Next: , Previous: , Up: 服务   [Contents][Index]


11.10.13 邮件服务

The (gnu services mail) module provides Guix service definitions for email services: IMAP, POP3, and LMTP servers, as well as mail transport agents (MTAs). Lots of acronyms! These services are detailed in the subsections below.

Dovecot Service

Variable: dovecot-service-type

Type for the service that runs the Dovecot IMAP/POP3/LMTP mail server, whose value is a <dovecot-configuration> object.

By default, Dovecot does not need much configuration; the default configuration object created by (dovecot-configuration) will suffice if your mail is delivered to ~/Maildir. A self-signed certificate will be generated for TLS-protected connections, though Dovecot will also listen on cleartext ports by default. There are a number of options, though, which mail administrators might need to change, and as is the case with other services, Guix allows the system administrator to specify these parameters via a uniform Scheme interface.

For example, to specify that mail is located at maildir~/.mail, one would instantiate the Dovecot service like this:

(service dovecot-service-type
         (dovecot-configuration
           (mail-location "maildir:~/.mail")))

The available configuration parameters follow. Each parameter definition is preceded by its type; for example, ‘string-list foo’ indicates that the foo parameter should be specified as a list of strings. There is also a way to specify the configuration as a string, if you have an old dovecot.conf file that you want to port over from some other system; see the end for more details.

Available dovecot-configuration fields are:

dovecot-configuration parameter: package dovecot

The dovecot package.

dovecot-configuration parameter: comma-separated-string-list listen

A list of IPs or hosts where to listen for connections. ‘*’ listens on all IPv4 interfaces, ‘::’ listens on all IPv6 interfaces. If you want to specify non-default ports or anything more complex, customize the address and port fields of the ‘inet-listener’ of the specific services you are interested in.

dovecot-configuration parameter: protocol-configuration-list protocols

List of protocols we want to serve. Available protocols include ‘imap’, ‘pop3’, and ‘lmtp’.

Available protocol-configuration fields are:

protocol-configuration parameter: string name

The name of the protocol.

protocol-configuration parameter: string auth-socket-path

UNIX socket path to the master authentication server to find users. This is used by imap (for shared users) and lda. It defaults to ‘"/var/run/dovecot/auth-userdb"’.

protocol-configuration parameter: boolean imap-metadata?

Whether to enable the IMAP METADATA extension as defined in RFC 5464, which provides a means for clients to set and retrieve per-mailbox, per-user metadata and annotations over IMAP.

If this is ‘#t’, you must also specify a dictionary via the mail-attribute-dict setting.

Defaults to ‘#f’.

protocol-configuration parameter: space-separated-string-list managesieve-notify-capabilities

Which NOTIFY capabilities to report to clients that first connect to the ManageSieve service, before authentication. These may differ from the capabilities offered to authenticated users. If this field is left empty, report what the Sieve interpreter supports by default.

Defaults to ‘'()’.

protocol-configuration parameter: space-separated-string-list managesieve-sieve-capability

Which SIEVE capabilities to report to clients that first connect to the ManageSieve service, before authentication. These may differ from the capabilities offered to authenticated users. If this field is left empty, report what the Sieve interpreter supports by default.

Defaults to ‘'()’.

protocol-configuration parameter: space-separated-string-list mail-plugins

Space separated list of plugins to load.

protocol-configuration parameter: non-negative-integer mail-max-userip-connections

Maximum number of IMAP connections allowed for a user from each IP address. NOTE: The username is compared case-sensitively. Defaults to ‘10’.

dovecot-configuration parameter: service-configuration-list services

List of services to enable. Available services include ‘imap’, ‘imap-login’, ‘pop3’, ‘pop3-login’, ‘auth’, and ‘lmtp’.

Available service-configuration fields are:

service-configuration parameter: string kind

The service kind. Valid values include director, imap-login, pop3-login, lmtp, imap, pop3, auth, auth-worker, dict, tcpwrap, quota-warning, or anything else.

service-configuration parameter: listener-configuration-list listeners

Listeners for the service. A listener is either a unix-listener-configuration, a fifo-listener-configuration, or an inet-listener-configuration. Defaults to ‘'()’.

Available unix-listener-configuration fields are:

unix-listener-configuration parameter: string path

Path to the file, relative to base-dir field. This is also used as the section name.

unix-listener-configuration parameter: string mode

The access mode for the socket. Defaults to ‘"0600"’.

unix-listener-configuration parameter: string user

The user to own the socket. Defaults to ‘""’.

unix-listener-configuration parameter: string group

The group to own the socket. Defaults to ‘""’.

Available fifo-listener-configuration fields are:

fifo-listener-configuration parameter: string path

Path to the file, relative to base-dir field. This is also used as the section name.

fifo-listener-configuration parameter: string mode

The access mode for the socket. Defaults to ‘"0600"’.

fifo-listener-configuration parameter: string user

The user to own the socket. Defaults to ‘""’.

fifo-listener-configuration parameter: string group

The group to own the socket. Defaults to ‘""’.

Available inet-listener-configuration fields are:

inet-listener-configuration parameter: string protocol

The protocol to listen for.

inet-listener-configuration parameter: string address

The address on which to listen, or empty for all addresses. Defaults to ‘""’.

inet-listener-configuration parameter: non-negative-integer port

The port on which to listen.

inet-listener-configuration parameter: boolean ssl?

Whether to use SSL for this service; ‘yes’, ‘no’, or ‘required’. Defaults to ‘#t’.

service-configuration parameter: non-negative-integer client-limit

Maximum number of simultaneous client connections per process. Once this number of connections is received, the next incoming connection will prompt Dovecot to spawn another process. If set to 0, default-client-limit is used instead.

Defaults to ‘0’.

service-configuration parameter: non-negative-integer service-count

Number of connections to handle before starting a new process. Typically the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 is faster. <doc/wiki/LoginProcess.txt>. Defaults to ‘1’.

service-configuration parameter: non-negative-integer process-limit

Maximum number of processes that can exist for this service. If set to 0, default-process-limit is used instead.

Defaults to ‘0’.

service-configuration parameter: non-negative-integer process-min-avail

Number of processes to always keep waiting for more connections. Defaults to ‘0’.

service-configuration parameter: non-negative-integer vsz-limit

If you set ‘service-count 0’, you probably need to grow this. Defaults to ‘256000000’.

dovecot-configuration parameter: dict-configuration dict

Dict configuration, as created by the dict-configuration constructor.

Available dict-configuration fields are:

dict-configuration parameter: free-form-fields entries

A list of key-value pairs that this dict should hold. Defaults to ‘'()’.

dovecot-configuration parameter: passdb-configuration-list passdbs

A list of passdb configurations, each one created by the passdb-configuration constructor.

Available passdb-configuration fields are:

passdb-configuration parameter: string driver

The driver that the passdb should use. Valid values include ‘pam’, ‘passwd’, ‘shadow’, ‘bsdauth’, and ‘static’. Defaults to ‘"pam"’.

passdb-configuration parameter: space-separated-string-list args

Space separated list of arguments to the passdb driver. Defaults to ‘""’.

dovecot-configuration parameter: userdb-configuration-list userdbs

List of userdb configurations, each one created by the userdb-configuration constructor.

Available userdb-configuration fields are:

userdb-configuration parameter: string driver

The driver that the userdb should use. Valid values include ‘passwd’ and ‘static’. Defaults to ‘"passwd"’.

userdb-configuration parameter: space-separated-string-list args

Space separated list of arguments to the userdb driver. Defaults to ‘""’.

userdb-configuration parameter: free-form-args override-fields

Override fields from passwd. Defaults to ‘'()’.

dovecot-configuration parameter: plugin-configuration plugin-configuration

Plug-in configuration, created by the plugin-configuration constructor.

dovecot-configuration parameter: list-of-namespace-configuration namespaces

List of namespaces. Each item in the list is created by the namespace-configuration constructor.

Available namespace-configuration fields are:

namespace-configuration parameter: string name

Name for this namespace.

namespace-configuration parameter: string type

Namespace type: ‘private’, ‘shared’ or ‘public’. Defaults to ‘"private"’.

namespace-configuration parameter: string separator

Hierarchy separator to use. You should use the same separator for all namespaces or some clients get confused. ‘/’ is usually a good one. The default however depends on the underlying mail storage format. Defaults to ‘""’.

namespace-configuration parameter: string prefix

Prefix required to access this namespace. This needs to be different for all namespaces. For example ‘Public/’. Defaults to ‘""’.

namespace-configuration parameter: string location

Physical location of the mailbox. This is in the same format as mail_location, which is also the default for it. Defaults to ‘""’.

namespace-configuration parameter: boolean inbox?

There can be only one INBOX, and this setting defines which namespace has it. Defaults to ‘#f’.

namespace-configuration parameter: boolean hidden?

If namespace is hidden, it’s not advertised to clients via NAMESPACE extension. You’ll most likely also want to set ‘list? #f’. This is mostly useful when converting from another server with different namespaces which you want to deprecate but still keep working. For example you can create hidden namespaces with prefixes ‘~/mail/’, ‘~%u/mail/’ and ‘mail/’. Defaults to ‘#f’.

namespace-configuration parameter: boolean list?

Show the mailboxes under this namespace with the LIST command. This makes the namespace visible for clients that do not support the NAMESPACE extension. The special children value lists child mailboxes, but hides the namespace prefix. Defaults to ‘#t’.

namespace-configuration parameter: boolean subscriptions?

Namespace handles its own subscriptions. If set to #f, the parent namespace handles them. The empty prefix should always have this as #t). Defaults to ‘#t’.

namespace-configuration parameter: mailbox-configuration-list mailboxes

List of predefined mailboxes in this namespace. Defaults to ‘'()’.

Available mailbox-configuration fields are:

mailbox-configuration parameter: string name

Name for this mailbox.

mailbox-configuration parameter: string auto

create’ will automatically create this mailbox. ‘subscribe’ will both create and subscribe to the mailbox. Defaults to ‘"no"’.

mailbox-configuration parameter: space-separated-string-list special-use

List of IMAP SPECIAL-USE attributes as specified by RFC 6154. Valid values are \All, \Archive, \Drafts, \Flagged, \Junk, \Sent, and \Trash. Defaults to ‘'()’.

dovecot-configuration parameter: file-name base-dir

Base directory where to store runtime data. Defaults to ‘"/var/run/dovecot/"’.

dovecot-configuration parameter: string login-greeting

Greeting message for clients. Defaults to ‘"Dovecot ready."’.

dovecot-configuration parameter: space-separated-string-list login-trusted-networks

List of trusted network ranges. Connections from these IPs are allowed to override their IP addresses and ports (for logging and for authentication checks). ‘disable-plaintext-auth’ is also ignored for these networks. Typically you would specify your IMAP proxy servers here. Defaults to ‘'()’.

dovecot-configuration parameter: space-separated-string-list login-access-sockets

List of login access check sockets (e.g. tcpwrap). Defaults to ‘'()’.

dovecot-configuration parameter: boolean verbose-proctitle?

Show more verbose process titles (in ps). Currently shows user name and IP address. Useful for seeing who is actually using the IMAP processes (e.g. shared mailboxes or if the same uid is used for multiple accounts). Defaults to ‘#f’.

dovecot-configuration parameter: boolean shutdown-clients?

Should all processes be killed when Dovecot master process shuts down. Setting this to #f means that Dovecot can be upgraded without forcing existing client connections to close (although that could also be a problem if the upgrade is e.g. due to a security fix). Defaults to ‘#t’.

dovecot-configuration parameter: non-negative-integer doveadm-worker-count

If non-zero, run mail commands via this many connections to doveadm server, instead of running them directly in the same process. Defaults to ‘0’.

dovecot-configuration parameter: string doveadm-socket-path

UNIX socket or host:port used for connecting to doveadm server. Defaults to ‘"doveadm-server"’.

dovecot-configuration parameter: space-separated-string-list import-environment

List of environment variables that are preserved on Dovecot startup and passed down to all of its child processes. You can also give key=value pairs to always set specific settings.

dovecot-configuration parameter: boolean disable-plaintext-auth?

Disable LOGIN command and all other plaintext authentications unless SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP matches the local IP (i.e. you’re connecting from the same computer), the connection is considered secure and plaintext authentication is allowed. See also the ‘ssl=required’ setting. Defaults to ‘#t’.

dovecot-configuration parameter: non-negative-integer auth-cache-size

Authentication cache size (e.g. ‘#e10e6’). 0 means it’s disabled. Note that bsdauth, PAM and vpopmail require ‘cache-key’ to be set for caching to be used. Defaults to ‘0’.

dovecot-configuration parameter: string auth-cache-ttl

Time to live for cached data. After TTL expires the cached record is no longer used, *except* if the main database lookup returns internal failure. We also try to handle password changes automatically: If user’s previous authentication was successful, but this one wasn’t, the cache isn’t used. For now this works only with plaintext authentication. Defaults to ‘"1 hour"’.

dovecot-configuration parameter: string auth-cache-negative-ttl

TTL for negative hits (user not found, password mismatch). 0 disables caching them completely. Defaults to ‘"1 hour"’.

dovecot-configuration parameter: space-separated-string-list auth-realms

List of realms for SASL authentication mechanisms that need them. You can leave it empty if you don’t want to support multiple realms. Many clients simply use the first one listed here, so keep the default realm first. Defaults to ‘'()’.

dovecot-configuration parameter: string auth-default-realm

Default realm/domain to use if none was specified. This is used for both SASL realms and appending @domain to username in plaintext logins. Defaults to ‘""’.

dovecot-configuration parameter: string auth-username-chars

List of allowed characters in username. If the user-given username contains a character not listed in here, the login automatically fails. This is just an extra check to make sure user can’t exploit any potential quote escaping vulnerabilities with SQL/LDAP databases. If you want to allow all characters, set this value to empty. Defaults to ‘"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"’.

dovecot-configuration parameter: string auth-username-translation

Username character translations before it’s looked up from databases. The value contains series of from -> to characters. For example ‘#@/@’ means that ‘#’ and ‘/’ characters are translated to ‘@’. Defaults to ‘""’.

dovecot-configuration parameter: string auth-username-format

Username formatting before it’s looked up from databases. You can use the standard variables here, e.g. %Lu would lowercase the username, %n would drop away the domain if it was given, or ‘%n-AT-%d’ would change the ‘@’ into ‘-AT-’. This translation is done after ‘auth-username-translation’ changes. Defaults to ‘"%Lu"’.

dovecot-configuration parameter: string auth-master-user-separator

If you want to allow master users to log in by specifying the master username within the normal username string (i.e. not using SASL mechanism’s support for it), you can specify the separator character here. The format is then <username><separator><master username>. UW-IMAP uses ‘*’ as the separator, so that could be a good choice. Defaults to ‘""’.

dovecot-configuration parameter: string auth-anonymous-username

Username to use for users logging in with ANONYMOUS SASL mechanism. Defaults to ‘"anonymous"’.

dovecot-configuration parameter: non-negative-integer auth-worker-max-count

Maximum number of dovecot-auth worker processes. They’re used to execute blocking passdb and userdb queries (e.g. MySQL and PAM). They’re automatically created and destroyed as needed. Defaults to ‘30’.

dovecot-configuration parameter: string auth-gssapi-hostname

Host name to use in GSSAPI principal names. The default is to use the name returned by gethostname(). Use ‘$ALL’ (with quotes) to allow all keytab entries. Defaults to ‘""’.

dovecot-configuration parameter: string auth-krb5-keytab

Kerberos keytab to use for the GSSAPI mechanism. Will use the system default (usually /etc/krb5.keytab) if not specified. You may need to change the auth service to run as root to be able to read this file. Defaults to ‘""’.

dovecot-configuration parameter: boolean auth-use-winbind?

Do NTLM and GSS-SPNEGO authentication using Samba’s winbind daemon and ‘ntlm-auth’ helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>. Defaults to ‘#f’.

dovecot-configuration parameter: file-name auth-winbind-helper-path

Path for Samba’s ‘ntlm-auth’ helper binary. Defaults to ‘"/usr/bin/ntlm_auth"’.

dovecot-configuration parameter: string auth-failure-delay

Time to delay before replying to failed authentications. Defaults to ‘"2 secs"’.

dovecot-configuration parameter: boolean auth-ssl-require-client-cert?

Require a valid SSL client certificate or the authentication fails. Defaults to ‘#f’.

dovecot-configuration parameter: boolean auth-ssl-username-from-cert?

Take the username from client’s SSL certificate, using X509_NAME_get_text_by_NID() which returns the subject’s DN’s CommonName. Defaults to ‘#f’.

dovecot-configuration parameter: space-separated-string-list auth-mechanisms

List of wanted authentication mechanisms. Supported mechanisms are: ‘plain’, ‘login’, ‘digest-md5’, ‘cram-md5’, ‘ntlm’, ‘rpa’, ‘apop’, ‘anonymous’, ‘gssapi’, ‘otp’, ‘skey’, and ‘gss-spnego’. See also the ‘disable-plaintext-auth’ setting.

dovecot-configuration parameter: space-separated-string-list director-servers

List of IPs or hostnames to all director servers, including ourself. Ports can be specified as ip:port. The default port is the same as what director service’s ‘inet-listener’ is using. Defaults to ‘'()’.

dovecot-configuration parameter: space-separated-string-list director-mail-servers

List of IPs or hostnames to all backend mail servers. Ranges are allowed too, like 10.0.0.10-10.0.0.30. Defaults to ‘'()’.

dovecot-configuration parameter: string director-user-expire

How long to redirect users to a specific server after it no longer has any connections. Defaults to ‘"15 min"’.

dovecot-configuration parameter: string director-username-hash

How the username is translated before being hashed. Useful values include %Ln if user can log in with or without @domain, %Ld if mailboxes are shared within domain. Defaults to ‘"%Lu"’.

dovecot-configuration parameter: string log-path

Log file to use for error messages. ‘syslog’ logs to syslog, ‘/dev/stderr’ logs to stderr. Defaults to ‘"syslog"’.

dovecot-configuration parameter: string info-log-path

Log file to use for informational messages. Defaults to ‘log-path’. Defaults to ‘""’.

dovecot-configuration parameter: string debug-log-path

Log file to use for debug messages. Defaults to ‘info-log-path’. Defaults to ‘""’.

dovecot-configuration parameter: string syslog-facility

Syslog facility to use if you’re logging to syslog. Usually if you don’t want to use ‘mail’, you’ll use local0..local7. Also other standard facilities are supported. Defaults to ‘"mail"’.

dovecot-configuration parameter: boolean auth-verbose?

Log unsuccessful authentication attempts and the reasons why they failed. Defaults to ‘#f’.

dovecot-configuration parameter: string auth-verbose-passwords

In case of password mismatches, log the attempted password. Valid values are no, plain and sha1. sha1 can be useful for detecting brute force password attempts vs. user simply trying the same password over and over again. You can also truncate the value to n chars by appending ":n" (e.g. sha1:6). Defaults to ‘"no"’.

dovecot-configuration parameter: boolean auth-debug?

Even more verbose logging for debugging purposes. Shows for example SQL queries. Defaults to ‘#f’.

dovecot-configuration parameter: boolean auth-debug-passwords?

In case of password mismatches, log the passwords and used scheme so the problem can be debugged. Enabling this also enables ‘auth-debug’. Defaults to ‘#f’.

dovecot-configuration parameter: boolean mail-debug?

Enable mail process debugging. This can help you figure out why Dovecot isn’t finding your mails. Defaults to ‘#f’.

dovecot-configuration parameter: boolean verbose-ssl?

Show protocol level SSL errors. Defaults to ‘#f’.

dovecot-configuration parameter: string log-timestamp

Prefix for each line written to log file. % codes are in strftime(3) format. Defaults to ‘"\"%b %d %H:%M:%S \""’.

dovecot-configuration parameter: space-separated-string-list login-log-format-elements

List of elements we want to log. The elements which have a non-empty variable value are joined together to form a comma-separated string.

dovecot-configuration parameter: string login-log-format

Login log format. %s contains ‘login-log-format-elements’ string, %$ contains the data we want to log. Defaults to ‘"%$: %s"’.

dovecot-configuration parameter: string mail-log-prefix

Log prefix for mail processes. See doc/wiki/Variables.txt for list of possible variables you can use. Defaults to ‘"\"%s(%u)<%{pid}><%{session}>: \""’.

dovecot-configuration parameter: string deliver-log-format

Format to use for logging mail deliveries. You can use variables:

%$

Delivery status message (e.g. ‘saved to INBOX’)

%m

Message-ID

%s

Subject

%f

From address

%p

Physical size

%w

Virtual size.

Defaults to ‘"msgid=%m: %$"’.

dovecot-configuration parameter: string mail-location

Location for users’ mailboxes. The default is empty, which means that Dovecot tries to find the mailboxes automatically. This won’t work if the user doesn’t yet have any mail, so you should explicitly tell Dovecot the full location.

If you’re using mbox, giving a path to the INBOX file (e.g. /var/mail/%u) isn’t enough. You’ll also need to tell Dovecot where the other mailboxes are kept. This is called the root mail directory, and it must be the first path given in the ‘mail-location’ setting.

There are a few special variables you can use, e.g.:

%u

username

%n

user part in user@domain, same as %u if there’s no domain

%d

domain part in user@domain, empty if there’s no domain

%h

home directory

See doc/wiki/Variables.txt for full list. Some examples:

maildir:~/Maildir
mbox:~/mail:INBOX=/var/mail/%u
mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%

Defaults to ‘""’.

dovecot-configuration parameter: string mail-uid

System user and group used to access mails. If you use multiple, userdb can override these by returning uid or gid fields. You can use either numbers or names. <doc/wiki/UserIds.txt>. Defaults to ‘""’.

dovecot-configuration parameter: string mail-gid

Defaults to ‘""’.

dovecot-configuration parameter: string mail-privileged-group

Group to enable temporarily for privileged operations. Currently this is used only with INBOX when either its initial creation or dotlocking fails. Typically this is set to ‘"mail"’ to give access to /var/mail. Defaults to ‘""’.

dovecot-configuration parameter: string mail-access-groups

Grant access to these supplementary groups for mail processes. Typically these are used to set up access to shared mailboxes. Note that it may be dangerous to set these if users can create symlinks (e.g. if ‘mail’ group is set here, ln -s /var/mail ~/mail/var could allow a user to delete others’ mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). Defaults to ‘""’.

dovecot-configuration parameter: string mail-attribute-dict

The location of a dictionary used to store IMAP METADATA as defined by RFC 5464.

The IMAP METADATA commands are available only if the “imap” protocol configuration’s imap-metadata? field is ‘#t’.

Defaults to ‘""’.

dovecot-configuration parameter: boolean mail-full-filesystem-access?

Allow full file system access to clients. There’s no access checks other than what the operating system does for the active UID/GID. It works with both maildir and mboxes, allowing you to prefix mailboxes names with e.g. /path/ or ~user/. Defaults to ‘#f’.

dovecot-configuration parameter: boolean mmap-disable?

Don’t use mmap() at all. This is required if you store indexes to shared file systems (NFS or clustered file system). Defaults to ‘#f’.

dovecot-configuration parameter: boolean dotlock-use-excl?

Rely on ‘O_EXCL’ to work when creating dotlock files. NFS supports ‘O_EXCL’ since version 3, so this should be safe to use nowadays by default. Defaults to ‘#t’.

dovecot-configuration parameter: string mail-fsync

When to use fsync() or fdatasync() calls:

optimized

Whenever necessary to avoid losing important data

always

Useful with e.g. NFS when write()s are delayed

never

Never use it (best performance, but crashes can lose data).

Defaults to ‘"optimized"’.

dovecot-configuration parameter: boolean mail-nfs-storage?

Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches whenever needed. If you’re using only a single mail server this isn’t needed. Defaults to ‘#f’.

dovecot-configuration parameter: boolean mail-nfs-index?

Mail index files also exist in NFS. Setting this to yes requires ‘mmap-disable? #t’ and ‘fsync-disable? #f’. Defaults to ‘#f’.

dovecot-configuration parameter: string lock-method

Locking method for index files. Alternatives are fcntl, flock and dotlock. Dotlocking uses some tricks which may create more disk I/O than other locking methods. NFS users: flock doesn’t work, remember to change ‘mmap-disable’. Defaults to ‘"fcntl"’.

dovecot-configuration parameter: file-name mail-temp-dir

Directory in which LDA/LMTP temporarily stores incoming mails >128 kB. Defaults to ‘"/tmp"’.

dovecot-configuration parameter: non-negative-integer first-valid-uid

Valid UID range for users. This is mostly to make sure that users can’t log in as daemons or other system users. Note that denying root logins is hardcoded to dovecot binary and can’t be done even if ‘first-valid-uid’ is set to 0. Defaults to ‘500’.

dovecot-configuration parameter: non-negative-integer last-valid-uid

Defaults to ‘0’.

dovecot-configuration parameter: non-negative-integer first-valid-gid

Valid GID range for users. Users having non-valid GID as primary group ID aren’t allowed to log in. If user belongs to supplementary groups with non-valid GIDs, those groups are not set. Defaults to ‘1’.

dovecot-configuration parameter: non-negative-integer last-valid-gid

Defaults to ‘0’.

dovecot-configuration parameter: non-negative-integer mail-max-keyword-length

Maximum allowed length for mail keyword name. It’s only forced when trying to create new keywords. Defaults to ‘50’.

dovecot-configuration parameter: colon-separated-file-name-list valid-chroot-dirs

List of directories under which chrooting is allowed for mail processes (i.e. /var/mail will allow chrooting to /var/mail/foo/bar too). This setting doesn’t affect ‘login-chroot’ ‘mail-chroot’ or auth chroot settings. If this setting is empty, ‘/./’ in home dirs are ignored. WARNING: Never add directories here which local users can modify, that may lead to root exploit. Usually this should be done only if you don’t allow shell access for users. <doc/wiki/Chrooting.txt>. Defaults to ‘'()’.

dovecot-configuration parameter: string mail-chroot

Default chroot directory for mail processes. This can be overridden for specific users in user database by giving ‘/./’ in user’s home directory (e.g. ‘/home/./user’ chroots into /home). Note that usually there is no real need to do chrooting, Dovecot doesn’t allow users to access files outside their mail directory anyway. If your home directories are prefixed with the chroot directory, append ‘/.’ to ‘mail-chroot’. <doc/wiki/Chrooting.txt>. Defaults to ‘""’.

dovecot-configuration parameter: file-name auth-socket-path

UNIX socket path to master authentication server to find users. This is used by imap (for shared users) and lda. Defaults to ‘"/var/run/dovecot/auth-userdb"’.

dovecot-configuration parameter: file-name mail-plugin-dir

Directory where to look up mail plugins. Defaults to ‘"/usr/lib/dovecot"’.

dovecot-configuration parameter: space-separated-string-list mail-plugins

List of plugins to load for all services. Plugins specific to IMAP, LDA, etc. are added to this list in their own .conf files. Defaults to ‘'()’.

dovecot-configuration parameter: non-negative-integer mail-cache-min-mail-count

The minimum number of mails in a mailbox before updates are done to cache file. This allows optimizing Dovecot’s behavior to do less disk writes at the cost of more disk reads. Defaults to ‘0’.

dovecot-configuration parameter: string mailbox-idle-check-interval

When IDLE command is running, mailbox is checked once in a while to see if there are any new mails or other changes. This setting defines the minimum time to wait between those checks. Dovecot can also use dnotify, inotify and kqueue to find out immediately when changes occur. Defaults to ‘"30 secs"’.

dovecot-configuration parameter: boolean mail-save-crlf?

Save mails with CR+LF instead of plain LF. This makes sending those mails take less CPU, especially with sendfile() syscall with Linux and FreeBSD. But it also creates a bit more disk I/O which may just make it slower. Also note that if other software reads the mboxes/maildirs, they may handle the extra CRs wrong and cause problems. Defaults to ‘#f’.

dovecot-configuration parameter: boolean maildir-stat-dirs?

By default LIST command returns all entries in maildir beginning with a dot. Enabling this option makes Dovecot return only entries which are directories. This is done by stat()ing each entry, so it causes more disk I/O. (For systems setting struct ‘dirent->d_type’ this check is free and it’s done always regardless of this setting). Defaults to ‘#f’.

When copying a message, do it with hard links whenever possible. This makes the performance much better, and it’s unlikely to have any side effects. Defaults to ‘#t’.

dovecot-configuration parameter: boolean maildir-very-dirty-syncs?

Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only when its mtime changes unexpectedly or when we can’t find the mail otherwise. Defaults to ‘#f’.

dovecot-configuration parameter: space-separated-string-list mbox-read-locks

Which locking methods to use for locking mbox. There are four available:

dotlock

Create <mailbox>.lock file. This is the oldest and most NFS-safe solution. If you want to use /var/mail/ like directory, the users will need write access to that directory.

dotlock-try

Same as dotlock, but if it fails because of permissions or because there isn’t enough disk space, just skip it.

fcntl

Use this if possible. Works with NFS too if lockd is used.

flock

May not exist in all systems. Doesn’t work with NFS.

lockf

May not exist in all systems. Doesn’t work with NFS.

You can use multiple locking methods; if you do the order they’re declared in is important to avoid deadlocks if other MTAs/MUAs are using multiple locking methods as well. Some operating systems don’t allow using some of them simultaneously.

dovecot-configuration parameter: space-separated-string-list mbox-write-locks
dovecot-configuration parameter: string mbox-lock-timeout

Maximum time to wait for lock (all of them) before aborting. Defaults to ‘"5 mins"’.

dovecot-configuration parameter: string mbox-dotlock-change-timeout

If dotlock exists but the mailbox isn’t modified in any way, override the lock file after this much time. Defaults to ‘"2 mins"’.

dovecot-configuration parameter: boolean mbox-dirty-syncs?

When mbox changes unexpectedly we have to fully read it to find out what changed. If the mbox is large this can take a long time. Since the change is usually just a newly appended mail, it’d be faster to simply read the new mails. If this setting is enabled, Dovecot does this but still safely fallbacks to re-reading the whole mbox file whenever something in mbox isn’t how it’s expected to be. The only real downside to this setting is that if some other MUA changes message flags, Dovecot doesn’t notice it immediately. Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK commands. Defaults to ‘#t’.

dovecot-configuration parameter: boolean mbox-very-dirty-syncs?

Like ‘mbox-dirty-syncs’, but don’t do full syncs even with SELECT, EXAMINE, EXPUNGE or CHECK commands. If this is set, ‘mbox-dirty-syncs’ is ignored. Defaults to ‘#f’.

dovecot-configuration parameter: boolean mbox-lazy-writes?

Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK commands and when closing the mailbox). This is especially useful for POP3 where clients often delete all mails. The downside is that our changes aren’t immediately visible to other MUAs. Defaults to ‘#t’.

dovecot-configuration parameter: non-negative-integer mbox-min-index-size

If mbox size is smaller than this (e.g. 100k), don’t write index files. If an index file already exists it’s still read, just not updated. Defaults to ‘0’.

dovecot-configuration parameter: non-negative-integer mdbox-rotate-size

Maximum dbox file size until it’s rotated. Defaults to ‘10000000’.

dovecot-configuration parameter: string mdbox-rotate-interval

Maximum dbox file age until it’s rotated. Typically in days. Day begins from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled. Defaults to ‘"1d"’.

dovecot-configuration parameter: boolean mdbox-preallocate-space?

When creating new mdbox files, immediately preallocate their size to ‘mdbox-rotate-size’. This setting currently works only in Linux with some file systems (ext4, xfs). Defaults to ‘#f’.

dovecot-configuration parameter: string mail-attachment-dir

sdbox and mdbox support saving mail attachments to external files, which also allows single instance storage for them. Other backends don’t support this for now.

WARNING: This feature hasn’t been tested much yet. Use at your own risk.

Directory root where to store mail attachments. Disabled, if empty. Defaults to ‘""’.

dovecot-configuration parameter: non-negative-integer mail-attachment-min-size

Attachments smaller than this aren’t saved externally. It’s also possible to write a plugin to disable saving specific attachments externally. Defaults to ‘128000’.

dovecot-configuration parameter: string mail-attachment-fs

File system backend to use for saving attachments:

posix

No SiS done by Dovecot (but this might help FS’s own deduplication)

sis posix

SiS with immediate byte-by-byte comparison during saving

sis-queue posix

SiS with delayed comparison and deduplication.

Defaults to ‘"sis posix"’.

dovecot-configuration parameter: string mail-attachment-hash

Hash format to use in attachment filenames. You can add any text and variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}. Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits. Defaults to ‘"%{sha1}"’.

dovecot-configuration parameter: non-negative-integer default-process-limit

Defaults to ‘100’.

dovecot-configuration parameter: non-negative-integer default-client-limit

Defaults to ‘1000’.

dovecot-configuration parameter: non-negative-integer default-vsz-limit

Default VSZ (virtual memory size) limit for service processes. This is mainly intended to catch and kill processes that leak memory before they eat up everything. Defaults to ‘256000000’.

dovecot-configuration parameter: string default-login-user

Login user is internally used by login processes. This is the most untrusted user in Dovecot system. It shouldn’t have access to anything at all. Defaults to ‘"dovenull"’.

dovecot-configuration parameter: string default-internal-user

Internal user is used by unprivileged processes. It should be separate from login user, so that login processes can’t disturb other processes. Defaults to ‘"dovecot"’.

dovecot-configuration parameter: string ssl?

SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>. Defaults to ‘"required"’.

dovecot-configuration parameter: string ssl-cert

PEM encoded X.509 SSL/TLS certificate (public key). Defaults to ‘"</etc/dovecot/default.pem"’.

dovecot-configuration parameter: string ssl-key

PEM encoded SSL/TLS private key. The key is opened before dropping root privileges, so keep the key file unreadable by anyone but root. Defaults to ‘"</etc/dovecot/private/default.pem"’.

dovecot-configuration parameter: string ssl-key-password

If key file is password protected, give the password here. Alternatively give it when starting dovecot with -p parameter. Since this file is often world-readable, you may want to place this setting instead to a different. Defaults to ‘""’.

dovecot-configuration parameter: string ssl-ca

PEM encoded trusted certificate authority. Set this only if you intend to use ‘ssl-verify-client-cert? #t’. The file should contain the CA certificate(s) followed by the matching CRL(s). (e.g. ‘ssl-ca </etc/ssl/certs/ca.pem’). Defaults to ‘""’.

dovecot-configuration parameter: boolean ssl-require-crl?

Require that CRL check succeeds for client certificates. Defaults to ‘#t’.

dovecot-configuration parameter: boolean ssl-verify-client-cert?

Request client to send a certificate. If you also want to require it, set ‘auth-ssl-require-client-cert? #t’ in auth section. Defaults to ‘#f’.

dovecot-configuration parameter: string ssl-cert-username-field

Which field from certificate to use for username. commonName and x500UniqueIdentifier are the usual choices. You’ll also need to set ‘auth-ssl-username-from-cert? #t’. Defaults to ‘"commonName"’.

dovecot-configuration parameter: string ssl-min-protocol

Minimum SSL protocol version to accept. Defaults to ‘"TLSv1"’.

dovecot-configuration parameter: string ssl-cipher-list

SSL ciphers to use. Defaults to ‘"ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH"’.

dovecot-configuration parameter: string ssl-crypto-device

SSL crypto device to use, for valid values run "openssl engine". Defaults to ‘""’.

dovecot-configuration parameter: string postmaster-address

Address to use when sending rejection mails. %d expands to recipient domain. Defaults to ‘"postmaster@%d"’.

dovecot-configuration parameter: string hostname

Hostname to use in various parts of sent mails (e.g. in Message-Id) and in LMTP replies. Default is the system’s real hostname@domain. Defaults to ‘""’.

dovecot-configuration parameter: boolean quota-full-tempfail?

If user is over quota, return with temporary failure instead of bouncing the mail. Defaults to ‘#f’.

dovecot-configuration parameter: file-name sendmail-path

Binary to use for sending mails. Defaults to ‘"/usr/sbin/sendmail"’.

dovecot-configuration parameter: string submission-host

If non-empty, send mails via this SMTP host[:port] instead of sendmail. Defaults to ‘""’.

dovecot-configuration parameter: string rejection-subject

Subject: header to use for rejection mails. You can use the same variables as for ‘rejection-reason’ below. Defaults to ‘"Rejected: %s"’.

dovecot-configuration parameter: string rejection-reason

Human readable error message for rejection mails. You can use variables:

%n

CRLF

%r

reason

%s

original subject

%t

recipient

Defaults to ‘"Your message to <%t> was automatically rejected:%n%r"’.

dovecot-configuration parameter: string recipient-delimiter

Delimiter character between local-part and detail in email address. Defaults to ‘"+"’.

dovecot-configuration parameter: string lda-original-recipient-header

Header where the original recipient address (SMTP’s RCPT TO: address) is taken from if not available elsewhere. With dovecot-lda -a parameter overrides this. A commonly used header for this is X-Original-To. Defaults to ‘""’.

dovecot-configuration parameter: boolean lda-mailbox-autocreate?

Should saving a mail to a nonexistent mailbox automatically create it?. Defaults to ‘#f’.

dovecot-configuration parameter: boolean lda-mailbox-autosubscribe?

Should automatically created mailboxes be also automatically subscribed?. Defaults to ‘#f’.

dovecot-configuration parameter: non-negative-integer imap-max-line-length

Maximum IMAP command line length. Some clients generate very long command lines with huge mailboxes, so you may need to raise this if you get "Too long argument" or "IMAP command line too large" errors often. Defaults to ‘64000’.

dovecot-configuration parameter: string imap-logout-format

IMAP logout format string:

%i

total number of bytes read from client

%o

total number of bytes sent to client.

See doc/wiki/Variables.txt for a list of all the variables you can use. Defaults to ‘"in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes}"’.

dovecot-configuration parameter: string imap-capability

Override the IMAP CAPABILITY response. If the value begins with ’+’, add the given capabilities on top of the defaults (e.g. +XFOO XBAR). Defaults to ‘""’.

dovecot-configuration parameter: string imap-idle-notify-interval

How long to wait between "OK Still here" notifications when client is IDLEing. Defaults to ‘"2 mins"’.

dovecot-configuration parameter: string imap-id-send

ID field names and values to send to clients. Using * as the value makes Dovecot use the default value. The following fields have default values currently: name, version, os, os-version, support-url, support-email. Defaults to ‘""’.

dovecot-configuration parameter: string imap-id-log

ID fields sent by client to log. * means everything. Defaults to ‘""’.

dovecot-configuration parameter: space-separated-string-list imap-client-workarounds

Workarounds for various client bugs:

delay-newmail

Send EXISTS/RECENT new mail notifications only when replying to NOOP and CHECK commands. Some clients ignore them otherwise, for example OSX Mail (<v2.1). Outlook Express breaks more badly though, without this it may show user "Message no longer in server" errors. Note that OE6 still breaks even with this workaround if synchronization is set to "Headers Only".

tb-extra-mailbox-sep

Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and adds extra ‘/’ suffixes to mailbox names. This option causes Dovecot to ignore the extra ‘/’ instead of treating it as invalid mailbox name.

tb-lsub-flags

Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox). This makes Thunderbird realize they aren’t selectable and show them greyed out, instead of only later giving "not selectable" popup error.

Defaults to ‘'()’.

dovecot-configuration parameter: string imap-urlauth-host

Host allowed in URLAUTH URLs sent by client. "*" allows all. Defaults to ‘""’.

Whew! Lots of configuration options. The nice thing about it though is that Guix has a complete interface to Dovecot’s configuration language. This allows not only a nice way to declare configurations, but also offers reflective capabilities as well: users can write code to inspect and transform configurations from within Scheme.

However, it could be that you just want to get a dovecot.conf up and running. In that case, you can pass an opaque-dovecot-configuration as the #:config parameter to dovecot-service. As its name indicates, an opaque configuration does not have easy reflective capabilities.

Available opaque-dovecot-configuration fields are:

opaque-dovecot-configuration parameter: package dovecot

The dovecot package.

opaque-dovecot-configuration parameter: string string

The contents of the dovecot.conf, as a string.

For example, if your dovecot.conf is just the empty string, you could instantiate a dovecot service like this:

(dovecot-service #:config
                 (opaque-dovecot-configuration
                  (string "")))

OpenSMTPD Service

Variable: opensmtpd-service-type

This is the type of the OpenSMTPD service, whose value should be an opensmtpd-configuration object as in this example:

(service opensmtpd-service-type
         (opensmtpd-configuration
           (config-file (local-file "./my-smtpd.conf"))))
Data Type: opensmtpd-configuration

Data type representing the configuration of opensmtpd.

package (default: opensmtpd)

Package object of the OpenSMTPD SMTP server.

shepherd-requirement (default: '())

This option can be used to provide a list of symbols naming Shepherd services that this service will depend on, such as 'networking if you want to configure OpenSMTPD to listen on non-loopback interfaces.

config-file (default: %default-opensmtpd-config-file)

File-like object of the OpenSMTPD configuration file to use. By default it listens on the loopback network interface, and allows for mail from users and daemons on the local machine, as well as permitting email to remote servers. Run man smtpd.conf for more information.

setgid-commands? (default: #t)

Make the following commands setgid to smtpq so they can be executed: smtpctl, sendmail, send-mail, makemap, mailq, and newaliases. See Privileged Programs, for more information on setgid programs.

Exim Service

Variable: exim-service-type

This is the type of the Exim mail transfer agent (MTA), whose value should be an exim-configuration object as in this example:

(service exim-service-type
         (exim-configuration
           (config-file (local-file "./my-exim.conf"))))

In order to use an exim-service-type service you must also have a mail-aliases-service-type service present in your operating-system (even if it has no aliases).

Data Type: exim-configuration

Data type representing the configuration of exim.

package (default: exim)

Package object of the Exim server.

config-file (default: #f)

File-like object of the Exim configuration file to use. If its value is #f then use the default configuration file from the package provided in package. The resulting configuration file is loaded after setting the exim_user and exim_group configuration variables.

Getmail service

Variable: getmail-service-type

This is the type of the Getmail mail retriever, whose value should be a getmail-configuration.

Available getmail-configuration fields are:

getmail-configuration parameter: symbol name

A symbol to identify the getmail service.

Defaults to ‘"unset"’.

getmail-configuration parameter: package package

The getmail package to use.

getmail-configuration parameter: string user

The user to run getmail as.

Defaults to ‘"getmail"’.

getmail-configuration parameter: string group

The group to run getmail as.

Defaults to ‘"getmail"’.

getmail-configuration parameter: string directory

The getmail directory to use.

Defaults to ‘"/var/lib/getmail/default"’.

getmail-configuration parameter: getmail-configuration-file rcfile

The getmail configuration file to use.

Available getmail-configuration-file fields are:

getmail-configuration-file parameter: getmail-retriever-configuration retriever

What mail account to retrieve mail from, and how to access that account.

Available getmail-retriever-configuration fields are:

getmail-retriever-configuration parameter: string type

The type of mail retriever to use. Valid values include ‘passwd’ and ‘static’.

Defaults to ‘"SimpleIMAPSSLRetriever"’.

getmail-retriever-configuration parameter: string server

Username to login to the mail server with.

Defaults to ‘unset’.

getmail-retriever-configuration parameter: string username

Username to login to the mail server with.

Defaults to ‘unset’.

getmail-retriever-configuration parameter: non-negative-integer port

Port number to connect to.

Defaults to ‘#f’.

getmail-retriever-configuration parameter: string password

Override fields from passwd.

Defaults to ‘""’.

getmail-retriever-configuration parameter: list password-command

Override fields from passwd.

Defaults to ‘'()’.

getmail-retriever-configuration parameter: string keyfile

PEM-formatted key file to use for the TLS negotiation.

Defaults to ‘""’.

getmail-retriever-configuration parameter: string certfile

PEM-formatted certificate file to use for the TLS negotiation.

Defaults to ‘""’.

getmail-retriever-configuration parameter: string ca-certs

CA certificates to use.

Defaults to ‘""’.

getmail-retriever-configuration parameter: parameter-alist extra-parameters

Extra retriever parameters.

Defaults to ‘'()’.

getmail-configuration-file parameter: getmail-destination-configuration destination

What to do with retrieved messages.

Available getmail-destination-configuration fields are:

getmail-destination-configuration parameter: string type

The type of mail destination. Valid values include ‘Maildir’, ‘Mboxrd’ and ‘MDA_external’.

Defaults to ‘unset’.

getmail-destination-configuration parameter: string-or-filelike path

The path option for the mail destination. The behaviour depends on the chosen type.

Defaults to ‘""’.

getmail-destination-configuration parameter: parameter-alist extra-parameters

Extra destination parameters

Defaults to ‘'()’.

getmail-configuration-file parameter: getmail-options-configuration options

Configure getmail.

Available getmail-options-configuration fields are:

getmail-options-configuration parameter: non-negative-integer verbose

If set to ‘0’, getmail will only print warnings and errors. A value of ‘1’ means that messages will be printed about retrieving and deleting messages. If set to ‘2’, getmail will print messages about each of its actions.

Defaults to ‘1’.

getmail-options-configuration parameter: boolean read-all

If true, getmail will retrieve all available messages. Otherwise it will only retrieve messages it hasn’t seen previously.

Defaults to ‘#t’.

getmail-options-configuration parameter: boolean delete

If set to true, messages will be deleted from the server after retrieving and successfully delivering them. Otherwise, messages will be left on the server.

Defaults to ‘#f’.

getmail-options-configuration parameter: non-negative-integer delete-after

Getmail will delete messages this number of days after seeing them, if they have been delivered. This means messages will be left on the server this number of days after delivering them. A value of ‘0’ disabled this feature.

Defaults to ‘0’.

getmail-options-configuration parameter: non-negative-integer delete-bigger-than

Delete messages larger than this of bytes after retrieving them, even if the delete and delete-after options are disabled. A value of ‘0’ disables this feature.

Defaults to ‘0’.

getmail-options-configuration parameter: non-negative-integer max-bytes-per-session

Retrieve messages totalling up to this number of bytes before closing the session with the server. A value of ‘0’ disables this feature.

Defaults to ‘0’.

getmail-options-configuration parameter: non-negative-integer max-message-size

Don’t retrieve messages larger than this number of bytes. A value of ‘0’ disables this feature.

Defaults to ‘0’.

getmail-options-configuration parameter: boolean delivered-to

If true, getmail will add a Delivered-To header to messages.

Defaults to ‘#t’.

getmail-options-configuration parameter: boolean received

If set, getmail adds a Received header to the messages.

Defaults to ‘#t’.

getmail-options-configuration parameter: string message-log

Getmail will record a log of its actions to the named file. A value of ‘""’ disables this feature.

Defaults to ‘""’.

getmail-options-configuration parameter: boolean message-log-syslog

If true, getmail will record a log of its actions using the system logger.

Defaults to ‘#f’.

getmail-options-configuration parameter: boolean message-log-verbose

If true, getmail will log information about messages not retrieved and the reason for not retrieving them, as well as starting and ending information lines.

Defaults to ‘#f’.

getmail-options-configuration parameter: parameter-alist extra-parameters

Extra options to include.

Defaults to ‘'()’.

getmail-configuration parameter: list idle

A list of mailboxes that getmail should wait on the server for new mail notifications. This depends on the server supporting the IDLE extension.

Defaults to ‘'()’.

getmail-configuration parameter: list environment-variables

Environment variables to set for getmail.

Defaults to ‘'()’.

Mail Aliases Service

Variable: mail-aliases-service-type

This is the type of the service which provides /etc/aliases, specifying how to deliver mail to users on this system.

(service mail-aliases-service-type
         '(("postmaster" "bob")
           ("bob" "bob@example.com" "bob@example2.com")))

The configuration for a mail-aliases-service-type service is an association list denoting how to deliver mail that comes to this system. Each entry is of the form (alias addresses ...), with alias specifying the local alias and addresses specifying where to deliver this user’s mail.

The aliases aren’t required to exist as users on the local system. In the above example, there doesn’t need to be a postmaster entry in the operating-system’s user-accounts in order to deliver the postmaster mail to bob (which subsequently would deliver mail to bob@example.com and bob@example2.com).

GNU Mailutils IMAP4 Daemon

Variable: imap4d-service-type

This is the type of the GNU Mailutils IMAP4 Daemon (see imap4d in GNU Mailutils Manual), whose value should be an imap4d-configuration object as in this example:

(service imap4d-service-type
         (imap4d-configuration
           (config-file (local-file "imap4d.conf"))))
Data Type: imap4d-configuration

Data type representing the configuration of imap4d.

package (default: mailutils)

The package that provides imap4d.

config-file (default: %default-imap4d-config-file)

File-like object of the configuration file to use, by default it will listen on TCP port 143 of localhost. See Conf-imap4d in GNU Mailutils Manual, for details.

Radicale Service

Variable: radicale-service-type

This is the type of the Radicale CalDAV/CardDAV server whose value should be a radicale-configuration. The default configuration matches the upstream documentation.

Data Type: radicale-configuration

Data type representing the configuration of radicale. Available radicale-configuration fields are:

package (default: radicale) (type: package)

Package that provides radicale.

auth (default: '()) (type: radicale-auth-configuration)

Configuration for auth-related variables.

Data Type: radicale-auth-configuration

Data type representing the auth section of a radicale configuration file. Available radicale-auth-configuration fields are:

type (default: 'none) (type: symbol)

The method to verify usernames and passwords. Options are none, htpasswd, remote-user, and http-x-remote-user. This value is tied to htpasswd-filename and htpasswd-encryption.

htpasswd-filename (default: "/etc/radicale/users") (type: file-name)

Path to the htpasswd file. Use htpasswd or similar to generate this file.

htpasswd-encryption (default: 'md5) (type: symbol)

Encryption method used in the htpasswd file. Options are plain, bcrypt, and md5.

delay (default: 1) (type: non-negative-integer)

Average delay after failed login attempts in seconds.

realm (default: "Radicale - Password Required") (type: string)

Message displayed in the client when a password is needed.

encoding (default: '()) (type: radicale-encoding-configuration)

Configuration for encoding-related variables.

Data Type: radicale-encoding-configuration

Data type representing the encoding section of a radicale configuration file. Available radicale-encoding-configuration fields are:

request (default: 'utf-8) (type: symbol)

Encoding for responding requests.

stock (default: 'utf-8) (type: symbol)

Encoding for storing local collections.

headers-file (default: none) (type: file-like)

Custom HTTP headers.

logging (default: '()) (type: radicale-logging-configuration)

Configuration for logging-related variables.

Data Type: radicale-logging-configuration

Data type representing the logging section of a radicale configuration file. Available radicale-logging-configuration fields are:

level (default: 'warning) (type: symbol)

Set the logging level. One of debug, info, warning, error, or critical.

mask-passwords? (default: #t) (type: boolean)

Whether to include passwords in logs.

rights (default: '()) (type: radicale-rights-configuration)

Configuration for rights-related variables. This should be a radicale-rights-configuration.

Data Type: radicale-rights-configuration

Data type representing the rights section of a radicale configuration file. Available radicale-rights-configuration fields are:

type (default: 'owner-only) (type: symbol)

Backend used to check collection access rights. The recommended backend is owner-only. If access to calendars and address books outside the home directory of users is granted, clients won’t detect these collections and will not show them to the user. Choosing any other method is only useful if you access calendars and address books directly via URL. Options are authenticate, owner-only, owner-write, and from-file.

file (default: "") (type: file-name)

File for the rights backend from-file.

server (default: '()) (type: radicale-server-configuration)

Configuration for server-related variables. Ignored if WSGI is used.

Data Type: radicale-server-configuration

Data type representing the server section of a radicale configuration file. Available radicale-server-configuration fields are:

hosts (default: (list "localhost:5232")) (type: list-of-ip-addresses)

List of IP addresses that the server will bind to.

max-connections (default: 8) (type: non-negative-integer)

Maximum number of parallel connections. Set to 0 to disable the limit.

max-content-length (default: 100000000) (type: non-negative-integer)

Maximum size of the request body in bytes.

timeout (default: 30) (type: non-negative-integer)

Socket timeout in seconds.

ssl? (default: #f) (type: boolean)

Whether to enable transport layer encryption.

certificate (default: "/etc/ssl/radicale.cert.pem") (type: file-name)

Path of the SSL certificate.

key (default: "/etc/ssl/radicale.key.pem") (type: file-name)

Path to the private key for SSL. Only effective if ssl? is #t.

certificate-authority (default: "") (type: file-name)

Path to CA certificate for validating client certificates. This can be used to secure TCP traffic between Radicale and a reverse proxy. If you want to authenticate users with client-side certificates, you also have to write an authentication plugin that extracts the username from the certificate.

storage (default: '()) (type: radicale-storage-configuration)

Configuration for storage-related variables.

Data Type: radicale-storage-configuration

Data type representing the storage section of a radicale configuration file. Available radicale-storage-configuration fields are:

type (default: 'multifilesystem) (type: symbol)

Backend used to store data. Options are multifilesystem and multifilesystem-nolock.

filesystem-folder (default: "/var/lib/radicale/collections") (type: file-name)

Folder for storing local collections. Created if not present.

max-sync-token-age (default: 2592000) (type: non-negative-integer)

Delete sync-tokens that are older than the specified time in seconds.

hook (default: "") (type: string)

Command run after changes to storage.

web-interface? (default: #t) (type: boolean)

Whether to use Radicale’s built-in web interface.

Rspamd Service

Variable: rspamd-service-type

This is the type of the Rspamd filtering system whose value should be a rspamd-configuration.

Data Type: rspamd-configuration

Available rspamd-configuration fields are:

package (default: rspamd) (type: file-like)

The package that provides rspamd.

config-file (default: %default-rspamd-config-file) (type: file-like)

File-like object of the configuration file to use. By default all workers are enabled except fuzzy and they are binded to their usual ports, e.g localhost:11334, localhost:11333 and so on

local.d-files (default: ()) (type: directory-tree)

Configuration files in local.d, provided as a list of two element lists where the first element is the filename and the second one is a file-like object. Settings in these files will be merged with the defaults.

override.d-files (default: ()) (type: directory-tree)

Configuration files in override.d, provided as a list of two element lists where the first element is the filename and the second one is a file-like object. Settings in these files will override the defaults.

user (default: %default-rspamd-account) (type: user-account)

The user to run rspamd as.

group (default: %default-rspamd-group) (type: user-group)

The group to run rspamd as.

debug? (default: #f) (type: boolean)

Force debug output.

insecure? (default: #f) (type: boolean)

Ignore running workers as privileged users.

skip-template? (default: #f) (type: boolean)

Do not apply Jinja templates.

shepherd-requirements (default: (loopback)) (type: list-of-symbols)

This is a list of symbols naming Shepherd services that this service will depend on.


Next: 消息服务, Previous: 数据库服务, Up: 服务   [Contents][Index]