* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-17.sme

- handle dhparam via template [SME: 12965]

.gitignore

@@ -2,3 +2,4 @@
 *.log
 *spec-20*
 *.tar.xz
+*.bak

README.md

@@ -7,12 +7,15 @@ SMEServer Koozali developed git repo for smeserver-dovecot smeserver
 <br />https://wiki.koozali.org/Smeserver-dovecot-extras
 
 ## Bugzilla
-Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-dovecot&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
+Show list of outstanding bugs:
+[All](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&bug_status=VERIFIED&cf_package=smeserver-dovecot&classification=SME+Server&list_id=105756&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Confirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=CONFIRMED&cf_package=smeserver-dovecot&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Unconfirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&cf_package=smeserver-dovecot&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Need info](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=NEEDINFO&cf_package=smeserver-dovecot&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[In progress](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=IN_PROGRESS&cf_package=smeserver-dovecot&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Resolved](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=RESOLVED&cf_package=smeserver-dovecot&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Verified](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=VERIFIED&cf_package=smeserver-dovecot&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
 
 ## Description
 
-<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
-*Once it has been checked, then this comment will be deleted*
-<br />
-
-Dovecot is an open source software service that provides secure access to emails, calendars, and other applications for both users and administrators. It works by creating a secure connection between a mail server and an email client, allowing users to securely sync and download their emails, calendar events, contacts, and other data. Dovecot also provides a secure authentication process to ensure that only users with the proper credentials can access the email server. It is highly reliable and scalable, making it a popular choice for large and small businesses alike. Additionally, Dovecot is easy to install and configure, so businesses can get started quickly and easily.
+Dovecot is an open source software service that provides secure access to emails, calendars, and other applications for both users and administrators. It works by creating a secure connection between a mail server and an email client, allowing users to securely sync and download their emails, calendar events, contacts, and other data. Dovecot also provides a secure authentication process to ensure that only users with the proper credentials can access the email server. It is highly reliable and scalable, making it a popular choice for large and small businesses alike. 

contriborbase

@@ -1 +0,0 @@
-sme10

createlinks

@@ -14,13 +14,36 @@ event_link("adjust-dovecot", "email-update", "02");
 event_link("adjust-dovecot", "bootstrap-console-save", "02");
 
 #smeserver-dovecot-update
-safe_symlink("restart", "root/etc/e-smith/events/smeserver-dovecot-update/services2adjust/dovecot");
-safe_symlink("restart", "root/etc/e-smith/events/smeserver-dovecot-update/services2adjust/rsyslog");
-event_link("adjust-dovecot", "smeserver-dovecot-update", "02");
-event_link("systemd-reload", "smeserver-dovecot-update", "89");
-event_link("systemd-default", "smeserver-dovecot-update", "88");
-templates2events("/etc/rsyslog.conf","smeserver-dovecot-update");
+my $event = "smeserver-dovecot-update";
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dovecot");
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog");
+event_link("adjust-dovecot", $event, "02");
+event_link("systemd-reload", $event, "89");
+event_link("systemd-default", $event, "88");
+templates2events("/etc/rsyslog.conf", $event);
+templates2events("/etc/dovecot/ssl/dhparam.pem", $event);
 
 # in case the ip change
 safe_symlink("sigusr2", "root/etc/e-smith/events/ip-change/services2adjust/dovecot");
 
+# dovecot-extras
+event_link("dovecot-acl", $event,  "30");
+event_link("dovecot-compile-sieve", $event,  "40");
+event_link("dovecot-acl", "email-update", "85");
+event_link("dovecot-acl", "user-create", "85");
+event_link("dovecot-acl", "post-upgrade", "85");
+event_link("dovecot-compile-sieve", "email-update", "86");
+
+safe_touch("root/home/e-smith/db/dovecot/sharedmailbox.db");
+
+templates2events("/home/e-smith/files/public/dovecot-acl", "email-update");
+
+
+$event = "dhparam-update";
+templates2events("/etc/dovecot/ssl/dhparam.pem", $event);
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/dovecot");
+
+$event = "smeserver-base-update";
+templates2events("/etc/dovecot/ssl/dhparam.pem", $event);
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/dovecot");
+

root/etc/e-smith/db/configuration/defaults/sieve/TCPPort

@@ -0,0 +1 @@
+4190

root/etc/e-smith/db/configuration/defaults/sieve/access

@@ -0,0 +1 @@
+localhost

root/etc/e-smith/db/configuration/defaults/sieve/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/sieve/type

@@ -0,0 +1 @@
+configuration

root/etc/e-smith/db/configuration/defaults/sieves/TCPPort

@@ -0,0 +1 @@
+5190

root/etc/e-smith/db/configuration/defaults/sieves/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/sieves/sieve/TCPPort

@@ -0,0 +1 @@
+4190

root/etc/e-smith/db/configuration/defaults/sieves/sieve/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/sieves/sieve/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/sieves/sieve/type

@@ -0,0 +1 @@
+configuration

root/etc/e-smith/db/configuration/defaults/sieves/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/sieves/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/defaults/spamassassin/SpamLearning

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/migrate/dovecot

@@ -7,5 +7,9 @@
  foreach my $prope (qw( SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 dh )) {
   $DB->get_prop_and_delete('dovecot', $prope) if (exists $dovecot{$prope});
  }
+ # drop SSLv2 from ssl_min_protocol
+  foreach my $prope (qw( SSLv2 )) {
+  $DB->get_prop_and_delete('dovecot', 'ssl_min_protocol') if (exists $dovecot{'ssl_min_protocol'} && $dovecot{'ssl_min_protocol'} eq $prope);
+ }
 
 }

root/etc/e-smith/events/actions/dovecot-acl

@@ -0,0 +1,89 @@
+#!/usr/bin/perl -w
+
+
+use esmith::ConfigDB;
+use esmith::AccountsDB;
+use File::Find;
+
+my $c = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n";
+my $a = esmith::AccountsDB->open_ro || die "Couldn't open AccountsdDB\n";
+
+my $dovecot = $c->get('dovecot');
+
+die "couldn't find dovecot service\n" unless ($dovecot);
+
+my $event = $ARGV[0];
+
+# SharedMailboxes disabled ?
+if (($dovecot->prop('SharedMailbox') || 'disabled') eq 'disabled'){
+    if (($dovecot->prop('SharedMailboxAcl') || 'yes') ne 'no'){
+        foreach my $user ($a->users){
+            my $name = $user->key;
+            die "Error removing SharedMailbox ACLs ($name"."'s Maildir)\n" unless (
+                system('/usr/bin/setfacl',
+                       '-R',
+                       '-x',
+                       'g:sharedmailbox',
+                       "/home/e-smith/files/users/$name") == 0 &&
+                system('/bin/chmod',
+                       '-R',
+                       'g-s',
+                       "/home/e-smith/files/users/$name/Maildir") == 0
+            );
+        }
+    }
+    $dovecot->set_prop('SharedMailboxAcl','no');
+    exit(0);
+}
+
+# If SharedMailbox is enabled
+
+# Set the correct ACL during user creation
+if ($event && $event eq 'user-create'){
+    my $user = $ARGV[1];
+    set_acl($user);
+}
+
+if (($dovecot->prop('SharedMailboxAcl') || 'no') ne 'yes'){
+    # ACL for existing users haven't been set yet
+    foreach my $user ($a->users){
+        my $name = $user->key;
+        set_acl($name);
+    }
+    $dovecot->set_prop('SharedMailboxAcl','yes');
+}
+
+# Set ACL on a user's Maildir
+sub set_acl {
+    my $user = shift;
+    die "Missing username\n" unless ($user);
+    die "Couldn't find $user"."'s home dir\n" unless (-e "/home/e-smith/files/users/$user");
+    find(\&dirperm,  "/home/e-smith/files/users/$user/Maildir");
+    die "Error applying permissions to $user 's Maildir\n" unless (
+        # sharedmailbox group needs read / write access on Maildir
+        system('/usr/bin/setfacl',
+               '-R',
+               '-m',
+               'u::rwX,g::rwX,o::rX,g:sharedmailbox:rwX,d:u::rwX,d:g::rwX,d:g:sharedmailbox:rwX,d:o::rX',
+               "/home/e-smith/files/users/$user/Maildir") == 0 &&
+        # Grant sharedmailbox group permission to go through
+        # the home dir so it can access the Maildir, but don't let it read
+        # anything (except the Maildir)
+        system('/usr/bin/setfacl',
+               '-m',
+               'g:sharedmailbox:x',
+               "/home/e-smith/files/users/$user") == 0
+    );
+}
+
+# The kernel will handle group perms when a user
+# create a dir in another user's Maildir (if IMAP ACL allows it)
+# This will prevent dovecot errors, see 
+# http://wiki2.dovecot.org/SharedMailboxes/Permissions and
+# http://wiki2.dovecot.org/Errors/ChgrpNoPerm
+sub dirperm {
+    system('/bin/chmod',
+           'g+s',
+           "$_") if (-d);
+}
+

root/etc/e-smith/events/actions/dovecot-compile-sieve

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+status=$(/sbin/e-smith/config getprop spamassassin UseBayes || echo 0)
+if [ "$status" = "1" ]
+then
+    systemctl restart dovecot
+    /usr/bin/sievec /usr/libexec/dovecot/sieve/
+fi
+#/usr/bin/sievec /usr/libexec/dovecot/sieve/

root/etc/e-smith/templates-user/.qmail/80DovecotLDA

@@ -0,0 +1,20 @@
+# Dovecot LDA delivery
+{
+    # vim: ft=perl:
+    use esmith::ConfigDB;
+    my $cdb = esmith::ConfigDB->open_ro || die "Couldn't open ConfigDB\n";
+    my $sieve = $cdb->get('sieve');
+    my $usersieve = $props{Sieve} || 'enabled';
+    my $globalsieve = ($sieve) ? ($sieve->prop('status') || 'disabled') : 'disabled';
+
+    if (($usersieve ne 'enabled') || ($globalsieve ne 'enabled')){
+        $OUT .= "# Sieve is disabled\n";
+    }
+    elsif ($props{EmailForward} !~ /^(local|both)$/) {
+        $OUT .= "# No local delivery (Dovecot LDA)\n";
+    }
+    else{
+        $OUT .= '| /var/qmail/bin/preline -f /usr/libexec/dovecot/dovecot-lda -a "$RECIPIENT"; if [ $? -ne 0 ] ; then exit -1; else exit 99; fi;';
+    }
+}
+

root/etc/e-smith/templates.metadata/etc/dovecot/ssl/dhparam.pem

@@ -0,0 +1,6 @@
+TEMPLATE_PATH="/home/e-smith/dh.pem"
+OUTPUT_FILENAME="/etc/dovecot/ssl/dhparam.pem"
+UID="root"
+GID="root"
+PERMS=0644
+

root/etc/e-smith/templates.metadata/home/e-smith/files/public/dovecot-acl

@@ -0,0 +1 @@
+GID="sharedmailbox"

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/10protocols11sieve

@@ -0,0 +1,6 @@
+{
+if (($sieve{'status'} || 'disabled') eq 'enabled'){
+    $proto .= " sieve";
+}
+$OUT .= "";
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/30listener11sieve

@@ -0,0 +1,66 @@
+{
+my $sieveStatus = $sieve{'status'} || 'enabled';
+my $sievesStatus = $sieves{'status'} || 'enabled';
+my $port = $sieve{'TCPPort'} || '4190';
+# should we only allow localhost ?
+my $sieveAccess = $sieve{'access'} || 'localhost';
+my $sieveListen = $sieve{'Listen'} || '';
+my $sieveAddress = "";
+if ($sieveAccess eq 'localhost') {
+        $sieveAddress = '127.0.0.1';
+    } elsif ($sieveAccess eq 'private') {
+        $sieveAddress = "127.0.0.1 $LOCALIP";
+    } elsif ($sieveAccess eq 'public') {
+        $sieveAddress = "127.0.0.1 $LOCALIP $EXTERNALIP";
+    }
+$sieveAddress .= " $sieveListen";
+
+my $ports = $sieves{'TCPPort'} || '5190';
+my $sievesAccess = $sieves{'access'} || 'localhost';
+my $sievesListen = $sieves{'Listen'} || '';
+my $sievesAddress = "";
+if ($sievesAccess eq 'localhost') {
+        $sievesAddress = '127.0.0.1';
+    } elsif ($sievesAccess eq 'private') {
+        $sievesAddress = "127.0.0.1 $LOCALIP";
+    } elsif ($sievesAccess eq 'public') {
+        $sievesAddress = "127.0.0.1 $LOCALIP $EXTERNALIP";
+    }
+$sievesAddress .= " $sievesListen";
+
+
+if ( $sieveStatus eq 'enabled' || $sievesStatus eq 'enabled') {
+    $OUT .=<<"HERE";
+service managesieve-login {
+
+HERE
+
+    if ( $sieveStatus eq 'enabled' ) {
+    $OUT .=<<"HERE";
+  inet_listener sieve {
+    port = $port
+    address = $sieveaddress
+  }
+HERE
+}
+
+    if ( $sievesStatus eq 'enabled' ) {
+    $OUT .=<<"HERE";
+  inet_listener sieves {
+    port = $ports
+    ssl = yes
+    address = $sievesaddress
+  }
+HERE
+}
+
+    $OUT .=<<"HERE";
+}
+
+HERE
+
+}
+else {
+    $OUT .= "# Sieve is disabled";
+}
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/35ssl

@@ -2,13 +2,11 @@ ssl = {$OUT .= ( (($imaps{'status'} || 'enabled') eq 'enabled') || (($pops{'stat
 ssl_cert = </etc/dovecot/ssl/imapd.pem
 ssl_key = </etc/dovecot/ssl/imapd.pem
 {
-
-my %protos={SLv3=>1,TLSv1=>1, TLSv1.1=>1, TLSv1.2=>1,TLSv1.3=>1};
-my $proto = ( (exists $dovecot{'ssl_min_protocol'} ) && (exists $protos{$dovecot{'ssl_min_protocol'}} ) ) ? $dovecot{'ssl_min_protocol'} : 'TLSv1.2';
+use esmith::ssl;
+my $proto = ( (exists $dovecot{'ssl_min_protocol'} ) && (exists $existingSSLprotos{$dovecot{'ssl_min_protocol'}} ) ) ? $dovecot{'ssl_min_protocol'} : SSLprotoMin();
 
 $OUT .= "ssl_dh=</etc/dovecot/ssl/dhparam.pem\n";
 $OUT .= "ssl_min_protocol = $proto\n" if ($proto ne '');
 $OUT .= "ssl_prefer_server_ciphers = yes\n";
-$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4') . "\n";
-
+$OUT .= "ssl_cipher_list = " . ($dovecot{CipherSuite} || $modSSL{CipherSuite} || $smeCiphers ). "\n";
 }

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/65pluginAcl

@@ -0,0 +1,104 @@
+{
+return "# Mailbox sharing is not enabled"
+  if (($dovecot{'SharedMailbox'} || 'disabled') eq 'disabled') && (($dovecot{'PublicMailbox'} || 'disabled') eq 'disabled');
+
+push @plugins, 'acl';
+push @imap_plugins, 'imap_acl';
+
+my $common =<<'_EOF';
+
+mail_access_groups = sharedmailbox
+
+service dict {
+  unix_listener dict {
+    mode = 0660
+    group = sharedmailbox
+  }
+}
+
+service auth {
+  unix_listener auth-userdb {
+    mode = 0660
+    group = sharedmailbox
+  }
+}
+
+service imap {
+  executable = imap imap-postlogin
+}
+
+service imap-postlogin {
+  executable = script-login -d /usr/bin/imap-postlogin
+  unix_listener imap-postlogin {
+  }
+}
+
+
+namespace {
+  type = private
+  separator = /
+  prefix =
+  inbox = yes
+}
+_EOF
+
+my $shared_mb = "\n# SharedMailbox is disabled\n";
+my $public_mb = "\n# PublicMailbox is disabled\n";
+if (($dovecot{'SharedMailbox'} || 'disabled') eq 'enabled'){
+  if (($dovecot{'PrivateIndex'} || 'disabled') eq 'enabled'){
+ $shared_mb =<<'_EOF';
+namespace {
+  type = shared
+  separator = /
+  prefix = shared/%%u/
+  location = maildir:%%h/Maildir:INDEXPVT=~/Maildir/shared/%%u
+  subscriptions = no
+  list = children
+}
+_EOF
+  }
+  if (($dovecot{'PrivateIndex'} || 'disabled') eq 'disabled'){
+ $shared_mb =<<'_EOF';
+namespace {
+  type = shared
+  separator = /
+  prefix = shared/%%u/
+  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
+  subscriptions = no
+  list = children
+}
+_EOF
+  }
+}
+if (($dovecot{'PublicMailbox'} || 'disabled') eq 'enabled'){
+  $public_mb =<<'_EOF';
+namespace {
+  type = public
+  separator = /
+  prefix = public/
+  location = maildir:/home/e-smith/files/public
+  subscriptions = no
+  list = children
+}
+_EOF
+}
+
+my $acl =<<'_EOF';
+plugin {
+  acl_shared_dict = file:/home/e-smith/db/dovecot/sharedmailbox.db
+}
+
+plugin {
+  acl = vfile
+}
+
+plugin {
+  acl_anyone = allow
+}
+
+_EOF
+
+push @conf, $common, $shared_mb, $public_mb, $acl;
+$OUT .= '';
+}
+

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/70pluginImapSieve

@@ -0,0 +1,53 @@
+{
+# If we have imap_sieve plugin, enable it
+if (( -e '/usr/lib64/dovecot/lib95_imap_sieve_plugin.so' || -e '/usr/lib/dovecot/lib95_imap_sieve_plugin.so') &&
+    ($spamassassin{'UseBayes'} || 'disabled') =~ m/^1|on|yes|enabled$/){
+  push @imap_plugins, 'imap_sieve';
+  my $index = 1;
+  $OUT.= <<'_EOF';
+
+plugin {
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+  sieve_execute_bin_dir = /usr/libexec/dovecot
+  sieve_pipe_bin_dir = /usr/libexec/dovecot
+  sieve_implicit_extensions = +vnd.dovecot.report
+  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute  +vnd.dovecot.environment
+
+_EOF
+
+  if (($dovecot{'LearnSpam'} || 'enabled') =~ m/^1|on|yes|enabled$/){
+    $OUT.= <<"_EOF";
+  # Copy from anywhere to junkmail
+  imapsieve_mailbox$index\_name = junkmail
+  imapsieve_mailbox$index\_causes = COPY
+  imapsieve_mailbox$index\_before = file:/usr/libexec/dovecot/sieve/report-spam.sieve
+_EOF
+    $index++;
+    $OUT.= <<"_EOF";
+  imapsieve_mailbox$index\_name = Junk
+  imapsieve_mailbox$index\_causes = COPY
+  imapsieve_mailbox$index\_before = file:/usr/libexec/dovecot/sieve/report-spam.sieve
+_EOF
+    $index++;
+  }
+  if (($dovecot{'LearnHam'} || 'enabled') =~ m/^1|on|yes|enabled$/){
+    $OUT.= <<"_EOF";
+  # Copy from junkmail to anywhere
+  imapsieve_mailbox$index\_name = *
+  imapsieve_mailbox$index\_from = junkmail
+  imapsieve_mailbox$index\_causes = COPY
+  imapsieve_mailbox$index\_before = file:/usr/libexec/dovecot/sieve/report-ham.sieve
+_EOF
+    $index++;
+    $OUT.= <<"_EOF";
+  imapsieve_mailbox$index\_name = *
+  imapsieve_mailbox$index\_from = Junk
+  imapsieve_mailbox$index\_causes = COPY
+  imapsieve_mailbox$index\_before = file:/usr/libexec/dovecot/sieve/report-ham.sieve
+_EOF
+    $index++;
+  }
+
+  $OUT .= '}';
+}
+}

root/etc/e-smith/templates/etc/dovecot/dovecot.conf/91lda

@@ -0,0 +1,19 @@
+
+postmaster_address = postmaster@{$DomainName}
+lda_original_recipient_header = to
+
+{
+my $reason = $dovecot{'RejectMessage'} || '';
+my $subject = $dovecot{'RejectSubject'} || '';
+if ($reason ne ''){
+    $OUT .= "rejection_reason = $reason\n";
+}
+if ($subject ne ''){
+    $OUT .= "rejection_subject = $subject\n";
+}
+}
+
+protocol lda \{
+  mail_plugins = $mail_plugins {$OUT .= (($sieve{'status'} || 'disabled') eq 'enabled') ? 'sieve':''}
+\}
+

root/etc/e-smith/templates/home/e-smith/files/public/dovecot-acl/10All

@@ -0,0 +1,11 @@
+{
+
+if (($dovecot{'PublicMailbox'} || 'disabled') eq 'enabled'){
+  my @PublicMailboxAdmins = split /[,:]/, ($dovecot{PublicMailboxAdmins} || '');
+  $OUT .= "user=admin lrswtipekxa" . "\n";
+  foreach my $PublicMailboxAdmins (sort @PublicMailboxAdmins){
+    $OUT .= 'user=' . "$PublicMailboxAdmins " . 'lrswtipekxa' . "\n";  
+  }
+}
+
+}

root/sbin/e-smith/systemd/dovecot-control

@@ -1,4 +0,0 @@
-#!/bin/bash
-# Create dhparam
-[ -e /etc/dovecot/ssl/dhparam.pem ] || \
-    RANDFILE=/dev/null /usr/bin/openssl dhparam -out /etc/dovecot/ssl/dhparam.pem 2048

root/usr/bin/imap-postlogin

@@ -0,0 +1,5 @@
+#!/bin/sh
+ACL_GROUPS=`groups $USER | tr ' '  ','`
+export ACL_GROUPS
+export USERDB_KEYS="$USERDB_KEYS acl_groups"
+exec "$@"

root/usr/lib/systemd/system/dovecot.service.d/50koozali.conf

@@ -6,7 +6,7 @@ ExecStartPre=-/sbin/e-smith/service-status dovecot
 ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/dovecot.conf
 ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/master.users
 ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/ssl/imapd.pem
-ExecStartPre=-/sbin/e-smith/systemd/dovecot-control
+ExecStartPre=-/sbin/e-smith/expand-template /etc/dovecot/ssl/dhparam.pem
 ExecStartPre=-/usr/sbin/portrelease dovecot
 Restart=always
 #SME:11733 needed for Dovecot quota-fs https://doc.dovecot.org/configuration_manual/quota/quota_fs/

root/usr/libexec/dovecot/learn-ham.sh

@@ -0,0 +1 @@
+exec /usr/bin/spamc -u spamd --max-size=5283920 -L ham

root/usr/libexec/dovecot/learn-spam.sh

@@ -0,0 +1 @@
+exec /usr/bin/spamc -u spamd --max-size=5283920 -L spam

root/usr/libexec/dovecot/sieve/report-ham.sieve

@@ -0,0 +1,11 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+if environment :matches "imap.mailbox" "*" {
+  set "mailbox" "${1}";
+}
+if anyof (string "${mailbox}" "Trash",
+          string "${mailbox}" "junkmail",
+          string "${mailbox}" "Junk",
+          string "${mailbox}" "Éléments supprimés") {
+  stop;
+}
+pipe :copy "learn-ham.sh";

root/usr/libexec/dovecot/sieve/report-spam.sieve

@@ -0,0 +1,2 @@
+require ["vnd.dovecot.pipe", "copy"];
+pipe :copy "learn-spam.sh";

smeserver-dovecot.spec

@@ -1,5 +1,5 @@
 %define version 11.0.0
-%define release 6
+%define release 17
 %define name smeserver-dovecot
 
 
@@ -17,12 +17,15 @@ BuildArchitectures: noarch
 BuildRequires: smeserver-devtools
 
 Requires: smeserver-base >= 5.2.0
-Requires: dovecot >= 2.0.9
+Requires: dovecot >= 2.3.16
+Requires: dovecot-pigeonhole
+Requires: portreserve
 
 Provides: smeserver-imap
 Provides: smeserver-pop3
 Provides: e-smith-imap
 Provides: e-smith-pop3
+Provides: smeserver-dovecot-extras
 Obsoletes: e-smith-imap
 Obsoletes: e-smith-pop3
 Obsoletes: e-smith-ssl-imap
@@ -38,6 +41,36 @@ Configure the dovecot IMAP server with sieve scripts support,
 quota, ACL, extended logging, master user
 
 %changelog
+* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-17.sme
+- handle dhparam via template [SME: 12965]
+
+* Sun Jan 19 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme
+- use spamd user for spams/ham learning [SME: 12265]
+  max size to learn hardocded to 5MB. 
+  per user spamassassin config is not supported
+
+* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
+- use esmith::ssl to set ciphers and protocol [SME: 12821]
+  improve cipher order to get strongers first
+  drop SSLv2
+
+* Mon Oct 21 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-13.sme
+- use INDEXPVT instead of INDEX for shared mailboxes [SME: 12150]
+
+* Wed Sep 25 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
+- fix missing sharedmailbox group [SME: 12735]
+
+* Tue Sep 24 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
+- add missing /home/e-smith/files/public/ folder [SME: 12735]
+
+* Wed Sep 11 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
+- merge dovecot-extra [SME: 12735]
+- add sieves support over ssl and improve template
+- requires dovecot-pigeonhole
+
+* Fri Apr 05 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
+- add missing requirement for portreserve [SME: 12589]
+
 * Thu Apr 04 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme
 - fix migrate fragment error  [SME: 12548]
 - add support for quota-fs [SME: 11733]
@@ -221,6 +254,16 @@ perl createlinks
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
    --file /sbin/e-smith/systemd/dovecot-control 'attr(0554,root,root)'\
    --dir /var/log/dovecot 'attr(0750,smelog,smelog)' \
+   --dir /home/e-smith/db/dovecot 'attr(2770,root,sharedmailbox)' \
+   --dir /home/e-smith/files/public 'attr(2770,root,sharedmailbox)' \
+   --dir /home/e-smith/files/public/cur 'attr(2770,root,sharedmailbox)' \
+   --dir /home/e-smith/files/public/new 'attr(2770,root,sharedmailbox)' \
+   --dir /home/e-smith/files/public/tmp 'attr(2770,root,sharedmailbox)' \
+   --file /home/e-smith/db/dovecot/sharedmailbox.db 'attr(0660,root,sharedmailbox) %config(noreplace)' \
+   --file /usr/bin/imap-postlogin 'attr(0755,root,root)' \
+   --file /usr/libexec/dovecot/learn-spam.sh 'attr(0755,root,root)' \
+   --file /usr/libexec/dovecot/learn-ham.sh 'attr(0755,root,root)' \
+   --ignoredir /usr/bin \
   > %{name}-%{version}-filelist
 
 %files -f %{name}-%{version}-filelist
@@ -247,6 +290,9 @@ if [ $1 -gt 1 ] ; then
   fi
 
 fi
+
+/usr/sbin/groupadd -g 439 sharedmailbox 2> /dev/null || :
+
 %post
 
 %preun