Please see [1] and [2] for a better understanding of how this works.

[1] https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/
[2] https://doc.dovecot.org/configuration_manual/authentication/user_databases_userdb/

Fix #464

While mbox and maildir files get deleted by dovecot right away, that's
not the case for mdbox files. Since they contain multiple mails at once
in a proprietary format rewriting is expensive. That's why this step
is done in a separate step outside the dovecot process.

Kristian Klausen authored 4 years ago and Sven-Hendrik Haase committed 4 years ago

Switching to Rspamd has some advantages:
* It is probably faster than SA[1] (C + Lua vs Perl)
* We can reduce the number of moving parts. Rspamd has built-in DKIM
  signing, greylisting, DMARC checking to name a few
* It doesn't just mark the mail as spam/not-spam, it gives every mail a
  score and depending on the score it does either: nothing, greylist it,
  mark it as spam or reject it[2] (more actions is available and it can
  be tweaked)
* Replies whitelisting[3]
* It supports ARC signing, which can be useful
* A cool looking WebUi :)
* ... and more[4]...

[1] https://rspamd.com/doc/tutorials/migrate_sa.html#why-migrate-to-rspamd
[2] https://rspamd.com/doc/faq.html#what-are-rspamd-actions
[3] https://rspamd.com/doc/modules/replies.html
[4] https://rspamd.com/comparison.html

This enables lastlog so that we also see which accounts are used for
email only even if they are not used for SSH.

Signed-off-by: Florian Pritz <bluewind@xinu.at>