[Dovecot](http://www.dovecot.org/) with imap, starttls, ldap authentication, sieve rules in ldap.

Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for example if you have a redirect sieve rule).

## Volumes
- `/var/lib/vmail/mail`
- `/etc/ssl/mail:ro`: certificates have to be here.

## Environment Variables
### HOSTNAME
Fully qualified name of the mail host.

### SSMTP_MAIL_RELAY
Hostname and port for the used smtp relay (for example `mail.example.com:587`).

### SSMTP_USER
User to authenticate agains the smtp relay.

### SSMTP_PASSWORD
Password to authenticate agains the smtp relay.

### SSMTP_AUTH_METHOD
- default: LOGIN

Which authentication mechanism to use for the smtp relay.

### SSMTP_USE_STARTTLS
- default: yes

Whether to use starttls for the smtp relay.

### LDAP_URI
Complete uri for the authentication ldap host.

### LDAP_SIEVE_HOST
Has to be the same as `LDAP_URI` but in a different format (like `ldap:389`).

### LDAP_BIND_DN
DN used to authenticate against ldap.

### LDAP_BIND_PASSWORD
Password used to authenticate against ldap.

### LDAP_BASE_DN
Base DN to look for users on the ldap host.

### LDAP_SCOPE
- default: subtree

Search scope of ldap queries.

### LDAP_USER_FILTER

### LDAP_PASS_FILTER
Specifies the filter on how user is found on the ldap host.  
[Dovecot variables](http://wiki2.dovecot.org/Variables) can be used.

### LDAP_USER_ATTRIBUTE
- default: cn

The ldap attribute which stands for the username.

### LDAP_PASSWORD_ATTRIBUTE
- default: userPassword

The ldap attribute which stands for the password.

### LDAP_SIEVE_ATTRIBUTE
- default: sieve

The ldap attribute which contains the sieve rules.

### LDAP_USE_TLS
- default: yes

Whether to use tls when connecting to the ldap host.

### LDAP_DEFAULT_PASSSCHEME
- default: SSHA

Default password scheme used on the ldap host.

### ALLOWED_USERNAME_CHARS
- default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

List of characters allowed in a username.

### AUTH_MECHANISMS
- default: plain login

Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).

### CERTNAME
- default: fullchain.pem

Name of the certificate file.

### Keyname
- default: privkey.pem

Name of the key file.

### SSL_DH_LENGTH
- default: 2048

Length of the Diffie-Helman key in bits.

### SSL_PROTOCOLS
- default: !SSLv2 !SSLv3

Space seperated list of allowed ssl protocols (`!`disables a protocol).

### SSL_CIPHERLIST
- default: ALL:!ADH:!LOW:!SSLv2:!EXP:!aNULL:!RC4:+HIGH:+MEDIUM

Colon seperated list of supported ciphers (`!`disables a cipher).

### IMAP_MAX_USER_CONNECTIONS
- default: 10

Maximum number of connections from the same user + ip.

## Ports
- 143

## Capabilities
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- SETGID
- SETUID