#general settings
listen = *, ::
login_greeting = Server ready.
mmap_disable = yes
mail_fsync = always
mail_nfs_index = yes
mail_nfs_storage = yes
info_log_path = /dev/null
auth_verbose = no
auth_verbose_passwords = no
auth_debug = no
auth_debug_passwords = no
mail_debug = no
verbose_ssl = no
mail_location = maildir:/var/mail/vmail/%d/%n
mail_home = /var/mail/vmail/%d/%n
mail_plugins = $mail_plugins mail_crypt zlib
mailbox_list_index = yes
mail_always_cache_fields = date.save

#plugin setup
plugin {
  mail_crypt_save_version = 2
  mail_crypt_global_private_key = </etc/dovecot/ecprivkey.pem
  mail_crypt_global_public_key = </etc/dovecot/ecpubkey.pem
  zlib_save = gz
  zlib_save_level = 6
  quota_grace = 10%%
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
  quota = count:User quota
  quota_rule = *:bytes=50M
  quota_vsizes = yes
  last_login_dict = proxy::lastlogin
  last_login_key = last-login/%u
}

#auth settings
disable_plaintext_auth = yes
auth_cache_size = 1M
auth_cache_ttl = 5mins
auth_cache_negative_ttl = 5mins
auth_default_realm = danwin1210.de
auth_username_chars = 
auth_mechanisms = plain login

#TLS parameters
ssl = required
ssl_cert = </etc/acme.sh/danwin1210.de_ecc/fullchain.cer
ssl_key = </etc/acme.sh/danwin1210.de_ecc/danwin1210.de.key
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = </etc/dovecot/dh.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = HIGH:!PSK:!aNULL:!MD5:!SHA:!CAMELLIA:!AES+SHA256:!AES+SHA384;
ssl_curve_list = X448:X25519:secp521r1:secp384r1
ssl_prefer_server_ciphers = yes

#protocol setup
protocols = "imap pop3 lmtp"
protocol lmtp {
	postmaster_address = postmaster@danwin1210.de
}
protocol imap {
  mail_plugins = $mail_plugins quota imap_quota imap_zlib last_login
}
protocol pop3 {
  mail_plugins = $mail_plugins last_login
}

#service setup
service anvil {
  unix_listener anvil-auth-penalty {
    #disable since we don't have IP info
    mode = 0
  }
}
service auth {
  unix_listener auth-userdb {
    mode = 0666
    user = postfix
    group = postfix
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

  inet_listener {
    port = 12345
  }

  user = dovecot
  group = dovecot
  client_limit=2448
}
service auth-worker {
  unix_listener auth-worker {
    mode = 0666
    user = dovecot
    group = dovecot
  }
}
service imap {
  service_count = 1000
  client_limit = 1
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  service_count = 1000
  vsz_limit = 1G
  process_min_avail = 4
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0660
    user = postfix
    group = postfix
  }
  user = vmail
  group = vmail
}
service pop3 {
  service_count = 1000
  client_limit = 1
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  service_count = 1000
  vsz_limit = 1G
}
service quota-status {
  executable = quota-status -p postfix
  inet_listener quota-status {
    port = 12340
  }
  client_limit = 1
}

#SQL queries
passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
  driver = prefetch
}
userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}
dict {
  lastlogin = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  user = dovecot
  group = dovecot
}

#namespace configuration
namespace inbox {
  inbox = yes
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Trash {
    special_use = \Trash
    autoexpunge = 30d
  }

  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
}