chore: progress

Signed-off-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>

docs/content/config/security/mail_crypt.md

@@ -24,8 +24,8 @@ Official Dovecot documentation: https://doc.dovecot.org/configuration_manual/mai
     # Enables mail_crypt for all services (imap, pop3, etc)
     mail_plugins = $mail_plugins mail_crypt
     plugin {
-      mail_crypt_global_private_key = </certs/ecprivkey.pem
-      mail_crypt_global_public_key = </certs/ecpubkey.pem
+      mail_crypt_global_private_key = /certs/ecprivkey.pem
+      mail_crypt_global_public_key = /certs/ecpubkey.pem
       mail_crypt_save_version = 2
     }
     ```

target/dovecot/10-ssl.conf

@@ -12,18 +12,18 @@
 ssl_server_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
 ssl_server_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
 # Fallback/Hybrid cert support. docker-mailserver will enable these when using ENV vars `SSL_ALT_CERT_PATH` and `SSL_ALT_KEY_PATH`.
-#ssl_alt_cert = </path/to/alternative/cert.pem
-#ssl_alt_key = </path/to/alternative/key.pem
+#ssl_alt_cert = /path/to/alternative/cert.pem
+#ssl_alt_key = /path/to/alternative/key.pem
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often
 # world-readable, you may want to place this setting instead to a different
-# root owned 0600 file by using ssl_key_password = <path.
+# root owned 0600 file by using ssl_key_password = path.
 #ssl_key_password =
 
 # PEM encoded trusted certificate authority. Set this only if you intend to use
 # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
-# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
+# followed by the matching CRL(s). (e.g. ssl_ca = /etc/ssl/certs/ca.pem)
 #ssl_ca =
 
 # Require that CRL check succeeds for client certificates.

target/dovecot/20-imap.conf

@@ -2,5 +2,6 @@ protocol imap {
   # allow IMAP clients to ask quota usage
   mail_plugins {
     imap_quota = yes
+    imap_sieve = no
   }
 }

target/dovecot/90-sieve.conf

@@ -21,15 +21,12 @@
 #
 # ref: https://doc.dovecot.org/main/core/config/sieve/overview.html#extensions
 sieve_extensions {
+    editheader = no
+    special-use = yes
     vnd.dovecot.pipe = yes
     vnd.dovecot.filter = yes
 }
 
-# Which Sieve language extensions are ONLY available in global scripts
-#
-# ref: https://doc.dovecot.org/main/core/plugins/sieve.html#sieve_global_extensions
-#sieve_global_extensions = { editheader = yes }
-
 # The Pigeonhole Sieve interpreter can have plugins of its own
 #
 # ref: https://doc.dovecot.org/main/core/plugins/sieve.html#sieve_plugins
@@ -50,7 +47,7 @@ sieve_plugins {
 # vnd.dovecot.pipe extension.
 #
 # ref: https://doc.dovecot.org/main/core/plugins/sieve_extprograms.html#sieve_pipe_bin_dir
-sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
+sieve_pipe_bin_dir = "/usr/lib/dovecot/sieve-pipe"
 
 # Points to a directory where the plugin looks for programs (shell
 # scripts) to execute directly and filter messages through for the

target/scripts/helpers/ssl.sh

@@ -257,8 +257,8 @@ function _setup_ssl() {
           # If the Dovecot settings for alt cert has been enabled (doesn't start with `#`),
           # but required ENV var is missing, reset to disabled state:
           sed -i -r \
-            -e 's|^(ssl_alt_key =).*|#\1 </path/to/alternative/key.pem|' \
-            -e 's|^(ssl_alt_cert =).*|#\1 </path/to/alternative/cert.pem|' \
+            -e 's|^(ssl_alt_key =).*|#\1 /path/to/alternative/key.pem|' \
+            -e 's|^(ssl_alt_cert =).*|#\1 /path/to/alternative/cert.pem|' \
             "${DOVECOT_CONFIG_SSL}"
         fi
 

target/scripts/startup/setup.d/dovecot.sh

@@ -144,25 +144,16 @@ function _setup_dovecot_quota() {
 
   # Dovecot quota is disabled when using LDAP or SMTP_ONLY or when explicitly disabled.
   if [[ ${ACCOUNT_PROVISIONER} != 'FILE' ]] || [[ ${SMTP_ONLY} -eq 1 ]] || [[ ${ENABLE_QUOTAS} -eq 0 ]]; then
-    # disable dovecot quota in docevot confs
     if [[ -f /etc/dovecot/conf.d/90-quota.conf ]]; then
-      mv /etc/dovecot/conf.d/90-quota.conf /etc/dovecot/conf.d/90-quota.conf.disab
-      sedfile -i \
-        "s|mail_plugins = \$mail_plugins quota|mail_plugins = \$mail_plugins|g" \
-        /etc/dovecot/conf.d/10-mail.conf
-      sedfile -i \
-        "s|mail_plugins = \$mail_plugins imap_quota|mail_plugins = \$mail_plugins|g" \
-        /etc/dovecot/conf.d/20-imap.conf
+      mv /etc/dovecot/conf.d/90-quota.conf          /etc/dovecot/conf.d/90-quota.conf.disab
+      sedfile -i -E 's|^( *quota =).*|\1 no|g'      /etc/dovecot/conf.d/10-mail.conf
+      sedfile -i -E 's|^( *imap_quota =).*|\1 no|g' /etc/dovecot/conf.d/20-imap.conf
     fi
   else
     if [[ -f /etc/dovecot/conf.d/90-quota.conf.disab ]]; then
-      mv /etc/dovecot/conf.d/90-quota.conf.disab /etc/dovecot/conf.d/90-quota.conf
-      sedfile -i \
-        "s|mail_plugins = \$mail_plugins|mail_plugins = \$mail_plugins quota|g" \
-        /etc/dovecot/conf.d/10-mail.conf
-      sedfile -i \
-        "s|mail_plugins = \$mail_plugins|mail_plugins = \$mail_plugins imap_quota|g" \
-        /etc/dovecot/conf.d/20-imap.conf
+      mv /etc/dovecot/conf.d/90-quota.conf.disab     /etc/dovecot/conf.d/90-quota.conf
+      sedfile -i -E 's|^( *quota =).*|\1 yes|g'      /etc/dovecot/conf.d/10-mail.conf
+      sedfile -i -E 's|^( *imap_quota =).*|\1 yes|g' /etc/dovecot/conf.d/20-imap.conf
     fi
 
     local MESSAGE_SIZE_LIMIT_MB=$((POSTFIX_MESSAGE_SIZE_LIMIT / 1000000))

target/scripts/startup/setup.d/security/misc.sh

@@ -251,11 +251,8 @@ function _setup_spam_subject() {
   else
     _log 'debug' "Spam subject is set - the prefix '${SPAM_SUBJECT}' will be added to spam e-mails"
 
-    _log 'trace' "Enabling '+editheader' Sieve extension"
-    # check whether sieve_global_extensions is disabled (and enabled it if so)
-    sed -i -E 's|#(sieve_global_extensions.*)|\1|' /etc/dovecot/conf.d/90-sieve.conf
-    # then append the extension
-    sedfile -i -E 's|(sieve_global_extensions.*)|\1 +editheader|' /etc/dovecot/conf.d/90-sieve.conf
+    _log 'trace' "Enabling Sieve extension 'editheader'"
+    sedfile -i -E 's|^( *editheader =).*|\1 yes|g' /etc/dovecot/conf.d/90-sieve.conf
 
     _log 'trace' "Adding global (before) Sieve script for subject rewrite"
     # This directory contains Sieve scripts that are executed before user-defined Sieve
@@ -297,6 +294,8 @@ EOF
 function _setup_spam_to_junk() {
   if [[ ${MOVE_SPAM_TO_JUNK} -eq 1 ]]; then
     _log 'debug' 'Spam emails will be moved to the Junk folder'
+
+
     mkdir -p /usr/lib/dovecot/sieve-global/after/
     cat >/usr/lib/dovecot/sieve-global/after/spam_to_junk.sieve << EOF
 require ["fileinto","special-use"];

target/scripts/startup/setup.d/security/rspamd.sh

@@ -223,20 +223,26 @@ function __rspamd__setup_learning() {
     readonly SIEVE_PIPE_BIN_DIR
     ln -s "$(type -f -P rspamc)" "${SIEVE_PIPE_BIN_DIR}/rspamc"
 
-    sedfile -i -E 's|(mail_plugins =.*)|\1 imap_sieve|' /etc/dovecot/conf.d/20-imap.conf
-    sedfile -i -E '/^}/d' /etc/dovecot/conf.d/90-sieve.conf
+    sedfile -i -E 's|^( *imap_sieve =).*|\1 yes|g' /etc/dovecot/conf.d/20-imap.conf
     cat >>/etc/dovecot/conf.d/90-sieve.conf << EOF
 
-  # From anywhere to Junk
-  imapsieve_mailbox1_name = Junk
-  imapsieve_mailbox1_causes = COPY APPEND
-  imapsieve_mailbox1_before = file:${SIEVE_PIPE_BIN_DIR}/learn-spam.sieve
+mailbox Junk {
+  sieve_script learn_spam {
+    cause = append copy
+    driver = file
+    name = Learn Spam
+    path = ${SIEVE_PIPE_BIN_DIR}/learn-spam.sieve
+    type = before
+  }
+}
 
-  # From Junk to Inbox
-  imapsieve_mailbox2_name = INBOX
-  imapsieve_mailbox2_from = Junk
-  imapsieve_mailbox2_causes = COPY APPEND
-  imapsieve_mailbox2_before = file:${SIEVE_PIPE_BIN_DIR}/learn-ham.sieve
+imapsieve_from Junk {
+  sieve_script learn_ham {
+    cause = append copy
+    name = Learn Ham
+    path = ${SIEVE_PIPE_BIN_DIR}/learn-ham.sieve
+    type = before
+  }
 }
 EOF
 

test/config/rspamd_full/user-patches.sh

@@ -12,5 +12,4 @@ echo 'gtube_patterns = "all"' >>/etc/rspamd/local.d/options.inc
 # Sieve scripts are executed so Rspamd is trained when using
 # `RSPAMD_LEARN=1`.
 echo 'mail_debug = yes' >>/etc/dovecot/dovecot.conf
-sed -i -E '/^}/d' /etc/dovecot/conf.d/90-sieve.conf
-echo -e '\n  sieve_trace_debug = yes\n}' >>/etc/dovecot/conf.d/90-sieve.conf
+echo 'sieve_trace_debug = yes' >>/etc/dovecot/conf.d/90-sieve.conf

test/tests/parallel/set1/dovecot/quotas_disabled.bats

@@ -14,10 +14,10 @@ function teardown_file() { _default_teardown ; }
 
 @test "(Dovecot) quota plugin is disabled" {
   _run_in_container_bash_and_filter_output 'cat /etc/dovecot/conf.d/10-mail.conf'
-  refute_output --partial 'quota'
+  refute_output --partial 'quota = yes'
 
   _run_in_container_bash_and_filter_output 'cat /etc/dovecot/conf.d/20-imap.conf'
-  refute_output --partial 'imap_quota'
+  refute_output --partial 'imap_quota = yes'
 
   _run_in_container_bash "[[ -f /etc/dovecot/conf.d/90-quota.conf ]]"
   assert_failure

test/tests/parallel/set1/spam_virus/rspamd_full.bats

@@ -140,7 +140,7 @@ function teardown_file() { _default_teardown ; }
   _service_log_should_contain_string 'rspamd' 'S (no action)'
 
   _print_mail_log_for_msgid 'rspamd-test-email-pass'
-  assert_output --partial "stored mail into mailbox 'INBOX'"
+  assert_output --partial 'saved mail to INBOX'
 
   _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 3
 }
@@ -154,7 +154,7 @@ function teardown_file() { _default_teardown ; }
   assert_output --partial '5.7.1 Gtube pattern'
 
   _print_mail_log_for_msgid 'dms-test-email-spam'
-  refute_output --partial "stored mail into mailbox 'INBOX'"
+  refute_output --partial 'saved mail to INBOX'
   assert_failure
 
   _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 3
@@ -169,7 +169,7 @@ function teardown_file() { _default_teardown ; }
   assert_output --partial '5.7.1 ClamAV FOUND VIRUS "Eicar-Signature"'
 
   _print_mail_log_for_msgid 'dms-test-email-spam'
-  refute_output --partial "stored mail into mailbox 'INBOX'"
+  refute_output --partial 'saved mail to INBOX'
   assert_failure
 
   _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 3
@@ -259,7 +259,7 @@ function teardown_file() { _default_teardown ; }
   _service_log_should_contain_string 'rspamd' 'rewrite subject "Gtube pattern"'
 
   _print_mail_log_for_msgid 'rspamd-test-email-rewrite_subject'
-  assert_output --partial "stored mail into mailbox 'INBOX'"
+  assert_output --partial 'saved mail to INBOX'
 
   # check that the inbox contains the subject-rewritten e-mail
   _run_in_container_bash "grep --fixed-strings 'Subject: *** SPAM ***' /var/mail/localhost.localdomain/user1/new/*"
@@ -284,7 +284,7 @@ function teardown_file() { _default_teardown ; }
     _file_exists_in_container "/usr/lib/dovecot/sieve-pipe/${FILE}"
   done
 
-  _run_in_container grep 'mail_plugins.*imap_sieve' /etc/dovecot/conf.d/20-imap.conf
+  _run_in_container grep -F 'imap_sieve = yes' /etc/dovecot/conf.d/20-imap.conf
   assert_success
   local SIEVE_CONFIG_FILE='/etc/dovecot/conf.d/90-sieve.conf'
   _run_in_container grep 'sieve_plugins.*sieve_imapsieve' "${SIEVE_CONFIG_FILE}"

test/tests/parallel/set1/tls/manual.bats

@@ -61,19 +61,19 @@ function teardown_file() { _default_teardown ; }
 
   _run_in_container grep '^ssl_key =' "${DOVECOT_CONFIG_SSL}"
   assert_success
-  assert_output "ssl_key = <${PRIMARY_KEY}"
+  assert_output "ssl_key = ${PRIMARY_KEY}"
 
   _run_in_container grep '^ssl_cert =' "${DOVECOT_CONFIG_SSL}"
   assert_success
-  assert_output "ssl_cert = <${PRIMARY_CERT}"
+  assert_output "ssl_cert = ${PRIMARY_CERT}"
 
   _run_in_container grep '^ssl_alt_key =' "${DOVECOT_CONFIG_SSL}"
   assert_success
-  assert_output "ssl_alt_key = <${FALLBACK_KEY}"
+  assert_output "ssl_alt_key = ${FALLBACK_KEY}"
 
   _run_in_container grep '^ssl_alt_cert =' "${DOVECOT_CONFIG_SSL}"
   assert_success
-  assert_output "ssl_alt_cert = <${FALLBACK_CERT}"
+  assert_output "ssl_alt_cert = ${FALLBACK_CERT}"
 }
 
 @test "manual configuration copied files correctly " {