auth_mechanisms = plain login
disable_plaintext_auth = yes
mail_location = mdbox:~/.mdbox
mail_plugins = $mail_plugins zlib notify mail_log

# remove domain part from username and lowercase it
auth_username_format = %Ln

namespace inbox {
	hidden = no
	inbox = yes
	list = yes
	location =
	prefix =
	separator = .
	type = private

	mailbox Trash {
		auto = subscribe
		special_use = \Trash
	}
	mailbox Drafts {
		auto = subscribe
		special_use = \Drafts
	}
	mailbox Sent {
		auto = subscribe # autocreate, autosubscribe
		special_use = \Sent
	}
	mailbox Junk {
		auto = subscribe
		special_use = \Junk
	}
}

passdb {
	driver = passwd-file
	args = /etc/dovecot/shared-mailboxes-acl
}
passdb {
	driver = pam
}
plugin {
	sieve = ~/.dovecot.sieve
	sieve_dir = ~/.sieve
	# fileinto and mailbox is required by the global spam-to-folder.sieve script
	sieve_extensions = body duplicate envelope fileinto imap4flags mailbox regex variables
	sieve_global_dir = /etc/dovecot/sieve/global/
	sieve_global_path = /etc/dovecot/sieve/default.sieve
	sieve_before = /etc/dovecot/sieve/spam-to-folder.sieve

	mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
	mail_log_fields = uid box msgid size

	zlib_save_level = 6
	zlib_save = gz
}
protocols = imap sieve lmtp
service auth {
	unix_listener auth-client {
		group = postfix
		user = postfix
		mode = 0660
	}
	user = root
}
service imap-login {
  # don't listen for plain imap
  inet_listener imap {
    port = 0
  }
	process_limit = 400
	process_min_avail = 5
}

service lmtp {
	unix_listener /var/spool/postfix/private/dovecot-lmtp {
		group = postfix
		user = postfix
		mode = 0660
	}
}

login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"

# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
ssl_cert = </etc/letsencrypt/live/{{mail_domain}}/fullchain.pem
ssl_key = </etc/letsencrypt/live/{{mail_domain}}/privkey.pem
ssl_prefer_server_ciphers = yes
ssl_min_protocol = TLSv1.2
ssl_dh=</etc/dovecot/dh.pem
ssl_options = no_compression

ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

userdb {
	driver = passwd-file
	args = /etc/dovecot/shared-mailboxes
	# https://doc.dovecot.org/configuration_manual/config_file/config_variables/
	override_fields = uid=vmail gid=vmail home=/home/vmail/shared-mailboxes/%n
}
userdb {
	driver = passwd-file
	args = username_format=%{original_username} /etc/dovecot/shared-mailboxes-acl
	# https://doc.dovecot.org/configuration_manual/config_file/config_variables/
	override_fields = uid=vmail gid=vmail mail=mdbox:~/.mdbox:INDEXPVT=~/indexes/%Ln
}
userdb {
	driver = passwd
	# https://doc.dovecot.org/configuration_manual/config_file/config_variables/
	override_fields = uid=vmail gid=vmail home=/home/vmail/%d/%n
}
protocol imap {
	imap_client_workarounds = tb-extra-mailbox-sep
	mail_max_userip_connections = 30
	mail_plugins = $mail_plugins
}
protocol lmtp {
	postmaster_address = postmaster@archlinux.org
	mail_plugins = $mail_plugins sieve
}
protocol sieve {
	managesieve_logout_format = bytes ( in=%i : out=%o )
}