[Dovecot](http://www.dovecot.org/) with imap, starttls, oauth2 proxy auth and sieve rules.

Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for example if you have a redirect sieve rule).


```
create table if not exists virtual_domains (
	id serial primary key, 
	name text not null
);

create table if not exists virtual_users (
	id serial primary key, 
	domain_id integer not null references virtual_domains(id),
	email text not null
);


create table if not exists virtual_aliases (
	id serial primary key, 
	domain_id integer not null references virtual_domains(id),
	source text not null,
	destination text not null
);
```

# Volumes
- `/var/lib/vmail/mail`

# Environment Variables
## HOSTNAME
Fully qualified name of the mail host.

## GRANT_URL
OAuth2 url for token grants (password grant type).

## INTROSPECTION_URL
OAuth2 url for token information.

## USER_URL
OAuth2 url for getting available users, the username will be appended to the end.

## CLIENT_ID
Id of the OAuth2 application.

## CLIENT_SECRET
Secret of the OAuth2 application.

## OAUTH_ADMIN_USER
User with which to perform user lookups (does not have to be an admin, but needs enough rights for that).

## OAUTH_ADMIN_PASSWORD
Password for the `OAUTH_ADMIN_USER`.

## SSMTP_MAIL_RELAY
Hostname and port for the used smtp relay (for example `mail.example.com:587`).

## SSMTP_USER
User to authenticate agains the smtp relay.

## SSMTP_PASSWORD
Password to authenticate agains the smtp relay.

## SSMTP_AUTH_METHOD
- default: LOGIN

Which authentication mechanism to use for the smtp relay.

## SSMTP_USE_STARTTLS
- default: yes

Whether to use starttls for the smtp relay.

## ALLOWED_USERNAME_CHARS
- default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

List of characters allowed in a username.

## AUTH_MECHANISMS
- default: plain

Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).

## SSL_MIN_PROTOCOL
- default: TLSv1.2

Ssl minimum protocol version.

## SSL_CIPHERLIST
- default: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Colon seperated list of supported ciphers (`!`disables a cipher).

Go [here](https://www.openssl.org/docs/manmaster/man1/ciphers.html) for a list
of ciphers.

## IMAP_MAX_USER_CONNECTIONS
- default: 10

Maximum number of connections from the same user + ip.

# Ports
- 143

# Capabilities
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- SETGID
- SETUID
- SYS_CHROOT