mailcow-dockerized/data/conf/dovecot/dovecot.conf

# --------------------------------------------------------------------------
# Please create a file "extra.conf" for persistent overrides to dovecot.conf
# --------------------------------------------------------------------------
# LDAP example:
#passdb {
#  args = /etc/dovecot/ldap/passdb.conf
#  driver = ldap
#}

auth_mechanisms = plain login
#mail_debug = yes
#auth_debug = yes
log_path = syslog
disable_plaintext_auth = yes
# Uncomment on NFS share
#mmap_disable = yes
#mail_fsync = always
#mail_nfs_index = yes
#mail_nfs_storage = yes
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
mail_home = /var/vmail/%d/%n
mail_location = maildir:~/
mail_plugins = </etc/dovecot/mail_plugins
mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
mail_attachment_dir = /var/attachments
mail_attachment_min_size = 128k
# Significantly speeds up very large mailboxes, but is only safe to enable if
# you do not manually modify the files in the `cur` directories in
# mailcowdockerized_vmail-vol-1.
# https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-performance/
maildir_very_dirty_syncs = yes

# Dovecot 2.2
#ssl_protocols = !SSLv3
# Dovecot 2.3
ssl_min_protocol = TLSv1.2

ssl_prefer_server_ciphers = yes
ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM

# Default in Dovecot 2.3
ssl_options = no_compression no_ticket

# New in Dovecot 2.3
ssl_dh = </etc/ssl/mail/dhparams.pem
# Dovecot 2.2
#ssl_dh_parameters_length = 2048
log_timestamp = "%Y-%m-%d %H:%M:%S "
recipient_delimiter = +
auth_master_user_separator = *
mail_shared_explicit_inbox = yes
mail_prefetch_count = 30
passdb {
  driver = lua
  args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
  result_success = return-ok
  result_failure = continue
  result_internalfail = continue
}
# try a master passwd
passdb {
  driver = passwd-file
  args = /etc/dovecot/dovecot-master.passwd
  master = yes
  skip = authenticated
}
# check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail
# a return of the following passdb is mandatory
passdb {
  driver = lua
  args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
}
# Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing)
service doveadm {
  inet_listener {
    port = 12345
  }
  vsz_limit=2048 MB
}
!include /etc/dovecot/dovecot.folders.conf
protocols = imap sieve lmtp pop3
service dict {
  unix_listener dict {
    mode = 0660
    user = vmail
    group = vmail
  }
}
service log {
  user = dovenull
}
service config {
  unix_listener config {
    user = root
    group = vmail
    mode = 0660
  }
}
service auth {
  inet_listener auth-inet {
    port = 10001
  }
  unix_listener auth-master {
    mode = 0600
    user = vmail
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  vsz_limit = 2G
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  inet_listener sieve_haproxy {
    port = 14190
    haproxy = yes
  }
  service_count = 1
  process_min_avail = 2
  vsz_limit = 1G
}
service imap-login {
  service_count = 1
  process_limit = 10000
  vsz_limit = 1G
  user = dovenull
  inet_listener imap_haproxy {
    port = 10143
    haproxy = yes
  }
  inet_listener imaps_haproxy {
    port = 10993
    ssl = yes
    haproxy = yes
  }
}
service pop3-login {
  service_count = 1
  vsz_limit = 1G
  inet_listener pop3_haproxy {
    port = 10110
    haproxy = yes
  }
  inet_listener pop3s_haproxy {
    port = 10995
    ssl = yes
    haproxy = yes
  }
}
service imap {
  executable = imap
  user = vmail
  vsz_limit = 1G
}
service managesieve {
  process_limit = 256
}
service lmtp {
  inet_listener lmtp-inet {
    port = 24
  }
  user = vmail
}
listen = *,[::]
ssl_cert = </etc/ssl/mail/cert.pem
ssl_key = </etc/ssl/mail/key.pem
userdb {
  driver = passwd-file
  args = /etc/dovecot/dovecot-master.userdb
}
userdb {
  args = /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
  driver = sql
  skip = found
}
protocol imap {
  mail_plugins = </etc/dovecot/mail_plugins_imap
  imap_metadata = yes
}
mail_attribute_dict = file:%h/dovecot-attributes
protocol lmtp {
  mail_plugins = </etc/dovecot/mail_plugins_lmtp
  auth_socket_path = /var/run/dovecot/auth-master
}
protocol sieve {
  managesieve_logout_format = bytes=%i/%o
}
plugin {
  # Allow "any" or "authenticated" to be used in ACLs
  acl_anyone = </etc/dovecot/acl_anyone
  acl_shared_dict = file:/var/vmail/shared-mailboxes.db
  acl = vfile
  acl_user = %u
  fts = solr
  fts_autoindex = yes
  fts_solr = url=http://solr:8983/solr/dovecot-fts/
  quota = dict:Userquota::proxy::sqlquota
  quota_rule2 = Trash:storage=+100%%
  sieve = /var/vmail/sieve/%u.sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_vacation_send_from_recipient = yes
  sieve_redirect_envelope_from = recipient
  # From elsewhere to Spam folder
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
  # END
  # From Spam folder to elsewhere
  imapsieve_mailbox2_name = *
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
  # END
  master_user = %u
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
  sieve_extensions = +notify +imapflags +vacation-seconds +editheader
  sieve_max_script_size = 1M
  sieve_max_redirects = 100
  sieve_max_actions = 101
  sieve_quota_max_scripts = 0
  sieve_quota_max_storage = 0
  listescape_char = "\\"
  sieve_vacation_min_period = 5s
  sieve_vacation_max_period = 0
  sieve_vacation_default_period = 60s
  sieve_before = /var/vmail/sieve/global_sieve_before.sieve
  sieve_before2 = dict:proxy::sieve_before;name=active;bindir=/var/vmail/sieve_before_bindir
  sieve_after = dict:proxy::sieve_after;name=active;bindir=/var/vmail/sieve_after_bindir
  sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve
  sieve_duplicate_default_period = 1m
  sieve_duplicate_max_period = 7d

  # -- Global keys
  mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
  mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
  mail_crypt_save_version = 2

  # Enable compression while saving, lz4 Dovecot v2.2.11+
  zlib_save = lz4

  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  mail_log_cached_only = yes
}
service quota-warning {
  executable = script /usr/local/bin/quota_notify.py
  # use some unprivileged user for executing the quota warnings
  user = vmail
  unix_listener quota-warning {
    user = vmail
  }
}
dict {
  sqlquota = mysql:/etc/dovecot/sql/dovecot-dict-sql-quota.conf
  sieve_after = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf
  sieve_before = mysql:/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf
}
remote 127.0.0.1 {
  disable_plaintext_auth = no
}
submission_host = postfix:588
mail_max_userip_connections = 500
service stats {
  unix_listener stats-writer {
    mode = 0660
    user = vmail
  }
}
imap_max_line_length = 2 M
#auth_cache_verify_password_with_worker = yes
#auth_cache_negative_ttl = 0
#auth_cache_ttl = 30 s
#auth_cache_size = 2 M
service replicator {
  process_min_avail = 1
}
service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
  }
  unix_listener replication-notify {
    user = vmail
  }
}
service replicator {
  unix_listener replicator-doveadm {
    mode = 0666
  }
}
replication_max_conns = 10
doveadm_port = 12345
replication_dsync_parameters = -d -l 30 -U -n INBOX
# <Includes>
!include_try /etc/dovecot/sni.conf
!include_try /etc/dovecot/sogo_trusted_ip.conf
!include_try /etc/dovecot/extra.conf
!include_try /etc/dovecot/sogo-sso.conf
!include_try /etc/dovecot/shared_namespace.conf
# </Includes>
default_client_limit = 10400
default_vsz_limit = 1024 M