dovecot: migrated config to 2.4 + config splitting

2026-02-07 13:01:37 +00:00 · 2025-08-14 11:11:35 +02:00
parent 630e58e226
commit a77e699c53
27 changed files with 620 additions and 450 deletions
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -44,66 +44,83 @@ if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 else
  QUOTA_TABLE=quota2replica
 fi
+
+cat <<EOF > /etc/dovecot/conf.d/12-mysql.conf
+# Autogenerated by mailcow - DO NOT TOUCH!
+mysql /var/run/mysqld/mysqld.sock {
+  dbname=${DBNAME}
+  user=${DBUSER}
+  password=${DBPASS}
+
+  ssl = no
+}
+EOF
+
+
 cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-quota.conf
 # Autogenerated by mailcow
-connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
-map {
-  pattern = priv/quota/storage
-  table = ${QUOTA_TABLE}
+dict_map priv/quota/storage {
+  sql_table = ${QUOTA_TABLE}
  username_field = username
-  value_field = bytes
+  value_field bytes {
+  }
 }
-map {
-  pattern = priv/quota/messages
-  table = ${QUOTA_TABLE}
+
+dict_map priv/quota/messages {
+  sql_table = ${QUOTA_TABLE}
  username_field = username
-  value_field = messages
+  value_field messages {
+  }
 }
 EOF

 # Create dict used for sieve pre and postfilters
 cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf
 # Autogenerated by mailcow
-connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
-map {
-  pattern = priv/sieve/name/\$script_name
-  table = sieve_before
+
+dict_map priv/sieve/name/\$script_name {
+  sql_table = sieve_before
  username_field = username
-  value_field = id
-  fields {
-    script_name = \$script_name
+  value_field id {
+  }
+  key_field script_name {
+    value = \$script_name
  }
 }
-map {
-  pattern = priv/sieve/data/\$id
-  table = sieve_before
+
+dict_map priv/sieve/data/\$id {
+  sql_table = sieve_before
  username_field = username
-  value_field = script_data
-  fields {
-    id = \$id
+  key_field script_data {
+    value = \$script_data
+  }
+  value_field id {
  }
 }
+
+
 EOF

 cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf
 # Autogenerated by mailcow
-connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
-map {
-  pattern = priv/sieve/name/\$script_name
-  table = sieve_after
+
+dict_map priv/sieve/name/\$script_name {
+  sql_table = sieve_after
  username_field = username
-  value_field = id
-  fields {
-    script_name = \$script_name
+  value_field id {
+  }
+  key_field script_name {
+    value = \$script_name
  }
 }
-map {
-  pattern = priv/sieve/data/\$id
-  table = sieve_after
+
+dict_map priv/sieve/data/\$id {
+  sql_table = sieve_after
  username_field = username
-  value_field = script_data
-  fields {
-    id = \$id
+  key_field script_name {
+    value = \$script_data
+  }
+  value_field id {
  }
 }
 EOF
@@ -116,22 +133,20 @@ fi

 if [[ "${SKIP_FTS}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 echo -e "\e[33mDetecting SKIP_FTS=y... not enabling Flatcurve (FTS) then...\e[0m"
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify listescape replication mail_log' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
+echo -n 'quota quota_clone acl mail_crypt mail_crypt_acl mail_log mail_compress notify lazy_expunge' > /etc/dovecot/mail_plugins
+echo -n 'quota quota_clone imap_quota imap_acl acl imap_sieve mail_crypt mail_crypt_acl mail_compress notify mail_log' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota quota_clone sieve acl mail_crypt mail_crypt_acl mail_compress notify' > /etc/dovecot/mail_plugins_lmtp
 else
 echo -e "\e[32mDetecting SKIP_FTS=n... enabling Flatcurve (FTS)\e[0m"
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication lazy_expunge' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
+echo -n 'quota quota_clone acl mail_crypt mail_crypt_acl mail_log mail_compress notify fts fts_flatcurve lazy_expunge' > /etc/dovecot/mail_plugins
+echo -n 'quota quota_clone imap_quota imap_acl acl imap_sieve mail_crypt mail_crypt_acl mail_compress notify mail_log fts fts_flatcurve' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota quota_clone sieve acl mail_crypt mail_crypt_acl mail_compress fts fts_flatcurve notify' > /etc/dovecot/mail_plugins_lmtp
 fi
 chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl

 cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
 # Autogenerated by mailcow
-driver = mysql
-connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
-user_query = SELECT CONCAT(JSON_UNQUOTE(JSON_VALUE(attributes, '$.mailbox_format')), mailbox_path_prefix, '%d/%n/${MAILDIR_SUB}:VOLATILEDIR=/var/volatile/%u:INDEX=/var/vmail_index/%u') AS mail, '%s' AS protocol, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND (active = '1' OR active = '2')
+query = SELECT CONCAT(JSON_UNQUOTE(JSON_VALUE(attributes, '$.mailbox_format')), mailbox_path_prefix, '%{user | domain }}/%{user | username }/Maildir:VOLATILEDIR=/var/volatile/%{user}:INDEX=/var/vmail_index/%{user}') AS mail, '%{protocol}' AS protocol, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%{user}' AND (active = '1' OR active = '2')
 iterate_query = SELECT username FROM mailbox WHERE active = '1' OR active = '2';
 EOF

@@ -162,8 +177,8 @@ for cert_dir in /etc/ssl/mail/*/ ; do
  domains=($(cat ${cert_dir}domains))
  for domain in ${domains[@]}; do
    echo 'local_name '${domain}' {' >> /etc/dovecot/sni.conf;
-    echo '  ssl_cert = <'${cert_dir}'cert.pem' >> /etc/dovecot/sni.conf;
-    echo '  ssl_key = <'${cert_dir}'key.pem' >> /etc/dovecot/sni.conf;
+    echo '  ssl_server_cert_file = '${cert_dir}'cert.pem' >> /etc/dovecot/sni.conf;
+    echo '  ssl_server_key_file = '${cert_dir}'key.pem' >> /etc/dovecot/sni.conf;
    echo '}' >> /etc/dovecot/sni.conf;
  done
 done
@@ -187,11 +202,13 @@ else
 fi
 cat <<EOF > /etc/dovecot/shared_namespace.conf
 # Autogenerated by mailcow
-namespace {
+namespace shared {
    type = shared
    separator = /
-    prefix = Shared/%%u/
-    location = maildir:%%h${MAILDIR_SUB_SHARED}:INDEX=~${MAILDIR_SUB_SHARED}/Shared/%%u
+    prefix = Shared/\$user/
+    mail_driver = maildir
+    mail_path = %{owner_home}${MAILDIR_SUB_SHARED}
+    mail_index_private_path = ~${MAILDIR_SUB_SHARED}/Shared/%{owner_user}
    subscriptions = no
    list = children
 }
@@ -201,7 +218,7 @@ EOF
 cat <<EOF > /etc/dovecot/sogo_trusted_ip.conf
 # Autogenerated by mailcow
 remote ${IPV4_NETWORK}.248 {
-  disable_plaintext_auth = no
+  auth_allow_cleartext = yes
 }
 EOF

@@ -212,9 +229,13 @@ echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
 echo -n ${RAND_USER}@mailcow.local:${RAND_PASS} > /etc/sogo/cron.creds
 cat <<EOF > /etc/dovecot/sogo-sso.conf
 # Autogenerated by mailcow
-passdb {
-  driver = static
-  args = allow_real_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS}
+passdb static {
+  fields {
+    allow_real_nets=${IPV4_NETWORK}.248/32
+  }
+
+  password={plain}${RAND_PASS}
+  
 }
 EOF

@@ -239,9 +260,9 @@ fi
 if [[ "${SKIP_FTS}" =~ ^([nN][oO]|[nN])+$ ]]; then
  echo -e "\e[94mConfiguring FTS Settings...\e[0m"
  echo -e "\e[94mSetting FTS Memory Limit (per process) to ${FTS_HEAP} MB\e[0m"
-  sed -i "s/vsz_limit\s*=\s*[0-9]*\s*MB*/vsz_limit=${FTS_HEAP} MB/" /etc/dovecot/conf.d/fts.conf
+  sed -i "s/vsz_limit\s*=\s*[0-9]*\s*MB*/vsz_limit=${FTS_HEAP} MB/" /etc/dovecot/conf.d/35-fts.conf
  echo -e "\e[94mSetting FTS Process Limit to ${FTS_PROCS}\e[0m"
-  sed -i "s/process_limit\s*=\s*[0-9]*/process_limit=${FTS_PROCS}/" /etc/dovecot/conf.d/fts.conf
+  sed -i "s/process_limit\s*=\s*[0-9]*/process_limit=${FTS_PROCS}/" /etc/dovecot/conf.d/35-fts.conf
 fi

 # 401 is user dovecot
@@ -253,16 +274,16 @@ else
 	chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
 fi

-# Fix OpenSSL 3.X TLS1.0, 1.1 support (https://community.mailcow.email/d/4062-hi-all/20)
-if grep -qE 'ssl_min_protocol\s*=\s*(TLSv1|TLSv1\.1)\s*$' /etc/dovecot/dovecot.conf /etc/dovecot/extra.conf; then
-    sed -i '/\[openssl_init\]/a ssl_conf = ssl_configuration' /etc/ssl/openssl.cnf
+# # Fix OpenSSL 3.X TLS1.0, 1.1 support (https://community.mailcow.email/d/4062-hi-all/20)
+# if grep -qE 'ssl_min_protocol\s*=\s*(TLSv1|TLSv1\.1)\s*$' /etc/dovecot/dovecot.conf /etc/dovecot/extra.conf; then
+#     sed -i '/\[openssl_init\]/a ssl_conf = ssl_configuration' /etc/ssl/openssl.cnf

-    echo "[ssl_configuration]" >> /etc/ssl/openssl.cnf
-    echo "system_default = tls_system_default" >> /etc/ssl/openssl.cnf
-    echo "[tls_system_default]" >> /etc/ssl/openssl.cnf
-    echo "MinProtocol = TLSv1" >> /etc/ssl/openssl.cnf
-    echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf
-fi
+#     echo "[ssl_configuration]" >> /etc/ssl/openssl.cnf
+#     echo "system_default = tls_system_default" >> /etc/ssl/openssl.cnf
+#     echo "[tls_system_default]" >> /etc/ssl/openssl.cnf
+#     echo "MinProtocol = TLSv1" >> /etc/ssl/openssl.cnf
+#     echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf
+# fi

 # Compile sieve scripts
 sievec /var/vmail/sieve/global_sieve_before.sieve