auth_default_realm = fripost.org
auth_username_format = %Lu
auth_mechanisms = plain login

mail_uid = vmail
mail_gid = vmail
mail_privileged_group =

first_valid_uid = 1
last_valid_uid = 0

default_vsz_limit = 1024M

service imap-login {
  inet_listener imap {
{% if groups.all | length > 1 %}
    address = {{ ipsec[inventory_hostname_short] }}
    port = 143
{% else %}
    port = 0
{% endif %}
  }
  process_limit = 256
  process_min_avail = 4
}

service stats {
  unix_listener stats-writer {
    user = vmail
    mode = 0600
  }
}

service submission-login {
  inet_listener submission {
    port = 0
  }
}

service lmtp {
  user = vmail
  unix_listener lmtp {
    mode = 0
  }
  unix_listener /var/spool/postfix-mda/private/dovecot-lmtpd {
    user = postfix
    mode = 0600
  }
  process_min_avail = 4
}

service imap {
  unix_listener imap-master {
    user = $default_internal_user
    mode = 0600
  }
}
service imap-hibernate {
  unix_listener imap-hibernate {
    # Match user running imap processes, cf.
    # https://dovecot.org/pipermail/dovecot/2015-August/101783.html
    user = vmail
    mode = 0600
  }
}

service auth {
  unix_listener auth-userdb {
    user = vmail
    mode = 0600
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix-msa/private/dovecot-auth {
    user = postfix
    group = postfix
    mode = 0600
  }
}

service auth-worker {
  user = $default_internal_user
}


mail_server_comment = "fripost - demokratisk e-post"
mail_server_admin = mailto:postmaster@fripost.org

mail_plugins = quota virtual zlib

mail_location = mdbox:~/mail
mdbox_preallocate_space = yes

mail_attachment_dir = /home/mail/attachments
mail_attachment_fs = sis-queue /home/mail/attachments/queue:posix
mail_attachment_hash = %{sha256}

sendmail_path = /usr/sbin/postmulti -i msa -x /usr/sbin/sendmail

ssl = required
# XXX `doveadm exec imap` fails with "ssl_key: Can't open file
# /etc/dovecot/ssl/imap.fripost.org.key"
# https://dovecot.org/pipermail/dovecot/2020-August/119642.html
# TODO bookworm inline the include_try
!include_try ../ssl/config
ssl_dh = </etc/ssl/dhparams.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

namespace inbox {
  inbox = yes
  separator = /

  mailbox Drafts {
    auto = create
    special_use = \Drafts
  }
  mailbox Junk {
    auto = create
    special_use = \Junk
  }
  mailbox "Sent Messages" {
    auto = no
    special_use = \Sent
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Trash {
    auto = create
    special_use = \Trash
  }
  mailbox virtual/All {
    comment = All messages
    special_use = \All
  }
  mailbox virtual/Flagged {
    comment = All flagged messages
    special_use = \Flagged
  }
}

namespace virtual {
  prefix = virtual/
  separator = /
  location = virtual:/etc/dovecot/virtual:INDEX=MEMORY
  list = no
  hidden = no
  subscriptions = no
}

imap_hibernate_timeout = 15s
protocol imap {
  mail_plugins = $mail_plugins imap_zlib
  mail_max_userip_connections = 16

  ## TODO Load the 'antispam' plugin for people using the content filter.
  ## (Otherwise fallback to the static userdb.)
  #userdb {
  #  driver = ldap
  #  args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
  #
  #  # Default fields can be used to specify defaults that LDAP may override
  #  default_fields = home=/home/mail/virtual/%d/%n
  #}
}

protocol lmtp {
  postmaster_address = postmaster@fripost.org
  # Space separated list of plugins to load (default is global mail_plugins).
  mail_plugins = $mail_plugins sieve
}

plugin {
  antispam_backend = spool2dir

  antispam_trash = Trash
  antispam_unsure_pattern_ignorecase = MailTrain;MailTrain/*
  antispam_spam = Junk

  # The first %%lu is replaced by the current time.
  # The second %%lu is replaced by a counter to generate unique names.
  # These two tokens MUST be present in the template!
  antispam_spool2dir_spam    = /home/mail/spamspool/%u-%%10lu-%%06lu.spam
  antispam_spool2dir_notspam = /home/mail/spamspool/%u-%%10lu-%%06lu.ham
}

plugin {
  quota_rule = *:storage=0
  quota = count:User quota
  quota_vsizes = yes
}

plugin {
  sieve = file:~/sieve;active=~/dovecot.sieve
  sieve_extensions = +editheader
  recipient_delimiter = +
}

plugin {
  zlib_save = gz
  zlib_save_level = 6
}