From 2643afa9785f1b255aaafa36dd70440c161fa0be Mon Sep 17 00:00:00 2001
From: Alex Dehnert <alex@dehnerts.com>
Date: Mon, 6 May 2019 01:34:43 -0400
Subject: [PATCH] Dovecot updates for Bionic (18.04)

---
 README                                        |   2 -
 conf.d/10-logging.conf                        |  17 ++-
 conf.d/10-mail.conf                           |  46 ++++++-
 ...0-replication.conf => 10-replication.conf} |   0
 conf.d/10-ssl.conf                            |  20 +--
 conf.d/20-imap.conf                           | 130 +++++++++++-------
 conf.d/90-quota.conf                          |   3 +
 conf.d/90-sieve.conf                          |  76 ++++++++++
 dovecot-sql.conf.ext                          |   3 +
 9 files changed, 228 insertions(+), 69 deletions(-)
 delete mode 100644 README
 rename conf.d/{30-replication.conf => 10-replication.conf} (100%)

diff --git a/README b/README
deleted file mode 100644
index 9dcc22a..0000000
--- a/README
+++ /dev/null
@@ -1,2 +0,0 @@
-Configuration files go to this directory. See example configuration files in
-/usr/share/doc/dovecot-core/example-config/
diff --git a/conf.d/10-logging.conf b/conf.d/10-logging.conf
index cf49e86..b7d7fda 100644
--- a/conf.d/10-logging.conf
+++ b/conf.d/10-logging.conf
@@ -75,11 +75,16 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 # possible variables you can use.
 #mail_log_prefix = "%s(%u): "
 
-# Format to use for logging mail deliveries. You can use variables:
+# Format to use for logging mail deliveries:
 #  %$ - Delivery status message (e.g. "saved to INBOX")
-#  %m - Message-ID
-#  %s - Subject
-#  %f - From address
-#  %p - Physical size
-#  %w - Virtual size
+#  %m / %{msgid} - Message-ID
+#  %s / %{subject} - Subject
+#  %f / %{from} - From address
+#  %p / %{size} - Physical size
+#  %w / %{vsize} - Virtual size
+#  %e / %{from_envelope} - MAIL FROM envelope
+#  %{to_envelope} - RCPT TO envelope
+#  %{delivery_time} - How many milliseconds it took to deliver the mail
+#  %{session_time} - How long LMTP session took, not including delivery_time
+#  %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
 #deliver_log_format = msgid=%m: %$
diff --git a/conf.d/10-mail.conf b/conf.d/10-mail.conf
index 2aaf3df..71cd375 100644
--- a/conf.d/10-mail.conf
+++ b/conf.d/10-mail.conf
@@ -76,6 +76,8 @@ namespace inbox {
   # Namespace handles its own subscriptions. If set to "no", the parent
   # namespace handles them (empty prefix should always have this as "yes")
   #subscriptions = yes
+
+  # See 15-mailboxes.conf for definitions of special mailboxes.
 }
 
 # Example shared namespace configuration
@@ -128,11 +130,23 @@ namespace inbox {
 # or ~user/.
 #mail_full_filesystem_access = no
 
-# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but
-# soon intended to be used by METADATA as well.
+# Dictionary for key=value mailbox attributes. This is used for example by
+# URLAUTH and METADATA extensions.
 #mail_attribute_dict =
 mail_attribute_dict = file:%h/.maildir/dovecot-attributes
 
+# A comment or note that is associated with the server. This value is
+# accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/comment". 
+#mail_server_comment = ""
+
+# Indicates a method for contacting the server administrator. According to
+# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
+# is currently not enforced. Use for example mailto:admin@example.com. This
+# value is accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/admin".
+#mail_server_admin = 
+
 ##
 ## Mail processes
 ##
@@ -220,6 +234,15 @@ mail_attribute_dict = file:%h/.maildir/dovecot-attributes
 # also required for IMAP NOTIFY extension to be enabled.
 #mailbox_list_index = no
 
+# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
+# of potentially returning out-of-date results after e.g. server crashes.
+# The results will be automatically fixed once the folders are opened.
+#mailbox_list_index_very_dirty_syncs = yes
+
+# Should INBOX be kept up-to-date in the mailbox list index? By default it's
+# not, because most of the mailbox accesses will open INBOX anyway.
+#mailbox_list_index_include_inbox = no
+
 # The minimum number of mails in a mailbox before updates are done to cache
 # file. This allows optimizing Dovecot's behavior to do less disk writes at
 # the cost of more disk reads.
@@ -227,7 +250,7 @@ mail_attribute_dict = file:%h/.maildir/dovecot-attributes
 
 # When IDLE command is running, mailbox is checked once in a while to see if
 # there are any new mails or other changes. This setting defines the minimum
-# time to wait between those checks. Dovecot can also use dnotify, inotify and
+# time to wait between those checks. Dovecot can also use inotify and
 # kqueue to find out immediately when changes occur.
 #mailbox_idle_check_interval = 30 secs
 
@@ -246,6 +269,19 @@ mail_attribute_dict = file:%h/.maildir/dovecot-attributes
 # These should exist only after Dovecot dies in the middle of saving mails.
 #mail_temp_scan_interval = 1w
 
+# How many slow mail accesses sorting can perform before it returns failure.
+# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
+# The untagged SORT reply is still returned, but it's likely not correct.
+#mail_sort_max_read_count = 0
+
+protocol !indexer-worker {
+  # If folder vsize calculation requires opening more than this many mails from
+  # disk (i.e. mail sizes aren't in cache already), return failure and finish
+  # the calculation via indexer process. Disabled by default. This setting must
+  # be 0 for indexer-worker processes.
+  #mail_vsize_bg_after_count = 0
+}
+
 ##
 ## Maildir-specific settings
 ##
@@ -271,6 +307,10 @@ mail_attribute_dict = file:%h/.maildir/dovecot-attributes
 # broken size. The performance hit for enabling this is very small.
 #maildir_broken_filename_sizes = no
 
+# Always move mails from new/ directory to cur/, even when the \Recent flags
+# aren't being reset.
+#maildir_empty_new = no
+
 ##
 ## mbox-specific settings
 ##
diff --git a/conf.d/30-replication.conf b/conf.d/10-replication.conf
similarity index 100%
rename from conf.d/30-replication.conf
rename to conf.d/10-replication.conf
diff --git a/conf.d/10-ssl.conf b/conf.d/10-ssl.conf
index ee72242..24d7dea 100644
--- a/conf.d/10-ssl.conf
+++ b/conf.d/10-ssl.conf
@@ -3,14 +3,14 @@
 ##
 
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-#ssl = yes
+ssl = yes
 
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/dovecot/dovecot.pem
-ssl_key = </etc/dovecot/private/dovecot.pem
+ssl_cert = </etc/dovecot/private/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.key
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often
@@ -30,7 +30,7 @@ ssl_key = </etc/dovecot/private/dovecot.pem
 # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
 # directory is usually /etc/ssl/certs in Debian-based systems and the file is
 # /etc/pki/tls/cert.pem in RedHat-based systems.
-#ssl_client_ca_dir =
+ssl_client_ca_dir = /etc/ssl/certs
 #ssl_client_ca_file =
 
 # Request client to send a certificate. If you also want to require it, set
@@ -45,13 +45,8 @@ ssl_key = </etc/dovecot/private/dovecot.pem
 # DH parameters length to use.
 #ssl_dh_parameters_length = 1024
 
-# How often to regenerate the SSL parameters file. Generation is quite CPU
-# intensive operation. The value is in hours, 0 disables regeneration
-# entirely.
-#ssl_parameters_regenerate = 168
-
 # SSL protocols to use
-#ssl_protocols = !SSLv2
+#ssl_protocols = !SSLv3
 
 # SSL ciphers to use
 #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
@@ -61,3 +56,8 @@ ssl_key = </etc/dovecot/private/dovecot.pem
 
 # SSL crypto device to use, for valid values run "openssl engine"
 #ssl_crypto_device =
+
+# SSL extra options. Currently supported options are:
+#   no_compression - Disable compression.
+#   no_ticket - Disable SSL session tickets.
+#ssl_options =
diff --git a/conf.d/20-imap.conf b/conf.d/20-imap.conf
index 60df286..3b9e1ea 100644
--- a/conf.d/20-imap.conf
+++ b/conf.d/20-imap.conf
@@ -2,58 +2,92 @@
 ## IMAP specific settings
 ##
 
+# If nothing happens for this long while client is IDLEing, move the connection
+# to imap-hibernate process and close the old imap process. This saves memory,
+# because connections use very little memory in imap-hibernate process. The
+# downside is that recreating the imap process back uses some resources.
+#imap_hibernate_timeout = 0
+
+# Maximum IMAP command line length. Some clients generate very long command
+# lines with huge mailboxes, so you may need to raise this if you get
+# "Too long argument" or "IMAP command line too large" errors often.
+#imap_max_line_length = 64k
+
+# IMAP logout format string:
+#  %i - total number of bytes read from client
+#  %o - total number of bytes sent to client
+#  %{fetch_hdr_count} - Number of mails with mail header data sent to client
+#  %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
+#  %{fetch_body_count} - Number of mails with mail body data sent to client
+#  %{fetch_body_bytes} - Number of bytes with mail body data sent to client
+#  %{deleted} - Number of mails where client added \Deleted flag
+#  %{expunged} - Number of mails that client expunged, which does not
+#                include automatically expunged mails
+#  %{autoexpunged} - Number of mails that were automatically expunged after
+#                    client disconnected
+#  %{trashed} - Number of mails that client copied/moved to the
+#               special_use=\Trash mailbox.
+#  %{appended} - Number of mails saved during the session
+#imap_logout_format = in=%i out=%o
+
+# Override the IMAP CAPABILITY response. If the value begins with '+',
+# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+#imap_capability = 
+
+# How long to wait between "OK Still here" notifications when client is
+# IDLEing.
+#imap_idle_notify_interval = 2 mins
+
+# ID field names and values to send to clients. Using * as the value makes
+# Dovecot use the default value. The following fields have default values
+# currently: name, version, os, os-version, support-url, support-email.
+#imap_id_send = 
+
+# ID fields sent by client to log. * means everything.
+#imap_id_log =
+
+# Workarounds for various client bugs:
+#   delay-newmail:
+#     Send EXISTS/RECENT new mail notifications only when replying to NOOP
+#     and CHECK commands. Some clients ignore them otherwise, for example OSX
+#     Mail (<v2.1). Outlook Express breaks more badly though, without this it
+#     may show user "Message no longer in server" errors. Note that OE6 still
+#     breaks even with this workaround if synchronization is set to
+#     "Headers Only".
+#   tb-extra-mailbox-sep:
+#     Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+#     adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+#     ignore the extra '/' instead of treating it as invalid mailbox name.
+#   tb-lsub-flags:
+#     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+#     This makes Thunderbird realize they aren't selectable and show them
+#     greyed out, instead of only later giving "not selectable" popup error.
+#
+# The list is space-separated.
+#imap_client_workarounds = 
+
+# Host allowed in URLAUTH URLs sent by client. "*" allows all.
+#imap_urlauth_host =
+
+# What happens when FETCH fails due to some internal error:
+#   disconnect-immediately:
+#     The FETCH is aborted immediately and the IMAP client is disconnected.
+#   disconnect-after:
+#     The FETCH runs for all the requested mails returning as much data as
+#     possible. The client is finally disconnected without a tagged reply.
+#   no-after:
+#     Same as disconnect-after, but tagged NO reply is sent instead of
+#     disconnecting the client. If the client attempts to FETCH the same failed
+#     mail more than once, the client is disconnected. This is to avoid clients
+#     from going into infinite loops trying to FETCH a broken mail.
+#imap_fetch_failure = disconnect-immediately
+
 protocol imap {
-  # Maximum IMAP command line length. Some clients generate very long command
-  # lines with huge mailboxes, so you may need to raise this if you get
-  # "Too long argument" or "IMAP command line too large" errors often.
-  #imap_max_line_length = 64k
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
 
   # Maximum number of IMAP connections allowed for a user from each IP address.
   # NOTE: The username is compared case-sensitively.
   #mail_max_userip_connections = 10
   mail_max_userip_connections = 50
-
-  # Space separated list of plugins to load (default is global mail_plugins).
-  #mail_plugins = $mail_plugins
-
-  # IMAP logout format string:
-  #  %i - total number of bytes read from client
-  #  %o - total number of bytes sent to client
-  #imap_logout_format = bytes=%i/%o
-
-  # Override the IMAP CAPABILITY response. If the value begins with '+',
-  # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
-  #imap_capability = 
-
-  # How long to wait between "OK Still here" notifications when client is
-  # IDLEing.
-  #imap_idle_notify_interval = 2 mins
-
-  # ID field names and values to send to clients. Using * as the value makes
-  # Dovecot use the default value. The following fields have default values
-  # currently: name, version, os, os-version, support-url, support-email.
-  #imap_id_send = 
-
-  # ID fields sent by client to log. * means everything.
-  #imap_id_log =
-
-  # Workarounds for various client bugs:
-  #   delay-newmail:
-  #     Send EXISTS/RECENT new mail notifications only when replying to NOOP
-  #     and CHECK commands. Some clients ignore them otherwise, for example OSX
-  #     Mail (<v2.1). Outlook Express breaks more badly though, without this it
-  #     may show user "Message no longer in server" errors. Note that OE6 still
-  #     breaks even with this workaround if synchronization is set to
-  #     "Headers Only".
-  #   tb-extra-mailbox-sep:
-  #     With mbox storage a mailbox can contain either mails or submailboxes,
-  #     but not both. Thunderbird separates these two by forcing server to
-  #     accept '/' suffix in mailbox names in subscriptions list.
-  #   tb-lsub-flags:
-  #     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
-  #     This makes Thunderbird realize they aren't selectable and show them
-  #     greyed out, instead of only later giving "not selectable" popup error.
-  #
-  # The list is space-separated.
-  #imap_client_workarounds = 
 }
diff --git a/conf.d/90-quota.conf b/conf.d/90-quota.conf
index db1f718..40cde63 100644
--- a/conf.d/90-quota.conf
+++ b/conf.d/90-quota.conf
@@ -22,6 +22,9 @@ plugin {
   # over quota, if the quota doesn't grow too high. Default is to allow as
   # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
   #quota_grace = 10%%
+
+  # Quota plugin can also limit the maximum accepted mail size.
+  #quota_max_mail_size = 100M
 }
 
 ##
diff --git a/conf.d/90-sieve.conf b/conf.d/90-sieve.conf
index 271063e..2902091 100644
--- a/conf.d/90-sieve.conf
+++ b/conf.d/90-sieve.conf
@@ -53,6 +53,15 @@ plugin {
   # Location for ":global" include scripts as used by the "include" extension.
   #sieve_global =
 
+  # The location of a Sieve script that is run for any message that is about to
+  # be discarded; i.e., it is not delivered anywhere by the normal Sieve
+  # execution. This only happens when the "implicit keep" is canceled, by e.g.
+  # the "discard" action, and no actions that deliver the message are executed.
+  # This "discard script" can prevent discarding the message, by executing
+  # alternative actions. If the discard script does nothing, the message is
+	# still discarded as it would be when no discard script is configured.
+  #sieve_discard =
+
   # Location Sieve of scripts that need to be executed before the user's
   # personal script. If a 'file' location path points to a directory, all the 
   # Sieve scripts contained therein (with the proper `.sieve' extension) are
@@ -135,4 +144,71 @@ plugin {
   # set to 0, no limit on the used amount of disk storage is enforced.
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
+
+  # The primary e-mail address for the user. This is used as a default when no
+  # other appropriate address is available for sending messages. If this setting
+  # is not configured, either the postmaster or null "<>" address is used as a
+  # sender, depending on the action involved. This setting is important when
+  # there is no message envelope to extract addresses from, such as when the
+  # script is executed in IMAP.
+  #sieve_user_email =
+
+  # The path to the file where the user log is written. If not configured, a
+  # default location is used. If the main user's personal Sieve (as configured
+  # with sieve=) is a file, the logfile is set to <filename>.log by default. If
+  # it is not a file, the default user log file is ~/.dovecot.sieve.log.
+  #sieve_user_log =
+
+  # Specifies what envelope sender address is used for redirected messages.
+  # The following values are supported for this setting:
+  #
+  #   "sender"         - The sender address is used (default).
+  #   "recipient"      - The final recipient address is used.
+  #   "orig_recipient" - The original recipient is used.
+  #   "user_email"     - The user's primary address is used. This is
+  #                      configured with the "sieve_user_email" setting. If
+  #                      that setting is unconfigured, "user_mail" is equal to
+  #                      "recipient".
+  #   "postmaster"     - The postmaster_address configured for the LDA.
+  #   "<user@domain>"  - Redirected messages are always sent from user@domain.
+  #                      The angle brackets are mandatory. The null "<>" address
+  #                      is also supported.
+  #
+  # This setting is ignored when the envelope sender is "<>". In that case the
+  # sender of the redirected message is also always "<>".
+  #sieve_redirect_envelope_from = sender
+
+  ## TRACE DEBUGGING
+  # Trace debugging provides detailed insight in the operations performed by
+  # the Sieve script. These settings apply to both the LDA Sieve plugin and the
+  # IMAPSIEVE plugin. 
+  #
+  # WARNING: On a busy server, this functionality can quickly fill up the trace
+  # directory with a lot of trace files. Enable this only temporarily and as
+  # selective as possible.
+  
+  # The directory where trace files are written. Trace debugging is disabled if
+  # this setting is not configured or if the directory does not exist. If the 
+  # path is relative or it starts with "~/" it is interpreted relative to the
+  # current user's home directory.
+  #sieve_trace_dir =
+  
+  # The verbosity level of the trace messages. Trace debugging is disabled if
+  # this setting is not configured. Possible values are:
+  #
+  #   "actions"        - Only print executed action commands, like keep,
+  #                      fileinto, reject and redirect.
+  #   "commands"       - Print any executed command, excluding test commands.
+  #   "tests"          - Print all executed commands and performed tests.
+  #   "matching"       - Print all executed commands, performed tests and the
+  #                      values matched in those tests.
+  #sieve_trace_level =
+  
+  # Enables highly verbose debugging messages that are usually only useful for
+  # developers.
+  #sieve_trace_debug = no
+  
+  # Enables showing byte code addresses in the trace output, rather than only
+  # the source line numbers.
+  #sieve_trace_addresses = no 
 }
diff --git a/dovecot-sql.conf.ext b/dovecot-sql.conf.ext
index a434244..0f2baec 100644
--- a/dovecot-sql.conf.ext
+++ b/dovecot-sql.conf.ext
@@ -48,6 +48,9 @@
 #
 #   But also adds some new settings:
 #     client_flags           - See MySQL manual
+#     connect_timeout        - Connect timeout in seconds (default: 5)
+#     read_timeout           - Read timeout in seconds (default: 30)
+#     write_timeout          - Write timeout in seconds (default: 30)
 #     ssl_ca, ssl_ca_path    - Set either one or both to enable SSL
 #     ssl_cert, ssl_key      - For sending client-side certificates to server
 #     ssl_cipher             - Set minimum allowed cipher security (default: HIGH)
-- 
2.34.1