## ## Authentication processes ## # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), # the connection is considered secure and plaintext authentication is # allowed. #disable_plaintext_auth = yes ### disable_plaintext_auth is generally something I enable, but since ### this example does not go into detail on TLS configuration, I am ### leaving it commented, with a recommendation for the reader to see ### the Dovecot wiki pages regarding TLS. # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp # skey gss-spnego # NOTE: See also disable_plaintext_auth setting. auth_mechanisms = plain ## ## Password and user databases ## # Password database is used to verify user's password (and nothing # more). You can have multiple passdbs and userdbs. This is useful if # you want to allow both system users (/etc/passwd) and virtual users # to login without duplicating the system users into virtual database. # # # # User database specifies where mails are located and what user/group # IDs own them. # # ### These can be included if desired. ### This is a list of disabled credentials. The account otherwise is ### normal; the address can receive mail. But login is not allowed. A ### typical use case is when an account has been exploited (Windows ### malware, for example) and is being used to send spam. This is an ### important feature to implement, so I did. !include auth-deny.conf.ext ### This is a list of "master" credentials which can get into any ### mailbox. Since root can do that at the console without IMAP, I do ### not see the need to implement this. Nevertheless I have left the ### file and this comment for those who might be interested. #!include auth-master.conf.ext ### We are indeed using system and SQLite virtual users, so both of ### these are needed: !include auth-system.conf.ext !include auth-sql.conf.ext ### Other auth-* files removed, such as for LDAP or other data backends. ### See your Dovecot sample configuration directory if interested.