protocols = imap lmtp sieve
auth_mechanisms = plain login
mail_privileged_group = mail
ssl = required
ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')}/fullchain.pem
ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')}/privkey.pem
ssl_dh = </etc/dovecot/dhparam.pem
ssl_client_ca_dir = /etc/ssl/certs
mail_location = maildir:~
mail_plugins = fts fts_xapian

namespace inbox {
  inbox = yes
  separator = .
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = create
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
}

passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}
# use sql for userdb too, to enable iterate_query
userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
  }
}
service stats {
  unix_listener stats-reader {
    user = vmail
    group = vmail
    mode = 0660
  }
  unix_listener stats-writer {
    user = vmail
    group = vmail
    mode = 0660
  }
}
service managesieve-login {
  inet_listener sieve {
  }
  process_min_avail = 0
  service_count = 1
  vsz_limit = 64 M
}
service managesieve {
  process_limit = 100
}

protocol imap {
   mail_plugins = $mail_plugins imap_sieve
   mail_max_userip_connections = 50
   imap_idle_notify_interval = 29 mins
}
protocol lmtp {
   mail_plugins = $mail_plugins sieve
}
protocol sieve {
  plugin {
    sieve = /var/vmail/sieve/%u.sieve
    sieve_storage = /var/vmail/sieve/%u/
  }
}

# fulltext search
plugin {
    fts = xapian
    fts_xapian = partial=3 full=20 verbose=0
    fts_autoindex = yes
    fts_enforced = yes
    # Index attachements
    fts_decoder = decode2text
}
service indexer-worker {
    vsz_limit = ${indexer_ram}
}
service decode2text {
    executable = script /usr/local/libexec/dovecot/decode2text.sh
    user = dovecot
    unix_listener decode2text {
        mode = 0666
    }
}

# spam filter
plugin {
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_dir = /var/vmail/sieve/%u/
  sieve = /var/vmail/sieve/%u.sieve
  sieve_pipe_bin_dir = /var/vmail/sieve/bin
  sieve_extensions = +vnd.dovecot.pipe

  sieve_after = /var/vmail/sieve/global/spam-to-folder.sieve

  # From elsewhere to Spam folder
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve

  # From Spam folder to elsewhere
  imapsieve_mailbox2_name = *
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
}