd
default_password_scheme = SHA512-CRYPT
}
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
