dovecot: Add in Trisquel aramo update changes

During the update, do-release-upgrade prompted for actions about
dovecot configuration files that were modified.

So the new comments were used and some old defaults were converted
to new defaults.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

4 files changed, 76 insertions, 18 deletions

diff --git a/etc/dovecot/conf.d/10-logging.conf b/etc/dovecot/conf.d/10-logging.conf
index 6313c18..76000ad 100644
--- a/etc/dovecot/conf.d/10-logging.conf
+++ b/etc/dovecot/conf.d/10-logging.conf
@@ -20,6 +20,22 @@
 ## Logging verbosity and debugging.
 ##
 
+# Log filter is a space-separated list conditions. If any of the conditions
+# match, the log filter matches (i.e. they're ORed together). Parenthesis
+# are supported if multiple conditions need to be matched together.
+#
+# See https://doc.dovecot.org/configuration_manual/event_filter/ for details.
+#
+# For example: event=http_request_* AND category=error AND category=storage
+#
+# Filter to specify what debug logging to enable. This will eventually replace
+# mail_debug and auth_debug settings.
+#log_debug =
+
+# Crash after logging a matching event. For example category=error will crash
+# any time an error is logged, which can be useful for debugging.
+#log_core_filter =
+
 # Log unsuccessful authentication attempts and the reasons why they failed.
 #auth_verbose = no
 
@@ -72,7 +88,7 @@ plugin {
  
 # Log prefix for mail processes. See doc/wiki/Variables.txt for list of
 # possible variables you can use.
-#mail_log_prefix = "%s(%u): "
+#mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
 
 # Format to use for logging mail deliveries:
 #  %$ - Delivery status message (e.g. "saved to INBOX")
diff --git a/etc/dovecot/conf.d/10-mail.conf b/etc/dovecot/conf.d/10-mail.conf
index 60d547c..b47235f 100644
--- a/etc/dovecot/conf.d/10-mail.conf
+++ b/etc/dovecot/conf.d/10-mail.conf
@@ -165,7 +165,10 @@ mail_privileged_group = mail
 # methods. NFS users: flock doesn't work, remember to change mmap_disable.
 #lock_method = fcntl
 
-# Directory in which LDA/LMTP temporarily stores incoming mails >128 kB.
+# Directory where mails can be temporarily stored. Usually it's used only for
+# mails larger than >= 128 kB. It's used by various parts of Dovecot, for
+# example LDA/LMTP while delivering large mails or zlib plugin for keeping
+# uncompressed mails.
 #mail_temp_dir = /tmp
 
 # Valid UID range for users, defaults to 500 and above. This is mostly
@@ -220,7 +223,7 @@ mail_privileged_group = mail
 
 # Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
 # also required for IMAP NOTIFY extension to be enabled.
-#mailbox_list_index = no
+#mailbox_list_index = yes
 
 # Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
 # of potentially returning out-of-date results after e.g. server crashes.
@@ -369,7 +372,7 @@ protocol !indexer-worker {
 ##
 
 # Maximum dbox file size until it's rotated.
-#mdbox_rotate_size = 2M
+#mdbox_rotate_size = 10M
 
 # Maximum dbox file age until it's rotated. Typically in days. Day begins
 # from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
@@ -405,3 +408,14 @@ protocol !indexer-worker {
 # variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
 # Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
 #mail_attachment_hash = %{sha1}
+
+# Settings to control adding $HasAttachment or $HasNoAttachment keywords.
+# By default, all MIME parts with Content-Disposition=attachment, or inlines
+# with filename parameter are consired attachments.
+#   add-flags - Add the keywords when saving new mails or when fetching can
+#      do it efficiently.
+#   content-type=type or !type - Include/exclude content type. Excluding will
+#     never consider the matched MIME part as attachment. Including will only
+#     negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar).
+#   exclude-inlined - Exclude any Content-Disposition=inline MIME part.
+#mail_attachment_detection_options =
diff --git a/etc/dovecot/conf.d/10-ssl.conf b/etc/dovecot/conf.d/10-ssl.conf
index 5a1600c..ca2d005 100644
--- a/etc/dovecot/conf.d/10-ssl.conf
+++ b/etc/dovecot/conf.d/10-ssl.conf
@@ -9,8 +9,8 @@ ssl = no
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-#ssl_cert = </etc/dovecot/dovecot.pem
-#ssl_key = </etc/dovecot/private/dovecot.pem
+# ssl_cert = </etc/dovecot/private/dovecot.pem
+# ssl_key = </etc/dovecot/private/dovecot.key
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often
@@ -27,12 +27,18 @@ ssl = no
 #ssl_require_crl = yes
 
 # Directory and/or file for trusted SSL CA certificates. These are used only
-# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
-# directory is usually /etc/ssl/certs in Debian-based systems and the file is
-# /etc/pki/tls/cert.pem in RedHat-based systems.
+# when Dovecot needs to act as an SSL client (e.g. imapc backend or
+# submission service). The directory is usually /etc/ssl/certs in
+# Debian-based systems and the file is /etc/pki/tls/cert.pem in
+# RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
+# large CA bundles, because it leads to excessive memory usage.
 #ssl_client_ca_dir =
+ssl_client_ca_dir = /etc/ssl/certs
 #ssl_client_ca_file =
 
+# Require valid cert when connecting to a remote server
+#ssl_client_require_valid_cert = yes
+
 # Request client to send a certificate. If you also want to require it, set
 # auth_ssl_require_client_cert=yes in auth section.
 #ssl_verify_client_cert = no
@@ -42,14 +48,28 @@ ssl = no
 # auth_ssl_username_from_cert=yes.
 #ssl_cert_username_field = commonName
 
-# DH parameters length to use.
-#ssl_dh_parameters_length = 1024
+# SSL DH parameters
+# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
+# Or migrate from old ssl-parameters.dat file with the command dovecot
+# gives on startup when ssl_dh is unset.
+ssl_dh = </usr/share/dovecot/dh.pem
+
+# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
+# TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3, depending on the OpenSSL version used.
+#
+# Dovecot also recognizes values ANY and LATEST. ANY matches with any protocol
+# version, and LATEST matches with the latest version supported by library.
+#ssl_min_protocol = TLSv1.2
 
-# SSL protocols to use
-#ssl_protocols = !SSLv2
+# SSL ciphers to use, the default is:
+#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+# To disable non-EC DH, use:
+#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
 
-# SSL ciphers to use
-#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
+# Colon separated list of elliptic curves to use. Empty value (the default)
+# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
+# example of a valid value.
+#ssl_curve_list =
 
 # Prefer the server's order of ciphers over client's.
 #ssl_prefer_server_ciphers = no
@@ -58,5 +78,6 @@ ssl = no
 #ssl_crypto_device =
 
 # SSL extra options. Currently supported options are:
-#   no_compression - Disable compression.
+#   compression - Enable compression.
+#   no_ticket - Disable SSL session tickets.
 #ssl_options =
diff --git a/etc/dovecot/conf.d/20-imap.conf b/etc/dovecot/conf.d/20-imap.conf
index 8bedfe1..e60b0cd 100644
--- a/etc/dovecot/conf.d/20-imap.conf
+++ b/etc/dovecot/conf.d/20-imap.conf
@@ -28,7 +28,10 @@
 #  %{trashed} - Number of mails that client copied/moved to the
 #               special_use=\Trash mailbox.
 #  %{appended} - Number of mails saved during the session
-#imap_logout_format = in=%i out=%o
+#imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} \
+#  trashed=%{trashed} hdr_count=%{fetch_hdr_count} \
+#  hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} \
+#  body_bytes=%{fetch_body_bytes}
 
 # Override the IMAP CAPABILITY response. If the value begins with '+',
 # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
@@ -40,7 +43,8 @@
 
 # ID field names and values to send to clients. Using * as the value makes
 # Dovecot use the default value. The following fields have default values
-# currently: name, version, os, os-version, support-url, support-email.
+# currently: name, version, os, os-version, support-url, support-email,
+# revision.
 #imap_id_send = 
 
 # ID fields sent by client to log. * means everything.
@@ -69,6 +73,9 @@
 # Host allowed in URLAUTH URLs sent by client. "*" allows all.
 #imap_urlauth_host =
 
+# Enable IMAP LITERAL- extension (replaces LITERAL+)
+#imap_literal_minus = no
+
 # What happens when FETCH fails due to some internal error:
 #   disconnect-immediately:
 #     The FETCH is aborted immediately and the IMAP client is disconnected.