ansible_playbook_servers/roles/mailserver_dovecot/templates/dovecot.conf.j2

# {{ ansible_managed }}
###
### Aktivierte Protokolle
#############################

protocols = imap lmtp sieve

###
### TLS Config
### Quelle: https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d&guideline=5.4
#######################

ssl = required
ssl_cert = <{{ mailserver__ssl_cert }}
ssl_key = <{{ mailserver__ssl_key }}
ssl_dh = </etc/dovecot/dh4096.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = yes

###
### Dovecot services
################################

service imap-login {
  inet_listener imap {
    port = 143
  }
}

service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0660
    group = postfix
    user = postfix
  }

  user = {{ mailserver__user }}
}

service auth {
  ### Auth socket für Postfix
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }

  ### Auth socket für LMTP-Dienst
  unix_listener auth-userdb {
    mode = 0660
    user = {{ mailserver__user }}
    group = {{ mailserver__group }}
  }
}

###
###  Protocol settings
#############################

protocol imap {
  mail_plugins = $mail_plugins quota imap_quota imap_sieve
  mail_max_userip_connections = 20
  imap_idle_notify_interval = 29 mins
}

protocol lmtp {
    postmaster_address = {{ mailserver__postmaster_address }}
    mail_plugins = $mail_plugins sieve notify push_notification
}

###
### Client authentication
#############################

disable_plaintext_auth = yes
auth_mechanisms = plain login
auth_username_format = %Lu

passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}

userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}

###
### Mail location
#######################

mail_uid = {{ mailserver__user }}
mail_gid = {{ mailserver__group }}
mail_privileged_group = {{ mailserver__group }}

mail_home = {{ mailserver__home }}/mailboxes/%d/%n
mail_location = maildir:~/mail:LAYOUT=fs

###
### Mailbox configuration
########################################

namespace inbox {
  inbox = yes

  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }

  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }

  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }

  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
}

###
### Mail plugins
############################

plugin {
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_before = {{ mailserver__home }}/sieve/global/spam-global.sieve
  sieve = file:{{ mailserver__home }}/sieve/%d/%n/scripts;active={{ mailserver__home }}/sieve/%d/%n/active-script.sieve

  ###
  ### Spam learning
  ###
  # From elsewhere to Spam folder
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_before = file:{{ mailserver__home }}/sieve/global/learn-spam.sieve

  # From Spam folder to elsewhere
  imapsieve_mailbox2_name = *
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_before = file:{{ mailserver__home }}/sieve/global/learn-ham.sieve

  sieve_pipe_bin_dir = /usr/bin
  sieve_global_extensions = +vnd.dovecot.pipe

  quota = maildir:User quota
  quota_exceeded_message = Benutzer %u hat das Speichervolumen überschritten. / User %u has exhausted allowed storage space.
}