listen = *, ::
protocols = imap sieve
mail_plugins = $mail_plugins quota

ssl = required
ssl_cert = <{{ mailserver.tls_cert }}
ssl_key = <{{ mailserver.tls_key }}
ssl_dh = </etc/ssl/dh-4096.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = yes

# Auth
auth_mechanisms = plain login

userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
  # Returns: home=/var/mail/vmail/<maildir-from-postfixadmin>, quota_rule=*:bytes=<quota-from-postfixadmin>

}
passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
  # Returns: user=<username>, password=<password-hash-for-user>
}

# Mailboxes
mail_location = maildir:~/Maildir # Expanded to maildir:/var/mail/vmail/<maildir-from-postfixadmin>/Maildir
mail_uid = 1000
mail_gid = 1000
first_valid_uid = 1000
last_valid_uid = 1000
first_valid_gid = 1000
last_valid_gid = 1000
mailbox_list_index = yes

namespace inbox {
  separator = '/'
  inbox = yes
  mailbox Drafts {
    special_use = \Drafts
    auto = subscribe
  }
  mailbox Junk {
    special_use = \Junk
    auto = subscribe
  }
  mailbox Trash {
    special_use = \Trash
    auto = subscribe
  }
  mailbox Sent {
    special_use = \Sent
    auto = subscribe
  }
}

# IMAP
protocol imap {
  # TODO: imap_quota?
  mail_plugins = $mail_plugins
}

service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

# Sieve
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}

service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}

# Misc
service auth {
  unix_listener auth-userdb {
    mode = 0777
  }

  # Postfix uses this socket for submission auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}

service quota-status {
  executable = quota-status -p postfix
  # Postfix uses this socket to check quotas on delivery (as check_policy_service)
  unix_listener /var/spool/postfix/private/policy-quota {
    mode = 0666
    user = postfix
    group = postfix
  }
  client_limit = 1
}

service stats {
  unix_listener stats-reader {
    user = vmail
    group = vmail
    mode = 0660
  }

  unix_listener stats-writer {
    user = vmail
    group = vmail
    # 0666 instead of 0660, so postfixadmin can call doveadm pw without errors
    mode = 0666
  }
}

# Postfix delivers incoming mails via lda (transport "dovecot")
quota_full_tempfail = yes
lda_mailbox_autocreate = yes
protocol lda {
  mail_plugins = $mail_plugins sieve
}

# Quota
plugin {
  # Use postfixadmins quota2 table, so used_quota works
  quota = dict:User quota::proxy::pgsql
  # Default quota rule, overwritten by userdb
  quota_rule = *:storage=0 # 0=unlimited
  quota_grace = 10%%
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
}

service dict {
  unix_listener dict {
    mode = 0600
    user = vmail
  }
}
dict {
  # proxy::pgsql
  pgsql = pgsql:/etc/dovecot/dovecot-dict-sql.conf
}

{% if mailserver.dovecot.debug %}
# Debugging
auth_verbose = yes
auth_debug = yes
mail_debug = yes
{% endif %}