From 14402dd44ee8d4056ff24dda2b664f55a756b7ac Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 17:51:34 -0300
Subject: [PATCH 01/30] servicio submission con confd

---
 files/Dockerfile           | 38 +++++++++++++++++++++++++++++++++++---
 files/confd.toml           | 15 +++++++++++++++
 files/entrypoint.sh        |  4 ++++
 files/local.conf           |  1 +
 files/submission.conf.tmpl | 14 ++++++++++++++
 5 files changed, 69 insertions(+), 3 deletions(-)
 create mode 100644 files/confd.toml
 create mode 100755 files/entrypoint.sh
 create mode 100644 files/submission.conf.tmpl

diff --git a/files/Dockerfile b/files/Dockerfile
index 224f5bf..e62b889 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -1,7 +1,30 @@
-FROM debian:buster-slim
 LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
+# confd -----------------------------------------------------------------------
+FROM golang:1.9-alpine as confd
+ARG CONFD_VERSION=0.16.0
+ADD https://github.com/kelseyhightower/confd/archive/v${CONFD_VERSION}.tar.gz /tmp/
+RUN apk add --no-cache bzip2 make && \
+  mkdir -p /go/src/github.com/kelseyhightower/confd && \
+  cd /go/src/github.com/kelseyhightower/confd && \
+  tar --strip-components=1 -zxf /tmp/v${CONFD_VERSION}.tar.gz && \
+  go install github.com/kelseyhightower/confd && \
+  rm -rf /tmp/v${CONFD_VERSION}.tar.gz
+# end confd -------------------------------------------------------------------
+
+FROM debian:buster-slim
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
+ENV SUBMISSION_ENABLE= \
+    SUBMISSION_RELAY_HOST=
+    SUBMISSION_RELAY_PORT=25
+    SUBMISSION_RELAY_TRUSTED=yes \
+    SUBMISSION_RELAY_USER= \
+    SUBMISSION_RELAY_MASTER_USER= \
+    SUBMISSION_RELAY_PASSWORD= \
+    SUBMISSION_RELAY_SSL=starttls \
+    SUBMISSION_RELAY_SSL_VERIFY=no \
+    SUBMISSION_RELAY_RAWLOG_DIR=
+
 RUN apt-get update && apt-get install -y --no-install-recommends \
      dovecot-lmtpd \
      dovecot-imapd \
@@ -9,6 +32,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
      dovecot-sieve \
      dovecot-managesieved \
      dovecot-antispam \
+     dovecot-submission \
      bogofilter \
      ssl-cert \
   && rm -rf /var/lib/apt/lists/* \
@@ -17,7 +41,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
   && mkdir -p /ssl && chmod 700 /ssl \
   && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
   && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
-  && mkdir -p /etc/dovecot/sieve/before /etc/dovecot/sieve/after
+  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/{before,after} \
+  && mkdir -p /etc/confd/{conf.d,templates}
 
 ADD 10-mail.conf \
   10-master.conf \
@@ -33,11 +58,18 @@ ADD 10-mail.conf \
 
 ADD local.conf /etc/dovecot/
 
+ADD submission.conf.tmpl \
+  /etc/confd/templates/
+ADD confd.toml /etc/confd/conf.d/
+
 ADD junk-filter.sieve /etc/dovecot/sieve/before/
 RUN sievec /etc/dovecot/sieve/before && sievec /etc/dovecot/sieve/after
 
 VOLUME /etc/dovecot /ssl /vmail
 
-EXPOSE 143/tcp 993/tcp 110/tcp 995/tcp 2000/tcp
+EXPOSE 110/tcp 143/tcp 587/tcp 993/tcp 995/tcp 2000/tcp
 
+COPY --from=confd /go/bin/confd /usr/local/bin/confd
+ADD entrypoint.sh /
+ENTRYPOINT /entrypoint.sh
 CMD dovecot -F
diff --git a/files/confd.toml b/files/confd.toml
new file mode 100644
index 0000000..f9a5529
--- /dev/null
+++ b/files/confd.toml
@@ -0,0 +1,15 @@
+[template]
+src = "submission.conf.tmpl"
+dest = "/etc/dovecot/local.d/submission.conf"
+keys = [
+    "submission/enable",
+    "submission/relay/host",
+    "submission/relay/port",
+    "submission/relay/trusted",
+    "submission/relay/user", 
+    "submission/relay/master/user", 
+    "submission/relay/password", 
+    "submission/relay/ssl", 
+    "submission/relay/ssl/verify", 
+    "submission/relay/rawlog/dir"
+]
diff --git a/files/entrypoint.sh b/files/entrypoint.sh
new file mode 100755
index 0000000..8427536
--- /dev/null
+++ b/files/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+# actualizar templates con confd
+/usr/local/bin/confd -onetime -backend env
+exec ${@}
diff --git a/files/local.conf b/files/local.conf
index 387553e..18a35ee 100644
--- a/files/local.conf
+++ b/files/local.conf
@@ -1 +1,2 @@
+!include_try local.d/*.conf
 log_path = /dev/stdout
diff --git a/files/submission.conf.tmpl b/files/submission.conf.tmpl
new file mode 100644
index 0000000..ae7eb7a
--- /dev/null
+++ b/files/submission.conf.tmpl
@@ -0,0 +1,14 @@
+{{if getv "/submission/enable" == "yes"}}
+protocols = $protocols submission
+submission_relay_host = {{getv "/submission/relay/host"}}
+submission_relay_port = {{getv "/submission/relay/port"}}
+submission_relay_trusted = {{getv "/submission/relay/trusted"}}
+submission_relay_user = {{getv "/submission/relay/user"}}
+submission_relay_master_user = {{getv "/submission/relay/master/user"}}
+submission_relay_password = {{getv "/submission/relay/password"}}
+submission_relay_ssl = {{getv "/submission/relay/ssl"}}
+submission_relay_ssl_verify= {{getv "/submission/relay/ssl/verify"}}
+submission_relay_rawlog_dir= {{getv "/submission/relay/rawlog/dir"}}
+{{else}}
+# submission service disabled
+{{end}}
-- 
2.47.2


From 32037fcee8affd067ca70934bfa4422ddb47c02e Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 17:59:32 -0300
Subject: [PATCH 02/30] fix Dockerfile syntax

---
 files/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/Dockerfile b/files/Dockerfile
index e62b889..27bd58a 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -1,6 +1,6 @@
+FROM golang:1.9-alpine as confd
 LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
 # confd -----------------------------------------------------------------------
-FROM golang:1.9-alpine as confd
 ARG CONFD_VERSION=0.16.0
 ADD https://github.com/kelseyhightower/confd/archive/v${CONFD_VERSION}.tar.gz /tmp/
 RUN apk add --no-cache bzip2 make && \
-- 
2.47.2


From 537bdadaa6f17b02b79b59daf761ae7aa5978b7e Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 18:01:15 -0300
Subject: [PATCH 03/30] add missing files for build

---
 tasks/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tasks/main.yml b/tasks/main.yml
index 1d1ed41..837dba8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -23,6 +23,9 @@
     - auth-master.conf.ext
     - junk-filter.sieve
     - local.conf
+    - entrypoint.sh
+    - submission.conf.tmpl
+    - confd.toml
   tags: skip_me
 
 - name: Crear imagen {{ dovecot_image }}
-- 
2.47.2


From 4c1a52ee33a4cd5fc5c772a47d0e9eb5b9ab451b Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 18:02:55 -0300
Subject: [PATCH 04/30] fix Dockerfile syntax

---
 files/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/Dockerfile b/files/Dockerfile
index 27bd58a..d272d59 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -15,8 +15,8 @@ FROM debian:buster-slim
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 ENV SUBMISSION_ENABLE= \
-    SUBMISSION_RELAY_HOST=
-    SUBMISSION_RELAY_PORT=25
+    SUBMISSION_RELAY_HOST= \
+    SUBMISSION_RELAY_PORT=25 \
     SUBMISSION_RELAY_TRUSTED=yes \
     SUBMISSION_RELAY_USER= \
     SUBMISSION_RELAY_MASTER_USER= \
-- 
2.47.2


From 0dcf277e34a19d9db7317928b918c188ac7c59d8 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 18:06:35 -0300
Subject: [PATCH 05/30] rm nonexistent package

---
 files/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/files/Dockerfile b/files/Dockerfile
index d272d59..e0f8d76 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -32,7 +32,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
      dovecot-sieve \
      dovecot-managesieved \
      dovecot-antispam \
-     dovecot-submission \
      bogofilter \
      ssl-cert \
   && rm -rf /var/lib/apt/lists/* \
-- 
2.47.2


From bbf7e050a6e0863b846794bf3e9a6404c519d473 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 18:10:04 -0300
Subject: [PATCH 06/30] (tmp) rm failing sieve stuff

---
 files/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/Dockerfile b/files/Dockerfile
index e0f8d76..c7dae2e 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -62,7 +62,7 @@ ADD submission.conf.tmpl \
 ADD confd.toml /etc/confd/conf.d/
 
 ADD junk-filter.sieve /etc/dovecot/sieve/before/
-RUN sievec /etc/dovecot/sieve/before && sievec /etc/dovecot/sieve/after
+# RUN sievec /etc/dovecot/sieve/before && sievec /etc/dovecot/sieve/after
 
 VOLUME /etc/dovecot /ssl /vmail
 
-- 
2.47.2


From 0d18606d6d9f5da2a4627171aecec8766a72c2bb Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 18:13:34 -0300
Subject: [PATCH 07/30] +x entrypoint

---
 files/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/files/Dockerfile b/files/Dockerfile
index c7dae2e..ec7bbf1 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -70,5 +70,7 @@ EXPOSE 110/tcp 143/tcp 587/tcp 993/tcp 995/tcp 2000/tcp
 
 COPY --from=confd /go/bin/confd /usr/local/bin/confd
 ADD entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
 ENTRYPOINT /entrypoint.sh
 CMD dovecot -F
-- 
2.47.2


From e068cc333f43fdf1d43f497fe7297e224d1d804b Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 18:18:22 -0300
Subject: [PATCH 08/30] +x confd

---
 files/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/Dockerfile b/files/Dockerfile
index ec7bbf1..dabfa2d 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -70,7 +70,7 @@ EXPOSE 110/tcp 143/tcp 587/tcp 993/tcp 995/tcp 2000/tcp
 
 COPY --from=confd /go/bin/confd /usr/local/bin/confd
 ADD entrypoint.sh /
-RUN chmod +x /entrypoint.sh
+RUN chmod +x /entrypoint.sh /usr/local/bin/confd
 
 ENTRYPOINT /entrypoint.sh
 CMD dovecot -F
-- 
2.47.2


From 668af214f8cbb028461caf8b81fb233d05ac6e09 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 20:45:27 -0300
Subject: [PATCH 09/30] simplify confd setup - use another base image

---
 files/Dockerfile    | 22 ++--------------------
 files/entrypoint.sh |  4 ----
 2 files changed, 2 insertions(+), 24 deletions(-)
 delete mode 100755 files/entrypoint.sh

diff --git a/files/Dockerfile b/files/Dockerfile
index dabfa2d..4216b4d 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -1,17 +1,5 @@
-FROM golang:1.9-alpine as confd
+FROM eumau/debian:buster-slim
 LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
-# confd -----------------------------------------------------------------------
-ARG CONFD_VERSION=0.16.0
-ADD https://github.com/kelseyhightower/confd/archive/v${CONFD_VERSION}.tar.gz /tmp/
-RUN apk add --no-cache bzip2 make && \
-  mkdir -p /go/src/github.com/kelseyhightower/confd && \
-  cd /go/src/github.com/kelseyhightower/confd && \
-  tar --strip-components=1 -zxf /tmp/v${CONFD_VERSION}.tar.gz && \
-  go install github.com/kelseyhightower/confd && \
-  rm -rf /tmp/v${CONFD_VERSION}.tar.gz
-# end confd -------------------------------------------------------------------
-
-FROM debian:buster-slim
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 ENV SUBMISSION_ENABLE= \
@@ -40,8 +28,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
   && mkdir -p /ssl && chmod 700 /ssl \
   && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
   && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
-  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/{before,after} \
-  && mkdir -p /etc/confd/{conf.d,templates}
+  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/{before,after}
 
 ADD 10-mail.conf \
   10-master.conf \
@@ -68,9 +55,4 @@ VOLUME /etc/dovecot /ssl /vmail
 
 EXPOSE 110/tcp 143/tcp 587/tcp 993/tcp 995/tcp 2000/tcp
 
-COPY --from=confd /go/bin/confd /usr/local/bin/confd
-ADD entrypoint.sh /
-RUN chmod +x /entrypoint.sh /usr/local/bin/confd
-
-ENTRYPOINT /entrypoint.sh
 CMD dovecot -F
diff --git a/files/entrypoint.sh b/files/entrypoint.sh
deleted file mode 100755
index 8427536..0000000
--- a/files/entrypoint.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-# actualizar templates con confd
-/usr/local/bin/confd -onetime -backend env
-exec ${@}
-- 
2.47.2


From 1311dc5a9c93172cf3e47defa289c9977bf47bab Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 20:51:42 -0300
Subject: [PATCH 10/30] fix

---
 tasks/main.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 837dba8..0333443 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -23,7 +23,6 @@
     - auth-master.conf.ext
     - junk-filter.sieve
     - local.conf
-    - entrypoint.sh
     - submission.conf.tmpl
     - confd.toml
   tags: skip_me
-- 
2.47.2


From 61593e5ea1571dd75872ff52882de05ac01128d3 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 21:04:51 -0300
Subject: [PATCH 11/30] go templating ...

---
 files/submission.conf.tmpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/files/submission.conf.tmpl b/files/submission.conf.tmpl
index ae7eb7a..c3bcccc 100644
--- a/files/submission.conf.tmpl
+++ b/files/submission.conf.tmpl
@@ -1,4 +1,4 @@
-{{if getv "/submission/enable" == "yes"}}
+{{ if eq (getv "/submission/enable") "yes"}}
 protocols = $protocols submission
 submission_relay_host = {{getv "/submission/relay/host"}}
 submission_relay_port = {{getv "/submission/relay/port"}}
@@ -7,8 +7,8 @@ submission_relay_user = {{getv "/submission/relay/user"}}
 submission_relay_master_user = {{getv "/submission/relay/master/user"}}
 submission_relay_password = {{getv "/submission/relay/password"}}
 submission_relay_ssl = {{getv "/submission/relay/ssl"}}
-submission_relay_ssl_verify= {{getv "/submission/relay/ssl/verify"}}
-submission_relay_rawlog_dir= {{getv "/submission/relay/rawlog/dir"}}
+submission_relay_ssl_verify = {{getv "/submission/relay/ssl/verify"}}
+submission_relay_rawlog_dir = {{getv "/submission/relay/rawlog/dir"}}
 {{else}}
 # submission service disabled
 {{end}}
-- 
2.47.2


From 701afa6a54605e6a135470bae80e47bd1542e50f Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 21:13:52 -0300
Subject: [PATCH 12/30] cmd exec form

---
 files/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/Dockerfile b/files/Dockerfile
index 4216b4d..546a48b 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -55,4 +55,4 @@ VOLUME /etc/dovecot /ssl /vmail
 
 EXPOSE 110/tcp 143/tcp 587/tcp 993/tcp 995/tcp 2000/tcp
 
-CMD dovecot -F
+CMD ["dovecot","-F"]
-- 
2.47.2


From 77fb4caf93e900e403d3f8c6a073b4bd984afcbf Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Mon, 9 Sep 2019 21:21:31 -0300
Subject: [PATCH 13/30] submission env vars

---
 tasks/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tasks/main.yml b/tasks/main.yml
index 0333443..894c648 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -50,6 +50,16 @@
       - 143:143
       - 2000:2000
     env:
+      SUBMISSION_ENABLE: "yes"
+      SUBMISSION_RELAY_HOST: postfix
+      SUBMISSION_RELAY_PORT: "25"
+      SUBMISSION_RELAY_TRUSTED: "yes"
+      # SUBMISSION_RELAY_USER:
+      # SUBMISSION_RELAY_MASTER_USER:
+      # SUBMISSION_RELAY_PASSWORD:
+      # SUBMISSION_RELAY_SSL: starttls
+      # SUBMISSION_RELAY_SSL_VERIFY: "no"
+      # SUBMISSION_RELAY_RAWLOG_DIR:
   register: container
 
 - name: Leer info de volumen {{ dovecot_volume_config }}
-- 
2.47.2


From 1ef3a28a71acc8955e9ff610a87ca81dc0fd5d01 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 00:37:48 -0300
Subject: [PATCH 14/30] use confd for most settings

---
 defaults/main.yml                  |   9 +-
 files/10-auth.conf.tmpl            |  32 +++++++
 files/10-mail.conf                 |  12 +--
 files/10-master.conf               |   8 +-
 files/10-ssl.conf                  |   2 +-
 files/11-quota.conf                |   2 -
 files/15-mailboxes.conf            |   6 +-
 files/20-imap.conf                 |   4 +-
 files/20-lmtp.conf.tmpl            |   5 ++
 files/90-quota.conf.tmpl           |  27 ++++++
 files/90-sieve.conf                |  26 +++---
 files/Dockerfile                   |  12 +--
 files/auth-ldap.conf.ext           |  37 --------
 files/auth-master.conf.ext         |  16 ----
 files/confd.toml                   |  76 +++++++++++++---
 files/ldap.conf.ext.tmpl           |  16 ++++
 tasks/main.yml                     |  55 +++++++-----
 templates/10-auth.conf.j2          | 135 -----------------------------
 templates/20-lmtp.conf.j2          |  28 ------
 templates/90-quota.conf.j2         |  91 -------------------
 templates/dovecot-ldap.conf.ext.j2 |  75 ----------------
 21 files changed, 219 insertions(+), 455 deletions(-)
 create mode 100644 files/10-auth.conf.tmpl
 delete mode 100644 files/11-quota.conf
 create mode 100644 files/20-lmtp.conf.tmpl
 create mode 100644 files/90-quota.conf.tmpl
 delete mode 100644 files/auth-ldap.conf.ext
 delete mode 100644 files/auth-master.conf.ext
 create mode 100644 files/ldap.conf.ext.tmpl
 delete mode 100644 templates/10-auth.conf.j2
 delete mode 100644 templates/20-lmtp.conf.j2
 delete mode 100644 templates/90-quota.conf.j2
 delete mode 100644 templates/dovecot-ldap.conf.ext.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 5ba7f17..aadd826 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -25,9 +25,6 @@ dovecot_auth_mechanisms: plain
 # como transformar el nombre de usuario antes de autenticar
 dovecot_auth_username_format: "%Lu"
 
-# habilitar userdb/passdb de usuarios del sistema?
-dovecot_auth_system_enable: no
-
 # habilitar usuarios master?
 dovecot_auth_master_enable: no
 
@@ -36,10 +33,16 @@ dovecot_auth_master_enable: no
 # habilitar userdb/passdb ldap?
 dovecot_ldap_enable: yes
 
+# servidores ldap
+dovecot_ldap_hosts: []
+
 # servidores ldap
 dovecot_ldap_uris:
   - "{{ ldap_uri | default('ldap://localhost') }}"
 
+# autenticar con clave provista por usuario
+dovecot_ldap_bind: yes
+
 # version del protocolo LDAP
 dovecot_ldap_version: 3
 
diff --git a/files/10-auth.conf.tmpl b/files/10-auth.conf.tmpl
new file mode 100644
index 0000000..839056f
--- /dev/null
+++ b/files/10-auth.conf.tmpl
@@ -0,0 +1,32 @@
+auth_realms = {{ getv "/mail/domains" }}
+auth_default_realm = {{ first 1 (split (getv "/mail/domains") " ") }}
+auth_username_format = {{ getv "/auth/username/format" }}
+auth_mechanisms = {{ getv "/auth/mechanisms" }}
+
+
+{{ if eq (getv "/auth/master/enable") "yes"}}
+passdb {
+  driver = passwd-file
+  master = yes
+  args = /etc/dovecot/master-users
+
+# Unless you're using PAM, you probably still want the destination user to
+  # be looked up from passdb that it really exists. pass=yes does that.
+  pass = yes
+}
+{{ end }}
+
+
+{{ if eq (getv "/auth/ldap/enable") "yes"}}
+passdb {
+  driver = ldap
+  args = /etc/dovecot/local.d/ldap.conf.ext
+}
+userdb {
+  driver = prefetch
+}
+userdb {
+  driver = ldap
+  args = /etc/dovecot/local.d/ldap2.conf.ext
+}
+{{ end }}
diff --git a/files/10-mail.conf b/files/10-mail.conf
index 2a00ca3..c95f005 100644
--- a/files/10-mail.conf
+++ b/files/10-mail.conf
@@ -7,7 +7,7 @@ namespace inbox {
   # Namespace type: private, shared or public
   #type = private
   separator = /
-  #prefix = 
+  #prefix =
   #location =
 
   # There can be only one INBOX, and this setting defines which namespace
@@ -51,7 +51,7 @@ mail_gid = vmail
 
 # A comment or note that is associated with the server. This value is
 # accessible for authenticated users through the IMAP METADATA server
-# entry "/shared/comment". 
+# entry "/shared/comment".
 #mail_server_comment = ""
 
 # Indicates a method for contacting the server administrator. According to
@@ -59,7 +59,7 @@ mail_gid = vmail
 # is currently not enforced. Use for example mailto:admin@example.com. This
 # value is accessible for authenticated users through the IMAP METADATA server
 # entry "/shared/admin".
-#mail_server_admin = 
+#mail_server_admin =
 
 ##
 ## Mail processes
@@ -112,7 +112,7 @@ mail_gid = vmail
 # WARNING: Never add directories here which local users can modify, that
 # may lead to root exploit. Usually this should be done only if you don't
 # allow shell access for users. <doc/wiki/Chrooting.txt>
-#valid_chroot_dirs = 
+#valid_chroot_dirs =
 
 # Default chroot directory for mail processes. This can be overridden for
 # specific users in user database by giving /./ in user's home directory
@@ -120,7 +120,7 @@ mail_gid = vmail
 # need to do chrooting, Dovecot doesn't allow users to access files outside
 # their mail directory anyway. If your home directories are prefixed with
 # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
-#mail_chroot = 
+#mail_chroot =
 
 # UNIX socket path to master authentication server to find users.
 # This is used by imap (for shared users) and lda.
@@ -237,7 +237,7 @@ mailbox_list_index = yes
 # fallbacks to re-reading the whole mbox file whenever something in mbox isn't
 # how it's expected to be. The only real downside to this setting is that if
 # some other MUA changes message flags, Dovecot doesn't notice it immediately.
-# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK 
+# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
 # commands.
 #mbox_dirty_syncs = yes
 
diff --git a/files/10-master.conf b/files/10-master.conf
index d5c907b..d7dfb7c 100644
--- a/files/10-master.conf
+++ b/files/10-master.conf
@@ -88,8 +88,8 @@ service auth {
   # permissions (e.g. 0777 allows everyone full permissions).
   unix_listener auth-userdb {
     #mode = 0666
-    #user = 
-    #group = 
+    #user =
+    #group =
   }
 
   inet_listener {
@@ -112,7 +112,7 @@ service dict {
   # For example: mode=0660, group=vmail and global mail_access_groups=vmail
   unix_listener dict {
     #mode = 0600
-    #user = 
-    #group = 
+    #user =
+    #group =
   }
 }
diff --git a/files/10-ssl.conf b/files/10-ssl.conf
index e60f526..39c821d 100644
--- a/files/10-ssl.conf
+++ b/files/10-ssl.conf
@@ -21,7 +21,7 @@ ssl_key = </ssl/key.pem
 # PEM encoded trusted certificate authority. Set this only if you intend to use
 # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
 # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
-#ssl_ca = 
+#ssl_ca =
 
 # Require that CRL check succeeds for client certificates.
 #ssl_require_crl = yes
diff --git a/files/11-quota.conf b/files/11-quota.conf
deleted file mode 100644
index 9e228c8..0000000
--- a/files/11-quota.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-# Enable quota plugin
-mail_plugins = $mail_plugins quota
diff --git a/files/15-mailboxes.conf b/files/15-mailboxes.conf
index 54c61e9..1a5ac41 100644
--- a/files/15-mailboxes.conf
+++ b/files/15-mailboxes.conf
@@ -11,11 +11,11 @@
 #   implicitly when it is first accessed. The user can also be automatically
 #   subscribed to the mailbox after creation. The following values are
 #   defined for this setting:
-# 
+#
 #     no        - Never created automatically.
 #     create    - Automatically created, but no automatic subscription.
 #     subscribe - Automatically created and subscribed.
-#  
+#
 # special_use:
 #   A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
 #   mailbox. There are no validity checks, so you could specify anything
@@ -23,7 +23,7 @@
 #   standard ones specified in the RFC:
 #
 #     \All      - This (virtual) mailbox presents all messages in the
-#                 user's message store. 
+#                 user's message store.
 #     \Archive  - This mailbox is used to archive messages.
 #     \Drafts   - This mailbox is used to hold draft messages.
 #     \Flagged  - This (virtual) mailbox presents all messages in the
diff --git a/files/20-imap.conf b/files/20-imap.conf
index 472df13..a6282bc 100644
--- a/files/20-imap.conf
+++ b/files/20-imap.conf
@@ -37,7 +37,7 @@ imap_capability = +SPECIAL_USE
 # ID field names and values to send to clients. Using * as the value makes
 # Dovecot use the default value. The following fields have default values
 # currently: name, version, os, os-version, support-url, support-email.
-#imap_id_send = 
+#imap_id_send =
 
 # ID fields sent by client to log. * means everything.
 #imap_id_log =
@@ -60,7 +60,7 @@ imap_capability = +SPECIAL_USE
 #     greyed out, instead of only later giving "not selectable" popup error.
 #
 # The list is space-separated.
-#imap_client_workarounds = 
+#imap_client_workarounds =
 
 # Host allowed in URLAUTH URLs sent by client. "*" allows all.
 #imap_urlauth_host =
diff --git a/files/20-lmtp.conf.tmpl b/files/20-lmtp.conf.tmpl
new file mode 100644
index 0000000..3429338
--- /dev/null
+++ b/files/20-lmtp.conf.tmpl
@@ -0,0 +1,5 @@
+protocol lmtp {
+  # postmaster_address aparentemente es obligatorio
+  postmaster_address = postmaster@{{ first 1 (split (getv "/mail/domains") " ") }}
+  mail_plugins = $mail_plugins sieve
+}
diff --git a/files/90-quota.conf.tmpl b/files/90-quota.conf.tmpl
new file mode 100644
index 0000000..105e6fb
--- /dev/null
+++ b/files/90-quota.conf.tmpl
@@ -0,0 +1,27 @@
+plugin {
+  #quota_rule = *:storage=1G
+  #quota_rule2 = Trash:storage=+100M
+  quota_rule = *:storage={{ dovecot_quota_limit }}
+  {% for key, value in dovecot_quota_additional_limit.items() %}
+  quota_rule{{ loop.index + 1 }} = {{ key }}:storage=+{{ value }}
+  {% endfor %}
+
+  # LDA/LMTP allows saving the last mail to bring user from under quota to
+  # over quota, if the quota doesn't grow too high. Default is to allow as
+  # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
+  #quota_grace = 10%%
+  quota_grace = {{ dovecot_quota_grace | regex_replace("%.*$","%%") }}
+
+  {% if dovecot_quota_driver == "count" %}
+  quota_vsizes = yes
+  {% endif %}
+}
+
+
+plugin {
+  quota = {{ dovecot_quota_driver }}:User quota
+  #quota = dirsize:User quota
+  #quota = maildir:User quota
+  #quota = dict:User quota::proxy::quota
+  #quota = fs:User quota
+}
diff --git a/files/90-sieve.conf b/files/90-sieve.conf
index 08ee073..12af1c9 100644
--- a/files/90-sieve.conf
+++ b/files/90-sieve.conf
@@ -16,7 +16,7 @@
 #
 # location = [<type>:]path[;<option>[=<value>][;...]]
 #
-# If the type prefix is omitted, the script location type is 'file' and the 
+# If the type prefix is omitted, the script location type is 'file' and the
 # location is interpreted as a local filesystem path pointing to a Sieve script
 # file or directory. Refer to Pigeonhole wiki or INSTALL file for more
 # information.
@@ -27,7 +27,7 @@ plugin {
   # delivery. The "include" extension uses this location for retrieving
   # :personal" scripts. This is also where the  ManageSieve service will store
   # the user's scripts, if supported.
-  # 
+  #
   # Currently only the 'file:' location type supports ManageSieve operation.
   # Other location types like 'dict:' and 'ldap:' can currently only
   # be used as a read-only script source ().
@@ -46,9 +46,9 @@ plugin {
   #     script.
   #sieve_default = /var/lib/dovecot/sieve/default.sieve
 
-  # The name by which the default Sieve script (as configured by the 
-  # sieve_default setting) is visible to the user through ManageSieve. 
-  #sieve_default_name = 
+  # The name by which the default Sieve script (as configured by the
+  # sieve_default setting) is visible to the user through ManageSieve.
+  #sieve_default_name =
 
   # Location for ":global" include scripts as used by the "include" extension.
   #sieve_global =
@@ -63,7 +63,7 @@ plugin {
   #sieve_discard =
 
   # Location Sieve of scripts that need to be executed before the user's
-  # personal script. If a 'file' location path points to a directory, all the 
+  # personal script. If a 'file' location path points to a directory, all the
   # Sieve scripts contained therein (with the proper `.sieve' extension) are
   # executed. The order of execution within that directory is determined by the
   # file names, using a normal 8bit per-character comparison.
@@ -181,18 +181,18 @@ plugin {
   ## TRACE DEBUGGING
   # Trace debugging provides detailed insight in the operations performed by
   # the Sieve script. These settings apply to both the LDA Sieve plugin and the
-  # IMAPSIEVE plugin. 
+  # IMAPSIEVE plugin.
   #
   # WARNING: On a busy server, this functionality can quickly fill up the trace
   # directory with a lot of trace files. Enable this only temporarily and as
   # selective as possible.
-  
+
   # The directory where trace files are written. Trace debugging is disabled if
-  # this setting is not configured or if the directory does not exist. If the 
+  # this setting is not configured or if the directory does not exist. If the
   # path is relative or it starts with "~/" it is interpreted relative to the
   # current user's home directory.
   #sieve_trace_dir =
-  
+
   # The verbosity level of the trace messages. Trace debugging is disabled if
   # this setting is not configured. Possible values are:
   #
@@ -203,12 +203,12 @@ plugin {
   #   "matching"       - Print all executed commands, performed tests and the
   #                      values matched in those tests.
   #sieve_trace_level =
-  
+
   # Enables highly verbose debugging messages that are usually only useful for
   # developers.
   #sieve_trace_debug = no
-  
+
   # Enables showing byte code addresses in the trace output, rather than only
   # the source line numbers.
-  #sieve_trace_addresses = no 
+  #sieve_trace_addresses = no
 }
diff --git a/files/Dockerfile b/files/Dockerfile
index 546a48b..09ae38b 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -38,18 +38,20 @@ ADD 10-mail.conf \
   20-imap.conf \
   90-antispam.conf \
   90-sieve.conf \
-  auth-ldap.conf.ext \
-  auth-master.conf.ext \
   /etc/dovecot/conf.d/
 
 ADD local.conf /etc/dovecot/
+ADD junk-filter.sieve /etc/dovecot/sieve/before/
 
-ADD submission.conf.tmpl \
+ADD \
+  10-auth.conf.tmpl \
+  20-lmtp.conf.tmpl \
+  ldap.conf.ext.tmpl \
+  submission.conf.tmpl \
   /etc/confd/templates/
 ADD confd.toml /etc/confd/conf.d/
 
-ADD junk-filter.sieve /etc/dovecot/sieve/before/
-# RUN sievec /etc/dovecot/sieve/before && sievec /etc/dovecot/sieve/after
+RUN sievec /etc/dovecot/sieve/before/junk-filter.sieve
 
 VOLUME /etc/dovecot /ssl /vmail
 
diff --git a/files/auth-ldap.conf.ext b/files/auth-ldap.conf.ext
deleted file mode 100644
index 624d99f..0000000
--- a/files/auth-ldap.conf.ext
+++ /dev/null
@@ -1,37 +0,0 @@
-# Authentication for LDAP users. Included from 10-auth.conf.
-#
-# <doc/wiki/AuthDatabase.LDAP.txt>
-
-# Usar LDAP para validar claves
-passdb {
-  driver = ldap
-
-  # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
-  args = /etc/dovecot/dovecot-ldap.conf.ext
-}
-
-# "prefetch" user database means that the passdb already provided the
-# needed information and there's no need to do a separate userdb lookup.
-# <doc/wiki/UserDatabase.Prefetch.txt>
-userdb {
-  driver = prefetch
-}
-
-# Usar LDAP para obtener info de usuario
-# Notar que se usa un enlace al archivo dovecot-ldap.conf.ext,
-# esto es para poder hacer conexiones asíncronas y optimizar performance
-userdb {
-  driver = ldap
-  args = /etc/dovecot/dovecot-ldap2.conf.ext
-
-  # Default fields can be used to specify defaults that LDAP may override
-  #default_fields = home=/home/virtual/%u
-}
-
-# If you don't have any user-specific settings, you can avoid the userdb LDAP
-# lookup by using userdb static instead of userdb ldap, for example:
-# <doc/wiki/UserDatabase.Static.txt>
-#userdb {
-#  driver = static
-#  args = uid=vmail gid=vmail home=/srv/vmail/%d/%n
-#}
diff --git a/files/auth-master.conf.ext b/files/auth-master.conf.ext
deleted file mode 100644
index 2cf128f..0000000
--- a/files/auth-master.conf.ext
+++ /dev/null
@@ -1,16 +0,0 @@
-# Authentication for master users. Included from 10-auth.conf.
-
-# By adding master=yes setting inside a passdb you make the passdb a list
-# of "master users", who can log in as anyone else.
-# <doc/wiki/Authentication.MasterUsers.txt>
-
-# Example master user passdb using passwd-file. You can use any passdb though.
-passdb {
-  driver = passwd-file
-  master = yes
-  args = /etc/dovecot/master-users
-
-  # Unless you're using PAM, you probably still want the destination user to
-  # be looked up from passdb that it really exists. pass=yes does that.
-  pass = yes
-}
diff --git a/files/confd.toml b/files/confd.toml
index f9a5529..5e6692e 100644
--- a/files/confd.toml
+++ b/files/confd.toml
@@ -2,14 +2,70 @@
 src = "submission.conf.tmpl"
 dest = "/etc/dovecot/local.d/submission.conf"
 keys = [
-    "submission/enable",
-    "submission/relay/host",
-    "submission/relay/port",
-    "submission/relay/trusted",
-    "submission/relay/user", 
-    "submission/relay/master/user", 
-    "submission/relay/password", 
-    "submission/relay/ssl", 
-    "submission/relay/ssl/verify", 
-    "submission/relay/rawlog/dir"
+    "/submission/enable",
+    "/submission/relay/host",
+    "/submission/relay/port",
+    "/submission/relay/trusted",
+    "/submission/relay/user",
+    "/submission/relay/master/user",
+    "/submission/relay/password",
+    "/submission/relay/ssl",
+    "/submission/relay/ssl/verify",
+    "/submission/relay/rawlog/dir"
+]
+
+[template]
+src = "10-auth.conf.tmpl"
+dest = "/etc/dovecot/local.d/10-auth.conf"
+keys = [
+    "/mail/domains",
+    "/auth/username/format",
+    "/auth/mechanisms",
+    "/auth/master/enable",
+    "/auth/ldap/enable"
+]
+
+[template]
+src = "20-lmtp.conf.tmpl"
+dest = "/etc/dovecot/local.d/20-lmtp.conf"
+keys = [
+    "/mail/domains"
+]
+
+[template]
+src = "ldap.conf.ext.tmpl"
+dest = "/etc/dovecot/local.d/ldap.conf.ext"
+keys = [
+    "/ldap/hosts",
+    "/ldap/uris",
+    "/ldap/bind",
+    "/ldap/version",
+    "/ldap/base",
+    "/ldap/scope",
+    "/ldap/user/attrs",
+    "/ldap/user/filter",
+    "/ldap/pass/attrs",
+    "/ldap/pass/filter",
+    "/ldap/iterate/attrs",
+    "/ldap/iterate/filter",
+    "/ldap/default/pass/scheme",
+]
+
+[template]
+src = "ldap.conf.ext.tmpl"
+dest = "/etc/dovecot/local.d/ldap2.conf.ext"
+keys = [
+    "/ldap/hosts",
+    "/ldap/uris",
+    "/ldap/bind",
+    "/ldap/version",
+    "/ldap/base",
+    "/ldap/scope",
+    "/ldap/user/attrs",
+    "/ldap/user/filter",
+    "/ldap/pass/attrs",
+    "/ldap/pass/filter",
+    "/ldap/iterate/attrs",
+    "/ldap/iterate/filter",
+    "/ldap/default/pass/scheme",
 ]
diff --git a/files/ldap.conf.ext.tmpl b/files/ldap.conf.ext.tmpl
new file mode 100644
index 0000000..c24f6b8
--- /dev/null
+++ b/files/ldap.conf.ext.tmpl
@@ -0,0 +1,16 @@
+{{ if (getv "/ldap/hosts") }}
+hosts = {{ getv "/ldap/hosts" }}
+{{ else }}
+uris = {{ getv "/ldap/uris" }}
+{{ end }}
+auth_bind = {{ getv "/ldap/bind" }}
+ldap_version = {{ getv "/ldap/version" }}
+base = {{ getv "/ldap/base" }}
+scope = {{ getv "/ldap/scope" }}
+user_attrs = {{ getv "/ldap/user/attrs" }}
+user_filter = {{ getv "/ldap/user/filter" }}
+pass_attrs = {{ getv "/ldap/pass/attrs" }}
+pass_filter = {{ getv "/ldap/pass/filter" }}
+iterate_attrs = {{ getv "/ldap/iterate/attrs" }}
+iterate_filter = {{ getv "/ldap/iterate/filter" }}
+default_pass_scheme = {{ getv "/ldap/default/pass/scheme" }}
diff --git a/tasks/main.yml b/tasks/main.yml
index 894c648..564d699 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,16 +11,17 @@
     dest: /root/.dovecot-docker-image
   loop:
     - Dockerfile
+    - 10-auth.conf.tmpl
     - 10-mail.conf
     - 10-master.conf
     - 10-ssl.conf
     - 11-quota.conf
     - 15-mailboxes.conf
     - 20-imap.conf
+    - 20-lmtp.conf.tmpl
     - 90-antispam.conf
     - 90-sieve.conf
-    - auth-ldap.conf.ext
-    - auth-master.conf.ext
+    - ldap.conf.ext
     - junk-filter.sieve
     - local.conf
     - submission.conf.tmpl
@@ -50,6 +51,11 @@
       - 143:143
       - 2000:2000
     env:
+      MAIL_DOMAINS: "{{ mail_domains.keys() | list | join(' ') }}"
+      AUTH_MECHANISMS: "{{ dovecot_auth_mechanisms }}"
+      AUTH_USERNAME_FORMAT: "{{ dovecot_auth_username_format }}"
+      AUTH_LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}"
+      AUTH_MASTER_ENABLE: "{{ 'yes' if dovecot_auth_master_enable else '' }}"
       SUBMISSION_ENABLE: "yes"
       SUBMISSION_RELAY_HOST: postfix
       SUBMISSION_RELAY_PORT: "25"
@@ -60,7 +66,20 @@
       # SUBMISSION_RELAY_SSL: starttls
       # SUBMISSION_RELAY_SSL_VERIFY: "no"
       # SUBMISSION_RELAY_RAWLOG_DIR:
-  register: container
+      LDAP_HOSTS: "{{ dovecot_ldap_hosts | join(' ') }}"
+      LDAP_URIS: "{{ dovecot_ldap_uris | join(' ') }}"
+      LDAP_BIND: "{{ 'yes' if dovecot_ldap_bind else 'no' }}"
+      LDAP_VERSION: "{{ dovecot_ldap_version }}"
+      LDAP_BASE: "{{ dovecot_ldap_base }}"
+      LDAP_SCOPE: "{{ dovecot_ldap_scope }}"
+      LDAP_USER_ATTRS: "{{ dovecot_ldap_user_attrs }}"
+      LDAP_USER_FILTER: "{{ dovecot_ldap_user_filter }}"
+      LDAP_PASS_ATTRS: "{{ dovecot_ldap_pass_attrs }}"
+      LDAP_PASS_FILTER: "{{ dovecot_ldap_pass_filter }}"
+      LDAP_ITERATE_ATTRS: "{{ dovecot_ldap_iterate_attrs }}"
+      LDAP_ITERATE_FILTER: "{{ dovecot_ldap_iterate_filter }}"
+      LDAP_DEFAULT_PASS_SCHEME: "{{ dovecot_ldap_default_pass_scheme }}"
+  REGISTER: container
 
 - name: Leer info de volumen {{ dovecot_volume_config }}
   docker_volume_info:
@@ -87,24 +106,12 @@
     dovecot_volume_ssl: "{{ lookup('vars','dovecot_volume_ssl') }}"
     dovecot_mountpoint_ssl: "{{ res_ssl.volume.Mountpoint }}"
 
-- name: Configuración de Dovecot (1)
-  template:
-    dest: "{{ dovecot_mountpoint_config }}/conf.d/{{ item }}"
-    src: "{{item}}.j2"
-  loop:
-    - 10-auth.conf
-    - 20-lmtp.conf
-    - 90-quota.conf
-  notify: restart dovecot
-
-- name: Configuración de Dovecot (2-LDAP)
-  template:
-    dest: "{{ dovecot_mountpoint_config }}/dovecot-ldap.conf.ext"
-    src: "dovecot-ldap.conf.ext.j2"
-  notify: restart dovecot
-
-- name: Configuración de Dovecot (3-LDAP)
-  template:
-    dest: "{{ dovecot_mountpoint_config }}/dovecot-ldap2.conf.ext"
-    src: "dovecot-ldap.conf.ext.j2"
-  notify: restart dovecot
+# FIXME: configurar quota mediante confd
+#
+# - name: Configuración de Dovecot (1)
+#   template:
+#     dest: "{{ dovecot_mountpoint_config }}/conf.d/{{ item }}"
+#     src: "{{item}}.j2"
+#   loop:
+#     - 90-quota.conf
+#   notify: restart dovecot
diff --git a/templates/10-auth.conf.j2 b/templates/10-auth.conf.j2
deleted file mode 100644
index e67be05..0000000
--- a/templates/10-auth.conf.j2
+++ /dev/null
@@ -1,135 +0,0 @@
-##
-## Authentication processes
-##
-
-# Disable LOGIN command and all other plaintext authentications unless
-# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
-# matches the local IP (ie. you're connecting from the same computer), the
-# connection is considered secure and plaintext authentication is allowed.
-# See also ssl=required setting.
-#disable_plaintext_auth = yes
-
-# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
-# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
-#auth_cache_size = 0
-# Time to live for cached data. After TTL expires the cached record is no
-# longer used, *except* if the main database lookup returns internal failure.
-# We also try to handle password changes automatically: If user's previous
-# authentication was successful, but this one wasn't, the cache isn't used.
-# For now this works only with plaintext authentication.
-#auth_cache_ttl = 1 hour
-# TTL for negative hits (user not found, password mismatch).
-# 0 disables caching them completely.
-#auth_cache_negative_ttl = 1 hour
-
-# Space separated list of realms for SASL authentication mechanisms that need
-# them. You can leave it empty if you don't want to support multiple realms.
-# Many clients simply use the first one listed here, so keep the default realm
-# first.
-auth_realms = {{ mail_domains | join(" ") }}
-
-# Default realm/domain to use if none was specified. This is used for both
-# SASL realms and appending @domain to username in plaintext logins.
-auth_default_realm = {{ mail_domains | first }}
-
-# List of allowed characters in username. If the user-given username contains
-# a character not listed in here, the login automatically fails. This is just
-# an extra check to make sure user can't exploit any potential quote escaping
-# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
-# set this value to empty.
-#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
-
-# Username character translations before it's looked up from databases. The
-# value contains series of from -> to characters. For example "#@/@" means
-# that '#' and '/' characters are translated to '@'.
-#auth_username_translation =
-
-# Username formatting before it's looked up from databases. You can use
-# the standard variables here, eg. %Lu would lowercase the username, %n would
-# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
-# "-AT-". This translation is done after auth_username_translation changes.
-auth_username_format = {{ dovecot_auth_username_format }}
-
-# If you want to allow master users to log in by specifying the master
-# username within the normal username string (ie. not using SASL mechanism's
-# support for it), you can specify the separator character here. The format
-# is then <username><separator><master username>. UW-IMAP uses "*" as the
-# separator, so that could be a good choice.
-#auth_master_user_separator =
-
-# Username to use for users logging in with ANONYMOUS SASL mechanism
-#auth_anonymous_username = anonymous
-
-# Maximum number of dovecot-auth worker processes. They're used to execute
-# blocking passdb and userdb queries (eg. MySQL and PAM). They're
-# automatically created and destroyed as needed.
-#auth_worker_max_count = 30
-
-# Host name to use in GSSAPI principal names. The default is to use the
-# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
-# entries.
-#auth_gssapi_hostname =
-
-# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
-# default (usually /etc/krb5.keytab) if not specified. You may need to change
-# the auth service to run as root to be able to read this file.
-#auth_krb5_keytab = 
-
-# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
-# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
-#auth_use_winbind = no
-
-# Path for Samba's ntlm_auth helper binary.
-#auth_winbind_helper_path = /usr/bin/ntlm_auth
-
-# Time to delay before replying to failed authentications.
-#auth_failure_delay = 2 secs
-
-# Require a valid SSL client certificate or the authentication fails.
-#auth_ssl_require_client_cert = no
-
-# Take the username from client's SSL certificate, using 
-# X509_NAME_get_text_by_NID() which returns the subject's DN's
-# CommonName. 
-#auth_ssl_username_from_cert = no
-
-# Space separated list of wanted authentication mechanisms:
-#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
-#   gss-spnego
-# NOTE: See also disable_plaintext_auth setting.
-# el mecanismo "login" es para compatibilidad para Outlooks viejos
-auth_mechanisms = {{ dovecot_auth_mechanisms }}
-
-##
-## Password and user databases
-##
-
-#
-# Password database is used to verify user's password (and nothing more).
-# You can have multiple passdbs and userdbs. This is useful if you want to
-# allow both system users (/etc/passwd) and virtual users to login without
-# duplicating the system users into virtual database.
-#
-# <doc/wiki/PasswordDatabase.txt>
-#
-# User database specifies where mails are located and what user/group IDs
-# own them. For single-UID configuration use "static" userdb.
-#
-# <doc/wiki/UserDatabase.txt>
-
-#!include auth-deny.conf.ext
-{% if dovecot_auth_master_enable %}
-!include auth-master.conf.ext
-{% endif %}
-#!include auth-passwdfile.conf.ext
-{% if dovecot_auth_system_enable %}
-!include auth-system.conf.ext
-{% endif %}
-#!include auth-sql.conf.ext
-{% if dovecot_ldap_enable %}
-!include auth-ldap.conf.ext
-{% endif %}
-#!include auth-passwdfile.conf.ext
-#!include auth-checkpassword.conf.ext
-#!include auth-vpopmail.conf.ext
-#!include auth-static.conf.ext
diff --git a/templates/20-lmtp.conf.j2 b/templates/20-lmtp.conf.j2
deleted file mode 100644
index b3e4efe..0000000
--- a/templates/20-lmtp.conf.j2
+++ /dev/null
@@ -1,28 +0,0 @@
-##
-## LMTP specific settings
-##
-
-# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
-#lmtp_proxy = no
-
-# When recipient address includes the detail (e.g. user+detail), try to save
-# the mail to the detail mailbox. See also recipient_delimiter and
-# lda_mailbox_autocreate settings.
-#lmtp_save_to_detail_mailbox = no
-
-# Verify quota before replying to RCPT TO. This adds a small overhead.
-#lmtp_rcpt_check_quota = no
-
-# Which recipient address to use for Delivered-To: header and Received:
-# header. The default is "final", which is the same as the one given to
-# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
-# parameter, "none" uses nothing. Note that "none" is currently always used
-# when a mail has multiple recipients.
-#lmtp_hdr_delivery_address = final
-
-protocol lmtp {
-  # postmaster_address aparentemente es obligatorio
-  postmaster_address = postmaster@{{ mail_domains | first }}
-  # Space separated list of plugins to load (default is global mail_plugins).
-  mail_plugins = $mail_plugins sieve
-}
diff --git a/templates/90-quota.conf.j2 b/templates/90-quota.conf.j2
deleted file mode 100644
index 17ba518..0000000
--- a/templates/90-quota.conf.j2
+++ /dev/null
@@ -1,91 +0,0 @@
-#jinja2: lstrip_blocks: True
-##
-## Quota configuration.
-##
-
-# Note that you also have to enable quota plugin in mail_plugins setting.
-# <doc/wiki/Quota.txt>
-
-##
-## Quota limits
-##
-
-# Quota limits are set using "quota_rule" parameters. To get per-user quota
-# limits, you can set/override them by returning "quota_rule" extra field
-# from userdb. It's also possible to give mailbox-specific limits, for example
-# to give additional 100 MB when saving to Trash:
-
-plugin {
-  #quota_rule = *:storage=1G
-  #quota_rule2 = Trash:storage=+100M
-  quota_rule = *:storage={{ dovecot_quota_limit }}
-  {% for key, value in dovecot_quota_additional_limit.items() %}
-  quota_rule{{ loop.index + 1 }} = {{ key }}:storage=+{{ value }}
-  {% endfor %}
-
-  # LDA/LMTP allows saving the last mail to bring user from under quota to
-  # over quota, if the quota doesn't grow too high. Default is to allow as
-  # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
-  #quota_grace = 10%%
-  quota_grace = {{ dovecot_quota_grace | regex_replace("%.*$","%%") }}
-
-  {% if dovecot_quota_driver == "count" %}
-  quota_vsizes = yes
-  {% endif %}
-}
-
-##
-## Quota warnings
-##
-
-# You can execute a given command when user exceeds a specified quota limit.
-# Each quota root has separate limits. Only the command for the first
-# exceeded limit is excecuted, so put the highest limit first.
-# The commands are executed via script service by connecting to the named
-# UNIX socket (quota-warning below).
-# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
-
-plugin {
-  #quota_warning = storage=95%% quota-warning 95 %u
-  #quota_warning2 = storage=80%% quota-warning 80 %u
-}
-
-# Example quota-warning service. The unix listener's permissions should be
-# set in a way that mail processes can connect to it. Below example assumes
-# that mail processes run as vmail user. If you use mode=0666, all system users
-# can generate quota warnings to anyone.
-#service quota-warning {
-#  executable = script /usr/local/bin/quota-warning.sh
-#  user = dovecot
-#  unix_listener quota-warning {
-#    user = vmail
-#  }
-#}
-
-##
-## Quota backends
-##
-
-# Multiple backends are supported:
-#   dirsize: Find and sum all the files found from mail directory.
-#            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
-#   dict: Keep quota stored in dictionary (eg. SQL)
-#   maildir: Maildir++ quota
-#   fs: Read-only support for filesystem quota
-
-plugin {
-  quota = {{ dovecot_quota_driver }}:User quota
-  #quota = dirsize:User quota
-  #quota = maildir:User quota
-  #quota = dict:User quota::proxy::quota
-  #quota = fs:User quota
-}
-
-# Multiple quota roots are also possible, for example this gives each user
-# their own 100MB quota and one shared 1GB quota within the domain:
-plugin {
-  #quota = dict:user::proxy::quota
-  #quota2 = dict:domain:%d:proxy::quota_domain
-  #quota_rule = *:storage=102400
-  #quota2_rule = *:storage=1048576
-}
diff --git a/templates/dovecot-ldap.conf.ext.j2 b/templates/dovecot-ldap.conf.ext.j2
deleted file mode 100644
index 2663fa0..0000000
--- a/templates/dovecot-ldap.conf.ext.j2
+++ /dev/null
@@ -1,75 +0,0 @@
-# This file is commonly accessed via passdb {} or userdb {} section in
-# conf.d/auth-ldap.conf.ext
-
-# This file is opened as root, so it should be owned by root and mode 0600.
-# http://wiki2.dovecot.org/AuthDatabase/LDAP
-
-# Space separated list of LDAP hosts to use. host:port is allowed too.
-uris = {{ dovecot_ldap_uris | join(" ") }}
-
-# Use authentication binding for verifying password's validity. This works by
-# logging into LDAP server using the username and password given by client.
-# The pass_filter is used to find the DN for the user. Note that the pass_attrs
-# is still used, only the password field is ignored in it. Before doing any
-# search, the binding is switched back to the default DN.
-auth_bind = yes
-
-# If authentication binding is used, you can save one LDAP request per login
-# if users' DN can be specified with a common template. The template can use
-# the standard %variables (see user_filter). Note that you can't
-# use any pass_attrs if you use this setting.
-# auth_bind_userdn =
-
-# LDAP protocol version to use. Likely 2 or 3.
-ldap_version = {{ dovecot_ldap_version }}
-
-# LDAP base. %variables can be used here.
-# For example: dc=mail, dc=example, dc=org
-base = {{ dovecot_ldap_base }}
-
-# Search scope: base, onelevel, subtree
-scope = {{ dovecot_ldap_scope }}
-
-# User attributes are given in LDAP-name=dovecot-internal-name list. The
-# internal names are:
-#   uid - System UID
-#   gid - System GID
-#   home - Home directory
-#   mail - Mail location
-#
-# There are also other special fields which can be returned, see
-# http://wiki2.dovecot.org/UserDatabase/ExtraFields
-#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
-user_attrs = {{ dovecot_ldap_user_attrs }}
-
-# Filter for user lookup. Some variables can be used (see
-# http://wiki2.dovecot.org/Variables for full list):
-#   %u - username
-#   %n - user part in user@domain, same as %u if there's no domain
-#   %d - domain part in user@domain, empty if user there's no domain
-user_filter = {{ dovecot_ldap_user_filter }}
-
-# Password checking attributes:
-#  user: Virtual user name (user@domain), if you wish to change the
-#        user-given username to something else
-#  password: Password, may optionally start with {type}, eg. {crypt}
-# There are also other special fields which can be returned, see
-# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
-# pass_attrs = uid=user,userPassword=password
-
-# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
-# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
-# also have to include user_attrs in pass_attrs field prefixed with "userdb_"
-# string. For example:
-pass_attrs = {{ dovecot_ldap_pass_attrs }}
-
-# Filter for password lookups
-pass_filter = {{ dovecot_ldap_pass_filter }}
-
-# Attributes and filter to get a list of all users
-iterate_attrs = {{ dovecot_ldap_iterate_attrs }}
-iterate_filter = {{ dovecot_ldap_iterate_filter }}
-
-# Default password scheme. "{scheme}" before password overrides this.
-# List of supported schemes is in: http://wiki2.dovecot.org/Authentication
-default_pass_scheme = {{ dovecot_ldap_default_pass_scheme }}
-- 
2.47.2


From 0e816745889b70193742b0de6436f4fd556f669c Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 00:40:04 -0300
Subject: [PATCH 15/30] bfix

---
 tasks/main.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 564d699..5e9fcfc 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,13 +15,12 @@
     - 10-mail.conf
     - 10-master.conf
     - 10-ssl.conf
-    - 11-quota.conf
     - 15-mailboxes.conf
     - 20-imap.conf
     - 20-lmtp.conf.tmpl
     - 90-antispam.conf
     - 90-sieve.conf
-    - ldap.conf.ext
+    - ldap.conf.ext.tmpl
     - junk-filter.sieve
     - local.conf
     - submission.conf.tmpl
@@ -79,7 +78,7 @@
       LDAP_ITERATE_ATTRS: "{{ dovecot_ldap_iterate_attrs }}"
       LDAP_ITERATE_FILTER: "{{ dovecot_ldap_iterate_filter }}"
       LDAP_DEFAULT_PASS_SCHEME: "{{ dovecot_ldap_default_pass_scheme }}"
-  REGISTER: container
+  register: container
 
 - name: Leer info de volumen {{ dovecot_volume_config }}
   docker_volume_info:
-- 
2.47.2


From db161e5b78affd929ba4a2895b5c3ce236451be2 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 00:42:34 -0300
Subject: [PATCH 16/30] fix string type

---
 tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 5e9fcfc..1846e7e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -68,7 +68,7 @@
       LDAP_HOSTS: "{{ dovecot_ldap_hosts | join(' ') }}"
       LDAP_URIS: "{{ dovecot_ldap_uris | join(' ') }}"
       LDAP_BIND: "{{ 'yes' if dovecot_ldap_bind else 'no' }}"
-      LDAP_VERSION: "{{ dovecot_ldap_version }}"
+      LDAP_VERSION: "{{ dovecot_ldap_version | string }}"
       LDAP_BASE: "{{ dovecot_ldap_base }}"
       LDAP_SCOPE: "{{ dovecot_ldap_scope }}"
       LDAP_USER_ATTRS: "{{ dovecot_ldap_user_attrs }}"
-- 
2.47.2


From 2a25f6e86e5e6abe091659d88a9a160fc22c4a03 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 00:48:43 -0300
Subject: [PATCH 17/30] split confd config into multiple files

---
 files/Dockerfile            |  2 +-
 files/confd-auth.toml       | 10 ++++++
 files/confd-ldap.toml       | 18 ++++++++++
 files/confd-ldap2.toml      | 18 ++++++++++
 files/confd-lmtp.toml       |  6 ++++
 files/confd-submission.toml | 15 ++++++++
 files/confd.toml            | 71 -------------------------------------
 7 files changed, 68 insertions(+), 72 deletions(-)
 create mode 100644 files/confd-auth.toml
 create mode 100644 files/confd-ldap.toml
 create mode 100644 files/confd-ldap2.toml
 create mode 100644 files/confd-lmtp.toml
 create mode 100644 files/confd-submission.toml
 delete mode 100644 files/confd.toml

diff --git a/files/Dockerfile b/files/Dockerfile
index 09ae38b..6793aae 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -49,7 +49,7 @@ ADD \
   ldap.conf.ext.tmpl \
   submission.conf.tmpl \
   /etc/confd/templates/
-ADD confd.toml /etc/confd/conf.d/
+ADD confd-*.toml /etc/confd/conf.d/
 
 RUN sievec /etc/dovecot/sieve/before/junk-filter.sieve
 
diff --git a/files/confd-auth.toml b/files/confd-auth.toml
new file mode 100644
index 0000000..f7b8a0f
--- /dev/null
+++ b/files/confd-auth.toml
@@ -0,0 +1,10 @@
+[template]
+src = "10-auth.conf.tmpl"
+dest = "/etc/dovecot/local.d/10-auth.conf"
+keys = [
+    "/mail/domains",
+    "/auth/username/format",
+    "/auth/mechanisms",
+    "/auth/master/enable",
+    "/auth/ldap/enable"
+]
diff --git a/files/confd-ldap.toml b/files/confd-ldap.toml
new file mode 100644
index 0000000..492053c
--- /dev/null
+++ b/files/confd-ldap.toml
@@ -0,0 +1,18 @@
+[template]
+src = "ldap.conf.ext.tmpl"
+dest = "/etc/dovecot/local.d/ldap.conf.ext"
+keys = [
+    "/ldap/hosts",
+    "/ldap/uris",
+    "/ldap/bind",
+    "/ldap/version",
+    "/ldap/base",
+    "/ldap/scope",
+    "/ldap/user/attrs",
+    "/ldap/user/filter",
+    "/ldap/pass/attrs",
+    "/ldap/pass/filter",
+    "/ldap/iterate/attrs",
+    "/ldap/iterate/filter",
+    "/ldap/default/pass/scheme",
+]
diff --git a/files/confd-ldap2.toml b/files/confd-ldap2.toml
new file mode 100644
index 0000000..6bb380e
--- /dev/null
+++ b/files/confd-ldap2.toml
@@ -0,0 +1,18 @@
+[template]
+src = "ldap.conf.ext.tmpl"
+dest = "/etc/dovecot/local.d/ldap2.conf.ext"
+keys = [
+    "/ldap/hosts",
+    "/ldap/uris",
+    "/ldap/bind",
+    "/ldap/version",
+    "/ldap/base",
+    "/ldap/scope",
+    "/ldap/user/attrs",
+    "/ldap/user/filter",
+    "/ldap/pass/attrs",
+    "/ldap/pass/filter",
+    "/ldap/iterate/attrs",
+    "/ldap/iterate/filter",
+    "/ldap/default/pass/scheme",
+]
diff --git a/files/confd-lmtp.toml b/files/confd-lmtp.toml
new file mode 100644
index 0000000..5d46a0d
--- /dev/null
+++ b/files/confd-lmtp.toml
@@ -0,0 +1,6 @@
+[template]
+src = "20-lmtp.conf.tmpl"
+dest = "/etc/dovecot/local.d/20-lmtp.conf"
+keys = [
+    "/mail/domains"
+]
diff --git a/files/confd-submission.toml b/files/confd-submission.toml
new file mode 100644
index 0000000..196f8bb
--- /dev/null
+++ b/files/confd-submission.toml
@@ -0,0 +1,15 @@
+[template]
+src = "submission.conf.tmpl"
+dest = "/etc/dovecot/local.d/submission.conf"
+keys = [
+    "/submission/enable",
+    "/submission/relay/host",
+    "/submission/relay/port",
+    "/submission/relay/trusted",
+    "/submission/relay/user",
+    "/submission/relay/master/user",
+    "/submission/relay/password",
+    "/submission/relay/ssl",
+    "/submission/relay/ssl/verify",
+    "/submission/relay/rawlog/dir"
+]
diff --git a/files/confd.toml b/files/confd.toml
deleted file mode 100644
index 5e6692e..0000000
--- a/files/confd.toml
+++ /dev/null
@@ -1,71 +0,0 @@
-[template]
-src = "submission.conf.tmpl"
-dest = "/etc/dovecot/local.d/submission.conf"
-keys = [
-    "/submission/enable",
-    "/submission/relay/host",
-    "/submission/relay/port",
-    "/submission/relay/trusted",
-    "/submission/relay/user",
-    "/submission/relay/master/user",
-    "/submission/relay/password",
-    "/submission/relay/ssl",
-    "/submission/relay/ssl/verify",
-    "/submission/relay/rawlog/dir"
-]
-
-[template]
-src = "10-auth.conf.tmpl"
-dest = "/etc/dovecot/local.d/10-auth.conf"
-keys = [
-    "/mail/domains",
-    "/auth/username/format",
-    "/auth/mechanisms",
-    "/auth/master/enable",
-    "/auth/ldap/enable"
-]
-
-[template]
-src = "20-lmtp.conf.tmpl"
-dest = "/etc/dovecot/local.d/20-lmtp.conf"
-keys = [
-    "/mail/domains"
-]
-
-[template]
-src = "ldap.conf.ext.tmpl"
-dest = "/etc/dovecot/local.d/ldap.conf.ext"
-keys = [
-    "/ldap/hosts",
-    "/ldap/uris",
-    "/ldap/bind",
-    "/ldap/version",
-    "/ldap/base",
-    "/ldap/scope",
-    "/ldap/user/attrs",
-    "/ldap/user/filter",
-    "/ldap/pass/attrs",
-    "/ldap/pass/filter",
-    "/ldap/iterate/attrs",
-    "/ldap/iterate/filter",
-    "/ldap/default/pass/scheme",
-]
-
-[template]
-src = "ldap.conf.ext.tmpl"
-dest = "/etc/dovecot/local.d/ldap2.conf.ext"
-keys = [
-    "/ldap/hosts",
-    "/ldap/uris",
-    "/ldap/bind",
-    "/ldap/version",
-    "/ldap/base",
-    "/ldap/scope",
-    "/ldap/user/attrs",
-    "/ldap/user/filter",
-    "/ldap/pass/attrs",
-    "/ldap/pass/filter",
-    "/ldap/iterate/attrs",
-    "/ldap/iterate/filter",
-    "/ldap/default/pass/scheme",
-]
-- 
2.47.2


From e6afdff4c8c6dec4252700dc42defdddf733c983 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 00:52:48 -0300
Subject: [PATCH 18/30] split confd config into multiple files

---
 tasks/main.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 1846e7e..1c8c38c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -24,7 +24,11 @@
     - junk-filter.sieve
     - local.conf
     - submission.conf.tmpl
-    - confd.toml
+    - confd-auth.toml
+    - confd-ldap.toml
+    - confd-ldap2.toml
+    - confd-lmtp.toml
+    - confd-submission.toml
   tags: skip_me
 
 - name: Crear imagen {{ dovecot_image }}
-- 
2.47.2


From 25fa394b997534f02621771cc7a19f918c9f5e11 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 01:04:56 -0300
Subject: [PATCH 19/30] fix go templates

---
 files/10-auth.conf.tmpl | 2 +-
 files/20-lmtp.conf.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/10-auth.conf.tmpl b/files/10-auth.conf.tmpl
index 839056f..9ded33b 100644
--- a/files/10-auth.conf.tmpl
+++ b/files/10-auth.conf.tmpl
@@ -1,5 +1,5 @@
 auth_realms = {{ getv "/mail/domains" }}
-auth_default_realm = {{ first 1 (split (getv "/mail/domains") " ") }}
+auth_default_realm = {{ index (split (getv "/mail/domains") " ") 1 }}
 auth_username_format = {{ getv "/auth/username/format" }}
 auth_mechanisms = {{ getv "/auth/mechanisms" }}
 
diff --git a/files/20-lmtp.conf.tmpl b/files/20-lmtp.conf.tmpl
index 3429338..4e5b419 100644
--- a/files/20-lmtp.conf.tmpl
+++ b/files/20-lmtp.conf.tmpl
@@ -1,5 +1,5 @@
 protocol lmtp {
   # postmaster_address aparentemente es obligatorio
-  postmaster_address = postmaster@{{ first 1 (split (getv "/mail/domains") " ") }}
+  postmaster_address = postmaster@{{ index (split (getv "/mail/domains") " ") 1 }}
   mail_plugins = $mail_plugins sieve
 }
-- 
2.47.2


From b500a005282daab5a5f758c20515ec56f7dcd36d Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 01:10:25 -0300
Subject: [PATCH 20/30] tmpl: zero indexing

---
 files/10-auth.conf.tmpl | 2 +-
 files/20-lmtp.conf.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/10-auth.conf.tmpl b/files/10-auth.conf.tmpl
index 9ded33b..7838f82 100644
--- a/files/10-auth.conf.tmpl
+++ b/files/10-auth.conf.tmpl
@@ -1,5 +1,5 @@
 auth_realms = {{ getv "/mail/domains" }}
-auth_default_realm = {{ index (split (getv "/mail/domains") " ") 1 }}
+auth_default_realm = {{ index (split (getv "/mail/domains") " ") 0 }}
 auth_username_format = {{ getv "/auth/username/format" }}
 auth_mechanisms = {{ getv "/auth/mechanisms" }}
 
diff --git a/files/20-lmtp.conf.tmpl b/files/20-lmtp.conf.tmpl
index 4e5b419..529db27 100644
--- a/files/20-lmtp.conf.tmpl
+++ b/files/20-lmtp.conf.tmpl
@@ -1,5 +1,5 @@
 protocol lmtp {
   # postmaster_address aparentemente es obligatorio
-  postmaster_address = postmaster@{{ index (split (getv "/mail/domains") " ") 1 }}
+  postmaster_address = postmaster@{{ index (split (getv "/mail/domains") " ") 0 }}
   mail_plugins = $mail_plugins sieve
 }
-- 
2.47.2


From 3164636dd3d0664147c8cea9c65753a3f10971ba Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 01:19:13 -0300
Subject: [PATCH 21/30] add submissiond dependency

---
 files/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/Dockerfile b/files/Dockerfile
index 6793aae..c1668e7 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -18,6 +18,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
      dovecot-imapd \
      dovecot-ldap \
      dovecot-sieve \
+     dovecot-submissiond \
      dovecot-managesieved \
      dovecot-antispam \
      bogofilter \
-- 
2.47.2


From c4a1365373c0da53c1a020055bad9be48798f18f Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 01:22:27 -0300
Subject: [PATCH 22/30] fix Dockerfile

---
 files/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/Dockerfile b/files/Dockerfile
index c1668e7..01fb288 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -29,7 +29,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
   && mkdir -p /ssl && chmod 700 /ssl \
   && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
   && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
-  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/{before,after}
+  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/before /etc/dovecot/sieve/after
 
 ADD 10-mail.conf \
   10-master.conf \
@@ -52,7 +52,7 @@ ADD \
   /etc/confd/templates/
 ADD confd-*.toml /etc/confd/conf.d/
 
-RUN sievec /etc/dovecot/sieve/before/junk-filter.sieve
+RUN sievec /etc/dovecot/sieve/before
 
 VOLUME /etc/dovecot /ssl /vmail
 
-- 
2.47.2


From 2ff593c0969d1249d41009219531f064ad6096cb Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 20:51:11 -0300
Subject: [PATCH 23/30] mejoras generales

---
 defaults/main.yml                             |  6 ++++
 files/Dockerfile                              | 36 ++++++++++++-------
 .../conf.d/auth.toml}                         |  2 +-
 .../conf.d/ldap.toml}                         |  0
 .../conf.d/ldap2.toml}                        |  0
 .../conf.d/lmtp.toml}                         |  0
 .../conf.d/submission.toml}                   |  1 -
 files/{ => confd/templates}/10-auth.conf.tmpl |  2 +-
 files/{ => confd/templates}/20-lmtp.conf.tmpl |  0
 .../{ => confd/templates}/90-quota.conf.tmpl  |  0
 .../{ => confd/templates}/ldap.conf.ext.tmpl  |  0
 .../templates}/submission.conf.tmpl           |  5 ---
 tasks/main.yml                                | 28 ++++++---------
 13 files changed, 43 insertions(+), 37 deletions(-)
 rename files/{confd-auth.toml => confd/conf.d/auth.toml} (88%)
 rename files/{confd-ldap.toml => confd/conf.d/ldap.toml} (100%)
 rename files/{confd-ldap2.toml => confd/conf.d/ldap2.toml} (100%)
 rename files/{confd-lmtp.toml => confd/conf.d/lmtp.toml} (100%)
 rename files/{confd-submission.toml => confd/conf.d/submission.toml} (93%)
 rename files/{ => confd/templates}/10-auth.conf.tmpl (94%)
 rename files/{ => confd/templates}/20-lmtp.conf.tmpl (100%)
 rename files/{ => confd/templates}/90-quota.conf.tmpl (100%)
 rename files/{ => confd/templates}/ldap.conf.ext.tmpl (100%)
 rename files/{ => confd/templates}/submission.conf.tmpl (81%)

diff --git a/defaults/main.yml b/defaults/main.yml
index aadd826..e070700 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -100,3 +100,9 @@ dovecot_quota_additional_limit:
 
 # gracia (en porcentaje o M)
 dovecot_quota_grace: 10%
+
+# submission
+dovecot_submission_enable: yes
+dovecot_submission_relay_host: postfix
+dovecot_submission_relay_port: 25
+dovecot_submission_relay_trusted: yes
diff --git a/files/Dockerfile b/files/Dockerfile
index 01fb288..2f1d1ad 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -2,7 +2,11 @@ FROM eumau/debian:buster-slim
 LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
-ENV SUBMISSION_ENABLE= \
+ENV \
+    MAIL_DOMAINS= \
+    AUTH_MECHANISMS=plain \
+    AUTH_USERNAME_FORMAT="%Lu" \
+    AUTH_MASTER_ENABLE= \
     SUBMISSION_RELAY_HOST= \
     SUBMISSION_RELAY_PORT=25 \
     SUBMISSION_RELAY_TRUSTED=yes \
@@ -11,9 +15,25 @@ ENV SUBMISSION_ENABLE= \
     SUBMISSION_RELAY_PASSWORD= \
     SUBMISSION_RELAY_SSL=starttls \
     SUBMISSION_RELAY_SSL_VERIFY=no \
-    SUBMISSION_RELAY_RAWLOG_DIR=
+    SUBMISSION_RELAY_RAWLOG_DIR= \
+    LDAP_ENABLE= \
+    LDAP_HOSTS="ldap:389" \
+    LDAP_URIS= \
+    LDAP_BIND=yes \
+    LDAP_VERSION=3 \
+    LDAP_BASE="dc=example,dc=org" \
+    LDAP_SCOPE=sub \
+    LDAP_USER_ATTRS="=home=/vmail/mail/%d/%n, =uid=5000, =gid=5000" \
+    LDAP_USER_FILTER="(&(objectClass=inetOrgPerson)(uid=%n))" \
+    LDAP_PASS_ATTRS="userPassword=password, =userdb_home=/vmail/mail/%d/%n, =userdb_uid=5000, =userdb_gid=5000" \
+    LDAP_PASS_FILTER="(&(objectClass=inetOrgPerson)(uid=%n))" \
+    LDAP_ITERATE_ATTRS="=user=%{ldap:uid}@%d" \
+    LDAP_ITERATE_FILTER="(objectClass=inetOrgPerson)" \
+    LDAP_DEFAULT_PASS_SCHEME=CRYPT
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
+  && mkdir -p /vmail && chown vmail:vmail /vmail \
+  && apt-get update && apt-get install -y --no-install-recommends \
      dovecot-lmtpd \
      dovecot-imapd \
      dovecot-ldap \
@@ -24,8 +44,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
      bogofilter \
      ssl-cert \
   && rm -rf /var/lib/apt/lists/* \
-  && groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
-  && mkdir -p /vmail && chown vmail:vmail /vmail \
   && mkdir -p /ssl && chmod 700 /ssl \
   && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
   && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
@@ -44,13 +62,7 @@ ADD 10-mail.conf \
 ADD local.conf /etc/dovecot/
 ADD junk-filter.sieve /etc/dovecot/sieve/before/
 
-ADD \
-  10-auth.conf.tmpl \
-  20-lmtp.conf.tmpl \
-  ldap.conf.ext.tmpl \
-  submission.conf.tmpl \
-  /etc/confd/templates/
-ADD confd-*.toml /etc/confd/conf.d/
+ADD confd /etc/confd/
 
 RUN sievec /etc/dovecot/sieve/before
 
diff --git a/files/confd-auth.toml b/files/confd/conf.d/auth.toml
similarity index 88%
rename from files/confd-auth.toml
rename to files/confd/conf.d/auth.toml
index f7b8a0f..3f02539 100644
--- a/files/confd-auth.toml
+++ b/files/confd/conf.d/auth.toml
@@ -6,5 +6,5 @@ keys = [
     "/auth/username/format",
     "/auth/mechanisms",
     "/auth/master/enable",
-    "/auth/ldap/enable"
+    "/ldap/enable"
 ]
diff --git a/files/confd-ldap.toml b/files/confd/conf.d/ldap.toml
similarity index 100%
rename from files/confd-ldap.toml
rename to files/confd/conf.d/ldap.toml
diff --git a/files/confd-ldap2.toml b/files/confd/conf.d/ldap2.toml
similarity index 100%
rename from files/confd-ldap2.toml
rename to files/confd/conf.d/ldap2.toml
diff --git a/files/confd-lmtp.toml b/files/confd/conf.d/lmtp.toml
similarity index 100%
rename from files/confd-lmtp.toml
rename to files/confd/conf.d/lmtp.toml
diff --git a/files/confd-submission.toml b/files/confd/conf.d/submission.toml
similarity index 93%
rename from files/confd-submission.toml
rename to files/confd/conf.d/submission.toml
index 196f8bb..ee8091b 100644
--- a/files/confd-submission.toml
+++ b/files/confd/conf.d/submission.toml
@@ -2,7 +2,6 @@
 src = "submission.conf.tmpl"
 dest = "/etc/dovecot/local.d/submission.conf"
 keys = [
-    "/submission/enable",
     "/submission/relay/host",
     "/submission/relay/port",
     "/submission/relay/trusted",
diff --git a/files/10-auth.conf.tmpl b/files/confd/templates/10-auth.conf.tmpl
similarity index 94%
rename from files/10-auth.conf.tmpl
rename to files/confd/templates/10-auth.conf.tmpl
index 7838f82..e16688d 100644
--- a/files/10-auth.conf.tmpl
+++ b/files/confd/templates/10-auth.conf.tmpl
@@ -17,7 +17,7 @@ passdb {
 {{ end }}
 
 
-{{ if eq (getv "/auth/ldap/enable") "yes"}}
+{{ if eq (getv "/ldap/enable") "yes"}}
 passdb {
   driver = ldap
   args = /etc/dovecot/local.d/ldap.conf.ext
diff --git a/files/20-lmtp.conf.tmpl b/files/confd/templates/20-lmtp.conf.tmpl
similarity index 100%
rename from files/20-lmtp.conf.tmpl
rename to files/confd/templates/20-lmtp.conf.tmpl
diff --git a/files/90-quota.conf.tmpl b/files/confd/templates/90-quota.conf.tmpl
similarity index 100%
rename from files/90-quota.conf.tmpl
rename to files/confd/templates/90-quota.conf.tmpl
diff --git a/files/ldap.conf.ext.tmpl b/files/confd/templates/ldap.conf.ext.tmpl
similarity index 100%
rename from files/ldap.conf.ext.tmpl
rename to files/confd/templates/ldap.conf.ext.tmpl
diff --git a/files/submission.conf.tmpl b/files/confd/templates/submission.conf.tmpl
similarity index 81%
rename from files/submission.conf.tmpl
rename to files/confd/templates/submission.conf.tmpl
index c3bcccc..791783d 100644
--- a/files/submission.conf.tmpl
+++ b/files/confd/templates/submission.conf.tmpl
@@ -1,5 +1,3 @@
-{{ if eq (getv "/submission/enable") "yes"}}
-protocols = $protocols submission
 submission_relay_host = {{getv "/submission/relay/host"}}
 submission_relay_port = {{getv "/submission/relay/port"}}
 submission_relay_trusted = {{getv "/submission/relay/trusted"}}
@@ -9,6 +7,3 @@ submission_relay_password = {{getv "/submission/relay/password"}}
 submission_relay_ssl = {{getv "/submission/relay/ssl"}}
 submission_relay_ssl_verify = {{getv "/submission/relay/ssl/verify"}}
 submission_relay_rawlog_dir = {{getv "/submission/relay/rawlog/dir"}}
-{{else}}
-# submission service disabled
-{{end}}
diff --git a/tasks/main.yml b/tasks/main.yml
index 1c8c38c..1c33f87 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,24 +11,16 @@
     dest: /root/.dovecot-docker-image
   loop:
     - Dockerfile
-    - 10-auth.conf.tmpl
     - 10-mail.conf
     - 10-master.conf
     - 10-ssl.conf
     - 15-mailboxes.conf
     - 20-imap.conf
-    - 20-lmtp.conf.tmpl
     - 90-antispam.conf
     - 90-sieve.conf
-    - ldap.conf.ext.tmpl
     - junk-filter.sieve
     - local.conf
-    - submission.conf.tmpl
-    - confd-auth.toml
-    - confd-ldap.toml
-    - confd-ldap2.toml
-    - confd-lmtp.toml
-    - confd-submission.toml
+    - confd
   tags: skip_me
 
 - name: Crear imagen {{ dovecot_image }}
@@ -50,25 +42,27 @@
       - "{{ dovecot_volume_ssl }}:/ssl/"
     networks:
       - name: "{{ docker_network_name }}"
-    ports:
-      - 143:143
-      - 2000:2000
+    ports: >-
+      [ "143:143",
+        {{ '"587:587",' if dovecot_submission_enable else '' }}
+        "2000:2000"
+      ]
+
     env:
       MAIL_DOMAINS: "{{ mail_domains.keys() | list | join(' ') }}"
       AUTH_MECHANISMS: "{{ dovecot_auth_mechanisms }}"
       AUTH_USERNAME_FORMAT: "{{ dovecot_auth_username_format }}"
-      AUTH_LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}"
       AUTH_MASTER_ENABLE: "{{ 'yes' if dovecot_auth_master_enable else '' }}"
-      SUBMISSION_ENABLE: "yes"
-      SUBMISSION_RELAY_HOST: postfix
-      SUBMISSION_RELAY_PORT: "25"
-      SUBMISSION_RELAY_TRUSTED: "yes"
+      SUBMISSION_RELAY_HOST: "{{ dovecot_submission_relay_host }}"
+      SUBMISSION_RELAY_PORT: "{{ dovecot_submission_relay_port | string }}"
+      SUBMISSION_RELAY_TRUSTED: "{{ 'yes' if dovecot_submission_relay_trusted else 'no' }}"
       # SUBMISSION_RELAY_USER:
       # SUBMISSION_RELAY_MASTER_USER:
       # SUBMISSION_RELAY_PASSWORD:
       # SUBMISSION_RELAY_SSL: starttls
       # SUBMISSION_RELAY_SSL_VERIFY: "no"
       # SUBMISSION_RELAY_RAWLOG_DIR:
+      LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}"
       LDAP_HOSTS: "{{ dovecot_ldap_hosts | join(' ') }}"
       LDAP_URIS: "{{ dovecot_ldap_uris | join(' ') }}"
       LDAP_BIND: "{{ 'yes' if dovecot_ldap_bind else 'no' }}"
-- 
2.47.2


From b24e192943627d176b51f2f6a05d599233e3f8ee Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 21:04:27 -0300
Subject: [PATCH 24/30] no verify relay ssl

---
 defaults/main.yml | 1 +
 tasks/main.yml    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index e070700..7996c6f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -106,3 +106,4 @@ dovecot_submission_enable: yes
 dovecot_submission_relay_host: postfix
 dovecot_submission_relay_port: 25
 dovecot_submission_relay_trusted: yes
+dovecot_submission_relay_ssl_verify: no
diff --git a/tasks/main.yml b/tasks/main.yml
index 1c33f87..79cf026 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -56,11 +56,11 @@
       SUBMISSION_RELAY_HOST: "{{ dovecot_submission_relay_host }}"
       SUBMISSION_RELAY_PORT: "{{ dovecot_submission_relay_port | string }}"
       SUBMISSION_RELAY_TRUSTED: "{{ 'yes' if dovecot_submission_relay_trusted else 'no' }}"
+      SUBMISSION_RELAY_SSL_VERIFY: "{{ 'yes' if dovecot_submission_relay_ssl_verify else 'no' }}"
       # SUBMISSION_RELAY_USER:
       # SUBMISSION_RELAY_MASTER_USER:
       # SUBMISSION_RELAY_PASSWORD:
       # SUBMISSION_RELAY_SSL: starttls
-      # SUBMISSION_RELAY_SSL_VERIFY: "no"
       # SUBMISSION_RELAY_RAWLOG_DIR:
       LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}"
       LDAP_HOSTS: "{{ dovecot_ldap_hosts | join(' ') }}"
-- 
2.47.2


From 54b1ada07431d3c43870064f4826e872e2ae9a7c Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 21:14:07 -0300
Subject: [PATCH 25/30] no relay ssl

---
 defaults/main.yml | 2 ++
 tasks/main.yml    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 7996c6f..86f9a42 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -106,4 +106,6 @@ dovecot_submission_enable: yes
 dovecot_submission_relay_host: postfix
 dovecot_submission_relay_port: 25
 dovecot_submission_relay_trusted: yes
+# FIXME: add ssl/tls support
+dovecot_submission_relay_ssl: "no"
 dovecot_submission_relay_ssl_verify: no
diff --git a/tasks/main.yml b/tasks/main.yml
index 79cf026..a1ed5c9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -57,10 +57,10 @@
       SUBMISSION_RELAY_PORT: "{{ dovecot_submission_relay_port | string }}"
       SUBMISSION_RELAY_TRUSTED: "{{ 'yes' if dovecot_submission_relay_trusted else 'no' }}"
       SUBMISSION_RELAY_SSL_VERIFY: "{{ 'yes' if dovecot_submission_relay_ssl_verify else 'no' }}"
+      SUBMISSION_RELAY_SSL: "{{ dovecot_submission_relay_ssl }}"
       # SUBMISSION_RELAY_USER:
       # SUBMISSION_RELAY_MASTER_USER:
       # SUBMISSION_RELAY_PASSWORD:
-      # SUBMISSION_RELAY_SSL: starttls
       # SUBMISSION_RELAY_RAWLOG_DIR:
       LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}"
       LDAP_HOSTS: "{{ dovecot_ldap_hosts | join(' ') }}"
-- 
2.47.2


From 167ce351a9c6d1c381749220b5bda1fd4afe841c Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 22:00:16 -0300
Subject: [PATCH 26/30] submission host

---
 defaults/main.yml                          | 3 ++-
 files/confd/conf.d/submission.toml         | 1 +
 files/confd/templates/submission.conf.tmpl | 1 +
 tasks/main.yml                             | 3 ++-
 4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 86f9a42..4ed4b8c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -15,7 +15,7 @@ dovecot_volume_mail: dovecot_mail
 dovecot_volume_ssl: dovecot_ssl
 
 # nombre red docker (definido por rol docker)
-docker_network_name: dockernet
+docker_network: dockernet
 
 # Auth
 
@@ -103,6 +103,7 @@ dovecot_quota_grace: 10%
 
 # submission
 dovecot_submission_enable: yes
+dovecot_submission_host: "{{ dovecot_image }}.{{ docker_network }}"
 dovecot_submission_relay_host: postfix
 dovecot_submission_relay_port: 25
 dovecot_submission_relay_trusted: yes
diff --git a/files/confd/conf.d/submission.toml b/files/confd/conf.d/submission.toml
index ee8091b..e64578e 100644
--- a/files/confd/conf.d/submission.toml
+++ b/files/confd/conf.d/submission.toml
@@ -2,6 +2,7 @@
 src = "submission.conf.tmpl"
 dest = "/etc/dovecot/local.d/submission.conf"
 keys = [
+    "/submission/host",
     "/submission/relay/host",
     "/submission/relay/port",
     "/submission/relay/trusted",
diff --git a/files/confd/templates/submission.conf.tmpl b/files/confd/templates/submission.conf.tmpl
index 791783d..4ba1104 100644
--- a/files/confd/templates/submission.conf.tmpl
+++ b/files/confd/templates/submission.conf.tmpl
@@ -1,3 +1,4 @@
+submission_host = {{getv "/submission/host"}}
 submission_relay_host = {{getv "/submission/relay/host"}}
 submission_relay_port = {{getv "/submission/relay/port"}}
 submission_relay_trusted = {{getv "/submission/relay/trusted"}}
diff --git a/tasks/main.yml b/tasks/main.yml
index a1ed5c9..14cdb2f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -41,7 +41,7 @@
       - "{{ dovecot_volume_mail }}:/vmail/"
       - "{{ dovecot_volume_ssl }}:/ssl/"
     networks:
-      - name: "{{ docker_network_name }}"
+      - name: "{{ docker_network }}"
     ports: >-
       [ "143:143",
         {{ '"587:587",' if dovecot_submission_enable else '' }}
@@ -53,6 +53,7 @@
       AUTH_MECHANISMS: "{{ dovecot_auth_mechanisms }}"
       AUTH_USERNAME_FORMAT: "{{ dovecot_auth_username_format }}"
       AUTH_MASTER_ENABLE: "{{ 'yes' if dovecot_auth_master_enable else '' }}"
+      SUBMISSION_HOST: "{{ dovecot_submission_host }}"
       SUBMISSION_RELAY_HOST: "{{ dovecot_submission_relay_host }}"
       SUBMISSION_RELAY_PORT: "{{ dovecot_submission_relay_port | string }}"
       SUBMISSION_RELAY_TRUSTED: "{{ 'yes' if dovecot_submission_relay_trusted else 'no' }}"
-- 
2.47.2


From 0a41891e5fdf3f8b95a136e50bf4134a326e71a2 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 22:05:26 -0300
Subject: [PATCH 27/30] submission host

---
 files/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/Dockerfile b/files/Dockerfile
index 2f1d1ad..a97697b 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -7,6 +7,7 @@ ENV \
     AUTH_MECHANISMS=plain \
     AUTH_USERNAME_FORMAT="%Lu" \
     AUTH_MASTER_ENABLE= \
+    SUBMISSION_HOST=dovecot.dockernet \
     SUBMISSION_RELAY_HOST= \
     SUBMISSION_RELAY_PORT=25 \
     SUBMISSION_RELAY_TRUSTED=yes \
-- 
2.47.2


From 7c2462641a6f51a6410e0665ff81ca3cf5b4a2a5 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 22:08:01 -0300
Subject: [PATCH 28/30] fix

---
 defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 4ed4b8c..ff4eeb2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -103,7 +103,7 @@ dovecot_quota_grace: 10%
 
 # submission
 dovecot_submission_enable: yes
-dovecot_submission_host: "{{ dovecot_image }}.{{ docker_network }}"
+dovecot_submission_host: "{{ dovecot_container }}.{{ docker_network }}"
 dovecot_submission_relay_host: postfix
 dovecot_submission_relay_port: 25
 dovecot_submission_relay_trusted: yes
-- 
2.47.2


From 7361b77cd3d5d791d0799f492979b47092052fe1 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 22:31:18 -0300
Subject: [PATCH 29/30] submission hostname

---
 defaults/main.yml                          | 2 +-
 files/Dockerfile                           | 2 +-
 files/confd/conf.d/submission.toml         | 2 +-
 files/confd/templates/submission.conf.tmpl | 2 +-
 tasks/main.yml                             | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index ff4eeb2..f44a53b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -103,7 +103,7 @@ dovecot_quota_grace: 10%
 
 # submission
 dovecot_submission_enable: yes
-dovecot_submission_host: "{{ dovecot_container }}.{{ docker_network }}"
+dovecot_submission_hostname: "{{ dovecot_container }}.{{ docker_network }}"
 dovecot_submission_relay_host: postfix
 dovecot_submission_relay_port: 25
 dovecot_submission_relay_trusted: yes
diff --git a/files/Dockerfile b/files/Dockerfile
index a97697b..aa29949 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -7,7 +7,7 @@ ENV \
     AUTH_MECHANISMS=plain \
     AUTH_USERNAME_FORMAT="%Lu" \
     AUTH_MASTER_ENABLE= \
-    SUBMISSION_HOST=dovecot.dockernet \
+    SUBMISSION_HOSTNAME=dovecot.dockernet \
     SUBMISSION_RELAY_HOST= \
     SUBMISSION_RELAY_PORT=25 \
     SUBMISSION_RELAY_TRUSTED=yes \
diff --git a/files/confd/conf.d/submission.toml b/files/confd/conf.d/submission.toml
index e64578e..51b822d 100644
--- a/files/confd/conf.d/submission.toml
+++ b/files/confd/conf.d/submission.toml
@@ -2,7 +2,7 @@
 src = "submission.conf.tmpl"
 dest = "/etc/dovecot/local.d/submission.conf"
 keys = [
-    "/submission/host",
+    "/submission/hostname",
     "/submission/relay/host",
     "/submission/relay/port",
     "/submission/relay/trusted",
diff --git a/files/confd/templates/submission.conf.tmpl b/files/confd/templates/submission.conf.tmpl
index 4ba1104..9ea4426 100644
--- a/files/confd/templates/submission.conf.tmpl
+++ b/files/confd/templates/submission.conf.tmpl
@@ -1,4 +1,4 @@
-submission_host = {{getv "/submission/host"}}
+hostname = {{getv "/submission/hostname"}}
 submission_relay_host = {{getv "/submission/relay/host"}}
 submission_relay_port = {{getv "/submission/relay/port"}}
 submission_relay_trusted = {{getv "/submission/relay/trusted"}}
diff --git a/tasks/main.yml b/tasks/main.yml
index 14cdb2f..69e2881 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -53,7 +53,7 @@
       AUTH_MECHANISMS: "{{ dovecot_auth_mechanisms }}"
       AUTH_USERNAME_FORMAT: "{{ dovecot_auth_username_format }}"
       AUTH_MASTER_ENABLE: "{{ 'yes' if dovecot_auth_master_enable else '' }}"
-      SUBMISSION_HOST: "{{ dovecot_submission_host }}"
+      SUBMISSION_HOSTNAME: "{{ dovecot_submission_hostname }}"
       SUBMISSION_RELAY_HOST: "{{ dovecot_submission_relay_host }}"
       SUBMISSION_RELAY_PORT: "{{ dovecot_submission_relay_port | string }}"
       SUBMISSION_RELAY_TRUSTED: "{{ 'yes' if dovecot_submission_relay_trusted else 'no' }}"
-- 
2.47.2


From 594544052b2a8d2f19efda0144cd697a4adc7e5b Mon Sep 17 00:00:00 2001
From: Mauro Torrez <mauro@qom>
Date: Tue, 10 Sep 2019 23:12:07 -0300
Subject: [PATCH 30/30] burl, imap metadata ready

---
 defaults/main.yml                       | 3 +++
 files/10-mail.conf                      | 1 +
 files/Dockerfile                        | 9 +++++----
 files/confd/conf.d/imap.toml            | 7 +++++++
 files/confd/templates/20-imap.conf.tmpl | 6 ++++++
 tasks/main.yml                          | 3 +--
 6 files changed, 23 insertions(+), 6 deletions(-)
 create mode 100644 files/confd/conf.d/imap.toml
 create mode 100644 files/confd/templates/20-imap.conf.tmpl

diff --git a/defaults/main.yml b/defaults/main.yml
index f44a53b..6d0ed22 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -110,3 +110,6 @@ dovecot_submission_relay_trusted: yes
 # FIXME: add ssl/tls support
 dovecot_submission_relay_ssl: "no"
 dovecot_submission_relay_ssl_verify: no
+
+# antispam
+dovecot_antispam_enable: yes
diff --git a/files/10-mail.conf b/files/10-mail.conf
index c95f005..4fe8a52 100644
--- a/files/10-mail.conf
+++ b/files/10-mail.conf
@@ -2,6 +2,7 @@
 ## Mailbox locations and namespaces
 ##
 mail_location = mdbox:~/dbox
+mail_attribute_dict = file:~/dovecot-attributes
 
 namespace inbox {
   # Namespace type: private, shared or public
diff --git a/files/Dockerfile b/files/Dockerfile
index aa29949..a4c0009 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -30,7 +30,9 @@ ENV \
     LDAP_PASS_FILTER="(&(objectClass=inetOrgPerson)(uid=%n))" \
     LDAP_ITERATE_ATTRS="=user=%{ldap:uid}@%d" \
     LDAP_ITERATE_FILTER="(objectClass=inetOrgPerson)" \
-    LDAP_DEFAULT_PASS_SCHEME=CRYPT
+    LDAP_DEFAULT_PASS_SCHEME=CRYPT \
+    ANTISPAM_ENABLE=yes \
+    IMAP_URLAUTH_HOST="*"
 
 RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
   && mkdir -p /vmail && chown vmail:vmail /vmail \
@@ -48,19 +50,18 @@ RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
   && mkdir -p /ssl && chmod 700 /ssl \
   && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
   && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
-  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/before /etc/dovecot/sieve/after
+  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/before /etc/dovecot/sieve/after \
+  && printf '!include_try local.d/*.conf\nlog_path = /dev/stdout\n' > /etc/dovecot/local.conf
 
 ADD 10-mail.conf \
   10-master.conf \
   10-ssl.conf \
   11-quota.conf \
   15-mailboxes.conf \
-  20-imap.conf \
   90-antispam.conf \
   90-sieve.conf \
   /etc/dovecot/conf.d/
 
-ADD local.conf /etc/dovecot/
 ADD junk-filter.sieve /etc/dovecot/sieve/before/
 
 ADD confd /etc/confd/
diff --git a/files/confd/conf.d/imap.toml b/files/confd/conf.d/imap.toml
new file mode 100644
index 0000000..5f7829a
--- /dev/null
+++ b/files/confd/conf.d/imap.toml
@@ -0,0 +1,7 @@
+[template]
+src = "20-imap.conf.tmpl"
+dest = "/etc/dovecot/local.d/20-imap.conf"
+keys = [
+    "/antispam/enable",
+    "/imap/urlauth/host"
+]
diff --git a/files/confd/templates/20-imap.conf.tmpl b/files/confd/templates/20-imap.conf.tmpl
new file mode 100644
index 0000000..efe8cee
--- /dev/null
+++ b/files/confd/templates/20-imap.conf.tmpl
@@ -0,0 +1,6 @@
+imap_capability = +SPECIAL_USE
+imap_urlauth_host = {{ getv "/imap/urlauth/host" }}
+protocol imap {
+  mail_plugins = $mail_plugins {{ if eq (getv "/antispam/enable") "yes" }}antispam{{ end }}
+  imap_metadata = yes
+}
diff --git a/tasks/main.yml b/tasks/main.yml
index 69e2881..d3af1a3 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,11 +15,9 @@
     - 10-master.conf
     - 10-ssl.conf
     - 15-mailboxes.conf
-    - 20-imap.conf
     - 90-antispam.conf
     - 90-sieve.conf
     - junk-filter.sieve
-    - local.conf
     - confd
   tags: skip_me
 
@@ -77,6 +75,7 @@
       LDAP_ITERATE_ATTRS: "{{ dovecot_ldap_iterate_attrs }}"
       LDAP_ITERATE_FILTER: "{{ dovecot_ldap_iterate_filter }}"
       LDAP_DEFAULT_PASS_SCHEME: "{{ dovecot_ldap_default_pass_scheme }}"
+      ANTISPAM_ENABLE: "{{ 'yes' if dovecot_antispam_enable else '' }}"
   register: container
 
 - name: Leer info de volumen {{ dovecot_volume_config }}
-- 
2.47.2