From 65f151191333a16942996b213415380d160b158f Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Wed, 6 Apr 2016 21:19:42 +0200
Subject: [PATCH] Fix dovecot auth settings.

---
 roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2 | 6 +++---
 roles/mail/templates/dovecot/local.conf.j2            | 9 +++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2 b/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
index abcb40e..7e5a844 100644
--- a/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
+++ b/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
@@ -17,7 +17,7 @@
 #        by * none
 
 # Space separated list of LDAP hosts to use. host:port is allowed too.
-#hosts = {{ ldap_host }}
+#hosts =
 
 # LDAP URIs to use. You can use this instead of hosts list. Note that this
 # setting isn't supported by all LDAP libraries.
@@ -43,7 +43,7 @@ dnpass = {{ ldap_bindpw }}
 #sasl_authz_id =
 
 # Use TLS to connect to the LDAP server.
-tls = yes
+tls = no
 # TLS options, currently supported only with OpenLDAP:
 tls_ca_cert_file = {{ ldap_ca }}
 #tls_ca_cert_dir =
@@ -108,7 +108,7 @@ scope = subtree
 # There are also other special fields which can be returned, see
 # http://wiki2.dovecot.org/UserDatabase/ExtraFields
 #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
-user_attr =
+user_attrs =
 
 # Filter for user lookup. Some variables can be used (see
 # http://wiki2.dovecot.org/Variables for full list):
diff --git a/roles/mail/templates/dovecot/local.conf.j2 b/roles/mail/templates/dovecot/local.conf.j2
index 8b119f5..c9b084a 100644
--- a/roles/mail/templates/dovecot/local.conf.j2
+++ b/roles/mail/templates/dovecot/local.conf.j2
@@ -1,6 +1,6 @@
 auth_mechanisms = plain login
 auth_verbose = yes
-auth_debug=yes
+auth_debug = yes
 disable_plaintext_auth = yes
 
 mail_debug = yes
@@ -34,10 +34,14 @@ userdb {
 
 service auth {
   unix_listener /var/spool/postfix/private/auth {
-    mode = 0666
+    mode = 0660
     user = postfix
     group = postfix
   }
+  unix_listener auth-master {
+    user = vmail
+    mode = 0600
+  }
 }
 
 service imap-login {
@@ -59,6 +63,7 @@ service managesieve-login {
 }
 
 protocol lda {
+  auth_socket_path = /var/run/dovecot/auth-master
   mail_plugins = sieve
   log_path = /var/log/dovecot/deliver.log
   info_log_path = /var/log/dovecot/deliver.log