add antispam support using imap sieve

confd/conf.d/imap.toml

@@ -3,5 +3,6 @@ src = "20-imap.conf.tmpl"
 dest = "/etc/dovecot/local.d/20-imap.conf"
 keys = [
     "/antispam/enable",
+    "/sieve/enable",
     "/imap/urlauth/host"
 ]

confd/conf.d/lmtp.toml

@@ -2,5 +2,7 @@
 src = "20-lmtp.conf.tmpl"
 dest = "/etc/dovecot/local.d/20-lmtp.conf"
 keys = [
-    "/mail/domains"
+    "/mail/domains",
+    "/postmaster/address",
+    "/sieve/enable",
 ]

confd/conf.d/sieve.toml

@@ -0,0 +1,7 @@
+[template]
+src = "90-sieve.conf.tmpl"
+dest = "/etc/dovecot/local.d/90-sieve.conf"
+keys = [
+    "/sieve/enable",
+    "/antispam/enable",
+]

confd/conf.d/ssl.toml

@@ -5,4 +5,5 @@ keys = [
     "/ssl/cert",
     "/ssl/key",
     "/ssl/client/ca/dir",
+    "/ssl/client/ca/file",
 ]

confd/templates/10-auth.conf.tmpl

@@ -10,7 +10,7 @@ passdb {
   master = yes
   args = /etc/dovecot/master-users
 
-# Unless you're using PAM, you probably still want the destination user to
+  # Unless you're using PAM, you probably still want the destination user to
   # be looked up from passdb that it really exists. pass=yes does that.
   pass = yes
 }

confd/templates/10-ssl.conf.tmpl

@@ -1,7 +1,3 @@
-##
-## SSL settings
-##
-
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
 ssl = yes
 
@@ -12,51 +8,9 @@ ssl = yes
 {{ with getv "/ssl/cert" }}ssl_cert = <{{.}}{{ end }}
 {{ with getv "/ssl/key" }}ssl_key = <{{.}}{{ end }}
 
-# If key file is password protected, give the password here. Alternatively
-# give it when starting dovecot with -p parameter. Since this file is often
-# world-readable, you may want to place this setting instead to a different
-# root owned 0600 file by using ssl_key_password = <path.
-#ssl_key_password =
-
-# PEM encoded trusted certificate authority. Set this only if you intend to use
-# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
-# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
-#ssl_ca =
-
-# Require that CRL check succeeds for client certificates.
-#ssl_require_crl = yes
-
 # Directory and/or file for trusted SSL CA certificates. These are used only
 # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
 # directory is usually /etc/ssl/certs in Debian-based systems and the file is
 # /etc/pki/tls/cert.pem in RedHat-based systems.
 {{ with getv "/ssl/client/ca/dir" }}ssl_client_ca_dir = {{.}}{{ end }}
-#ssl_client_ca_file =
-
-# Request client to send a certificate. If you also want to require it, set
-# auth_ssl_require_client_cert=yes in auth section.
-#ssl_verify_client_cert = no
-
-# Which field from certificate to use for username. commonName and
-# x500UniqueIdentifier are the usual choices. You'll also need to set
-# auth_ssl_username_from_cert=yes.
-#ssl_cert_username_field = commonName
-
-# DH parameters length to use.
-#ssl_dh_parameters_length = 1024
-
-# SSL protocols to use
-#ssl_protocols = !SSLv3
-
-# SSL ciphers to use
-#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
-
-# Prefer the server's order of ciphers over client's.
-#ssl_prefer_server_ciphers = no
-
-# SSL crypto device to use, for valid values run "openssl engine"
-#ssl_crypto_device =
-
-# SSL extra options. Currently supported options are:
-#   no_compression - Disable compression.
-#ssl_options =
+{{ with getv "/ssl/client/ca/file" }}ssl_client_ca_file = {{.}}{{ end }}

confd/templates/20-imap.conf.tmpl

@@ -1,6 +1,6 @@
 imap_capability = +SPECIAL_USE
 imap_urlauth_host = {{ getv "/imap/urlauth/host" }}
 protocol imap {
-  mail_plugins = $mail_plugins {{ if eq (getv "/antispam/enable") "yes" }}antispam{{ end }}
+  mail_plugins = $mail_plugins {{ if eq (getv "/sieve/enable") "yes" }}imap_sieve{{ end }}
   imap_metadata = yes
 }

confd/templates/20-lmtp.conf.tmpl

@@ -1,5 +1,5 @@
 protocol lmtp {
   # postmaster_address aparentemente es obligatorio
-  postmaster_address = postmaster@{{ index (split (index (split (getv "/mail/domains") " ") 0) ",") 0 }}
-  mail_plugins = $mail_plugins sieve
+  postmaster_address = {{ with getv "/postmaster/address" }}{{.}}{{ else }}postmaster@{{ index (split (index (split (getv "/mail/domains") " ") 0) ",") 0 }}{{ end }}
+  mail_plugins = $mail_plugins {{ if eq (getv "/sieve/enable") "yes" }}sieve{{end}}
 }

confd/templates/90-sieve.conf.tmpl

@@ -0,0 +1,22 @@
+plugin {
+  sieve_plugins = {{ if eq (getv "/sieve/enable") "yes" }}sieve_imapsieve{{ if eq (getv "/antispam/enable") "yes" }} sieve_extprograms{{ end }}{{ end }}
+
+  sieve_before = /etc/dovecot/sieve/before
+  sieve_after = /etc/dovecot/sieve/after
+
+  {{ if eq (getv "/antispam/enable") "yes" }}
+  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
+  sieve_pipe_bin_dir = /etc/dovecot/sieve
+
+  # From elsewhere to Spam folder
+  imapsieve_mailbox1_name = Junk
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
+
+  # From Spam folder to elsewhere
+  imapsieve_mailbox2_name = *
+  imapsieve_mailbox2_from = Junk
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
+  {{ end }}
+}