# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = no
disable_plaintext_auth = yes

##
## Authentication processes
##

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
disable_plaintext_auth = yes

[...]
# Next we need to configure auth default in the authentication processes section of /etc/dovecot.conf.
# Uncomment and/or add the following lines as necessary (be careful as this section is heavily commented,
# some entries already exist, others are commented out and need uncommenting such as socket listen):
auth default {
  [...]
  #mechanisms = plain
  mechanisms = plain login
  [...]
  user = root
  [...]
  socket listen {
    client {
      path = /var/spool/postfix/private/dovecot-auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}
[...]

auth_mechanisms = plain login

[...]
service auth {
  [..]
  # Auth process is run as this user.
  #user = $default_internal_user
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/dovecot-auth {
    mode = 0660
    user = postfix
    group = postfix
  }
  [...]
}
[...]

[...]
protocol imap {
[...]
  # Support for dynamically loadable plugins. mail_plugins is a space separated
  # list of plugins to load.
  #mail_plugins =
  mail_plugins = autocreate
  #mail_plugin_dir = /usr/lib/dovecot/imap
[...]
}
[...]
protocol lda {
[...]
  #postmaster_address =
  postmaster_address = postmaster@cen05dev.xen.wbcd.pl
[...]
  # Support for dynamically loadable plugins. mail_plugins is a space separated
  # list of plugins to load.
  #mail_plugins =
  mail_plugins = sieve
  #mail_plugin_dir = /usr/lib/dovecot/lda
[...]
}
[...]
plugin {
[...] # at the end plugin section
  # mail_plugins autocreate (auto create imap folders for new users)
  autocreate = Sent
  autocreate2 = Trash
  autocreate3 = Drafts
  autocreate4 = Templates
  autocreate5 = SPAM
  autosubscribe = Sent
  autosubscribe2 = Trash
  autosubscribe3 = Drafts
  autosubscribe4 = Templates
  autosubscribe5 = SPAM
}

[...]
postmaster_address = postmaster@cen05dev.xen.wbcd.pl
[...]
protocol lda {
  # Space separated list of plugins to load (default is global mail_plugins).
  mail_plugins = sieve
}

[...]
protocol lmtp {
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
  mail_plugins = sieve
}

protocol imap {
[...]
  # Space separated list of plugins to load (default is global mail_plugins).
  #mail_plugins = $mail_plugins
  mail_plugins = autocreate
[...]
}

plugin {
[...] # at the end plugin section
  # mail_plugins autocreate (auto create imap folders for new users)
  autocreate = Sent
  autocreate2 = Trash
  autocreate3 = Drafts
  autocreate4 = Templates
  autocreate5 = Trash
  autocreate6 = SPAM
  autosubscribe = Sent
  autosubscribe2 = Trash
  autosubscribe3 = Drafts
  autosubscribe4 = Templates
  autosubscribe5 = Trash
  autosubscribe6 = SPAM
}

mail_location = maildir:~/Maildir

plugin {
[...]
  # Sieve plugin (http://wiki.dovecot.org/LDA/Sieve) and ManageSieve service
  #
  # Location of the active script. When ManageSieve is used this is actually
  # a symlink pointing to the active script in the sieve storage directory.
  sieve=~/.dovecot.sieve
  #
  # The path to the directory where the personal Sieve scripts are stored. For
  # ManageSieve this is where the uploaded scripts are stored.
  sieve_dir=~/sieve
}

mail_location = maildir:~/Maildir

##
## SIEVE specific settings
##
plugin {
  # The path to the user's main active script.
  # usually this means $HOME/.dovecot.sieve (/home/user/.dovecot.sieve)
  sieve = ~/.dovecot.sieve

  # A path to a global sieve script file, which gets executed ONLY
  # if user's private Sieve script doesn't exist. Be sure to
  # pre-compile this script manually using the sievec command line
  # tool.
  #sieve_global_path = /var/lib/dovecot/sieve/default.sieve
  # optionally - but not needed
  # mkdir -p /var/lib/dovecot/sieve
  # touch /var/lib/dovecot/sieve/default.sieve
  #sieve_global_path = /var/lib/dovecot/sieve/default.sieve

  # Directory for :personal include scripts for the include extension.
  sieve_dir = ~/sieve

  # Directory for :global include scripts for the include extension.
  #sieve_global_dir =
  # optionally - but not needed
  # mkdir -p /var/lib/dovecot/sieve/default.sieve
  #sieve_global_dir = /var/lib/dovecot/sieve/global/
}

# mail_location = maildir:~/Maildir
mail_location = maildir:/home/vmail/%d/%n/Maildir
[...]
# namespace {...}
[...]
# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names. <doc/wiki/UserIds.txt>
#mail_uid =
#mail_gid =
mail_uid = 5000
mail_gid = 5000
[...]
protocol lda {
[...]
  # UNIX socket path to master authentication server to find users.
  #auth_socket_path = /var/run/dovecot/auth-master
  auth_socket_path = /var/run/dovecot/auth-master
}
[...]
auth default {
  [...]
  #passdb pam {
  # [...]
  #}
  [...]
  passdb sql {
    # Path for SQL configuration file, see doc/dovecot-sql-example.conf
    args = /etc/dovecot-sql.conf
  }
  [...]
  #userdb passwd {
  # [...]
  #}
  # SQL database <doc/wiki/AuthDatabase.SQL.txt>
  [...]
  userdb sql {
    # Path for SQL configuration file, see doc/dovecot-sql-example.conf
    args = /etc/dovecot-sql.conf
  }
  [...]
}

[...]
# Next we need to configure auth default in the authentication processes section of /etc/dovecot.conf.
# Uncomment and/or add the following lines as necessary (be careful as this section is heavily commented,
# some entries already exist, others are commented out and need uncommenting such as socket listen):
auth default {
  [...]
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
      group = vmail
    }
  [...]
  }
}
[...]
plugin {
  [...]
  # Sieve plugin (http://wiki.dovecot.org/LDA/Sieve) and ManageSieve service
  #
  # Location of the active script. When ManageSieve is used this is actually
  # a symlink pointing to the active script in the sieve storage directory.
  #sieve=~/.dovecot.sieve
  sieve=/home/vmail/%d/%n/.dovecot.sieve
  [...]
  #
  # The path to the directory where the personal Sieve scripts are stored. For
  # ManageSieve this is where the uploaded scripts are stored.
  #sieve_dir=~/sieve
  sieve_dir=/home/vmail/%d/%n/sieve
}

cat > /etc/dovecot-sql.conf << EOF
# Database driver: mysql, pgsql, sqlite
#driver =
driver = mysql

# Database connection string. This is driver-specific setting.
#
# mysql:
#   Basic options emulate PostgreSQL option names:
#     host, port, user, password, dbname
#
#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
#   Note that currently you can't use spaces in parameters.
#
#   MySQL supports multiple host parameters for load balancing / HA.
#
# Examples:
#   connect = host=192.168.1.1 dbname=users
#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
#
#connect =
#connect = host=localhost dbname=mailer user=dovecot password=dovecot
connect = host=10.41.0.50 dbname=mailer user=dovecot password=dovecot

# Default password scheme.
#
# Password scheme means the format in which the password is stored in <password
# databases> [PasswordDatabase.txt]. The most commonly used password schemes are:
#
# * *PLAIN*: Password is in plaintext.
# * *CRYPT*: Traditional DES-crypted password in '/etc/passwd' (e.g. "pass" =
#   'vpvKh.SaNbR6s')
#   * Dovecot uses libc's 'crypt()' function, which means that CRYPT is usually
#     able to decrypt also MD5-CRYPT and possibly also other password schemes.
# * *MD5-CRYPT*: MD5 based salted password hash nowadays commonly used in
#   '/etc/shadow'. (e.g. "pass" = '$1$ozdpg0V0$0fb643pVsPtHVPX8mCZYW/')
#    * *MD5*: Alias for MD5-CRYPT. Dovecot versions earlier than v1.0.rc16 need
#      to use this instead of MD5-CRYPT. This name is deprecated because
#      MD5-CRYPT isn't an actual MD5 hash.
# * *PLAIN-MD5*: An actual MD5 hash of the password. (e.g. "pass" =
#   '1a1dc91c907325c69271ddf0c944bc72')
#
#default_pass_scheme = MD5
#default_pass_scheme = PLAIN
default_pass_scheme = MD5

# Commonly used available substitutions (see http://wiki.dovecot.org/Variables
# for full list):
#   %u = entire user@domain
#   %n = user part of user@domain
#   %d = domain part of user@domain

# passdb query to retrieve the password. It can return fields:
#   password - The user's password. This field must be returned.
#   user - user@domain from the database. Needed with case-insensitive lookups.
#   username and domain - An alternative way to represent the "user" field.
password_query = SELECT SUBSTRING_INDEX(email,'@',1) AS username, SUBSTRING_INDEX(email,'@',-1) AS domain, password FROM cen05dev_users WHERE email = '%n@%d'

# userdb query to retrieve the user information. It can return fields:
#   uid - System UID (overrides mail_uid setting)
#   gid - System GID (overrides mail_gid setting)
#   home - Home directory
#   mail - Mail location (overrides mail_location setting)
user_query = SELECT CONCAT('/home/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1)) AS home, 5000 AS uid, 5000 AS gid FROM cen05dev_users WHERE email = '%n@%d'

EOF

#!include auth-system.conf.ext
!include auth-sql.conf.ext

[...]
#mail_location =
#mail_location = maildir:~/Maildir
mail_location = maildir:/home/vmail/%d/%n/Maildir
[...]
#mail_uid =
#mail_gid =
mail_uid = 5000
mail_gid = 5000
[...]
# UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda.
#auth_socket_path = /var/run/dovecot/auth-userdb
auth_socket_path = /var/run/dovecot/auth-userdb
[...]

service auth {
  [...]
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    group = vmail
  }
  [...]
}

##
## SIEVE specific settings
##
plugin {
  # The path to the user's main active script.
  #sieve = ~/.dovecot.sieve
  sieve=/home/vmail/%d/%n/.dovecot.sieve

  # A path to a global sieve script file, which gets executed ONLY
  # if user's private Sieve script doesn't exist. Be sure to
  # pre-compile this script manually using the sievec command line
  # tool.
  #sieve_global_path = /var/lib/dovecot/sieve/default.sieve

  # Directory for :personal include scripts for the include extension.
  #sieve_dir = ~/sieve
  sieve_dir=/home/vmail/%d/%n/sieve

  # Directory for :global include scripts for the include extension.
  #sieve_global_dir =
}

cat > /etc/dovecot/dovecot-sql.conf.ext << EOF
# Database driver: mysql, pgsql, sqlite
#driver =
driver = mysql

# Database connection string. This is driver-specific setting.
#
# HA / round-robin load-balancing is supported by giving multiple host
# settings, like: host=sql1.host.org host=sql2.host.org
#
# mysql:
#   Basic options emulate PostgreSQL option names:
#     host, port, user, password, dbname
#
#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
#   Note that currently you can't use spaces in parameters.
#
#
# Examples:
#   connect = host=192.168.1.1 dbname=users
#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
#   connect = /etc/dovecot/authdb.sqlite
#
#connect =
#connect = host=localhost dbname=mailer user=dovecot password=dovecot
connect = host=10.5.5.5 dbname=mailer user=dovecot password=dovecot

# Default password scheme.
#
# Password scheme means the format in which the password is stored in <password
# databases> [PasswordDatabase.txt]. The most commonly used password schemes are:
#
# * *PLAIN*: Password is in plaintext.
# * *CRYPT*: Traditional DES-crypted password in '/etc/passwd' (e.g. "pass" =
#   'vpvKh.SaNbR6s')
#   * Dovecot uses libc's 'crypt()' function, which means that CRYPT is usually
#     able to decrypt also MD5-CRYPT and possibly also other password schemes.
# * *MD5-CRYPT*: MD5 based salted password hash nowadays commonly used in
#   '/etc/shadow'. (e.g. "pass" = '$1$ozdpg0V0$0fb643pVsPtHVPX8mCZYW/')
#    * *MD5*: Alias for MD5-CRYPT. Dovecot versions earlier than v1.0.rc16 need
#      to use this instead of MD5-CRYPT. This name is deprecated because
#      MD5-CRYPT isn't an actual MD5 hash.
# * *PLAIN-MD5*: An actual MD5 hash of the password. (e.g. "pass" =
#   '1a1dc91c907325c69271ddf0c944bc72')
#
#default_pass_scheme = MD5
#default_pass_scheme = PLAIN
default_pass_scheme = MD5

# Commonly used available substitutions (see http://wiki.dovecot.org/Variables
# for full list):
#   %u = entire user@domain
#   %n = user part of user@domain
#   %d = domain part of user@domain

# passdb query to retrieve the password. It can return fields:
#   password - The user's password. This field must be returned.
#   user - user@domain from the database. Needed with case-insensitive lookups.
#   username and domain - An alternative way to represent the "user" field.
password_query = SELECT SUBSTRING_INDEX(email,'@',1) AS username, SUBSTRING_INDEX(email,'@',-1) AS domain, password FROM cen06dev_users WHERE email = '%n@%d'

# userdb query to retrieve the user information. It can return fields:
#   uid - System UID (overrides mail_uid setting)
#   gid - System GID (overrides mail_gid setting)
#   home - Home directory
#   mail - Mail location (overrides mail_location setting)
user_query = SELECT CONCAT('/home/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1)) AS home, 5000 AS uid, 5000 AS gid FROM cen06dev_users WHERE email = '%n@%d'

EOF