Initial commit

templates/dovecot.conf.j2

@@ -0,0 +1,38 @@
+{% if dovecot_proxy.debug_log_enabled %}
+auth_verbose = yes
+auth_debug = yes
+auth_debug_passwords = yes
+mail_debug = yes
+debug_log_path = /var/log/dovecot.debug.log
+{% endif %}
+
+auth_mechanisms = {{ dovecot_proxy.auth_mechanisms }}
+
+protocols = {% if dovecot_proxy.imaps_enabled %}imap {% endif %}{% if dovecot_proxy.submission_enabled %}submission{% endif %}
+
+{% if dovecot_proxy.submissions_enabled %}
+service submission-login {
+  inet_listener submissions {
+    port = 465
+    ssl = yes
+  }
+}
+{% endif %}
+
+ssl = required
+ssl_ca = </etc/ssl/certs/ca-certificates.crt
+ssl_require_crl = no
+ssl_cert = <{{ dovecot_proxy.ssl_cert }}
+ssl_key = <{{ dovecot_proxy.ssl_key }}
+ssl_dh = </etc/ssl/dh-4096.pem
+
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ssl_prefer_server_ciphers = yes
+
+{% for domain in dovecot_proxy.domain_proxies %}
+passdb {
+  driver = sql
+  args = /etc/dovecot/proxy-domain-{{ domain }}-sql.conf
+}
+{% endfor%}

templates/proxy-sql.conf.j2

@@ -0,0 +1,4 @@
+# Effectively static passdb but with sql for flexibility
+driver = sqlite
+connect = ::memory::
+password_query = SELECT NULL AS password, 'Y' AS nopassword, 'Y' AS proxy, '{{ item.value.backend_host }}' AS host, CASE WHEN '%s' = 'imap' THEN 993 ELSE 587 END AS port, CASE WHEN '%s' = 'imap' THEN 'Y' ELSE NULL END as ssl, CASE WHEN '%s' = 'imap' THEN NULL ELSE 'Y' END as starttls WHERE '%d' = '{{ item.key }}'