5 files changed, 182 insertions, 9 deletions
diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-auth.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-auth.conf
index 1abea0c..ec8704f 100644
--- a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-auth.conf
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-auth.conf
@@ -1,30 +1,30 @@
 ##
 ## Authentication processes
 ##
 
 # Disable LOGIN command and all other plaintext authentications unless
 # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
 # See also ssl=required setting.
-disable_plaintext_auth = yes
+#disable_plaintext_auth = yes
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
 #auth_cache_size = 0
 # Time to live for cached data. After TTL expires the cached record is no
 # longer used, *except* if the main database lookup returns internal failure.
 # We also try to handle password changes automatically: If user's previous
 # authentication was successful, but this one wasn't, the cache isn't used.
 # For now this works only with plaintext authentication.
 #auth_cache_ttl = 1 hour
 # TTL for negative hits (user not found, password mismatch).
 # 0 disables caching them completely.
 #auth_cache_negative_ttl = 1 hour
 
 # Space separated list of realms for SASL authentication mechanisms that need
 # them. You can leave it empty if you don't want to support multiple realms.
 # Many clients simply use the first one listed here, so keep the default realm
 # first.
 #auth_realms =
 
diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-logging.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-logging.conf
index fc1f820..848fe69 120000..100644
--- a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-logging.conf
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-logging.conf
@@ -1 +1,85 @@
-../../../../../IMAP/files/etc/dovecot/conf.d/10-logging.conf
-\ No newline at end of file
+##
+## Log destination.
+##
+
+# Log file to use for error messages. "syslog" logs to syslog,
+# /dev/stderr logs to stderr.
+#log_path = syslog
+
+# Log file to use for informational messages. Defaults to log_path.
+#info_log_path =
+# Log file to use for debug messages. Defaults to info_log_path.
+#debug_log_path =
+
+# Syslog facility to use if you're logging to syslog. Usually if you don't
+# want to use "mail", you'll use local0..local7. Also other standard
+# facilities are supported.
+#syslog_facility = mail
+
+##
+## Logging verbosity and debugging.
+##
+
+# Log unsuccessful authentication attempts and the reasons why they failed.
+#auth_verbose = no
+
+# In case of password mismatches, log the attempted password. Valid values are
+# no, plain and sha1. sha1 can be useful for detecting brute force password
+# attempts vs. user simply trying the same password over and over again.
+# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
+#auth_verbose_passwords = no
+
+# Even more verbose logging for debugging purposes. Shows for example SQL
+# queries.
+#auth_debug = no
+
+# In case of password mismatches, log the passwords and used scheme so the
+# problem can be debugged. Enabling this also enables auth_debug.
+#auth_debug_passwords = no
+
+# Enable mail process debugging. This can help you figure out why Dovecot
+# isn't finding your mails.
+#mail_debug = no
+
+# Show protocol level SSL errors.
+#verbose_ssl = no
+
+# mail_log plugin provides more event logging for mail processes.
+plugin {
+  # Events to log. Also available: flag_change append
+  #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
+  # Available fields: uid, box, msgid, from, subject, size, vsize, flags
+  # size and vsize are available only for expunge and copy events.
+  #mail_log_fields = uid box msgid size
+}
+
+##
+## Log formatting.
+##
+
+# Prefix for each line written to log file. % codes are in strftime(3)
+# format.
+log_timestamp = "%Y-%m-%d %H:%M:%S "
+
+# Space-separated list of elements we want to log. The elements which have
+# a non-empty variable value are joined together to form a comma-separated
+# string.
+#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
+
+# Login log format. %s contains login_log_format_elements string, %$ contains
+# the data we want to log.
+#login_log_format = %$: %s
+
+# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
+# possible variables you can use.
+#mail_log_prefix = "%s(%u): "
+
+# Format to use for logging mail deliveries. See doc/wiki/Variables.txt for
+# list of all variables you can use. Some of the common ones include:
+#  %$ - Delivery status message (e.g. "saved to INBOX")
+#  %m - Message-ID
+#  %s - Subject
+#  %f - From address
+#  %p - Physical size
+#  %w - Virtual size
+#deliver_log_format = msgid=%m: %$
diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-mail.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-mail.conf
index 53e45b5..2264719 100644
--- a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-mail.conf
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-mail.conf
@@ -58,40 +58,42 @@ namespace inbox {
 
   # There can be only one INBOX, and this setting defines which namespace
   # has it.
   inbox = yes
 
   # If namespace is hidden, it's not advertised to clients via NAMESPACE
   # extension. You'll most likely also want to set list=no. This is mostly
   # useful when converting from another server with different namespaces which
   # you want to deprecate but still keep working. For example you can create
   # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
   #hidden = no
 
   # Show the mailboxes under this namespace with LIST command. This makes the
   # namespace visible for clients that don't support NAMESPACE extension.
   # "children" value lists child mailboxes, but hides the namespace prefix.
   #list = yes
 
   # Namespace handles its own subscriptions. If set to "no", the parent
   # namespace handles them (empty prefix should always have this as "yes")
   #subscriptions = yes
+
+  # See 15-mailboxes.conf for definitions of special mailboxes.
 }
 
 # Example shared namespace configuration
 #namespace {
   #type = shared
   #separator = /
 
   # Mailboxes are visible under "shared/user@domain/"
   # %%n, %%d and %%u are expanded to the destination user.
   #prefix = shared/%%u/
 
   # Mail location for other users' mailboxes. Note that %variables and ~/
   # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
   # destination user's data.
   #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
 
   # Use the default namespace for saving subscriptions.
   #subscriptions = no
 
   # List the shared/ namespace only if there are visible shared mailboxes.
@@ -107,44 +109,56 @@ mail_uid = imapproxy
 mail_gid = imapproxy
 
 # Group to enable temporarily for privileged operations. Currently this is
 # used only with INBOX when either its initial creation or dotlocking fails.
 # Typically this is set to "mail" to give access to /var/mail.
 #mail_privileged_group =
 
 # Grant access to these supplementary groups for mail processes. Typically
 # these are used to set up access to shared mailboxes. Note that it may be
 # dangerous to set these if users can create symlinks (e.g. if "mail" group is
 # set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
 # mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
 #mail_access_groups =
 
 # Allow full filesystem access to clients. There's no access checks other than
 # what the operating system does for the active UID/GID. It works with both
 # maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
 # or ~user/.
 #mail_full_filesystem_access = no
 
-# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but
-# soon intended to be used by METADATA as well.
+# Dictionary for key=value mailbox attributes. This is used for example by
+# URLAUTH and METADATA extensions.
 #mail_attribute_dict =
 
+# A comment or note that is associated with the server. This value is
+# accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/comment".
+#mail_server_comment = ""
+
+# Indicates a method for contacting the server administrator. According to
+# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
+# is currently not enforced. Use for example mailto:admin@example.com. This
+# value is accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/admin".
+#mail_server_admin =
+
 ##
 ## Mail processes
 ##
 
 # Don't use mmap() at all. This is required if you store indexes to shared
 # filesystems (NFS or clustered filesystem).
 #mmap_disable = no
 
 # Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
 # since version 3, so this should be safe to use nowadays by default.
 #dotlock_use_excl = yes
 
 # When to use fsync() or fdatasync() calls:
 #   optimized (default): Whenever necessary to avoid losing important data
 #   always: Useful with e.g. NFS when write()s are delayed
 #   never: Never use it (best performance, but crashes can lose data)
 #mail_fsync = optimized
 
 # Locking method for index files. Alternatives are fcntl, flock and dotlock.
 # Dotlocking uses some tricks which may create more disk I/O than other locking
@@ -181,58 +195,58 @@ first_valid_uid = 1
 # allow shell access for users. <doc/wiki/Chrooting.txt>
 #valid_chroot_dirs = 
 
 # Default chroot directory for mail processes. This can be overridden for
 # specific users in user database by giving /./ in user's home directory
 # (eg. /home/./user chroots into /home). Note that usually there is no real
 # need to do chrooting, Dovecot doesn't allow users to access files outside
 # their mail directory anyway. If your home directories are prefixed with
 # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
 #mail_chroot = 
 
 # UNIX socket path to master authentication server to find users.
 # This is used by imap (for shared users) and lda.
 #auth_socket_path = /var/run/dovecot/auth-userdb
 
 # Directory where to look up mail plugins.
 #mail_plugin_dir = /usr/lib/dovecot/modules
 
 # Space separated list of plugins to load for all services. Plugins specific to
 # IMAP, LDA, etc. are added to this list in their own .conf files.
-mail_plugins = virtual zlib
+#mail_plugins =
 
 ##
 ## Mailbox handling optimizations
 ##
 
 # Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
 # also required for IMAP NOTIFY extension to be enabled.
 mailbox_list_index = yes
 
 # The minimum number of mails in a mailbox before updates are done to cache
 # file. This allows optimizing Dovecot's behavior to do less disk writes at
 # the cost of more disk reads.
 #mail_cache_min_mail_count = 0
 
 # When IDLE command is running, mailbox is checked once in a while to see if
 # there are any new mails or other changes. This setting defines the minimum
-# time to wait between those checks. Dovecot can also use dnotify, inotify and
+# time to wait between those checks. Dovecot can also use inotify and
 # kqueue to find out immediately when changes occur.
 #mailbox_idle_check_interval = 30 secs
 
 # Save mails with CR+LF instead of plain LF. This makes sending those mails
 # take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
 # But it also creates a bit more disk I/O which may just make it slower.
 # Also note that if other software reads the mboxes/maildirs, they may handle
 # the extra CRs wrong and cause problems.
 #mail_save_crlf = no
 
 # Max number of mails to keep open and prefetch to memory. This only works with
 # some mailbox formats and/or operating systems.
 #mail_prefetch_count = 0
 
 # How often to scan for stale temporary files and delete them (0 = never).
 # These should exist only after Dovecot dies in the middle of saving mails.
 #mail_temp_scan_interval = 1w
 
 ##
 ## Maildir-specific settings
diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf
index 6ac62ec..76c7ed0 100644
--- a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf
@@ -1,39 +1,39 @@
 #default_process_limit = 100
 #default_client_limit = 1000
 
 # Default VSZ (virtual memory size) limit for service processes. This is mainly
 # intended to catch and kill processes that leak memory before they eat up
 # everything.
 #default_vsz_limit = 256M
 
 # Login user is internally used by login processes. This is the most untrusted
 # user in Dovecot system. It shouldn't have access to anything at all.
 default_login_user = dovenull
 
 # Internal user is used by unprivileged processes. It should be separate from
 # login user, so that login processes can't disturb other processes.
 default_internal_user = dovecot
 
 service imap-login {
   inet_listener imap {
-    address = 127.0.0.1 ::1
+    address = 127.0.0.1
     port = 143
     ssl = no
   }
   inet_listener imaps {
     port = 0
   }
 
   # Number of connections to handle before starting a new process. Typically
   # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
   # is faster. <doc/wiki/LoginProcess.txt>
   service_count = 1
 
   # Max. number of IMAP processes (logins)
   process_limit = 256
 
   # Number of processes to always keep waiting for more connections.
   process_min_avail = 4
 
   # If you set service_count=0, you probably need to grow this.
   #vsz_limit = $default_vsz_limit
@@ -47,34 +47,34 @@ service imap {
   # Max. number of IMAP processes (connections)
   #process_limit = 1024
 }
 
 service auth {
   # auth_socket_path points to this userdb socket by default. It's typically
   # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
   # full permissions to this socket are able to get a list of all usernames and
   # get the results of everyone's userdb lookups.
   #
   # The default 0666 mode allows anyone to connect to the socket, but the
   # userdb lookups will succeed only if the userdb returns an "uid" field that
   # matches the caller process's UID. Also if caller's uid or gid matches the
   # socket's uid or gid the lookup succeeds. Anything else causes a failure.
   #
   # To give the caller full permissions to lookup all users, set the mode to
   # something else than 0666 and Dovecot lets the kernel enforce the
   # permissions (e.g. 0777 allows everyone full permissions).
   unix_listener auth-userdb {
     #mode = 0666
-    #user = $default_internal_user
+    #user =
     #group =
   }
 
   # Auth process is run as this user.
   user = $default_internal_user
 }
 
 service auth-worker {
   # Auth worker process is run as root by default, so that it can access
   # /etc/shadow. If this isn't necessary, the user should be changed to
   # $default_internal_user.
   user = $default_internal_user
 }
diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/15-mailboxes.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/15-mailboxes.conf
index 1883eda..8366e95 120000..100644
--- a/roles/IMAP-proxy/files/etc/dovecot/conf.d/15-mailboxes.conf
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/15-mailboxes.conf
@@ -1 +1,76 @@
-../../../../../IMAP/files/etc/dovecot/conf.d/15-mailboxes.conf
-\ No newline at end of file
+##
+## Mailbox definitions
+##
+
+# Each mailbox is specified in a separate mailbox section. The section name
+# specifies the mailbox name. If it has spaces, you can put the name
+# "in quotes". These sections can contain the following mailbox settings:
+#
+# auto:
+#   Indicates whether the mailbox with this name is automatically created
+#   implicitly when it is first accessed. The user can also be automatically
+#   subscribed to the mailbox after creation. The following values are
+#   defined for this setting:
+#
+#     no        - Never created automatically.
+#     create    - Automatically created, but no automatic subscription.
+#     subscribe - Automatically created and subscribed.
+#
+# special_use:
+#   A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
+#   mailbox. There are no validity checks, so you could specify anything
+#   you want in here, but it's not a good idea to use flags other than the
+#   standard ones specified in the RFC:
+#
+#     \All      - This (virtual) mailbox presents all messages in the
+#                 user's message store.
+#     \Archive  - This mailbox is used to archive messages.
+#     \Drafts   - This mailbox is used to hold draft messages.
+#     \Flagged  - This (virtual) mailbox presents all messages in the
+#                 user's message store marked with the IMAP \Flagged flag.
+#     \Junk     - This mailbox is where messages deemed to be junk mail
+#                 are held.
+#     \Sent     - This mailbox is used to hold copies of messages that
+#                 have been sent.
+#     \Trash    - This mailbox is used to hold messages that have been
+#                 deleted.
+#
+# comment:
+#   Defines a default comment or note associated with the mailbox. This
+#   value is accessible through the IMAP METADATA mailbox entries
+#   "/shared/comment" and "/private/comment". Users with sufficient
+#   privileges can override the default value for entries with a custom
+#   value.
+
+# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
+namespace inbox {
+  # These mailboxes are widely used and could perhaps be created automatically:
+  mailbox Drafts {
+    auto = create
+    special_use = \Drafts
+  }
+  mailbox Junk {
+    auto = create
+    special_use = \Junk
+  }
+  mailbox Trash {
+    auto = create
+    special_use = \Trash
+  }
+  mailbox Sent {
+    auto = subscribe
+    special_use = \Sent
+  }
+
+  # If you have a virtual "All messages" mailbox:
+  mailbox virtual/All {
+    special_use = \All
+    comment = All my messages
+  }
+
+  # If you have a virtual "Flagged" mailbox:
+  mailbox virtual/Flagged {
+    special_use = \Flagged
+    comment = All my flagged messages
+  }
+}