indev: dovecot 2.4 config migration

data/Dockerfiles/dovecot/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.21
+FROM alpine:3.22
 
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -108,7 +108,11 @@ map {
 }
 EOF
 
-echo -n ${ACL_ANYONE} > /etc/dovecot/acl_anyone
+if [[ "${ACL_ANYONE}" == "allow" ]]; then
+  echo -n "yes" > /etc/dovecot/acl_anyone
+else
+  echo -n "no" > /etc/dovecot/acl_anyone
+fi
 
 if [[ "${SKIP_FTS}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 echo -e "\e[33mDetecting SKIP_FTS=y... not enabling Flatcurve (FTS) then...\e[0m"

data/conf/dovecot/dovecot.conf

@@ -7,12 +7,17 @@
 #  driver = ldap
 #}
 
+dovecot_config_version = 2.4.0
+dovecot_storage_version = 2.4.0
+
+listen = *,[::]
+
 auth_mechanisms = plain login
 #mail_debug = yes
 #auth_debug = yes
 #log_debug = category=fts-flatcurve # Activate Logging for Flatcurve FTS Searchings
 log_path = syslog
-disable_plaintext_auth = yes
+auth_allow_cleartext = yes
 # Uncomment on NFS share
 #mmap_disable = yes
 #mail_fsync = always
@@ -20,30 +25,36 @@ disable_plaintext_auth = yes
 #mail_nfs_storage = yes
 login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
 mail_home = /var/vmail/%d/%n
-mail_location = maildir:~/
+mail_driver = maildir
+mail_path = ~/
+mail_index_path = /var/vmail_index/${user}
 mail_plugins = </etc/dovecot/mail_plugins
-mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
+
-mail_attachment_dir = /var/attachments
+fs mail_ext_attachment {
-mail_attachment_min_size = 128k
+  fs_driver = posix
+  mail_ext_attachment_path = /var/attachments
+  mail_ext_attachment_min_size = 128k
+}
+
+
 # Significantly speeds up very large mailboxes, but is only safe to enable if
 # you do not manually modify the files in the `cur` directories in
 # mailcowdockerized_vmail-vol-1.
 # https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-performance/
 maildir_very_dirty_syncs = yes
 
-# Dovecot 2.2
-#ssl_protocols = !SSLv3
-# Dovecot 2.3
 ssl_min_protocol = TLSv1.2
 
-ssl_prefer_server_ciphers = yes
+ssl_server {
-ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM
+  prefer_ciphers = server
+  dh_file = /etc/ssl/mail/dhparams.pem
+  cert_file = /etc/ssl/mail/cert.pem
+  key_file = /etc/ssl/mail/key.pem
+}
 
-# Default in Dovecot 2.3
+ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!eNULL:!3DES:!MD5:!PSK:!DSS:!RC4:!SEED:!IDEA:+HIGH:+MEDIUM
 ssl_options = no_compression no_ticket
 
-# New in Dovecot 2.3
-ssl_dh = </etc/ssl/mail/dhparams.pem
 # Dovecot 2.2
 #ssl_dh_parameters_length = 2048
 log_timestamp = "%Y-%m-%d %H:%M:%S "
@@ -51,29 +62,35 @@ recipient_delimiter = +
 auth_master_user_separator = *
 mail_shared_explicit_inbox = yes
 mail_prefetch_count = 30
-passdb {
+passdb lua {
-  driver = lua
+  fields {
-  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes cache_key=%s:%u:%w
+    driver = lua
-  result_success = return-ok
+    args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes cache_key=%s:%u:%w
-  result_failure = continue
+    result_success = return-ok
-  result_internalfail = continue
+    result_failure = continue
+    result_internalfail = continue
+  }
 }
 # try a master passwd
-passdb {
+passdb master {
-  driver = passwd-file
+  fields {
-  args = /etc/dovecot/dovecot-master.passwd
+    driver = passwd-file
-  master = yes
+    args = /etc/dovecot/dovecot-master.passwd
-  skip = authenticated
+    master = yes
+    skip = authenticated
+  }
 }
 # check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail
 # a return of the following passdb is mandatory
-passdb {
+passdb empty-lua {
-  driver = lua
+  fields {
-  args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes
+    driver = lua
+    args = file=/etc/dovecot/auth/passwd-verify.lua blocking=yes
+  }
 }
 # Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing)
 service doveadm {
-  inet_listener {
+  inet_listener doveadm {
     port = 12345
   }
   vsz_limit=2048 MB
@@ -119,12 +136,12 @@ service managesieve-login {
     port = 14190
     haproxy = yes
   }
-  service_count = 1
+  service_restart_request_count = 1
   process_min_avail = 2
   vsz_limit = 1G
 }
 service imap-login {
-  service_count = 1
+  service_restart_request_count = 1
   process_min_avail = 2
   process_limit = 10000
   vsz_limit = 1G
@@ -140,7 +157,7 @@ service imap-login {
   }
 }
 service pop3-login {
-  service_count = 1
+  service_restart_request_count = 1
   process_min_avail = 1
   vsz_limit = 1G
   inet_listener pop3_haproxy {
@@ -167,23 +184,31 @@ service lmtp {
   }
   user = vmail
 }
-listen = *,[::]
+
-ssl_cert = </etc/ssl/mail/cert.pem
+userdb master-userdb {
-ssl_key = </etc/ssl/mail/key.pem
+  fields {
-userdb {
+    driver = passwd-file
-  driver = passwd-file
+    args = /etc/dovecot/dovecot-master.userdb
-  args = /etc/dovecot/dovecot-master.userdb
+  }
 }
-userdb {
+userdb sql-userdb {
-  args = /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
+  fields {
-  driver = sql
+    driver = sql
-  skip = found
+    args = /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
+    skip = found
+  }
 }
 protocol imap {
   mail_plugins = </etc/dovecot/mail_plugins_imap
   imap_metadata = yes
 }
-mail_attribute_dict = file:%h/dovecot-attributes
+
+mail_attribute {
+  dict file {
+    path = /etc/dovecot/dovecot-attributes
+  }
+}
+
 protocol lmtp {
   mail_plugins = </etc/dovecot/mail_plugins_lmtp
   auth_socket_path = /var/run/dovecot/auth-master
@@ -191,66 +216,81 @@ protocol lmtp {
 protocol sieve {
   managesieve_logout_format = bytes=%i/%o
 }
-plugin {
+
-  # Allow "any" or "authenticated" to be used in ACLs
+# Allow "any" or "authenticated" to be used in ACLs
-  acl_anyone = </etc/dovecot/acl_anyone
+imap_acl_allow_anyone = </etc/dovecot/acl_anyone
-  acl_shared_dict = file:/var/vmail/shared-mailboxes.db
+
-  acl = vfile
+
-  acl_user = %u
+acl_sharing_map {
-  quota = dict:Userquota::proxy::sqlquota
+  dict file {
+    path = /var/vmail/shared-mailboxes.db
+  }
+}
+
+acl_driver = vfile
+acl_user = %u
+
+quota "User quota" {
+  dict sqlquota {
+    driver = sql
+    args = /etc/dovecot/sql/dovecot-dict-sql-quota.conf
+  }
+  quota_rule = *:storage=+100M
   quota_rule2 = Trash:storage=+100%%
-  sieve = /var/vmail/sieve/%u.sieve
-  sieve_plugins = sieve_imapsieve sieve_extprograms
-  sieve_vacation_send_from_recipient = yes
-  sieve_redirect_envelope_from = recipient
-  # From elsewhere to Spam folder
-  imapsieve_mailbox1_name = Junk
-  imapsieve_mailbox1_causes = COPY
-  imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
-  # END
-  # From Spam folder to elsewhere
-  imapsieve_mailbox2_name = *
-  imapsieve_mailbox2_from = Junk
-  imapsieve_mailbox2_causes = COPY
-  imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
-  # END
-  master_user = %u
   quota_warning = storage=95%% quota-warning 95 %u
   quota_warning2 = storage=80%% quota-warning 80 %u
-  sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
+} 
-  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
-  sieve_extensions = +notify +imapflags +vacation-seconds +editheader
-  sieve_max_script_size = 1M
-  sieve_max_redirects = 100
-  sieve_max_actions = 101
-  sieve_quota_max_scripts = 0
-  sieve_quota_max_storage = 0
-  listescape_char = "\\"
-  sieve_vacation_min_period = 5s
-  sieve_vacation_max_period = 0
-  sieve_vacation_default_period = 60s
-  sieve_before = /var/vmail/sieve/global_sieve_before.sieve
-  sieve_before2 = dict:proxy::sieve_before;name=active;bindir=/var/vmail/sieve_before_bindir
-  sieve_after = dict:proxy::sieve_after;name=active;bindir=/var/vmail/sieve_after_bindir
-  sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve
-  sieve_duplicate_default_period = 1m
-  sieve_duplicate_max_period = 7d
 
-  # -- Global keys
+sieve = /var/vmail/sieve/%u.sieve
-  mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
+sieve_plugins = sieve_imapsieve sieve_extprograms
-  mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
+sieve_vacation_send_from_recipient = yes
-  mail_crypt_save_version = 2
+sieve_redirect_envelope_from = recipient
+# From elsewhere to Spam folder
+imapsieve_mailbox1_name = Junk
+imapsieve_mailbox1_causes = COPY
+imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
+# END
+# From Spam folder to elsewhere
+imapsieve_mailbox2_name = *
+imapsieve_mailbox2_from = Junk
+imapsieve_mailbox2_causes = COPY
+imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
+# END
+master_user = %u
+sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
+sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
+sieve_extensions = +notify +imapflags +vacation-seconds +editheader
+sieve_max_script_size = 1M
+sieve_max_redirects = 100
+sieve_max_actions = 101
+sieve_quota_max_scripts = 0
+sieve_quota_max_storage = 0
+listescape_char = "\\"
+sieve_vacation_min_period = 5s
+sieve_vacation_max_period = 0
+sieve_vacation_default_period = 60s
+sieve_before = /var/vmail/sieve/global_sieve_before.sieve
+sieve_before2 = dict:proxy::sieve_before;name=active;bindir=/var/vmail/sieve_before_bindir
+sieve_after = dict:proxy::sieve_after;name=active;bindir=/var/vmail/sieve_after_bindir
+sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve
+sieve_duplicate_default_period = 1m
+sieve_duplicate_max_period = 7d
 
-  # Enable compression while saving, lz4 Dovecot v2.3.17+
+# -- Global keys
-  zlib_save = lz4
+mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
+mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
+mail_crypt_save_version = 2
 
-  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
+# Enable compression while saving, lz4 Dovecot v2.3.17+
-  mail_log_fields = uid box msgid size
+zlib_save = lz4
-  mail_log_cached_only = yes
+
+mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
+mail_log_fields = uid box msgid size
+mail_log_cached_only = yes
+
+# Try set mail_replica
+!include_try /etc/dovecot/mail_replica.conf
 
-  # Try set mail_replica
-  !include_try /etc/dovecot/mail_replica.conf
-}
 service quota-warning {
   executable = script /usr/local/bin/quota_notify.py
   # use some unprivileged user for executing the quota warnings

data/conf/dovecot/dovecot.folders.conf

@@ -1,6 +1,5 @@
 namespace inbox {
   inbox = yes
-  location =
   separator = /
   mailbox "Trash" {
     auto = subscribe