Skip to content

dovecot: update to 2.4 #6692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 7 commits into
base: staging
Choose a base branch
from
Draft

dovecot: update to 2.4 #6692

wants to merge 7 commits into from

Conversation

DerLinkman
Copy link
Member

Contribution Guidelines

What does this PR include?

Short Description

This pull request introduces a major overhaul and modernization of the Dovecot configuration for the mail server. The changes include a migration to new-style configuration files, significant improvements to SQL and authentication integration, updated plugin and service management, and enhanced security defaults. The Dockerfile is also updated to use a newer Alpine base image. Below are the most important changes grouped by theme:

Configuration Modernization and Structure:

  • Introduced new modular configuration files in data/conf/dovecot/conf.d/, covering core, mail, SSL, SQL, storage, performance, authentication, userdb, and service definitions for improved clarity and maintainability. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]

Authentication and SQL Integration:

  • Refactored Lua authentication script to use the correct request fields, improved error handling, and added a custom cache key function for better auth caching. [1] [2] [3] [4] [5]
  • Overhauled SQL dict and userdb configuration generation to use Dovecot's new dict_map syntax and variable expansion, improving flexibility and compatibility.

Plugin and Service Management:

  • Updated plugin lists for IMAP, LMTP, and general mail to include new plugins (e.g., quota_clone, mail_compress) and removed deprecated options, with conditional handling based on FTS settings.
  • Added new service definitions for Dovecot components (auth, imap, lmtp, managesieve, quota-warning, etc.) in a dedicated config file.

Security and Protocol Improvements:

  • Set minimum TLS protocol to 1.2 and updated SSL cipher settings, aligning with modern security standards.
  • Replaced deprecated SSL config directives and improved SNI certificate handling for better compatibility.
  • Updated ACL and cleartext authentication handling for more explicit and secure configuration. [1] [2] [3]

Other Notable Changes:

  • Updated Dockerfile to use Alpine 3.22 base for newer package support.
  • Updated FTS configuration file references and removed legacy OpenSSL compatibility hacks. [1] [2]
  • Improved shared namespace configuration for mailbox sharing features.

These changes collectively bring the Dovecot setup up to date with current best practices, improve maintainability, and enhance both security and feature support.

Affected Containers

  • dovecot-mailcow (mainly)

Did you run tests?

What did you tested?

WIP

@Westie
Copy link

Westie commented Aug 29, 2025

Nice!

Can you add data/conf/dovecot/extra.d/*or something else relevant to .gitignore as part of this PR please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DerLinkman @Westie