############### # General ############### log_path = /dev/stderr protocols = imap pop3 lmtp sieve postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }} hostname = {{ HOSTNAMES.split(",")[0] }} submission_host = {{ FRONT_ADDRESS }} default_internal_user = dovecot default_login_user = mail default_internal_group = dovecot haproxy_trusted_networks = {{ SUBNET }} {{ SUBNET6 }} ############### # Mailboxes ############### first_valid_gid = 8 first_valid_uid = 8 mail_location = maildir:/mail/%u mail_home = /mail/%u mail_uid = mail mail_gid = mail mail_privileged_group = mail mail_access_groups = mail maildir_stat_dirs = yes mailbox_list_index = yes mail_vsize_bg_after_count = 100 mail_plugins = $mail_plugins quota quota_clone{{ ' ' }} {%- if COMPRESSION -%} zlib{{ ' ' }} {%- endif %} {%- if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] -%} fts fts_xapian {%- endif %} default_vsz_limit = 2GB namespace inbox { inbox = yes {% for mailbox in ("Trash", "Drafts", "Sent", "Junk") %} mailbox {{ mailbox }} { auto = subscribe special_use = \{{ mailbox }} } {% endfor %} } plugin { quota = count:User quota quota_vsizes = yes quota_clone_dict = proxy:/tmp/podop.socket:quota {% if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] %} fts = xapian fts_xapian = partial=2 full=30 fts_autoindex = yes fts_enforced = yes fts_autoindex_exclude = \Trash {% endif %} {% if COMPRESSION in [ 'gz', 'bz2', 'lz4', 'zstd' ] %} zlib_save = {{ COMPRESSION }} {% endif %} {% if COMPRESSION_LEVEL %} zlib_save_level = {{ COMPRESSION_LEVEL }} {% endif %} } ############### # Authentication ############### auth_username_chars = auth_mechanisms = plain login disable_plaintext_auth = no passdb { driver = dict args = /etc/dovecot/auth.conf } userdb { driver = dict args = /etc/dovecot/auth.conf } service auth { unix_listener auth-userdb { } } service auth-worker { unix_listener auth-worker { } } ############### # IMAP & POP ############### protocol imap { mail_plugins = $mail_plugins imap_quota imap_sieve mail_max_userip_connections = 20 imap_idle_notify_interval = 29mins } protocol pop3 { } service imap-login { inet_listener imap { port = 143 haproxy = yes } } ############### # Delivery ############### recipient_delimiter = {{ RECIPIENT_DELIMITER }} protocol lmtp { mail_plugins = $mail_plugins sieve } service lmtp { inet_listener lmtp { port = 2525 } } ############### # Filtering ############### service managesieve-login { inet_listener sieve { port = 4190 haproxy = yes } } protocol sieve { ssl = no } service managesieve { process_limit = 1024 } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_before = dict:proxy:/tmp/podop.socket:sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_extensions = +spamtest +spamtestplus +editheader sieve_global_extensions = +vnd.dovecot.execute # Sieve execute sieve_execute_bin_dir = /conf/bin # Send vacation replies even for aliases # See the Pigeonhole documentation about warnings: http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation # It appears that our implementation of mail delivery meets criteria of section 4.5 # from RFC 5230 and that disabling the recipient checks is not an issue here. sieve_vacation_dont_check_recipient = yes # Include the recipient in vacation replies so that DKIM applies sieve_vacation_send_from_recipient = yes # extract spam score from headers sieve_spamtest_status_type = strlen sieve_spamtest_status_header = X-Spam-Level sieve_spamtest_max_value = 15 # Learn from spam imapsieve_mailbox1_name = Junk imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_before = file:/conf/report-spam.sieve imapsieve_mailbox2_name = * imapsieve_mailbox2_from = Junk imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_before = file:/conf/report-ham.sieve } ############### # Extensions ############### !include_try /overrides/dovecot.conf