dovecot - Apr 2017 - several misc questions, public folders and sharing, quota, ssl

Hi Aki,

Thanks for your reply. Sorry, hit the reply to and not the reply to all option.

So, even when a folder is a public folder I'm still needing to use the
acl plugin?


The public/TestFolder is showing up, the public/TestFolder1 is not.

Thanks.
Dave.


On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:
> Please keep responses on the list. Thank you. =)
>
> Without ACL plugin there is no way to restrict access, it's free for
all.
>
> my site is a very tiny few user site, but ...
>
> auth_mechanisms = login plain
> mail_attribute_dict = file:%h/Mail/dovecot-attributes
> mail_location = sdbox:~/Mail
> mail_plugins = stats quota fts fts_lucene
> namespace inbox {
>   inbox = yes
>   list = yes
>   location >   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Spam {
>     auto = subscribe
>     special_use = \Junk
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   prefix >   separator = .
>   subscriptions = yes
>   type = private
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> plugin {
>   fts = lucene
>   fts_lucene = whitespace_chars=@.
>   imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
>   imapsieve_mailbox1_causes = COPY
>   imapsieve_mailbox1_name = Spam
>   imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
>   imapsieve_mailbox2_causes = COPY
>   imapsieve_mailbox2_from = Spam
>   imapsieve_mailbox2_name = *
>   quota = count:User quota
>   quota_vsizes = yes
>   recipient_delimiter = +
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/sieve
>   sieve_extensions = +notify +imapflags
>   sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
>   sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
>   sieve_plugins = sieve_imapsieve sieve_extprograms
>   stats_refresh = 30
> }
> protocols = imap lmtp
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     mode = 0666
>   }
>   user = $default_internal_user
> }
> service doveadm {
>   inet_listener http {
>     address = 127.0.0.1
>     port = 38080
>   }
> }
> service imap-login {
>   inet_listener imap {
>     port = 143
>   }
>   inet_listener imaps {
>     port = 993
>     ssl = yes
>   }
> }
> service lmtp {
>   inet_listener lmtp {
>     address = 127.0.0.1
>     port = 8025
>   }
> }
> service stats {
>   fifo_listener stats-mail {
>     mode = 0666
>   }
> }
> ssl = required
> ssl_cert = #
> ssl_cipher_list >
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA
> ssl_dh_parameters_length = 4096
> ssl_key =  #
> ssl_prefer_server_ciphers = yes
> ssl_protocols = !SSLv2 !SSLv3
> submission_host = 127.0.0.1:25
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> protocol imap {
>   mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve
> }
> protocol lmtp {
>   mail_plugins = stats quota fts fts_lucene sieve
> }
> protocol lda {
>   mail_plugins = stats quota fts fts_lucene sieve
> }
>
> Aki
>
>> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at
gmail.com> wrote:
>>
>>
>> Hello Aki,
>>
>> Thank you for your reply.
>>
>> I've implemented your changes and thanks for the @STRENGTH
reminder, I
>> had forgotten about that one.
>>
>> I'll check out the acl plugin. Is it required when sharing a public
>> folder or are public folders usable by all? I know it is for shared
>> folders.
>>
>> The TestFolder1 is still not showing up in public not sure why
>> everything looks good.
>>
>> My configuration was migrated from 2.0 to 2.1 then 2.2, various ports
>> along the way.
>>
>> I was wondering if I could take a look at your dovecot configuration
>> files and a doveconf -n output?
>>
>> Thanks.
>> Dave.
>>
>>
>> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>> >
>> >> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler at
gmail.com>
>> >> wrote:
>> >>
>> >>
>> >> Hello,
>> >>
>> >> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm
wanting to
>> >> optimize how the system is running and have a few misc
questions.
>> >>
>> >> First ssl, is my cipher list good? I'm trying for pfs and
wanting to
>> >> ensure these cipherlist is appropriate:
>> >>
>> >> ssl_cipher_list =
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
>> >>
>> >
>> > I would add @STRENGTH to the end, so it'll get sorted by
strengthness.
>> >
>> >> Next, a new feature that I'm trying for is virtual folders
that store
>> >> All messages. My understanding of this is that it stores a
version of
>> >> every received message in one place? I've got the virtual
plugin
>> >> loaded and have:
>> >>
>> >>   mailbox virtual/All {
>> >>     comment = All my messages
>> >>     special_use = \All
>> >>   }
>> >>
>> >> I've got a directory
/home/vmail/example.com/username/virtual under
>> >> which is an ALL folder both directories are accessible to the
vmail
>> >> user, yet there's no contents in this folder and it's
showing up
>> >> nowhere.
>> >>
>> >
>> > Configuring virtual all folder:
>> >
>> > namespace {
>> >   prefix = virtual
>> >   location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual
>> >   comment = All my messages
>> >   special_use = \All
>> >   mailbox All {
>> >     auto = subscribe
>> >   }
>> > }
>> >
>> > ==== /etc/dovecot/virtual/All/dovecot-virtual ===>> > *
>> >   all
>> > ==== EOF ==>> >
>> >> Next, quota warnings, are not being sent at all. I set up a
testuser
>> >> with a quota of 2 mb, then sent a message to that user getting
the box
>> >> to 95% full, and no message. Took the user overquota with the
next
>> >> message, still nothing, and a third message did trigger my
custom
>> >> quota exceeded message and the message was bounced.
>> >>
>> >
>> > I would recommend you using
>> >
>> > mail_plugins = $mail_plugins quota quota_clone
>> >
>> > plugin {
>> >   quota = count:User quota
>> >   quota_clone_dict = proxy::sqlquota
>> >   quota_vsizes = true
>> > }
>> >
>> > Also,
>> >
>> > "Note that the warning is ONLY executed at the exact time
when the limit
>> > is
>> > being crossed, so when you're testing it you have to do it by
crossing
>> > the
>> > limit by saving a new mail. If something else besides Dovecot
updates
>> > quota
>> > so that the limit is crossed, the warning is never executed."
>> >
>> >>  I'm wanting to implement public folders. My mailboxes are
all
>> >> virtual, and they are stored under
/home/vmail/example.com/username
>> >> and /home/vmail/example.org/username in the maildir format.
I've got
>> >> one user uid and gid of 999 name of vmail who owns all the
mailboxes.
>> >> I've separated out public folders storing them under
>> >> /home/vmail/public. I've created one mailbox called
TestFolder and
>> >> new, cur, and tmp directories under it. This is what it looks
like:
>> >
>> > <snip />
>> >
>> >> The public/TestFolder is showing up fine and I can switch to
it. The
>> >> public/TestFolder1 is not showing up at all so I'm not
seeing it and
>> >> can't switch to it. Any ideas?
>> >>
>> >
>> > Not sure why it's not showing up, *but*, you could add
>> > :INDEXPVT=%h/public
>> > to the folder, to keep per-user indexes separate.
>> >
>> >> My second question involves public folders and domain sharing.
Are
>> >> public folders accessible to all users and all domains?
I've got two
>> >> domains example.com and example.org i'd like to create a
folder that
>> >> some users in example.com can share with some users in
example.org,
>> >> not necessarily all users in those domains should be able to
see the
>> >> folders.
>> >>
>> >
>> > Dovecot does not, as per such, care about your domains. It cares
about
>> > user
>> > names. If you want to do this kind of thing, please consult ACL
plugin.
>> > https://wiki2.dovecot.org/ACL
>> >
>> >> Ideas welcome.
>> >>
>> >> Thanks.
>> >> Dave.
>> >>
>> >
>> > Some other comments, if you are using SSL, you can drop cram-md5
as
>> > auth
>> > mech, it's not storage-safe.
>> >
>> > you should use mail_location = maildir:~/maildir:LAYOUT=fs
>> >
>> > to avoid your other things in user's home being interprepted
as mail
>> > directories.
>> >
>> > why are you setting these?
>> > maildir_broken_filename_sizes = yes
>> > maildir_empty_new = yes
>> > maildir_very_dirty_syncs = yes
>> >
>> > and in general I see lots of overconfiguring, dovecot defaults are
>> > usually
>> > right, and setting various things just for the fun of it, can
cause
>> > problems.
>> >
>> > Aki
>> >
>

Can you try turning mail_debug=yes and posting logs?

Also if possible, can you try telnetting to the server and issuing

a LOGIN username password
a SELECT public/TestFolder1

with debug turned on?

ACL plugin is needed *iff* you want to *restrict* access. 


Aki
> On April 14, 2017 at 11:53 PM David Mehler <dave.mehler at gmail.com>
wrote:
> 
> 
> Hi Aki,
> 
> Thanks for your reply. Sorry, hit the reply to and not the reply to all
option.
> 
> So, even when a folder is a public folder I'm still needing to use the
> acl plugin?
> 
> 
> The public/TestFolder is showing up, the public/TestFolder1 is not.
> 
> Thanks.
> Dave.
> 
> 
> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> > Please keep responses on the list. Thank you. =)
> >
> > Without ACL plugin there is no way to restrict access, it's free
for all.
> >
> > my site is a very tiny few user site, but ...
> >
> > auth_mechanisms = login plain
> > mail_attribute_dict = file:%h/Mail/dovecot-attributes
> > mail_location = sdbox:~/Mail
> > mail_plugins = stats quota fts fts_lucene
> > namespace inbox {
> >   inbox = yes
> >   list = yes
> >   location > >   mailbox Drafts {
> >     special_use = \Drafts
> >   }
> >   mailbox Sent {
> >     special_use = \Sent
> >   }
> >   mailbox "Sent Messages" {
> >     special_use = \Sent
> >   }
> >   mailbox Spam {
> >     auto = subscribe
> >     special_use = \Junk
> >   }
> >   mailbox Trash {
> >     special_use = \Trash
> >   }
> >   prefix > >   separator = .
> >   subscriptions = yes
> >   type = private
> > }
> > passdb {
> >   args = /etc/dovecot/dovecot-sql.conf.ext
> >   driver = sql
> > }
> > plugin {
> >   fts = lucene
> >   fts_lucene = whitespace_chars=@.
> >   imapsieve_mailbox1_before =
file:/usr/lib/dovecot/sieve/report-spam.sieve
> >   imapsieve_mailbox1_causes = COPY
> >   imapsieve_mailbox1_name = Spam
> >   imapsieve_mailbox2_before =
file:/usr/lib/dovecot/sieve/report-ham.sieve
> >   imapsieve_mailbox2_causes = COPY
> >   imapsieve_mailbox2_from = Spam
> >   imapsieve_mailbox2_name = *
> >   quota = count:User quota
> >   quota_vsizes = yes
> >   recipient_delimiter = +
> >   sieve = ~/.dovecot.sieve
> >   sieve_dir = ~/sieve
> >   sieve_extensions = +notify +imapflags
> >   sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
> >   sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
> >   sieve_plugins = sieve_imapsieve sieve_extprograms
> >   stats_refresh = 30
> > }
> > protocols = imap lmtp
> > service auth {
> >   unix_listener /var/spool/postfix/private/auth {
> >     mode = 0666
> >   }
> >   user = $default_internal_user
> > }
> > service doveadm {
> >   inet_listener http {
> >     address = 127.0.0.1
> >     port = 38080
> >   }
> > }
> > service imap-login {
> >   inet_listener imap {
> >     port = 143
> >   }
> >   inet_listener imaps {
> >     port = 993
> >     ssl = yes
> >   }
> > }
> > service lmtp {
> >   inet_listener lmtp {
> >     address = 127.0.0.1
> >     port = 8025
> >   }
> > }
> > service stats {
> >   fifo_listener stats-mail {
> >     mode = 0666
> >   }
> > }
> > ssl = required
> > ssl_cert = #
> > ssl_cipher_list > >
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA
> > ssl_dh_parameters_length = 4096
> > ssl_key =  #
> > ssl_prefer_server_ciphers = yes
> > ssl_protocols = !SSLv2 !SSLv3
> > submission_host = 127.0.0.1:25
> > userdb {
> >   args = /etc/dovecot/dovecot-sql.conf.ext
> >   driver = sql
> > }
> > protocol imap {
> >   mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve
> > }
> > protocol lmtp {
> >   mail_plugins = stats quota fts fts_lucene sieve
> > }
> > protocol lda {
> >   mail_plugins = stats quota fts fts_lucene sieve
> > }
> >
> > Aki
> >
> >> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at
gmail.com> wrote:
> >>
> >>
> >> Hello Aki,
> >>
> >> Thank you for your reply.
> >>
> >> I've implemented your changes and thanks for the @STRENGTH
reminder, I
> >> had forgotten about that one.
> >>
> >> I'll check out the acl plugin. Is it required when sharing a
public
> >> folder or are public folders usable by all? I know it is for
shared
> >> folders.
> >>
> >> The TestFolder1 is still not showing up in public not sure why
> >> everything looks good.
> >>
> >> My configuration was migrated from 2.0 to 2.1 then 2.2, various
ports
> >> along the way.
> >>
> >> I was wondering if I could take a look at your dovecot
configuration
> >> files and a doveconf -n output?
> >>
> >> Thanks.
> >> Dave.
> >>
> >>
> >> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> >> >
> >> >> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler
at gmail.com>
> >> >> wrote:
> >> >>
> >> >>
> >> >> Hello,
> >> >>
> >> >> I'm running dovecot 2.29 on a freebsd 10.3 system.
I'm wanting to
> >> >> optimize how the system is running and have a few misc
questions.
> >> >>
> >> >> First ssl, is my cipher list good? I'm trying for pfs
and wanting to
> >> >> ensure these cipherlist is appropriate:
> >> >>
> >> >> ssl_cipher_list =
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
> >> >>
> >> >
> >> > I would add @STRENGTH to the end, so it'll get sorted by
strengthness.
> >> >
> >> >> Next, a new feature that I'm trying for is virtual
folders that store
> >> >> All messages. My understanding of this is that it stores
a version of
> >> >> every received message in one place? I've got the
virtual plugin
> >> >> loaded and have:
> >> >>
> >> >>   mailbox virtual/All {
> >> >>     comment = All my messages
> >> >>     special_use = \All
> >> >>   }
> >> >>
> >> >> I've got a directory
/home/vmail/example.com/username/virtual under
> >> >> which is an ALL folder both directories are accessible to
the vmail
> >> >> user, yet there's no contents in this folder and
it's showing up
> >> >> nowhere.
> >> >>
> >> >
> >> > Configuring virtual all folder:
> >> >
> >> > namespace {
> >> >   prefix = virtual
> >> >   location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual
> >> >   comment = All my messages
> >> >   special_use = \All
> >> >   mailbox All {
> >> >     auto = subscribe
> >> >   }
> >> > }
> >> >
> >> > ==== /etc/dovecot/virtual/All/dovecot-virtual ===>
>> > *
> >> >   all
> >> > ==== EOF ==> >> >
> >> >> Next, quota warnings, are not being sent at all. I set up
a testuser
> >> >> with a quota of 2 mb, then sent a message to that user
getting the box
> >> >> to 95% full, and no message. Took the user overquota with
the next
> >> >> message, still nothing, and a third message did trigger
my custom
> >> >> quota exceeded message and the message was bounced.
> >> >>
> >> >
> >> > I would recommend you using
> >> >
> >> > mail_plugins = $mail_plugins quota quota_clone
> >> >
> >> > plugin {
> >> >   quota = count:User quota
> >> >   quota_clone_dict = proxy::sqlquota
> >> >   quota_vsizes = true
> >> > }
> >> >
> >> > Also,
> >> >
> >> > "Note that the warning is ONLY executed at the exact
time when the limit
> >> > is
> >> > being crossed, so when you're testing it you have to do
it by crossing
> >> > the
> >> > limit by saving a new mail. If something else besides Dovecot
updates
> >> > quota
> >> > so that the limit is crossed, the warning is never
executed."
> >> >
> >> >>  I'm wanting to implement public folders. My
mailboxes are all
> >> >> virtual, and they are stored under
/home/vmail/example.com/username
> >> >> and /home/vmail/example.org/username in the maildir
format. I've got
> >> >> one user uid and gid of 999 name of vmail who owns all
the mailboxes.
> >> >> I've separated out public folders storing them under
> >> >> /home/vmail/public. I've created one mailbox called
TestFolder and
> >> >> new, cur, and tmp directories under it. This is what it
looks like:
> >> >
> >> > <snip />
> >> >
> >> >> The public/TestFolder is showing up fine and I can switch
to it. The
> >> >> public/TestFolder1 is not showing up at all so I'm
not seeing it and
> >> >> can't switch to it. Any ideas?
> >> >>
> >> >
> >> > Not sure why it's not showing up, *but*, you could add
> >> > :INDEXPVT=%h/public
> >> > to the folder, to keep per-user indexes separate.
> >> >
> >> >> My second question involves public folders and domain
sharing. Are
> >> >> public folders accessible to all users and all domains?
I've got two
> >> >> domains example.com and example.org i'd like to
create a folder that
> >> >> some users in example.com can share with some users in
example.org,
> >> >> not necessarily all users in those domains should be able
to see the
> >> >> folders.
> >> >>
> >> >
> >> > Dovecot does not, as per such, care about your domains. It
cares about
> >> > user
> >> > names. If you want to do this kind of thing, please consult
ACL plugin.
> >> > https://wiki2.dovecot.org/ACL
> >> >
> >> >> Ideas welcome.
> >> >>
> >> >> Thanks.
> >> >> Dave.
> >> >>
> >> >
> >> > Some other comments, if you are using SSL, you can drop
cram-md5 as
> >> > auth
> >> > mech, it's not storage-safe.
> >> >
> >> > you should use mail_location = maildir:~/maildir:LAYOUT=fs
> >> >
> >> > to avoid your other things in user's home being
interprepted as mail
> >> > directories.
> >> >
> >> > why are you setting these?
> >> > maildir_broken_filename_sizes = yes
> >> > maildir_empty_new = yes
> >> > maildir_very_dirty_syncs = yes
> >> >
> >> > and in general I see lots of overconfiguring, dovecot
defaults are
> >> > usually
> >> > right, and setting various things just for the fun of it, can
cause
> >> > problems.
> >> >
> >> > Aki
> >> >
> >

On 04/14/2017 05:11 PM, Aki Tuomi wrote:
> Can you try turning mail_debug=yes and posting logs?
>
> Also if possible, can you try telnetting to the server and issuing
If you only allow secure connections, you may need instead of telnet:


openssl s_client -connect your_host_tld:993

or

openssl s_client -connect your_host_tld:143 -starttls imap

>
> a LOGIN username password
> a SELECT public/TestFolder1
>
> with debug turned on?
>
> ACL plugin is needed *iff* you want to *restrict* access.
>
>
> Aki
>
>> On April 14, 2017 at 11:53 PM David Mehler <dave.mehler at
gmail.com> wrote:
>>
>>
>> Hi Aki,
>>
>> Thanks for your reply. Sorry, hit the reply to and not the reply to all
option.
>>
>> So, even when a folder is a public folder I'm still needing to use
the
>> acl plugin?
>>
>>
>> The public/TestFolder is showing up, the public/TestFolder1 is not.
>>
>> Thanks.
>> Dave.
>>
>>
>> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>>> Please keep responses on the list. Thank you. =)
>>>
>>> Without ACL plugin there is no way to restrict access, it's
free for all.
>>>
>>> my site is a very tiny few user site, but ...
>>>
>>> auth_mechanisms = login plain
>>> mail_attribute_dict = file:%h/Mail/dovecot-attributes
>>> mail_location = sdbox:~/Mail
>>> mail_plugins = stats quota fts fts_lucene
>>> namespace inbox {
>>>    inbox = yes
>>>    list = yes
>>>    location >>>    mailbox Drafts {
>>>      special_use = \Drafts
>>>    }
>>>    mailbox Sent {
>>>      special_use = \Sent
>>>    }
>>>    mailbox "Sent Messages" {
>>>      special_use = \Sent
>>>    }
>>>    mailbox Spam {
>>>      auto = subscribe
>>>      special_use = \Junk
>>>    }
>>>    mailbox Trash {
>>>      special_use = \Trash
>>>    }
>>>    prefix >>>    separator = .
>>>    subscriptions = yes
>>>    type = private
>>> }
>>> passdb {
>>>    args = /etc/dovecot/dovecot-sql.conf.ext
>>>    driver = sql
>>> }
>>> plugin {
>>>    fts = lucene
>>>    fts_lucene = whitespace_chars=@.
>>>    imapsieve_mailbox1_before =
file:/usr/lib/dovecot/sieve/report-spam.sieve
>>>    imapsieve_mailbox1_causes = COPY
>>>    imapsieve_mailbox1_name = Spam
>>>    imapsieve_mailbox2_before =
file:/usr/lib/dovecot/sieve/report-ham.sieve
>>>    imapsieve_mailbox2_causes = COPY
>>>    imapsieve_mailbox2_from = Spam
>>>    imapsieve_mailbox2_name = *
>>>    quota = count:User quota
>>>    quota_vsizes = yes
>>>    recipient_delimiter = +
>>>    sieve = ~/.dovecot.sieve
>>>    sieve_dir = ~/sieve
>>>    sieve_extensions = +notify +imapflags
>>>    sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
>>>    sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
>>>    sieve_plugins = sieve_imapsieve sieve_extprograms
>>>    stats_refresh = 30
>>> }
>>> protocols = imap lmtp
>>> service auth {
>>>    unix_listener /var/spool/postfix/private/auth {
>>>      mode = 0666
>>>    }
>>>    user = $default_internal_user
>>> }
>>> service doveadm {
>>>    inet_listener http {
>>>      address = 127.0.0.1
>>>      port = 38080
>>>    }
>>> }
>>> service imap-login {
>>>    inet_listener imap {
>>>      port = 143
>>>    }
>>>    inet_listener imaps {
>>>      port = 993
>>>      ssl = yes
>>>    }
>>> }
>>> service lmtp {
>>>    inet_listener lmtp {
>>>      address = 127.0.0.1
>>>      port = 8025
>>>    }
>>> }
>>> service stats {
>>>    fifo_listener stats-mail {
>>>      mode = 0666
>>>    }
>>> }
>>> ssl = required
>>> ssl_cert = #
>>> ssl_cipher_list >>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA
>>> ssl_dh_parameters_length = 4096
>>> ssl_key =  #
>>> ssl_prefer_server_ciphers = yes
>>> ssl_protocols = !SSLv2 !SSLv3
>>> submission_host = 127.0.0.1:25
>>> userdb {
>>>    args = /etc/dovecot/dovecot-sql.conf.ext
>>>    driver = sql
>>> }
>>> protocol imap {
>>>    mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve
>>> }
>>> protocol lmtp {
>>>    mail_plugins = stats quota fts fts_lucene sieve
>>> }
>>> protocol lda {
>>>    mail_plugins = stats quota fts fts_lucene sieve
>>> }
>>>
>>> Aki
>>>
>>>> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at
gmail.com> wrote:
>>>>
>>>>
>>>> Hello Aki,
>>>>
>>>> Thank you for your reply.
>>>>
>>>> I've implemented your changes and thanks for the @STRENGTH
reminder, I
>>>> had forgotten about that one.
>>>>
>>>> I'll check out the acl plugin. Is it required when sharing
a public
>>>> folder or are public folders usable by all? I know it is for
shared
>>>> folders.
>>>>
>>>> The TestFolder1 is still not showing up in public not sure why
>>>> everything looks good.
>>>>
>>>> My configuration was migrated from 2.0 to 2.1 then 2.2, various
ports
>>>> along the way.
>>>>
>>>> I was wondering if I could take a look at your dovecot
configuration
>>>> files and a doveconf -n output?
>>>>
>>>> Thanks.
>>>> Dave.
>>>>
>>>>
>>>> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>>>>>> On April 14, 2017 at 3:04 AM David Mehler
<dave.mehler at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I'm running dovecot 2.29 on a freebsd 10.3 system.
I'm wanting to
>>>>>> optimize how the system is running and have a few misc
questions.
>>>>>>
>>>>>> First ssl, is my cipher list good? I'm trying for
pfs and wanting to
>>>>>> ensure these cipherlist is appropriate:
>>>>>>
>>>>>> ssl_cipher_list =
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
>>>>>>
>>>>> I would add @STRENGTH to the end, so it'll get sorted
by strengthness.
>>>>>
>>>>>> Next, a new feature that I'm trying for is virtual
folders that store
>>>>>> All messages. My understanding of this is that it
stores a version of
>>>>>> every received message in one place? I've got the
virtual plugin
>>>>>> loaded and have:
>>>>>>
>>>>>>    mailbox virtual/All {
>>>>>>      comment = All my messages
>>>>>>      special_use = \All
>>>>>>    }
>>>>>>
>>>>>> I've got a directory
/home/vmail/example.com/username/virtual under
>>>>>> which is an ALL folder both directories are accessible
to the vmail
>>>>>> user, yet there's no contents in this folder and
it's showing up
>>>>>> nowhere.
>>>>>>
>>>>> Configuring virtual all folder:
>>>>>
>>>>> namespace {
>>>>>    prefix = virtual
>>>>>    location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual
>>>>>    comment = All my messages
>>>>>    special_use = \All
>>>>>    mailbox All {
>>>>>      auto = subscribe
>>>>>    }
>>>>> }
>>>>>
>>>>> ==== /etc/dovecot/virtual/All/dovecot-virtual
===>>>>> *
>>>>>    all
>>>>> ==== EOF ==>>>>>
>>>>>> Next, quota warnings, are not being sent at all. I set
up a testuser
>>>>>> with a quota of 2 mb, then sent a message to that user
getting the box
>>>>>> to 95% full, and no message. Took the user overquota
with the next
>>>>>> message, still nothing, and a third message did trigger
my custom
>>>>>> quota exceeded message and the message was bounced.
>>>>>>
>>>>> I would recommend you using
>>>>>
>>>>> mail_plugins = $mail_plugins quota quota_clone
>>>>>
>>>>> plugin {
>>>>>    quota = count:User quota
>>>>>    quota_clone_dict = proxy::sqlquota
>>>>>    quota_vsizes = true
>>>>> }
>>>>>
>>>>> Also,
>>>>>
>>>>> "Note that the warning is ONLY executed at the exact
time when the limit
>>>>> is
>>>>> being crossed, so when you're testing it you have to do
it by crossing
>>>>> the
>>>>> limit by saving a new mail. If something else besides
Dovecot updates
>>>>> quota
>>>>> so that the limit is crossed, the warning is never
executed."
>>>>>
>>>>>>   I'm wanting to implement public folders. My
mailboxes are all
>>>>>> virtual, and they are stored under
/home/vmail/example.com/username
>>>>>> and /home/vmail/example.org/username in the maildir
format. I've got
>>>>>> one user uid and gid of 999 name of vmail who owns all
the mailboxes.
>>>>>> I've separated out public folders storing them
under
>>>>>> /home/vmail/public. I've created one mailbox called
TestFolder and
>>>>>> new, cur, and tmp directories under it. This is what it
looks like:
>>>>> <snip />
>>>>>
>>>>>> The public/TestFolder is showing up fine and I can
switch to it. The
>>>>>> public/TestFolder1 is not showing up at all so I'm
not seeing it and
>>>>>> can't switch to it. Any ideas?
>>>>>>
>>>>> Not sure why it's not showing up, *but*, you could add
>>>>> :INDEXPVT=%h/public
>>>>> to the folder, to keep per-user indexes separate.
>>>>>
>>>>>> My second question involves public folders and domain
sharing. Are
>>>>>> public folders accessible to all users and all domains?
I've got two
>>>>>> domains example.com and example.org i'd like to
create a folder that
>>>>>> some users in example.com can share with some users in
example.org,
>>>>>> not necessarily all users in those domains should be
able to see the
>>>>>> folders.
>>>>>>
>>>>> Dovecot does not, as per such, care about your domains. It
cares about
>>>>> user
>>>>> names. If you want to do this kind of thing, please consult
ACL plugin.
>>>>> https://wiki2.dovecot.org/ACL
>>>>>
>>>>>> Ideas welcome.
>>>>>>
>>>>>> Thanks.
>>>>>> Dave.
>>>>>>
>>>>> Some other comments, if you are using SSL, you can drop
cram-md5 as
>>>>> auth
>>>>> mech, it's not storage-safe.
>>>>>
>>>>> you should use mail_location = maildir:~/maildir:LAYOUT=fs
>>>>>
>>>>> to avoid your other things in user's home being
interprepted as mail
>>>>> directories.
>>>>>
>>>>> why are you setting these?
>>>>> maildir_broken_filename_sizes = yes
>>>>> maildir_empty_new = yes
>>>>> maildir_very_dirty_syncs = yes
>>>>>
>>>>> and in general I see lots of overconfiguring, dovecot
defaults are
>>>>> usually
>>>>> right, and setting various things just for the fun of it,
can cause
>>>>> problems.
>>>>>
>>>>> Aki
>>>>>