├── docs ├── core │ ├── config │ │ ├── sql │ │ │ ├── index.md │ │ │ ├── sqlite.md │ │ │ ├── postgresql.md │ │ │ └── mysql.md │ │ ├── auth │ │ │ ├── users │ │ │ │ └── index.md │ │ │ ├── index.md │ │ │ ├── databases │ │ │ │ ├── index.md │ │ │ │ ├── bsd.md │ │ │ │ ├── imap.md │ │ │ │ ├── passwd.md │ │ │ │ └── prefetch.md │ │ │ ├── mechanisms │ │ │ │ ├── index.md │ │ │ │ └── winbind.md │ │ │ ├── include │ │ │ │ ├── anvil-problems.inc │ │ │ │ ├── anvil-overview.inc │ │ │ │ ├── anvil-algorithm.inc │ │ │ │ └── anvil.inc │ │ │ ├── penalty.md │ │ │ └── mutltiple.md │ │ ├── events │ │ │ └── index.md │ │ ├── proxy │ │ │ ├── index.md │ │ │ ├── include │ │ │ │ └── proxy-auth-methods.inc │ │ │ └── haproxy.md │ │ ├── delivery │ │ │ ├── index.md │ │ │ ├── mda.md │ │ │ ├── include │ │ │ │ └── delivery_common.inc │ │ │ └── mta.md │ │ ├── sieve │ │ │ ├── extensions │ │ │ │ ├── index.md │ │ │ │ ├── variables.md │ │ │ │ ├── include.md │ │ │ │ ├── editheader.md │ │ │ │ ├── duplicate.md │ │ │ │ ├── enotify.md │ │ │ │ └── extlists.md │ │ │ └── index.md │ │ ├── index.md │ │ ├── mailbox_formats │ │ │ ├── index.md │ │ │ ├── pop3c.md │ │ │ └── imapc.md │ │ ├── include │ │ │ ├── imap_hibernation_overview.inc │ │ │ ├── login_process_socket_paths.inc │ │ │ ├── login_process_overview.inc │ │ │ ├── login_process_high_performance.inc │ │ │ └── login_process_high_security.inc │ │ ├── recommended_metrics_include │ │ │ ├── header.inc │ │ │ ├── proxy.inc │ │ │ └── backend.inc │ │ ├── recommended_metrics.md │ │ ├── overview.md │ │ ├── security.md │ │ ├── login_processes.md │ │ ├── imap.md │ │ ├── fs.md │ │ ├── health_check.md │ │ └── execute.md │ ├── index.md │ ├── man │ │ ├── index.md │ │ ├── include │ │ │ ├── option-p.inc │ │ │ ├── option-no-userdb-lookup.inc │ │ │ ├── option-u-user.inc │ │ │ ├── reporting-bugs.inc │ │ │ ├── option-d.inc │ │ │ ├── option-o.inc │ │ │ ├── option-F-file.inc │ │ │ ├── option-S-socket.inc │ │ │ ├── global-options-formatter.inc │ │ │ ├── option-A.inc │ │ │ ├── global-options.inc │ │ │ └── option-x.inc │ │ ├── doveadm-dict.1.md │ │ ├── doveadm-fs.1.md │ │ ├── doveadm-sync.1.md │ │ ├── doveadm-backup.1.md │ │ ├── doveadm-copy.1.md │ │ ├── doveadm-mail-dict.1.md │ │ ├── doveadm-move.1.md │ │ ├── doveadm-mail-fs.1.md │ │ ├── doveadm-proxy.1.md │ │ ├── doveadm-service-stop.1.md │ │ ├── doveadm-help.1.md │ │ ├── doveadm-compress-connect.1.md │ │ ├── doveadm-exec.1.md │ │ ├── dovecot-sysreport.1.md │ │ ├── doveadm-penalty.1.md │ │ ├── doveadm-force-resync.1.md │ │ ├── doveadm-instance.1.md │ │ ├── doveadm-purge.1.md │ │ ├── doveadm-process-status.1.md │ │ ├── doveadm-indexer.1.md │ │ ├── doveadm-fts.1.md │ │ ├── doveadm-expunge.1.md │ │ └── doveadm-save.1.md │ ├── plugins │ │ ├── index.md │ │ ├── mail_lua.md │ │ ├── imap_acl.md │ │ ├── notify.md │ │ ├── imap_quota.md │ │ ├── sieve_imapsieve.md │ │ ├── charset_alias.md │ │ ├── welcome.md │ │ ├── fs_compress.md │ │ ├── apparmor.md │ │ ├── mail_log.md │ │ ├── pop3_migration.md │ │ ├── trash.md │ │ ├── notify_status.md │ │ ├── imap_filter_sieve.md │ │ ├── fts_flatcurve.md │ │ └── quota_clone.md │ ├── settings │ │ └── index.md │ ├── summaries │ │ ├── index.md │ │ ├── doveadm.md │ │ ├── events.md │ │ └── settings.md │ └── admin │ │ ├── index.md │ │ ├── lua │ │ └── index.md │ │ ├── sasl.md │ │ ├── limits.md │ │ ├── http.md │ │ └── process_titles.md ├── howto │ ├── lmtp │ │ └── index.md │ ├── sasl │ │ ├── index.md │ │ ├── exim.md │ │ └── chasquid.md │ ├── virtual │ │ └── index.md │ ├── index.md │ ├── ssl │ │ ├── sni_support.md │ │ └── cert_import.md │ ├── fail2ban.md │ └── auto_forward.md ├── developers │ ├── design │ │ ├── index.md │ │ ├── indexes │ │ │ ├── index.md │ │ │ └── images │ │ │ │ ├── lib-index.png │ │ │ │ ├── mail-index-cache.png │ │ │ │ ├── mail-index-log.png │ │ │ │ ├── mail-index-map.png │ │ │ │ ├── mail-index-log.drawio │ │ │ │ ├── lib-index.drawio │ │ │ │ ├── mail-index-cache.drawio │ │ │ │ └── mail-index-map.drawio │ │ ├── images │ │ │ └── auth.png │ │ ├── mail_user.md │ │ ├── mailbox.md │ │ ├── overview.md │ │ └── mail_storage.md │ ├── index.md │ └── overview.md ├── installation │ ├── index.md │ ├── upgrade │ │ ├── index.md │ │ ├── include │ │ │ ├── 2.4-service-defaults.inc │ │ │ ├── 2.4-fs-crypt.inc │ │ │ ├── 2.4-deprecated-global-acl-file.inc │ │ │ ├── 2.4-lua-auth.inc │ │ │ ├── 2.4-exports.inc │ │ │ ├── 2.4-empty-userdb-variables.inc │ │ │ ├── 2.4-lua-http.inc │ │ │ ├── 2.4-lua-auth-variables.inc │ │ │ ├── 2.4-deprecated-sis.inc │ │ │ ├── 2.4-lda.inc │ │ │ ├── 2.4-other.inc │ │ │ ├── 2.4-added-imapc_features-parameters.inc │ │ │ ├── 2.4-unknown-invalid-variables.inc │ │ │ ├── 2.4-added-auth-policy-parameters.inc │ │ │ ├── 2.4-section-naming.inc │ │ │ ├── 2.4-fts-header-settings.inc │ │ │ ├── 2.4-added-settings.inc │ │ │ ├── 2.4-changed-settings.inc │ │ │ ├── 2.4-added-cryptographic-features.inc │ │ │ ├── 2.4-event-filters.inc │ │ │ ├── 2.4-exim.inc │ │ │ ├── 2.4-directory-hashing.inc │ │ │ ├── 2.4-removed-settings.inc │ │ │ ├── 2.4-doveadm.inc │ │ │ ├── 2.4-external-configs.inc │ │ │ ├── 2.4-default-settings.inc │ │ │ ├── 2.4-core-events.inc │ │ │ ├── 2.4-removed-plugins.inc │ │ │ ├── 2.4-removed-other-features.inc │ │ │ ├── 2.3-to-2.3.x.inc │ │ │ ├── 2.4-acls.inc │ │ │ └── 2.4-redesign.inc │ │ ├── 2.3-to-2.3.x.md │ │ ├── 2.2-to-2.3.md │ │ └── overview.md │ └── sieve.md ├── troubleshooting │ ├── index.md │ └── include │ │ ├── debug_sessionid.inc │ │ ├── debug_crashes.inc │ │ └── debug_mail.inc ├── images │ └── by-nc-sa-4.0.png ├── license.md ├── index.md └── issues.md ├── public ├── dovecot.gif └── favicon.ico ├── .github ├── actions │ ├── container │ │ └── Dockerfile │ └── spelling │ │ ├── reject.txt │ │ ├── allow.txt │ │ ├── advice.md │ │ └── excludes.txt ├── dependabot.yml └── workflows │ ├── ci.yml │ ├── 2_3.yml │ └── container.yml ├── TODO.md ├── lib ├── data │ ├── events.data.js │ ├── event_reasons.data.js │ ├── event_categories.data.js │ └── lua.data.js ├── doveadm.js └── settings.js ├── .gitignore ├── data └── links_overrides.js ├── .vitepress └── theme │ ├── index.js │ ├── DovecotLayout.vue │ └── custom.css ├── components ├── FTSConfigComponent.vue ├── EventReasonsComponent.vue ├── DoveadmCliComponent.vue ├── EventCategoriesComponent.vue ├── LuaVariableComponent.vue ├── LuaConstantComponent.vue └── EventsComponent.vue ├── assets └── plantuml │ ├── submission_flow.puml │ └── README.md └── package.json /docs/core/config/sql/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: SQL 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/howto/lmtp/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: LMTP 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/howto/sasl/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: SASL 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/developers/design/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Design 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/config/auth/users/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Users 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/config/events/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Events 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/config/proxy/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Proxying 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/howto/virtual/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Virtual Users 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/config/auth/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Authentication 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/config/delivery/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Mail Delivery 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Dovecot Core 3 | exclude: true 4 | order: 100 5 | --- 6 | -------------------------------------------------------------------------------- /docs/core/man/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Man Pages 3 | exclude: true 4 | order: 145 5 | --- 6 | -------------------------------------------------------------------------------- /public/dovecot.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dovecot/documentation/HEAD/public/dovecot.gif -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dovecot/documentation/HEAD/public/favicon.ico -------------------------------------------------------------------------------- /docs/core/config/auth/databases/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Databases 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/config/auth/mechanisms/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Mechanisms 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/config/sieve/extensions/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Extensions 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/core/config/sieve/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Sieve 4 | exclude: true 5 | --- 6 | -------------------------------------------------------------------------------- /docs/core/plugins/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Plugins 3 | exclude: true 4 | order: 130 5 | --- 6 | -------------------------------------------------------------------------------- /docs/core/settings/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Settings 3 | exclude: true 4 | order: 140 5 | --- 6 | -------------------------------------------------------------------------------- /docs/core/summaries/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Summaries 3 | exclude: true 4 | order: 150 5 | --- 6 | -------------------------------------------------------------------------------- /docs/developers/design/indexes/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Index Files 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/developers/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Developers 3 | exclude: true 4 | order: 300 5 | --- 6 | -------------------------------------------------------------------------------- /docs/installation/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Installation 3 | exclude: true 4 | order: 1 5 | --- 6 | -------------------------------------------------------------------------------- /docs/core/admin/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Administration 3 | exclude: true 4 | order: 110 5 | --- 6 | -------------------------------------------------------------------------------- /docs/core/config/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Configuration 3 | exclude: true 4 | order: 101 5 | --- 6 | -------------------------------------------------------------------------------- /docs/core/config/mailbox_formats/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Mailbox Formats 3 | exclude: true 4 | --- 5 | -------------------------------------------------------------------------------- /docs/installation/upgrade/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Upgrading 3 | exclude: true 4 | order: 4 5 | --- 6 | -------------------------------------------------------------------------------- /docs/troubleshooting/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | order: 150 3 | title: Troubleshooting 4 | exclude: true 5 | --- 6 | -------------------------------------------------------------------------------- /docs/images/by-nc-sa-4.0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dovecot/documentation/HEAD/docs/images/by-nc-sa-4.0.png -------------------------------------------------------------------------------- /.github/actions/container/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/rtsp/docker-lighttpd:latest 2 | 3 | COPY .vitepress/dist/ /var/www/html/2.4/ 4 | -------------------------------------------------------------------------------- /docs/developers/design/images/auth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dovecot/documentation/HEAD/docs/developers/design/images/auth.png -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-service-defaults.inc: -------------------------------------------------------------------------------- 1 | ##### LMTP 2 | 3 | Default LMTP proxy destination port is now `24`. 4 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-fs-crypt.inc: -------------------------------------------------------------------------------- 1 | #### fs-crypt 2 | 3 | [[link,mail_crypt_fs_crypt]] now requires encryption keys by default. 4 | -------------------------------------------------------------------------------- /docs/core/man/include/option-p.inc: -------------------------------------------------------------------------------- 1 | **-p** *setting***=***value* 2 | : Overrides the configuration *setting* for source storage. 3 | -------------------------------------------------------------------------------- /docs/developers/design/indexes/images/lib-index.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dovecot/documentation/HEAD/docs/developers/design/indexes/images/lib-index.png -------------------------------------------------------------------------------- /docs/developers/design/indexes/images/mail-index-cache.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dovecot/documentation/HEAD/docs/developers/design/indexes/images/mail-index-cache.png -------------------------------------------------------------------------------- /docs/developers/design/indexes/images/mail-index-log.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dovecot/documentation/HEAD/docs/developers/design/indexes/images/mail-index-log.png -------------------------------------------------------------------------------- /docs/developers/design/indexes/images/mail-index-map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dovecot/documentation/HEAD/docs/developers/design/indexes/images/mail-index-map.png -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-deprecated-global-acl-file.inc: -------------------------------------------------------------------------------- 1 | | [[setting,acl_global_path]] | Using ACL file is deprecated, see [[link,upgrading_2_4_acls]]. | 2 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-lua-auth.inc: -------------------------------------------------------------------------------- 1 | Lua passdb/userdb now passes all args key/values to an initialization function. 2 | See [[link,auth_lua_initialization]]. 3 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-exports.inc: -------------------------------------------------------------------------------- 1 | 2 | #### Exports 3 | 4 | Events can now be exported to a local file or a unix socket. See 5 | [[link,event_export_drivers]]. 6 | -------------------------------------------------------------------------------- /docs/core/man/include/option-no-userdb-lookup.inc: -------------------------------------------------------------------------------- 1 | **\-\-no-userdb-lookup** 2 | : Do not perform userdb lookup. Use the `USER` environment variable to 3 | specify the username. 4 | 5 | -------------------------------------------------------------------------------- /.github/actions/spelling/reject.txt: -------------------------------------------------------------------------------- 1 | ^attache$ 2 | ^bellow$ 3 | benefitting 4 | occurences? 5 | ^dependan.* 6 | ^oer$ 7 | Sorce 8 | ^[Ss]pae.* 9 | ^untill$ 10 | ^untilling$ 11 | ^wether.* 12 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-empty-userdb-variables.inc: -------------------------------------------------------------------------------- 1 | #### Empty userdb Variables 2 | 3 | userdb fields can be set to empty value. Previously they became changed 4 | to `yes` value. 5 | 6 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-lua-http.inc: -------------------------------------------------------------------------------- 1 | Some settings were renamed. See [[link,lua_lib-http]]. The `debug` setting 2 | was removed - use [[setting,log_debug]] instead to enable debugging. 3 | -------------------------------------------------------------------------------- /docs/core/man/include/option-u-user.inc: -------------------------------------------------------------------------------- 1 | **-u** *user/mask* 2 | : Run the *command* only for the given *user*. It's also possible to 3 | use '**\***' and '**?**' wildcards (e.g. -u \*@example.org). 4 | 5 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-lua-auth-variables.inc: -------------------------------------------------------------------------------- 1 | [[link,upgrading_2_4_var_expand]] changes affect also `auth_request` fields. 2 | For example `auth_request.service` is now `auth_request.protocol`. 3 | -------------------------------------------------------------------------------- /TODO.md: -------------------------------------------------------------------------------- 1 | Event category inheritance (multi-inheritance, see TODOs in events.data.js) 2 | Event category text (commented out in events.data.js): display with categories? 3 | 4 | doveadm: Examples, Return (fields) 5 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | # Checks for dependency updates for documentation (VitePress) 4 | - package-ecosystem: "npm" 5 | directory: "/" 6 | schedule: 7 | interval: "monthly" 8 | -------------------------------------------------------------------------------- /lib/data/events.data.js: -------------------------------------------------------------------------------- 1 | import { addWatchPaths } from '../utility.js' 2 | import { loadEvents } from '../events.js' 3 | 4 | export default addWatchPaths({ 5 | async load() { 6 | return await loadEvents() 7 | } 8 | }) 9 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-deprecated-sis.inc: -------------------------------------------------------------------------------- 1 | | fs-sis | Saving new mails' attachments via fs-sis is disabled, but reading SIS attachments is still supported. Missing SIS attachments are replaced with files filled with spaces. | 2 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-lda.inc: -------------------------------------------------------------------------------- 1 | ### LDA 2 | 3 | `HOME` environment is no longer used. (It was previously used when `-d` 4 | parameter was not given.) You can now use it by explicitly giving 5 | `-o mail_home=$HOME` parameter. 6 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-other.inc: -------------------------------------------------------------------------------- 1 | 2 | ### Doveadm HTTP API 3 | 4 | #### Boolean Request Values 5 | 6 | The doveadm HTTP API now requires valid boolean values. Providing invalid 7 | boolean values will result in a 400 response. 8 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-dict.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-dict 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-dict(1) - Commands related to dictionary manipulation 8 | 9 | 10 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-fs.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-fs 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-fs(1) - Interact with the abstract mail storage filesystem 8 | 9 | 10 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-added-imapc_features-parameters.inc: -------------------------------------------------------------------------------- 1 | #### imapc_features Parameters 2 | 3 | See [[setting,imapc_features]]. 4 | 5 | | Feature | Notes | 6 | | ------- | ----- | 7 | | `no-qresync` | Parameter was added. | 8 | 9 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-sync.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-sync 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-sync(1) - Dovecot's two-way mailbox synchronization feature 8 | 9 | 10 | -------------------------------------------------------------------------------- /docs/core/man/include/reporting-bugs.inc: -------------------------------------------------------------------------------- 1 | ## REPORTING BUGS 2 | 3 | Report bugs, including *doveconf -n* output, to the Dovecot Mailing List 4 | . Information about reporting bugs is available at: 5 | https://dovecot.org/bugreport.html 6 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-unknown-invalid-variables.inc: -------------------------------------------------------------------------------- 1 | #### Unknown/Invalid Variables 2 | 3 | Unknown/invalid `%{variables}` cause Dovecot errors. This may cause, 4 | e.g., authentication failures if the old (broken) behavior was relied on. 5 | 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | *.mjs 3 | .*.swp 4 | .DS.Store 5 | .DS_Store 6 | *.html 7 | bun.lockb 8 | node_modules/ 9 | lib/data/*.mjs 10 | .vitepress/cache/ 11 | .vitepress/dist/ 12 | .vitepress/.temp/ 13 | .vitepress/local.js 14 | .vitepress/.temp 15 | /man/ 16 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-backup.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-backup 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-backup(1) - Dovecot's one-way mailbox synchronization feature 8 | 9 | 10 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-copy.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-copy 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-copy(1) - Copy messages matching the given search query into another mailbox 8 | 9 | 10 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-mail-dict.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-mail-dict 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-dict(1) - Commands related to dictionary manipulation in user context 8 | 9 | 10 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-move.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-move 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-move(1) - Move messages matching the given search query into another mailbox 8 | 9 | 10 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-mail-fs.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-mail-fs 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-mail-fs(1) - Interact with the abstract mail storage filesystem in user context 8 | 9 | 10 | -------------------------------------------------------------------------------- /docs/core/man/include/option-d.inc: -------------------------------------------------------------------------------- 1 | **-d** *dump-file* 2 | : Causes a dump of the generated code to be written to the specified 3 | file. This is identical to the dump produced by [[man,sieve-dump]]. 4 | Using '-' as filename causes the dump to be written to **stdout**. 5 | -------------------------------------------------------------------------------- /docs/core/summaries/doveadm.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: All Doveadm 4 | dovecotlinks: 5 | summary_doveadm: 6 | hash: all-dovecot-doveadm-commands 7 | text: All Dovecot Doveadm Commands 8 | --- 9 | 10 | # All Dovecot Doveadm Commands 11 | 12 | 13 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-added-auth-policy-parameters.inc: -------------------------------------------------------------------------------- 1 | #### Auth Policy Parameters 2 | 3 | See [[link,auth_policy]]. 4 | 5 | | Parameter | Notes | 6 | | --------- | ----- | 7 | | `%{fail_type}` variable to [[setting,auth_policy_request_attributes]] | Variable was added. | 8 | -------------------------------------------------------------------------------- /docs/core/config/auth/include/anvil-problems.inc: -------------------------------------------------------------------------------- 1 | - It is still possible to do multiple auth lookups from the same IP in 2 | parallel. 3 | 4 | - For IPv6 it currently blocks the entire /48 block, which may or may 5 | not be what is wanted. 6 | 7 | - `PENALTY_IPV6_MASK_BITS` in `auth-penalty.c` 8 | -------------------------------------------------------------------------------- /docs/core/man/include/option-o.inc: -------------------------------------------------------------------------------- 1 | **-o** *setting***=***value* 2 | : Overrides the configuration *setting* from 3 | */etc/dovecot/dovecot.conf* and from the userdb with the given 4 | *value*. In order to override multiple settings, the **-o** option 5 | may be specified multiple times. 6 | -------------------------------------------------------------------------------- /docs/core/man/include/option-F-file.inc: -------------------------------------------------------------------------------- 1 | **-F** *file* 2 | : Execute the *command* for all the users in the *file*. This is 3 | similar to the **-A** option, but instead of getting the list of 4 | users from the userdb, they are read from the given *file*. The 5 | *file* contains one username per line. 6 | 7 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-section-naming.inc: -------------------------------------------------------------------------------- 1 | #### passdb/userdb Section Naming 2 | 3 | [[link,passdb]] and [[link,userdb]] sections now require a name, i.e.: 4 | 5 | ``` 6 | # This gives an error: 7 | passdb { 8 | ... 9 | } 10 | 11 | # Use this instead: 12 | passdb some_name { 13 | } 14 | ``` 15 | -------------------------------------------------------------------------------- /docs/core/plugins/mail_lua.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: mail-lua 4 | --- 5 | 6 | # Mail Lua Plugin (`mail-lua`) 7 | 8 | mail-lua is a plugin that can be loaded to provide API for mail storage 9 | Lua plugins. 10 | 11 | See [[link,lua]]. 12 | 13 | ## Settings 14 | 15 | 16 | -------------------------------------------------------------------------------- /docs/developers/overview.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Overview 4 | order: 301 5 | --- 6 | 7 | # Dovecot Developer Resources 8 | 9 | These pages are targeted for developers working on Dovecot. They are meant to 10 | help understand Dovecot internals as well as get the reader in touch with 11 | internal APIs. 12 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-fts-header-settings.inc: -------------------------------------------------------------------------------- 1 | #### Changed types for FTS header settings 2 | 3 | | Setting Name | Update | 4 | | --- | --- | 5 | | [[setting,fts_header_excludes]] | Changed to [[link,settings_types_boollist]]. | 6 | | [[setting,fts_header_includes]] | Changed to [[link,settings_types_boollist]]. | 7 | 8 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-added-settings.inc: -------------------------------------------------------------------------------- 1 | * [[setting,auth_internal_failure_delay]] 2 | * [[setting,fts_message_max_size]] 3 | * [[setting,login_socket_path]] 4 | * [[setting,quota_mailbox_count]] 5 | * [[setting,quota_mailbox_message_count]] 6 | * [[setting,submission_add_received_header]] 7 | * [[setting,cassandra_log_retries]] 8 | -------------------------------------------------------------------------------- /docs/troubleshooting/include/debug_sessionid.inc: -------------------------------------------------------------------------------- 1 | Each IMAP, POP3, and LMTP connection has its own unique session ID. 2 | 3 | This ID is logged in all the lines and passed between Dovecot services, which 4 | allows tracking it all the way through proxies to backends and their various 5 | processes. 6 | 7 | The session IDs look like ``. 8 | -------------------------------------------------------------------------------- /docs/core/man/include/option-S-socket.inc: -------------------------------------------------------------------------------- 1 | **-S** *socket_path* 2 | : The option's argument is either an absolute path to a local UNIX 3 | domain socket, or a hostname and port (*hostname*:*port*), in order 4 | to connect a remote host via a TCP socket. 5 | 6 | This allows an administrator to execute [[man,doveadm]] 7 | mail commands through the given socket. 8 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-changed-settings.inc: -------------------------------------------------------------------------------- 1 | #### Settings 2 | 3 | | Setting | Notes | 4 | | ------- | ------- | 5 | | [[setting,ssl]] | Connections from [[setting,login_trusted_networks]] are now also required to be SSL/TLS encrypted with the setting `ssl=required`. | 6 | | [[setting,ssl_min_protocol]] | The `SSLv3` option was removed, as it is no longer secure. | 7 | -------------------------------------------------------------------------------- /docs/core/plugins/imap_acl.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: imap-acl 4 | --- 5 | 6 | # IMAP ACL Plugin (`imap-acl`) 7 | 8 | This plugin implements the IMAP ACL ([[rfc,4314]]) extension. 9 | 10 | ## Settings 11 | 12 | 13 | 14 | ## Configuration 15 | 16 | Configuration and further details can be found on the [[plugin,acl]] page. 17 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-added-cryptographic-features.inc: -------------------------------------------------------------------------------- 1 | #### Cryptographic Features 2 | 3 | | Feature | Notes | 4 | | ------- | ----- | 5 | | ARGON2 password scheme | Support for the ARGON2 password scheme was added. | 6 | | SCRAM-SHA-1, SCRAM-SHA-256 | Support SASL mechanisms for outgoing connections. | 7 | | X25519, X448 | [[plugin,mail-crypt]] and [[link,mail_crypt_fs_crypt]] now support these curves. | 8 | -------------------------------------------------------------------------------- /docs/core/config/include/imap_hibernation_overview.inc: -------------------------------------------------------------------------------- 1 | Dovecot supports moving connections that have issued IDLE to a special holding 2 | process, called `imap-hibernate`. This process is responsible for holding the 3 | idling connections until they issue some command that requires them to be 4 | thawed back into a (new) imap process. This way, memory and CPU resources 5 | are saved, since there is only one hibernation process. 6 | -------------------------------------------------------------------------------- /docs/core/summaries/events.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: All Events 4 | dovecotlinks: 5 | summary_events: 6 | hash: all-dovecot-events 7 | text: All Dovecot Events 8 | --- 9 | 10 | # All Dovecot Events 11 | 12 | ## Events 13 | 14 | 15 | 16 | ## Event Categories 17 | 18 | 19 | 20 | ## Event Reasons 21 | 22 | 23 | -------------------------------------------------------------------------------- /docs/core/config/sql/sqlite.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: SQLite 4 | dovecotlinks: 5 | sql_sqlite: SQLite Configuration 6 | --- 7 | 8 | # SQL Driver: SQLite 9 | 10 | Driver name is `sqlite`. 11 | 12 | To compile support for this driver. you need sqlite library and headers. 13 | 14 | ## Example Configuration 15 | 16 | See [[link,auth_sqlite]]. 17 | 18 | ## Settings 19 | 20 | 21 | -------------------------------------------------------------------------------- /docs/core/plugins/notify.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: notify 4 | --- 5 | 6 | # Notify Plugin (`notify`) 7 | 8 | The notify plugin can be used to easily develop other plugins that need to 9 | do some work when something in user’s mailboxes change. 10 | 11 | See [[plugin,mail-log]] plugin as an example how to develop a plugin based on 12 | the notify plugin. 13 | 14 | ## Settings 15 | 16 | There are no `dovecot.conf` settings for this plugin. 17 | -------------------------------------------------------------------------------- /docs/howto/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: How-Tos 4 | order: 200 5 | dovecotlinks: 6 | howto: How To's 7 | --- 8 | 9 | # How To's 10 | 11 | This directory contains a collection of documents that involve how to 12 | configure and extend Dovecot for various use cases. 13 | 14 | This information is provided as a benefit to the community, but this 15 | information may be outdated or incorrect as it is not core Dovecot 16 | documentation. 17 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-event-filters.inc: -------------------------------------------------------------------------------- 1 | #### Event Filters 2 | 3 | Size units are allowed when specifying event filter values. For example, 4 | `100kb` is accepted as equivalent to `102400`. 5 | 6 | Interval units are allowed when specifying event filter values. For 7 | example, `1min` is accepted as equivalent to `60000000`. 8 | 9 | Event filters support escaping wildcard `*` and `?` characters by prefixing 10 | them with `\`. 11 | -------------------------------------------------------------------------------- /docs/core/config/auth/include/anvil-overview.inc: -------------------------------------------------------------------------------- 1 | Dovecot anvil process tracks authentication penalties for different IPs 2 | to slow down brute force login attempts. The penalty is increased after failed 3 | logins until a maximum value, unless [[link,passdb_extra_field_nodelay]] is 4 | used. The penalty is applied for the IP before passdb lookups are done, so 5 | the delay might exist even with `nodelay` if it is not used for all 6 | authentication attempts for the IP. 7 | -------------------------------------------------------------------------------- /docs/core/plugins/imap_quota.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: imap-quota 4 | --- 5 | 6 | # IMAP Quota Plugin (`imap-quota`) 7 | 8 | This plugin implements the IMAP command for requesting current quota 9 | information. 10 | 11 | It requires that the [[plugin,quota]] be activated and configured in Dovecot. 12 | 13 | It implements the IMAP commands defined in [[rfc,2087]] 14 | 15 | ## Settings 16 | 17 | There are no `dovecot.conf` settings for this plugin. 18 | -------------------------------------------------------------------------------- /docs/core/config/sql/postgresql.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: PostgreSQL 4 | dovecotlinks: 5 | sql_postgresql: PostgreSQL Configuration 6 | --- 7 | 8 | # SQL Driver: PostgreSQL 9 | 10 | Driver name is `postgresql`. 11 | 12 | To compile support for this driver, you need PostgreSQL client library and 13 | headers. 14 | 15 | ## Example Configuration 16 | 17 | See [[link,auth_postgresql]]. 18 | 19 | ## Settings 20 | 21 | 22 | -------------------------------------------------------------------------------- /docs/core/config/sieve/extensions/variables.md: -------------------------------------------------------------------------------- 1 | --- 2 | doc: layout 3 | title: Variables 4 | dovecotlinks: 5 | sieve_variables: Sieve variables extension 6 | --- 7 | 8 | # Sieve: Variables Extension 9 | 10 | The Sieve variables extension ([[rfc,5229]]) adds the concept of 11 | variables to the Sieve language. 12 | 13 | ## Configuration 14 | 15 | The variables extension is available by default. 16 | 17 | ### Settings 18 | 19 | 20 | -------------------------------------------------------------------------------- /docs/license.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: License 4 | order: 401 5 | --- 6 | 7 | # License 8 | 9 | ![Creative Commons License](images/by-nc-sa-4.0.png) 10 | 11 | This documentation is licensed under a 12 | [Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-nc-sa/4.0/). 13 | 14 | Dovecot CE code is distributed under a variety of licenses. See 15 | [COPYING](https://github.com/dovecot/core/blob/main/COPYING). 16 | -------------------------------------------------------------------------------- /docs/core/config/delivery/mda.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: MDA 4 | dovecotlinks: 5 | mda: MDA 6 | --- 7 | 8 | # MDA 9 | 10 | An MDA is a Mail Delivery Agent. 11 | 12 | An MDA is being passed messages from a [[link,mta]] and delivers it to a real 13 | or virtual mailbox. 14 | 15 | Dovecot MDAs: 16 | 17 | * [[link,lda]] 18 | * [[link,lmtp]] 19 | 20 | ## Other Choices 21 | 22 | - [maildrop](https://www.courier-mta.org/maildrop/) 23 | - [procmail](https://github.com/BuGlessRB/procmail) 24 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: pull_request 4 | 5 | jobs: 6 | build: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - name: Checkout 10 | uses: actions/checkout@v4 11 | - name: Setup Node 12 | uses: actions/setup-node@v4 13 | with: 14 | node-version: 20 15 | cache: npm 16 | - name: Install Dependencies 17 | run: npm ci 18 | - name: Build with VitePress 19 | run: | 20 | npm run docs:build 21 | -------------------------------------------------------------------------------- /docs/core/summaries/settings.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: All Settings 4 | dovecotlinks: 5 | summary_settings: 6 | hash: all-dovecot-settings 7 | text: All Dovecot Settings 8 | --- 9 | 10 | # All Dovecot Settings 11 | 12 | ## Settings 13 | 14 | 15 | 16 | ## Advanced Settings 17 | 18 | ::: danger 19 | These settings should not normally be changed. 20 | ::: 21 | 22 | 23 | -------------------------------------------------------------------------------- /data/links_overrides.js: -------------------------------------------------------------------------------- 1 | /* This file contains overrides for dovecotlinks. */ 2 | 3 | export const links_overrides = { 4 | 5 | /* External Links */ 6 | 7 | dovecot_pro: { 8 | url: 'https://www.dovecotpro.com/', 9 | text: 'Dovecot Pro' 10 | }, 11 | 12 | /* Inter-documentation links that live outside of '/core'. */ 13 | 14 | // coding_style: {}, 15 | // developer_debug: {}, 16 | // howto: {}, 17 | // howto_virtual_smtp_auth: {}, 18 | // lua_director: {}, 19 | // sieve_installation: {}, 20 | // startup_scripts: {}, 21 | 22 | } 23 | -------------------------------------------------------------------------------- /docs/core/config/auth/databases/bsd.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: BSD 4 | dovecotlinks: 5 | auth_bsd: BSD authentication database 6 | --- 7 | 8 | # BSDAuth (`bsdauth`) 9 | 10 | ::: warning 11 | BSDAuth is deprecated. 12 | 13 | It will be maintained on a best-effort basis for Dovecot CE, based on 14 | community patches. 15 | 16 | Users are strongly advised to use [[link,auth_pam]] instead. 17 | ::: 18 | 19 | This is similar to [[link,auth_pam]], but used by OpenBSD. 20 | 21 | It supports `cache_key` parameter the same way as PAM. 22 | 23 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-exim.inc: -------------------------------------------------------------------------------- 1 | 2 | ### Exim Authentication 3 | 4 | Dovecot authentication protocol changed slightly, which is now causing Exim's 5 | Dovecot authentication to hang. Use the `auth-legacy` listener type to work 6 | around it until Exim supports the updated protocol: 7 | 8 | ::: code-group 9 | ```[dovecot.conf] 10 | service auth { 11 | unix_listener auth-exim { 12 | type = auth-legacy 13 | } 14 | } 15 | ``` 16 | 17 | ```[exim.conf] 18 | dovecot_plain: 19 | server_socket = /var/run/dovecot/auth-exim 20 | ... 21 | ::: 22 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-proxy.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-proxy 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-proxy(1) - Handle Dovecot proxy connections (obsolete) 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] [**-f** *formatter*] **proxy** *kick*|*list* 12 | [*OPTIONS*] 13 | [*ARGUMENTS*] 14 | 15 | ## DESCRIPTION 16 | 17 | These commands are aliases to the [[man,doveadm-kick]] and 18 | [[man,doveadm-who]] commands. 19 | 20 | 21 | 22 | ## SEE ALSO 23 | 24 | [[man,doveadm]] 25 | -------------------------------------------------------------------------------- /lib/data/event_reasons.data.js: -------------------------------------------------------------------------------- 1 | import { getVitepressMd } from '../markdown.js' 2 | import { addWatchPaths, loadData } from '../utility.js' 3 | 4 | async function normalizeEventReasons(reasons) { 5 | const md = await getVitepressMd() 6 | 7 | for (const [k, v] of Object.entries(reasons)) { 8 | v.description = md.renderInline(v.description) 9 | } 10 | 11 | return reasons 12 | } 13 | 14 | export default addWatchPaths({ 15 | async load() { 16 | return await normalizeEventReasons( 17 | structuredClone(loadData('event_reasons').reasons) 18 | ) 19 | } 20 | }) 21 | -------------------------------------------------------------------------------- /.vitepress/theme/index.js: -------------------------------------------------------------------------------- 1 | import DefaultTheme from 'vitepress/theme' 2 | import DovecotLayout from './DovecotLayout.vue' 3 | import './custom.css' 4 | 5 | const modules = import.meta.glob( 6 | '../../components/*.vue', 7 | { 8 | eager: true 9 | } 10 | ) 11 | 12 | export default { 13 | extends: DefaultTheme, 14 | /* This code loads all .vue components and globally registers them. */ 15 | enhanceApp({ app }) { 16 | for (const path in modules) { 17 | const c = modules[path].default 18 | app.component(c.__name, c) 19 | } 20 | }, 21 | Layout: DovecotLayout 22 | } 23 | -------------------------------------------------------------------------------- /docs/core/plugins/sieve_imapsieve.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: sieve-imapsieve 4 | --- 5 | 6 | # Sieve IMAPSieve Plugin (`sieve-imapsieve`) 7 | 8 | IMAPSieve ([[rfc,6785]]) defines the use of Sieve 9 | filtering in IMAP, operating when messages are created or their 10 | attributes are changed. 11 | 12 | The `sieve_imapsieve` plugin implements the `imapsieve` extension 13 | for the Sieve filtering language, adding functionality for using Sieve 14 | scripts from within IMAP. 15 | 16 | ::: tip 17 | Full details about this plugin can be found at [[plugin,imap-sieve]]. 18 | ::: 19 | -------------------------------------------------------------------------------- /.github/actions/spelling/allow.txt: -------------------------------------------------------------------------------- 1 | aarch 2 | bitmask 3 | bitmasks 4 | configurations 5 | DOkv 6 | ede 7 | fcf 8 | fuzzer 9 | github 10 | hardenings 11 | https 12 | iostream 13 | iostreams 14 | istream 15 | istreams 16 | jvm 17 | JVM 18 | JVMs 19 | lfill 20 | libcap 21 | libpcre 22 | libstemmer 23 | libtextcat 24 | lto 25 | mharden 26 | mmaped 27 | ond 28 | onlinedocs 29 | ostream 30 | ostreams 31 | plugin 32 | plugins 33 | postgre 34 | Postgre 35 | postgres 36 | retpoline 37 | retuns 38 | rfill 39 | sls 40 | sni 41 | spnego 42 | ssh 43 | ubsan 44 | ubuntu 45 | Uppercases 46 | workarounds 47 | -------------------------------------------------------------------------------- /docs/core/admin/lua/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Lua Support 4 | dovecotlinks: 5 | lua: Lua 6 | --- 7 | 8 | # Dovecot Lua Support 9 | 10 | Dovecot supports Lua scripting in several configuration areas. 11 | 12 | See: 13 | 14 | * [[link,auth_lua]] 15 | * [[plugin,push-notification]] 16 | 17 | ::: tip Info 18 | Dovecot supports [Lua 5.3](https://www.lua.org/manual/5.3/) and 19 | [Lua 5.4](https://www.lua.org/manual/5.4/). 20 | ::: 21 | 22 | ## Modules 23 | 24 | Dovecot contains two modules that support Lua scripting: 25 | 26 | * [[link,lua_lib-lua]] 27 | * [[link,lua_mail-lua]] 28 | -------------------------------------------------------------------------------- /lib/data/event_categories.data.js: -------------------------------------------------------------------------------- 1 | import { getVitepressMd } from '../markdown.js' 2 | import { addWatchPaths, loadData } from '../utility.js' 3 | 4 | async function normalizeEventCategories(categories) { 5 | const md = await getVitepressMd() 6 | 7 | for (const [k, v] of Object.entries(categories)) { 8 | v.description = md.renderInline(v.description) 9 | } 10 | 11 | return categories 12 | } 13 | 14 | export default addWatchPaths({ 15 | async load() { 16 | return await normalizeEventCategories( 17 | structuredClone(loadData('event_categories').categories) 18 | ) 19 | } 20 | }) 21 | -------------------------------------------------------------------------------- /components/FTSConfigComponent.vue: -------------------------------------------------------------------------------- 1 | 9 | 10 | 15 | 16 | 26 | -------------------------------------------------------------------------------- /docs/installation/upgrade/2.3-to-2.3.x.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: 2.3 to 2.3.x 4 | dovecotlinks: 5 | upgrading-2.3-to-2.3: Upgrading Dovecot CE from 2.3 to 2.3.x 6 | --- 7 | 8 | # Upgrading Dovecot CE from 2.3 to 2.3.x 9 | 10 | ## Dovecot CE 11 | 12 | ### v2.3.x to v2.3.14 13 | 14 | * Removed cydir storage format. It was never intended for production use. 15 | * Removed snarf plugin. It was for UW-IMAP's mbox compatibility, which is 16 | unlikely to be needed anymore. 17 | * Removed mail_filter plugin. It was mainly intended as an example plugin. 18 | 19 | 20 | -------------------------------------------------------------------------------- /docs/core/config/auth/penalty.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Penalty 4 | dovecotlinks: 5 | auth_penalty: Authentication Penalty 6 | --- 7 | 8 | # Authentication Penalty 9 | 10 | 11 | 12 | ## Algorithm 13 | 14 | 15 | 16 | ## Problems 17 | 18 | 19 | 20 | ## Disabling 21 | 22 | Authentication penalty tracking can be disabled completely with: 23 | 24 | ```[dovecot.conf] 25 | service anvil { 26 | unix_listener anvil-auth-penalty { 27 | mode = 0 28 | } 29 | } 30 | ``` 31 | -------------------------------------------------------------------------------- /docs/core/config/recommended_metrics_include/header.inc: -------------------------------------------------------------------------------- 1 | This page lists recommended metrics that allow inspecting dovecot's behavior in 2 | the most general situations. More specialized situations might require further 3 | refinements or additional statistics. For an overview of how to gather 4 | statistics see [[link,stats]]. A list of all available events and their fields 5 | can be found [[link,summary_events,here]]. 6 | 7 | The following examples use the custom `log-export` exporter. 8 | 9 | ```[dovecot.conf] 10 | event_exporter log-export { 11 | format = json 12 | format_args = time-rfc3339 13 | transport = log 14 | } 15 | ``` 16 | -------------------------------------------------------------------------------- /docs/core/config/recommended_metrics.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Recommended Metrics 4 | dovecotlinks: 5 | recommended_metrics: Recommended Metrics 6 | recommended_metrics_dovecot_proxy: 7 | hash: dovecot-proxy 8 | text: Dovecot Proxy 9 | recommended_metrics_dovecot_backend: 10 | hash: dovecot-backend 11 | text: Dovecot Backend 12 | --- 13 | 14 | # Recommended Metrics 15 | 16 | 17 | 18 | ## Dovecot Proxy 19 | 20 | 21 | 22 | ## Dovecot Backend 23 | 24 | 25 | -------------------------------------------------------------------------------- /docs/core/config/include/login_process_socket_paths.inc: -------------------------------------------------------------------------------- 1 | ## Configuring Socket Paths for Login Processes 2 | 3 | The authentication UNIX socket is "login" by default. 4 | 5 | [[setting,login_socket_path]] allows to configure this path for all login 6 | processes. For individual processes this can be overridden by supplying 7 | a parameter to the appropriate service's executable. 8 | 9 | This example sets up the global socket "general-login-socket" but 10 | overrides this for the imap-login process individually (in `dovecot.conf`): 11 | 12 | ```[dovecot.conf] 13 | login_socket_path = general-login-socket 14 | 15 | service imap-login { 16 | executable = imap-login specific-login-socket 17 | } 18 | ``` 19 | -------------------------------------------------------------------------------- /docs/core/config/overview.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Overview 4 | order: 1 5 | --- 6 | 7 | # Configuration Overview 8 | 9 | * [[link,settings_syntax]] 10 | * [[link,summary_settings]] 11 | * [[link,quick_config]] 12 | 13 | # Dovecot Backend 14 | 15 | Dovecot can be configured for use in "backend" mode on a single server. 16 | In this mode, Dovecot is responsible for reading and writing mails to 17 | storage and handling all of the email protocols. 18 | 19 | # Dovecot Proxy 20 | 21 | Dovecot can be configured for use in "proxy" mode on a single server. 22 | In this mode, Dovecot is responsible for proxying incoming email protocols 23 | to remote hosts. 24 | 25 | See [[link,authentication_proxies]]. 26 | -------------------------------------------------------------------------------- /docs/core/man/include/global-options-formatter.inc: -------------------------------------------------------------------------------- 1 | 2 | 3 | **-f** *formatter* 4 | : Specifies the *formatter* for formatting the output. Supported 5 | formatters are: 6 | 7 | **flow** 8 | : prints each line with *key***=***value* pairs. 9 | 10 | **json** 11 | : prints a JSON array of JSON objects. 12 | 13 | **pager** 14 | : prints each *key*: *value* pair on its own line and separates 15 | records with form feed character (**^L**). 16 | 17 | **tab** 18 | : prints a table header followed by tab separated value lines. 19 | 20 | **table** 21 | : prints a table header followed by adjusted value lines. 22 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-service-stop.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-service-stop 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-service-stop(1) - Stop Dovecot Services 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **service stop** *service* [*service* [...]] 12 | 13 | ## DESCRIPTION 14 | 15 | **doveadm service stop** stops the listed Dovecot service processes. 16 | 17 | 18 | 19 | ## ARGUMENTS 20 | 21 | *service* 22 | : The list of services to stop. 23 | 24 | ## EXAMPLES 25 | 26 | ```console 27 | $ doveadm service stop stats 28 | ``` 29 | 30 | 31 | 32 | ## SEE ALSO 33 | 34 | [[man,doveadm]] 35 | -------------------------------------------------------------------------------- /.github/workflows/2_3.yml: -------------------------------------------------------------------------------- 1 | name: Deploy 2.3 2 | 3 | on: 4 | push: 5 | branches: 6 | - release-2.3 7 | tags: 8 | - '2.3.*' 9 | 10 | jobs: 11 | release_2_3: 12 | runs-on: ubuntu-latest 13 | if: github.ref == 'refs/heads/release-2.3' 14 | steps: 15 | - uses: actions/checkout@v4 16 | - uses: dovecot/dovecot-sphinx-action@0.11 17 | - uses: dovecot/rsync-deployments@v2.0.2 18 | with: 19 | FLAGS: -azr --delete 20 | HOST: doc.dovecot.org 21 | USER: docs 22 | LOCALPATH: /build/. 23 | REMOTEPATH: public_html/2.3 24 | DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} 25 | if: env.DEPLOY_KEY 26 | env: 27 | DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} 28 | -------------------------------------------------------------------------------- /docs/core/plugins/charset_alias.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: charset-alias 4 | --- 5 | 6 | # Charset Alias Plugin (`charset-alias`) 7 | 8 | This plugin allows treating the specified source charset as a different 9 | charset when decoding to UTF-8. 10 | 11 | Example: when decoding from shift_jis to UTF-8, using cp932 (or sjis-win) 12 | instead of shift_jis may be preferable to handle Microsoft extended chars 13 | properly. 14 | 15 | ## Settings 16 | 17 | 18 | 19 | ## Sample Configuration 20 | 21 | ```[dovecot.conf] 22 | mail_plugins { 23 | charset_alias = yes 24 | } 25 | 26 | charset_aliases { 27 | shift_jis = sjis-win 28 | euc-jp = eucjp-win 29 | iso-2022-jp = iso-2022-jp-3 30 | } 31 | ``` 32 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-help.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-help 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-help(1) - Show information about doveadm commands 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **help** [*command*] 12 | 13 | ## DESCRIPTION 14 | 15 | With no *command* argument given, **doveadm help** will print: 16 | 17 | * the synopsis for the most of the [[man,doveadm]] commands, 18 | * groups of commands, e.g. **log** or **mailbox**. 19 | 20 | When the name of a *command* (or a group) was given, it will show the 21 | man page for that command. 22 | 23 | 24 | 25 | 26 | 27 | ## SEE ALSO 28 | 29 | [[man,doveadm]] 30 | -------------------------------------------------------------------------------- /docs/core/man/include/option-A.inc: -------------------------------------------------------------------------------- 1 | **-A** 2 | : If the **-A** option is present, the *command* will be performed for 3 | all users. Using this option in combination with system users from 4 | **userdb { driver = passwd }** is not recommended, because it 5 | contains also users with a lower UID than the one configured with the 6 | `first_valid_uid` setting. 7 | 8 | When the SQL userdb module is used, make sure that the 9 | [[setting,userdb_sql_iterate_query]] setting matches your database layout. 10 | 11 | When using the LDAP userdb module, make sure that the [[setting,userdb_fields]] 12 | and [[setting,userdb_ldap_iterate_fields]] settings match your LDAP schema. 13 | Otherwise [[man,doveadm]] will be unable to iterate over all users. 14 | -------------------------------------------------------------------------------- /docs/core/config/sql/mysql.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: MySQL 4 | dovecotlinks: 5 | sql_mysql: MySQL Configuration 6 | --- 7 | 8 | # SQL Driver: MySQL 9 | 10 | Driver name `mysql`. 11 | 12 | Driver for MySQL / MariaDB server. 13 | 14 | To compile support for this driver, you need to have MySQL client library and 15 | headers installed. 16 | 17 | For MariaDB, you need to have compatibility headers installed. 18 | 19 | ## Example Configuration 20 | 21 | See [[link,auth_mysql]]. 22 | 23 | ## Settings 24 | 25 | 26 | 27 | ## SSL/TLS Settings 28 | 29 | Not all of Dovecot SSL settings are supported by the MySQL library. Below 30 | is the list of supported settings: 31 | 32 | 33 | -------------------------------------------------------------------------------- /docs/core/config/proxy/include/proxy-auth-methods.inc: -------------------------------------------------------------------------------- 1 | 1. Forward the user-given password (or OAUTH token) to the remote server. This 2 | is done by returning `pass=%{password}` and `proxy_mech=%{mechanism}` extra 3 | fields. 4 | 5 | * This doesn't work if any non-cleartext, non-token-based 6 | [[link,authentication_mechanisms, authentication mechanisms]] are used, 7 | because they prevent such password forwarding by design. 8 | * `proxy_mech` is needed only if both OAUTH and cleartext mechanisms 9 | are enabled. 10 | 11 | 1. Login to the remote server using a [[link,auth_master_passwords,master 12 | password]]. This is done by returning `pass=master_secret` extra field. This 13 | allows client to use also non-cleartext authentication. 14 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-directory-hashing.inc: -------------------------------------------------------------------------------- 1 | 2 | #### Directory Hashing 3 | 4 | If you have been using `/home/%2.256N/%u` or similar constructs: 5 | 6 | * How to replace `%N` in new format: 7 | 8 | * `%2.256Nu` becomes `%{user | md5 | substr(0, 8) % 256 | hex(2)}` to return maximum 256 different hashes in range `00..ff`. 9 | 10 | * `%256Nu` becomes `%{user | md5 | substr(0, 8) % 256 | hex}` to return maximum 256 different hashes in range `0..ff` (without 0-padding in the front). 11 | 12 | * How to replace `%M` in new format: 13 | 14 | * `%1Mu/%2.1Mu/%u` becomes `%{user | md5 | hexlify(1)}/%{user | md5 | hexlify | substr(2,1)}/%{user}` to returns directories from `0/0/user` to 15 | `f/f/user`. 16 | 17 | * There is no way to use `%H` anymore. 18 | -------------------------------------------------------------------------------- /assets/plantuml/submission_flow.puml: -------------------------------------------------------------------------------- 1 | @startuml 2 | top to bottom direction 3 | 4 | actor MUA [ 5 | MUA (Mail Client) 6 | ] 7 | 8 | package "DOVECOT" { 9 | usecase "submission-login\n(Handles TLS & Auth)" as SubLogin 10 | component "Dovecot Auth" as Auth 11 | usecase "submission\n(Validates SMTP; proxies mail)" as Submission 12 | database "Mail Storage" as Storage 13 | } 14 | 15 | node "Backend MTA\n(e.g., Postfix/Exim)" as MTA 16 | 17 | cloud "Remote Delivery" as Net 18 | 19 | ' Define the connections based on the flow 20 | MUA -down-> SubLogin : " Connect (SMTP: Port 465/587)" 21 | SubLogin -down-> Auth 22 | Auth -down-> Submission 23 | Submission ..> Storage : "(Optional) Handles BURL" 24 | Submission -down-> MTA : "Relays message (SMTP)" 25 | MTA -down-> Net 26 | 27 | @enduml 28 | -------------------------------------------------------------------------------- /docs/installation/upgrade/2.2-to-2.3.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: 2.2 to 2.3 4 | dovecotlinks: 5 | upgrading-2.2-to-2.3: Upgrading Dovecot CE from 2.2 to 2.3 6 | --- 7 | 8 | # Upgrading Dovecot CE from 2.2 to 2.3 9 | 10 | ::: warning 11 | Downgrading is possible to v2.2.27 and later. (v2.2.27 accidentally broke 12 | `dovecot.index*` backwards compatibility a bit.) 13 | ::: 14 | 15 | ## Dovecot CE 16 | 17 | ### Settings Changes 18 | 19 | * `mdbox_purge_preserve_alt` setting removed. It's always assumed to be 20 | "yes" now. 21 | 22 | ### Changed Setting Defaults 23 | 24 | | Setting | Old Default Value | New Default Value | 25 | | ------- | ----------------- | ----------------- | 26 | | [[setting,mdbox_rotate_size]] | 2M | 10M | 27 | 28 | 29 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-removed-settings.inc: -------------------------------------------------------------------------------- 1 | #### Settings 2 | 3 | | Setting | Notes | 4 | | ------- | ----- | 5 | | `auth_stats` | | 6 | | `dict_db_config` | Berkeley DB is not supported anymore. | 7 | | `imap_id_log` | Replaced by the [[event,imap_id_received]] event. | 8 | | `login_access_sockets` | Use [[link,auth_lua]] instead. Dovecot will fail to start if this setting is present in configuration. | 9 | | `quota_set` | | 10 | | `sieve_dir` | See [[link,sieve_storage]]. | 11 | | `sieve_global_dir` | See [[link,sieve_storage]]. | 12 | | `sieve_global_path` | See [[link,sieve_storage]]. | 13 | | `sieve_editheader_protected` | Replaced by [[setting,sieve_editheader_header_forbid_add]] and [[setting,sieve_editheader_header_forbid_delete]]. | 14 | | `sieve_vacation_max_subject_codepoints` | | 15 | -------------------------------------------------------------------------------- /docs/core/plugins/welcome.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: welcome 4 | dovecotlinks: 5 | welcome: welcome 6 | --- 7 | 8 | # Welcome Plugin (`welcome`) 9 | 10 | Call a script when the user logs in for the first time. This is specifically 11 | done when the INBOX is (auto)created. The scripts are called similarly to 12 | [[link,quota_warning_scripts]]. 13 | 14 | ## Settings 15 | 16 | 17 | 18 | ## Example Configuration 19 | 20 | ```[dovecot.conf] 21 | mail_plugins { 22 | welcome = yes 23 | } 24 | welcome { 25 | execute welcome { 26 | args = %{user} 27 | } 28 | wait = yes 29 | } 30 | 31 | service welcome { 32 | executable = script /usr/local/bin/welcome.sh 33 | user = dovecot 34 | unix_listener welcome { 35 | user = vmail 36 | } 37 | } 38 | ``` 39 | -------------------------------------------------------------------------------- /components/EventReasonsComponent.vue: -------------------------------------------------------------------------------- 1 | 15 | 16 | 32 | -------------------------------------------------------------------------------- /docs/howto/ssl/sni_support.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: TLS SNI Client Support 4 | --- 5 | 6 | # TLS SNI Client Support 7 | 8 | ## Works 9 | 10 | - Thunderbird (Linux) 11 | 12 | - K-9 on Android ([merged Sept 2015](https://github.com/k9mail/k-9/pull/718)) 13 | 14 | - [Apple Mail](https://forums.cpanel.net/threads/mail-ssl-sni.454592/) 15 | 16 | - [Mutt](https://gitlab.com/muttmua/mutt/-/blob/master/README.SSL) 17 | 18 | - NeoMutt ([since 2016-03-07](https://www.neomutt.org/feature/tls-sni)) 19 | 20 | ## Doesn't Work 21 | 22 | - K-9 on Droid X2 (maybe fixed in newer versions - see above) 23 | 24 | - Apple Mail (Mac OS X 10.10 and lower AND iOS 9.3 and lower) 25 | 26 | - [Outlook for Mac version 15](https://forums.cpanel.net/threads/mail-ssl-sni.454592/) 27 | 28 | - Kindle Fire HD 8 29 | 30 | - Outlook 2013 31 | -------------------------------------------------------------------------------- /docs/core/config/security.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Security 4 | --- 5 | 6 | # Security 7 | 8 | Dovecot has been designed with security in mind. It uses multiple processes 9 | and privilege separation to isolate different parts from each others in case 10 | a security hole is found from one part. 11 | 12 | Additional things you can configure: 13 | 14 | - Allocate each user their own UID and GID (see [[link,system_users]]) 15 | 16 | - Use a separate `dovecot-auth` user for authentication process (see 17 | [[link,system_users]]) 18 | 19 | - You can chroot authentication and mail processes (see [[link,chrooting]]) 20 | 21 | - There are some security related SSL settings (see [[link,ssl_configuration]]) 22 | 23 | - Set `first/last_valid_uid/gid` settings to contain only the range 24 | actually used by mail processes 25 | -------------------------------------------------------------------------------- /docs/core/config/mailbox_formats/pop3c.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: pop3c 4 | dovecotlinks: 5 | pop3c: pop3c 6 | --- 7 | 8 | # Pop3c Mailbox Format 9 | 10 | The pop3c storage accesses a remote POP3 server as if it were a regular 11 | (local) Dovecot mailbox format. 12 | 13 | The remote POP3 mailbox is visible as the INBOX folder on the Dovecot side. 14 | 15 | ## Settings 16 | 17 | 18 | 19 | ## Configuration Example 20 | 21 | Connect using STARTTLS to pop3.example.com: 22 | ```[dovecot.conf] 23 | # In-memory index files: 24 | mail_driver = pop3c 25 | mail_path = 26 | 27 | # OR, Store index files locally: 28 | #mail_path = ~/pop3c 29 | 30 | pop3c_host = pop3.example.com 31 | pop3c_password = secret 32 | pop3c_port = 110 33 | pop3c_ssl = starttls 34 | pop3c_user = user@example.com 35 | ``` 36 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-compress-connect.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-compress-connect 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm compress-connect(1) - Establish a compress-aware imap connection 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm compress-connect** *host* [*port*] 12 | 13 | ## DESCRIPTION 14 | 15 | Connects to a compression-enabled IMAP service at given *host:port*. 16 | **doveadm-compress-connect** takes care of the compression/decompression, 17 | and to switch it on at the appropriate moment when the client sends the IMAP 18 | command **COMPRESS DEFLATE** 19 | 20 | ## ARGUMENTS 21 | 22 | * *host* - the hostname/ip address to connect to 23 | * *port* - the port to connect to, 143 by default 24 | 25 | 26 | 27 | ## SEE ALSO 28 | 29 | [[man,doveadm]], [[rfc,4978]] 30 | -------------------------------------------------------------------------------- /docs/core/admin/sasl.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: SASL 4 | dovecotlinks: 5 | sasl: SASL 6 | --- 7 | 8 | # SASL 9 | 10 | SASL stands for "Simple Authentication and Security Layer". SASL itself is 11 | nothing more than a list of requirements for 12 | [[link,authentication_mechanisms]] and protocols to be SASL-compatible as 13 | described in [[rfc,4422]]. 14 | 15 | IMAP, POP3, SMTP, and ManageSieve protocols all have support for SASL. 16 | 17 | Many people confuse SASL with one specific SASL implementation: the Cyrus SASL 18 | library. Dovecot has its own SASL implementation which could (one day) be 19 | separated from Dovecot itself to "compete" against Cyrus SASL library as an 20 | alternative implementation. 21 | 22 | Dovecot can be used as the SASL server for several external SMTP/Submission 23 | servers. See [[link,howto_virtual_smtp_auth]]. 24 | -------------------------------------------------------------------------------- /docs/core/config/recommended_metrics_include/proxy.inc: -------------------------------------------------------------------------------- 1 | `@metric_defaults = proxy` contains: 2 | 3 | `auth_successes` 4 | : Number of successful authentications. See [[event,auth_request_finished]]. 5 | 6 | `auth_failures` 7 | : Number of unsuccessful authentications. See [[event,auth_request_finished]]. 8 | It may be useful to export these events into log: 9 | ```[dovecot.conf] 10 | metric auth_failures { 11 | exporter = log-export 12 | } 13 | ``` 14 | 15 | `login_aborted` 16 | : Number of aborted logins, grouped by reason. See [[event,login_aborted]]. 17 | 18 | `proxy_session_established` 19 | : [[added,metric_defaults_proxy_session_established_added]] Number of 20 | successful proxy sessions. This can be used to see post-authentication 21 | latency until session is logged into a backend. See 22 | [[event,proxy_session_established]]. 23 | -------------------------------------------------------------------------------- /docs/core/config/sieve/extensions/include.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Include 4 | dovecotlinks: 5 | sieve_include: Sieve include extension 6 | --- 7 | 8 | # Sieve: Include Extension 9 | 10 | The Sieve include extension ([[rfc,6609]]) permits users to include 11 | one Sieve script into another. This can make managing large scripts or 12 | multiple sets of scripts much easier, and allows a site and its users to 13 | build up libraries of scripts. Users are able to include their own 14 | personal scripts or site-wide scripts. 15 | 16 | Included scripts can include more scripts of their own, yielding a tree 17 | of included scripts with the main script (typically the user's personal 18 | script) at its root. 19 | 20 | ## Configuration 21 | 22 | The include extension is available by default. 23 | 24 | ### Settings 25 | 26 | 27 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-doveadm.inc: -------------------------------------------------------------------------------- 1 | #### doveadm batch 2 | 3 | The `doveadm batch` command was removed. 4 | 5 | #### doveadm fs 6 | 7 | [[doveadm,fs put]] can now put metadata also. 8 | 9 | #### doveadm indexer 10 | 11 | Added [[doveadm,indexer]] command. 12 | 13 | #### doveadm save 14 | 15 | Added `-r received-date` parameter. See [[doveadm,save]]. 16 | 17 | #### dsync 18 | 19 | The `dsync` command symlink was removed. Use [[doveadm,sync]] or 20 | [[doveadm,backup]] commands directly instead. 21 | 22 | #### Mailbox Commands 23 | 24 | `USER` environment variable can be used only with `--no-userdb-lookup` parameter. 25 | 26 | All mail commands require providing `-u`, `-F`, `-A` parameter or `--no-userdb-lookup` parameter. 27 | This will always be subject to user database lookup and requires access to 28 | auth userdb socket, unless `--no-userdb-lookup` was used. 29 | -------------------------------------------------------------------------------- /docs/core/config/include/login_process_overview.inc: -------------------------------------------------------------------------------- 1 | The main purpose of login processes is to handle the [[link,imap_server]], 2 | [[link,pop3_server]], [[link,submission_server]], and 3 | [[link,managesieve_server]] connections before the user 4 | has logged in. 5 | 6 | The login processes don't need to be able to do anything else 7 | than let the user log in, so they can run in highly restricted environment. By 8 | default they are run as a non-privileged `dovenull` user chrooted into a 9 | non-writable directory containing only authentication UNIX sockets. 10 | 11 | Login processes also handle proxying the SSL and TLS connections even after the 12 | user has logged in. This way all the SSL code runs in the same restricted 13 | environment, which means that a security hole in the SSL library gives the 14 | attacker access only to the restricted chroot, rather than possibly all the 15 | users' mails. 16 | -------------------------------------------------------------------------------- /components/DoveadmCliComponent.vue: -------------------------------------------------------------------------------- 1 | 8 | 9 | 37 | -------------------------------------------------------------------------------- /docs/howto/fail2ban.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Fail2ban 4 | --- 5 | 6 | # Using Fail2ban with Dovecot 7 | 8 | You can use syslogging by setting [[setting,log_path]] to empty value. 9 | 10 | ::: code-group 11 | ```[/etc/fail2ban/filter.d/dovecot-pop3imap.conf] 12 | [Definition] 13 | failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=`` 14 | ``` 15 | 16 | ```[/etc/fail2ban/jail.conf] 17 | [dovecot-pop3imap] 18 | enabled = true 19 | filter = dovecot-pop3imap 20 | action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp] 21 | logpath = /var/log/maillog 22 | maxretry = 20 23 | findtime = 1200 24 | bantime = 1200 25 | ``` 26 | ::: 27 | 28 | (Set the `logpath` to wherever your syslog has been configured to log 29 | Dovecot's login messages.) 30 | -------------------------------------------------------------------------------- /docs/core/config/login_processes.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Login Processes 4 | dovecotlinks: 5 | login_processes: login processes 6 | login_processes_high_performance: 7 | hash: high-performance-mode 8 | text: high performance login 9 | --- 10 | 11 | # Login Processes 12 | 13 | 14 | 15 | The default login settings should be good enough for small sites. There are two 16 | ways to run the login processes: the high-security mode and the 17 | high-performance mode. Both are discussed separately below. 18 | 19 | For explanation on the various settings for services, see 20 | [[link,service_configuration]]. 21 | 22 | ## High-Security Mode (default) 23 | 24 | 25 | 26 | ## High-Performance Mode 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /docs/core/plugins/fs_compress.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: fs-compress 4 | dovecotlinks: 5 | fs_compress: 6 | hash: compression-fs-compress-plugin 7 | text: "Compression Plugin: fs-compress" 8 | --- 9 | 10 | # Compression Plugin (`fs-compress`) 11 | 12 | `fs-compress` plugin is used to wrap other data streams in a compression layer. 13 | 14 | It can be used by any of the settings using the [[link,fs,FS drivers]]. 15 | 16 | The exact location where to set it in the FS driver hierarchy depends on what 17 | other FS drivers are being used. 18 | 19 | The important rules are: 20 | 21 | * Must be set before the final storage driver (`s3`, `sproxyd`, ...) 22 | * Should be set after `fscache` (you generally don't want `fscache` to be 23 | compressed for performance reasons). 24 | * Must be set before [[link,mail_crypt_fs_crypt,fs_crypt]], because encrypted 25 | data compresses poorly. 26 | 27 | ## Settings 28 | 29 | 30 | -------------------------------------------------------------------------------- /assets/plantuml/README.md: -------------------------------------------------------------------------------- 1 | # PlantUML Data 2 | 3 | This directory contains PlantUML files that are used to create diagrams for 4 | the documentation. 5 | 6 | ## Docker 7 | 8 | [PlantUML](https://plantuml.com/) files are converted to SVG by using a Java 9 | program. 10 | 11 | It is easiest to run the program by using a pre-configured Docker container. 12 | 13 | The output command is as follows: 14 | 15 | ``` 16 | docker run --rm -v /path/to/your/puml/files:/data \ 17 | -v /path/to/your/output/directory:/output plantuml/plantuml \ 18 | -tsvg /data/your_diagram.puml \ 19 | -o /output 20 | ``` 21 | 22 | For example, if running from this directory to convert foo.puml, and storing 23 | the SVG file in the "docs/core/images" directory (so it can be referenced via 24 | Markdown from within VitePress), run: 25 | 26 | ``` 27 | mkdir -p ../../docs/core/images 28 | docker run --rm -v ./:/data -v ../../docs/core/images:/output \ 29 | plantuml/plantuml -tsvg /data/foo.puml -o /output 30 | ``` 31 | -------------------------------------------------------------------------------- /docs/core/config/auth/include/anvil-algorithm.inc: -------------------------------------------------------------------------------- 1 | - First auth failure reply will be delayed for 2 seconds (this happens 2 | even without auth penalty) 3 | 4 | - `AUTH_PENALTY_INIT_SECS` in `src/auth/auth-penalty.h` 5 | 6 | - The delay will be doubled for 4 -> 8 seconds, and then the upper 7 | limit of 15 seconds is reached. 8 | 9 | - `AUTH_PENALTY_MAX_SECS` and `AUTH_PENALTY_MAX_PENALTY` in 10 | `src/auth/auth-penalty.h` 11 | 12 | - If the IP is in [[setting,login_trusted_networks]] (e.g. webmail), skip any 13 | authentication penalties 14 | 15 | - If the username+password combination is the same as one of the last 16 | 10 login attempts, skip increasing authentication penalty. 17 | 18 | - `CHECKSUM_VALUE_PTR_COUNT` in `src/anvil/penalty.c` 19 | 20 | - The idea is that if a user has simply configured the password 21 | wrong, it shouldn't keep increasing the delay. 22 | 23 | - The username+password is tracked as the CRC32 of them, so there is 24 | a small possibility of hash collisions 25 | -------------------------------------------------------------------------------- /docs/troubleshooting/include/debug_crashes.inc: -------------------------------------------------------------------------------- 1 | Dovecot has been designed to crash rather than continue in a potentially 2 | unsafe manner that could cause data loss. Most crashes usually happen just 3 | once and retrying the operation will succeed, so usually even if you see 4 | them it's not a big problem. 5 | 6 | Of course, all crashes are bugs that should eventually be fixed, so feel 7 | free to report them always even if they're not causing any visible problems. 8 | 9 | Crashes appear in the logs like: 10 | 11 | ``` 12 | dovecot: Apr 23 11:16:05 Error: child 86116 (imap) killed with signal 11 13 | ``` 14 | 15 | Instead of crashing, there have been some rare bugs in Dovecot when some 16 | process could go into infinite loop, which causes the process to use 100% 17 | CPU. 18 | 19 | If you detect such processes, it would be helpful to get a gdb backtrace 20 | of the running process: 21 | 22 | ```sh 23 | gdb -p pid-of-process 24 | bt full 25 | ``` 26 | 27 | After getting the backtrace, you can `kill -9` the process. 28 | -------------------------------------------------------------------------------- /components/EventCategoriesComponent.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 35 | -------------------------------------------------------------------------------- /docs/core/admin/limits.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Limits 4 | --- 5 | 6 | # Dovecot Limits 7 | 8 | Dovecot contains various configurable and built-in resource limits designed to 9 | prevent denial of service situations. This page lists those limits. 10 | 11 | ::: todo 12 | This list is currently incomplete. 13 | ::: 14 | 15 | ## Storage Size Limits 16 | 17 | 18 | 19 | ### See Also 20 | 21 | * [[link,quota_root]] 22 | 23 | ## User Concurrency Limits 24 | 25 | 26 | 27 | ## Memory Limits 28 | 29 | * [[link,service_vsz_limit]] 30 | * [[link,service_process_limit]] 31 | * [[link,service_client_limit]] 32 | 33 | ## Message Headers 34 | 35 | There is a `10 MB` limit for a single message header block, and a `50 MB` 36 | limit for all header blocks in a message. 37 | 38 | ## MIME Parts 39 | 40 | Maximum number of MIME parts per message is 10000. A maximum of 100 MIME parts 41 | can be nested in the same hierarchy path. 42 | -------------------------------------------------------------------------------- /docs/core/config/auth/databases/imap.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: IMAP 4 | dovecotlinks: 5 | auth_imap: remote IMAP authentication database 6 | --- 7 | 8 | # Authentication via Remote IMAP Server (`imap`) 9 | 10 | ## Settings 11 | 12 | [[removed,auth_imap_arg_configuration_removed]]: The arg-based driver settings 13 | have been removed in favor of using the standard `imapc_*` settings. 14 | 15 | [[removed,settings_ssl_imapc_removed]]: The `ssl_ca_file`, `ssl_ca_dir` and 16 | `allow_invalid_cert` settings have been removed. The standard `ssl_*` settings 17 | can be used instead (also inside `passdb { ... }` if wanted). 18 | 19 | 20 | 21 | ## Example 22 | 23 | Authenticates users against remote IMAP server in IP address 192.168.1.123: 24 | 25 | ```[dovecot.conf] 26 | passdb imap { 27 | imapc_host = 192.168.1.123 28 | imapc_port = 143 29 | imapc_user = %{owner_user} 30 | imapc_rawlog_dir = /tmp/imapc_rawlog/ 31 | imapc_ssl = starttls 32 | 33 | ssl_client_require_valid_cert = no 34 | } 35 | ``` 36 | -------------------------------------------------------------------------------- /docs/core/config/proxy/haproxy.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: HAProxy 4 | dovecotlinks: 5 | haproxy: HAProxy 6 | haproxy_tls_forward: 7 | hash: tls-forwarding 8 | text: HAProxy TLS Forwarding 9 | --- 10 | 11 | # HAProxy 12 | 13 | [HAProxy (High Availability Proxy)](https://www.haproxy.org/), is a popular 14 | open source software "TCP and HTTP" Load Balancer and proxying solution. 15 | It is available as a package on almost all Linux distros. 16 | 17 | ::: warning 18 | Dovecot CE supports single-server operation only, so load balancing is not 19 | applicable. 20 | 21 | This page exists to document HAProxy-related features that exist in the 22 | software. 23 | ::: 24 | 25 | ## TLS Forwarding 26 | 27 | For Dovecot to recognize that TLS termination has been performed, you need to 28 | configure haproxy to use 29 | [PROXYv2](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) 30 | protocol with SSL attributes. For example: 31 | 32 | ``` 33 | server s1 127.0.0.1:143 send-proxy-v2-ssl 34 | ``` 35 | 36 | See also: [[link,secured_connections]]. 37 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-external-configs.inc: -------------------------------------------------------------------------------- 1 | #### External Configuration Files 2 | 3 | v2.3 configured sql, ldap and some other features using `.conf.ext` 4 | external configuration files. These have been replaced by regular settings, 5 | which can be used in the same place where they used to be referred to before. 6 | For example: 7 | 8 | ::: code-group 9 | ```[dovecot-2.3.conf] 10 | passdb { 11 | driver = mysql 12 | args = /etc/dovecot/dovecot-sql.conf.ext 13 | } 14 | ``` 15 | 16 | ```[dovecot-2.3-sql.conf.ext] 17 | connect = host=127.0.0.1 user=mysql_user pass=mysql_pass 18 | password_query = SELECT password FROM users WHERE user = '%u' 19 | ``` 20 | 21 | ```[dovecot-2.4.conf.ext] 22 | # Use these mysql settings globally. These could be also inside passdb sql {} 23 | mysql 127.0.0.1 { 24 | user = mysql_user 25 | pass = mysql_pass 26 | } 27 | sql_driver = mysql 28 | 29 | passdb sql { 30 | query = SELECT password FROM users WHERE user = '%{user}' 31 | } 32 | ``` 33 | ::: 34 | 35 | * [[link,auth_sql]] 36 | * [[link,auth_ldap]] 37 | * [[link,auth_oauth2]] 38 | -------------------------------------------------------------------------------- /components/LuaVariableComponent.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 29 | 30 | 37 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-default-settings.inc: -------------------------------------------------------------------------------- 1 | | [[setting,imapc_features]] | Features "delay-login", "search", "fetch-headers", "fetch-bodystructure", "fetch-size" by default. Enable "acl" and "modseq" by default, if the remote server supports it. | 2 | | [[setting,mail_cache_max_headers_count]] | unlimited | 100 | New feature, explicitly set to `0` for the old behavior. | 3 | | [[setting,mail_cache_max_header_name_length]] | unlimited | 100 | New feature, explicitly set to `0` for the old behavior. | 4 | | [[setting,mail_log_prefix]] | `%s(%u)<%{pid}><%{session}>:` | `%{service}(%{user})<%{process:pid}><%{session}>:` | New variable expansion syntax. | 5 | | [[setting,mailbox_list_drop_noselect]] | `no` | `yes` | `\NoSelect` folders are now dropped by default. | 6 | | `service/anvil/chroot` | empty | \ | Anvil is no longer chrooted. | 7 | | `service/anvil/user` | $default_internal_user | \ | Anvil runs as root. | 8 | | `service/auth-worker/process_limit` | 1 | 30 | | 9 | | [[setting,protocols]] | `imap pop3 lmtp` | | No protocols are enabled by default. | 10 | -------------------------------------------------------------------------------- /components/LuaConstantComponent.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 29 | 30 | 37 | -------------------------------------------------------------------------------- /docs/core/config/sieve/extensions/editheader.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Editheader 4 | dovecotlinks: 5 | sieve_editheader: Sieve editheader extension 6 | --- 7 | 8 | # Sieve: Editheader Extension 9 | 10 | The editheader extension ([[rfc,5293]]) enables Sieve 11 | scripts to delete and add message header fields, thereby allowing 12 | interaction with other components that consume or produce header fields. 13 | 14 | ## Configuration 15 | 16 | The editheader extension is not available by default and needs to be 17 | enabled explicitly by adding it to [[setting,sieve_extensions]]. 18 | 19 | ### Settings 20 | 21 | 22 | 23 | ### Example 24 | 25 | ``` 26 | # Use editheader 27 | sieve_extensions { 28 | editheader = yes 29 | } 30 | 31 | # Header fields must not exceed one kilobyte 32 | sieve_editheader_max_header_size = 1k 33 | 34 | # Protected special headers 35 | sieve_editheader_header X-Verified { 36 | forbid_add = yes 37 | forbid_delete = yes 38 | } 39 | sieve_editheader_header X-Seen { 40 | forbid_delete = yes 41 | } 42 | ``` 43 | -------------------------------------------------------------------------------- /docs/core/plugins/apparmor.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: apparmor 4 | --- 5 | 6 | # AppArmor Plugin (`apparmor`) 7 | 8 | [AppArmor](https://www.wikipedia.org/wiki/AppArmor) plugin, which 9 | allows changing "hat" (apparmor context) when user is loaded. Context is 10 | changed back to default on user deinit. 11 | 12 | Multiple hats are supported and passed to 13 | [`aa_change_hatv()`](https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa_change_hat.2) 14 | function. 15 | 16 | ## Settings 17 | 18 | 19 | 20 | ## Settings: Extra Fields 21 | 22 | You can also specify hats from user or password database extra fields. 23 | 24 | ### Password Database 25 | If you provide from [[link,passdb]], use `userdb_apparmor_hats=hat`. 26 | 27 | ### User Database 28 | If you provide from [[link,userdb]], use `apparmor_hats=hat`. 29 | 30 | ## Sample Configuration 31 | 32 | ```[dovecot.conf] 33 | mail_plugins { 34 | apparmor = yes 35 | } 36 | 37 | apparmor_hats = hat_name 38 | ``` 39 | 40 | ## Debugging 41 | 42 | Enable [[setting,log_debug]] to see context changes. 43 | -------------------------------------------------------------------------------- /docs/core/config/delivery/include/delivery_common.inc: -------------------------------------------------------------------------------- 1 | ## Common Delivery Settings 2 | 3 | * [[setting,postmaster_address]] is used as the From: header address in 4 | bounce mails 5 | 6 | * [[setting,hostname]] is used in generated Message-IDs and in 7 | `Reporting-UA:` header in bounce mails 8 | 9 | * [[setting,sendmail_path]] is used to send mails. Note that the default is 10 | `/usr/sbin/sendmail`, which doesn't necessarily work the same as 11 | `/usr/lib/sendmail`. 12 | 13 | * Alternatively you can use [[setting,submission_host]] to send mails via 14 | the specified SMTP server. 15 | 16 | * [[setting,auth_socket_path]] specifies the UNIX socket to auth-userdb 17 | where LDA can lookup userdb information when `-d` parameter is used. 18 | See below how to configure Dovecot to configure the socket. 19 | 20 | ::: tip 21 | The config files must be world readable to enable dovecot-lda process to read 22 | them while running with user privileges. 23 | 24 | You can put password related settings to a separate file, which you 25 | include with \`!include_try\` and dovecot-lda skips them. 26 | ::: 27 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "dovecot-ce-documentation", 3 | "devDependencies": { 4 | "@sindresorhus/slugify": "^2.2.1", 5 | "camelcase": "^8.0.0", 6 | "commander": "^13.1.0", 7 | "dayjs": "^1.11.13", 8 | "fast-glob": "^3.3.3", 9 | "git-commit-info": "^2.0.2", 10 | "import-sync": "^2.2.3", 11 | "markdown-it-container": "^4.0.0", 12 | "markdown-it-deflist": "^3.0.0", 13 | "markdown-it-mathjax3": "^4.3.2", 14 | "pagefind": "^1.3.0", 15 | "pdc": "^0.2.3", 16 | "remark-definition-list": "^2.0.0", 17 | "remark-flexible-containers": "^1.2.1", 18 | "remark-man": "^9.0.0", 19 | "remark-parse": "^11.0.0", 20 | "unified": "^11.0.5", 21 | "unist-builder": "^4.0.0", 22 | "unist-util-map": "^4.0.0", 23 | "unist-util-parents": "^3.0.0", 24 | "vitepress": "^1.6.3", 25 | "vitepress-plugin-pagefind": "^0.4.13", 26 | "vitepress-sidebar": "^1.31.0" 27 | }, 28 | "scripts": { 29 | "docs:dev": "vitepress dev", 30 | "docs:build": "vitepress build", 31 | "docs:preview": "vitepress preview", 32 | "man:build": "node util/generate_man.js" 33 | }, 34 | "type": "module" 35 | } 36 | -------------------------------------------------------------------------------- /docs/core/config/auth/mechanisms/winbind.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Winbind 4 | --- 5 | 6 | # Winbind Mechanisms 7 | 8 | Dovecot supports NTLM and GSS-SPNEGO authentication mechanisms using 9 | [Samba](https://www.samba.org)'s winbind daemon. It is useful when you 10 | need to authenticate users against a Windows domain (either AD or NT). 11 | 12 | By default NTLM mechanism is handled internally. You can use winbind 13 | instead by setting [[setting,auth_use_winbind,yes]]. 14 | 15 | The usernames, returned by winbind, can contain some domain part (either 16 | "DOMAIN\user" or "user@example.com"). Such usernames are always 17 | transformed to the form of "user@domain". To strip domain part (to 18 | obtain corresponding local username, for example), set 19 | [[setting,auth_username_format,%{user | username}]]. 20 | 21 | Dovecot needs path to Samba's `ntlm_auth` binary to perform the 22 | authentication. You can change the path with 23 | [[setting,auth_winbind_helper_path,/usr/bin/ntlm_auth]]. 24 | 25 | Dovecot currently does blocking lookups, so if `ntlm_auth` is slow on 26 | responding (e.g. network problems), Dovecot blocks all other 27 | authentication requests until it's finished. 28 | -------------------------------------------------------------------------------- /docs/core/plugins/mail_log.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: mail-log 4 | --- 5 | 6 | # Mail Logger Plugin (`mail-log`) 7 | 8 | This plugin can be used to log several actions done in a mail session: 9 | 10 | * Setting and removing \Deleted flag 11 | * Expunging (includes autoexpunge) 12 | * Copying mails 13 | * Saves 14 | * Mailbox creations 15 | * Mailbox deletions 16 | * Mailbox renames 17 | * Any flag changes 18 | 19 | Messages' IMAP UID and Message-ID header is logged for each action. 20 | 21 | Example: 22 | 23 | ``` 24 | imap(user): copy -> Trash: uid=908, msgid=<123.foo@bar> 25 | imap(user): delete: uid=908, msgid=<123.foo@bar> 26 | imap(user): expunged: uid=908, msgid=<123.foo@bar> 27 | ``` 28 | 29 | The [[plugin,notify]] is required the mail_log plugin's operation, so be 30 | certain it's also enabled. 31 | 32 | ## Settings 33 | 34 | 35 | 36 | ## Example Configuration 37 | 38 | ```[dovecot.conf] 39 | # Enable the plugin globally for all services 40 | mail_plugins { 41 | notify = yes 42 | mail_log = yes 43 | } 44 | 45 | mail_log_events = delete undelete expunge mailbox_delete mailbox_rename 46 | mail_log_fields = uid box msgid size from 47 | mail_log_cached_only = yes 48 | ``` 49 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-exec.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-exec 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-exec(1) - Easily execute commands from Dovecot's libexec directory. 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **exec** *binary* [*binary arguments*] 12 | 13 | ## DESCRIPTION 14 | 15 | This command allows administrators and local users to simply execute 16 | commands from within */usr/libexec/dovecot*. So for example a logged in system 17 | user could start a pre-authenticated imap session, using the command: 18 | **doveadm exec imap**. An administrator would use the command 19 | **doveadm exec imap -u** *username*. 20 | 21 | 22 | 23 | ## ARGUMENTS 24 | 25 | *binary* 26 | : the name of an executable located in */usr/libexec/dovecot*. 27 | 28 | *binary arguments* 29 | : options and arguments, which will be passed through to the *binary*. 30 | 31 | ## EXAMPLE 32 | 33 | This example demonstrates how to deliver a message from a file to a 34 | user's mailbox. 35 | 36 | ```sh 37 | doveadm exec dovecot-lda -d user@example.net -f admin@example.net < ~/stuff/welcome.msg 38 | ``` 39 | 40 | 41 | 42 | SEE ALSO 43 | 44 | [[man,doveadm]] 45 | -------------------------------------------------------------------------------- /docs/developers/design/mail_user.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Mail User 4 | --- 5 | 6 | # Mail User 7 | 8 | `src/lib-storage/mail-user.h` describes mail user. The struct contains 9 | all kinds of useful information about the user that can be accessed 10 | directly. Some of the most useful things you can do with a user are: 11 | 12 | - `user->username` gives you the actual username string (e.g. 13 | `user@domain.org`). 14 | 15 | - `user->set` gives you access to user's settings. 16 | 17 | - `user->namespaces` points to a linked list of user's namespaces. 18 | 19 | - `mail_user_get_home()` returns user's home directory, if there's 20 | one. 21 | 22 | - `mail_user_home_expand()` expands `~/` at the beginning of given 23 | path to user's actual home directory. 24 | 25 | Typically each new IMAP/POP3/etc. connection creates a single mail user. 26 | If the same process handles multiple connections for the same user, they 27 | don't share the same mail_user (especially since each mail_user has a 28 | unique session ID). 29 | 30 | If a user has shared mailboxes from other users (not public namespaces), 31 | a mail user is also created whenever necessary to list/access the user's 32 | mailboxes. Again there is no attempt to share the created mail user with 33 | other connections. 34 | -------------------------------------------------------------------------------- /docs/core/config/recommended_metrics_include/backend.inc: -------------------------------------------------------------------------------- 1 | ### Generic authentication metrics 2 | 3 | `@metric_defaults = backend` contains: 4 | 5 | `auth_successes` 6 | : Number of successful authentications. See [[event,auth_request_finished]]. 7 | 8 | `auth_failures` 9 | : Number of unsuccessful authentications. See [[event,auth_request_finished]]. 10 | These are not usually expected to happen in backends. It may be useful to 11 | export these events into log: 12 | ```[dovecot.conf] 13 | metric auth_failures { 14 | exporter = log-export 15 | } 16 | ``` 17 | 18 | ### Basic mail access and delivery metrics 19 | 20 | `@metric_defaults = backend` contains: 21 | 22 | `imap_commands` 23 | : Number of IMAP commands, grouped by OK/NO/BAD tagged reply. 24 | See [[event,imap_command_finished]]. 25 | 26 | `mail_deliveries` 27 | : Number of mails delivered. See [[event,mail_delivery_finished]]. 28 | 29 | `mail_submissions` 30 | : Number of mails submitted for outside delivery (e.g. rejects, vacations). 31 | See [[event,smtp_submit_finished]]. 32 | 33 | `mail_user_session_finished` 34 | : Number of mail sessions, including their RSS memory usage and user space 35 | CPU usage at the time when the session was finished. See 36 | [[event,mail_user_session_finished]]. 37 | -------------------------------------------------------------------------------- /.github/actions/spelling/advice.md: -------------------------------------------------------------------------------- 1 | 2 |
If the flagged items are :exploding_head: false positives 3 | 4 | If items relate to a ... 5 | * binary file (or some other file you wouldn't want to check at all). 6 | 7 | Please add a file path to the `excludes.txt` file matching the containing file. 8 | 9 | File paths are Perl 5 Regular Expressions - you can [test]( 10 | https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files. 11 | 12 | `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md]( 13 | ../tree/HEAD/README.md) (on whichever branch you're using). 14 | 15 | * well-formed pattern. 16 | 17 | If you can write a [pattern]( 18 | https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns 19 | ) that would match it, 20 | try adding it to the `patterns.txt` file. 21 | 22 | Patterns are Perl 5 Regular Expressions - you can [test]( 23 | https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines. 24 | 25 | Note that patterns can't match multiline strings. 26 | 27 |
28 | -------------------------------------------------------------------------------- /docs/core/config/include/login_process_high_performance.inc: -------------------------------------------------------------------------------- 1 | You can enable high-performance mode with: 2 | 3 | ```[dovecot.conf] 4 | service imap-login { 5 | restart_request_count = unlimited 6 | process_min_avail = %{system:cpu_count} 7 | vsz_limit = 1G 8 | } 9 | 10 | service pop3-login { 11 | restart_request_count = unlimited 12 | } 13 | ``` 14 | 15 | It works by using a number of long running login processes, each handling a 16 | number of connections. This loses much of the security benefits of the login 17 | process design, because in case of a security hole (in Dovecot or SSL library) 18 | the attacker is now able to see other users logging in and steal their 19 | passwords, read their mails, etc. 20 | 21 | * [[setting,service_process_min_avail]] should be set to be at least the number 22 | of CPU cores in the system, so that all of them will be used. You can use 23 | `%{system:cpu_count}`, which expands to this automatically. 24 | * Otherwise new processes are created only once an existing one's connection 25 | count reaches [[setting,service_client_limit]]. 26 | * Default [[setting,service_client_limit]] * [[setting,service_process_limit]] = 27 | 1000 * 100 = 100k connections. 28 | * [[setting,service_vsz_limit]] should be increased to avoid out of memory 29 | errors, especially if you're using SSL/TLS. 30 | -------------------------------------------------------------------------------- /docs/core/man/include/global-options.inc: -------------------------------------------------------------------------------- 1 | ## GLOBAL OPTIONS 2 | 3 | Global [[man,doveadm]] *options*: 4 | 5 | **-D** 6 | : Enables *verbosity* and debug messages. 7 | 8 | **-O** 9 | : Do not read any config file, just use defaults. The 10 | [[setting,dovecot_storage_version]] defaults to the latest version, but 11 | can be overridden with **-o**. 12 | 13 | **-k** 14 | : Preserve entire environment for doveadm, not just 15 | [[setting,import_environment]]. 16 | 17 | **-v** 18 | : Enables verbosity, including progress counter. 19 | 20 | **-i** *instance-name* 21 | : If using multiple Dovecot instances, choose the config file based on 22 | this instance name. 23 | 24 | See [[setting,instance_name]] for more information. 25 | 26 | **-c** *config-file* 27 | : Read configuration from the given *config-file*. By default 28 | it first reads config socket, and then falls back to 29 | */etc/dovecot/dovecot.conf*. You can also point this to 30 | config socket of some instance running compatible version. 31 | 32 | **-o** *setting***=***value* 33 | : Overrides the configuration *setting* from 34 | */etc/dovecot/dovecot.conf* and from the userdb with the given 35 | *value*. In order to override multiple settings, the **-o** 36 | option may be specified multiple times. 37 | -------------------------------------------------------------------------------- /docs/core/config/sieve/extensions/duplicate.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Duplicate 4 | dovecotlinks: 5 | sieve_duplicate: Sieve duplicate extension 6 | --- 7 | 8 | # Sieve: Duplicate Extension 9 | 10 | The duplicate extension ([[rfc,7352]]) adds a new test command 11 | called `duplicate` to the Sieve language. This test adds the ability 12 | to detect duplications. 13 | 14 | The main application for this new test is handling duplicate deliveries 15 | commonly caused by mailing list subscriptions or redirected mail addresses. 16 | 17 | The detection is normally performed by matching the message ID to an 18 | internal list of message IDs from previously delivered messages. 19 | For more complex applications, the `duplicate` test can also use the 20 | content of a specific header field or other parts of the message. 21 | 22 | ::: warning [[changed,sieve_vnd_duplicate]] 23 | `vnd.dovecot.duplicate` extension has been removed in favor of this. 24 | ::: 25 | 26 | ## Configuration 27 | 28 | The duplicate extension is available by default. 29 | 30 | ### Settings 31 | 32 | 33 | 34 | ### Example 35 | 36 | ```[dovecot.conf] 37 | sieve_script personal { 38 | path = ~/.dovecot.sieve 39 | } 40 | 41 | sieve_duplicate_default_period = 1h 42 | sieve_duplicate_max_period = 1d 43 | ``` 44 | -------------------------------------------------------------------------------- /docs/howto/sasl/exim.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Exim and Dovecot SASL 4 | dovecotlinks: 5 | howto_exim_and_dovecot_sasl: Exim and Dovecot SASL 6 | --- 7 | 8 | # Exim and Dovecot SASL 9 | 10 | Exim v4.64+ users can use Dovecot [[link,sasl]] instead of Cyrus SASL for 11 | authenticating SMTP clients. 12 | 13 | ## Configuration Example 14 | 15 | ::: code-group 16 | ```[dovecot.conf] 17 | auth_mechanisms = plain login 18 | 19 | service auth { 20 | ... 21 | # SASL 22 | unix_listener auth-exim { 23 | # Exim requires legacy auth type until it gets updated 24 | type = auth-legacy 25 | mode = 0660 26 | user = mail 27 | } 28 | ... 29 | } 30 | ``` 31 | 32 | ```[exim.conf] 33 | dovecot_login: 34 | driver = dovecot 35 | public_name = LOGIN 36 | server_socket = /var/run/dovecot/auth-exim 37 | # setting server_set_id might break several headers in mails sent by 38 | # authenticated smtp. So be careful. 39 | server_set_id = $auth1 40 | 41 | dovecot_plain: 42 | driver = dovecot 43 | public_name = PLAIN 44 | server_socket = /var/run/dovecot/auth-exim 45 | server_set_id = $auth1 46 | ``` 47 | ::: 48 | 49 | If you are having problems with this not working, ensure that you are using 50 | version 4.72 or greater of exim. Previous versions of exim have trouble with 51 | the version of the protocol used in Dovecot v2.x. 52 | -------------------------------------------------------------------------------- /docs/core/plugins/pop3_migration.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: pop3-migration 4 | --- 5 | 6 | # POP3 Migration Plugin (`pop3-migration`) 7 | 8 | The pop3-migration plugin is used to preserve POP3 UIDLs. 9 | 10 | When dsync is handling IMAP INBOX and requests a POP3 UIDL, the plugin 11 | connects to the POP3 server and figures out which IMAP messages match 12 | the POP3 messages and returns the appropriate POP3 UIDL. 13 | 14 | The plugin works by matching POP3 messages to IMAP messages. This isn’t 15 | always trivial with some servers, which can keep the POP3 and IMAP messages 16 | in different order or include more than just IMAP INBOX messages in the 17 | POP3 messages. 18 | 19 | ::: danger 20 | Always do a test migration to verify that POP3 UIDLs are preserved 21 | correctly. If the UIDL format is wrong, all the mails have to be re-migrated. 22 | ::: 23 | 24 | ::: tip 25 | See Also: 26 | * [[link,migration]]. 27 | ::: 28 | 29 | ## Configuration 30 | 31 | This plugin requires a pop3c namespace configured for accessing the source 32 | POP3 server. For example: 33 | 34 | ```[dovecot.conf] 35 | namespace pop3c { 36 | prefix = POP3-MIGRATION-NS/ 37 | separator = / 38 | mail_driver = pop3c 39 | mail_path = 40 | inbox = no 41 | list = no 42 | hidden = yes 43 | } 44 | ``` 45 | 46 | ## Settings 47 | 48 | 49 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-core-events.inc: -------------------------------------------------------------------------------- 1 | | `auth_client_cache_flush_started` | Event was removed. | 2 | | `auth_client_cache_flush_finished` | Event was removed. | 3 | | [[event,imap_id_received]] | Event was added. | 4 | | [[event,login_aborted]] | Event was added. | 5 | | [[event,mail_metadata_accessed]] | Event was added. | 6 | | [[event,pop3_command_finished]] | Event was added. | 7 | 8 | #### Event Fields 9 | 10 | | Event | Field | Change | 11 | | ----- | ----- | ------ | 12 | | [[event,dns_worker_request_finished]] | `cached` | Field was added. | 13 | | Mail user events | `service` | Field was added. | 14 | | [[event,proxy_session_finished]] | `error_code` | Field was added. | 15 | | [[event,proxy_session_finished]] | `idle_usecs` | Field was changed from `idle_secs`. | 16 | | [[event,smtp_server_transaction_rcpt_finished]] | `dest_host` | Field was added. | 17 | | [[event,smtp_server_transaction_rcpt_finished]] | `dest_ip` | Field was added. | 18 | | [[event,sql_query_finished]] | `consistency` | Field was added. | 19 | | [[event,sql_query_finished]] | `error_consistency` | Field was added. | 20 | | Various | `net_bytes_in` | Field was changed from `bytes_in`. | 21 | | Various | `net_bytes_out` | Field was changed from `bytes_out`. | 22 | | Various | `transport` | `transport=trusted` was changed to `transport=secured`. See also [[link,secured_connections]]. | 23 | -------------------------------------------------------------------------------- /docs/core/config/mailbox_formats/imapc.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: imapc 4 | dovecotlinks: 5 | imapc: imapc 6 | imapc_quota: 7 | hash: quota 8 | text: "Imapc: Quota" 9 | --- 10 | 11 | # Imapc Mailbox Format 12 | 13 | The imapc storage accesses a remote IMAP server as if it were a regular 14 | (local) Dovecot mailbox format. Dovecot can treat it as a dummy storage or 15 | optionally a more capable storage. 16 | 17 | ## Settings 18 | 19 | 20 | 21 | ## Configuration Example 22 | 23 | Do a regular IMAP LOGIN, using STARTTLS, to imap.example.com: 24 | 25 | ```[dovecot.conf] 26 | # In-memory index files: 27 | mail_driver = imapc 28 | mail_path = 29 | 30 | # OR, Store index files locally: 31 | #mail_path = ~/imapc 32 | 33 | imapc_host = imap.example.com 34 | imapc_password = secret 35 | imapc_port = 143 36 | imapc_ssl = starttls 37 | imapc_user = user@example.com 38 | ``` 39 | 40 | ## Quota 41 | 42 | Using the `imapc` quota driver allows asking for the quota from remote 43 | IMAP server. By default it uses `GETQUOTAROOT INBOX` to retrieve the quota. 44 | 45 | There are two parameters that can be used to control how the quota is looked 46 | up: 47 | 48 | 49 | 50 | ### Example 51 | 52 | ``` 53 | quota "User Quota" { 54 | driver = imapc 55 | imapc_root_name = Remote Quota 56 | } 57 | ``` 58 | -------------------------------------------------------------------------------- /docs/core/plugins/trash.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: trash 4 | --- 5 | 6 | # Trash Plugin (`trash`) 7 | 8 | Normally, a quota exceeded error is returned if saving/copying a message would 9 | bring the user over quota. With the trash plugin, the oldest messages are 10 | instead expunged from the specified mailboxes until the message can be 11 | saved. 12 | 13 | If the new message is large enough that it wouldn't fit even if all messages 14 | from configured mailboxes were expunged, then no messages are expunged and the 15 | user receives a "Quota exceeded" error. 16 | 17 | ## Settings 18 | 19 | 20 | 21 | ## Configuration 22 | 23 | Requires [[plugin,quota]] to be loaded and configured to use non-FS quota. 24 | 25 | Example: 26 | 27 | ::: code-group 28 | ```[dovecot.conf] 29 | mail_plugins { 30 | quota = yes 31 | trash = yes 32 | } 33 | 34 | namespace inbox { 35 | # Spam mailbox is emptied before Trash 36 | mailbox Spam { 37 | priority = 1 38 | } 39 | 40 | # Trash mailbox is emptied before Sent 41 | mailbox Trash { 42 | priority = 2 43 | } 44 | 45 | # If both Sent and "Sent Messages" mailboxes exist, the next oldest message 46 | # to be deleted is looked up from both of the mailboxes. 47 | mailbox Sent { 48 | priority = 3 49 | } 50 | mailbox "Sent Messages" { 51 | priority = 3 52 | } 53 | ``` 54 | ::: 55 | 56 | -------------------------------------------------------------------------------- /.github/actions/spelling/excludes.txt: -------------------------------------------------------------------------------- 1 | # See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-excludes 2 | (?:^|/)(?i)COPYRIGHT 3 | (?:^|/)(?i)LICEN[CS]E 4 | (?:^|/)3rdparty/ 5 | (?:^|/)\.keep$ 6 | (?:^|/)go\.sum$ 7 | (?:^|/)package(?:-lock|)\.json$ 8 | (?:^|/)Pipfile$ 9 | (?:^|/)pyproject.toml 10 | (?:^|/)requirements(?:-dev|-doc|-test|)\.txt$ 11 | (?:^|/)vendor/ 12 | (?:^|/)util/ 13 | (?:^|/)lib/ 14 | \.a$ 15 | \.ai$ 16 | \.all-contributorsrc$ 17 | \.avi$ 18 | \.bmp$ 19 | \.bz2$ 20 | \.cer$ 21 | \.class$ 22 | \.coveragerc$ 23 | \.crl$ 24 | \.crt$ 25 | \.csr$ 26 | \.dll$ 27 | \.docx?$ 28 | \.drawio$ 29 | \.DS_Store$ 30 | \.eot$ 31 | \.eps$ 32 | \.exe$ 33 | \.gif$ 34 | \.git-blame-ignore-revs$ 35 | \.gitattributes$ 36 | \.gitkeep$ 37 | \.graffle$ 38 | \.gz$ 39 | \.icns$ 40 | \.ico$ 41 | \.ipynb$ 42 | \.jar$ 43 | \.jks$ 44 | \.jpe?g$ 45 | \.key$ 46 | \.lib$ 47 | \.lock$ 48 | \.map$ 49 | \.min\.. 50 | \.mo$ 51 | \.mod$ 52 | \.mp[34]$ 53 | \.o$ 54 | \.ocf$ 55 | \.otf$ 56 | \.p12$ 57 | \.parquet$ 58 | \.pdf$ 59 | \.pem$ 60 | \.pfx$ 61 | \.png$ 62 | \.psd$ 63 | \.pyc$ 64 | \.pylintrc$ 65 | \.qm$ 66 | \.s$ 67 | \.sig$ 68 | \.so$ 69 | \.svgz?$ 70 | \.sys$ 71 | \.tar$ 72 | \.tgz$ 73 | \.tiff?$ 74 | \.ttf$ 75 | \.wav$ 76 | \.webm$ 77 | \.webp$ 78 | \.woff2?$ 79 | \.xcf$ 80 | \.xlsx?$ 81 | \.xpm$ 82 | \.xz$ 83 | \.zip$ 84 | ^\QMakefile\E$ 85 | ignore$ 86 | ^\.github/ 87 | ^\.vitepress/ 88 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-removed-plugins.inc: -------------------------------------------------------------------------------- 1 | #### Backends and Plugins 2 | 3 | | Backend | Notes | 4 | | ------- | ----- | 5 | | checkpassword auth database | Use [[link,auth_lua]] instead. | 6 | | Dict passdb & userdb driver | Use [[link,auth_lua]] instead. | 7 | | Dict quota; Dirsize quota | These drivers are removed. You should use [[link,quota_driver_count]] instead along with [[plugin,quota-clone]].
Note that switching to quota count can cause all users' indexes to update, so reserve time for this. | 8 | | imap-zlib plugin | The IMAP `COMPRESS` extension is now automatically enabled. | 9 | | listescape plugin | Use [[setting,mailbox_list_storage_escape_char]] instead. | 10 | | mailbox-alias plugin | Depending on the use case, replacement may be the [[setting,mailbox_special_use]] mailbox setting and/or [[link,sieve]] filters. | 11 | | Memcached dict driver | Use [[link,dict_redis]] instead. | 12 | | old-stats plugin | Use [[link,stats]] instead. `auth_stats` setting has been removed too. | 13 | | shadow auth driver | Use [[link,auth_pam]] instead. | 14 | | XZ Compression | You need to perform migration using a different compression format. With [[link,maildir]], you can try uncompressing all your mail and compressing them with another algorithm while Dovecot is not running. | 15 | | zlib plugin | Use [[plugin,mail-compress]] with the [[setting,mail_compress_write_method]] setting instead. | 16 | -------------------------------------------------------------------------------- /docs/core/man/include/option-x.inc: -------------------------------------------------------------------------------- 1 | **-x** *auth_info* 2 | : *auth_info* specifies additional conditions for the **user** 3 | command. The *auth_info* option string has to be given as 4 | *name* **=** *value* pair. For multiple conditions the **-x** 5 | option could be supplied multiple times. 6 | 7 | Possible names for the *auth_info* are: 8 | 9 | **service** 10 | : The service for which the userdb lookup should be tested. The 11 | value may be the name of a service, commonly used with Dovecot. 12 | For example: **imap**, **pop3** or **smtp**. 13 | 14 | **session** 15 | : Session identifier. 16 | 17 | **lip** 18 | : The local IP address (server) for the test. 19 | 20 | **rip** 21 | : The remote IP address (client) for the test. 22 | 23 | **lport** 24 | : The local port, e.g. 143 25 | 26 | **rport** 27 | : The remote port, e.g. 24567 28 | 29 | **real_lip** 30 | : The local IP to which the client connected on this host. 31 | 32 | **real_rip** 33 | : The remote IP where client connected from to this host. 34 | 35 | **real_lport** 36 | : The local port to which client connected to to this host. 37 | 38 | **real_rport** 39 | : The remote port from where the client connected from to this host. 40 | 41 | **forward_\** 42 | : Field to forward as %{forward:field} to auth process. 43 | -------------------------------------------------------------------------------- /docs/troubleshooting/include/debug_mail.inc: -------------------------------------------------------------------------------- 1 | Setting [[setting,log_debug]] will make Dovecot log all kinds of things 2 | about mailbox initialization. 3 | 4 | ::: warning 5 | This setting won't increase error logging at all, so if you're having some 6 | random problems it's unlikely to provide any help. 7 | ::: 8 | 9 | If there are any problems with a mailbox, Dovecot should automatically fix 10 | it. If that doesn't work for any reason, you can manually also request 11 | fixing a mailbox by running [[doveadm,force-resync,-u user@domain INBOX]], 12 | where `INBOX` should be replaced with the folder that is having problems 13 | (or `*` if all folders should be fixed). 14 | 15 | Users may sometimes complain that they have lost emails. The problem is 16 | almost always that this was done by one of the user's email clients 17 | accidentally. Especially accidentally configuring a "POP3 client" to a 18 | new device that deletes the mails after downloading them. 19 | 20 | For this reason it's very useful to enable the [[plugin,mail-log]] and 21 | enable logging for all the events that may cause mails to be lost. This way 22 | it's always possible to find out from the logs what exactly caused messages 23 | to be deleted. 24 | 25 | If you're familiar enough with Dovecot's index files, you can use 26 | [[doveadm,dump]] command to look at their contents in human readable 27 | format and possibly determine if there is something wrong in them. 28 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-removed-other-features.inc: -------------------------------------------------------------------------------- 1 | | Dovecot director role | Replaced with the [Dovecot Pro Palomar architecture](https://doc.dovecotpro.com/). | 2 | | Global ACL directory | Use [[setting,acl]] instead. See [below](#use-acl-settings-instead-of-global-acl-directories-or-global-acl-file) for details on migration. | 3 | | IMAP SETQUOTA command | Quota limits can no longer be modified using the IMAP SETQUOTA command. The `set_quota` setting has been removed. | 4 | | IPC process | Has been merged to anvil. | 5 | | OpenSSL support for older than 1.0.2 | Older versions are not supported anymore. | 6 | | Sieve extensions: `notify`, `imapflags`, `vnd.dovecot.duplicate` | These deprecated Sieve extensions have been removed. | 7 | | `ssl-parameters.dat` | This file is no longer converted automatically by config process, you need to set [[setting,ssl_server_dh_file]] setting if you need non-ECC Diffie-Hellman. | 8 | | TCP wrapper support | Use [[link,auth_lua]] instead. | 9 | | Weak password schemes | Weak password schemes are disabled by default; you need to use [[setting,auth_allow_weak_schemes]] to enable them. | 10 | | `local_name "multiple names" { ... }` | List each name as a separate `local_name { ... }` | 11 | 12 | #### Cassandra Parameters 13 | 14 | See [[link,sql_cassandra]]. 15 | 16 | | Parameter | Notes | 17 | | --------- | ----- | 18 | | Cassandra `ssl_verify=cert-dns` setting | Removed, as it was deprecated by Cassandra cpp-driver due to it being insecure against MITM attacks. | 19 | -------------------------------------------------------------------------------- /docs/core/man/dovecot-sysreport.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: dovecot-sysreport 4 | dovecotComponent: core 5 | --- 6 | 7 | # dovecot-sysreport(1) - Dovecot's system report utility 8 | 9 | ## SYNOPSIS 10 | 11 | **dovecot-sysreport** 12 | [**-h|-\-help**] 13 | [**-c|-\-core** [*binary*] *core* [...]] 14 | [**-d|-\-destination** *dest*] 15 | [**-k|-\-keeptemp**] 16 | 17 | ## DESCRIPTION 18 | 19 | **dovecot-sysreport** is a utility that should be used to gather 20 | information from the current system to be reported for dovecot bug 21 | fixes. It will collect dovecot's ps output, service status, process 22 | status, uptime command's output, error log, stats dump and if given, a 23 | core file along with its binary dependencies. 24 | 25 | ## OPTIONS 26 | 27 | **-h|-\-help** 28 | : Prints a help message. 29 | 30 | **-c|-\-config** *root_config_file* 31 | : Sets the root file of the dovecot's configuration. If not set, it 32 | will be assumed to be in the default configuration path. 33 | 34 | **-o|-\-core** [ *binary* ] *core* *[...]* 35 | : Includes core files along with their dependencies extracted from the 36 | specified binary file. 37 | 38 | **-d|-\-destination** *dest* 39 | : Sets the file location which the report archive should be put to. The 40 | default value is 41 | dovecot-sysreport-\-\.tar.gz in the 42 | current path. 43 | 44 | **-k|-\-keeptemp** 45 | : If set, temp files would not be deleted at the end. 46 | 47 | 48 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-penalty.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-penalty 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-penalty(1) - Show current penalties 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **penalty** 12 | [**-a** *anvil_socket_path*] 13 | [*ip* [**/** *mask*]] 14 | 15 | ## DESCRIPTION 16 | 17 | The **doveadm penalty** command can be used to see the current 18 | penalties. 19 | 20 | 21 | 22 | 23 | 24 | ## OPTIONS 25 | 26 | **-a** *anvil_socket_path* 27 | : This option is used to specify an alternative socket. The option's 28 | argument is either an absolute path to a local UNIX domain socket, or 29 | a hostname and port (*hostname*:*port*), in order to connect a remote 30 | host via a TCP socket. 31 | 32 | By default [[man,doveadm]] will use the socket */rundir/anvil*. The 33 | socket may be located in another directory, when the default *base_dir* 34 | setting was overridden in */etc/dovecot/dovecot.conf*. 35 | 36 | ## ARGUMENTS 37 | 38 | *ip* [/*mask*] 39 | : To reduce/filter the output supply an IP address or a network range 40 | in CIDR notation (ip/mask). 41 | 42 | ## EXAMPLE 43 | 44 | ```sh 45 | doveadm penalty 46 | ``` 47 | ``` 48 | IP penalty last_penalty last_update 49 | 192.0.2.222 3 2010-06-15 15:19:27 15:19:27 50 | 192.0.2.53 3 2010-06-15 15:19:34 15:19:34 51 | ``` 52 | 53 | 54 | 55 | ## SEE ALSO 56 | 57 | [[man,doveadm]] 58 | -------------------------------------------------------------------------------- /docs/core/config/imap.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: IMAP 4 | dovecotlinks: 5 | imap_server: IMAP server 6 | imap_hibernation: 7 | hash: imap-hibernation 8 | text: IMAP Hibernation 9 | --- 10 | 11 | # IMAP Configuration 12 | 13 | Dovecot was optimized since the beginning to work as an efficient IMAP server. 14 | 15 | ## Namespaces 16 | 17 | See [[link,namespaces]]. 18 | 19 | ## IMAP Extensions 20 | 21 | 22 | 23 | ## IMAP Hibernation 24 | 25 | ::: warning 26 | This is not supported on kqueue based systems currently, such as FreeBSD. 27 | ::: 28 | 29 | 30 | 31 | ### Configuration 32 | 33 | [[setting,imap_hibernate_timeout]] specifies the delay before moving users to 34 | `imap-hibernate` process. This requires inter-process communication between 35 | `imap` and `imap-hibernate` process. 36 | 37 | ```[dovecot.conf] 38 | imap_hibernate_timeout = 5s 39 | 40 | service imap { 41 | # Note that this change will allow any process running as 42 | # $SET:default_internal_user (dovecot) to access mails as any other user. 43 | # This may be insecure in some installations, which is why this isn't 44 | # done by default. 45 | unix_listener imap-master { 46 | user = $SET:default_internal_user 47 | } 48 | } 49 | 50 | # The following is the default already 51 | service imap { 52 | extra_groups = $default_internal_group 53 | } 54 | service imap-hibernate { 55 | unix_listener imap-hibernate { 56 | mode = 0660 57 | group = $default_internal_group 58 | } 59 | } 60 | ``` 61 | -------------------------------------------------------------------------------- /docs/core/config/delivery/mta.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: MTA 4 | dovecotlinks: 5 | mta: MTA 6 | --- 7 | 8 | # MTA 9 | 10 | MTA is an acronym for Mail Transport Agent. It is the software that works 11 | behind the scenes to transport E-Mail messages from one computer to another. 12 | 13 | MUAs (such as Thunderbird, Outlook, Apple Mail, etc.) hand off newly 14 | sent messages to an MTA. MTAs talk to other MTAs, and either deliver mail 15 | locally or hand it off for delivery to a [[link,mda]]. 16 | 17 | MTA is a generic term and usually refers to one of these popular software 18 | packages: 19 | 20 | * [Postfix](https://www.postfix.org/) 21 | flexible mailer. 22 | * [Exim](https://www.exim.org/) 23 | * [Sendmail](https://www.proofpoint.com/us/products/email-protection/open-source-email-solution), the original BSD mailer. 24 | * [Courier](https://www.courier-mta.org/) 25 | * [qmail](https://cr.yp.to/qmail.html) is an obsolete and unmaintained server. 26 | If you really intend to continue using it, read 27 | [Dave Sill's Life with qmail](http://www.lifewithqmail.org/) which contains 28 | instructions to work around some of qmail's security issues. 29 | * [HALON](https://halon.io/) is a commercial MTA, which supports Dovecot Auth 30 | and LMTP. 31 | 32 | Some people also subsume mail fetching utilities under the MTA category, among 33 | them: 34 | 35 | * [fetchmail](https://www.fetchmail.info/), a fast mail retriever. 36 | * [getmail](https://pyropus.ca/software/getmail/),a mail retrieval utility 37 | written in Python. 38 | 39 | These mail fetching utilities can be used to store mail for later retrieval by 40 | Dovecot. 41 | -------------------------------------------------------------------------------- /docs/developers/design/indexes/images/mail-index-log.drawio: -------------------------------------------------------------------------------- 1 | 5Zrbbts4EEC/RkD7EEN3K4+x024LdLEFvG3TvgSMOJKFpUSDomN5v76kRFkXymmL2Mu4awMBObyIPDPizJixvGVe/cHQZv0nxUAs18aV5d1arhtFc/FXCvaNwL92GkHKMtyIeoJV9i8ooa2k2wxDOejIKSU82wyFMS0KiPlAhhiju2G3hJLhUzcoBU2wihHRpV8yzNdqW4Hdyd9Blq7bJzu2aslR21kJyjXCdNcTeW8sb8ko5U0pr5ZAJLuWSzPu7ZHWw8IYFPxnBnxe2XffFn9VJbwLN/mHq485/vvKbWZ5RGSrNozpI8SUz7ICQ6VWzvctDka3Qi5ntC1vsVtnHFYbFMvWndC/kK15TkTNEcUkI2RJCWX1WC8J5FfIS87oP9BrCeuPHEEL3pM3HyFXqwTGoTq6fecAVRgj0Bw424suaoCv1LAfVnedUp1WqeueQj0lQ8qO0sPEHWpRULR/gbynkV8DwsCE7FUBFb/f1sPD15YbErGYxYNoClNZIjS9l53vaZKUwMWIegJ7NptpCvuBiob6PD3muWnMgYb503vJypGcrWC5AiheP4/ayMxxABH2p8w8ch+82sxPz/lw7BgDHR4B7SnQbwlKU8CnZZ0kiRvHU6xx+BAGZ2LtmWY9P8Lal6xPbM0IomSScBhH8JCch3BomnD0tF+ciSP4N/KNbvDCnOP1Uedo2L2NSRn3b47zxLlruYtEHLulLDau7gJP3zFy59o4cz1q7s7fIfObotwBEwAv70zWuBs/lB09Zm64i9jDvtlsoMAq2LhlKOGndYTgiMBuPgX9Opx76EzGfsgezUH3Nejvi6scclqvOxcQfx9H6IcvzBE6ev4ymSbOn2nsZ2Bn3jUeC5NHKUnnHS8yORlhN58JOnrw3EtPek7xIjOVMW7jyaCjB8vdTxxQbbZFCqcF/Z/8wKF5wsA06NYVT4YfFx11aEZtPNRz9bRGBNYaWrFlPqQ55FTQAkZQlQiRLC1ENRaIhDf1FhJgFiNyoxryDGP5mMn4ZaQzEZComwvvVHmmPdRIpCvEn9CHezZ96ClPq5X/hT5854Xp41gq5Ggp6MnTfjPnv/m4xtVj8Zdw46KBMh6RuPpdgEZJ5Oo38npWvvIElWUWj9LC0TssYLD9naJWV772K7fVoLZva1XG79SMslyPmc0DVe1Gycp+oBPA2sXwSCNiP3TLYniChHpLOWIp8KdiOHdaxT0VTmmwlTEgiGePw/VOqVU94SPNCt5ZkDcfhVpjy2j2qUZ1xqFN5LsjU4xGEzUgtIlqKztse8rwRLW7KW+6d/9u4L35Dg== -------------------------------------------------------------------------------- /docs/installation/upgrade/overview.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Overview 4 | order: 1 5 | --- 6 | 7 | # Upgrading Dovecot 8 | 9 | The [NEWS](https://github.com/dovecot/core/blob/main/NEWS) file, contained in 10 | the top-level of the source, contains all the important changes between 11 | releases. These changes are marked with `*` character. 12 | 13 | Read them to see if there is anything that concerns you. 14 | 15 | In general all the changes try to preserve backwards compatibility, but some 16 | changes which are meant to improve the stability and correctness of the 17 | configuration could mean breaking some existing installations. That may be a 18 | good thing, since it can expose problems which could otherwise show up as 19 | random errors. 20 | 21 | ## File Formats 22 | 23 | Since v2.4.0 release, upgrading won't silently change configuration 24 | (defaults). Either the old configuration is preserved, or startup fails 25 | asking you to upgrade the configuration file. The defaults are changed only 26 | when [[setting,dovecot_config_version]] setting is changed. 27 | 28 | Similarly since v2.4.0 release, upgrading won't do any backwards incompatible 29 | changes to storage files. If the release no longer supports an old storage 30 | file format, the startup fails instead. The new file formats are used only when 31 | [[setting,dovecot_storage_version]] setting is changed. 32 | 33 | ## Dovecot CE 2.3 and later 34 | 35 | * [[link,upgrading-2.2-to-2.3]] 36 | * [[link,upgrading-2.3-to-2.3]] 37 | * [[link,upgrading-2.3-to-2.4]] 38 | 39 | ## Dovecot CE 2.2 and earlier 40 | 41 | See https://doc.dovecot.org/installation_guide/upgrading/. 42 | -------------------------------------------------------------------------------- /docs/core/admin/http.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: HTTP Client 4 | dovecotlinks: 5 | lib_http_response_codes: 6 | hash: internal-http-response-codes 7 | text: "Dovecot HTTP Internal Response Codes" 8 | --- 9 | 10 | # Dovecot HTTP Client 11 | 12 | HTTP requests within Dovecot are performed using its internal HTTP client 13 | (internally referred to as "lib-http"). 14 | 15 | ## Internal HTTP Response Codes 16 | 17 | Dovecot's lib-http uses custom HTTP response codes for some error 18 | conditions. 19 | 20 | In certain locations, e.g. [[link,lua_lib-http]], these codes may be visible 21 | to an admin or in logging, so these response codes must be handled in the 22 | same way that standard RFC codes are. 23 | 24 | | Number | Code | Description | 25 | | ------ | ---- | ----------- | 26 | | 9000 | ABORTED | The request was aborted. | 27 | | 9001 | INVALID_URL | Failed to parse HTTP target url. | 28 | | 9002 | HOST_LOOKUP_FAILED | Failed to perform DNS lookup for the host. | 29 | | 9003 | CONNECT_FAILED | Failed to setup any connection for the host and client settings allowed no more attempts. | 30 | | 9004 | INVALID_REDIRECT | Service returned an invalid redirect response for this request. | 31 | | 9005 | CONNECTION_LOST | The connection was lost unexpectedly while handling the request and client settings allowed no more attempts. | 32 | | 9006 | BROKEN_PAYLOAD | The input stream passed to the request using http_client_request_set_payload() returned an error while sending the request. | 33 | | 9007 | BAD_RESPONSE | The service returned a bad response. | 34 | | 9008 | TIMED_OUT | The request timed out (either this was the last attempt or the absolute timeout was hit). | 35 | -------------------------------------------------------------------------------- /docs/developers/design/indexes/images/lib-index.drawio: -------------------------------------------------------------------------------- 1 | 7VpNc5swEP01PrYDCDA+Nm6SHtqZTnNocsrISAY1AjlC/uqvrwDJIEwyeIKLndgHW3orCWnf7molPALTZHPL4SL+wRCmI8dCmxH4OnKcYOLI7xzYloA/VkDECSohuwLuyF+sQEuhS4JwZjQUjFFBFiYYsjTFoTAwyDlbm83mjJpPXcAI7wF3IaT76G+CRKyW5fgV/g2TKNZPtv1JKZnB8CnibJmq540cMC8+pTiBeiy10CyGiK1rELgegSlnTJSlZDPFNFetVlvZ7+YF6W7eHKeiSwcQqHmIrV47RlIVqpqyVP5cFQvCeRdL1mKRUFm0ZRFviLhXcF5+yMufvbyWCr69N6sPqmUmIBdfcpqqRxTYDaFUj5aiRguJ1OR/sBBbZThwKZiEGBcxi1gK6XfGFmqGmeDsCU8ZZbxYHrCKj5Tsq0ppL2NLHmpDULzK2UVYNQNuieWKqnVUCr7FLMFysbIBxxQKsjJtCirTjHbtKnpkQTH0AluTXtiyDbbG750ubyi6XKsf5yopUYTZ/bJ1/SuB6fak+AKD8eUdwb3euXe5zlBs6dmsIF1ivdv6VM7raiYLUV5IIKGPRNK10SI56k66x7ZJ7TomAt8tYLH8tcxzTLojCrNMNUUwi4t+tqr8hEJgnhaIY+XoXNJV0zzycIBciUNKorxdKDWPeRtJgTMDvv8aSSvMBd68qn4lBTrDUolZoKrrKsuxdW4S1zIcYPWwe42P7l6GcxWyswqHOvSdRrbh2r3w9Y63r1a+/MGyQ3BIQHxcEbxuj4olhshKQxl+lkWY5BGwkH3aVQu5PK3lysI8I5nIFVYNWxulZWCOISJplC+iEaSNfh8uTDsTM0zboCVO+y1xetJHnHYPsqNEarybGcnf5yUrDCqFiyxmokI6m4wyFLlqiCQRh3bjOGQcZRdL01K3g6W1ZQTjHizNHbdY2hu2nDPKpfWp1Milh9s6vI4uH8IwxpdcuqQr6OA61pGSaffoF3e7TK12TXRGDqad6TSuFjzrw0a6NiLcyWCHGv+QSHdIkqxCo0UZe1ouLhnGLkyOG2Ey8LplGJ7Xg9/1dIbtHCbPLUq2XcAOloa4Xa/0SucUHKYZDAVhaUcfTRgi82154mymMh/cS33TSx2/xUvdY90Mdg3K5YnzbbxfbhqMC2GrwbvbksS28e73EJ3dtpuG/5cVDXt5qN+cGHnRcO++nI4uWHO+R8qiy1mw9Aa7w1kQHOss2PXit8Hdo9Td5TCvCLSaWWoLgd6RCPQ6Ot+MbU7R5+Zz7IdhJ8rQeDJ7PUQecHXpNLYuL9inrKeXmbJa/SmrkNX++Aau/wE= -------------------------------------------------------------------------------- /docs/howto/sasl/chasquid.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Chasquid and Dovecot SASL 4 | dovecotlinks: 5 | howto_chasquid_and_dovecot_sasl: Chasquid and Dovecot SASL 6 | --- 7 | 8 | # Chasquid and Dovecot SASL 9 | 10 | [chasquid](https://blitiri.com.ar/p/chasquid) users can use Dovecot 11 | [[link,sasl]] instead of Cyrus SASL for authenticating SMTP clients. 12 | 13 | This is supported from version 0.04 and later, and uses the `PLAIN` 14 | mechanism only. 15 | 16 | ## Configuration Example 17 | 18 | ::: code-group 19 | ```[dovecot.conf] 20 | auth_mechanisms = plain login 21 | 22 | service auth { 23 | ... 24 | # If chasquid is running under a different user, adjust the 'user =' 25 | # lines accordingly. 26 | unix_listener auth-chasquid-userdb { 27 | mode = 0660 28 | user = chasquid 29 | } 30 | 31 | unix_listener auth-chasquid-client { 32 | mode = 0660 33 | user = chasquid 34 | } 35 | ... 36 | } 37 | ``` 38 | 39 | ```[/etc/chasquid/chasquid.conf] 40 | dovecot_auth: true 41 | ``` 42 | ::: 43 | 44 | That should be it, because chasquid will "autodetect" the full path to the 45 | Dovecot sockets, by looking in the usual places (tested in Debian, Ubuntu, and 46 | CentOS). 47 | 48 | If chasquid can't find them, the paths can be set with the 49 | `dovecot_userdb_path` and `dovecot_client_path` options (see the 50 | chasquid configuration manual page for details). 51 | 52 | ## Additional Information 53 | 54 | * chasquid's [Dovecot integration documentation](https://blitiri.com.ar/p/chasquid/docs/dovecot/) 55 | * chasquid's [How-to](https://blitiri.com.ar/p/chasquid/docs/howto/) 56 | * chasquid's [Dovecot library source code](https://blitiri.com.ar/git/r/chasquid/b/master/t/internal/dovecot/f=dovecot.go.html) 57 | -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Home 4 | --- 5 | 6 | # Dovecot Community Edition (CE) 7 | 8 | 9 | 10 |
11 | 12 | Dovecot is an open source email server for Linux/UNIX-like systems, 13 | written with security primarily in mind. Dovecot is an excellent choice for 14 | both small and large installations. It's fast, simple to set up, requires 15 | no special administration and it uses very little memory. 16 | 17 | Dovecot supports the IMAP ([[rfc,3501]]), POP3 ([[rfc,1939]]), LMTP 18 | ([[rfc,2033]]), and ManageSieve ([[rfc,5228]]) mail protocols. 19 | 20 | ## Dovecot Pro 21 | 22 | [Dovecot Pro](https://www.open-xchange.com/portfolio/ox-dovecot-pro/) is 23 | a commercial software product of [Open-Xchange](https://www.open-xchange.com/). 24 | 25 | Dovecot Pro implements Palomar, a cloud-native architecture that allows for 26 | Dovecot to be highly available, scalable, and stateless. 27 | 28 | Dovecot Pro uses Dovecot Core as part of the Palomar architecture. 29 | 30 | For full details and documentation on Dovecot Pro, visit [[link,dovecot_pro]]. 31 | 32 | ## Dovecot Community Edition 33 | 34 | [Dovecot Community Edition (CE)](https://www.dovecot.org/) is the open source 35 | version of Dovecot. 36 | 37 | Dovecot CE is designed for use on a single server. There is no support or 38 | maintenance for multiple Dovecot servers to interact with each other. 39 | 40 | This site fully documents Dovecot CE and its behavior. 41 | 42 | Dovecot CE is also referred to as "Dovecot Core" in this documentation. 43 | 44 | To get started, see https://repo.dovecot.org/ and [[link,quick_config]]. 45 | 46 | Please use the 47 | [Dovecot mailing list](https://www.dovecot.org/mailinglists.html) for 48 | questions about Dovecot CE. 49 | -------------------------------------------------------------------------------- /.github/workflows/container.yml: -------------------------------------------------------------------------------- 1 | name: Build Container 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | 8 | env: 9 | REGISTRY: ghcr.io 10 | IMAGE_NAME: ${{ github.repository }} 11 | 12 | jobs: 13 | releasenew: 14 | runs-on: ubuntu-latest 15 | permissions: 16 | contents: read 17 | packages: write 18 | steps: 19 | - name: Checkout 20 | uses: actions/checkout@v4 21 | - name: Setup Node 22 | uses: actions/setup-node@v4 23 | with: 24 | node-version: 20 25 | cache: npm 26 | - name: Install Dependencies 27 | run: npm ci 28 | - name: Build with VitePress 29 | run: | 30 | npm run docs:build 31 | # Login against a Docker registry 32 | # https://github.com/docker/login-action 33 | - name: Log into registry ${{ env.REGISTRY }} 34 | uses: docker/login-action@v3 35 | with: 36 | registry: ${{ env.REGISTRY }} 37 | username: ${{ github.actor }} 38 | password: ${{ secrets.GITHUB_TOKEN }} 39 | # Extract metadata (tags, labels) for Docker 40 | # https://github.com/docker/metadata-action 41 | - name: Extract Docker metadata 42 | id: meta 43 | uses: docker/metadata-action@v5 44 | with: 45 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 46 | # Build and push Docker image with Buildx 47 | # https://github.com/docker/build-push-action 48 | - name: Build and push Docker image 49 | id: build-and-push 50 | uses: docker/build-push-action@v5 51 | with: 52 | context: . 53 | file: .github/actions/container/Dockerfile 54 | push: true 55 | tags: ${{ steps.meta.outputs.tags }} 56 | labels: ${{ steps.meta.outputs.labels }} 57 | -------------------------------------------------------------------------------- /.vitepress/theme/DovecotLayout.vue: -------------------------------------------------------------------------------- 1 | 13 | 14 | 36 | 37 | 69 | -------------------------------------------------------------------------------- /docs/core/plugins/notify_status.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: notify-status 4 | --- 5 | 6 | # Notify Status Plugin (`notify-status`) 7 | 8 | This plugin updates a [[link,dict]] with mailbox status information 9 | every time a mailbox changes. 10 | 11 | ## Settings 12 | 13 | ::: warning 14 | This plugin requires that the [[plugin,notify]] is loaded. 15 | ::: 16 | 17 | 18 | 19 | ## Configuration 20 | 21 | ### Dictionary Configuration 22 | 23 | See [[link,dict]] for how to configure dictionaries. 24 | 25 | This plugin updates the `priv/status/` key. 26 | 27 | ### Example 28 | 29 | ```[dovecot.conf] 30 | mail_plugins { 31 | notify = yes 32 | notify_status = yes 33 | } 34 | 35 | notify_status { 36 | dict proxy { 37 | name = notify_status 38 | socket_path = dict-async 39 | } 40 | } 41 | 42 | # By default no mailbox is added to dict. To enable all notify_status for 43 | # all mailboxes add: 44 | #mailbox_notify_status = yes 45 | 46 | # If you keep the default mailbox_notify_status = no you can enable it per 47 | # mailbox like this: 48 | mailbox inbox { 49 | notify_status = yes 50 | } 51 | mailbox TestBox { 52 | notify_status = yes 53 | } 54 | ``` 55 | ### SQL dict Example 56 | 57 | ::: code-group 58 | 59 | ```[Dictionary Map] 60 | dict_map priv/status/$box { 61 | sql_table = mailbox_status 62 | username_field = username 63 | 64 | key_field mailbox { 65 | value = $box 66 | } 67 | value_field status { 68 | } 69 | } 70 | ``` 71 | 72 | ```sql[SQL Schema] 73 | CREATE TABLE mailbox_status ( 74 | username VARCHAR(255) NOT NULL, 75 | mailbox VARCHAR(255) NOT NULL, 76 | status VARCHAR(255), 77 | PRIMARY KEY (username, mailbox) 78 | ); 79 | ``` 80 | 81 | ::: 82 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-force-resync.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-force-resync 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-force-resync(1) - Repair broken mailboxes 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **force-resync** 12 | [**-S** *socket_path*] 13 | **-A** *mailbox* 14 | 15 | **doveadm** [*GLOBAL OPTIONS*] **force-resync** 16 | [**-S** *socket_path*] 17 | **-F** *file* *mailbox* 18 | 19 | **doveadm** [*GLOBAL OPTIONS*] **force-resync** 20 | [**-S** *socket_path*] 21 | **\-\-no-userdb-lookup** *mailbox* 22 | 23 | **doveadm** [*GLOBAL OPTIONS*] **force-resync** 24 | [**-S** *socket_path*] 25 | **-u** *user* *mailbox* 26 | 27 | ## DESCRIPTION 28 | 29 | Under certain circumstances it may happen, that [[man,dovecot]] is 30 | unable to automatically solve problems with mailboxes. In such 31 | situations the **force-resync** command may be helpful. It tries to fix 32 | all problems. For sdbox and mdbox mailboxes the storage files will be 33 | also checked. 34 | 35 | 36 | 37 | ## OPTIONS 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | ## ARGUMENTS 50 | 51 | *mailbox* 52 | : The name of the mailbox to fix. With mdbox all of the mailboxes are 53 | fixed, so you can use for example INBOX as the name. 54 | 55 | ## EXAMPLE 56 | 57 | Fix bob's INBOX: 58 | 59 | ```sh 60 | doveadm force-resync -u bob INBOX 61 | ``` 62 | 63 | 64 | 65 | ## SEE ALSO 66 | 67 | [[man,doveadm]] 68 | -------------------------------------------------------------------------------- /docs/developers/design/indexes/images/mail-index-cache.drawio: -------------------------------------------------------------------------------- 1 | 5Vrtc5owGP9rvNs+lONF0H5s7duu29o7u63dl10kQdjAeCEq7q9fgKBA0KpFgp29s8mTF8jv9+PJkwc7xiCIbgmYul8wRH5HV2HUMa46ut7v99l3bFimBqunp4Yx8WBq0taGofcXcaPKrTMPorDQkWLsU29aNNp4MkE2LdgAIXhR7OZgv3jVKRgjwTC0gS9af3iQunxZprq23yFv7GZX1lTeEoCsMzeELoB4kTMZ1x1jQDCmaSmIBsiPsctwScfdbGhd3RhBE7rLgO9D9fnn5UMUojtrGnw+ewzg0xknYw78GV8wxHNkY6p4E4gifud0mcFB8IzZ4xnVjnG5cD2KhlNgx60Lxj+zuTTwWU1jRcfz/QH2MUnGGo4Z/zF7SAn+g3ItVvKJR+AJzdnTD7OLa+XLnyNCUZQz8bXfIhwgSpasC2/tchqWxepiTaqWkermCDW4DXAdjVcTr6FmBY72HsgbAvI2sF2kEBQi+isZqulGV2DgFcyLBNWPW082bqaA27dP7Ftlq1A/pBBix2EYskZFUT6+DcCShKGJ+rBbJeG+PjISCdcP+cqlSMPc2oC50QTmjuPotl2FObRGlnkkzA3ZmPe3e2bFx+P35J3NlrnncwF+FwGIiHx/bLbMIWvdV5SaOIh3pFW9bVrVxD2xbVFEGTP5qu2JDzgkSjgb/U6PEcOsdJEcG3BHt3xWuxwxF2CN41LgBUhhqNAw3fZOMNIo0yI/1NDEfW8LLyNAGualmWhE4EV6OJKdYku83BAcsFr6L2aEkQCCGNCElFnIdsyuiiJm85Fis15Ze0LVe3hkLOnUbDpK5mPyE0S6HOnId066uNFWHdpN6dutAF2T/uPhXnt5MSBki/Lvnd6F+2R9PdME5ASQ0ARexBk7VrN9EIaeXUSJwUGWzxykpPKSr1xFhdoyq0Uefc5mYOVkjGLy2npQXFkWGEBQSA0KlIR4Rmy0RTJcCxSQMaKvxiMioTnCqvjKbAT5gHrz4v1Wkciv8Ig9tpLc6beoF6Nb0kG6Tj5KzyUZyxOVhKeflyZKgRAmSjS1WvbhMtOPJrNUMu0VmiVTP9r5Bn+zr342Bj4N6UfcSg/Xj3aIm1LlqCeLIV71U7lXF23wU3pdfqrXrM7EQGJ/nR3gb+wZmSdxxuFCrVN06mlujgeLTi85N2030TEZgGWu2zTuEG65Yavaia41nM5Yq6LFdwStzwIK8XSFjHc+B67eWEsLscWM1hGOJfVi1mTqtBKzvbJNO2YByz1ONk9SL9e7pnytY3Fd8UrnJDOLtdJiyM8MiKmBtqSv3oS0kINpMlFYjbR4Oj4y0s1oWkD6XDrS/8E5cuvDnA/pN2+80iL6coCcJXb3jui10kQNHyMr3r3XpDNNqs5aLp9Nof/e8imfLFWzJvmw6vqXpWn39c9zjet/ -------------------------------------------------------------------------------- /lib/doveadm.js: -------------------------------------------------------------------------------- 1 | /* List of Doveadm argument value types. */ 2 | export const doveadm_arg_types = { 3 | ARRAY: 1, 4 | BOOL: 2, 5 | INTEGER: 3, 6 | STRING: 4, 7 | SEARCH_QUERY: 5, // Search query is an ARG_ARRAY 8 | ISTREAM: 6, 9 | } 10 | 11 | /* List of Doveadm flag value types. */ 12 | export const doveadm_flag_types = { 13 | NONE: 0, 14 | USER: 1, 15 | USERFILE: 2, 16 | USERMASK: 4, 17 | } 18 | 19 | export const doveadm_args_query = { 20 | example: ['mailbox', 'INBOX/myfoldertoo', 'savedbefore', 'since', '30d'], 21 | positional: true, 22 | type: doveadm_arg_types.SEARCH_QUERY, 23 | text: `Search query to apply.`, 24 | } 25 | 26 | export const doveadm_args_usermask = { 27 | example: 'username', 28 | positional: true, 29 | type: doveadm_arg_types.STRING, 30 | text: `User Mask.` 31 | } 32 | 33 | export const doveadm_args_human_timestamp = ` 34 | Allowable formats: 35 | 36 | * yyyy-mm-dd (non-UTC), 37 | * IMAP date ("dd-mm-yyyy"; see [[rfc,3501]]) (non-UTC) 38 | * IMAP date-time ("dd-mm-yyy HH:MM:SS +0000; see [[rfc,3501]]) (UTC supported) 39 | * Unix timestamp (UTC supported) 40 | * Interval ("n days", UTC supported)` 41 | 42 | /* Generate command line string for doveadm. */ 43 | export function getDoveadmCmdLine(args) { 44 | let ret = '' 45 | 46 | for (const [k, v] of Object.entries(args)) { 47 | if (v.hidden) { 48 | continue; 49 | } 50 | 51 | if (v.positional) { 52 | ret += (v.optional ? '[' : '<') + k.replace('-', ' ') + (v.optional ? '] ' : '> ') 53 | } else { 54 | ret += '[-' 55 | if (v.cli) { 56 | ret += v.cli 57 | } else { 58 | ret += '-' + k 59 | } 60 | 61 | if (v.type != doveadm_arg_types.BOOL) { 62 | ret += ' ' + k 63 | } 64 | 65 | ret += '] ' 66 | } 67 | } 68 | 69 | return ret.trim() 70 | } 71 | -------------------------------------------------------------------------------- /docs/core/config/include/login_process_high_security.inc: -------------------------------------------------------------------------------- 1 | You can enable high-security mode with: 2 | 3 | ```[dovecot.conf] 4 | service imap-login { 5 | restart_request_count = 1 6 | #process_min_avail = 0 7 | } 8 | 9 | service pop3-login { 10 | restart_request_count = 1 11 | } 12 | ``` 13 | 14 | It works by using a new imap-login or pop3-login process for each incoming 15 | connection. Since the processes run in a highly restricted chroot, running 16 | each connection in a separate process means that in case there is a 17 | security hole in Dovecot's pre-authentication code or in the SSL library, 18 | the attacker can't see other users' connections and can't really do 19 | anything destructive. The only way out of it is to find and exploit a 20 | kernel security hole. 21 | 22 | Since one login process can handle only one connection, the service's 23 | [[setting,service_process_limit]] setting limits the number of users that can 24 | be logging in at the same time (defaults to [[setting,default_process_limit]]). 25 | 26 | SSL/TLS proxying processes are also counted here, so if you're using 27 | SSL/TLS you'll need to make sure this count is higher than the maximum 28 | number of users that can be logged in simultaneously. 29 | 30 | With TLS/SSL connections, the login process will not terminate, and remains 31 | to perform proxying between imap backend process and the client. 32 | 33 | * If the maximum login process count is reached, the oldest process in 34 | logging-in state (ie. non-proxying) is destroyed. 35 | * To avoid startup latency for new client connections, set 36 | [[setting,service_process_min_avail]] to higher than zero. That many idling 37 | processes are always kept around waiting for new connections. 38 | * [[setting,service_vsz_limit]] should be fine at its default value. 39 | -------------------------------------------------------------------------------- /components/EventsComponent.vue: -------------------------------------------------------------------------------- 1 | 20 | 21 | 35 | 36 | 67 | -------------------------------------------------------------------------------- /.vitepress/theme/custom.css: -------------------------------------------------------------------------------- 1 | :root { 2 | --vp-sidebar-width: 304px; 3 | --dovecot-logo-roof: #54bbab; 4 | } 5 | 6 | .VPDoc.has-aside .content-container { 7 | max-width: 95% !important; 8 | } 9 | 10 | .VPContent.has-sidebar { 11 | @media (min-width: 960px) { 12 | padding-left: 288px !important; 13 | } 14 | @media (min-width: 1440px) { 15 | padding-right: 0 !important; 16 | } 17 | } 18 | 19 | .VPDoc.has-sidebar.has-aside { 20 | @media (min-width: 960px) and (max-width: 1500px) { 21 | padding-left: 0; 22 | } 23 | } 24 | 25 | .VPDoc.has-sidebar.has-aside .container > .content { 26 | @media (min-width: 1500px) { 27 | padding-left: 52px; 28 | padding-right: 52px; 29 | } 30 | } 31 | 32 | .VPSidebar { 33 | padding-left: 32px !important; 34 | padding-right: 32px !important; 35 | padding-bottom: 32px !important; 36 | width: var(--vp-sidebar-width) !important; 37 | } 38 | 39 | section.VPSidebarItem.level-0:not(.collapsible) { 40 | padding-bottom: 12px !important; 41 | } 42 | 43 | .VPNavBar.has-sidebar .content { 44 | padding-left: var(--vp-sidebar-width) !important; 45 | padding-right: 32px !important; 46 | @media (max-width: 960px) { 47 | --vp-sidebar-width: 32px; 48 | padding-right: 0 !important; 49 | } 50 | } 51 | 52 | .VPNavBar.has-sidebar div.title { 53 | padding-left: 32px !important; 54 | margin-top: 1px; 55 | width: var(--vp-sidebar-width) !important; 56 | @media (max-width: 960px) { 57 | padding-left: 0 !important; 58 | width: auto !important; 59 | } 60 | } 61 | 62 | .VPNav div.divider { 63 | padding-left: var(--vp-sidebar-width) !important; 64 | @media (max-width: 960px) { 65 | padding-left: 0px !important; 66 | } 67 | } 68 | 69 | .large { 70 | font-size: 20pt; 71 | margin-bottom: 1em; 72 | line-height: 125%; 73 | } 74 | -------------------------------------------------------------------------------- /docs/howto/ssl/cert_import.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Certificate Importing 4 | --- 5 | 6 | # SSL Certificate Importing to Clients 7 | 8 | You may import either the server's self-signed certificate or the CA 9 | certificate (see [certificate_creation](cert_create)). 10 | 11 | ## Windows 11 12 | 13 | See https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/working-with-certificates 14 | 15 | ## Mac OS X 16 | 17 | - Doubleclick the certificate 18 | 19 | - Keychain should open 20 | 21 | - Add the certificate to X509 Anchors keychain 22 | 23 | Apple Mail uses the OS X's certificate store. 24 | 25 | ## Thunderbird 26 | 27 | Preferences -> Privacy -> Security -> View Certificates -> Authorities 28 | -> Import -> Trust this CA to identify email users. 29 | 30 | ## Opera Mail 31 | 32 | Preferences -> Advanced > Security > Certificates > Import certificate 33 | file. 34 | 35 | ## Evolution 36 | 37 | Preferences -> Certificates -> Authorities -> Import -> Trust this CA to 38 | identify email users. 39 | 40 | ## Mutt 41 | 42 | See https://gitlab.com/muttmua/mutt/-/wikis/MuttGuide/UseIMAP 43 | 44 | ## Pine 45 | 46 | http://www.madboa.com/geek/pine-ssl/ tells a story how to do this. 47 | Basically it seems to be: 48 | 49 | 1. Find out your OPENSSLDIR: `openssl version -d` 50 | 51 | 2. Get a hash of your certificate: 52 | `openssl x509 -in cert.pem -hash -noout` 53 | 54 | 3. Copy the certificate to `$OPENSSLDIR/certs/$hash.0` 55 | 56 | This probably works only for self-signed certificates. 57 | 58 | ## KMail 59 | 60 | See https://docs.kde.org/stable5/en/kmail/kmail2/manual-configuration-quickstart.html 61 | 62 | ## Claws Mail 63 | 64 | Configuration -> Edit accounts (Choose here your's one and press 65 | 'Edit'-button) 66 | 67 | Account -> SSL -> Certificate for receiving->Browse 68 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-instance.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-instance 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-instance(1) - Manage the list of running Dovecot instances 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **instance list** [**-c**] [*name*] 12 | 13 | **doveadm** [*GLOBAL OPTIONS*] **instance remove** *name* 14 | 15 | ## DESCRIPTION 16 | 17 | The **doveadm instance** commands are used to manage the list of Dovecot 18 | instances running on the server. In most installations there is only one 19 | Dovecot instance, but in some cases is may be useful to have more (e.g. 20 | running proxy and backend in the same server). 21 | 22 | Instances are added to the list automatically when Dovecot is started. 23 | Each instance is uniquely identified by its *base_dir* setting. 24 | Instances can be named by setting *instance_name* in each instance's 25 | *dovecot.conf*. When an instance is named, it can be accessed easily by 26 | giving **-i** *instance_name* command line parameter for Dovecot 27 | binaries (e.g. doveadm). 28 | 29 | 30 | 31 | ## ARGUMENTS 32 | 33 | *name* 34 | : The value of an instance's *instance_name* setting. Each instance can 35 | also be uniquely identified by its *base_dir* setting. 36 | 37 | ## COMMANDS 38 | 39 | ### instance list 40 | 41 | **doveadm** [*GLOBAL OPTIONS*] instance list [**-c**] [*name*] 42 | 43 | This command lists the seen Dovecot instances. 44 | 45 | **-c** 46 | : Output the config path instead of instance information. 47 | 48 | ### instance remove 49 | 50 | **doveadm** [*GLOBAL OPTIONS*] instance remove *name* 51 | 52 | This command removes the specified instance. 53 | 54 | 55 | 56 | ## SEE ALSO 57 | 58 | [[man,doveadm]] 59 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-purge.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-purge 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-purge(1) - Remove messages with refcount=0 from mdbox files 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **purge** 12 | [**-S** *socket_path*] 13 | **-A** 14 | 15 | **doveadm** [*GLOBAL OPTIONS*] **purge** 16 | [**-S** *socket_path*] 17 | **-F** *file* 18 | 19 | **doveadm** [*GLOBAL OPTIONS*] **purge** 20 | [**-S** *socket_path*] 21 | **\-\-no-userdb-lookup** 22 | 23 | **doveadm** [*GLOBAL OPTIONS*] **purge** 24 | [**-S** *socket_path*] 25 | **-u** *user* 26 | 27 | ## DESCRIPTION 28 | 29 | The **doveadm purge** command is used to remove all messages with 30 | refcount=0 from a user's mail storage. The refcount of a message is 31 | decreased to 0 when the user (or some administration utility) has 32 | expunged all instances of a message from all mailboxes. 33 | 34 | In the first form, the command will be executed for all users. 35 | 36 | In the second form, the command will be executed for all users listed in 37 | the given *file*. 38 | 39 | In the third form, the command will be performed for the user contained in the 40 | *USER* environment variable. 41 | 42 | 43 | In the last form, only messages of the given *user* (s) will be purged. 44 | 45 | 46 | 47 | ## OPTIONS 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | ## SEE ALSO 63 | 64 | [[man,doveadm]] 65 | 66 | Additional resources: 67 | 68 | - [[link,dbox]] 69 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-process-status.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-process-status 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-process-status(1) - Show information about dovecot processes 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **process status** [*service* [...]] 12 | 13 | ## DESCRIPTION 14 | 15 | **doveadm process status** produces a table with a line for each process, 16 | containing the following details: 17 | 18 | *name* 19 | : the name of the process 20 | 21 | *pid* 22 | : the pid of the process 23 | 24 | *available_count* 25 | : the number of further clients that can connect to the process 26 | 27 | *total_count* 28 | : the number of connected clients 29 | 30 | *idle_start* 31 | : timestamp when the process entered the idle status, 0 if active 32 | 33 | *last_status_update* 34 | : timestamp of the latest update from the process 35 | 36 | *last_kill_sent* 37 | : timestamp of the latest SIGINT signal sent to the process 38 | 39 | 40 | 41 | ## ARGUMENTS 42 | 43 | *service* (optional) 44 | : Filters the processes according to the specified service or services. 45 | By default, all dovecot processes are listed. 46 | 47 | ## EXAMPLES 48 | 49 | ```sh 50 | doveadm process status 51 | ``` 52 | ``` 53 | name pid available_count total_count idle_start last_status_update last_kill_sent 54 | stats 132400 999 5 0 1685365436 0 55 | log 132356 971 29 0 1685352909 0 56 | config 132357 999 6 0 1685365436 0 57 | anvil 132355 1000 0 1685352908 1685352908 0 58 | ``` 59 | 60 | 61 | 62 | ## SEE ALSO 63 | 64 | [[man,doveadm]], [[man,doveadm-service-status]] 65 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.3-to-2.3.x.inc: -------------------------------------------------------------------------------- 1 | ## Dovecot Core 2 | 3 | ### v2.3.x to v2.3.7 4 | 5 | * fts-solr: The obsolete break-imap-search parameter is no longer recognized 6 | 7 | ### v2.3.x to v2.3.12 8 | 9 | * Event filter syntax has changed, see [[link,event_filter]]. 10 | 11 | ### v2.3.x to v2.3.14 12 | 13 | * Removed autocreate plugin. Use [[setting_text,mailbox_auto,mailbox { auto }]] 14 | instead. 15 | * Removed expire plugin. Use 16 | [[setting_text,mailbox_autoexpunge,mailbox { autoexpunge }]] instead. 17 | * Removed xz write support from zlib plugin. (Reading xz compressed mails 18 | is still supported.) Use another compression algorithm. 19 | 20 | ### v2.3.x to v2.3.15 21 | 22 | * [[setting,ssl_min_protocol]] default changed to TLSv1.2, as older TLS 23 | versions are deprecated (see [[rfc,8996]]). Change it to TLSv1 or 24 | TLSv1.1 if you need to support older, deprecated protocols. 25 | * The 'SNIPPET' and 'PREVIEW (w/explicit algorithm selection)' IMAP commands 26 | have been deprecated. The new [[rfc,8970]] compliant PREVIEW command 27 | should be exclusively used in the future. 28 | * [[plugin,fs-compress]] now accept per-algorithm value. 29 | * `plugin-zlib ` now accepts per-algorithm value. 30 | * `plugin-imap-zlib` now uses per-algorithm compression level settings. 31 | The old setting is ignored. 32 | 33 | ### v2.3.x to v2.3.16 34 | 35 | * [[link,service_auth_worker]] service service_count setting has been changed. 36 | 37 | ### v2.3.x to v2.3.20 38 | 39 | * `fts_stopwords_workaround` has been introduced. 40 | 41 | The default for the setting, `auto`, activates some mitigations for the 42 | problem of some searches failing to retrieve the expected result when 43 | stopwords and multiple languages are used together. 44 | To revert to the pre 2.3.20 behavior, set `fts_stopwords_workaround = no`. 45 | -------------------------------------------------------------------------------- /docs/developers/design/mailbox.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Mailbox 4 | dovecotlinks: 5 | design_mailbox: mailbox 6 | --- 7 | 8 | # Mailbox 9 | 10 | `src/lib-storage/mail-storage.h` and `mail-storage-private.h` 11 | describes mailbox API, among others. Mailbox life cycle often goes like: 12 | 13 | - `mailbox_alloc()` allocates memory for the mailbox and initializes 14 | some internal settings, but doesn't actually try to open it. 15 | 16 | - `mailbox_open()` opens the mailbox. Instead of opening a mailbox, 17 | you can also create it with `mailbox_create()`. 18 | 19 | - If you're immediately syncing the mailbox, you don't need to open 20 | it, because it's done implicitly. This reduces your code and error 21 | handling a bit. 22 | 23 | - `mailbox_close()` closes the mailbox, so that it needs to be opened 24 | again if it's wanted to be accessed. This is rarely needed. 25 | 26 | - `mailbox_free()` closes and frees the mailbox. 27 | 28 | There are a lot of functions to deal with mailboxes. The most important 29 | ones are: 30 | 31 | - `mailbox_get_status()` to get a summary of mailbox, such as number 32 | of messages in it. 33 | 34 | - `mailbox_get_metadata()` to various kinds of metadata of a mailbox, 35 | such as the sum of the message sizes inside the mailbox. 36 | 37 | - [Mailbox Sync](mailbox_syncing): 38 | `mailbox_sync_*()` to synchronize changes from the backend to memory. 39 | 40 | - [Mailbox Transactions](mailbox_transaction): 41 | `mailbox_transaction_*()` for transaction handling. All message 42 | reads and writes are done in a transaction. 43 | 44 | - [Mailbox Searching](mailbox_searching): 45 | `mailbox_search_*()` is used for searching messages. Even simple 46 | operations like "get all messages" go through this API by creating a 47 | "search all" query. 48 | 49 | - [Mailbox Saving](mailbox_saving): 50 | `mailbox_save_*()` and `mailbox_copy()` is used for 51 | saving/copying new messages to mailbox. 52 | -------------------------------------------------------------------------------- /docs/issues.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Issue Reporting 4 | order: 50 5 | dovecotlinks: 6 | ce_bug_report: Issue Reporting 7 | --- 8 | 9 | # Issue Reporting 10 | 11 | ## Security Issues 12 | 13 | Report security-related issues to: 14 | 15 | * [Dovecot's YesWeHack Program](https://vdp.open-xchange.com/) 16 | * security@dovecot.org 17 | 18 | ## Bugs 19 | 20 | Bugs should be reported to the 21 | [Dovecot mailing list](https://www.dovecot.org/mailing-lists/). 22 | 23 | ### Report Details 24 | 25 | #### Technical Details 26 | 27 | ::: warning Recommended 28 | You can provide most of the system related information with 29 | [`dovecot-sysreport`](https://raw.githubusercontent.com/dovecot/core/master/src/util/dovecot-sysreport) 30 | command. 31 | ::: 32 | 33 | Provide Dovecot configuration produced by `dovecot -n`. 34 | 35 | If the output does doesn't already show it, specify also: 36 | 37 | * Dovecot version 38 | * Operating system or Linux distribution name 39 | * CPU architecture (x86 or something else?) 40 | * Filesystem you used (especially if you use NFS or not) 41 | 42 | ::: tip 43 | Don’t send the whole `dovecot.conf` file, it’s way too large especially 44 | if you don’t remove the comments. 45 | ::: 46 | 47 | #### Problem Description 48 | 49 | Some kind of description of what you were doing and with what mail 50 | (e.g., IMAP) client. 51 | 52 | #### Reproducible Testcase 53 | 54 | If the problem can be reproduced, it helps a lot if you can tell how. If it 55 | happens only with a specific mail, add it as attachment if possible. 56 | 57 | ::: warning 58 | 59 | Don't send sensitive details in your report. 60 | 61 | You can hide all the actual mail data from messages using 62 | [mbox-anonymize](https://dovecot.org/tools/mbox-anonymize.pl). 63 | ::: 64 | 65 | ### Debugging Crashes 66 | 67 | See [[link,debug_core_dumps]]. 68 | 69 | ### Debugging Hangs 70 | 71 | See [[link,debug_hangs]]. 72 | 73 | ### Debugging Clients 74 | 75 | See [[link,debug_clients]]. 76 | -------------------------------------------------------------------------------- /docs/core/config/auth/include/anvil.inc: -------------------------------------------------------------------------------- 1 | Dovecot anvil process tracks authentication penalties for different IPs 2 | to slow down brute force login attempts. The penalty is increased after failed 3 | logins until a maximum value, unless [[link,passdb_extra_field_nodelay]] is 4 | used. The penalty is applied for the IP before passdb lookups are done, so 5 | the delay might exist even with `nodelay` if it is not used for all 6 | authentication attempts for the IP. 7 | 8 | ## Algorithm 9 | 10 | - First auth failure reply will be delayed for 2 seconds (this happens 11 | even without auth penalty) 12 | 13 | - `AUTH_PENALTY_INIT_SECS` in `src/auth/auth-penalty.h` 14 | 15 | - The delay will be doubled for 4 -> 8 seconds, and then the upper 16 | limit of 15 seconds is reached. 17 | 18 | - `AUTH_PENALTY_MAX_SECS` and `AUTH_PENALTY_MAX_PENALTY` in 19 | `src/auth/auth-penalty.h` 20 | 21 | - If the IP is in [[setting,login_trusted_networks]] (e.g. webmail), skip any 22 | authentication penalties 23 | 24 | - If the username+password combination is the same as one of the last 25 | 10 login attempts, skip increasing authentication penalty. 26 | 27 | - `CHECKSUM_VALUE_PTR_COUNT` in `src/anvil/penalty.c` 28 | 29 | - The idea is that if a user has simply configured the password 30 | wrong, it shouldn't keep increasing the delay. 31 | 32 | - The username+password is tracked as the CRC32 of them, so there is 33 | a small possibility of hash collisions 34 | 35 | ## Problems 36 | 37 | - It is still possible to do multiple auth lookups from the same IP in 38 | parallel. 39 | 40 | - For IPv6 it currently blocks the entire /48 block, which may or may 41 | not be what is wanted. 42 | 43 | - `PENALTY_IPV6_MASK_BITS` in `auth-penalty.c` 44 | 45 | ## Disabling 46 | 47 | Authentication penalty tracking can be disabled completely with: 48 | 49 | ```[dovecot.conf] 50 | service anvil { 51 | unix_listener anvil-auth-penalty { 52 | mode = 0 53 | } 54 | } 55 | ``` 56 | -------------------------------------------------------------------------------- /docs/core/config/fs.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Dovecot Filesystems 4 | dovecotlinks: 5 | fs: Dovecot Filesystems 6 | fs_posix: 7 | hash: posix-filesystem 8 | text: "fs: POSIX Filesystem" 9 | fs_dict: 10 | hash: dictionary-filesystem 11 | text: "fs: Dictionary Filesystem" 12 | fs_metawrap: 13 | hash: metawrap-filesystem 14 | text: "fs: Metawrap Filesystem" 15 | --- 16 | 17 | # Dovecot Filesystems 18 | 19 | Dovecot's `lib-fs` is a simplified API to access filesystems and databases that 20 | can be made to look similar to filesystems. It is similar to [[link,dict]] but 21 | generally where [[link,dict]] is generally used for small data `fs` is used for 22 | larger data. 23 | 24 | Currently supported FS drivers are: 25 | 26 | | Name | Description | 27 | | --- | --- | 28 | | [[link,fs_posix,posix]] | POSIX filesystem. | 29 | | [[link,fs_dict,dict]] | Dictionary (`lib-dict` wrapper). | 30 | 31 | 32 | Wrapper drivers used on top of other drivers: 33 | 34 | | Name | Description | 35 | | --- | --- | 36 | | [[link,fs_metawrap,metawrap]] | File metadata. | 37 | | [[link,mail_crypt,crypt]] | File encryption. | 38 | | [[link,fs_compress,compress]] | File compression. | 39 | 40 | 41 | ## FS Settings 42 | 43 | 44 | 45 | ## POSIX Filesystem 46 | 47 | Regular POSIX filesystem. It can also be used with [[link,nfs]]. It doesn't 48 | support file metadata, in case you have a need for that use 49 | [[link,fs_metawrap]]. 50 | 51 | ### Settings 52 | 53 | 54 | 55 | ## Dictionary Filesystem 56 | 57 | This is a wrapper for `lib-dict` for using [[link,dict]] drivers as `fs` 58 | drivers. 59 | 60 | ### Settings 61 | 62 | 63 | 64 | ## Metawrap Filesystem 65 | 66 | This is a wrapper for other `fs` drivers that don't support metadata. The 67 | metadata is implemented by placing them into the beginning of the file content. 68 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-indexer.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-indexer 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-indexer(1) - Commands related to managing the indexer process 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **indexer** *command* [*OPTIONS*] [*ARGUMENTS*] 12 | 13 | ## DESCRIPTION 14 | 15 | **doveadm indexer** can be used to manage the indexer process. 16 | 17 | 18 | 19 | ## COMMANDS 20 | 21 | ### indexer add 22 | 23 | **doveadm** [*GLOBAL OPTIONS*] indexer add 24 | [**-h**] 25 | [**-n** *max_recent*] 26 | *user* *mailbox* 27 | 28 | Add indexing request for the given *user* and the *mailbox* to the 29 | indexer queue. It works the same as the **doveadm index -q** command. 30 | 31 | **-h** 32 | : Add the indexing request to the head of the queue. By default the 33 | request is added to the tail of the queue. 34 | 35 | **-n** *max_recent* 36 | : An integer value, which specifies the maximum number of \\Recent 37 | messages in mailboxes. If the mailbox contains more than *max_recent* 38 | messages with \\Recent flag set, the mailbox will not be indexed. 39 | This may be useful to avoid unnecessary indexing for large mailboxes 40 | that are never opened. 41 | 42 | ### indexer remove 43 | 44 | **doveadm** [*GLOBAL OPTIONS*] indexer remove *user_mask* [*mailbox_mask*] 45 | 46 | Remove all indexer requests for the matching *user_mask* (and *mailbox_mask*). 47 | It's possible to use wildcards. Requests that are currently processed by 48 | indexer-worker are not listed; use **doveadm kick** instead to kick 49 | them. 50 | 51 | ### indexer list 52 | 53 | **doveadm** [*GLOBAL OPTIONS*] indexer list *user_mask* 54 | 55 | List all the queued indexing requests matching *user_mask*. It's possible to 56 | use wildcards. Requests that are currently processed by indexer-worker are 57 | not listed; use **doveadm who** instead to see them. 58 | 59 | 60 | 61 | ## SEE ALSO 62 | 63 | [[man,doveadm]] 64 | -------------------------------------------------------------------------------- /docs/core/config/auth/databases/passwd.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Passwd 4 | dovecotlinks: 5 | auth_passwd: passwd authentication database 6 | --- 7 | 8 | # Passwd (`passwd`) 9 | 10 | User is looked up using `getpwnam()` call, which usually looks into 11 | `/etc/passwd` file, but depending on the NSS configuration it may 12 | also look up the user from, e.g., LDAP database. 13 | 14 | Most commonly used as a [[link,userdb]]. 15 | 16 | The lookup is by default done in the auth worker processes. If you have only a 17 | small local passwd file, you can avoid having extra auth worker processes by 18 | disabling it: 19 | 20 | ``` 21 | userdb passwd { 22 | use_worker = yes 23 | } 24 | ``` 25 | 26 | ## Field Overriding and Extra Fields 27 | 28 | It's possible to override fields from passwd and add 29 | [[link,userdb_extra_fields]]. 30 | 31 | For example: 32 | 33 | ```[dovecot.conf] 34 | userdb passwd { 35 | fields { 36 | home = /var/mail/%{user | username} 37 | mail_driver = maildir 38 | mail_path = /var/mail/%{user | username}/Maildir 39 | } 40 | } 41 | ``` 42 | 43 | This uses the UID and GID fields from passwd, but home directory is 44 | overridden. Also the default [[link,mail_location]] setting is overridden. 45 | 46 | ::: info 47 | [[setting,userdb_fields_import_all]] defaults to `yes`. If it is set to `no` 48 | the fields to be imported need to be explicitly defined. 49 | 50 | ```[dovecot.conf] 51 | userdb passwd { 52 | fields_import_all = no 53 | fields { 54 | uid = %{passwd:uid} 55 | gid = %{passwd:gid} 56 | home = /var/mail/%{user | username} 57 | mail_driver = maildir 58 | mail_path = /var/mail/%{user | username}/Maildir 59 | } 60 | } 61 | ``` 62 | ::: 63 | 64 | ## Passwd as a passdb 65 | 66 | Many systems use shadow passwords nowadays so passwd doesn't usually work as a 67 | password database. BSDs are an exception to this, they still set the password 68 | field even with shadow passwords. 69 | 70 | With FreeBSD, passwd doesn't work as a password database because the password 71 | field is replaced by a `*`. But you can use [[link,auth_passwd_file]] instead. 72 | -------------------------------------------------------------------------------- /docs/core/config/health_check.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Health Checking 4 | dovecotlinks: 5 | health_checking: Health Checking 6 | --- 7 | 8 | # Health Check Scripting 9 | 10 | If you need dovecot to offer health-check functionality, use the health-check 11 | service by extending it's configuration with a listener like this: 12 | 13 | ```[dovecot.conf] 14 | service health-check { 15 | # this is the default configuration using the simple PING->PONG 16 | # example health-check. 17 | executable = script -p health-check.sh 18 | inet_listener health-check { 19 | port = 5001 20 | } 21 | } 22 | ``` 23 | 24 | ## Options 25 | 26 | ### `-e` Parameter 27 | 28 | Define a list of environment variables which can be set by a request before 29 | calling the health-check script. 30 | 31 | Example: `script -e foo bar health-check.sh` sets `FOO=BAR` environment 32 | variable. 33 | 34 | ### `-p` Parameter 35 | 36 | Enables passthrough mode which allows to directly call a script without 37 | any protocol and directly receive the output. 38 | 39 | Be extremely careful when modifying the `health-check.sh` script or 40 | implementing your own. 41 | 42 | ## Script-Protocol 43 | 44 | If the passthrough mode is not enabled, the request must implement the 45 | following protocol: 46 | 47 | ``` 48 | VERSION .. 49 | [alarm= ] 50 | [env_= ] 51 | [env_= ] 52 | ... 53 | "noreply" | "-" (or anything really) 54 | 55 | arg 1 56 | arg 2 57 | ... 58 | 59 | DATA 60 | ``` 61 | 62 | If "alarm" is specified, it MUST be before "noreply". 63 | 64 | If "noreply" isn't given, a "-" must be given. 65 | 66 | ### `arg` 67 | 68 | Arguments that can be passed to the script. 69 | 70 | ### `env_` 71 | 72 | Environment variables that have been marked as allowed by `-e`. 73 | 74 | ### `noreply` 75 | 76 | Disable the success/fail answer by script executable itself. 77 | 78 | ### `VERSION` 79 | 80 | The VERSION of script (AToW 4.0 eg "VERSION\\tscript\\t4\\t0\\n"). 81 | 82 | ### `DATA` 83 | 84 | Input to be passed to the script to be called. 85 | -------------------------------------------------------------------------------- /docs/core/config/sieve/extensions/enotify.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Notifications 4 | dovecotlinks: 5 | sieve_enotify: Sieve notifications extensions 6 | --- 7 | 8 | # Sieve: Extension for Notifications 9 | 10 | The Sieve enotify extension ([[rfc,5435]]) adds the `notify` action to 11 | the Sieve language. 12 | 13 | ## Configuration 14 | 15 | ### Settings 16 | 17 | 18 | 19 | ### Examples 20 | 21 | #### Send Notifications with Different Importance Levels 22 | 23 | ``` 24 | require ["enotify", "fileinto", "variables"]; 25 | 26 | if header :contains "from" "boss@example.org" { 27 | notify :importance "1" 28 | :message "This is probably very important" 29 | "mailto:alm@example.com"; 30 | # Don't send any further notifications 31 | stop; 32 | } 33 | 34 | if header :contains "to" "sievemailinglist@example.org" { 35 | # :matches is used to get the value of the Subject header 36 | if header :matches "Subject" "*" { 37 | set "subject" "${1}"; 38 | } 39 | 40 | # :matches is used to get the value of the From header 41 | if header :matches "From" "*" { 42 | set "from" "${1}"; 43 | } 44 | 45 | notify :importance "3" 46 | :message "[SIEVE] ${from}: ${subject}" 47 | "mailto:alm@example.com"; 48 | fileinto "INBOX.sieve"; 49 | } 50 | ``` 51 | 52 | #### Send Notification if we Receive Mail From Domain 53 | 54 | ``` 55 | require ["enotify", "fileinto", "variables", "envelope"]; 56 | 57 | if header :matches "from" "*@*.example.org" { 58 | # :matches is used to get the MAIL FROM address 59 | if envelope :all :matches "from" "*" { 60 | set "env_from" " [really: ${1}]"; 61 | } 62 | 63 | # :matches is used to get the value of the Subject header 64 | if header :matches "Subject" "*" { 65 | set "subject" "${1}"; 66 | } 67 | 68 | # :matches is used to get the address from the From header 69 | if address :matches :all "from" "*" { 70 | set "from_addr" "${1}"; 71 | } 72 | 73 | notify :message "${from_addr}${env_from}: ${subject}" 74 | "mailto:alm@example.com"; 75 | } 76 | ``` 77 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-acls.inc: -------------------------------------------------------------------------------- 1 | #### Use ACL settings instead of Global ACL Directories or Global ACL File 2 | 3 | With the following starting configuration: 4 | 5 | ::: code-group 6 | ```[dovecot.conf] 7 | namespace { 8 | prefix = INBOX/ 9 | separator = / 10 | } 11 | 12 | plugin { 13 | acl = vfile:/etc/dovecot/acls/ 14 | } 15 | ``` 16 | 17 | ```[/etc/dovecot/acls/INBOX] 18 | owner lrwstipekxa 19 | anyone lr 20 | user=kim l 21 | ``` 22 | 23 | ```[/etc/dovecot/acls/INBOX/foo/.DEFAULT] 24 | user=timo lr 25 | user=kim lrw 26 | ``` 27 | 28 | ```[/etc/dovecot/acls/INBOX/foo/bar] 29 | user=kim lrw 30 | ``` 31 | ::: 32 | 33 | Or the same ACLs in a global ACL file: 34 | 35 | ```[/etc/dovecot/acl-file] 36 | INBOX owner lrwstipekxa 37 | INBOX anyone lr 38 | INBOX user=kim l 39 | INBOX/foo user=timo lr 40 | INBOX/foo user=kim lrw 41 | INBOX/foo/bar user=kim lrw 42 | ``` 43 | 44 | You have to create the new ACLs to `dovecot.conf`: 45 | 46 | ```[dovecot.conf] 47 | namespace inbox { 48 | # previously from /etc/dovecot/acls/INBOX 49 | mailbox INBOX { 50 | acl owner { 51 | rights = lrwstipekxa 52 | } 53 | acl anyone { 54 | rights = lr 55 | } 56 | acl user=kim { 57 | rights = l 58 | } 59 | } 60 | # previously from /etc/dovecot/acls/foo/.DEFAULT 61 | mailbox INBOX/foo { 62 | acl user=timo { 63 | rights = lr 64 | } 65 | acl user=kim { 66 | rights = lrw 67 | } 68 | } 69 | # previously from /etc/dovecot/acls/foo/bar 70 | mailbox INBOX/foo/bar { 71 | acl user=kim { 72 | rights = lrw 73 | } 74 | } 75 | ``` 76 | 77 | Note that at this point you could simplify specific rules, e.g. use mailbox 78 | name wildcards to replace lines for a specific user: 79 | 80 | ```[dovecot.conf] 81 | mailbox INBOX/* { 82 | acl user=kim { 83 | rights = lrw 84 | } 85 | } 86 | ``` 87 | 88 | And re-configure the ACL plugin: 89 | 90 | ```[dovecot.conf] 91 | acl_driver = vfile 92 | acl_globals_only = yes 93 | ``` 94 | 95 | Afterwards you can remove the old global ACL directory parent: 96 | 97 | ```sh 98 | rm -rf /etc/dovecot/acls/ 99 | ``` 100 | -------------------------------------------------------------------------------- /docs/developers/design/indexes/images/mail-index-map.drawio: -------------------------------------------------------------------------------- 1 | 5Vvvc6I4GP5rnLn9cI4QQP1ore11ZtvbWae33fvCRAjIHBI3xKr7118CQYHAaSsStmdnOuSFBPK8D3l/5KUHpqvdPYHr5SN2UdjTB+6uB257uj4aDdl/LtinAlMbpwKfBG4q0o6CefATCeFASDeBi+LChRTjkAbrotDBUYQcWpBBQvC2eJmHw+Jd19BHkmDuwFCWfgtcuhTTMgdH+R8o8JfZnbWBOLOC2cVCEC+hi7c5EZj1wJRgTNOj1W6KQo5dhkva767m7OHBCIroOR1mD8/7v2++LsypNvr5CIg1QT9+F6O8wnAjJuziV+Rg2g8iF+3Ek9N9BgfBGybnIw564Ga7DCiar6HDz26Z/plsSVcha2ns0AvCcIpDTJK+wDP5H5PHlOB/UO6Mlfx4DxzRnDz9Mbl4SkQo2tVOXzuAysiI8ApRsmeXZEwUatgXm9ujUrVMqcucQoGQQcEj/zDwEWp2INB+A/K6hPwSQRcRJvstQjtqb5Lu1qeeboXsYW4W7JTl86MQ+za/2MaeFyPKeiQDDPr9vqSwEyoq6rN5mDVNNc5Awvn5gYOlcaB75nSOUPTpMthKPHdNNHKNKp6P9AVIeH4FoA3VQBs1QAMB9F0IfR+5zWLteZ7uOFVYu9bCMq+E9VA11mYN1gbHumE2QzTyKhG2nBFaeFdBWB+oRtiSEGbz3zg0sexBaCfm0SbMVBLXXjFEP46l1McdM5VDSRcM8Fi5qSvjpN7WjWSgGFL2Asaoe2gpN1hjCa30de4gs5QbnIzaObBCGFMbrteIzz3xVrsGm3orosnxVZUZ+Vj2wxx0zH5ocqzF3vRK1NumbBkr9TZEkwOmpZtEpQ5e7y/0La+BmHI7osmRD0PM5nDZi43XPcTUWxPZu5ZQYmZlwvN3rDX7uoLRvogSmzvZv+Qb3zlifTNr3u4Egmlrn7V2AX3JHed6sdaxE28c+kTuXcBnmNMIcqW8YUkfbDZ4Qxx0xsJEIfERPeUBywrOKbBKf5mMoBDS4LX4vFVKFXf4goOIHvljlPhzMLPZEOk8RS89l4EsD2SWBjJKA6U4SAMlHDtM+wLayYHEf9HOYR5OHDhd4J3WLO9GKukkObeD8fvodFif6ga6Np3kcOvtdLqYFjWEPEHHBsk0PnMNAypJB8o20DLfSTqjxv1oi3Ry1Pp/JF3mJp9kndkp1o2bYp3ZLut02cWtimNfA7SV2PjrBrJGOZ8AKhxnq9VNQznx34UoVgLKUg6UHGHwTChBnvrsnoTWWDlasmPM95jZy4hstFtvIh/ZMfrBxs52nDsGIdCVQ9iEM3hhbKG9wZ47G/KaaKTh0CJboU4aZq1Gw2pi2oOlvjimPdMyMyLAfe6yNb8grn9gqxw1jQvVPuwgHbFZs/82ZzPCEar2NN/NzGLqJWZgUikrlEjfkaBRxT3LLHPvnV5heSCtTOKGuDcseZ+lSrPrcC9bqatsUlL81G2DZKo2SOBEaV+foSnB9uv66ud4oO3WnekS/lmBn2KunuN+tgtVXY0eLx3r6TdeCP2YH6bVepcBqKSArAS5oXyXD9RV6xkS5JMo3iLC8GsS9naqysqLsvKdaFBXuMfC1cFkzWspemm15C2BHm22kg9promGVZiPrSGAV6K68u1ZIKcCjhXAIrptltut1P+WcVa+qQvkJMIR5yuv4kogr0w6tAu5nHTowjcA5/jC7eLU4U2TQ+P6myZZmu/0Vl2ndk10vaFdk8NHZS3tmmS3/8i0U5bAKy8yTW3ommcmURojiRynP04ePtsPT7ezF/uvh9k3e/79aWrLn4HdfZ7c209/zl6+PD/dz+YStdgCTotkKlpHka7Lm1IhgmHgR5yRTNcsYAU33BwEDgwn4sQqcF1+m8oUQclSs5hffNapNWRfgFXSfYXvY1RQT3+7fWHN4xeaqcqPn7mC2b8= -------------------------------------------------------------------------------- /docs/core/config/auth/mutltiple.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Multiple Databases 4 | dovecotlinks: 5 | auth_multiple_dbs: Multiple Authentication Databases 6 | --- 7 | 8 | # Multiple Authentication Databases 9 | 10 | Dovecot supports defining multiple authentication databases, so that if the 11 | password doesn't match in the first database, it checks the next one. This can 12 | be useful if you want to easily support having both local system users in 13 | `/etc/passwd` and virtual users. 14 | 15 | Currently the fallback works only with the PLAIN authentication mechanism. 16 | 17 | Often you also want a different mail location for system and virtual users. The 18 | best way to do this would be to always have mails stored below the home 19 | directory. 20 | 21 | * System users' mails: /home/user/Maildir 22 | * Virtual users' mails: /var/vmail/domain/user/Maildir 23 | 24 | This can be done by simply having both system and virtual userdbs return home 25 | directory properly (i.e. virtual users' `home=/var/vmail/%{user | domain}/%{user | username}`) and then set 26 | [[setting,mail_path,~/Maildir]]. 27 | 28 | If it's not possible to have a home directory for virtual users (avoid that if 29 | possible), you can do this by pointing multiple authentication databases 30 | to system users' mail location and have the virtual userdb override it by 31 | returning mail [[link,passdb_extra_fields]]. 32 | 33 | ## Example with Home Dirs 34 | 35 | * System users' mails: /home/user/Maildir 36 | * Virtual users' mails: /var/vmail/domain/user/Maildir 37 | 38 | ::: code-group 39 | ```[dovecot.conf] 40 | # Mail location for both system and virtual users: 41 | mail_driver = maildir 42 | mail_path = ~/Maildir 43 | 44 | sql_driver = mysql 45 | mysql localhost { 46 | } 47 | 48 | # try to authenticate using SQL database first 49 | passdb sql { 50 | query = SELECT userid AS user, password FROM users WHERE userid = '%{user}' 51 | } 52 | 53 | # fallback to PAM 54 | passdb pam { 55 | } 56 | 57 | # look up users from SQL first (even if authentication was done using PAM!) 58 | userdb sql { 59 | query = SELECT uid, gid, '/var/vmail/%{user | domain}/%{user | username}' AS home FROM users WHERE userid = '%{user}' 60 | } 61 | 62 | # if not found, fallback to /etc/passwd 63 | userdb passwd { 64 | } 65 | ``` 66 | -------------------------------------------------------------------------------- /lib/data/lua.data.js: -------------------------------------------------------------------------------- 1 | import { getVitepressMd } from '../markdown.js' 2 | import { addWatchPaths, loadData } from '../utility.js' 3 | 4 | async function normalizeLuaConstants(lua) { 5 | const md = await getVitepressMd() 6 | const out = {} 7 | 8 | for (const v of lua.values()) { 9 | if (v.text) { 10 | v.text = md.render(v.text) 11 | } 12 | 13 | for (const tag of v.tags) { 14 | const v2 = structuredClone(v) 15 | v2.tags = tag 16 | out[tag + '.' + v.name] = v2 17 | } 18 | } 19 | 20 | return out 21 | } 22 | 23 | async function normalizeLuaFunctions(lua) { 24 | const md = await getVitepressMd() 25 | let set = false 26 | const out = {} 27 | 28 | for (const v of lua.values()) { 29 | if (v.args) { 30 | for (const [k2, v2] of Object.entries(v.args)) { 31 | /* Merge information from Dovecot settings. */ 32 | if (v2.dovecot_setting) { 33 | if (!set) { 34 | set = structuredClone(loadData('settings').settings) 35 | } 36 | 37 | if (!v2.type) { 38 | v2.type = set[v2.dovecot_setting].values?.label 39 | } 40 | 41 | if (!v2.text) { 42 | v2.text = set[v2.dovecot_setting].text.trim() 43 | } 44 | 45 | if (v2.default === undefined) { 46 | v2.default = set[v2.dovecot_setting].default 47 | } 48 | } 49 | 50 | v2.text = md.render(v2.text) 51 | } 52 | } 53 | 54 | v.text = md.render(v.text) 55 | 56 | for (const tag of v.tags) { 57 | const v2 = structuredClone(v) 58 | v2.tags = tag 59 | out[tag + '.' + v.name] = v2 60 | } 61 | } 62 | 63 | return out 64 | } 65 | 66 | async function normalizeLuaVariables(lua) { 67 | const md = await getVitepressMd() 68 | const out = {} 69 | 70 | for (const v of lua.values()) { 71 | if (v.text) { 72 | v.text = md.render(v.text) 73 | } 74 | 75 | for (const tag of v.tags) { 76 | const v2 = structuredClone(v) 77 | v2.tags = tag 78 | out[tag + '.' + v.name] = v2 79 | } 80 | } 81 | 82 | return out 83 | } 84 | 85 | export default addWatchPaths({ 86 | async load() { 87 | const data = loadData('lua') 88 | 89 | return { 90 | constants: await normalizeLuaConstants(data.lua_constants), 91 | functions: await normalizeLuaFunctions(data.lua_functions), 92 | variables: await normalizeLuaVariables(data.lua_variables) 93 | } 94 | } 95 | }) 96 | -------------------------------------------------------------------------------- /docs/installation/sieve.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Sieve Installation 4 | order: 6 5 | dovecotlinks: 6 | sieve_installation: Sieve installation 7 | --- 8 | 9 | # Sieve (Pigeonhole) Installation 10 | 11 | ## Prebuilt Binaries 12 | 13 | ::: tip 14 | This is the recommended way of installing Dovecot/Pigeonhole. 15 | ::: 16 | 17 | Pigeonhole is the name of the project that adds support for the Sieve 18 | language ([[rfc,5228]]) and the ManageSieve protocol ([[rfc,5804]]) to 19 | Dovecot ([[man,dovecot]]). 20 | 21 | You can get pigeonhole packages from https://repo.dovecot.org/. 22 | 23 | ### OS Distributions 24 | 25 | Dovecot/Pigeonhole is packaged by many OS distributions. 26 | 27 | Search your package manager for 'dovecot', 'pigeonhole', or 'sieve' to 28 | discover the packages on your particular system. 29 | 30 | ## Getting the Sources 31 | 32 | You can download the latest released sources from the 33 | [Pigeonhole download page](https://pigeonhole.dovecot.org/download.html). 34 | 35 | Alternatively, you can get the sources, including the most recent 36 | unreleased changes, from the 37 | [GitHub repository](https://github.com/dovecot/pigeonhole). 38 | 39 | ## Compiling 40 | 41 | If you downloaded the Git sources, you will need to execute `./autogen.sh` 42 | first to build the automake structure in your source tree. This process 43 | requires autotools and libtool to be installed. 44 | 45 | If you installed Dovecot from sources, Pigeonhole's configure script 46 | should be able to find the installed `dovecot-config` automatically: 47 | 48 | ```sh 49 | ./configure 50 | make 51 | sudo make install 52 | ``` 53 | 54 | If this doesn't work, you can use `--with-dovecot=` configure 55 | option, where the path points to a directory containing 56 | `dovecot-config` file. This can point to an installed file: 57 | 58 | ```sh 59 | ./configure --with-dovecot=/usr/local/lib/dovecot 60 | make 61 | sudo make install 62 | ``` 63 | 64 | or to Dovecot source directory that is already compiled: 65 | 66 | ```sh 67 | ./configure --with-dovecot=../dovecot-2.3.21/ 68 | make 69 | sudo make install 70 | ``` 71 | 72 | ::: warning 73 | You need to recompile Pigeonhole when you upgrade Dovecot 74 | to a new version, because otherwise the Sieve interpreter plugin will 75 | fail to load with a version error. 76 | ::: 77 | -------------------------------------------------------------------------------- /docs/developers/design/overview.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Overview 4 | order: 1 5 | dovecotlinks: 6 | design_dovecot: Dovecot Design 7 | --- 8 | 9 | # Overview 10 | 11 | ## Dovecot Design 12 | 13 | - [Overview of Dovecot processes](processes) 14 | - [Design of Index Files](indexes/index_format) 15 | - [API for Accessing the Index Files](indexes/mail_index_api) 16 | - [Design of Authentication Process](auth_process) 17 | - [Authentication Protocol](auth_protocol) 18 | - [Doveadm Server Protocol](doveadm_protocol) and 19 | [[link,doveadm_http_api]] 20 | - [Doveadm Synchronization](dsync) 21 | - [[link,lua,Dovecot Lua Support]] 22 | - [Dovecot Dict Protocol](dict_protocol) 23 | 24 | ## Protocol Extensions 25 | 26 | - [[link,forwarding_parameters,Forwarding Parameters in IMAP/POP3/LMTP/SMTP Proxying]] 27 | 28 | ## Code APIs 29 | 30 | - [[link,coding_style]] - explanations how and why the coding style is the 31 | way it is. 32 | 33 | Look at the \*.h files for the actual API documentation. The 34 | documentation below doesn't attempt to list full API documentation. 35 | 36 | liblib: 37 | 38 | - [Memory Allocations](memory) 39 | - [Static/Dynamic Buffers](buffers) 40 | - [Dynamic Arrays](arrays) 41 | - [String Handling](strings) 42 | - [Input Streams](istreams) 43 | - [Output Streams](ostreams) 44 | - [Events](events) 45 | - [Plugins](plugins) 46 | 47 | lib-dcrypt: 48 | 49 | - [lib-dcrypt Data Formats](dcrypt) 50 | 51 | lib-storage: 52 | 53 | - [Mail User](mail_user) contains everything related to 54 | a single user. 55 | - [Mail Namespace](mail_namespace) A single user can 56 | contain multiple namespaces. 57 | - [Mailbox List](mailbox_list) is used to list/manage 58 | a list of mailboxes for a single namespace (1:1 relationship). 59 | - [Mail Storage](mail_storage) is used to access mails 60 | in a specific location with a specific mailbox format. Multiple namespaces 61 | can point to the same storage. A single namespace may in future (but not 62 | currently) point to multiple storages (e.g. a mixed mbox and Maildir 63 | directory). 64 | - [Mailbox](mailbox) is used to access a specific mailbox 65 | in a storage. 66 | - [Mail](mail) is used to access a specific mail in a 67 | mailbox. 68 | - [Error Handling](storage_errors) 69 | - [Plugins](mail_plugins) - how to hook into lib-storage functions. 70 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-fts.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-fts 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-fts(1) - Manipulate the Full Text Search (FTS) index 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **fts** *command* [*OPTIONS*] [*ARGUMENTS*] 12 | 13 | ## DESCRIPTION 14 | 15 | The doveadm fts *COMMANDS* can be used to manipulate the Full Text 16 | Search (FTS) index. 17 | 18 | 19 | 20 | This command uses by default the output formatter **flow** (without the 21 | *key*=prefix). 22 | 23 | ## OPTIONS 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | ## ARGUMENTS 36 | 37 | *namespace* 38 | : The name of a namespace, e.g. the name of the shared namespace. When 39 | no namespace was given, the user's private namespace will be used. 40 | 41 | ## COMMANDS 42 | 43 | ### fts optimize 44 | 45 | **doveadm** [*GLOBAL OPTIONS*] fts optimize 46 | [**-u** *user* | **-A** | **-F** *file* | **\-\-no-userdb-lookup**] 47 | [**-S** *socket_path*] 48 | [*namespace*] 49 | 50 | Optimize the full text search index. This is also done automatically by 51 | the full text search engines, but this enforces it to happen. 52 | 53 | ### fts rescan 54 | 55 | **doveadm** [*GLOBAL OPTIONS*] fts rescan 56 | [**-u** *user* | **-A** | **-F** *file* | **\-\-no-userdb-lookup**] 57 | [**-S** *socket_path*] 58 | [*namespace*] 59 | 60 | Scan what mails exist in the full text search index and compare those to 61 | what actually exist in mailboxes. This removes mails from the index that 62 | have already been expunged and makes sure that the next **doveadm 63 | index** will index all the missing mails (if any). Note that currently 64 | most FTS drivers do not implement this properly, but instead they 65 | delete all the FTS indexes. This may change in the future versions. 66 | 67 | 68 | 69 | 70 | 71 | ## SEE ALSO 72 | 73 | [[man,doveadm]], [[man,doveadm-search-query,,7]] 74 | 75 | Additional resources: 76 | 77 | - [[plugin,fts]] 78 | -------------------------------------------------------------------------------- /docs/core/plugins/imap_filter_sieve.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: imap-filter-sieve 4 | --- 5 | 6 | # IMAP FILTER=SIEVE Plugin (`imap-filter-sieve`) 7 | 8 | Normally, Sieve filters can either be applied at initial mail delivery 9 | or triggered by certain events in the Internet Message Access Protocol 10 | (IMAPSIEVE; [[rfc,6785]]). 11 | 12 | The user can configure which Sieve scripts to run at these instances, but it 13 | is not possible to trigger the execution of Sieve scripts manually. 14 | However, this could be very useful; e.g, to test new Sieve rules and to 15 | re-filter messages that were erroneously handled by an earlier version 16 | of the Sieve scripts involved. 17 | 18 | Pigeonhole provides the `imap_filter_sieve` plugin, which provides a 19 | vendor-defined IMAP extension called `FILTER=SIEVE`. This adds a new 20 | `FILTER` command that allows applying a mail filter (a Sieve script) 21 | on a set of messages that match the specified IMAP searching criteria. 22 | 23 | This plugin implements the latest draft of the 24 | [FILTER=SIEVE Sieve Extension](https://github.com/dovecot/pigeonhole/blob/master/doc/rfc/draft-bosch-imap-filter-sieve-00.txt). 25 | This plugin is experimental and the specification is likely to change. 26 | Use the specification included in your current release to obtain the 27 | matching specification for your release. 28 | 29 | The plugin is included in the Pigeonhole package and are therefore implicitly 30 | compiled and installed with Pigeonhole itself. 31 | 32 | ## Settings 33 | 34 | There are no `dovecot.conf` settings for this plugin. 35 | 36 | ## Configuration 37 | 38 | The IMAP FILTER Sieve plugin is activated by adding it to the 39 | [[setting,mail_plugins]] setting for the imap protocol: 40 | 41 | ```[dovecot.conf] 42 | protocol imap { 43 | mail_plugins { 44 | imap_filter_sieve = yes 45 | } 46 | } 47 | ``` 48 | 49 | Note that enabling this plugin allows users to specify the Sieve script 50 | content as a parameter to the `FILTER` command, not just run existing 51 | stored scripts. 52 | 53 | This plugin uses the normal configuration settings used by the [[link,lda]] 54 | Sieve plugin at delivery. 55 | 56 | The [[link,sieve_storage_type_before,before]], 57 | [[link,sieve_storage_type_after,after]] and 58 | [[link,sieve_storage_type_discard,discard]] Sieve script storage types are 59 | currently ignored by this plugin. 60 | -------------------------------------------------------------------------------- /docs/core/config/auth/databases/prefetch.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Prefetch 4 | dovecotlinks: 5 | auth_prefetch: prefetch authentication database 6 | --- 7 | 8 | # Prefetch User Database (`prefetch`) 9 | 10 | Prefetch [[link,userdb]] can be used to combine passdb and userdb lookups 11 | into a single lookup. 12 | 13 | It's usually used with [[link,auth_sql]] and [[link,auth_ldap]]. 14 | 15 | Prefetch works by requiring that the passdb returns the userdb information 16 | in [[link,passdb_extra_fields]] with `userdb_` prefixes. 17 | 18 | For example if a userdb typically returns `uid`, `gid`, and `home` 19 | fields, the passdb would have to return `userdb_uid`, `userdb_gid` and 20 | `userdb_home` fields. 21 | 22 | If you're using [[link,lda]] or [[link,lmtp]] you still need a valid userdb 23 | which can be used to locate the users. You can do this by adding a normal 24 | SQL/LDAP userdb **after the userdb prefetch**. The order of definitions is 25 | significant. See below for examples. 26 | 27 | ## LDAP 28 | 29 | [[setting,passdb_ldap_bind,yes]] with [[setting,passdb_ldap_bind_userdn]]-template is incompatible with 30 | prefetch, because no passdb lookup is done then. If you want zero LDAP lookups, 31 | you might want to use [[link,auth_staticdb]] instead of prefetch. 32 | 33 | ### Example 34 | 35 | ::: code-group 36 | ```[dovecot.conf] 37 | passdb ldap { 38 | ... 39 | fields { 40 | user = %{ldap:uid} 41 | password = %{ldap:userPassword} 42 | userdb_home = %{ldap:homeDirectory} 43 | userdb_uid = %{ldap:uidNumber} 44 | userdb_gid = %{ldap:gidNumber} 45 | } 46 | } 47 | 48 | userdb prefetch { 49 | driver = prefetch 50 | } 51 | 52 | # The userdb below is used only by LDA. 53 | userdb ldap { 54 | ... 55 | fields { 56 | home = %{ldap:homeDirectory} 57 | uid = %{ldap:uidNumber} 58 | gid = %{ldap:gidNumber} 59 | } 60 | } 61 | ``` 62 | ::: 63 | 64 | ## SQL 65 | 66 | ### Example 67 | 68 | ```[dovecot.conf] 69 | sql_driver = mysql 70 | mysql localhost { 71 | } 72 | 73 | passdb sql { 74 | query = SELECT userid AS user, password, home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \ 75 | FROM users \ 76 | WHERE userid = '%{user}' 77 | } 78 | } 79 | 80 | userdb prefetch { 81 | } 82 | 83 | # The userdb below is used only by lda. 84 | userdb sql { 85 | query = SELECT home, uid, gid FROM users WHERE userid = '%{user}' 86 | } 87 | ``` 88 | -------------------------------------------------------------------------------- /docs/core/config/sieve/extensions/extlists.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Extlists 4 | dovecotlinks: 5 | sieve_extlists: Sieve extlists extension 6 | --- 7 | 8 | # Sieve: Extlists Extension 9 | 10 | The extlists extension ([[rfc,6134]]) enables Sieve scripts to check membership 11 | of a value in an external list or for redirecting messages to an external list 12 | of recipients. An "external list" is a list whose members are stored externally 13 | to the Sieve script. This extension adds a new ":list" match type to apply to 14 | supported tests and it can be be used to implement email whitelisting, 15 | blacklisting, addressbook lookups, and other sorts of list matching. 16 | 17 | For Dovecot, the external list is always implemented using a dict lookup. 18 | Redirecting messages to a list of recipients as described in the standard 19 | ([[rfc,6134]]) is currently not implemented in Dovecot and will always trigger 20 | an error if used. 21 | 22 | ## Configuration 23 | 24 | The extlists extension is not available by default and needs to be 25 | enabled explicitly by adding it to [[setting,sieve_extensions]]. 26 | 27 | ### Settings 28 | 29 | 30 | 31 | ### Example 32 | 33 | ``` 34 | # Use extlists 35 | sieve_extensions { 36 | extlists = yes 37 | } 38 | 39 | # No value looked up from a list may exceed 512 bytes, or it will forcibly not 40 | # match 41 | sieve_extlists_list_max_lookup_size = 512 42 | 43 | # The default addressbook stored in a proxied dict 44 | sieve_extlists_list :addrbook:default { 45 | dict proxy { 46 | name = addressbook 47 | } 48 | } 49 | 50 | sieve_extlists_list tag:example.com,2025-02-26:BadFileExts { 51 | dict proxy { 52 | name = bad_file_extensions 53 | } 54 | 55 | # Limit lookups to 10 bytes 56 | max_lookup_size = 10B 57 | } 58 | 59 | ``` 60 | 61 | ## Sieve Example 62 | 63 | The following example excludes senders listed in the user's default address book 64 | from Spam filtering. The example demonstrates the use of the 65 | [[link,sieve_spamtest,spamtest extension]] as well. 66 | 67 | ``` 68 | require ["envelope", "extlists", "fileinto", "spamtest", 69 | "relational", "comparator-i;ascii-numeric"]; 70 | 71 | if allof( not envelope :list "from" ":addrbook:default", 72 | spamtest :value "ge" :comparator "i;ascii-numeric" "3" ) { 73 | fileinto "spam"; 74 | } 75 | ``` 76 | 77 | 78 | 79 | 80 | 81 | 82 | -------------------------------------------------------------------------------- /docs/core/plugins/fts_flatcurve.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: fts-flatcurve 4 | --- 5 | 6 | # Dovecot Flatcurve FTS Plugin (`fts-flatcurve`) 7 | 8 | [[added,fts_flatcurve]] 9 | 10 | This is a Dovecot FTS plugin to enable message indexing using the 11 | [Xapian](https://xapian.org/) Open Source Search Engine Library. 12 | 13 | ::: warning 14 | Requires Xapian 1.4+. 15 | ::: 16 | 17 | The plugin relies on Dovecot to do the necessary stemming. It is intended 18 | to act as a simple interface to the Xapian storage/search query 19 | functionality. 20 | 21 | This driver supports match scoring and substring matches (on by default), 22 | which means it is [[rfc,3501]] (IMAP4rev1) compliant. This driver does not 23 | support fuzzy searches. 24 | 25 | The driver passes all of the 26 | [ImapTest search tests](https://github.com/dovecot/imaptest/). 27 | 28 | ::: tip 29 | This plugin requires the [[plugin,fts]] to be activated and configured 30 | ::: 31 | 32 | Enabling flatcurve is designed to be as easy as adding this to configuration: 33 | 34 | ```[dovecot.conf] 35 | mail_plugins { 36 | fts = yes 37 | fts_flatcurve = yes 38 | } 39 | 40 | fts flatcurve { 41 | } 42 | ``` 43 | 44 | ## Settings 45 | 46 | ::: tip 47 | The default settings should be fine in most scenarios. 48 | ::: 49 | 50 | 51 | 52 | ## Configuration Example 53 | 54 | ```[dovecot.conf] 55 | mail_plugins { 56 | fts = yes 57 | fts_flatcurve = yes 58 | } 59 | 60 | fts flatcurve { 61 | # All of these are optional, and indicate the default values. 62 | # They are listed here for documentation purposes; most people should not 63 | # need to define/override in their config. 64 | commit_limit = 500 65 | min_term_size = 2 66 | optimize_limit = 10 67 | rotate_count = 5000 68 | rotate_time = 5000 69 | substring_search = no 70 | } 71 | ``` 72 | 73 | ## Data Storage 74 | 75 | Xapian search data is stored separately for each mailbox. 76 | 77 | The data is stored under a 'fts-flatcurve' directory in the Dovecot index 78 | file location for the mailbox. The Xapian library is responsible for all 79 | data stored in that directory - no Dovecot code directly writes to any file. 80 | 81 | ## Logging/Events 82 | 83 | ::: info 84 | This plugin emits with category `fts-flatcurve`, a child of the category `fts` 85 | (see [[link,event_design]]). 86 | ::: 87 | 88 | 89 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-expunge.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-expunge 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-expunge(1) - Expunge messages matching given search query 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **expunge** 12 | [**-S** *socket_path*] 13 | [**-d**] 14 | **-A** *search_query* 15 | 16 | **doveadm** [*GLOBAL OPTIONS*] **expunge** 17 | [**-S** *socket_path*] 18 | [**-d**] 19 | **-F** *file* *search_query* 20 | 21 | **doveadm** [*GLOBAL OPTIONS*] **expunge** 22 | [**-S** *socket_path*] 23 | [**-d**] 24 | **\-\-no-userdb-lookup** *search_query* 25 | 26 | **doveadm** [*GLOBAL OPTIONS*] **expunge** 27 | [**-S** *socket_path*] 28 | [**-d**] 29 | **-u** *user* *search_query* 30 | 31 | ## DESCRIPTION 32 | 33 | This command can be used to expunge mails matching the given search 34 | query. It is typically used to expunge old mails from users' Trash 35 | and/or Spam mailboxes. To test which messages a given search query would 36 | match, you can use *doveadm fetch* or *doveadm search* commands. 37 | 38 | In the first form, the command will be performed for all users. 39 | 40 | In the second form, [[man,doveadm]] will expunge messages of the users 41 | listed in the given *file*. 42 | 43 | In the third form, the command will be performed for the user contained in the 44 | *USER* environment variable. 45 | 46 | In the final form, only matching mails of the given *user* (s) will be 47 | expunged. 48 | 49 | 50 | 51 | ## OPTIONS 52 | 53 | 54 | 55 | **-d** 56 | : Delete the mailbox if it is empty after expunging. 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | ## ARGUMENTS 67 | 68 | *search_query* 69 | : Expunge messages matching this search query. See 70 | [[man,doveadm-search-query,,7]] for details. 71 | 72 | ## EXAMPLE 73 | 74 | This example expunges messages from Spam mailbox that were saved/copied 75 | there more than two weeks ago: 76 | 77 | ```sh 78 | doveadm expunge -u jane.doe@example.org mailbox Spam savedbefore 2w 79 | ``` 80 | 81 | 82 | 83 | ## SEE ALSO 84 | 85 | [[man,doveadm]], [[man,doveadm-search]] 86 | -------------------------------------------------------------------------------- /lib/settings.js: -------------------------------------------------------------------------------- 1 | /* List of Dovecot settings value types. */ 2 | export const setting_types = { 3 | BOOLEAN: { 4 | label: 'Boolean', 5 | url: '[[link,settings_types_boolean]]', 6 | default_required: true, 7 | }, 8 | IPADDR: { 9 | label: 'IP Address(es)', 10 | url: '[[link,settings_types_ip]]', 11 | // Default: empty 12 | }, 13 | SIZE: { 14 | label: 'Size', 15 | url: '[[link,settings_types_size]]', 16 | default_required: true, 17 | }, 18 | STRING: { 19 | label: 'String', 20 | url: '[[link,settings_types_string]]' 21 | // Default: empty 22 | }, 23 | STRING_NOVAR: { 24 | label: 'String Without Variables', 25 | url: '[[link,settings_types_string_novar]]' 26 | // Default: empty 27 | }, 28 | /* This is a String entry, with specific allowable values. */ 29 | ENUM: { 30 | label: 'String', 31 | url: '[[link,settings_types_string]]', 32 | enum_required: true, 33 | }, 34 | TIME: { 35 | label: 'Time', 36 | url: '[[link,settings_types_time]]', 37 | default_required: true, 38 | }, 39 | TIME_MSECS: { 40 | label: 'Time (milliseconds)', 41 | url: '[[link,settings_types_time_msecs]]', 42 | default_required: true, 43 | }, 44 | UINT: { 45 | label: 'Unsigned Integer', 46 | url: '[[link,settings_types_uint]]', 47 | default_required: true, 48 | }, 49 | OCTAL_UINT: { 50 | label: 'Octal Unsigned Integer', 51 | url: '[[link,settings_types_octal_uint]]', 52 | default_required: true, 53 | }, 54 | URL: { 55 | label: 'URL', 56 | url: '[[link,settings_types_url]]' 57 | // Default: empty 58 | }, 59 | FILE: { 60 | label: 'File', 61 | url: '[[link,settings_types_file]]' 62 | // Default: empty 63 | }, 64 | NAMED_FILTER: { 65 | label: 'Named Filter', 66 | url: '[[link,settings_types_named_filter]]', 67 | no_default: true, 68 | }, 69 | NAMED_LIST_FILTER: { 70 | label: 'Named List Filter', 71 | url: '[[link,settings_types_named_list_filter]]' 72 | // Default: empty 73 | }, 74 | STRLIST: { 75 | label: 'String List', 76 | url: '[[link,settings_types_strlist]]' 77 | // Default: empty 78 | }, 79 | BOOLLIST: { 80 | label: 'Boolean List', 81 | url: '[[link,settings_types_boollist]]' 82 | // Default: empty 83 | }, 84 | IN_PORT: { 85 | label: 'Port Number', 86 | url: '[[link,settings_types_in_port]]', 87 | default_required: true, 88 | }, 89 | GROUP: { 90 | label: 'Settings Group', 91 | url: '[[link,settings_groups_includes]]' 92 | } 93 | } 94 | -------------------------------------------------------------------------------- /docs/core/admin/process_titles.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Process Titles 4 | dovecotlinks: 5 | process_titles: process titles 6 | --- 7 | 8 | # Process Titles 9 | 10 | When [[setting,verbose_proctitle,yes]], Dovecot adds various extra 11 | information to its process titles. Besides the various self-descriptive command 12 | states, there are the following: 13 | 14 | ## Generic 15 | 16 | ### `[initializing]` 17 | 18 | [[added,process_title_initializing]] 19 | 20 | The process is still starting up and isn't yet ready to accept connections. 21 | This can especially happen if the process is still attempting to connect to 22 | the stats socket. 23 | 24 | ### `[idling]` 25 | 26 | The process is not doing anything except waiting for a client to be served. 27 | 28 | ### `[blocking on log write]` 29 | 30 | The log process is busy and not reading this process's logs. Try to debug 31 | (strace) the log process to see why. 32 | 33 | ## Log Process 34 | 35 | ### `[service too fast: FD/LISTEN_FD/LOG_PREFIX]` 36 | 37 | One specific service is sending logs faster than we can write them. The 38 | LOG_PREFIX is usually enough to identify the service. If not, the FD and 39 | LISTEN_FD can in theory be used to calculate which service it is. 40 | 41 | ### `[N services too fast, last: FD/LISTEN_FD/LOG_PREFIX]` 42 | 43 | Multiple services are sending logs faster than we can write them. The last 44 | service's information is shown. 45 | 46 | ### `[N services too fast]` 47 | 48 | Multiple services are sending logs faster than we can write them, but there 49 | is no additional information about which ones specifically. 50 | 51 | ## Mail Processes 52 | 53 | [[added,process_title_mail_processes]] 54 | 55 | This means imap, pop3, submission and managesieve processes. 56 | 57 | ### `[waiting on client]` 58 | 59 | Login process connected to the mail process, but it hasn't finished sending 60 | the request. 61 | 62 | ### `[auth lookup]` 63 | 64 | Mail process is waiting on auth process to finish userdb lookups. 65 | 66 | ### `[post-login script]` 67 | 68 | Mail process is waiting on post-login scripts to finish. 69 | 70 | ## IMAP Process 71 | 72 | [[added,process_title_imap_process]] 73 | 74 | ### `[waiting on unhibernate client]` 75 | 76 | imap-hibernate process connected to the imap process, but it hasn't finished 77 | sending the request. 78 | 79 | ### `[unhibernating]` 80 | 81 | The imap connection is still being unhibernated. 82 | -------------------------------------------------------------------------------- /docs/developers/design/mail_storage.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Mail Storage 4 | --- 5 | 6 | # Mail Storage 7 | 8 | `src/lib-storage/mail-storage.h` and `mail-storage-private.h` 9 | describes mail storage. Mail storage is mainly about being a common 10 | container for its mailboxes. 11 | 12 | For example with [[link,mdbox]], each storage has one directory where all the 13 | message bodies are written to, while the per-mailbox directories only 14 | contain index files. With other mailbox formats the mail storage doesn't 15 | do much else than allow allocating [[link,design_mailbox,mailboxes]]. 16 | 17 | ## Public Functions 18 | 19 | ### `mail_storage_purge()` 20 | 21 | Frees disk space used by expunged messages. 22 | Currently the only mailbox format that uses this is multi-dbox. 23 | 24 | ### `mail_storage_get_settings()` 25 | 26 | Returns mail storage settings. 27 | 28 | ### `mail_storage_set_callbacks()` 29 | 30 | Can be used to specify "OK" and "NO" callbacks, which are called when a 31 | long running operation wants to send a status update. 32 | 33 | For example "OK Stale mailbox lock file detected, will override in n 34 | seconds" or "NO Mailbox is locked, will abort in n seconds". 35 | 36 | ## Required Methods 37 | 38 | Methods that mail storage drivers need to implement are: 39 | 40 | ### `get_setting_parser_info()` 41 | 42 | Returns storage-specific settings parser information. 43 | 44 | ### `alloc()` 45 | 46 | Allocate memory for a storage and set its virtual functions. 47 | 48 | ### `create(ns)` 49 | 50 | Initialize the storage based on given namespace settings. The same storage 51 | can be used by other namespaces, but they don't call `create()` again. 52 | 53 | This function typically shouldn't fail, except when storage can't handle 54 | the wanted namespace settings. 55 | 56 | ### `destroy()` 57 | 58 | Destroys the storage. 59 | 60 | ### `add_list(list)` 61 | 62 | Called every time the storage is attached to a new namespace / mailbox list. 63 | 64 | ### `get_list_settings(ns, set)` 65 | 66 | Used to get storage's default settings. 67 | 68 | ### `autodetect(ns, set)` 69 | 70 | Returns TRUE if based on the given settings it looks like this storage 71 | should we handling the namespace. This is done when [[setting,mail_driver]] 72 | isn't explicitly set. 73 | 74 | ### `mailbox_alloc()` 75 | 76 | Allocate memory for [[link,design_mailbox]]. 77 | 78 | ### `purge()` 79 | 80 | If storage supports purging. 81 | -------------------------------------------------------------------------------- /docs/installation/upgrade/include/2.4-redesign.inc: -------------------------------------------------------------------------------- 1 | ::: warning 2 | Dovecot 2.3.x settings will NOT work unless the configuration is changed 3 | as described in this section. 4 | ::: 5 | 6 | #### Required Settings 7 | 8 | The first setting in `dovecot.conf` **MUST** now be 9 | [[setting,dovecot_config_version]]. This helps to avoid unexpected 10 | configuration changes in the future. 11 | 12 | Another new required setting is [[setting,dovecot_storage_version]]. This helps 13 | to avoid unexpected storage file format incompatibilities. 14 | 15 | Note that the configuration syntax has been changed, and your old configuration **will not** work 16 | without changes. 17 | 18 | #### Configuration Redesign 19 | 20 | See [[link,settings_syntax]] for the new configuration syntax. This is similar 21 | to v2.3, but different in some ways. Especially the configuration is no longer 22 | hierarchical - all settings are global settings and can be used anywhere 23 | (although they might not actually do anything there). Settings can be inside 24 | various filters to specify where they are wanted to be used. 25 | 26 | To avoid repetition in setting name prefixes, they are automatically attempted 27 | to be prefixed to their parent filter names. For example these are equivalent 28 | for the [[setting,passdb_sql_query]] setting inside the [[setting,passdb]] 29 | filter: 30 | 31 | ``` 32 | passdb sql { 33 | passdb_sql_query = SELECT ... 34 | } 35 | passdb sql { 36 | sql_query = SELECT ... 37 | } 38 | passdb sql { 39 | query = SELECT ... 40 | } 41 | passdb sql2 { 42 | # This will NOT work, as it expands to nonexistent passdb_sql2_query: 43 | #query = SELECT ... 44 | } 45 | ``` 46 | 47 | #### Plugin settings 48 | 49 | The `plugin { ... }` section no longer exists. Plugin settings are global 50 | the same as all other settings. 51 | 52 | #### Config $variables 53 | 54 | Using `$setting` variables in config files requires `$SET:` prefix now. 55 | For example `user = $default_internal_user` is now 56 | `user = $SET:default_internal_user`. See [[link,settings_syntax_expansion]] 57 | for more details. 58 | 59 | Note that earlier it was common to refer to the same setting, e.g.: 60 | 61 | ``` 62 | mail_plugins = $mail_plugins quota 63 | ``` 64 | 65 | Most of this is now unnecessary, because of the new 66 | [[link,settings_types_boollist,boollist]] setting type, which allows you to 67 | use: 68 | 69 | ``` 70 | mail_plugins { 71 | quota = yes 72 | } 73 | ``` 74 | -------------------------------------------------------------------------------- /docs/core/man/doveadm-save.1.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: doveadm-save 4 | dovecotComponent: core 5 | --- 6 | 7 | # doveadm-save(1) - Save email to a user's mailbox 8 | 9 | ## SYNOPSIS 10 | 11 | **doveadm** [*GLOBAL OPTIONS*] **save** 12 | [**-S** *socket_path*] 13 | **-A** 14 | [*-m* *mailbox*] 15 | [*-U* *uid*] 16 | [*-g* *guid*] 17 | [*-r* *received-date*] 18 | [*mail-file*] 19 | 20 | **doveadm** [*GLOBAL OPTIONS*] **save** 21 | [**-S** *socket_path*] 22 | **-F** *file* 23 | [*-m* *mailbox*] 24 | [*-U* *uid*] 25 | [*-g* *guid*] 26 | [*-r* *received-date*] 27 | [*mail-file*] 28 | 29 | **doveadm** [*GLOBAL OPTIONS*] **save** 30 | [**-S** *socket_path*] 31 | **\-\-no-userdb-lookup** 32 | [*-m* *mailbox*] 33 | [*-U* *uid*] 34 | [*-g* *guid*] 35 | [*-r* *received-date*] 36 | [*mail-file*] 37 | 38 | **doveadm** [*GLOBAL OPTIONS*] **save** 39 | [**-S** *socket_path*] 40 | **-u** *user* 41 | [*-m* *mailbox*] 42 | [*-U* *uid*] 43 | [*-g* *guid*] 44 | [*-r* *received-date*] 45 | [*mail-file*] 46 | 47 | ## DESCRIPTION 48 | 49 | **doveadm save** can be used to save messages. This can be useful for 50 | scripts and for debugging. Sieve is not invoked for saved messages, but 51 | quota is enforced. 52 | 53 | 54 | 55 | ## OPTIONS 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | **-m** *mailbox* 68 | : Store mail to specified mailbox instead of INBOX. 69 | 70 | **-U** *uid* 71 | : Save the mail using the given UID, if possible. 72 | 73 | **-g** *guid* 74 | : Save the mail using the given GUID. 75 | 76 | **-r** *received-date* 77 | : Save the mail using the given received-date timestamp. This is in the 78 | "human timestamp" format as described by [[man,doveadm-search-query,,7]]. 79 | 80 | ## ARGUMENTS 81 | 82 | *mail-file* 83 | : The message data to save. 84 | 85 | - If *mail-file* is `-`, the message is read from stdin (default). 86 | - Otherwise, *mail-file* resolves as a file path. 87 | 88 | ## EXAMPLE 89 | 90 | ```sh 91 | echo "hello, world" | doveadm save -u testuser@testdomain 92 | ``` 93 | 94 | 95 | 96 | ## SEE ALSO 97 | 98 | [[man,doveadm]] 99 | -------------------------------------------------------------------------------- /docs/core/config/execute.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Execute Scripts 4 | dovecotlinks: 5 | execute_scripts: Execute Scripts 6 | execute_unix: 7 | hash: execute-unix 8 | text: "execute: UNIX Sockets" 9 | execute_tcp: 10 | hash: execute-tcp 11 | text: "execute: TCP Sockets" 12 | execute_fork: 13 | hash: execute-fork 14 | text: "execute: Fork and Execute" 15 | --- 16 | 17 | # Execute Scripts 18 | 19 | Some features, e.g. [[link,welcome]] execute an external script. 20 | This is configured with the [[setting,execute]] settings. Currently only 21 | a single script execution at a time is supported. 22 | 23 | Supported script execution drivers are: 24 | 25 | | Name | Description | 26 | | --- | --- | 27 | | [[link,execute_unix,unix]] | Connect to UNIX socket. | 28 | | [[link,execute_tcp,tcp]] | Connect to TCP socket. | 29 | | [[link,execute_fork,fork]] | Fork and execute the script directly. | 30 | 31 | ## UNIX Sockets 32 | 33 | Execute the script via a script service listening on a UNIX socket. The service 34 | must execute the `script` binary to provide the proper communication API. 35 | 36 | Example: 37 | 38 | ```[dovecot.conf] 39 | execute test-script { 40 | #driver = unix # default 41 | args = hello %{user} 42 | } 43 | service test-script-service { 44 | execute = script /usr/local/bin/test-script.sh one 45 | unix_listener test-script { 46 | path = 0666 47 | } 48 | } 49 | ``` 50 | 51 | The `test-script.sh` is executed with parameters `one hello `. 52 | 53 | ## TCP sockets 54 | 55 | Execute the script via a script service listening on a TCP socket. The service 56 | must execute the `script` binary to provide the proper communication API. 57 | 58 | Example: 59 | 60 | ```[dovecot.conf] 61 | execute localhost:12345 { 62 | driver = tcp # default 63 | args = hello %{user} 64 | } 65 | service test-script-service { 66 | execute = script /usr/local/bin/test-script.sh one 67 | inet_listener script { 68 | port = 12345 69 | } 70 | } 71 | ``` 72 | 73 | The `test-script.sh` is executed with parameters `one hello `. 74 | 75 | ## Fork and Execute 76 | 77 | Fork the process and execute the script directly. 78 | 79 | Example: 80 | 81 | ```[dovecot.conf] 82 | execute /usr/local/bin/test-script.sh { 83 | driver = fork 84 | args = hello %{user} 85 | } 86 | ``` 87 | 88 | The `test-script.sh` is executed with parameters `hello `. 89 | 90 | ## Execute Settings 91 | 92 | 93 | -------------------------------------------------------------------------------- /docs/core/plugins/quota_clone.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: quota-clone 4 | dovecotlinks: 5 | quota_clone: Quota Clone 6 | --- 7 | 8 | # Quota Clone Plugin (`quota-clone`) 9 | 10 | Quota clone plugin is useful when you want to store everybody's current quota 11 | usage to a database, but you don't want to use the database as the 12 | authoritative quota database. 13 | 14 | For example you might want to access everybody's quota via Redis (or SQL) 15 | but you don't store the Redis database permanently so it could become empty 16 | once in a while. 17 | 18 | Additionally, it is expensive to directly scan quota information from each 19 | individual user account, so quota-clone allows access to quota information 20 | that is less resource intensive. 21 | 22 | In these example use-cases, you can use [[link,quota_driver_count]] as the 23 | authoritative quota database and make a copy of the quota usage to Redis. 24 | From Redis you could then once in a while gather everybody's current quota 25 | usage and send it to yet another place (e.g. for statistics handling). 26 | 27 | Every time quota is updated, the value is updated to the cloned dict. There are 28 | race conditions with it so the quota may not always be 100% correct. The old 29 | value is always replaced with the new one though (not just 30 | incremented/decremented) so the cloned quota is never too much wrong. 31 | 32 | ## Settings 33 | 34 | 35 | 36 | ## Updated Keys 37 | 38 | The keys that are written: 39 | 40 | | Key | Value | 41 | | --- | ----- | 42 | | `priv/quota/messages` | Count of messages | 43 | | `priv/quota/storage` | Storage usage (in bytes) | 44 | 45 | ## Example Configuration 46 | 47 | ```[dovecot.conf] 48 | mail_plugins { 49 | quota = yes 50 | quota_clone = yes 51 | } 52 | 53 | redis_host = 127.0.0.1 54 | redis_port = 6379 55 | quota_clone { 56 | dict redis { 57 | } 58 | } 59 | ``` 60 | 61 | More complex example using SQL: 62 | 63 | ```[dovecot.conf] 64 | dict_server { 65 | dict mysql { 66 | driver = sql 67 | sql_driver = mysql 68 | 69 | dict_map priv/quota/messages { 70 | sql_table = quota 71 | username_field = username 72 | value_field messages { 73 | } 74 | } 75 | 76 | dict_map priv/quota/storage { 77 | sql_table = quota 78 | username_field = username 79 | value_field bytes { 80 | } 81 | } 82 | } 83 | } 84 | 85 | quota_clone { 86 | dict proxy { 87 | name = mysql 88 | } 89 | } 90 | ``` 91 | -------------------------------------------------------------------------------- /docs/howto/auto_forward.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: doc 3 | title: Autoforward Sender Address 4 | --- 5 | 6 | # Configuring Autoforward Sender Address 7 | 8 | Customer would like to have auto forwarding feature as described below: 9 | 10 | * Scenario: `(User A -> User B (Auto forwarder) -> User C)` 11 | 12 | 1. `B@example2.com` is a user at customer. 13 | 2. An email is sent from `A@example1.com` to `B@example2.com` 14 | 3. `B@example2.com` set an auto-forward rule so emails are being forwarded to 15 | `C@example3.com` automatically. 16 | 4. `C@example3.com` received the forwarded mail. 17 | 18 | * Current behavior 19 | : The mail received by `C@example3.com` has `mail from` header 20 | `A@example1.com` 21 | 22 | (i.e. the `mail from` is unchanged by client when forwarding to user C) 23 | 24 | * Requested behavior 25 | : The mail received by `C@example3.com` has `mail from` header 26 | `B@example2.com` 27 | 28 | (i.e. the `mail from` has been changed by user B when forwarding to 29 | user C, so the mail looks like as if it was originally sent by user B) 30 | 31 | * Reason for the request 32 | : Currently, the mails being auto forwarded by user B are occasionally get 33 | failed to pass SPF check somewhere in the path, which will result that the 34 | mail cannot be forwarded to user C. 35 | 36 | ## Solution 37 | 38 | The following is an example of what the Sieve config and rules could look 39 | like: 40 | 41 | ::: code-group 42 | ```[dovecot.conf] 43 | # Use editheader 44 | sieve_extensions { 45 | editheader = yes 46 | } 47 | ``` 48 | 49 | ```[Sieve Rule] 50 | require "editheader"; 51 | require "variables"; 52 | require "envelope"; 53 | 54 | # ... Any other rules 55 | 56 | # Obtain the user's full email address somehow 57 | # It can be obtained from the recipient address (without full name) 58 | # An alternative is to put the primary address into the script as a literal. 59 | if envelope :matches "to" "*" { set "user_email" "${1}"; } 60 | 61 | # This part of the script MUST be the final rule, otherwise other rules are 62 | # affected since the message is modified. 63 | 64 | # Drop the original "From:" header 65 | deleteheader "from"; 66 | 67 | # Add a new "From:" header 68 | addheader "From" "${user_email}"; 69 | 70 | redirect "forward@example.com"; 71 | ``` 72 | ::: 73 | 74 | ::: info 75 | It is very important to make sure that the deleteheader, addheader, redirect 76 | commands are the last rule in the sieve script, as this would affect other 77 | actions as well. 78 | ::: 79 | --------------------------------------------------------------------------------