Install dovecot from backports (for imapc).

Interesting features include caching of mail headers (v2.2.8+) as well
as new IMAP capabilities.

3 files changed, 19 insertions, 7 deletions

diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-auth.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-auth.conf
index 229ac94..1abea0c 100644
--- a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-auth.conf
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-auth.conf
@@ -1,28 +1,29 @@
 ##
 ## Authentication processes
 ##
 
 # Disable LOGIN command and all other plaintext authentications unless
 # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
+# See also ssl=required setting.
 disable_plaintext_auth = yes
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
 #auth_cache_size = 0
 # Time to live for cached data. After TTL expires the cached record is no
 # longer used, *except* if the main database lookup returns internal failure.
 # We also try to handle password changes automatically: If user's previous
 # authentication was successful, but this one wasn't, the cache isn't used.
 # For now this works only with plaintext authentication.
 #auth_cache_ttl = 1 hour
 # TTL for negative hits (user not found, password mismatch).
 # 0 disables caching them completely.
 #auth_cache_negative_ttl = 1 hour
 
 # Space separated list of realms for SASL authentication mechanisms that need
 # them. You can leave it empty if you don't want to support multiple realms.
 # Many clients simply use the first one listed here, so keep the default realm
 # first.
 #auth_realms =
diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-mail.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-mail.conf
index f106af5..e19b507 100644
--- a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-mail.conf
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-mail.conf
@@ -81,66 +81,70 @@ namespace inbox {
 #namespace {
   #type = shared
   #separator = /
 
   # Mailboxes are visible under "shared/user@domain/"
   # %%n, %%d and %%u are expanded to the destination user.
   #prefix = shared/%%u/
 
   # Mail location for other users' mailboxes. Note that %variables and ~/
   # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
   # destination user's data.
   #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
 
   # Use the default namespace for saving subscriptions.
   #subscriptions = no
 
   # List the shared/ namespace only if there are visible shared mailboxes.
   #list = children
 #}
 # Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
-#mail_shared_explicit_inbox = yes
+#mail_shared_explicit_inbox = no
 
 # System user and group used to access mails. If you use multiple, userdb
 # can override these by returning uid or gid fields. You can use either numbers
 # or names. <doc/wiki/UserIds.txt>
 mail_uid = imapproxy
 mail_gid = imapproxy
 
 # Group to enable temporarily for privileged operations. Currently this is
 # used only with INBOX when either its initial creation or dotlocking fails.
 # Typically this is set to "mail" to give access to /var/mail.
 #mail_privileged_group =
 
 # Grant access to these supplementary groups for mail processes. Typically
 # these are used to set up access to shared mailboxes. Note that it may be
 # dangerous to set these if users can create symlinks (e.g. if "mail" group is
 # set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
 # mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
 #mail_access_groups =
 
 # Allow full filesystem access to clients. There's no access checks other than
 # what the operating system does for the active UID/GID. It works with both
 # maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
 # or ~user/.
 #mail_full_filesystem_access = no
 
+# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but
+# soon intended to be used by METADATA as well.
+#mail_attribute_dict =
+
 ##
 ## Mail processes
 ##
 
 # Don't use mmap() at all. This is required if you store indexes to shared
 # filesystems (NFS or clustered filesystem).
 #mmap_disable = no
 
 # Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
 # since version 3, so this should be safe to use nowadays by default.
 #dotlock_use_excl = yes
 
 # When to use fsync() or fdatasync() calls:
 #   optimized (default): Whenever necessary to avoid losing important data
 #   always: Useful with e.g. NFS when write()s are delayed
 #   never: Never use it (best performance, but crashes can lose data)
 #mail_fsync = optimized
 
 # Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches
 # whenever needed. If you're using only a single mail server this isn't needed.
@@ -190,40 +194,44 @@ mail_gid = imapproxy
 # need to do chrooting, Dovecot doesn't allow users to access files outside
 # their mail directory anyway. If your home directories are prefixed with
 # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
 #mail_chroot = 
 
 # UNIX socket path to master authentication server to find users.
 # This is used by imap (for shared users) and lda.
 #auth_socket_path = /var/run/dovecot/auth-userdb
 
 # Directory where to look up mail plugins.
 #mail_plugin_dir = /usr/lib/dovecot/modules
 
 # Space separated list of plugins to load for all services. Plugins specific to
 # IMAP, LDA, etc. are added to this list in their own .conf files.
 mail_plugins = virtual
 
 ##
 ## Mailbox handling optimizations
 ##
 
+# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
+# also required for IMAP NOTIFY extension to be enabled.
+mailbox_list_index = yes
+
 # The minimum number of mails in a mailbox before updates are done to cache
 # file. This allows optimizing Dovecot's behavior to do less disk writes at
 # the cost of more disk reads.
 #mail_cache_min_mail_count = 0
 
 # When IDLE command is running, mailbox is checked once in a while to see if
 # there are any new mails or other changes. This setting defines the minimum
 # time to wait between those checks. Dovecot can also use dnotify, inotify and
 # kqueue to find out immediately when changes occur.
 #mailbox_idle_check_interval = 30 secs
 
 # Save mails with CR+LF instead of plain LF. This makes sending those mails
 # take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
 # But it also creates a bit more disk I/O which may just make it slower.
 # Also note that if other software reads the mboxes/maildirs, they may handle
 # the extra CRs wrong and cause problems.
 #mail_save_crlf = no
 
 # Max number of mails to keep open and prefetch to memory. This only works with
 # some mailbox formats and/or operating systems.
@@ -259,42 +267,48 @@ mail_plugins = virtual
 #maildir_broken_filename_sizes = no
 
 ##
 ## mbox-specific settings
 ##
 
 # Which locking methods to use for locking mbox. There are four available:
 #  dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
 #           solution. If you want to use /var/mail/ like directory, the users
 #           will need write access to that directory.
 #  dotlock_try: Same as dotlock, but if it fails because of permissions or
 #               because there isn't enough disk space, just skip it.
 #  fcntl  : Use this if possible. Works with NFS too if lockd is used.
 #  flock  : May not exist in all systems. Doesn't work with NFS.
 #  lockf  : May not exist in all systems. Doesn't work with NFS.
 #
 # You can use multiple locking methods; if you do the order they're declared
 # in is important to avoid deadlocks if other MTAs/MUAs are using multiple
 # locking methods as well. Some operating systems don't allow using some of
 # them simultaneously.
+#
+# The Debian value for mbox_write_locks differs from upstream Dovecot. It is
+# changed to be compliant with Debian Policy (section 11.6) for NFS safety.
+# Dovecot: mbox_write_locks = dotlock fcntl
+# Debian: mbox_write_locks = fcntl dotlock
+#
 #mbox_read_locks = fcntl
-#mbox_write_locks = dotlock fcntl
+#mbox_write_locks = fcntl dotlock
 
 # Maximum time to wait for lock (all of them) before aborting.
 #mbox_lock_timeout = 5 mins
 
 # If dotlock exists but the mailbox isn't modified in any way, override the
 # lock file after this much time.
 #mbox_dotlock_change_timeout = 2 mins
 
 # When mbox changes unexpectedly we have to fully read it to find out what
 # changed. If the mbox is large this can take a long time. Since the change
 # is usually just a newly appended mail, it'd be faster to simply read the
 # new mails. If this setting is enabled, Dovecot does this but still safely
 # fallbacks to re-reading the whole mbox file whenever something in mbox isn't
 # how it's expected to be. The only real downside to this setting is that if
 # some other MUA changes message flags, Dovecot doesn't notice it immediately.
 # Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK 
 # commands.
 #mbox_dirty_syncs = yes
 
 # Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
@@ -324,39 +338,37 @@ mail_plugins = virtual
 # Maximum dbox file size until it's rotated.
 #mdbox_rotate_size = 2M
 
 # Maximum dbox file age until it's rotated. Typically in days. Day begins
 # from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
 #mdbox_rotate_interval = 0
 
 # When creating new mdbox files, immediately preallocate their size to
 # mdbox_rotate_size. This setting currently works only in Linux with some
 # filesystems (ext4, xfs).
 #mdbox_preallocate_space = no
 
 ##
 ## Mail attachments
 ##
 
 # sdbox and mdbox support saving mail attachments to external files, which
 # also allows single instance storage for them. Other backends don't support
 # this for now.
 
-# WARNING: This feature hasn't been tested much yet. Use at your own risk.
-
 # Directory root where to store mail attachments. Disabled, if empty.
 #mail_attachment_dir =
 
 # Attachments smaller than this aren't saved externally. It's also possible to
 # write a plugin to disable saving specific attachments externally.
 #mail_attachment_min_size = 128k
 
 # Filesystem backend to use for saving attachments:
 #  posix : No SiS done by Dovecot (but this might help FS's own deduplication)
 #  sis posix : SiS with immediate byte-by-byte comparison during saving
 #  sis-queue posix : SiS with delayed comparison and deduplication
 #mail_attachment_fs = sis posix
 
 # Hash format to use in attachment filenames. You can add any text and
 # variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
 # Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
 #mail_attachment_hash = %{sha1}
diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf
index 47785a4..32cc391 100644
--- a/roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf
@@ -1,18 +1,17 @@
 # Smart IMAP proxying with imapc storage
 # 
 # http://dovecot.org/pipermail/dovecot/2011-January/056975.html
 # http://wiki2.dovecot.org/HowTo/ImapcProxy
 # http://wiki2.dovecot.org/Migration/Dsync
 
 imapc_host = imap.fripost.org
 imapc_port = 143
 imapc_user = %u
 
 # Read multiple mails in parallel, improves performance
 mail_prefetch_count = 20
 
 # The list of valid features can be found there
-# http://hg.dovecot.org/dovecot-2.1/file/f572fbafb445/src/lib-storage/index/imapc/imapc-settings.c
+# http://hg.dovecot.org/dovecot-2.2/file/tip/src/lib-storage/index/imapc/imapc-settings.c
 # (in the struct 'imapc_feature_list imapc_feature_list')
-imapc_features = rfc822.size
-
+imapc_features = rfc822.size fetch-headers