Search K
Appearance
Upgrading from OX Dovecot Pro 3.0.x to Dovecot Pro 3.1.x
Dovecot Pro
Configuration changes
WARNING
Dovecot 2.3.x settings will NOT work unless the configuration is changed as described in this section.
Required Settings
The first setting in dovecot.conf MUST now be dovecot_config_version. This helps to avoid unexpected configuration changes in the future.
Another new required setting is dovecot_storage_version. This helps to avoid unexpected storage file format incompatibilities.
Note that the configuration syntax has been changed, and your old configuration will not work without changes.
Configuration Redesign
See Dovecot Config File Syntax for the new configuration syntax. This is similar to v2.3, but different in some ways. Especially the configuration is no longer hierarchical - all settings are global settings and can be used anywhere (although they might not actually do anything there). Settings can be inside various filters to specify where they are wanted to be used.
To avoid repetition in setting name prefixes, they are automatically attempted to be prefixed to their parent filter names. For example these are equivalent for the passdb_sql_query setting inside the passdb filter:
passdb sql {
passdb_sql_query = SELECT ...
}
passdb sql {
sql_query = SELECT ...
}
passdb sql {
query = SELECT ...
}
passdb sql2 {
# This will NOT work, as it expands to nonexistent passdb_sql2_query:
#query = SELECT ...
}Plugin settings
The plugin { ... } section no longer exists. Plugin settings are global the same as all other settings.
Variable expansion
A new Settings Variables syntax has been introduced. All old one-letter %variables have been removed, and some old variable aliases have been dropped too.
The new syntax uses | character for "filters" which can be chained. This is why some of the old variables have been replaced by filters. For example the old %d variable is now %{user | domain}, which gets the "user" variable and applies the "domain" filter for it.
List of common short variables and their replacements.
| Old variable | New syntax |
|---|---|
%a | %{local_port} |
%b | %{remote_port} |
%c | %{certificate} |
%c | %{secured} |
%d | %{user | domain } |
%h | %{home} |
%l | %{local_ip } |
%m | %{mechanism} |
%n | %{user | username } |
%p | %{client_pid } |
%r | %{remote_ip } |
%s | %{protocol} |
%u | %{user} |
%w | %{password} |
Common modifier syntaxes and their replacements.
| Old syntax | New syntax |
|---|---|
%1Mu | %{user | md5 | hexlify(1)} |
%2.1Mu | %{user | md5 | hexlify | substr(2,1)} |
%2.256N | %{ user | md5 | substr(0, 8) % 256 | hex(2)} |
%256Nu | %{ user | md5 | substr(0, 8) % 256 | hex} |
%Hu | No conversion available, use one of the syntaxes. |
%Ln | %{user | username | lower } |
%Lu | %{user | lower } |
%Mu | %{user | md5} |
Common long variables and their replacements.
| Old variable | New syntax |
|---|---|
%{auth_domain} | %{auth_user | domain} |
%{auth_username} | %{auth_user | username} |
%{lip} | %{local_ip} |
%{lport} | %{local_port} |
%{mech} | %{mechanism} |
%{orig_domain } | %{original_user | domain } |
%{orig_username} | %{original_user | username } |
%{orig_user} | %{original_user} |
%{real_lip} | %{real_local_ip} |
%{real_lport} | %{real_local_port } |
%{real_rip} | %{real_remote_ip } |
%{real_rport} | %{real_remote_port} |
%{rip} | %{remote_ip} |
%{rport} | %{remote_port } |
%{service} | %{protocol} |
Directory hashing
If you have been using /home/%2.256N/%u or similar constructs:
How to replace
%Nin new format:%2.256Nubecomes%{ user | md5 | substr(0, 8) % 256 | hex(2)}to return maximum 256 different hashes in range00..ff.%256Nubecomes%{ user | md5 | substr(0, 8) % 256 | hex}to return maximum 256 different hashes in range0..ff(without 0-padding in the front).
How to replace '%M' in new format:
%1Mu/%2.1Mu/%ubecomes%{user | md5 | hexlify(1)}/%{user | md5 | hexlify | substr(2,1)}/%{user}to returns directories from0/0/usertof/f/user.
There is no way to use '%H' anymore.
Added features
Settings
Changed features
Default Settings
| Setting | Old Default | New Default | Notes |
|---|---|---|---|
mail_prefetch_count for obox | 0 | 10 | |
mail_log_prefix | %s(%u)<%{process:pid}><%{session}>: | %{protocol}(%{user})<%{process:pid}><%{session}>: | New variable expansion syntax |
mailbox_list_drop_noselect | no | yes | \NoSelect folders are now dropped by default. |
protocols | imap pop3 lmtp | `` | No protocols are enabled by default. |
Converted Settings
| Setting | Notes |
|---|---|
acl | Replaced by acl_driver. |
acl_anyone | Renamed to imap_acl_allow_anyone. |
auth_debug | Use log_debug filter instead. Example: log_debug=category=auth. |
auth_default_realm | Replaced by auth_default_domain. |
auth_policy_server_timeout_msecs | Replaced by http_client_request_timeout inside auth_policy named filter. |
auth_worker_max_count | Use service-specific process limit. |
default_idle_kill | Renamed to default_idle_kill_interval. |
disable_plaintext_auth | Replaced by auth_allow_cleartext. |
doveadm_http_rawlog_dir | Replaced by http_client_rawlog_dir inside doveadm_server named filter. |
event_exporter_format_args | Replaced by event_exporter_time_format. |
event_exporter_transport | Renamed to event_exporter_driver. |
event_exporter_transport_args | Split off to driver-specific settings, see Event Export. |
event_exporter_transport_timeout | Replaced by http_client_request_timeout and event_exporter_unix_connect_timeout. |
inet_listener { address } | Replaced by listen setting. |
push_notification_backend | Use push_notification_driver instead. |
mail_crypt_require_encrypted_user_key | Replaced by crypt_user_key_require_encrypted, crypt_user_key_password and crypt_user_key_encryption_key. |
verbose_ssl | Use log_debug = category=ssl instead. |
mail_attachment_dir | Renamed to mail_ext_attachment_path. |
mail_attachment_fs | Use fs inside mail_ext_attachment named filter. |
mail_attachment_hash | Renamed to mail_ext_attachment_hash. |
mail_attachment_min_size | Renamed to mail_ext_attachment_min_size. |
mail_attribute_dict | Use dict inside mail_attribute named filter. |
mail_location setting & mail userdb field | Split into multiple mail_* settings. |
namespace { location } setting | Use mail_* settings inside namespace named list filter. |
notify_status_dict | Use dict inside notify_status named filter. |
notify_status_mailbox | Use mailbox_notify_status inside mailbox named list filters. |
fts | Replaced by fts named filter. |
fts_autoindex_exclude | Replaced by boolean property fts_autoindex, nested inside mailbox blocks. Note that the values are inverted as compared to those in the old fts_autoindex_exclude. |
fts_decoder | Replaced by fts_decoder_driver and fts_decoder_script_socket_path. |
fts_enforced | Replaced by fts_search_add_missing and fts_search_read_fallback |
fts_index_timeout | Renamed to fts_search_timeout. The default value is set to 30 secs. |
fts_solr | Replaced by fts_solr_url, fts_solr_batch_size, fts_solr_soft_commit, and http_client_rawlog_dir settings. |
fts_tika | Replaced by fts_decoder_driver and fts_decoder_tika_url. |
fts_language_config | Renamed to textcat_config_path. |
fts_languages | Converted into language blocks. |
fts_filters | Split into language_filters, language_filter_normalizer_icu_id, language_filter_stopwords_dir. |
fts_tokenizers | Split into language_tokenizers, language_tokenizer_address_token_maxlen, language_tokenizer_generic_algorithm, language_tokenizer_generic_token_maxlen, language_tokenizer_generic_wb5a, language_tokenizer_kuromoji_icu_id, language_tokenizer_kuromoji_split_compounds, language_tokenizer_kuromoji_token_maxlen. |
lazy_expunge | Renamed to lazy_expunge_mailbox. |
service { idle_kill } | Renamed to service_idle_kill_interval. |
service { service_count } | Renamed to service_restart_request_count. The default value is set to unlimited. Value 0 is now a configuration error. |
oauth2 username_format | Renamed to oauth2_username_validation_format. |
oauth2 pass_attrs | Replaced by oauth2_fields. |
oauth2 local_validation_key_dict | Replaced by dict inside oauth2_local_validation named filter. |
oauth2 timeout_msecs, max_idle_time_msecs, max_parallel_connections, max_pipelined_requests, rawlog_dir | Replaced by http_client_* settings inside oauth2 named filter. |
oauth2 tls_* | Replaced by ssl_client_* settings inside oauth2 named filter. |
oauth2 debug | Use log_debug filter instead. Example: log_debug=category=oauth2. |
oauth use_grant_password | Replaced by passdb oauth2 ` |
passdb/userdb :protected | Renamed to :default |
passdb { default_fields, override_fields } | Replaced by passdb_fields |
userdb { default_fields, override_fields } | Replaced by userdb_fields |
plugin | All plugin settings are now global settings. |
quota, quota_rule | Split into separate quota settings. |
quota_grace | Renamed to quota_storage_grace. |
quota_over_flag | Renamed to quota_over_status_current. |
quota_over_flag_lazy_check | Renamed to quota_over_status_lazy_check. |
quota_over_flag_value | Renamed to quota_over_status_mask. |
quota_over_script | Replaced by quota_over_status named filter with execute. |
quota_max_mail_size | Renamed to quota_mail_size. The default value is set to unlimited. |
sieve | Replaced by storage settings inside sieve_script filter. |
sieve_after | Replaced by sieve_script_type = after for sieve_script filter. |
sieve_default | Replaced by sieve_script_type = default for sieve_script filter. |
sieve_default_name | Replaced by sieve_script_name. |
sieve_discard | Replaced by sieve_script_type = discard for sieve_script filter. |
sieve_global | Replaced by sieve_script_type = global for sieve_script filter. |
sieve_quota_max_scripts | Renamed to sieve_quota_script_count. |
sieve_quota_max_storage | Renamed to sieve_quota_storage_size. |
sieve_user_log | Renamed to sieve_user_log_path. |
sieve_editheader_forbid_add | Renamed to sieve_editheader_header_forbid_add. |
sieve_editheader_forbid_delete | Renamed to sieve_editheader_header_forbid_delete. |
sieve_spamtest_max_header | Renamed to sieve_spamtest_score_max_header. |
sieve_spamtest_max_value | Renamed to sieve_spamtest_score_max_value. |
sieve_spamtest_text_value<X> | Changed sieve_spamtest_text_value into string list. |
sieve_vacation_dont_check_recipient | replaced by sieve_vacation_check_recipient. |
sieve_variables_max_scope_size | Renamed to sieve_variables_max_scope_count. |
sieve_variables_max_variable_size | Renamed to sieve_variables_max_value_size. |
sieve_virustest_max_header | Renamed to sieve_virustest_score_max_header. |
sieve_virustest_max_value | Renamed to sieve_virustest_score_max_value. |
sieve_virustest_text_value<X> | Changed sieve_virustest_text_value into string list. |
imapsieve_mailbox* | See imap-sieve plugin. |
ssl_alt_cert | Renamed to ssl_server_alt_cert_file. |
ssl_alt_key | Renamed to ssl_server_alt_key_file. |
ssl_ca | Split to ssl_server_ca_file and ssl_client_ca_file. |
ssl_ca_dir | Renamed to ssl_client_ca_dir. |
ssl_ca_file | Renamed to ssl_client_ca_file. |
ssl_cert | Renamed to ssl_server_cert_file. |
ssl_cert_username_field | Renamed to ssl_server_cert_username_field. |
ssl_client_cert | Renamed to ssl_client_cert_file. |
ssl_client_key | Renamed to ssl_client_key_file. |
ssl_dh | Renamed to ssl_server_dh_file. |
ssl_key | Renamed to ssl_server_key_file. |
ssl_key_password | Renamed to ssl_server_key_password. |
ssl_prefer_server_ciphers | Replaced by ssl_server_prefer_ciphers. |
ssl_require_crl | Renamed to ssl_server_require_crl. |
ssl_verify_client_cert | Renamed to ssl_server_request_client_cert. |
stats_http_rawlog_dir | Replaced by http_client_rawlog_dir inside stats_server named filter. |
External Configuration Files
v2.3 configured sql, ldap and some other features using .conf.ext external configuration files. These have been replaced by regular settings, which can be used in the same place where they used to be referred to before. For example:
passdb {
driver = mysql
args = /etc/dovecot/dovecot-sql.conf.ext
}connect = host=127.0.0.1 user=mysql_user pass=mysql_pass
password_query = SELECT password FROM users WHERE user = '%u'# Use these mysql settings globally. These could be also inside passdb sql {}
mysql 127.0.0.1 {
user = mysql_user
pass = mysql_pass
}
sql_driver = mysql
passdb sql {
query = SELECT password FROM users WHERE user = '%{user}'
}Lua HTTP API
Some settings were renamed. See lib-lua: HTTP Functions. The debug setting was removed - use log_debug instead to enable debugging.
Lua Authentication
Variable expansion changes affect also auth_request fields. For example auth_request.service is now auth_request.protocol.