diff --git a/admin_configfiles.php b/admin_configfiles.php
index 0283ba1d1..222f96ccf 100644
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -74,7 +74,7 @@
                 foreach ($daemons as $di => $dd) {
                     $title = $dd->title;
                     if ($dd->default) {
-                        $title = $title." ".$lng['panel']['default'];
+                        $title = $title." (".strtolower($lng['panel']['default']).")";
                     }
                     $daemons_select .= makeoption($title, $di);
                 }
diff --git a/lib/configfiles/wheezy.xml b/lib/configfiles/wheezy.xml
index 6136a207c..e659ac74b 100644
--- a/lib/configfiles/wheezy.xml
+++ b/lib/configfiles/wheezy.xml
@@ -2459,12 +2459,15 @@ sql_select: SELECT password FROM mail_users WHERE username='%u@%r' OR email='%u@
 			</service>
 			<!-- IMAP/POP3 services -->
 			<service type="mail" title="{{lng.admin.configfiles.mail}}">
-				<!-- Dovecot -->
-				<daemon name="dovecot" version="2" title="Dovecot" default="true">
-					<install><![CDATA[apt-get install dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-managesieved dovecot-sieve]]></install>
-					<file name="/etc/dovecot/dovecot.conf" chown="root:root"
-						chmod="0640" backup="true">
-						<content><![CDATA[
+				<!-- valid for both dovecots -->
+				<general>
+					<installs index="1">
+						<install><![CDATA[apt-get install dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-managesieved dovecot-sieve]]></install>
+					</installs>
+					<files index="1">
+						<file name="/etc/dovecot/dovecot.conf" chown="root:root"
+							chmod="0640" backup="true">
+							<content><![CDATA[
 ## Dovecot configuration file
 
 # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
@@ -2564,11 +2567,11 @@ dict {
 # it's not found:
 !include_try local.conf
 ]]>
-						</content>
-					</file>
-					<file name="/etc/dovecot/dovecot-sql.conf.ext" chown="root:root"
-						chmod="0600" backup="true">
-						<content><![CDATA[
+							</content>
+						</file>
+						<file name="/etc/dovecot/dovecot-sql.conf.ext" chown="root:root"
+							chmod="0600" backup="true">
+							<content><![CDATA[
 # This file is opened as root, so it should be owned by root and mode 0600.
 #
 # http://wiki2.dovecot.org/AuthDatabase/SQL
@@ -2708,11 +2711,11 @@ password_query = SELECT username AS user, password_enc AS password, CONCAT(homed
 # Query to get a list of all usernames.
 #iterate_query = SELECT username AS user FROM users
 ]]>
-						</content>
-					</file>
-					<file name="/etc/dovecot/conf.d/10-auth.conf" chown="root:0"
-						chmod="0640" backup="true">
-						<content><![CDATA[
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/10-auth.conf" chown="root:0"
+							chmod="0640" backup="true">
+							<content><![CDATA[
 ##
 ## Authentication processes
 ##
@@ -2841,191 +2844,572 @@ auth_mechanisms = plain login
 #!include auth-vpopmail.conf.ext
 #!include auth-static.conf.ext
 ]]>
-						</content>
-					</file>
-					<file name="/etc/dovecot/conf.d/10-mail.conf" chown="root:0"
-						chmod="0640" backup="true">
-						<content><![CDATA[
-##
-## Mailbox locations and namespaces
-##
-
-# Location for users' mailboxes. The default is empty, which means that Dovecot
-# tries to find the mailboxes automatically. This won't work if the user
-# doesn't yet have any mail, so you should explicitly tell Dovecot the full
-# location.
-#
-# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
-# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
-# kept. This is called the "root mail directory", and it must be the first
-# path given in the mail_location setting.
-#
-# There are a few special variables you can use, eg.:
-#
-#   %u - username
-#   %n - user part in user@domain, same as %u if there's no domain
-#   %d - domain part in user@domain, empty if there's no domain
-#   %h - home directory
-#
-# See doc/wiki/Variables.txt for full list. Some examples:
-#
-#   mail_location = maildir:~/Maildir
-#   mail_location = mbox:~/mail:INBOX=/var/mail/%u
-#   mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
-#
-# <doc/wiki/MailLocation.txt>
-#
-mail_location = mbox:~/mail:INBOX=/var/mail/%u
-
-# If you need to set multiple mailbox locations or want to change default
-# namespace settings, you can do it by defining namespace sections.
-#
-# You can have private, shared and public namespaces. Private namespaces
-# are for user's personal mails. Shared namespaces are for accessing other
-# users' mailboxes that have been shared. Public namespaces are for shared
-# mailboxes that are managed by sysadmin. If you create any shared or public
-# namespaces you'll typically want to enable ACL plugin also, otherwise all
-# users can access all the shared mailboxes, assuming they have permissions
-# on filesystem level to do so.
-namespace inbox {
-  # Namespace type: private, shared or public
-  #type = private
+							</content>
+						</file>
+						<file name="/etc/dovecot/dovecot.conf" chown="root:root"
+							chmod="0640" backup="true">
+							<content><![CDATA[
+## Dovecot configuration file
 
-  # Hierarchy separator to use. You should use the same separator for all
-  # namespaces or some clients get confused. '/' is usually a good one.
-  # The default however depends on the underlying mail storage format.
-  #separator = 
+# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
 
-  # Prefix required to access this namespace. This needs to be different for
-  # all namespaces. For example "Public/".
-  #prefix = 
+# "doveconf -n" command gives a clean output of the changed settings. Use it
+# instead of copy&pasting files when posting to the Dovecot mailing list.
 
-  # Physical location of the mailbox. This is in same format as
-  # mail_location, which is also the default for it.
-  #location =
+# '#' character and everything after it is treated as comments. Extra spaces
+# and tabs are ignored. If you want to use either of these explicitly, put the
+# value inside quotes, eg.: key = "# char and trailing whitespace  "
 
-  # There can be only one INBOX, and this setting defines which namespace
-  # has it.
-  inbox = yes
+# Default values are shown for each setting, it's not required to uncomment
+# those. These are exceptions to this though: No sections (e.g. namespace {})
+# or plugin settings are added by default, they're listed only as examples.
+# Paths are also just examples with the real defaults being based on configure
+# options. The paths listed here are for configure --prefix=/usr
+# --sysconfdir=/etc --localstatedir=/var
 
-  # If namespace is hidden, it's not advertised to clients via NAMESPACE
-  # extension. You'll most likely also want to set list=no. This is mostly
-  # useful when converting from another server with different namespaces which
-  # you want to deprecate but still keep working. For example you can create
-  # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
-  #hidden = no
+# Enable installed protocols
+!include_try /usr/share/dovecot/protocols.d/*.protocol
 
-  # Show the mailboxes under this namespace with LIST command. This makes the
-  # namespace visible for clients that don't support NAMESPACE extension.
-  # "children" value lists child mailboxes, but hides the namespace prefix.
-  #list = yes
+# A comma separated list of IPs or hosts where to listen in for connections. 
+# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
+# If you want to specify non-default ports or anything more complex,
+# edit conf.d/master.conf.
+#listen = *, ::
 
-  # Namespace handles its own subscriptions. If set to "no", the parent
-  # namespace handles them (empty prefix should always have this as "yes")
-  #subscriptions = yes
-}
+# Base directory where to store runtime data.
+#base_dir = /var/run/dovecot/
 
-# Example shared namespace configuration
-#namespace {
-  #type = shared
-  #separator = /
+# Name of this instance. In multi-instance setup doveadm and other commands
+# can use -i <instance_name> to select which instance is used (an alternative
+# to -c <config_path>). The instance name is also added to Dovecot processes
+# in ps output.
+#instance_name = dovecot
 
-  # Mailboxes are visible under "shared/user@domain/"
-  # %%n, %%d and %%u are expanded to the destination user.
-  #prefix = shared/%%u/
+# Greeting message for clients.
+#login_greeting = Dovecot ready.
 
-  # Mail location for other users' mailboxes. Note that %variables and ~/
-  # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
-  # destination user's data.
-  #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
+# Space separated list of trusted network ranges. Connections from these
+# IPs are allowed to override their IP addresses and ports (for logging and
+# for authentication checks). disable_plaintext_auth is also ignored for
+# these networks. Typically you'd specify your IMAP proxy servers here.
+#login_trusted_networks =
 
-  # Use the default namespace for saving subscriptions.
-  #subscriptions = no
+# Sepace separated list of login access check sockets (e.g. tcpwrap)
+#login_access_sockets = 
 
-  # List the shared/ namespace only if there are visible shared mailboxes.
-  #list = children
-#}
-# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
-#mail_shared_explicit_inbox = yes
+# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
+# proxying. This isn't necessary normally, but may be useful if the destination
+# IP is e.g. a load balancer's IP.
+#auth_proxy_self =
 
-# System user and group used to access mails. If you use multiple, userdb
-# can override these by returning uid or gid fields. You can use either numbers
-# or names. <doc/wiki/UserIds.txt>
-#mail_uid =
-#mail_gid =
+# Show more verbose process titles (in ps). Currently shows user name and
+# IP address. Useful for seeing who are actually using the IMAP processes
+# (eg. shared mailboxes or if same uid is used for multiple accounts).
+#verbose_proctitle = no
 
-# Group to enable temporarily for privileged operations. Currently this is
-# used only with INBOX when either its initial creation or dotlocking fails.
-# Typically this is set to "mail" to give access to /var/mail.
-#mail_privileged_group =
+# Should all processes be killed when Dovecot master process shuts down.
+# Setting this to "no" means that Dovecot can be upgraded without
+# forcing existing client connections to close (although that could also be
+# a problem if the upgrade is e.g. because of a security fix).
+#shutdown_clients = yes
 
-# Grant access to these supplementary groups for mail processes. Typically
-# these are used to set up access to shared mailboxes. Note that it may be
-# dangerous to set these if users can create symlinks (e.g. if "mail" group is
-# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
-# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
-mail_access_groups = vmail
+# If non-zero, run mail commands via this many connections to doveadm server,
+# instead of running them directly in the same process.
+#doveadm_worker_count = 0
+# UNIX socket or host:port used for connecting to doveadm server
+#doveadm_socket_path = doveadm-server
 
-# Allow full filesystem access to clients. There's no access checks other than
-# what the operating system does for the active UID/GID. It works with both
-# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
-# or ~user/.
-#mail_full_filesystem_access = no
+# Space separated list of environment variables that are preserved on Dovecot
+# startup and passed down to all of its child processes. You can also give
+# key=value pairs to always set specific settings.
+#import_environment = TZ
 
 ##
-## Mail processes
+## Dictionary server settings
 ##
 
-# Don't use mmap() at all. This is required if you store indexes to shared
-# filesystems (NFS or clustered filesystem).
-#mmap_disable = no
-
-# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
-# since version 3, so this should be safe to use nowadays by default.
-#dotlock_use_excl = yes
-
-# When to use fsync() or fdatasync() calls:
-#   optimized (default): Whenever necessary to avoid losing important data
-#   always: Useful with e.g. NFS when write()s are delayed
-#   never: Never use it (best performance, but crashes can lose data)
-#mail_fsync = optimized
-
-# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches
-# whenever needed. If you're using only a single mail server this isn't needed.
-#mail_nfs_storage = no
-# Mail index files also exist in NFS. Setting this to yes requires
-# mmap_disable=yes and fsync_disable=no.
-#mail_nfs_index = no
-
-# Locking method for index files. Alternatives are fcntl, flock and dotlock.
-# Dotlocking uses some tricks which may create more disk I/O than other locking
-# methods. NFS users: flock doesn't work, remember to change mmap_disable.
-#lock_method = fcntl
-
-# Directory in which LDA/LMTP temporarily stores incoming mails >128 kB.
-#mail_temp_dir = /tmp
-
-# Valid UID range for users, defaults to 500 and above. This is mostly
-# to make sure that users can't log in as daemons or other system users.
-# Note that denying root logins is hardcoded to dovecot binary and can't
-# be done even if first_valid_uid is set to 0.
-#first_valid_uid = 500
-#last_valid_uid = 0
+# Dictionary can be used to store key=value lists. This is used by several
+# plugins. The dictionary can be accessed either directly or though a
+# dictionary server. The following dict block maps dictionary names to URIs
+# when the server is used. These can then be referenced using URIs in format
+# "proxy::<name>".
 
-# Valid GID range for users, defaults to non-root/wheel. Users having
-# non-valid GID as primary group ID aren't allowed to log in. If user
-# belongs to supplementary groups with non-valid GIDs, those groups are
-# not set.
-#first_valid_gid = 1
-#last_valid_gid = 0
+dict {
+  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
+  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
+}
 
-# Maximum allowed length for mail keyword name. It's only forced when trying
-# to create new keywords.
-#mail_max_keyword_length = 50
+# Most of the actual configuration gets included below. The filenames are
+# first sorted by their ASCII value and parsed in that order. The 00-prefixes
+# in filenames are intended to make it easier to understand the ordering.
+!include conf.d/*.conf
 
-# ':' separated list of directories under which chrooting is allowed for mail
-# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
-# This setting doesn't affect login_chroot, mail_chroot or auth chroot
+# A config file can also tried to be included without giving an error if
+# it's not found:
+!include_try local.conf
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/dovecot-sql.conf.ext" chown="root:root"
+							chmod="0600" backup="true">
+							<content><![CDATA[
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# http://wiki2.dovecot.org/AuthDatabase/SQL
+#
+# For the sql passdb module, you'll need a database with a table that
+# contains fields for at least the username and password. If you want to
+# use the user@domain syntax, you might want to have a separate domain
+# field as well.
+#
+# If your users all have the same uig/gid, and have predictable home
+# directories, you can use the static userdb module to generate the home
+# dir based on the username and domain. In this case, you won't need fields
+# for home, uid, or gid in the database.
+#
+# If you prefer to use the sql userdb module, you'll want to add fields
+# for home, uid, and gid. Here is an example table:
+#
+# CREATE TABLE users (
+#     username VARCHAR(128) NOT NULL,
+#     domain VARCHAR(128) NOT NULL,
+#     password VARCHAR(64) NOT NULL,
+#     home VARCHAR(255) NOT NULL,
+#     uid INTEGER NOT NULL,
+#     gid INTEGER NOT NULL,
+#     active CHAR(1) DEFAULT 'Y' NOT NULL
+# );
+
+# Database driver: mysql, pgsql, sqlite
+driver = mysql 
+
+# Database connection string. This is driver-specific setting.
+#
+# HA / round-robin load-balancing is supported by giving multiple host
+# settings, like: host=sql1.host.org host=sql2.host.org
+#
+# pgsql:
+#   For available options, see the PostgreSQL documention for the
+#   PQconnectdb function of libpq.
+#   Use maxconns=n (default 5) to change how many connections Dovecot can
+#   create to pgsql.
+#
+# mysql:
+#   Basic options emulate PostgreSQL option names:
+#     host, port, user, password, dbname
+#
+#   But also adds some new settings:
+#     client_flags        - See MySQL manual
+#     ssl_ca, ssl_ca_path - Set either one or both to enable SSL
+#     ssl_cert, ssl_key   - For sending client-side certificates to server
+#     ssl_cipher          - Set minimum allowed cipher security (default: HIGH)
+#     option_file         - Read options from the given file instead of
+#                           the default my.cnf location
+#     option_group        - Read options from the given group (default: client)
+# 
+#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
+#   Note that currently you can't use spaces in parameters.
+#
+# sqlite:
+#   The path to the database file.
+#
+# Examples:
+#   connect = host=192.168.1.1 dbname=users
+#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
+#   connect = /etc/dovecot/authdb.sqlite
+#
+connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
+
+# Default password scheme.
+#
+# List of supported schemes is in
+# http://wiki2.dovecot.org/Authentication/PasswordSchemes
+#
+default_pass_scheme = CRYPT
+
+# passdb query to retrieve the password. It can return fields:
+#   password - The user's password. This field must be returned.
+#   user - user@domain from the database. Needed with case-insensitive lookups.
+#   username and domain - An alternative way to represent the "user" field.
+#
+# The "user" field is often necessary with case-insensitive lookups to avoid
+# e.g. "name" and "nAme" logins creating two different mail directories. If
+# your user and domain names are in separate fields, you can return "username"
+# and "domain" fields instead of "user".
+#
+# The query can also return other fields which have a special meaning, see
+# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
+#
+# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
+# for full list):
+#   %u = entire user@domain
+#   %n = user part of user@domain
+#   %d = domain part of user@domain
+# 
+# Note that these can be used only as input to SQL query. If the query outputs
+# any of these substitutions, they're not touched. Otherwise it would be
+# difficult to have eg. usernames containing '%' characters.
+#
+# Example:
+#   password_query = SELECT userid AS user, pw AS password \
+#     FROM users WHERE userid = '%u' AND active = 'Y'
+#
+#password_query = \
+#  SELECT username, domain, password \
+#  FROM users WHERE username = '%n' AND domain = '%d'
+
+# userdb query to retrieve the user information. It can return fields:
+#   uid - System UID (overrides mail_uid setting)
+#   gid - System GID (overrides mail_gid setting)
+#   home - Home directory
+#   mail - Mail location (overrides mail_location setting)
+#
+# None of these are strictly required. If you use a single UID and GID, and
+# home or mail directory fits to a template string, you could use userdb static
+# instead. For a list of all fields that can be returned, see
+# http://wiki2.dovecot.org/UserDatabase/ExtraFields
+#
+# Examples:
+#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
+#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
+#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
+#
+#user_query = \
+#  SELECT home, uid, gid \
+#  FROM users WHERE username = '%n' AND domain = '%d'
+user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', (quota*1024)) as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
+
+# If you wish to avoid two SQL lookups (passdb + userdb), you can use
+# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
+# also have to return userdb fields in password_query prefixed with "userdb_"
+# string. For example:
+#password_query = \
+#  SELECT userid AS user, password, \
+#    home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
+#  FROM users WHERE userid = '%u'
+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
+
+# Query to get a list of all usernames.
+#iterate_query = SELECT username AS user FROM users
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/10-auth.conf" chown="root:0"
+							chmod="0640" backup="true">
+							<content><![CDATA[
+##
+## Authentication processes
+##
+
+# Disable LOGIN command and all other plaintext authentications unless
+# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
+# matches the local IP (ie. you're connecting from the same computer), the
+# connection is considered secure and plaintext authentication is allowed.
+disable_plaintext_auth = no
+
+# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
+# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
+#auth_cache_size = 0
+# Time to live for cached data. After TTL expires the cached record is no
+# longer used, *except* if the main database lookup returns internal failure.
+# We also try to handle password changes automatically: If user's previous
+# authentication was successful, but this one wasn't, the cache isn't used.
+# For now this works only with plaintext authentication.
+#auth_cache_ttl = 1 hour
+# TTL for negative hits (user not found, password mismatch).
+# 0 disables caching them completely.
+#auth_cache_negative_ttl = 1 hour
+
+# Space separated list of realms for SASL authentication mechanisms that need
+# them. You can leave it empty if you don't want to support multiple realms.
+# Many clients simply use the first one listed here, so keep the default realm
+# first.
+#auth_realms =
+
+# Default realm/domain to use if none was specified. This is used for both
+# SASL realms and appending @domain to username in plaintext logins.
+#auth_default_realm = 
+
+# List of allowed characters in username. If the user-given username contains
+# a character not listed in here, the login automatically fails. This is just
+# an extra check to make sure user can't exploit any potential quote escaping
+# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
+# set this value to empty.
+#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+
+# Username character translations before it's looked up from databases. The
+# value contains series of from -> to characters. For example "#@/@" means
+# that '#' and '/' characters are translated to '@'.
+#auth_username_translation =
+
+# Username formatting before it's looked up from databases. You can use
+# the standard variables here, eg. %Lu would lowercase the username, %n would
+# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
+# "-AT-". This translation is done after auth_username_translation changes.
+#auth_username_format = %Lu
+
+# If you want to allow master users to log in by specifying the master
+# username within the normal username string (ie. not using SASL mechanism's
+# support for it), you can specify the separator character here. The format
+# is then <username><separator><master username>. UW-IMAP uses "*" as the
+# separator, so that could be a good choice.
+#auth_master_user_separator =
+
+# Username to use for users logging in with ANONYMOUS SASL mechanism
+#auth_anonymous_username = anonymous
+
+# Maximum number of dovecot-auth worker processes. They're used to execute
+# blocking passdb and userdb queries (eg. MySQL and PAM). They're
+# automatically created and destroyed as needed.
+#auth_worker_max_count = 30
+
+# Host name to use in GSSAPI principal names. The default is to use the
+# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
+# entries.
+#auth_gssapi_hostname =
+
+# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
+# default (usually /etc/krb5.keytab) if not specified. You may need to change
+# the auth service to run as root to be able to read this file.
+#auth_krb5_keytab = 
+
+# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
+# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
+#auth_use_winbind = no
+
+# Path for Samba's ntlm_auth helper binary.
+#auth_winbind_helper_path = /usr/bin/ntlm_auth
+
+# Time to delay before replying to failed authentications.
+#auth_failure_delay = 2 secs
+
+# Require a valid SSL client certificate or the authentication fails.
+#auth_ssl_require_client_cert = no
+
+# Take the username from client's SSL certificate, using 
+# X509_NAME_get_text_by_NID() which returns the subject's DN's
+# CommonName. 
+#auth_ssl_username_from_cert = no
+
+# Space separated list of wanted authentication mechanisms:
+#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
+#   gss-spnego
+# NOTE: See also disable_plaintext_auth setting.
+auth_mechanisms = plain login
+
+##
+## Password and user databases
+##
+
+#
+# Password database is used to verify user's password (and nothing more).
+# You can have multiple passdbs and userdbs. This is useful if you want to
+# allow both system users (/etc/passwd) and virtual users to login without
+# duplicating the system users into virtual database.
+#
+# <doc/wiki/PasswordDatabase.txt>
+#
+# User database specifies where mails are located and what user/group IDs
+# own them. For single-UID configuration use "static" userdb.
+#
+# <doc/wiki/UserDatabase.txt>
+
+#!include auth-deny.conf.ext
+#!include auth-master.conf.ext
+
+#!include auth-system.conf.ext
+!include auth-sql.conf.ext
+#!include auth-ldap.conf.ext
+#!include auth-passwdfile.conf.ext
+#!include auth-checkpassword.conf.ext
+#!include auth-vpopmail.conf.ext
+#!include auth-static.conf.ext
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/10-mail.conf" chown="root:0"
+							chmod="0640" backup="true">
+							<content><![CDATA[
+##
+## Mailbox locations and namespaces
+##
+
+# Location for users' mailboxes. The default is empty, which means that Dovecot
+# tries to find the mailboxes automatically. This won't work if the user
+# doesn't yet have any mail, so you should explicitly tell Dovecot the full
+# location.
+#
+# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
+# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
+# kept. This is called the "root mail directory", and it must be the first
+# path given in the mail_location setting.
+#
+# There are a few special variables you can use, eg.:
+#
+#   %u - username
+#   %n - user part in user@domain, same as %u if there's no domain
+#   %d - domain part in user@domain, empty if there's no domain
+#   %h - home directory
+#
+# See doc/wiki/Variables.txt for full list. Some examples:
+#
+#   mail_location = maildir:~/Maildir
+#   mail_location = mbox:~/mail:INBOX=/var/mail/%u
+#   mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
+#
+# <doc/wiki/MailLocation.txt>
+#
+mail_location = mbox:~/mail:INBOX=/var/mail/%u
+
+# If you need to set multiple mailbox locations or want to change default
+# namespace settings, you can do it by defining namespace sections.
+#
+# You can have private, shared and public namespaces. Private namespaces
+# are for user's personal mails. Shared namespaces are for accessing other
+# users' mailboxes that have been shared. Public namespaces are for shared
+# mailboxes that are managed by sysadmin. If you create any shared or public
+# namespaces you'll typically want to enable ACL plugin also, otherwise all
+# users can access all the shared mailboxes, assuming they have permissions
+# on filesystem level to do so.
+namespace inbox {
+  # Namespace type: private, shared or public
+  #type = private
+
+  # Hierarchy separator to use. You should use the same separator for all
+  # namespaces or some clients get confused. '/' is usually a good one.
+  # The default however depends on the underlying mail storage format.
+  #separator = 
+
+  # Prefix required to access this namespace. This needs to be different for
+  # all namespaces. For example "Public/".
+  #prefix = 
+
+  # Physical location of the mailbox. This is in same format as
+  # mail_location, which is also the default for it.
+  #location =
+
+  # There can be only one INBOX, and this setting defines which namespace
+  # has it.
+  inbox = yes
+
+  # If namespace is hidden, it's not advertised to clients via NAMESPACE
+  # extension. You'll most likely also want to set list=no. This is mostly
+  # useful when converting from another server with different namespaces which
+  # you want to deprecate but still keep working. For example you can create
+  # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
+  #hidden = no
+
+  # Show the mailboxes under this namespace with LIST command. This makes the
+  # namespace visible for clients that don't support NAMESPACE extension.
+  # "children" value lists child mailboxes, but hides the namespace prefix.
+  #list = yes
+
+  # Namespace handles its own subscriptions. If set to "no", the parent
+  # namespace handles them (empty prefix should always have this as "yes")
+  #subscriptions = yes
+}
+
+# Example shared namespace configuration
+#namespace {
+  #type = shared
+  #separator = /
+
+  # Mailboxes are visible under "shared/user@domain/"
+  # %%n, %%d and %%u are expanded to the destination user.
+  #prefix = shared/%%u/
+
+  # Mail location for other users' mailboxes. Note that %variables and ~/
+  # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
+  # destination user's data.
+  #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
+
+  # Use the default namespace for saving subscriptions.
+  #subscriptions = no
+
+  # List the shared/ namespace only if there are visible shared mailboxes.
+  #list = children
+#}
+# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
+#mail_shared_explicit_inbox = yes
+
+# System user and group used to access mails. If you use multiple, userdb
+# can override these by returning uid or gid fields. You can use either numbers
+# or names. <doc/wiki/UserIds.txt>
+#mail_uid =
+#mail_gid =
+
+# Group to enable temporarily for privileged operations. Currently this is
+# used only with INBOX when either its initial creation or dotlocking fails.
+# Typically this is set to "mail" to give access to /var/mail.
+#mail_privileged_group =
+
+# Grant access to these supplementary groups for mail processes. Typically
+# these are used to set up access to shared mailboxes. Note that it may be
+# dangerous to set these if users can create symlinks (e.g. if "mail" group is
+# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
+# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
+mail_access_groups = vmail
+
+# Allow full filesystem access to clients. There's no access checks other than
+# what the operating system does for the active UID/GID. It works with both
+# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
+# or ~user/.
+#mail_full_filesystem_access = no
+
+##
+## Mail processes
+##
+
+# Don't use mmap() at all. This is required if you store indexes to shared
+# filesystems (NFS or clustered filesystem).
+#mmap_disable = no
+
+# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
+# since version 3, so this should be safe to use nowadays by default.
+#dotlock_use_excl = yes
+
+# When to use fsync() or fdatasync() calls:
+#   optimized (default): Whenever necessary to avoid losing important data
+#   always: Useful with e.g. NFS when write()s are delayed
+#   never: Never use it (best performance, but crashes can lose data)
+#mail_fsync = optimized
+
+# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches
+# whenever needed. If you're using only a single mail server this isn't needed.
+#mail_nfs_storage = no
+# Mail index files also exist in NFS. Setting this to yes requires
+# mmap_disable=yes and fsync_disable=no.
+#mail_nfs_index = no
+
+# Locking method for index files. Alternatives are fcntl, flock and dotlock.
+# Dotlocking uses some tricks which may create more disk I/O than other locking
+# methods. NFS users: flock doesn't work, remember to change mmap_disable.
+#lock_method = fcntl
+
+# Directory in which LDA/LMTP temporarily stores incoming mails >128 kB.
+#mail_temp_dir = /tmp
+
+# Valid UID range for users, defaults to 500 and above. This is mostly
+# to make sure that users can't log in as daemons or other system users.
+# Note that denying root logins is hardcoded to dovecot binary and can't
+# be done even if first_valid_uid is set to 0.
+#first_valid_uid = 500
+#last_valid_uid = 0
+
+# Valid GID range for users, defaults to non-root/wheel. Users having
+# non-valid GID as primary group ID aren't allowed to log in. If user
+# belongs to supplementary groups with non-valid GIDs, those groups are
+# not set.
+#first_valid_gid = 1
+#last_valid_gid = 0
+
+# Maximum allowed length for mail keyword name. It's only forced when trying
+# to create new keywords.
+#mail_max_keyword_length = 50
+
+# ':' separated list of directories under which chrooting is allowed for mail
+# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
+# This setting doesn't affect login_chroot, mail_chroot or auth chroot
 # settings. If this setting is empty, "/./" in home dirs are ignored.
 # WARNING: Never add directories here which local users can modify, that
 # may lead to root exploit. Usually this should be done only if you don't
@@ -3202,151 +3586,18 @@ mail_access_groups = vmail
 #  posix : No SiS done by Dovecot (but this might help FS's own deduplication)
 #  sis posix : SiS with immediate byte-by-byte comparison during saving
 #  sis-queue posix : SiS with delayed comparison and deduplication
-#mail_attachment_fs = sis posix
-
-# Hash format to use in attachment filenames. You can add any text and
-# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
-# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
-#mail_attachment_hash = %{sha1}
-]]>
-						</content>
-					</file>
-					<file name="/etc/dovecot/conf.d/10-master.conf" chown="root:0"
-						chmod="0640" backup="true">
-						<content><![CDATA[
-#default_process_limit = 100
-#default_client_limit = 1000
-
-# Default VSZ (virtual memory size) limit for service processes. This is mainly
-# intended to catch and kill processes that leak memory before they eat up
-# everything.
-#default_vsz_limit = 256M
-
-# Login user is internally used by login processes. This is the most untrusted
-# user in Dovecot system. It shouldn't have access to anything at all.
-#default_login_user = dovenull
-
-# Internal user is used by unprivileged processes. It should be separate from
-# login user, so that login processes can't disturb other processes.
-#default_internal_user = dovecot
-
-service imap-login {
-  inet_listener imap {
-    #port = 143
-  }
-  inet_listener imaps {
-    #port = 993
-    #ssl = yes
-  }
-
-  # Number of connections to handle before starting a new process. Typically
-  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
-  # is faster. <doc/wiki/LoginProcess.txt>
-  #service_count = 1
-
-  # Number of processes to always keep waiting for more connections.
-  #process_min_avail = 0
-
-  # If you set service_count=0, you probably need to grow this.
-  #vsz_limit = $default_vsz_limit
-}
-
-service pop3-login {
-  inet_listener pop3 {
-    #port = 110
-  }
-  inet_listener pop3s {
-    #port = 995
-    #ssl = yes
-  }
-}
-
-service lmtp {
-  unix_listener lmtp {
-    #mode = 0666
-  }
-
-  # Create inet listener only if you can't use the above UNIX socket
-  #inet_listener lmtp {
-    # Avoid making LMTP visible for the entire internet
-    #address =
-    #port = 
-  #}
-}
-
-service imap {
-  # Most of the memory goes to mmap()ing files. You may need to increase this
-  # limit if you have huge mailboxes.
-  #vsz_limit = $default_vsz_limit
-
-  # Max. number of IMAP processes (connections)
-  #process_limit = 1024
-}
-
-service pop3 {
-  # Max. number of POP3 processes (connections)
-  #process_limit = 1024
-}
-
-service auth {
-  # auth_socket_path points to this userdb socket by default. It's typically
-  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
-  # full permissions to this socket are able to get a list of all usernames and
-  # get the results of everyone's userdb lookups.
-  #
-  # The default 0666 mode allows anyone to connect to the socket, but the
-  # userdb lookups will succeed only if the userdb returns an "uid" field that
-  # matches the caller process's UID. Also if caller's uid or gid matches the
-  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
-  #
-  # To give the caller full permissions to lookup all users, set the mode to
-  # something else than 0666 and Dovecot lets the kernel enforce the
-  # permissions (e.g. 0777 allows everyone full permissions).
-  unix_listener auth-userdb {
-    #mode = 0666
-    #user = 
-    #group = 
-  }
-
-  # Postfix smtp-auth
-  unix_listener /var/spool/postfix/private/auth {
-    mode = 0660
-    user = postfix 
-    group = postfix  
-  }
-  # Exim4 smtp-auth
-  unix_listener auth-client {
-    mode = 0660
-    user = mail
-    group = Debian-exim
-  }
-
-  # Auth process is run as this user.
-  #user = $default_internal_user
-}
-
-service auth-worker {
-  # Auth worker process is run as root by default, so that it can access
-  # /etc/shadow. If this isn't necessary, the user should be changed to
-  # $default_internal_user.
-  #user = root
-}
-
-service dict {
-  # If dict proxy is used, mail processes should have access to its socket.
-  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
-  unix_listener dict {
-    #mode = 0600
-    #user = 
-    #group = 
-  }
-}
+#mail_attachment_fs = sis posix
+
+# Hash format to use in attachment filenames. You can add any text and
+# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
+# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
+#mail_attachment_hash = %{sha1}
 ]]>
-						</content>
-					</file>
-					<file name="/etc/dovecot/conf.d/15-lda.conf" chown="root:0"
-						chmod="0640" backup="true">
-						<content><![CDATA[
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/15-lda.conf" chown="root:0"
+							chmod="0640" backup="true">
+							<content><![CDATA[
 ##
 ## LDA specific settings (also used by LMTP)
 ##
@@ -3396,11 +3647,11 @@ protocol lda {
   mail_plugins = $mail_plugins quota sieve
 }
 ]]>
-						</content>
-					</file>
-					<file name="/etc/dovecot/conf.d/20-imap.conf" chown="root:0"
-						chmod="0640" backup="true">
-						<content><![CDATA[
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/20-imap.conf" chown="root:0"
+							chmod="0640" backup="true">
+							<content><![CDATA[
 ##
 ## IMAP specific settings
 ##
@@ -3460,11 +3711,11 @@ protocol imap {
   #imap_client_workarounds = 
 }
 ]]>
-						</content>
-					</file>
-					<file name="/etc/dovecot/conf.d/20-managesieve.conf" chown="root:0"
-						chmod="0640" backup="true">
-						<content><![CDATA[
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/20-managesieve.conf" chown="root:0"
+							chmod="0640" backup="true">
+							<content><![CDATA[
 ##
 ## ManageSieve specific settings
 ##
@@ -3539,11 +3790,11 @@ protocol sieve {
   # Sieve execution limits.
 }
 ]]>
-						</content>
-					</file>
-					<file name="/etc/dovecot/conf.d/20-pop3.conf" chown="root:0"
-						chmod="0640" backup="true">
-						<content><![CDATA[
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/20-pop3.conf" chown="root:0"
+							chmod="0640" backup="true">
+							<content><![CDATA[
 ##
 ## POP3 specific settings
 ##
@@ -3618,137 +3869,424 @@ protocol pop3 {
   #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
   pop3_logout_format = in=%i out=%o top=%t/%p retr=%r/%b del=%d/%m size=%s
 
-  # Maximum number of POP3 connections allowed for a user from each IP address.
-  # NOTE: The username is compared case-sensitively.
-  #mail_max_userip_connections = 10
+  # Maximum number of POP3 connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  #mail_max_userip_connections = 10
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  mail_plugins = $mail_plugins quota
+
+  # Workarounds for various client bugs:
+  #   outlook-no-nuls:
+  #     Outlook and Outlook Express hang if mails contain NUL characters.
+  #     This setting replaces them with 0x80 character.
+  #   oe-ns-eoh:
+  #     Outlook Express and Netscape Mail breaks if end of headers-line is
+  #     missing. This option simply sends it if it's missing.
+  # The list is space-separated.
+  #pop3_client_workarounds = 
+}
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-sieve.conf" chown="root:0"
+							chmod="0640" backup="true">
+							<content><![CDATA[
+##
+## Settings for the Sieve interpreter
+##
+
+# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
+# by adding it to the respective mail_plugins= settings.
+
+plugin {
+  # The path to the user's main active script. If ManageSieve is used, this the
+  # location of the symbolic link controlled by ManageSieve.
+  sieve = ~/sieve/.dovecot.sieve
+
+  # The default Sieve script when the user has none. This is a path to a global
+  # sieve script file, which gets executed ONLY if user's private Sieve script
+  # doesn't exist. Be sure to pre-compile this script manually using the sievec
+  # command line tool.
+  # --> See sieve_before fore executing scripts before the user's personal
+  #     script.
+  #sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+  # Directory for :personal include scripts for the include extension. This
+  # is also where the ManageSieve service stores the user's scripts.
+  sieve_dir = ~/sieve
+
+  # Directory for :global include scripts for the include extension.
+  #sieve_global_dir =
+
+  # Path to a script file or a directory containing script files that need to be
+  # executed before the user's script. If the path points to a directory, all
+  # the Sieve scripts contained therein (with the proper .sieve extension) are
+  # executed. The order of execution within a directory is determined by the
+  # file names, using a normal 8bit per-character comparison. Multiple script
+  # file or directory paths can be specified by appending an increasing number.
+  #sieve_before =
+  #sieve_before2 =
+  #sieve_before3 = (etc...)
+
+  # Identical to sieve_before, only the specified scripts are executed after the
+  # user's script (only when keep is still in effect!). Multiple script file or
+  # directory paths can be specified by appending an increasing number.
+  #sieve_after =
+  #sieve_after2 =
+  #sieve_after2 = (etc...)
+
+  # Which Sieve language extensions are available to users. By default, all
+  # supported extensions are available, except for deprecated extensions or
+  # those that are still under development. Some system administrators may want
+  # to disable certain Sieve extensions or enable those that are not available
+  # by default. This setting can use '+' and '-' to specify differences relative
+  # to the default. For example `sieve_extensions = +imapflags' will enable the
+	# deprecated imapflags extension in addition to all extensions were already
+  # enabled by default.
+  #sieve_extensions = +notify +imapflags
+
+  # Which Sieve language extensions are ONLY available in global scripts. This
+  # can be used to restrict the use of certain Sieve extensions to administrator
+  # control, for instance when these extensions can cause security concerns.
+  # This setting has higher precedence than the `sieve_extensions' setting
+  # (above), meaning that the extensions enabled with this setting are never
+  # available to the user's personal script no matter what is specified for the
+  # `sieve_extensions' setting. The syntax of this setting is similar to the
+  # `sieve_extensions' setting, with the difference that extensions are
+  # enabled or disabled for exclusive use in global scripts. Currently, no
+  # extensions are marked as such by default.
+  #sieve_global_extensions =
+
+  # The Pigeonhole Sieve interpreter can have plugins of its own. Using this
+  # setting, the used plugins can be specified. Check the Dovecot wiki
+  # (wiki2.dovecot.org) or the pigeonhole website
+  # (http://pigeonhole.dovecot.org) for available plugins.
+  #sieve_plugins =
+
+  # The separator that is expected between the :user and :detail
+  # address parts introduced by the subaddress extension. This may
+  # also be a sequence of characters (e.g. '--'). The current
+  # implementation looks for the separator from the left of the
+  # localpart and uses the first one encountered. The :user part is
+  # left of the separator and the :detail part is right. This setting
+  # is also used by Dovecot's LMTP service.
+  #recipient_delimiter = +
+
+  # The maximum size of a Sieve script. The compiler will refuse to compile any
+  # script larger than this limit. If set to 0, no limit on the script size is
+  # enforced.
+  #sieve_max_script_size = 1M
+
+  # The maximum number of actions that can be performed during a single script
+  # execution. If set to 0, no limit on the total number of actions is enforced.
+  #sieve_max_actions = 32
+
+  # The maximum number of redirect actions that can be performed during a single
+  # script execution. If set to 0, no redirect actions are allowed.
+  #sieve_max_redirects = 4
+
+  # The maximum number of personal Sieve scripts a single user can have. If set
+  # to 0, no limit on the number of scripts is enforced.
+  # (Currently only relevant for ManageSieve)
+  #sieve_quota_max_scripts = 0
+
+  # The maximum amount of disk storage a single user's scripts may occupy. If
+  # set to 0, no limit on the used amount of disk storage is enforced.
+  # (Currently only relevant for ManageSieve)
+  #sieve_quota_max_storage = 0
+}
+]]>
+							</content>
+						</file>
+					</files>
+					<commands index="1">
+						<command><![CDATA[/etc/init.d/dovecot restart]]></command>
+					</commands>
+				</general>
+				<!-- Dovecot with postfix -->
+				<daemon name="dovecot_postfix" version="2" title="Dovecot with postfix"
+					default="true">
+					<include>//service[@type='mail']/general/installs[@index=1]
+					</include>
+					<include>//service[@type='mail']/general/files[@index=1]
+					</include>
+					<file name="/etc/dovecot/conf.d/10-master.conf" chown="root:0"
+						chmod="0640" backup="true">
+						<content><![CDATA[
+#default_process_limit = 100
+#default_client_limit = 1000
+
+# Default VSZ (virtual memory size) limit for service processes. This is mainly
+# intended to catch and kill processes that leak memory before they eat up
+# everything.
+#default_vsz_limit = 256M
+
+# Login user is internally used by login processes. This is the most untrusted
+# user in Dovecot system. It shouldn't have access to anything at all.
+#default_login_user = dovenull
+
+# Internal user is used by unprivileged processes. It should be separate from
+# login user, so that login processes can't disturb other processes.
+#default_internal_user = dovecot
+
+service imap-login {
+  inet_listener imap {
+    #port = 143
+  }
+  inet_listener imaps {
+    #port = 993
+    #ssl = yes
+  }
+
+  # Number of connections to handle before starting a new process. Typically
+  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+  # is faster. <doc/wiki/LoginProcess.txt>
+  #service_count = 1
+
+  # Number of processes to always keep waiting for more connections.
+  #process_min_avail = 0
+
+  # If you set service_count=0, you probably need to grow this.
+  #vsz_limit = $default_vsz_limit
+}
+
+service pop3-login {
+  inet_listener pop3 {
+    #port = 110
+  }
+  inet_listener pop3s {
+    #port = 995
+    #ssl = yes
+  }
+}
+
+service lmtp {
+  unix_listener lmtp {
+    #mode = 0666
+  }
+
+  # Create inet listener only if you can't use the above UNIX socket
+  #inet_listener lmtp {
+    # Avoid making LMTP visible for the entire internet
+    #address =
+    #port = 
+  #}
+}
+
+service imap {
+  # Most of the memory goes to mmap()ing files. You may need to increase this
+  # limit if you have huge mailboxes.
+  #vsz_limit = $default_vsz_limit
+
+  # Max. number of IMAP processes (connections)
+  #process_limit = 1024
+}
+
+service pop3 {
+  # Max. number of POP3 processes (connections)
+  #process_limit = 1024
+}
+
+service auth {
+  # auth_socket_path points to this userdb socket by default. It's typically
+  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
+  # full permissions to this socket are able to get a list of all usernames and
+  # get the results of everyone's userdb lookups.
+  #
+  # The default 0666 mode allows anyone to connect to the socket, but the
+  # userdb lookups will succeed only if the userdb returns an "uid" field that
+  # matches the caller process's UID. Also if caller's uid or gid matches the
+  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
+  #
+  # To give the caller full permissions to lookup all users, set the mode to
+  # something else than 0666 and Dovecot lets the kernel enforce the
+  # permissions (e.g. 0777 allows everyone full permissions).
+  unix_listener auth-userdb {
+    #mode = 0666
+    #user = 
+    #group = 
+  }
+
+  # Postfix smtp-auth
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0660
+    user = postfix 
+    group = postfix  
+  }
+  # Exim4 smtp-auth
+  unix_listener auth-client {
+    mode = 0660
+    user = mail
+  }
 
-  # Space separated list of plugins to load (default is global mail_plugins).
-  mail_plugins = $mail_plugins quota
+  # Auth process is run as this user.
+  #user = $default_internal_user
+}
 
-  # Workarounds for various client bugs:
-  #   outlook-no-nuls:
-  #     Outlook and Outlook Express hang if mails contain NUL characters.
-  #     This setting replaces them with 0x80 character.
-  #   oe-ns-eoh:
-  #     Outlook Express and Netscape Mail breaks if end of headers-line is
-  #     missing. This option simply sends it if it's missing.
-  # The list is space-separated.
-  #pop3_client_workarounds = 
+service auth-worker {
+  # Auth worker process is run as root by default, so that it can access
+  # /etc/shadow. If this isn't necessary, the user should be changed to
+  # $default_internal_user.
+  #user = root
+}
+
+service dict {
+  # If dict proxy is used, mail processes should have access to its socket.
+  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
+  unix_listener dict {
+    #mode = 0600
+    #user = 
+    #group = 
+  }
 }
 ]]>
 						</content>
 					</file>
-					<file name="/etc/dovecot/conf.d/90-sieve.conf" chown="root:0"
+					<include>//service[@type='mail']/general/commands[@index=1]
+					</include>
+				</daemon>
+				<!-- Dovecot with exim4 -->
+				<daemon name="dovecot_exim4" version="2" title="Dovecot with exim4">
+					<include>//service[@type='mail']/general/installs[@index=1]
+					</include>
+					<include>//service[@type='mail']/general/files[@index=1]
+					</include>
+					<file name="/etc/dovecot/conf.d/10-master.conf" chown="root:0"
 						chmod="0640" backup="true">
 						<content><![CDATA[
-##
-## Settings for the Sieve interpreter
-##
+#default_process_limit = 100
+#default_client_limit = 1000
 
-# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
-# by adding it to the respective mail_plugins= settings.
+# Default VSZ (virtual memory size) limit for service processes. This is mainly
+# intended to catch and kill processes that leak memory before they eat up
+# everything.
+#default_vsz_limit = 256M
 
-plugin {
-  # The path to the user's main active script. If ManageSieve is used, this the
-  # location of the symbolic link controlled by ManageSieve.
-  sieve = ~/sieve/.dovecot.sieve
+# Login user is internally used by login processes. This is the most untrusted
+# user in Dovecot system. It shouldn't have access to anything at all.
+#default_login_user = dovenull
 
-  # The default Sieve script when the user has none. This is a path to a global
-  # sieve script file, which gets executed ONLY if user's private Sieve script
-  # doesn't exist. Be sure to pre-compile this script manually using the sievec
-  # command line tool.
-  # --> See sieve_before fore executing scripts before the user's personal
-  #     script.
-  #sieve_default = /var/lib/dovecot/sieve/default.sieve
+# Internal user is used by unprivileged processes. It should be separate from
+# login user, so that login processes can't disturb other processes.
+#default_internal_user = dovecot
 
-  # Directory for :personal include scripts for the include extension. This
-  # is also where the ManageSieve service stores the user's scripts.
-  sieve_dir = ~/sieve
+service imap-login {
+  inet_listener imap {
+    #port = 143
+  }
+  inet_listener imaps {
+    #port = 993
+    #ssl = yes
+  }
 
-  # Directory for :global include scripts for the include extension.
-  #sieve_global_dir =
+  # Number of connections to handle before starting a new process. Typically
+  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+  # is faster. <doc/wiki/LoginProcess.txt>
+  #service_count = 1
 
-  # Path to a script file or a directory containing script files that need to be
-  # executed before the user's script. If the path points to a directory, all
-  # the Sieve scripts contained therein (with the proper .sieve extension) are
-  # executed. The order of execution within a directory is determined by the
-  # file names, using a normal 8bit per-character comparison. Multiple script
-  # file or directory paths can be specified by appending an increasing number.
-  #sieve_before =
-  #sieve_before2 =
-  #sieve_before3 = (etc...)
+  # Number of processes to always keep waiting for more connections.
+  #process_min_avail = 0
 
-  # Identical to sieve_before, only the specified scripts are executed after the
-  # user's script (only when keep is still in effect!). Multiple script file or
-  # directory paths can be specified by appending an increasing number.
-  #sieve_after =
-  #sieve_after2 =
-  #sieve_after2 = (etc...)
+  # If you set service_count=0, you probably need to grow this.
+  #vsz_limit = $default_vsz_limit
+}
 
-  # Which Sieve language extensions are available to users. By default, all
-  # supported extensions are available, except for deprecated extensions or
-  # those that are still under development. Some system administrators may want
-  # to disable certain Sieve extensions or enable those that are not available
-  # by default. This setting can use '+' and '-' to specify differences relative
-  # to the default. For example `sieve_extensions = +imapflags' will enable the
-	# deprecated imapflags extension in addition to all extensions were already
-  # enabled by default.
-  #sieve_extensions = +notify +imapflags
+service pop3-login {
+  inet_listener pop3 {
+    #port = 110
+  }
+  inet_listener pop3s {
+    #port = 995
+    #ssl = yes
+  }
+}
 
-  # Which Sieve language extensions are ONLY available in global scripts. This
-  # can be used to restrict the use of certain Sieve extensions to administrator
-  # control, for instance when these extensions can cause security concerns.
-  # This setting has higher precedence than the `sieve_extensions' setting
-  # (above), meaning that the extensions enabled with this setting are never
-  # available to the user's personal script no matter what is specified for the
-  # `sieve_extensions' setting. The syntax of this setting is similar to the
-  # `sieve_extensions' setting, with the difference that extensions are
-  # enabled or disabled for exclusive use in global scripts. Currently, no
-  # extensions are marked as such by default.
-  #sieve_global_extensions =
+service lmtp {
+  unix_listener lmtp {
+    #mode = 0666
+  }
 
-  # The Pigeonhole Sieve interpreter can have plugins of its own. Using this
-  # setting, the used plugins can be specified. Check the Dovecot wiki
-  # (wiki2.dovecot.org) or the pigeonhole website
-  # (http://pigeonhole.dovecot.org) for available plugins.
-  #sieve_plugins =
+  # Create inet listener only if you can't use the above UNIX socket
+  #inet_listener lmtp {
+    # Avoid making LMTP visible for the entire internet
+    #address =
+    #port = 
+  #}
+}
 
-  # The separator that is expected between the :user and :detail
-  # address parts introduced by the subaddress extension. This may
-  # also be a sequence of characters (e.g. '--'). The current
-  # implementation looks for the separator from the left of the
-  # localpart and uses the first one encountered. The :user part is
-  # left of the separator and the :detail part is right. This setting
-  # is also used by Dovecot's LMTP service.
-  #recipient_delimiter = +
+service imap {
+  # Most of the memory goes to mmap()ing files. You may need to increase this
+  # limit if you have huge mailboxes.
+  #vsz_limit = $default_vsz_limit
 
-  # The maximum size of a Sieve script. The compiler will refuse to compile any
-  # script larger than this limit. If set to 0, no limit on the script size is
-  # enforced.
-  #sieve_max_script_size = 1M
+  # Max. number of IMAP processes (connections)
+  #process_limit = 1024
+}
 
-  # The maximum number of actions that can be performed during a single script
-  # execution. If set to 0, no limit on the total number of actions is enforced.
-  #sieve_max_actions = 32
+service pop3 {
+  # Max. number of POP3 processes (connections)
+  #process_limit = 1024
+}
 
-  # The maximum number of redirect actions that can be performed during a single
-  # script execution. If set to 0, no redirect actions are allowed.
-  #sieve_max_redirects = 4
+service auth {
+  # auth_socket_path points to this userdb socket by default. It's typically
+  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
+  # full permissions to this socket are able to get a list of all usernames and
+  # get the results of everyone's userdb lookups.
+  #
+  # The default 0666 mode allows anyone to connect to the socket, but the
+  # userdb lookups will succeed only if the userdb returns an "uid" field that
+  # matches the caller process's UID. Also if caller's uid or gid matches the
+  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
+  #
+  # To give the caller full permissions to lookup all users, set the mode to
+  # something else than 0666 and Dovecot lets the kernel enforce the
+  # permissions (e.g. 0777 allows everyone full permissions).
+  unix_listener auth-userdb {
+    #mode = 0666
+    #user = 
+    #group = 
+  }
 
-  # The maximum number of personal Sieve scripts a single user can have. If set
-  # to 0, no limit on the number of scripts is enforced.
-  # (Currently only relevant for ManageSieve)
-  #sieve_quota_max_scripts = 0
+  # Postfix smtp-auth
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0660
+    user = postfix 
+    group = postfix  
+  }
+  # Exim4 smtp-auth
+  unix_listener auth-client {
+    mode = 0660
+    user = mail
+    group = Debian-exim
+  }
 
-  # The maximum amount of disk storage a single user's scripts may occupy. If
-  # set to 0, no limit on the used amount of disk storage is enforced.
-  # (Currently only relevant for ManageSieve)
-  #sieve_quota_max_storage = 0
+  # Auth process is run as this user.
+  #user = $default_internal_user
+}
+
+service auth-worker {
+  # Auth worker process is run as root by default, so that it can access
+  # /etc/shadow. If this isn't necessary, the user should be changed to
+  # $default_internal_user.
+  #user = root
+}
+
+service dict {
+  # If dict proxy is used, mail processes should have access to its socket.
+  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
+  unix_listener dict {
+    #mode = 0600
+    #user = 
+    #group = 
+  }
 }
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/dovecot restart]]></command>
+					<include>//service[@type='mail']/general/commands[@index=1]
+					</include>
 				</daemon>
 				<!-- Courier -->
 				<daemon name="courier" title="Courier">