[Dovecot](http://www.dovecot.org/) with imap, starttls, oauth2 proxy auth and
sieve rules.

Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for
example if you have a redirect sieve rule).

Reuses the same database schema as the {postfix container](/container/postfix).

# Volumes

- `/var/lib/vmail/mail`

# Environment Variables

## HOSTNAME

Fully qualified name of the mail host.

## GRANT_URL

OAuth2 url for token grants (password grant type).

## INTROSPECTION_URL

OAuth2 url for token information. Must include client id and client secret in
basic auth format.

## TOKENINFO_URL

OAuth2 url for requestion information about a token. Must include client id and
client secret in basic auth format.

## DB_HOST

Postgre database host.

## DB_USER

User to connect to the database.

## DB_PW

Password to use for the database user.

## DB_NAME

- default: email

Name of the postgre database to connect to.

## SSMTP_MAIL_RELAY

Hostname and port for the used smtp relay (for example `mail.example.com:587`).

## SSMTP_USER

User to authenticate agains the smtp relay.

## SSMTP_PASSWORD

Password to authenticate agains the smtp relay.

## SSMTP_AUTH_METHOD

- default: LOGIN

Which authentication mechanism to use for the smtp relay.

## SSMTP_USE_STARTTLS

- default: yes

Whether to use starttls for the smtp relay.

## ALLOWED_USERNAME_CHARS

- default:
  äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

List of characters allowed in a username.

## AUTH_MECHANISMS

- default: plain

Space seperated list of supported
[authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).

## SSL_MIN_PROTOCOL

- default: TLSv1.2

Ssl minimum protocol version.

## SSL_CIPHERLIST

- default:
  ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Colon seperated list of supported ciphers (`!`disables a cipher).

Go [here](https://www.openssl.org/docs/manmaster/man1/ciphers.html) for a list
of ciphers.

## IMAP_MAX_USER_CONNECTIONS

- default: 10

Maximum number of connections from the same user + ip.

# Ports

- 143

# Capabilities

- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- SETGID
- SETUID
- SYS_CHROOT