Major move around

email_core/config/dovecot.auth

@@ -0,0 +1,11 @@
+auth_mechanisms = plain login
+
+passdb {
+  driver = passwd-file
+  args = /etc/dovecot/passwd
+}
+
+userdb {
+  driver = static
+  args = uid=vmail gid=vmail home=/vmail/%d/%n allow_all_users=yes
+}

email_core/config/dovecot.imap

@@ -0,0 +1,3 @@
+protocol imap {
+	imap_client_workarounds = tb-extra-mailbox-sep
+}

email_core/config/dovecot.lda

@@ -0,0 +1,5 @@
+protocol lda {
+  hostname = mail.docker.container
+  postmaster_address = postmaster@mail.docker.container
+  mail_plugin_dir = /usr/lib/dovecot/modules/lda
+}

email_core/config/dovecot.logging

@@ -0,0 +1,2 @@
+auth_verbose = yes
+auth_debug = yes

email_core/config/dovecot.mail

@@ -0,0 +1,19 @@
+mail_location = maildir:/vmail/%d/%n:LAYOUT=fs
+
+namespace inbox {
+  inbox = yes
+
+  # set these to autocreate or else thunderbird will complain
+  mailbox Trash {
+    auto = create
+    special_use = \Trash
+  }
+  mailbox Drafts {
+    auto = subscribe
+    special_use = \Drafts
+  }
+  mailbox Sent {
+    auto = subscribe # autocreate and autosubscribe the Sent mailbox
+    special_use = \Sent
+  }
+}

email_core/config/dovecot.master

@@ -0,0 +1,33 @@
+service imap-login {
+  inet_listener imap {
+
+  }
+
+  #disable imaps since we use TLS connections through the standard imap
+  inet_listener imaps {
+    port = 0
+  }
+}
+
+service imap {
+}
+
+# not sure if this is needed
+service lmtp {
+ unix_listener /var/spool/postfix/private/dovecot-lmtp {
+   group = vmail
+   mode = 0660
+   user = postfix
+  }
+}
+
+service auth {
+  unix_listener /var/spool/postfix/private/auth {
+          mode = 0660
+    user = postfix
+    group = vmail
+  }
+}
+
+service auth-worker {
+}

email_core/config/dovecot.ssl

@@ -0,0 +1,5 @@
+ssl = required
+disable_plaintext_auth = yes
+ssl_cert = </etc/dovecot/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.pem
+

email_core/config/example/aliases

@@ -0,0 +1,2 @@
+admin@example.org	admin@example.org
+@example.org 	catch-all@example.org

email_core/config/example/domains

@@ -0,0 +1 @@
+example.org

email_core/config/example/myhostname

@@ -0,0 +1 @@
+localhost

email_core/config/example/passwords

@@ -0,0 +1,2 @@
+catch-all@example.org:{PLAIN}password123
+admin@example.org:{SHA256-CRYPT}$5$3qaCC/fV65Adtfoy$O20EXoSOcgWKf5NyAZnXAtGPQoSgeYRjLm56M25.H12

email_core/config/postfix.main.cf

@@ -0,0 +1,77 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = localhost
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+mydestination = /etc/mailname, localhost.localdomain, localhost
+relayhost =
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+
+# SMTP configuration for incoming mail (port 25)
+# Outgoing mail (port 587) configuration  is specified in master.cf
+
+# allow all connections (since we want to receive mail from outside)
+smtpd_client_restrictions = permit
+
+# Don't talk to mail systems that don't know their own hostname.
+# With Postfix < 2.3, specify reject_unknown_hostname.
+smtpd_helo_restrictions = permit
+
+# Don't accept mail from domains that don't exist.
+smtpd_sender_restrictions = permit
+
+# Only accept mail where this server is the final destination
+smtpd_relay_restrictions = permit_auth_destination, reject
+
+# Mail thats not for us gets filtered out by smtpd_relay_restrictions
+# When the mail is for us, we just accept everything. (could add spam blocklists/user checking etc. here)
+smtpd_recipient_restrictions = permit
+
+# Delivery to dovecot
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+virtual_alias_maps = hash:/etc/postfix/virtual
+virtual_mailbox_domains = /etc/postfix/virtual-mailbox-domains
+virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-maps
+virtual_transport = dovecot
+dovecot_destination_recipient_limit = 1
+
+# additional authentication settings
+smtpd_tls_auth_only = yes
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+
+# DKIM
+milter_default_action = accept
+milter_protocol = 2
+smtpd_milters = inet:localhost:8891
+non_smtpd_milters = inet:localhost:8891

email_core/config/postfix.master.cf.append

@@ -0,0 +1,15 @@
+dovecot   unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
+
+# we need to be permissive with the helo restrictions since the client can only
+# authenticate after HELO has been sent
+submission      inet    n       -       n       -       -       smtpd
+ -o smtpd_etrn_restrictions=reject
+ -o smtpd_sasl_type=dovecot
+ -o smtpd_sasl_path=private/auth
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_helo_restrictions=permit
+ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_sender_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject