# This file is commonly accessed via passdb {} or userdb {} section in
# conf.d/auth-sql.conf.ext

# This file is opened as root, so it should be owned by root and mode 0600.
#
# http://wiki2.dovecot.org/AuthDatabase/SQL
#
# For the sql passdb module, you'll need a database with a table that
# contains fields for at least the username and password. If you want to
# use the user@domain syntax, you might want to have a separate domain
# field as well.
#
# If your users all have the same uig/gid, and have predictable home
# directories, you can use the static userdb module to generate the home
# dir based on the username and domain. In this case, you won't need fields
# for home, uid, or gid in the database.
#
# If you prefer to use the sql userdb module, you'll want to add fields
# for home, uid, and gid. Here is an example table:
#
# CREATE TABLE users (
#     username VARCHAR(128) NOT NULL,
#     domain VARCHAR(128) NOT NULL,
#     password VARCHAR(64) NOT NULL,
#     home VARCHAR(255) NOT NULL,
#     uid INTEGER NOT NULL,
#     gid INTEGER NOT NULL,
#     active CHAR(1) DEFAULT 'Y' NOT NULL
# );

# Database driver: mysql, pgsql, sqlite
driver = mysql

# Database connection string. This is driver-specific setting.
#
# HA / round-robin load-balancing is supported by giving multiple host
# settings, like: host=sql1.host.org host=sql2.host.org
#
# pgsql:
#   For available options, see the PostgreSQL documentation for the
#   PQconnectdb function of libpq.
#   Use maxconns=n (default 5) to change how many connections Dovecot can
#   create to pgsql.
#
# mysql:
#   Basic options emulate PostgreSQL option names:
#     host, port, user, password, dbname
#
#   But also adds some new settings:
#     client_flags           - See MySQL manual
#     connect_timeout        - Connect timeout in seconds (default: 5)
#     read_timeout           - Read timeout in seconds (default: 30)
#     write_timeout          - Write timeout in seconds (default: 30)
#     ssl_ca, ssl_ca_path    - Set either one or both to enable SSL
#     ssl_cert, ssl_key      - For sending client-side certificates to server
#     ssl_cipher             - Set minimum allowed cipher security (default: HIGH)
#     ssl_verify_server_cert - Verify that the name in the server SSL certificate
#                              matches the host (default: no)
#     option_file            - Read options from the given file instead of
#                              the default my.cnf location
#     option_group           - Read options from the given group (default: client)
# 
#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
#   Note that currently you can't use spaces in parameters.
#
# sqlite:
#   The path to the database file.
#
# Examples:
#   connect = host=192.168.1.1 dbname=users
#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
#   connect = /etc/dovecot/authdb.sqlite
#
connect = host=localhost dbname=vpopmail user=vpopmail password=

# Default password scheme.
#
# List of supported schemes is in
# http://wiki2.dovecot.org/Authentication/PasswordSchemes
#
default_pass_scheme = MD5-CRYPT

# passdb query to retrieve the password. It can return fields:
#   password - The user's password. This field must be returned.
#   user - user@domain from the database. Needed with case-insensitive lookups.
#   username and domain - An alternative way to represent the "user" field.
#
# The "user" field is often necessary with case-insensitive lookups to avoid
# e.g. "name" and "nAme" logins creating two different mail directories. If
# your user and domain names are in separate fields, you can return "username"
# and "domain" fields instead of "user".
#
# The query can also return other fields which have a special meaning, see
# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
#
# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
# for full list):
#   %u = entire user@domain
#   %n = user part of user@domain
#   %d = domain part of user@domain
#
# Note that these can be used only as input to SQL query. If the query outputs
# any of these substitutions, they're not touched. Otherwise it would be
# difficult to have eg. usernames containing '%' characters.
#
# Example:
#   password_query = SELECT userid AS user, pw AS password \
#     FROM users WHERE userid = '%u' AND active = 'Y'
#
# (Thanks to Arturo Blanco for his hints concerning vpopmail limits
#  and to Alexandre Fonceca for quota_rule addition)
#
# NB: This query requires that the sql-aliasdomains patch has been installed
#     and that you have the aliasdomains dbtable
#     More info here https://notes.sagredo.eu/en/qmail-notes-185/dovecot-vpopmail-auth-driver-removal-migrating-to-the-sql-driver-241.html
password_query = \
	SELECT \
		CONCAT(vpopmail.pw_name, '@', vpopmail.pw_domain) AS user, \
  		vpopmail.pw_passwd AS password, \
                vpopmail.pw_dir AS userdb_home, \
                89 AS userdb_uid, \
                89 AS userdb_gid, \
                CONCAT('*:bytes=', REPLACE(SUBSTRING_INDEX(vpopmail.pw_shell, 'S', 1), 'NOQUOTA', '0')) AS userdb_quota_rule \
	FROM `vpopmail` \
		LEFT JOIN aliasdomains ON aliasdomains.alias='%d' \
		LEFT JOIN limits ON limits.domain = '%d' \
	WHERE \
		vpopmail.pw_name='%n' \
		AND \
		(vpopmail.pw_domain='%d' OR vpopmail.pw_domain=aliasdomains.domain) \
		AND \
		('%a'!='995' OR !(vpopmail.pw_gid & 2)) \
		AND \
		('%r'!='<WEBMAIL-IP>' OR !(vpopmail.pw_gid & 4)) \
		AND \
		('%r'='<WEBMAIL-IP>' OR '%a'!='993' OR !(vpopmail.pw_gid & 8)) \
		AND \
		('%r'!='<WEBMAIL-IP>' OR COALESCE(disable_webmail,0)!=1) \
		AND \
		('%r'='<WEBMAIL-IP>' OR COALESCE(disable_imap,0)!=1)

# <WEBMAIL-IP> is the IP of your webmail web server.
# I'm assuming that the imap connection is only on port 993 and the pop3 connection is on port 995.
# Adjust to your needs
#
# logically this means:
#
# ************************** USER LIMITS via vpopmail.pw_gid filed
# SELECT user
# WHEN POP is not disabled for that user connecting on port 995 (995 is the pop3s port allowed from remote in my configuration)
# AND WHEN webmail access is not disabled for that user when connecting from <WEBMAIL-IP>
# AND WHEN IMAP is not disabled for that user connecting on port 993 (993 is the imap port allowed from remote
# in my configuration) unless his remote ip the one belonging to the webmail
#
# ************************* DOMAIN LIMITS via limits table
# AND WHEN WEBMAIL access for the domain is not disabled
# AND WHEN IMAP access for the domain is not disabled when not connecting from <WEBMAIL-IP>


# userdb query to retrieve the user information. It can return fields:
#   uid - System UID (overrides mail_uid setting)
#   gid - System GID (overrides mail_gid setting)
#   home - Home directory
#   mail - Mail location (overrides mail_location setting)
#
# None of these are strictly required. If you use a single UID and GID, and
# home or mail directory fits to a template string, you could use userdb static
# instead. For a list of all fields that can be returned, see
# http://wiki2.dovecot.org/UserDatabase/ExtraFields
#
# Examples:
#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
#
# This query is for the iteration feature (no need to use aliasdomains here)
user_query = \
	SELECT \
		vpopmail.pw_dir AS home, \
	  	89 AS uid, \
  		89 AS gid \
  	FROM vpopmail \
  	WHERE \
  		vpopmail.pw_name='%n' \
		AND \
		vpopmail.pw_domain='%d'

# Query to get a list of all usernames.
iterate_query = SELECT CONCAT(pw_name,'@',pw_domain) AS user FROM vpopmail

cp contrib/rc.vusaged /etc/rc.d/
/etc/rc.d/rc.vusaged start