Mailu/core/dovecot/conf/dovecot.conf

###############
# General
###############
log_path = /dev/stderr
protocols = imap pop3 lmtp sieve
postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
hostname = {{ HOSTNAMES.split(",")[0] }}
{%- if PROXY_PROTOCOL_25 %}
submission_host = {{ HOSTNAMES.split(",")[0] }}
{% else %}
submission_host = {{ FRONT_ADDRESS }}
{% endif %}
{%- if SUBNET6 %}
listen = *,::
{% else %}
listen = *
{% endif %}

default_internal_user = dovecot
default_login_user = mail
default_internal_group = dovecot

login_trusted_networks = {{ SUBNET }} {{ SUBNET6 }}

###############
# Mailboxes
###############
first_valid_gid = 8
first_valid_uid = 8
mail_location = maildir:/mail/%u
mail_home = /mail/%u
mail_uid = mail
mail_gid = mail
mail_privileged_group = mail
mail_access_groups = mail
maildir_stat_dirs = yes
mailbox_list_index = yes
mail_vsize_bg_after_count = 100
mail_plugins = $mail_plugins quota quota_clone{{ ' ' }}
  {%- if COMPRESSION -%}
  zlib{{ ' ' }}
  {%- endif %}
  {%- if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] -%}
  fts fts_flatcurve
  {%- endif %}
default_vsz_limit = 2GB

namespace inbox {
  inbox = yes
  {% for mailbox in ("Trash", "Drafts", "Sent", "Junk") %}
  mailbox {{ mailbox }} {
    auto = subscribe
    special_use = \{{ mailbox }}
  }
  {% endfor %}
}

plugin {
  quota = count:User quota
  quota_vsizes = yes
  quota_clone_dict = proxy:/tmp/podop.socket:quota

  {% if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] %}
  fts = flatcurve
  fts_index_timeout = 50s
  fts_languages = {% if FULL_TEXT_SEARCH %}{{ FULL_TEXT_SEARCH.split(",") | join(" ") }}{% else %}en{% endif %}
  fts_tokenizers = generic email-address
  fts_autoindex = yes
  fts_enforced = yes
  fts_autoindex_exclude = \Trash
  fts_autoindex_exclude1 = \Junk
  fts_filters = normalizer-icu lowercase snowball stopwords
  fts_filters_en = normalizer-icu lowercase snowball english-possessive stopwords
  fts_filters_fr = normalizer-icu lowercase snowball contractions stopwords
  fts_header_excludes = Received DKIM-* ARC-* X-* x-* Comments Delivered-To Return-Path Authentication-Results Message-ID References In-Reply-To Thread-* Accept-Language Content-* MIME-Version
  {% if FULL_TEXT_SEARCH_ATTACHMENTS %}
  fts_tika = http://{{ FTS_ATTACHMENTS_ADDRESS }}:9998/tika/
  {% endif %}
  {% endif %}

  {% if COMPRESSION in [ 'gz', 'bz2', 'lz4', 'zstd' ] %}
  zlib_save = {{ COMPRESSION }}
  {% endif %}

  {% if COMPRESSION_LEVEL %}
  zlib_save_level = {{ COMPRESSION_LEVEL }}
  {% endif %}
}

service indexer-worker {
  executable = /bin/nice -n 10 /usr/libexec/dovecot/indexer-worker
  # TODO: maybe MAXPROC? I guess it depends on how much RAM is available
  process_limit = 1
}

###############
# Authentication
###############
auth_username_chars =
auth_mechanisms = plain login
disable_plaintext_auth = no

passdb {
  driver = dict
  args = /etc/dovecot/auth.conf
}

userdb {
  driver = dict
  args = /etc/dovecot/auth.conf
}

service auth {
  unix_listener auth-userdb {
  }
}

service auth-worker {
  unix_listener auth-worker {
  }
}

###############
# IMAP & POP
###############
protocol imap {
  mail_plugins = $mail_plugins imap_quota imap_sieve
  mail_max_userip_connections = 20
  imap_idle_notify_interval = 29mins
}

protocol pop3 {

}

service imap-login {
  inet_listener imap {
    port = 143
  }
}

service pop3-login {
  inet_listener pop3 {
    port = 110
  }
}

###############
# Delivery
###############
recipient_delimiter = {{ RECIPIENT_DELIMITER }}
protocol lmtp {
  mail_plugins = $mail_plugins sieve
}

service lmtp {
  inet_listener lmtp {
    port = 2525
  }
}

###############
# Filtering
###############
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}

protocol sieve {
  ssl = no
}

service managesieve {
  process_limit = 1024
}

plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_before = dict:proxy:/tmp/podop.socket:sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_extensions = +spamtest +spamtestplus +editheader
  sieve_global_extensions = +vnd.dovecot.execute

  # Sieve execute
  sieve_execute_bin_dir = /conf/bin

  # Send vacation replies even for aliases
  # See the Pigeonhole documentation about warnings: http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation
  # It appears that our implementation of mail delivery meets criteria of section 4.5
  # from RFC 5230 and that disabling the recipient checks is not an issue here.
  sieve_vacation_dont_check_recipient = yes

  # Include the recipient in vacation replies so that DKIM applies
  sieve_vacation_send_from_recipient = yes

  # Use To: header from original message becaus envelope has a SRS address
  sieve_vacation_to_header_ignore_envelope = yes

  # extract spam score from headers
  sieve_spamtest_status_type = strlen
  sieve_spamtest_status_header = X-Spam-Level
  sieve_spamtest_max_value = 15

  # Learn from spam
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox1_causes = COPY APPEND
  imapsieve_mailbox1_before = file:/conf/report-spam.sieve
  imapsieve_mailbox2_name = *
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_before = file:/conf/report-ham.sieve
}

service anvil {
  unix_listener anvil-auth-penalty {
    mode = 0
  }
}

###############
# Extensions
###############

!include_try /overrides/dovecot.conf