dovecot · cmouse · Dec 17, 2024 · Dec 12, 2024 · Dec 12, 2024 · Dec 12, 2024
diff --git a/data/settings.js b/data/settings.js
diff --git a/docs/core/config/auth/databases/ldap.md b/docs/core/config/auth/databases/ldap.md
@@ -82,7 +82,7 @@ $ ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f doveauth_access.ldif
 
 The two important settings in password lookups are:
 
-- [[setting,ldap_filter]] specifies the LDAP filter how user is found from the
+- [[setting,passdb_ldap_filter]] specifies the LDAP filter how user is found from the
   LDAP. You can use all the normal [[variable]] like `%{user}` in the filter.
 
 - [[setting,passdb_fields]] specifies a list of attributes that are returned and
@@ -97,10 +97,12 @@ expression can include ldap specific variables and other variables too.
 For example:
 ::: code-group
 ```[dovecot.conf]
+passdb ldap {
   fields {
     user = %{ldap:uid}
     password = %{ldap:userPassword}
   }
+}
 ```
 :::
 
@@ -187,8 +189,8 @@ to configure this: lookup or template.
 
 ### DN Lookup
 
-DN is looked up by sending a [[setting,ldap_filter]] LDAP request and getting
-the DN from the reply. This is very similar to doing a
+DN is looked up by sending a [[setting,passdb_ldap_filter]] LDAP request and
+getting the DN from the reply. This is very similar to doing a
 [password lookup](#password-lookups). The only difference is that
 `userPassword` attribute isn't returned.
 
@@ -221,7 +223,8 @@ of two LDAP requests per login in both cases).
 If you're also using Dovecot for SMTP AUTH, it doesn't do a userdb lookup
 so the prefetch optimization doesn't help.
 
-If you're using DN template, [[setting,passdb_fields]] and [[setting,ldap_filter]] settings
+If you're using DN template, [[setting,passdb_fields]] and
+[[setting,passdb_ldap_filter]] settings
 are completely ignored. That means you can't make passdb return any
 [[link,passdb_extra_fields]]. You should also set
 [[setting,auth_username_format,%{user | lower}]] in `dovecot.conf` to normalize the
@@ -355,8 +358,10 @@ The most important settings are:
 
 ::: code-group
 ```[dovecot.conf]
-  passdb_ldap_bind_userdn = %{user}
-  passdb_ldap_bind = yes
+passdb ldap {
+  bind_userdn = %{user}
+  bind = yes
+}
 ```
 :::
 
@@ -372,16 +377,18 @@ concurrent LDAP connections. Otherwise only a single LDAP connection is used.
 :::
 
 - Normalize the username to exactly the `mailRoutingAddress` field's value
-regardless of how the [[setting,ldap_filter]] found the user:
+regardless of how the [[setting,passdb_ldap_filter]] found the user:
 
 ::: code-group
 ```[dovecot.conf]
+passdb ldap {
   fields {
       user     = %{ldap:mailRoutingAddress}
       password = %{ldap:userPassword}
       proxy    = y
       proxy_timeout = 10
   }
+}
 ```
 :::
 
@@ -391,10 +398,12 @@ other means:
 
 ::: code-group
 ```[dovecot.conf]
+passdb ldap {
   fields {
     user = %{ldap:mailRoutingAddress}
     quota_storage_size = %{ldap:messageQuotaHard}B
   }
+}
 ```
 :::
 
@@ -403,19 +412,23 @@ distinct values inside each [[setting,passdb]] / [[setting,userdb]] section):
 
 ::: code-group
 ```[dovecot.conf]
-ldap_filter = (mailRoutingAddress=%{user})
+passdb ldap {
+  filter = (mailRoutingAddress=%{user})
+}
 ```
 :::
 
 - How to iterate through all the valid usernames:
 
 ::: code-group
 ```[dovecot.conf]
-  ldap_filter = (mailRoutingAddress=%{user})
-  ldap_iterate_filter = (objectClass=messageStoreRecipient)
+userdb ldap {
+  filter = (mailRoutingAddress=%{user})
+  iterate_filter = (objectClass=messageStoreRecipient)
   iterate_fields {
     user = %{ldap:mailRoutingAddress}
   }
+}
 ```
 :::
 
@@ -508,7 +521,7 @@ returning the userdb information already in the passdb lookup.
 
 ## LDAP Settings
 
-<SettingsComponent tag="ldap" level="2" />
+<SettingsComponent tag="auth-ldap" level="2" />
 
 ## LDAP userdb
 
@@ -526,25 +539,31 @@ without knowing the user's password).
 
 The userdb lookups are configured in very much the same way as
 [password lookups](#password-lookups). [[setting,userdb_fields]] and
-[[setting,ldap_filter]], are used in the same way in passdb.
+[[setting,userdb_ldap_filter]], are used in the same way in passdb.
 
 If you're using a single UID and GID for all the users, you can specify
 them globally with [[setting,mail_uid]] and [[setting,mail_gid]] settings instead of
 returning them from LDAP.
 
 ```
-ldap_filter = (&(objectClass=posixAccount)(uid=%{user}))
-ldap_iterate_filter = (objectClass=posixAccount)
-fields {
+userdb ldap {
+  filter = (&(objectClass=posixAccount)(uid=%{user}))
+  fields {
     home = %{ldap:homeDirectory}
     uid = %{ldap:uidNumber}
     gid = %{ldap:gidNumber}
+  }
 }
 ```
 
-```
 # For using doveadm -A:
-fields=user=%{ldap:uid}
+```
+userdb ldap {
+  iterate_filter = (objectClass=posixAccount)
+  iterate_fields {
+    user = %{ldap:uid}
+  }
+}
 ```
 
 ### Attribute Templates
@@ -558,27 +577,33 @@ Create a `quota_storage_size` field with value `<n>B` where `<n>` comes
 from "quotaBytes" LDAP attribute:
 
 ```
-fields {
-  quota_storage_size = %{ldap:quotaBytes}B
+userdb ldap {
+  fields {
+    quota_storage_size = %{ldap:quotaBytes}B
+  }
 }
 ```
 
 Create a `mail_path` field with value `/var/mail/<dir>/Maildir` where
 `<dir>` comes from "sAMAccountName" LDAP attribute:
 
 ```
-fields {
-  mail_path = /var/spool/vmail/%{ldap:sAMAccountName}/Maildir
+userdb ldap {
+  fields {
+    mail_path = /var/spool/vmail/%{ldap:sAMAccountName}/Maildir
+  }
 }
 ```
 
 You can add static fields that aren't looked up from LDAP. For example
 create a "mail_path" field with value `/var/vmail/%{user | domain}/%{user | username}/Maildir`:
 
 ```
-fields {
+userdb ldap {
+  fields {
     quota_storage_size = %{ldap:quotaBytes}B
     mail_path = /var/vmail/%{user | domain}/%{user | username}/Maildir
+  }
 }
 ```
 
@@ -603,9 +628,11 @@ User names and domains may be distinguished using the [[variable]]
 
 The userdb may set a new username, too, using
 ```
+userdb ldap {
   fields {
     user = ...
   }
+}
 ```
 
 This will be used for:

diff --git a/docs/core/config/auth/databases/pam.md b/docs/core/config/auth/databases/pam.md
@@ -160,7 +160,7 @@ account   required        pam_unix.so
 
 For Solaris you will have to edit `/etc/pam.conf`.
 
-Here is a working Solaris example (using [[setting,service_name,%L{service}]]
+Here is a working Solaris example (using [[setting,service_name,%{service}]]
 instead of the default `dovecot` service):
 
 ```

diff --git a/docs/core/config/auth/master_users.md b/docs/core/config/auth/master_users.md
@@ -71,10 +71,10 @@ The options for handling this are:
    You can create a `default ACL`, that applies to all mailboxes. See example
    below.
 
-2. Set `plugin { acl_user=%{user} }`. This preserves the master_user for other
+2. Set [[setting,acl_user,%{user}]]. This preserves the master_user for other
    purposes (e.g. `%{master_user}` variable).
 
-3. Set `plugin { master_user=%{user} }`. This fully hides that master user login is
+3. Change userdb to return `userdb_fields { master_user=%{user} }`. This fully hides that master user login is
    being used.
 
 Example configuration:

diff --git a/docs/core/config/auth/proxies.md b/docs/core/config/auth/proxies.md
@@ -275,7 +275,7 @@ See [[link,auth_master_users]] for more information how to configure this.
 ## OAuth2 Forwarding
 
 If you want to forward [[link,auth_oauth2]] tokens, return field
-`proxy_mech=%m` as extra field.
+`proxy_mech=%{mechanism}` as extra field.
 
 ## Examples
 

diff --git a/docs/core/config/auth/userdb.md b/docs/core/config/auth/userdb.md
@@ -203,8 +203,7 @@ helpful to know how Dovecot internally passes them:
 
 1. First all actual settings are first read into memory.
 2. Next all the extra fields returned by `userdb` lookup are used to override
-   the settings. Any unknown setting is placed into the plugin {} section
-   (e.g. `foo=bar` will be parsed as if it were `plugin { foo=bar }`).
+   the settings.
 3. Last, if [[link,post_login_scripting]] is used, it may modify the
    settings.
 

diff --git a/docs/core/config/pop3.md b/docs/core/config/pop3.md
@@ -108,13 +108,13 @@ For new POP3 servers, the easiest way to set up UIDLs is to use IMAP's
 UIDVALIDITY and UID values. The default is:
 
 ```
-pop3_uidl_format = %08Xu%08Xv
+pop3_uidl_format = %{uid | hex(8)}%{uidvalidity | hex(8)}
 ```
 
 Another good default is to use the message's global UID:
 
 ```
-pop3_uidl_format = %g
+pop3_uidl_format = %{guid}
 ```
 
 However, note that GUIDs may not be unique, as the GUID does not change when a
@@ -124,7 +124,7 @@ done using IMAP, Sieve, or doveadm.)
 ### MD5 UIDL format (mbox-only)
 
 ```
-pop3_uidl_format = %m
+pop3_uidl_format = %{md5}
 ```
 
 This works by getting the MD5 sum of a couple of message headers that uniquely
@@ -162,7 +162,7 @@ calculation:
 
 * X-Delivery-ID: header
 
-If you use [[link,lda]] or IMAP APPEND and [[setting,pop3_uidl_format,%m]]
+If you use [[link,lda]] or IMAP APPEND and [[setting,pop3_uidl_format,%{md5}]]
 it always appends the X-Delivery-ID: header to saved mailbox. Any existing
 X-Delivery-ID: headers in the saved mails are dropped.
 

diff --git a/docs/core/config/shared_mailboxes.md b/docs/core/config/shared_mailboxes.md
@@ -6,9 +6,6 @@ dovecotlinks:
   shared_mailboxes_listing:
     hash: shared-mailbox-listing
     text: shared mailbox listing
-  shared_mailboxes_percent:
-    hash: vs
-    text: \% vs. \%\%
   shared_mailboxes_permissions:
     hash: filesystem-permissions
     text: shared mailboxes filesystem permissions
@@ -468,7 +465,7 @@ See [[plugin,acl]] for list of `<rights>`.
 
 ### Sharing Mailboxes to Everyone
 
-See [[setting,acl_anyone]].
+See [[setting,imap_acl_allow_anyone]].
 
 Note that you can also do this only for some users by using the second
 table "`anyone_shares`". Every user listed in this table shares his

diff --git a/docs/core/config/statistics.md b/docs/core/config/statistics.md
@@ -85,7 +85,11 @@ metric imap_command {
 metric login_domains {
   filter = event=auth_request_finished
   fields = user
-  group_by = discrete:%L{domain}
+  group_by user {
+    method discrete {
+      modifier = %{value | domain | lower}
+    }
+  }
 }
 ```
 

diff --git a/docs/core/config/users/virtual.md b/docs/core/config/users/virtual.md
@@ -224,12 +224,10 @@ mail_driver = maildir
 mail_path = /home/%{user | domain}/%{user | username}/Maildir
 
 passdb passwd-file {
-  auth_username_format = %Ln
   passwd_file_path = /home/%{user | domain}/etc/shadow
 }
 
 userdb passwd-file {
-  auth_username_format = %Ln
   passwd_file_path = /home/%{user | domain}/etc/passwd
 }
 ```

diff --git a/docs/core/design/auth_process.md b/docs/core/design/auth_process.md
@@ -305,7 +305,7 @@ when the passdb lookup validity depends only on the username. With
 more complex databases such as SQL and LDAP this is created
 dynamically based on the password query in the configuration file. If
 there are multiple variables, they should be separated so that their
-contents don't get mixed, for example `%{user}<TAB>%r<TAB>%l`.
+contents don't get mixed, for example `%{user}<TAB>%{rmote_ip}<TAB>%{local_ip}`.
 `auth_cache_parse_key()` can be used to easily create a cache key
 from a query string.
 

diff --git a/docs/core/design/mail_user.md b/docs/core/design/mail_user.md
@@ -22,9 +22,6 @@ directly. Some of the most useful things you can do with a user are:
 - `mail_user_home_expand()` expands `~/` at the beginning of given
    path to user's actual home directory.
 
-- `mail_user_plugin_getenv()` returns value for a setting defined in
-  `plugin {}` section.
-
 Typically each new IMAP/POP3/etc. connection creates a single mail user.
 If the same process handles multiple connections for the same user, they
 don't share the same mail_user (especially since each mail_user has a

diff --git a/docs/core/man/include/option-A.inc b/docs/core/man/include/option-A.inc
@@ -9,5 +9,5 @@
 	[[setting,userdb_sql_iterate_query]] setting matches your database layout.
 
 	When using the LDAP userdb module, make sure that the [[setting,userdb_fields]]
-	and [[setting,ldap_iterate_fields]] settings match your LDAP schema.
+	and [[setting,userdb_ldap_iterate_fields]] settings match your LDAP schema.
 	Otherwise [[man,doveadm]] will be unable to iterate over all users.
diff --git a/docs/core/plugins/fts.md b/docs/core/plugins/fts.md
@@ -287,9 +287,9 @@ They are configured through [[setting,language_filters]].
 Example:
 
 ```
-plugin {
-  language_filters = normalizer-icu snowball stopwords
-  language_filters_en = lowercase snowball english-possessive stopwords
+language_filters = normalizer-icu snowball stopwords
+language en {
+  language_filters = lowercase snowball english-possessive stopwords
 }
 ```
 

diff --git a/docs/core/plugins/lazy_expunge.md b/docs/core/plugins/lazy_expunge.md
@@ -73,10 +73,6 @@ acl_driver = vfile
 # Move messages to an .EXPUNGED mailbox
 lazy_expunge_mailbox = .EXPUNGED
 
-plugin {
-  # Define ACL so that user cannot list the .EXPUNGED mailbox
-  acl = vfile:/etc/dovecot/dovecot.acl
-}
 mailbox .EXPUNGED {
   # Expunged messages most likely don't want to be included in quota:
   quota_ignore = yes

diff --git a/docs/core/plugins/push_notification_lua.md b/docs/core/plugins/push_notification_lua.md
@@ -195,9 +195,11 @@ end
 ```lua:line-numbers
 -- To use:
 --
--- plugin {
---   push_notification_driver = lua:file=/home/example/empty.lua
---   push_lua_url = http://push.notification.server/handler
+-- push_notification lua {
+--   lua_file = /home/example/empty.lua
+--   lua_settings {
+--     push_lua_url = http://push.notification.server/handler
+--   }
 -- }
 --
 -- server is sent a POST message to given url with parameters