dovecot - May 2022 - Dovecot v2.3.19 released: User/PassDB lookups fail after update

Hi all!

We are pleased to release v2.3.19 of Dovecot.

The docker images have been upgraded to use bullseye as base image.

https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in https://hub.docker.com/r/dovecot/dovecot

Regards,
Aki Tuomi
Open-Xchange oy

--

+ Added mail_user_session_finished event, which is emitted when the mail
  user session is finished (e.g. imap, pop3, lmtp). It also includes
  fields with some process statistics information.
  See https://doc.dovecot.org/admin_manual/list_of_events/ for more
  information.
+ Added process_shutdown_filter setting. When an event matches the filter,
  the process will be shutdown after the current connection(s) have
  finished. This is intended to reduce memory usage of long-running imap
  processes that keep a lot of memory allocated instead of freeing it to
  the OS.
+ auth: Add cache hit indicator to auth passdb/userdb finished events.
  See https://doc.dovecot.org/admin_manual/list_of_events/ for more
  information.
+ doveadm deduplicate: Performance is improved significantly.
+ imapc: COPY commands were sent one mail at a time to the remote IMAP
  server. Now the copying is buffered, so multiple mails can be copied
  with a single COPY command.
+ lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
  https://doc.dovecot.org/admin_manual/lua/ for more information.
- auth: Cache lookup would use incorrect cache key after username change.
- auth: Improve handling unexpected LDAP connection errors/hangs.
  Try to fix up these cases by reconnecting to the LDAP server and
  aborting LDAP requests earlier.
- auth: Process crashed if userdb iteration was attempted while auth-workers
  were already full handling auth requests.
- auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
  introspection requests.
- dict: Timeouts may have been leaked at deinit.
- director: Ring may have become unstable if a backend's tag was changed.
  It could also have caused director process to crash.
- doveadm kick: Numeric parameter was treated as IP address.
- doveadm: Proxying can panic when flushing print output. Fixes
  Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
  (ioloop == current_ioloop).
- doveadm sync: BROKENCHAR was wrongly changed to '_' character when
  migrating mailboxes. This was set by default to %, so any mailbox
  names containing % characters were modified to "_25".
- imapc: Copying or moving mails with doveadm to an imapc mailbox could
  have produced "Error: Syncing mailbox '[...]' failed"
Errors. The
  operation itself succeeded but attempting to sync the destination
  mailbox failed.
- imapc: Prevent index log synchronization errors when two or more imapc
  sessions are adding messages to the same mailbox index files, i.e.
  INDEX=MEMORY is not used.
- indexer: Process was slowly leaking memory for each indexing request.
- lib-fts: fts header filters caused binary content to be sent to the
  indexer with non-default configuration.
- doveadm-server: Process could hang in some situations when printing
  output to TCP client, e.g. when printing doveadm sync state.
- lib-index: dovecot.index.log files were often read and parsed entirely,
  rather than only the parts that were actually necessary. This mainly
  increased CPU usage.
- lmtp-proxy: Session ID forwarding would cause same session IDs being
  used when delivering same mail to multiple backends.
- log: Log prefix update may have been lost if log process was busy.
  This could have caused log prefixes to be empty or in some cases
  reused between sessions, i.e. log lines could have been logged for the
  wrong user/session.
- mail_crypt: Plugin crashes if it's loaded only for some users. Fixes
  Panic: Module context mail_crypt_user_module missing.
- mail_crypt: When LMTP was delivering mails to both recipients with mail
  encryption enabled and not enabled, the non-encrypted recipients may
  have gotten mails encrypted anyway. This happened when the first
  recipient was encrypted (mail_crypt_save_version=2) and the 2nd
  recipient was not encrypted (mail_crypt_save_version=0).
- pop3: Session would crash if empty line was sent.
- stats: HTTP server leaked memory.
- submission-login: Long credentials, such as OAUTH2 tokens, were refused
  during SASL interactive due to submission server applying line length
  limits.
- submission-login: When proxying to remote host, authentication was not
  using interactive SASL when logging in using long credentials such as
  OAUTH2 tokens. This caused authentication to fail due to line length
  constraints in SMTP protocol.
- submission: Terminating the client connection with QUIT command after
  mail transaction is started with MAIL command and before it is
  finished with DATA/BDAT can cause a segfault crash.
- virtual: doveadm search queries with mailbox-guid as the only parameter
  crashes: Panic: file virtual-search.c: line 77 (virtual_search_get_records):
  assertion failed: (result != 0)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL:
<https://dovecot.org/pipermail/dovecot-news/attachments/20220510/f939dd09/attachment.sig>

Am 10.05.22 um 08:33 schrieb Aki Tuomi:
> Hi all!
> 
> We are pleased to release v2.3.19 of Dovecot.
> 
> The docker images have been upgraded to use bullseye as base image.
> 
> https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz.sig
Hello,

"make check" fail here:

test-crypto.c:827: Assert failed: ret == TRUE
Panic: file dcrypt-openssl.c: line 2639 (dcrypt_openssl_private_to_public_key):
assertion failed: (priv_key != NULL && pub_key_r != NULL)
Error: Raw backtrace: ./test-crypto(backtrace_append+0x42) [0x556260e86cb2]
-> ./test-crypto(backtrace_get+0x1e) [0x556260e86dce] ->
./test-crypto(+0x25bcb) [0x556260e65bcb] -> ./test-crypto(+0x25c01)
[0x556260e65c01] -> ./test-crypto(+0x13dab) [0x556260e53dab] ->
.libs/libdcrypt_openssl.so(+0x5f13) [0x7f6133c60f13] ->
./test-crypto(+0x1e436) [0x556260e5e436] -> ./test-crypto(+0x21aef)
[0x556260e61aef] -> ./test-crypto(test_run+0x47) [0x556260e626c7] ->
./test-crypto(main+0x50) [0x556260e582a0] ->
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f6133c99d0a] ->
./test-crypto(_start+0x2a) [0x556260e583ba]
/bin/bash: line 1:    90 Aborted                 ./$bin

any advise is welcome...

Andreas

On Tue, 2022-05-10 at 09:33 +0300, Aki Tuomi wrote:
> Hi all!
> 
> We are pleased to release v2.3.19 of Dovecot.
On Sun, 2022-02-06 at 14:25 +0000, Alan Swanson wrote:
> On Sat, 2022-02-05 at 14:55 +1300, Peter wrote:
> > On 8/12/21 2:12 am, Alan Swanson wrote:
> > > Reverting commit "fts: Use mailbox-match-plugin API for
> > > fts_autoindex_exclude" resolved this core dump in
> > > lib20_fts_plugin.so for me.
> > > 
> > >
https://github.com/dovecot/core/commit/9d02ac2e4232cc69bc37344c6341674b87078301
> > 
> > Is this fixed yet in 2.3.18?
> > 
> No, still broken and core dumping (there's been no changes
> to src/plugins/fts/fts-storage.c) and the commit still
> needs reverted on 2.3.18.
Unfortunately this is still not fixed in 2.3.19 and continues to core
dump at fts_user_autoindex_exclude(). Reverting the referenced commit
still fixes it.

-- 
Alan.

On Tue, 10 May 2022, Aki Tuomi via Dovecot-news wrote:
> + Added mail_user_session_finished event, which is emitted when the mail
>  user session is finished (e.g. imap, pop3, lmtp). It also includes
>  fields with some process statistics information.
>  See https://doc.dovecot.org/admin_manual/list_of_events/ for more
>  information.
We thought that this might give us some useful information in our logs,
especially when investigating user complaints (thanks, by the way, both
for Dovecot itself, and for the new logging functionality).  I added to
our 10-logging.conf file:

    --- .../10-logging.conf 2022-02-02 09:53:52.000000000 -0500
    +++ .../10-logging.conf 2022-05-11 16:40:48.116914000 -0400
    @@ -44,8 +44,13 @@ plugin {
       #mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
       #mail_log_events = mailbox_delete mailbox_rename
       # 2022-01-02 Anne Bennett: per RT#461889, log more
    -  mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename append flag_change
    +  # 2022-05-11 Sylvain Robitaille: per RT#478860, log new
    +  #            mail_user_session_finished event
    +  mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename append flag_change mail_user_session_finished
       # Available fields: uid, box, msgid, from, subject, size, vsize, flags
       # size and vsize are available only for expunge and copy events.
    -  mail_log_fields = uid box msgid size
    +  # mail_user_session_finished adds: utime, stime, minor_faults,
    +  #    major_faults, vol_cs, invol_cs, rss, vsz, rchar, wchar, syscr,
    +  #    syscw
    +  mail_log_fields = uid box msgid size rss vsz
     }

... and reloaded ("dovecot reload"), following which the log
informed me:

    May 11 16:56:45 lust dovecot: master: Warning: SIGHUP received - reloading
configuration
    May 11 16:56:46 lust dovecot:
imap(syl)<27995><X6CKJb/eMpSEzQLZ>: Disconnected: Server shutting
down. in=20441 out=1721757 deleted=42
expunged=40 trashed=0 hdr_count=89 hdr_bytes=147223 body_count=81
body_bytes=1504010
    ...
    May 11 16:58:05 lust dovecot: imap-login: Login: user=<syl>,
method=GSSAPI, rip=132.205.2.217, lip=132.205.96.89, mpid=26509, TLS,
session=<td6lssLenKKEzQLZ>
    May 11 16:58:05 lust dovecot:
imap(syl)<26509><td6lssLenKKEzQLZ>: Fatal: Unknown field in
mail_log_fields: 'rss'

Hrmmm ... Ok, remove "rss" and reload:

    May 11 16:58:44 lust dovecot: master: Warning: SIGHUP received - reloading
configuration
    May 11 16:58:50 lust dovecot: imap-login: Login: user=<syl>,
method=GSSAPI, rip=132.205.2.217, lip=132.205.96.89, mpid=26573, TLS,
session=<e/hRtcLepKKEzQLZ>
    May 11 16:58:50 lust dovecot:
imap(syl)<26573><e/hRtcLepKKEzQLZ>: Fatal: Unknown field in
mail_log_fields: 'vsz'

Not what I was expecting, of course, but can we at least see the
events logged?  remove "vsz" and reload again:

    May 11 16:59:02 lust dovecot: master: Warning: SIGHUP received - reloading
configuration
    May 11 16:59:06 lust dovecot: imap-login: Login: user=<syl>,
method=GSSAPI, rip=132.205.2.217, lip=132.205.96.89, mpid=26606, TLS,
session=<BuVBtsLepqKEzQLZ>
    May 11 16:59:06 lust dovecot:
imap(syl)<26606><BuVBtsLepqKEzQLZ>: Fatal: Unknown event in
mail_log_events: 'mail_user_session_finished'

Alright, remove mail_user_session_finished and reload, and it's ok
again.  I *must* be doing something wrong here, but I can't figure
out what that it, and it seems that mail_user_session_finished has not
reached any of the documentation within the source tree.  Can someone
point me to documentation for how to use this?  Am I jumping the gun
here, or am I just doing it wrong?

-- 
----------------------------------------------------------------------
Sylvain Robitaille                               syl at encs.concordia.ca

Systems analyst / AITS                            Concordia University
Faculty of Engineering and Computer Science   Montreal, Quebec, Canada
----------------------------------------------------------------------

On May 10, 2022, at 2:33 AM, Aki Tuomi via Dovecot-news <dovecot-news at
dovecot.org> wrote:
> We are pleased to release v2.3.19 of Dovecot.
As per usual now, you need this (small) patch to build on macOS (if there's
some better way to submit this so it eventually makes it into a release, please
redirect me):

--- src/lib/ioloop-notify-kqueue.c.orig 2021-06-14 07:56:46.000000000 -0400
+++ src/lib/ioloop-notify-kqueue.c      2021-06-21 12:10:16.000000000 -0400
@@ -11,6 +11,7 @@
 
 #include "ioloop-private.h"
 #include "llist.h"
+#include "time-util.h"
 #include <unistd.h>
 #include <fcntl.h>
 #include <sys/types.h>

-- 
Daniel J. Luke

After updating to 2.3.19 (from 2.3.16) passdb and userdb lookups fail:

root at backup:~# doveadm user rb at egroupware.org; doveadm log errors

userdb lookup: user rb at egroupware.org doesn't exist
field??? value

May 15 07:22:18 Panic: auth: file userdb-blocking.c: line 124 
(userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL)
May 15 07:22:18 Error: auth: Raw backtrace: 
/usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x41) [0x7f019a651c91] 
-> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x22) [0x7f019a651db2] 
-> /usr/lib/dovecot/libdovecot.so.0(+0x10b0bb) [0x7f019a65f0bb] -> 
/usr/lib/dovecot/libdovecot.so.0(+0x10b157) [0x7f019a65f157] -> 
/usr/lib/dovecot/libdovecot.so.0(+0x5d375) [0x7f019a5b1375] -> 
dovecot/auth [0 wait, 0 passdb, 0 userdb](+0x157a7) [0x55e256d287a7] -> 
dovecot/auth [0 wait, 0 passdb, 0 userdb](+0x1954b) [0x55e256d2c54b] -> 
dovecot/auth [0 wait, 0 passdb, 0 userdb](+0x36ca7) [0x55e256d49ca7] -> 
dovecot/auth [0 wait, 0 passdb, 0 userdb](+0x2ab86) [0x55e256d3db86] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handle_timeouts+0x15f) 
[0x7f019a67576f] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xcf) 
[0x7f019a67702f] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x54) 
[0x7f019a675a54] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) 
[0x7f019a675bc0] -> 
/usr/lib/dovecot/libdovecot.so.0(master_service_run+0x17) 
[0x7f019a5e7207] -> dovecot/auth [0 wait, 0 passdb, 0 
userdb](main+0x3c8) [0x55e256d29588] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x7f019a2de0b3] 
-> dovecot/auth [0 wait, 0 passdb, 0 userdb](_start+0x2e) [0x55e256d2976e]
May 15 07:22:19 Fatal: auth: master: service(auth): child 19 killed with 
signal 6 (core dumped)
May 15 07:22:19 Error: replicator: auth-master: userdb list: 
Disconnected unexpectedly
May 15 07:22:19 Error: replicator: listing users failed, can't replicate 
existing data
May 15 07:22:19 Error: doveadm(arash 2student at bb-trunk.egroupware.de): 
User doesn't exist
May 15 07:22:19 Error: doveadm(arash teacher at bb-trunk.egroupware.de): 
User doesn't exist
May 15 07:22:20 Error: doveadm(christoph 
thyssen at bb-trunk.egroupware.de): User doesn't exist
May 15 07:23:21 Error: doveadm(arash student at bb-trunk.egroupware.de): 
User doesn't exist
May 15 07:24:02 Error: 
doveadm(schieder at uni-kl.de@bb-trunk.egroupware.de): User doesn't exist
May 15 07:24:07 Error: doveadm(sabour at uni-kl.de@bb-trunk.egroupware.de): 
User doesn't exist
May 15 07:24:24 Error: 
doveadm(ralf.imaptest at outdoor-training.de@bb-trunk.egroupware.de): User 
doesn't exist
May 15 07:24:31 Error: doveadm(arash tolou at bb-trunk.egroupware.de): User 
doesn't exist
May 15 07:24:31 Error: 
doveadm(becker_r at uni-kl.de@bb-trunk.egroupware.de): User doesn't exist
May 15 07:24:49 Error: 
doveadm(olat.vcrp.de:2723414355 at bb-trunk.egroupware.de): User doesn't
exist
May 15 07:24:56 Error: 
doveadm(olat.vcrp.de:1167852044 at bb-trunk.egroupware.de): User doesn't
exist

Reverting back to 2.3.16 fixes the problem for now.

My doveadm config -n is attached. We use a hourly updated local sqlight 
database and a dict for userdb.

Any ideas?

Ralf


Am 10.05.22 um 08:33 schrieb Aki Tuomi:
> Hi all!
>
> We are pleased to release v2.3.19 of Dovecot.
>
> The docker images have been upgraded to use bullseye as base image.
>
> https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz.sig
> Binary packages in https://repo.dovecot.org/
> Docker images in https://hub.docker.com/r/dovecot/dovecot
>
> Regards,
> Aki Tuomi
> Open-Xchange oy
>
> --
>
> + Added mail_user_session_finished event, which is emitted when the mail
>    user session is finished (e.g. imap, pop3, lmtp). It also includes
>    fields with some process statistics information.
>    See https://doc.dovecot.org/admin_manual/list_of_events/ for more
>    information.
> + Added process_shutdown_filter setting. When an event matches the filter,
>    the process will be shutdown after the current connection(s) have
>    finished. This is intended to reduce memory usage of long-running imap
>    processes that keep a lot of memory allocated instead of freeing it to
>    the OS.
> + auth: Add cache hit indicator to auth passdb/userdb finished events.
>    See https://doc.dovecot.org/admin_manual/list_of_events/ for more
>    information.
> + doveadm deduplicate: Performance is improved significantly.
> + imapc: COPY commands were sent one mail at a time to the remote IMAP
>    server. Now the copying is buffered, so multiple mails can be copied
>    with a single COPY command.
> + lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
>    https://doc.dovecot.org/admin_manual/lua/ for more information.
> - auth: Cache lookup would use incorrect cache key after username change.
> - auth: Improve handling unexpected LDAP connection errors/hangs.
>    Try to fix up these cases by reconnecting to the LDAP server and
>    aborting LDAP requests earlier.
> - auth: Process crashed if userdb iteration was attempted while
auth-workers
>    were already full handling auth requests.
> - auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
>    introspection requests.
> - dict: Timeouts may have been leaked at deinit.
> - director: Ring may have become unstable if a backend's tag was
changed.
>    It could also have caused director process to crash.
> - doveadm kick: Numeric parameter was treated as IP address.
> - doveadm: Proxying can panic when flushing print output. Fixes
>    Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
>    (ioloop == current_ioloop).
> - doveadm sync: BROKENCHAR was wrongly changed to '_' character
when
>    migrating mailboxes. This was set by default to %, so any mailbox
>    names containing % characters were modified to "_25".
> - imapc: Copying or moving mails with doveadm to an imapc mailbox could
>    have produced "Error: Syncing mailbox '[...]' failed"
Errors. The
>    operation itself succeeded but attempting to sync the destination
>    mailbox failed.
> - imapc: Prevent index log synchronization errors when two or more imapc
>    sessions are adding messages to the same mailbox index files, i.e.
>    INDEX=MEMORY is not used.
> - indexer: Process was slowly leaking memory for each indexing request.
> - lib-fts: fts header filters caused binary content to be sent to the
>    indexer with non-default configuration.
> - doveadm-server: Process could hang in some situations when printing
>    output to TCP client, e.g. when printing doveadm sync state.
> - lib-index: dovecot.index.log files were often read and parsed entirely,
>    rather than only the parts that were actually necessary. This mainly
>    increased CPU usage.
> - lmtp-proxy: Session ID forwarding would cause same session IDs being
>    used when delivering same mail to multiple backends.
> - log: Log prefix update may have been lost if log process was busy.
>    This could have caused log prefixes to be empty or in some cases
>    reused between sessions, i.e. log lines could have been logged for the
>    wrong user/session.
> - mail_crypt: Plugin crashes if it's loaded only for some users. Fixes
>    Panic: Module context mail_crypt_user_module missing.
> - mail_crypt: When LMTP was delivering mails to both recipients with mail
>    encryption enabled and not enabled, the non-encrypted recipients may
>    have gotten mails encrypted anyway. This happened when the first
>    recipient was encrypted (mail_crypt_save_version=2) and the 2nd
>    recipient was not encrypted (mail_crypt_save_version=0).
> - pop3: Session would crash if empty line was sent.
> - stats: HTTP server leaked memory.
> - submission-login: Long credentials, such as OAUTH2 tokens, were refused
>    during SASL interactive due to submission server applying line length
>    limits.
> - submission-login: When proxying to remote host, authentication was not
>    using interactive SASL when logging in using long credentials such as
>    OAUTH2 tokens. This caused authentication to fail due to line length
>    constraints in SMTP protocol.
> - submission: Terminating the client connection with QUIT command after
>    mail transaction is started with MAIL command and before it is
>    finished with DATA/BDAT can cause a segfault crash.
> - virtual: doveadm search queries with mailbox-guid as the only parameter
>    crashes: Panic: file virtual-search.c: line 77
(virtual_search_get_records):
>    assertion failed: (result != 0)

-- 
Ralf Becker
EGroupware GmbH [www.egroupware.org]
Handelsregister HRB Kaiserslautern 3587
Gesch?ftsf?hrer Birgit und Ralf Becker
Leibnizstr. 17, 67663 Kaiserslautern, Germany
Telefon +49 631 31657-0
-------------- next part --------------
# 2.3.19 (b3ad6004dc): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 4.15.0-176-generic x86_64 Ubuntu 20.04.4 LTS 
# Hostname: f7cd89ea62ff
auth_cache_negative_ttl = 2 mins
auth_cache_size = 10 M
auth_cache_ttl = 5 mins
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
default_client_limit = 3500
default_process_limit = 512
disable_plaintext_auth = no
doveadm_password = # hidden, use -P to show it
doveadm_port = 12345
first_valid_uid = 90
listen = *
log_path = /dev/stderr
login_greeting = Dovecot KA.nfs ready
mail_access_groups = dovecot
mail_attribute_dict = file:%h/dovecot-metadata
mail_gid = dovecot
mail_location = mdbox:~/mdbox
mail_log_prefix = "%s(%u %p): "
mail_max_userip_connections = 200
mail_plugins = acl quota notify replication mail_log mail_lua notify
push_notification push_notification_lua
mail_uid = dovecot
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave vnd.dovecot.debug
mbox_min_index_size = 1000 B
mbox_write_locks = fcntl
mdbox_rotate_size = 50 M
namespace inboxes {
  inbox = yes
  location = 
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Templates {
    auto = subscribe
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix = INBOX/
  separator = /
  subscriptions = no
}
namespace subs {
  hidden = yes
  list = no
  location = 
  prefix = 
  separator = /
}
namespace users {
  location = mdbox:%%h/mdbox
  prefix = user/%%n/
  separator = /
  subscriptions = no
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-dict-master-auth.conf
  driver = dict
  master = yes
}
passdb {
  args = /etc/dovecot/dovecot-dict-auth.conf
  driver = dict
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/dovecot/imap/%d/shared-mailboxes.db
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  mail_replica = tcp:10.44.88.5
  push_lua_url = http://push-proxy/
  push_notification_driver = lua:file=/etc/dovecot/dovecot-push.lua
  quota = dict:User quota::ns=INBOX/:file:%h/dovecot-quota
  quota_rule = *:storage=200GB
  sieve = ~/sieve/dovecot.sieve
  sieve_after = /var/dovecot/sieve/after.d/
  sieve_before = /var/dovecot/sieve/before.d/
  sieve_dir = ~/sieve
  sieve_extensions = +editheader
  sieve_user_log = ~/.sieve.log
}
postmaster_address = admins at egroupware.org
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
replication_dsync_parameters = -d -n INBOX -l 30 -U
service aggregator {
  fifo_listener replication-notify-fifo {
    user = dovecot
  }
  unix_listener replication-notify {
    user = dovecot
  }
}
service auth-worker {
  user = $default_internal_user
}
service auth {
  drop_priv_before_exec = no
  inet_listener {
    port = 113
  }
}
service doveadm {
  inet_listener {
    port = 12345
  }
  inet_listener {
    port = 26
  }
  vsz_limit = 640 M
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
  process_min_avail = 5
  service_count = 1
  vsz_limit = 64 M
}
service imap {
  executable = imap
  process_limit = 2048
  vsz_limit = 640 M
}
service lmtp {
  inet_listener lmtp {
    port = 24
  }
  unix_listener lmtp {
    mode = 0666
  }
  vsz_limit = 512 M
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  inet_listener sieve_deprecated {
    port = 2000
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
service pop3 {
  executable = pop3
}
service postlogin {
  executable = script-login -d rawlog -b -t
}
service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
    group = dovecot
    mode = 0660
    user = dovecot
  }
}
ssl_cert = </etc/certs/mail.egroupware.org.pem
ssl_cipher_list =
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
userdb {
  args = /etc/dovecot/dovecot-dict-auth.conf
  driver = dict
}
verbose_proctitle = yes
protocol lda {
  mail_plugins = acl quota notify replication mail_log mail_lua notify
push_notification push_notification_lua acl sieve quota
}
protocol imap {
  imap_metadata = yes
  mail_max_userip_connections = 200
  mail_plugins = acl quota notify replication mail_log mail_lua notify
push_notification push_notification_lua acl imap_acl quota imap_quota
}
protocol lmtp {
  mail_max_lock_timeout = 25 secs
  mail_plugins = acl quota notify replication mail_log mail_lua notify
push_notification push_notification_lua acl sieve quota notify push_notification
}