Upgrade to bookworm, v4

.drone.yml

@@ -1,53 +0,0 @@
----
-kind: pipeline
-name: default
-
-steps:
-  - name: build and publish image
-    image: plugins/docker
-    settings:
-      repo: eumau/dovecot
-      auto_tag: true
-      username:
-        from_secret: dockerhub_username
-      password:
-        from_secret: dockerhub_password
-    when:
-      branch:
-        - master
-
----
-kind: pipeline
-name: pull_request
-
-steps:
-  - name: build image only
-    image: plugins/docker
-    settings:
-      repo: eumau/dovecot
-      auto_tag: true
-      dry_run: true
-
-trigger:
-  event:
-    - pull_request
-
----
-kind: pipeline
-name: tags
-
-steps:
-  - name: docker
-    image: plugins/docker
-    settings:
-      repo: eumau/dovecot
-      username:
-        from_secret: dockerhub_username
-      password:
-        from_secret: dockerhub_password
-      tags:
-        - ${DRONE_TAG}
-
-trigger:
-  event:
-    - tag

.gitea/workflows/build.yml

@@ -0,0 +1,38 @@
+name: Build Docker images
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        repo:
+          - "eumau/dovecot"
+        tag:
+          - "4"
+    steps:
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ${{ matrix.repo }}:${{ matrix.tag }}
+          platforms: linux/amd64,linux/arm64

15-mailboxes.conf

@@ -1,47 +1,3 @@
-##
-## Mailbox definitions
-##
-
-# Each mailbox is specified in a separate mailbox section. The section name
-# specifies the mailbox name. If it has spaces, you can put the name
-# "in quotes". These sections can contain the following mailbox settings:
-#
-# auto:
-#   Indicates whether the mailbox with this name is automatically created
-#   implicitly when it is first accessed. The user can also be automatically
-#   subscribed to the mailbox after creation. The following values are
-#   defined for this setting:
-#
-#     no        - Never created automatically.
-#     create    - Automatically created, but no automatic subscription.
-#     subscribe - Automatically created and subscribed.
-#
-# special_use:
-#   A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
-#   mailbox. There are no validity checks, so you could specify anything
-#   you want in here, but it's not a good idea to use flags other than the
-#   standard ones specified in the RFC:
-#
-#     \All      - This (virtual) mailbox presents all messages in the
-#                 user's message store.
-#     \Archive  - This mailbox is used to archive messages.
-#     \Drafts   - This mailbox is used to hold draft messages.
-#     \Flagged  - This (virtual) mailbox presents all messages in the
-#                 user's message store marked with the IMAP \Flagged flag.
-#     \Junk     - This mailbox is where messages deemed to be junk mail
-#                 are held.
-#     \Sent     - This mailbox is used to hold copies of messages that
-#                 have been sent.
-#     \Trash    - This mailbox is used to hold messages that have been
-#                 deleted.
-#
-# comment:
-#   Defines a default comment or note associated with the mailbox. This
-#   value is accessible through the IMAP METADATA mailbox entries
-#   "/shared/comment" and "/private/comment". Users with sufficient
-#   privileges can override the default value for entries with a custom
-#   value.
-
 # NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
 namespace inbox {
   # These mailboxes are widely used and could perhaps be created automatically:

90-antispam.conf

@@ -1,50 +0,0 @@
-plugin {
-
-# antispam_debug_target = syslog
-# antispam_debug_target = stderr
-# antispam_verbose_debug = 1
-
-antispam_backend = pipe
-
-# mail signature (used with any backend requiring a signature)
-antispam_signature = X-Bogosity
-
-# antispam_signature_missing = move # move silently without training
-antispam_signature_missing = error
-
-# semicolon-separated list of Trash folders (default unset i.e. none)
-# antispam_trash =
-# antispam_trash = trash;Trash;Deleted Items; Deleted Messages
-# antispam_trash_pattern = trash;Trash;Deleted *
-# antispam_trash_pattern_ignorecase =trash;deleted *
-antispam_trash = Trash;trash;mail/trash;Deleted Messages
-
-# semicolon-separated list of spam folders
-# antispam_spam = SPAM
-# antispam_spam_pattern = SPAM
-# antispam_spam_pattern_ignorecase = junk*;spam*
-antispam_spam = Junk;junk;Junk Mail;Spam;spam;SPAM
-
-# semicolon-separated list of unsure folders (default unset i.e. none)
-# antispam_unsure =
-# antispam_unsure_pattern =
-# antispam_unsure_pattern_ignorecase =
-
-# Whether to allow APPENDing to SPAM folders or not
-# antispam_allow_append_to_spam = no
-
-#=====================
-# pipe plugin
-
-# temporary directory
-antispam_pipe_tmpdir = /tmp
-
-# spam/not-spam argument (default unset which will is not what you want)
-antispam_pipe_program_spam_arg    = spam
-antispam_pipe_program_notspam_arg = ham
-
-# binary to pipe mail to
-antispam_pipe_program = /usr/local/bin/spamtrain
-#antispam_pipe_program_args = -f;%u@example.com # % expansion done by dovecot
-
-}

90-sieve.conf

@@ -1,214 +0,0 @@
-##
-## Settings for the Sieve interpreter
-##
-
-# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
-# by adding it to the respective mail_plugins= settings.
-
-# The Sieve interpreter can retrieve Sieve scripts from several types of
-# locations. The default `file' location type is a local filesystem path
-# pointing to a Sieve script file or a directory containing multiple Sieve
-# script files. More complex setups can use other location types such as
-# `ldap' or `dict' to fetch Sieve scripts from remote databases.
-#
-# All settings that specify the location of one ore more Sieve scripts accept
-# the following syntax:
-#
-# location = [<type>:]path[;<option>[=<value>][;...]]
-#
-# If the type prefix is omitted, the script location type is 'file' and the
-# location is interpreted as a local filesystem path pointing to a Sieve script
-# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
-# information.
-
-plugin {
-  # The location of the user's main Sieve script or script storage. The LDA
-  # Sieve plugin uses this to find the active script for Sieve filtering at
-  # delivery. The "include" extension uses this location for retrieving
-  # :personal" scripts. This is also where the  ManageSieve service will store
-  # the user's scripts, if supported.
-  #
-  # Currently only the 'file:' location type supports ManageSieve operation.
-  # Other location types like 'dict:' and 'ldap:' can currently only
-  # be used as a read-only script source ().
-  #
-  # For the 'file:' type: use the ';active=' parameter to specify where the
-  # active script symlink is located.
-  # For other types: use the ';name=' parameter to specify the name of the
-  # default/active script.
-  sieve = file:~/sieve;active=~/.dovecot.sieve
-
-  # The default Sieve script when the user has none. This is the location of a
-  # global sieve script file, which gets executed ONLY if user's personal Sieve
-  # script doesn't exist. Be sure to pre-compile this script manually using the
-  # sievec command line tool if the binary is not stored in a global location.
-  # --> See sieve_before for executing scripts before the user's personal
-  #     script.
-  #sieve_default = /var/lib/dovecot/sieve/default.sieve
-
-  # The name by which the default Sieve script (as configured by the
-  # sieve_default setting) is visible to the user through ManageSieve.
-  #sieve_default_name =
-
-  # Location for ":global" include scripts as used by the "include" extension.
-  #sieve_global =
-
-  # The location of a Sieve script that is run for any message that is about to
-  # be discarded; i.e., it is not delivered anywhere by the normal Sieve
-  # execution. This only happens when the "implicit keep" is canceled, by e.g.
-  # the "discard" action, and no actions that deliver the message are executed.
-  # This "discard script" can prevent discarding the message, by executing
-  # alternative actions. If the discard script does nothing, the message is
-	# still discarded as it would be when no discard script is configured.
-  #sieve_discard =
-
-  # Location Sieve of scripts that need to be executed before the user's
-  # personal script. If a 'file' location path points to a directory, all the
-  # Sieve scripts contained therein (with the proper `.sieve' extension) are
-  # executed. The order of execution within that directory is determined by the
-  # file names, using a normal 8bit per-character comparison.
-  #
-  # Multiple script locations can be specified by appending an increasing number
-  # to the setting name. The Sieve scripts found from these locations are added
-  # to the script execution sequence in the specified order. Reading the
-  # numbered sieve_before settings stops at the first missing setting, so no
-  # numbers may be skipped.
-  sieve_before = /etc/dovecot/sieve/before
-  #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
-  #sieve_before3 = (etc...)
-
-  # Identical to sieve_before, only the specified scripts are executed after the
-  # user's script (only when keep is still in effect!). Multiple script
-  # locations can be specified by appending an increasing number.
-  sieve_after = /etc/dovecot/sieve/after
-  #sieve_after2 =
-  #sieve_after2 = (etc...)
-
-  # Which Sieve language extensions are available to users. By default, all
-  # supported extensions are available, except for deprecated extensions or
-  # those that are still under development. Some system administrators may want
-  # to disable certain Sieve extensions or enable those that are not available
-  # by default. This setting can use '+' and '-' to specify differences relative
-  # to the default. For example `sieve_extensions = +imapflags' will enable the
-  # deprecated imapflags extension in addition to all extensions were already
-  # enabled by default.
-  #sieve_extensions = +notify +imapflags
-
-  # Which Sieve language extensions are ONLY available in global scripts. This
-  # can be used to restrict the use of certain Sieve extensions to administrator
-  # control, for instance when these extensions can cause security concerns.
-  # This setting has higher precedence than the `sieve_extensions' setting
-  # (above), meaning that the extensions enabled with this setting are never
-  # available to the user's personal script no matter what is specified for the
-  # `sieve_extensions' setting. The syntax of this setting is similar to the
-  # `sieve_extensions' setting, with the difference that extensions are
-  # enabled or disabled for exclusive use in global scripts. Currently, no
-  # extensions are marked as such by default.
-  #sieve_global_extensions =
-
-  # The Pigeonhole Sieve interpreter can have plugins of its own. Using this
-  # setting, the used plugins can be specified. Check the Dovecot wiki
-  # (wiki2.dovecot.org) or the pigeonhole website
-  # (http://pigeonhole.dovecot.org) for available plugins.
-  # The sieve_extprograms plugin is included in this release.
-  #sieve_plugins =
-
-  # The separator that is expected between the :user and :detail
-  # address parts introduced by the subaddress extension. This may
-  # also be a sequence of characters (e.g. '--'). The current
-  # implementation looks for the separator from the left of the
-  # localpart and uses the first one encountered. The :user part is
-  # left of the separator and the :detail part is right. This setting
-  # is also used by Dovecot's LMTP service.
-  #recipient_delimiter = +
-
-  # The maximum size of a Sieve script. The compiler will refuse to compile any
-  # script larger than this limit. If set to 0, no limit on the script size is
-  # enforced.
-  #sieve_max_script_size = 1M
-
-  # The maximum number of actions that can be performed during a single script
-  # execution. If set to 0, no limit on the total number of actions is enforced.
-  #sieve_max_actions = 32
-
-  # The maximum number of redirect actions that can be performed during a single
-  # script execution. If set to 0, no redirect actions are allowed.
-  #sieve_max_redirects = 4
-
-  # The maximum number of personal Sieve scripts a single user can have. If set
-  # to 0, no limit on the number of scripts is enforced.
-  # (Currently only relevant for ManageSieve)
-  #sieve_quota_max_scripts = 0
-
-  # The maximum amount of disk storage a single user's scripts may occupy. If
-  # set to 0, no limit on the used amount of disk storage is enforced.
-  # (Currently only relevant for ManageSieve)
-  #sieve_quota_max_storage = 0
-
-  # The primary e-mail address for the user. This is used as a default when no
-  # other appropriate address is available for sending messages. If this setting
-  # is not configured, either the postmaster or null "<>" address is used as a
-  # sender, depending on the action involved. This setting is important when
-  # there is no message envelope to extract addresses from, such as when the
-  # script is executed in IMAP.
-  #sieve_user_email =
-
-  # The path to the file where the user log is written. If not configured, a
-  # default location is used. If the main user's personal Sieve (as configured
-  # with sieve=) is a file, the logfile is set to <filename>.log by default. If
-  # it is not a file, the default user log file is ~/.dovecot.sieve.log.
-  #sieve_user_log =
-
-  # Specifies what envelope sender address is used for redirected messages.
-  # The following values are supported for this setting:
-  #
-  #   "sender"         - The sender address is used (default).
-  #   "recipient"      - The final recipient address is used.
-  #   "orig_recipient" - The original recipient is used.
-  #   "user_email"     - The user's primary address is used. This is
-  #                      configured with the "sieve_user_email" setting. If
-  #                      that setting is unconfigured, "user_mail" is equal to
-  #                      "recipient".
-  #   "postmaster"     - The postmaster_address configured for the LDA.
-  #   "<user@domain>"  - Redirected messages are always sent from user@domain.
-  #                      The angle brackets are mandatory. The null "<>" address
-  #                      is also supported.
-  #
-  # This setting is ignored when the envelope sender is "<>". In that case the
-  # sender of the redirected message is also always "<>".
-  #sieve_redirect_envelope_from = sender
-
-  ## TRACE DEBUGGING
-  # Trace debugging provides detailed insight in the operations performed by
-  # the Sieve script. These settings apply to both the LDA Sieve plugin and the
-  # IMAPSIEVE plugin.
-  #
-  # WARNING: On a busy server, this functionality can quickly fill up the trace
-  # directory with a lot of trace files. Enable this only temporarily and as
-  # selective as possible.
-
-  # The directory where trace files are written. Trace debugging is disabled if
-  # this setting is not configured or if the directory does not exist. If the
-  # path is relative or it starts with "~/" it is interpreted relative to the
-  # current user's home directory.
-  #sieve_trace_dir =
-
-  # The verbosity level of the trace messages. Trace debugging is disabled if
-  # this setting is not configured. Possible values are:
-  #
-  #   "actions"        - Only print executed action commands, like keep,
-  #                      fileinto, reject and redirect.
-  #   "commands"       - Print any executed command, excluding test commands.
-  #   "tests"          - Print all executed commands and performed tests.
-  #   "matching"       - Print all executed commands, performed tests and the
-  #                      values matched in those tests.
-  #sieve_trace_level =
-
-  # Enables highly verbose debugging messages that are usually only useful for
-  # developers.
-  #sieve_trace_debug = no
-
-  # Enables showing byte code addresses in the trace output, rather than only
-  # the source line numbers.
-  #sieve_trace_addresses = no
-}

Dockerfile

@@ -1,9 +1,35 @@
-FROM eumau/debian:buster-slim
+FROM eumau/debian:bookworm-slim
 LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
+RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
+  && mkdir -p /vmail/bogofilter && chown vmail:vmail /vmail \
+  && apt-get update && apt-get install -y --no-install-recommends \
+  dovecot-lmtpd \
+  dovecot-imapd \
+  dovecot-ldap \
+  dovecot-sieve \
+  dovecot-submissiond \
+  dovecot-managesieved \
+  bogofilter-sqlite \
+  ssl-cert \
+  ca-certificates \
+  && rm -rf /var/lib/apt/lists/* \
+  && mkdir -p /ssl && chmod 700 /ssl \
+  && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
+  && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
+  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/before /etc/dovecot/sieve/after \
+  && printf '!include_try local.d/*.conf\nlog_path = /dev/stdout\n' > /etc/dovecot/local.conf
+
+ADD 10-auth.conf \
+  10-mail.conf \
+  10-master.conf \
+  15-mailboxes.conf \
+  /etc/dovecot/conf.d/
+
 ENV \
   MAIL_DOMAINS= \
+  POSTMASTER_ADDRESS= \
   AUTH_MECHANISMS=plain \
   AUTH_USERNAME_FORMAT="%Lu" \
   AUTH_MASTER_ENABLE= \
@@ -31,50 +57,21 @@ ENV \
   LDAP_ITERATE_ATTRS="=user=%{ldap:uid}@%d" \
   LDAP_ITERATE_FILTER="(objectClass=inetOrgPerson)" \
   LDAP_DEFAULT_PASS_SCHEME=CRYPT \
+  SINGLE_USER= \
   ANTISPAM_ENABLE=yes \
+  SIEVE_ENABLE=yes \
+  MANAGESIEVE_ENABLE=yes \
   IMAP_URLAUTH_HOST="*" \
   SSL_CLIENT_CA_DIR="/etc/ssl/certs" \
+  SSL_CLIENT_CA_FILE= \
   SSL_CERT="/ssl/cert.pem" \
   SSL_KEY="/ssl/key.pem"
 
-RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
-  && mkdir -p /vmail/bogofilter && chown vmail:vmail /vmail \
-  && apt-get update && apt-get install -y --no-install-recommends \
-     dovecot-lmtpd \
-     dovecot-imapd \
-     dovecot-ldap \
-     dovecot-sieve \
-     dovecot-submissiond \
-     dovecot-managesieved \
-     dovecot-antispam \
-     bogofilter-sqlite \
-     ssl-cert \
-     ca-certificates \
-  && rm -rf /var/lib/apt/lists/* \
-  && mkdir -p /ssl && chmod 700 /ssl \
-  && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
-  && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
-  && mkdir -p /etc/dovecot/local.d /etc/dovecot/sieve/before /etc/dovecot/sieve/after \
-  && printf '!include_try local.d/*.conf\nlog_path = /dev/stdout\n' > /etc/dovecot/local.conf
-
-ADD 10-auth.conf \
-  10-mail.conf \
-  10-master.conf \
-  15-mailboxes.conf \
-  90-antispam.conf \
-  90-sieve.conf \
-  /etc/dovecot/conf.d/
-
-ADD junk-filter.sieve /etc/dovecot/sieve/before/
-
 ADD confd /etc/confd/
-
+ADD spamtrain.sh report-ham.sieve report-spam.sieve /etc/dovecot/sieve/
-ADD spamtrain /usr/local/bin/
+ADD junk-filter.sieve /etc/dovecot/sieve/before/
-
+ADD sievec /start.d/
-RUN sievec /etc/dovecot/sieve/before
 
 VOLUME ["/ssl","/vmail"]
-
+EXPOSE 110/tcp 143/tcp 587/tcp 993/tcp 995/tcp 4190/tcp
-EXPOSE 110/tcp 143/tcp 587/tcp 993/tcp 995/tcp 2000/tcp
-
 CMD ["dovecot","-F"]

confd/conf.d/auth.toml

@@ -6,5 +6,7 @@ keys = [
     "/auth/username/format",
     "/auth/mechanisms",
     "/auth/master/enable",
-    "/ldap/enable"
+    "/ldap/enable",
+    "/single/user",
+    "/single/user/auth",
 ]

confd/conf.d/imap.toml

@@ -3,5 +3,6 @@ src = "20-imap.conf.tmpl"
 dest = "/etc/dovecot/local.d/20-imap.conf"
 keys = [
     "/antispam/enable",
+    "/sieve/enable",
     "/imap/urlauth/host"
 ]

confd/conf.d/ldap.toml

@@ -15,4 +15,5 @@ keys = [
     "/ldap/iterate/attrs",
     "/ldap/iterate/filter",
     "/ldap/default/pass/scheme",
+    "/single/user",
 ]

confd/conf.d/ldap2.toml

@@ -15,4 +15,5 @@ keys = [
     "/ldap/iterate/attrs",
     "/ldap/iterate/filter",
     "/ldap/default/pass/scheme",
+    "/single/user",
 ]

confd/conf.d/lmtp.toml

@@ -2,5 +2,7 @@
 src = "20-lmtp.conf.tmpl"
 dest = "/etc/dovecot/local.d/20-lmtp.conf"
 keys = [
-    "/mail/domains"
+    "/mail/domains",
+    "/postmaster/address",
+    "/sieve/enable",
 ]

confd/conf.d/managesieve.toml

@@ -0,0 +1,6 @@
+[template]
+src = "20-managesieve.conf.tmpl"
+dest = "/etc/dovecot/local.d/20-managesieve.conf"
+keys = [
+    "/managesieve/enable",
+]

confd/conf.d/sieve.toml

@@ -0,0 +1,7 @@
+[template]
+src = "90-sieve.conf.tmpl"
+dest = "/etc/dovecot/local.d/90-sieve.conf"
+keys = [
+    "/sieve/enable",
+    "/antispam/enable",
+]

confd/conf.d/ssl.toml

@@ -5,4 +5,5 @@ keys = [
     "/ssl/cert",
     "/ssl/key",
     "/ssl/client/ca/dir",
+    "/ssl/client/ca/file",
 ]

confd/templates/10-auth.conf.tmpl

@@ -17,7 +17,7 @@ passdb {
 {{ end }}
 
 
-{{ if eq (getv "/ldap/enable") "yes"}}
+{{ if eq (getv "/ldap/enable" "") "yes"}}
 passdb {
   driver = ldap
   args = /etc/dovecot/local.d/ldap.conf.ext
@@ -30,3 +30,18 @@ userdb {
   args = /etc/dovecot/local.d/ldap2.conf.ext
 }
 {{ end }}
+{{ if eq (getv "/single/user" "") "yes" }}
+userdb {
+ driver = static
+ args = uid=5000 gid=5000 home=/vmail/mail/single
+}
+passdb {
+  driver = static
+{{ if eq (getv "/single/user/auth" "") "any" }}
+  args = nopassword=y
+{{ else }}
+  args = password=
+{{ end }}
+  default_fields = userdb_home=/vmail/mail/single userdb_uid=5000 userdb_gid=5000
+}
+{{ end }}

confd/templates/10-ssl.conf.tmpl

@@ -1,7 +1,3 @@
-##
-## SSL settings
-##
-
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
 ssl = yes
 
@@ -12,51 +8,9 @@ ssl = yes
 {{ with getv "/ssl/cert" }}ssl_cert = <{{.}}{{ end }}
 {{ with getv "/ssl/key" }}ssl_key = <{{.}}{{ end }}
 
-# If key file is password protected, give the password here. Alternatively
-# give it when starting dovecot with -p parameter. Since this file is often
-# world-readable, you may want to place this setting instead to a different
-# root owned 0600 file by using ssl_key_password = <path.
-#ssl_key_password =
-
-# PEM encoded trusted certificate authority. Set this only if you intend to use
-# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
-# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
-#ssl_ca =
-
-# Require that CRL check succeeds for client certificates.
-#ssl_require_crl = yes
-
 # Directory and/or file for trusted SSL CA certificates. These are used only
 # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
 # directory is usually /etc/ssl/certs in Debian-based systems and the file is
 # /etc/pki/tls/cert.pem in RedHat-based systems.
 {{ with getv "/ssl/client/ca/dir" }}ssl_client_ca_dir = {{.}}{{ end }}
-#ssl_client_ca_file =
+{{ with getv "/ssl/client/ca/file" }}ssl_client_ca_file = {{.}}{{ end }}
-
-# Request client to send a certificate. If you also want to require it, set
-# auth_ssl_require_client_cert=yes in auth section.
-#ssl_verify_client_cert = no
-
-# Which field from certificate to use for username. commonName and
-# x500UniqueIdentifier are the usual choices. You'll also need to set
-# auth_ssl_username_from_cert=yes.
-#ssl_cert_username_field = commonName
-
-# DH parameters length to use.
-#ssl_dh_parameters_length = 1024
-
-# SSL protocols to use
-#ssl_protocols = !SSLv3
-
-# SSL ciphers to use
-#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
-
-# Prefer the server's order of ciphers over client's.
-#ssl_prefer_server_ciphers = no
-
-# SSL crypto device to use, for valid values run "openssl engine"
-#ssl_crypto_device =
-
-# SSL extra options. Currently supported options are:
-#   no_compression - Disable compression.
-#ssl_options =

confd/templates/20-imap.conf.tmpl

@@ -1,6 +1,6 @@
 imap_capability = +SPECIAL_USE
 imap_urlauth_host = {{ getv "/imap/urlauth/host" }}
 protocol imap {
-  mail_plugins = $mail_plugins {{ if eq (getv "/antispam/enable") "yes" }}antispam{{ end }}
+  mail_plugins = $mail_plugins {{ if eq (getv "/sieve/enable") "yes" }}imap_sieve{{ end }}
   imap_metadata = yes
 }

confd/templates/20-lmtp.conf.tmpl

@@ -1,5 +1,5 @@
 protocol lmtp {
   # postmaster_address aparentemente es obligatorio
-  postmaster_address = postmaster@{{ index (split (index (split (getv "/mail/domains") " ") 0) ",") 0 }}
+  postmaster_address = {{ with getv "/postmaster/address" }}{{.}}{{ else }}postmaster@{{ index (split (index (split (getv "/mail/domains") " ") 0) ",") 0 }}{{ end }}
-  mail_plugins = $mail_plugins sieve
+  mail_plugins = $mail_plugins {{ if eq (getv "/sieve/enable") "yes" }}sieve{{end}}
 }

confd/templates/20-managesieve.conf.tmpl

@@ -0,0 +1,14 @@
+# enable managesieve protocol
+protocols = $protocols {{ if eq (getv "/managesieve/enable") "yes" }}sieve{{ end }}
+
+service managesieve-login {
+  inet_listener sieve {
+    port = 4190
+  }
+}
+
+service managesieve {
+}
+
+protocol sieve {
+}

confd/templates/90-sieve.conf.tmpl

@@ -0,0 +1,24 @@
+plugin {
+  sieve = file:~/sieve;active=~/.dovecot.sieve
+
+  sieve_before = /etc/dovecot/sieve/before
+  sieve_after = /etc/dovecot/sieve/after
+
+  {{ if eq (getv "/antispam/enable") "yes" }}
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+
+  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
+  sieve_pipe_bin_dir = /etc/dovecot/sieve
+
+  # From elsewhere to Spam folder
+  imapsieve_mailbox1_name = Junk
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
+
+  # From Spam folder to elsewhere
+  imapsieve_mailbox2_name = *
+  imapsieve_mailbox2_from = Junk
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
+  {{ end }}
+}

confd/templates/ldap.conf.ext.tmpl

@@ -1,5 +1,5 @@
-{{ if (getv "/ldap/hosts") }}
+{{ with getv "/ldap/hosts" }}
-hosts = {{ getv "/ldap/hosts" }}
+hosts = {{.}}
 {{ else }}
 uris = {{ getv "/ldap/uris" }}
 {{ end }}
@@ -7,9 +7,9 @@ auth_bind = {{ getv "/ldap/bind" }}
 ldap_version = {{ getv "/ldap/version" }}
 base = {{ getv "/ldap/base" }}
 scope = {{ getv "/ldap/scope" }}
-user_attrs = {{ getv "/ldap/user/attrs" }}
+user_attrs = {{ getv "/ldap/user/attrs" }}{{ if eq (getv "/single/user") "yes" }}, =home=/vmail/mail/single{{ end }}
 user_filter = {{ getv "/ldap/user/filter" }}
-pass_attrs = {{ getv "/ldap/pass/attrs" }}
+pass_attrs = {{ getv "/ldap/pass/attrs" }}{{ if eq (getv "/single/user") "yes" }}, =userdb_home=/vmail/mail/single{{ end }}
 pass_filter = {{ getv "/ldap/pass/filter" }}
 iterate_attrs = {{ getv "/ldap/iterate/attrs" }}
 iterate_filter = {{ getv "/ldap/iterate/filter" }}

report-ham.sieve

@@ -0,0 +1,15 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+
+if environment :matches "imap.mailbox" "*" {
+  set "mailbox" "${1}";
+}
+
+if string "${mailbox}" "Trash" {
+  stop;
+}
+
+if environment :matches "imap.user" "*" {
+  set "username" "${1}";
+}
+
+pipe :copy "spamtrain.sh" [ "ham" ];

report-spam.sieve

@@ -0,0 +1,7 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+
+if environment :matches "imap.user" "*" {
+  set "username" "${1}";
+}
+
+pipe :copy "spamtrain.sh" [ "spam" ];

sievec

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+echo -n "Compiling sieve scripts... "
+sievec /etc/dovecot/sieve/before
+sievec /etc/dovecot/sieve
+echo done.

spamtrain

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-# train the spam filter.
-# arg 1 - spam or ham
-
-if [ "$1" == "ham" ]; then
-  /usr/bin/bogofilter -d /vmail/bogofilter -e -p -Sn
-  exit 0
-fi
-
-if [ "$2" == "spam" ]; then
-  /usr/bin/bogofilter -d /vmail/bogofilter -e -p -Ns
-  exit 0
-fi

spamtrain.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+# train the spam filter
+# arg 1 - spam or ham
+
+if [ "$1" == "ham" ]; then
+  /usr/bin/bogofilter -d /vmail/bogofilter -p -Sn
+  exit 0
+fi
+
+if [ "$1" == "spam" ]; then
+  /usr/bin/bogofilter -d /vmail/bogofilter -p -Ns
+  exit 0
+fi
+
+exit 1