10 files changed, 269 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-acl.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-acl.conf
new file mode 100644
index 0000000..f9fa335
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-acl.conf
@@ -0,0 +1,15 @@
+mail_plugins = $mail_plugins acl
+protocol imap {
+  mail_plugins = $mail_plugins imap_acl
+}
+plugin {
+    acl_defaults_from_inbox = yes
+}
+# Should saving a mail to a nonexistent mailbox automatically create it?
+lda_mailbox_autocreate = yes
+# Should automatically created mailboxes be also automatically subscribed?
+lda_mailbox_autosubscribe = yes
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf
new file mode 100644
index 0000000..4e23fa8
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,46 @@
+# cache all authentication results for one hour
+#auth_cache_size = 10M
+#auth_cache_ttl = 1 hour
+#auth_cache_negative_ttl = 1 hour
+# Don't cache password details, otherwise password changes require a server HUP
+# before the server will re-query the password data source.
+auth_cache_size = 0
+# only use plain username/password auth - OK since everything is over TLS
+auth_mechanisms = plain
+# passdb specifies how users are authenticated - sql here, and
+# our sql config specifies the sqlite filename with queries to use
+passdb {
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf.ext
+}
+# userdb specifies the location of users' "home" directories - where their
+# mail is stored. e.g. /var/mail/vhosts/exmaple.com/user
+# %d = domain, %n = user
+# We can't use "prefetch" because postfix can't read users from "prefetch" db,
+# and we can't use 'static' because the doveadm tool needs to iterate users
+# for purging zero refcount deleted mails, so we give a userdb of sql here
+# and specify a "get all users" SQL query in the configuration file.
+userdb {
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf.ext
+}
+# UNIX socket path to master authentication server to find users.
+# This is used by imap (for shared users) and lda.
+auth_socket_path = /var/run/dovecot/auth-userdb
+# Respect /etc/hosts.deny (populated by fail2ban)
+# You can use /etc/hosts.allow to countermand fail2ban decisions.
+login_access_sockets = tcpwrap
+service tcpwrap {
+  unix_listener login/tcpwrap {
+    group = $default_login_user
+    mode = 0600
+    user = $default_login_user
+  }
+}
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-mail.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-mail.conf
new file mode 100644
index 0000000..6c03965
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-mail.conf
@@ -0,0 +1,28 @@
+# default home directory location for all users
+mail_home = /var/mail/vhosts/%d/%n
+# directory to store mail. The tilda makes it relative to the *dovecot*
+# virtual home directory.
+#
+# I use mdbox - this is Dovecot's own high-performance mail store format.
+# There are other slower, more "traditional" formats you can choose from.
+# Read about them here: https://wiki2.dovecot.org/MailboxFormat
+mail_location = mdbox:~/mdbox
+# nothing fancy - just a standard default namespace with '/' as the
+# hierarchy separator
+namespace inbox {
+  separator = /
+  inbox = yes
+}
+# set this to the group that owns your vmail directory.
+mail_privileged_group = vmail
+# these lines enable attachment deduplication. Attachments must be somewhat
+# large (64k) to store them separately from the mail store.
+mail_attachment_dir = /var/mail/attachments
+mail_attachment_min_size = 64k
+# we'll uncomment this after we set up Solr in the following section:
+# mail_plugins = $mail_plugins fts fts_solr
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf
new file mode 100644
index 0000000..f99d0f4
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf
@@ -0,0 +1,82 @@
+# to improve performance, disable fsync globally - we will enable it for
+# some specific services later on
+mail_fsync = never
+service imap-login {
+  # plain-text IMAP should only be accessible from localhost
+  inet_listener imap {
+    address = 127.0.0.1, ::1
+  }
+  # enable high-performance mode, described here:
+  # https://wiki.dovecot.org/LoginProcess
+  service_count = 0
+  # set to the number of CPU cores on your server
+  process_min_avail = 3
+  vsz_limit = 1G
+}
+# disable POP3 altogether
+service pop3-login {
+  inet_listener pop3 {
+    port = 0
+  }
+  inet_listener pop3s {
+    port = 0
+  }
+}
+# enable semi-long-lived IMAP processes to improve performance
+service imap {
+  service_count = 256
+  # set to the number of CPU cores on your server
+  process_min_avail = 3
+}
+# expose an LMTP socket for postfix to deliver mail
+service lmtp {
+ unix_listener /var/spool/postfix/private/dovecot-lmtp {
+   group = postfix
+   mode = 0600
+   user = postfix
+  }
+}
+service auth {
+  # auth_socket_path points to this userdb socket by default. It's typically
+  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
+  # full permissions to this socket are able to get a list of all usernames and
+  # get the results of everyone's userdb lookups.
+  #
+  # The default 0666 mode allows anyone to connect to the socket, but the
+  # userdb lookups will succeed only if the userdb returns an "uid" field that
+  # matches the caller process's UID. Also if caller's uid or gid matches the
+  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
+  #
+  # To give the caller full permissions to lookup all users, set the mode to
+  # something else than 0666 and Dovecot lets the kernel enforce the
+  # permissions (e.g. 0777 allows everyone full permissions).
+  # auth for postfix
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0666
+    user = postfix
+    group = postfix
+  }
+  # auth for doveadm tools
+  unix_listener auth-userdb {
+    mode = 0666
+    user = vmail
+    group = vmail
+  }
+  client_limit = 840
+}
+# no need to run this as root
+service auth-worker {
+  user = vmail
+}
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/15-lda.conf b/ansible/roles/dovecot/files/dovecot/conf.d/15-lda.conf
new file mode 100644
index 0000000..32ca50d
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/15-lda.conf
@@ -0,0 +1,7 @@
+# configuration for mail delivered by the `dovecot-lda` command. Shouldn't
+# be needed since we are using LMTP, but kept for backwards compatibility.
+protocol lda {
+  # use fsync for write-safety - this deals with delivering actual mail
+  mail_fsync = optimized
+  mail_plugins = $mail_plugins sieve
+}
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/15-mailboxes.conf b/ansible/roles/dovecot/files/dovecot/conf.d/15-mailboxes.conf
new file mode 100644
index 0000000..8674b0b
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/15-mailboxes.conf
@@ -0,0 +1,24 @@
+# define any special IMAP folders here. You can force them to be created or
+# created+subscribed automatically used the `auto` option.
+namespace inbox {
+  mailbox Drafts {
+    auto = subscribe
+    special_use = \Drafts
+  }
+  mailbox Junk {
+    auto = create
+    special_use = \Junk
+  }
+  mailbox Trash {
+    auto = create
+    special_use = \Trash
+  }
+  mailbox Archive {
+    auto = subscribe
+    special_use = \Archive
+  }
+  mailbox Sent {
+    auto = subscribe
+    special_use = \Sent
+  }
+}
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/20-imap.conf b/ansible/roles/dovecot/files/dovecot/conf.d/20-imap.conf
new file mode 100644
index 0000000..7b32396
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/20-imap.conf
@@ -0,0 +1,10 @@
+# Use a longer IDLE interval to reduce network chatter and save battery
+# life. Max is 30 minutes.
+imap_idle_notify_interval = 29 mins
+protocol imap {
+  # max IMAP connections per IP address
+  mail_max_userip_connections = 50
+  # imap_sieve will be used for spam training by rspamd
+  mail_plugins = $mail_plugins imap_sieve
+}
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/20-lmtp.conf b/ansible/roles/dovecot/files/dovecot/conf.d/20-lmtp.conf
new file mode 100644
index 0000000..a51ee42
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/20-lmtp.conf
@@ -0,0 +1,5 @@
+protocol lmtp {
+  # use fsync for write-safety - this deals with delivering actual mail
+  mail_fsync = optimized
+  mail_plugins = $mail_plugins sieve
+}
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/90-imapsieve.conf b/ansible/roles/dovecot/files/dovecot/conf.d/90-imapsieve.conf
new file mode 100644
index 0000000..26987b1
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/90-imapsieve.conf
@@ -0,0 +1,18 @@
+plugin {
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+  # From elsewhere to Junk folder
+  imapsieve_mailbox1_name = Junk
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
+  # From Junk folder to elsewhere
+  imapsieve_mailbox2_name = *
+  imapsieve_mailbox2_from = Junk
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
+  sieve_pipe_bin_dir = /etc/dovecot/sieve
+  sieve_global_extensions = +vnd.dovecot.pipe
+}
diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/90-sieve.conf b/ansible/roles/dovecot/files/dovecot/conf.d/90-sieve.conf
new file mode 100644
index 0000000..9a753bf
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/conf.d/90-sieve.conf
@@ -0,0 +1,34 @@
+plugin {
+  # 'active' is a symlink to one sieve source script inside directory at 'file'
+  sieve = file:~/sieve;active=~/.dovecot.sieve
+  # directory of global sieve scripts to run before and after processing ALL
+  # incoming mail
+  sieve_before = /etc/dovecot/sieve-before.d
+  sieve_after  = /etc/dovecot/sieve-after.d
+  # make sieve aware of [email protected] aliases
+  recipient_delimiter = +
+  # no limits on script size or actions
+  sieve_quota_max_storage = 0
+  sieve_max_script_size = 0
+  sieve_max_actions = 0
+  sieve_extensions = +spamtest +spamtestplus
+  sieve_spamtest_status_header = X-Spam-Score
+  sieve_spamtest_status_type = strlen
+  # X-Spamd-Bar: +++++++++
+  sieve_spamtest_max_value = 9
+  # X-Spamd-Result: default: False [9.19 / 15.00];
+  # (regex not fixed to capture the above)
+  #sieve_spamtest_status_type = score
+  #sieve_spamtest_status_header = \
+  #    X-Spamd-Result: [[:alnum:]]+, score=(-?[[:digit:]]+\.[[:digit:]])
+  #sieve_spamtest_max_value = 5.0
+}

diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-acl.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-acl.conf new file mode 100644 index 0000000..f9fa335 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-acl.conf
@@ -0,0 +1,15 @@
	1	mail_plugins = $mail_plugins acl
	2
	3	protocol imap {
	4	mail_plugins = $mail_plugins imap_acl
	5	}
	6
	7	plugin {
	8	acl_defaults_from_inbox = yes
	9	}
	10
	11	# Should saving a mail to a nonexistent mailbox automatically create it?
	12	lda_mailbox_autocreate = yes
	13
	14	# Should automatically created mailboxes be also automatically subscribed?
	15	lda_mailbox_autosubscribe = yes


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf new file mode 100644 index 0000000..4e23fa8 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,46 @@
	1	# cache all authentication results for one hour
	2	#auth_cache_size = 10M
	3	#auth_cache_ttl = 1 hour
	4	#auth_cache_negative_ttl = 1 hour
	5
	6	# Don't cache password details, otherwise password changes require a server HUP
	7	# before the server will re-query the password data source.
	8	auth_cache_size = 0
	9
	10	# only use plain username/password auth - OK since everything is over TLS
	11	auth_mechanisms = plain
	12
	13	# passdb specifies how users are authenticated - sql here, and
	14	# our sql config specifies the sqlite filename with queries to use
	15	passdb {
	16	driver = sql
	17	args = /etc/dovecot/dovecot-sql.conf.ext
	18	}
	19
	20	# userdb specifies the location of users' "home" directories - where their
	21	# mail is stored. e.g. /var/mail/vhosts/exmaple.com/user
	22	# %d = domain, %n = user
	23	# We can't use "prefetch" because postfix can't read users from "prefetch" db,
	24	# and we can't use 'static' because the doveadm tool needs to iterate users
	25	# for purging zero refcount deleted mails, so we give a userdb of sql here
	26	# and specify a "get all users" SQL query in the configuration file.
	27	userdb {
	28	driver = sql
	29	args = /etc/dovecot/dovecot-sql.conf.ext
	30	}
	31
	32	# UNIX socket path to master authentication server to find users.
	33	# This is used by imap (for shared users) and lda.
	34	auth_socket_path = /var/run/dovecot/auth-userdb
	35
	36	# Respect /etc/hosts.deny (populated by fail2ban)
	37	# You can use /etc/hosts.allow to countermand fail2ban decisions.
	38	login_access_sockets = tcpwrap
	39
	40	service tcpwrap {
	41	unix_listener login/tcpwrap {
	42	group = $default_login_user
	43	mode = 0600
	44	user = $default_login_user
	45	}
	46	}


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-mail.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-mail.conf new file mode 100644 index 0000000..6c03965 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-mail.conf
@@ -0,0 +1,28 @@
	1	# default home directory location for all users
	2	mail_home = /var/mail/vhosts/%d/%n
	3
	4	# directory to store mail. The tilda makes it relative to the dovecot
	5	# virtual home directory.
	6	#
	7	# I use mdbox - this is Dovecot's own high-performance mail store format.
	8	# There are other slower, more "traditional" formats you can choose from.
	9	# Read about them here: https://wiki2.dovecot.org/MailboxFormat
	10	mail_location = mdbox:~/mdbox
	11
	12	# nothing fancy - just a standard default namespace with '/' as the
	13	# hierarchy separator
	14	namespace inbox {
	15	separator = /
	16	inbox = yes
	17	}
	18
	19	# set this to the group that owns your vmail directory.
	20	mail_privileged_group = vmail
	21
	22	# these lines enable attachment deduplication. Attachments must be somewhat
	23	# large (64k) to store them separately from the mail store.
	24	mail_attachment_dir = /var/mail/attachments
	25	mail_attachment_min_size = 64k
	26
	27	# we'll uncomment this after we set up Solr in the following section:
	28	# mail_plugins = $mail_plugins fts fts_solr


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf new file mode 100644 index 0000000..f99d0f4 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/10-master.conf
@@ -0,0 +1,82 @@
	1	# to improve performance, disable fsync globally - we will enable it for
	2	# some specific services later on
	3	mail_fsync = never
	4
	5	service imap-login {
	6	# plain-text IMAP should only be accessible from localhost
	7	inet_listener imap {
	8	address = 127.0.0.1, ::1
	9	}
	10
	11	# enable high-performance mode, described here:
	12	# https://wiki.dovecot.org/LoginProcess
	13	service_count = 0
	14
	15	# set to the number of CPU cores on your server
	16	process_min_avail = 3
	17	vsz_limit = 1G
	18	}
	19
	20	# disable POP3 altogether
	21	service pop3-login {
	22	inet_listener pop3 {
	23	port = 0
	24	}
	25
	26	inet_listener pop3s {
	27	port = 0
	28	}
	29	}
	30
	31	# enable semi-long-lived IMAP processes to improve performance
	32	service imap {
	33	service_count = 256
	34	# set to the number of CPU cores on your server
	35	process_min_avail = 3
	36	}
	37
	38	# expose an LMTP socket for postfix to deliver mail
	39	service lmtp {
	40	unix_listener /var/spool/postfix/private/dovecot-lmtp {
	41	group = postfix
	42	mode = 0600
	43	user = postfix
	44	}
	45	}
	46
	47	service auth {
	48	# auth_socket_path points to this userdb socket by default. It's typically
	49	# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
	50	# full permissions to this socket are able to get a list of all usernames and
	51	# get the results of everyone's userdb lookups.
	52	#
	53	# The default 0666 mode allows anyone to connect to the socket, but the
	54	# userdb lookups will succeed only if the userdb returns an "uid" field that
	55	# matches the caller process's UID. Also if caller's uid or gid matches the
	56	# socket's uid or gid the lookup succeeds. Anything else causes a failure.
	57	#
	58	# To give the caller full permissions to lookup all users, set the mode to
	59	# something else than 0666 and Dovecot lets the kernel enforce the
	60	# permissions (e.g. 0777 allows everyone full permissions).
	61
	62	# auth for postfix
	63	unix_listener /var/spool/postfix/private/auth {
	64	mode = 0666
	65	user = postfix
	66	group = postfix
	67	}
	68
	69	# auth for doveadm tools
	70	unix_listener auth-userdb {
	71	mode = 0666
	72	user = vmail
	73	group = vmail
	74	}
	75
	76	client_limit = 840
	77	}
	78
	79	# no need to run this as root
	80	service auth-worker {
	81	user = vmail
	82	}


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/15-lda.conf b/ansible/roles/dovecot/files/dovecot/conf.d/15-lda.conf new file mode 100644 index 0000000..32ca50d --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/15-lda.conf
@@ -0,0 +1,7 @@
	1	# configuration for mail delivered by the `dovecot-lda` command. Shouldn't
	2	# be needed since we are using LMTP, but kept for backwards compatibility.
	3	protocol lda {
	4	# use fsync for write-safety - this deals with delivering actual mail
	5	mail_fsync = optimized
	6	mail_plugins = $mail_plugins sieve
	7	}


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/15-mailboxes.conf b/ansible/roles/dovecot/files/dovecot/conf.d/15-mailboxes.conf new file mode 100644 index 0000000..8674b0b --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/15-mailboxes.conf
@@ -0,0 +1,24 @@
	1	# define any special IMAP folders here. You can force them to be created or
	2	# created+subscribed automatically used the `auto` option.
	3	namespace inbox {
	4	mailbox Drafts {
	5	auto = subscribe
	6	special_use = \Drafts
	7	}
	8	mailbox Junk {
	9	auto = create
	10	special_use = \Junk
	11	}
	12	mailbox Trash {
	13	auto = create
	14	special_use = \Trash
	15	}
	16	mailbox Archive {
	17	auto = subscribe
	18	special_use = \Archive
	19	}
	20	mailbox Sent {
	21	auto = subscribe
	22	special_use = \Sent
	23	}
	24	}


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/20-imap.conf b/ansible/roles/dovecot/files/dovecot/conf.d/20-imap.conf new file mode 100644 index 0000000..7b32396 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/20-imap.conf
@@ -0,0 +1,10 @@
	1	# Use a longer IDLE interval to reduce network chatter and save battery
	2	# life. Max is 30 minutes.
	3	imap_idle_notify_interval = 29 mins
	4
	5	protocol imap {
	6	# max IMAP connections per IP address
	7	mail_max_userip_connections = 50
	8	# imap_sieve will be used for spam training by rspamd
	9	mail_plugins = $mail_plugins imap_sieve
	10	}


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/20-lmtp.conf b/ansible/roles/dovecot/files/dovecot/conf.d/20-lmtp.conf new file mode 100644 index 0000000..a51ee42 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/20-lmtp.conf
@@ -0,0 +1,5 @@
	1	protocol lmtp {
	2	# use fsync for write-safety - this deals with delivering actual mail
	3	mail_fsync = optimized
	4	mail_plugins = $mail_plugins sieve
	5	}


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/90-imapsieve.conf b/ansible/roles/dovecot/files/dovecot/conf.d/90-imapsieve.conf new file mode 100644 index 0000000..26987b1 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/90-imapsieve.conf
@@ -0,0 +1,18 @@
	1	plugin {
	2	sieve_plugins = sieve_imapsieve sieve_extprograms
	3
	4	# From elsewhere to Junk folder
	5	imapsieve_mailbox1_name = Junk
	6	imapsieve_mailbox1_causes = COPY
	7	imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
	8
	9	# From Junk folder to elsewhere
	10	imapsieve_mailbox2_name = *
	11	imapsieve_mailbox2_from = Junk
	12	imapsieve_mailbox2_causes = COPY
	13	imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
	14
	15	sieve_pipe_bin_dir = /etc/dovecot/sieve
	16
	17	sieve_global_extensions = +vnd.dovecot.pipe
	18	}


diff --git a/ansible/roles/dovecot/files/dovecot/conf.d/90-sieve.conf b/ansible/roles/dovecot/files/dovecot/conf.d/90-sieve.conf new file mode 100644 index 0000000..9a753bf --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/conf.d/90-sieve.conf
@@ -0,0 +1,34 @@
	1	plugin {
	2	# 'active' is a symlink to one sieve source script inside directory at 'file'
	3	sieve = file:~/sieve;active=~/.dovecot.sieve
	4
	5	# directory of global sieve scripts to run before and after processing ALL
	6	# incoming mail
	7	sieve_before = /etc/dovecot/sieve-before.d
	8	sieve_after = /etc/dovecot/sieve-after.d
	9
	10	# make sieve aware of [email protected] aliases
	11	recipient_delimiter = +
	12
	13
	14	# no limits on script size or actions
	15	sieve_quota_max_storage = 0
	16	sieve_max_script_size = 0
	17	sieve_max_actions = 0
	18
	19	sieve_extensions = +spamtest +spamtestplus
	20
	21	sieve_spamtest_status_header = X-Spam-Score
	22	sieve_spamtest_status_type = strlen
	23
	24	# X-Spamd-Bar: +++++++++
	25	sieve_spamtest_max_value = 9
	26
	27
	28	# X-Spamd-Result: default: False [9.19 / 15.00];
	29	# (regex not fixed to capture the above)
	30	#sieve_spamtest_status_type = score
	31	#sieve_spamtest_status_header = \
	32	# X-Spamd-Result: [[:alnum:]]+, score=(-?[[:digit:]]+\.[[:digit:]])
	33	#sieve_spamtest_max_value = 5.0
	34	}