# generated 2024-02-14, Mozilla Guideline v5.7, Dovecot 2.3.16, OpenSSL 1.1.1, modern configuration
# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.16&config=modern&openssl=1.1.1&guideline=5.7
ssl = required

ssl_cert = <{{ tls_certs }}/{{ mail_server }}-fullchain.crt
ssl_key = <{{ tls_private }}/{{ mail_server }}.key

ssl_min_protocol = TLSv1.3
ssl_prefer_server_ciphers = no

# kerberos
auth_gssapi_hostname = "$ALL"
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = gssapi plain login

# enable only imap
protocols = imap

# use index from tmpfs
mail_location = mbox:~/imapmail/:INBOX=/var/mail/%u:INDEX=/var/spool/dovecot/index/home/%u

# special icons for mailboxes
namespace inbox {
  mailbox spam {
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
}

# imap specific
protocol imap {
  mail_max_userip_connections = 20
  imap_idle_notify_interval = 29 mins
}

# disable plain text imap
service imap-login {
    inet_listener imap {
        port = 0
    }
}