[perso/Immae/Config/Nix.git] / systems / eldiron / mail / dovecot.nix

{ lib, pkgs, config, ... }:
let
  sieve_bin = pkgs.runCommand "sieve_bin" {
    buildInputs = [ pkgs.makeWrapper ];
  } ''
    cp -a ${./sieve_bin} $out
    chmod -R u+w $out
    patchShebangs $out
    for i in $out/*; do
      wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils ]}
    done
    '';
in
{
  config = lib.mkIf config.myServices.mail.enable {
    myServices.dns.zones."immae.eu".subdomains =
      with config.myServices.dns.helpers;
      {
        imap = ips servers.eldiron.ips.main;
        pop3 = ips servers.eldiron.ips.main;
      };

    myServices.chatonsProperties.services.email = {
      file.datetime = "2022-08-22T01:00:00";
      service = {
        name = "E-mail account";
        description = "Compte e-mail avec configuration imap et smtp/pop3";
        logo = "https://www.dovecot.org/wp-content/uploads/2021/09/favicon.ico";
        website = "https://mail.immae.eu/";
        status.level = "OK";
        status.description = "OK";
        registration."" = ["MEMBER" "CLIENT"];
        registration.load = "OPEN";
        install.type = "PACKAGE";
      };
      software = {
        name = "Dovecot";
        website = "https://www.dovecot.org/";
        license.url = "https://github.com/dovecot/core/blob/main/COPYING";
        license.name = "MIT and LGPLv2.1 Licenses";
        version = pkgs.dovecot.version;
        source.url = "https://github.com/dovecot/core";
        modules = ["roundcube" "rainloop"] ++ map (a: a.pname) config.services.dovecot2.modules;
      };
    };
    systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
    secrets.keys."dovecot/ldap" = {
      user = config.services.dovecot2.user;
      group = config.services.dovecot2.group;
      permissions = "0400";
      text = ''
        hosts = ${config.myEnv.mail.dovecot.ldap.host}
        tls = yes

        dn = ${config.myEnv.mail.dovecot.ldap.dn}
        dnpass = ${config.myEnv.mail.dovecot.ldap.password}

        auth_bind = yes

        ldap_version = 3

        base = ${config.myEnv.mail.dovecot.ldap.base}
        scope = subtree

        pass_filter = ${config.myEnv.mail.dovecot.ldap.filter}
        pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs}

        user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs}
        user_filter = ${config.myEnv.mail.dovecot.ldap.filter}
        iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs}
        iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter}
        '';
    };

    users.users.vhost = {
      group = "vhost";
      uid = config.ids.uids.vhost;
    };
    users.groups.vhost.gid = config.ids.gids.vhost;
    users.users."${config.services.dovecot2.user}".extraGroups = [ "acme" ];

    nixpkgs.overlays = [
      (self: super: {
        dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; };
      })
    ];

    # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
    services.dovecot2 = {
      enable = true;
      enablePAM = false;
      enablePop3 = true;
      enableImap = true;
      enableLmtp = true;
      protocols = [ "sieve" ];
      modules = [
        pkgs.dovecot_pigeonhole
        pkgs.dovecot_fts_xapian
      ];
      mailUser = "vhost";
      mailGroup = "vhost";
      createMailUser = false;
      mailboxes = {
        Trash  = { auto = "subscribe"; specialUse = "Trash"; };
        Junk   = { auto = "subscribe"; specialUse = "Junk"; };
        Sent   = { auto = "subscribe"; specialUse = "Sent"; };
        Drafts = { auto = "subscribe"; specialUse = "Drafts"; };
      };
      mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
      sslServerCert = "/etc/dovecot/fullchain.pem";
      sslServerKey = "/var/lib/acme/mail/key.pem";
      sslCACert = "/etc/dovecot/fullchain.pem";
      extraConfig = builtins.concatStringsSep "\n" [
        # For printer which doesn’t support elliptic curve
        ''
          ssl_alt_cert = </etc/dovecot/fullchain-rsa.pem
          ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
        ''

        ''
          postmaster_address = postmaster@immae.eu
          mail_attribute_dict = file:%h/dovecot-attributes
          imap_idle_notify_interval = 20 mins
          namespace inbox {
            type = private
            separator = /
            inbox = yes
            list = yes
          }
        ''

        # ACL
        ''
          mail_plugins = $mail_plugins acl
          plugin {
            acl = vfile:${pkgs.writeText "dovecot-acl" ''
              Backup/* owner lrp
              ''}
            acl_globals_only = yes
          }
        ''

        # Full text search
        ''
          # needs to be bigger than any mailbox size
          default_vsz_limit = 2GB
          mail_plugins = $mail_plugins fts fts_xapian
          plugin {
            plugin = fts fts_xapian
            fts = xapian
            fts_xapian = partial=2 full=20
            fts_autoindex = yes
            fts_autoindex_exclude = \Junk
            fts_autoindex_exclude2 = \Trash
            fts_autoindex_exclude3 = Virtual/*
          }
        ''

        # Antispam
        # https://docs.iredmail.org/dovecot.imapsieve.html
        ''
        # imap_sieve plugin added below

        plugin {
            sieve_plugins = sieve_imapsieve sieve_extprograms
            imapsieve_url = sieve://127.0.0.1:4190

            sieve_before = file:${./sieve_scripts}/backup.sieve;bindir=/var/lib/vhost/.sieve_bin

            # From elsewhere to Junk folder
            imapsieve_mailbox1_name = Junk
            imapsieve_mailbox1_causes = COPY APPEND
            imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin

            # From Junk folder to elsewhere
            imapsieve_mailbox2_name = *
            imapsieve_mailbox2_from = Junk
            imapsieve_mailbox2_causes = COPY
            imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin

            # From anywhere to NoJunk folder
            imapsieve_mailbox3_name = NoJunk
            imapsieve_mailbox3_causes = COPY APPEND
            imapsieve_mailbox3_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin

            sieve_pipe_bin_dir = ${sieve_bin}

            sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
        }
        ''
        # Services to listen
        ''
        service imap-login {
          inet_listener imap {
          }
          inet_listener imaps {
          }
        }
        service pop3-login {
          inet_listener pop3 {
          }
          inet_listener pop3s {
          }
        }
        service imap {
        }
        service pop3 {
        }
        service auth {
          unix_listener auth-userdb {
          }
          unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
            mode = 0666
          }
        }
        service auth-worker {
        }
        service dict {
          unix_listener dict {
          }
        }
        service stats {
          unix_listener stats-reader {
            user = vhost
            group = vhost
            mode = 0660
          }
          unix_listener stats-writer {
            user = vhost
            group = vhost
            mode = 0660
          }
        }
        ''

        # Authentification
        ''
        first_valid_uid = ${toString config.ids.uids.vhost}
        disable_plaintext_auth = yes
        passdb {
          driver = ldap
          args = ${config.secrets.fullPaths."dovecot/ldap"}
        }
        userdb {
          driver = ldap
          args = ${config.secrets.fullPaths."dovecot/ldap"}
        }
        ''

        # Zlib
        ''
        mail_plugins = $mail_plugins zlib
        plugin {
          zlib_save_level = 6
          zlib_save = gz
        }
        ''

        # Sieve
        ''
        plugin {
          sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
        }
        service managesieve-login {
        }
        service managesieve {
        }
        ''

        # Virtual mailboxes
        ''
        mail_plugins = $mail_plugins virtual
        namespace Virtual {
          prefix = Virtual/
          location = virtual:~/Virtual
        }
        ''

        # Protocol specific configuration
        # Needs to come last if there are mail_plugins entries
        ''
        protocol imap {
          mail_plugins = $mail_plugins imap_sieve imap_acl
        }
        protocol lda {
          mail_plugins = $mail_plugins sieve
        }
        ''
      ];
    };
    networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
    system.activationScripts.dovecot = {
      deps = [ "users" ];
      text  =''
        install -m 0755 -o vhost -g vhost -d /var/lib/vhost
        '';
    };

    services.cron.systemCronJobs = let
      cron_script = pkgs.writeScriptBin "cleanup-imap-folders" ''
        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT FLAGGED BEFORE 8w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Trash NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
        '';
      in
      [
        "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
      ];
    security.acme.certs."mail-rsa" = {
      postRun = ''
        systemctl restart dovecot2.service
      '';
      extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
    };
    security.acme.certs."mail" = {
      postRun = ''
        systemctl restart dovecot2.service
      '';
      extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
    };
    myServices.monitoring.fromMasterActivatedPlugins = [ "imap" "tcp" ];
    myServices.monitoring.fromMasterObjects.service = [
      {
        service_description = "imap connection works";
        host_name = config.hostEnv.fqdn;
        use = "external-service";
        check_command = "check_imap_connection";

        servicegroups = "webstatus-remote-services,webstatus-email";
        _webstatus_name = "IMAP";
        _webstatus_url = "imap.immae.eu";
      }

      {
        service_description = "imap SSL is up to date";
        host_name = config.hostEnv.fqdn;
        use = "external-service";
        check_command = ["check_tcp_ssl" "993"];

        servicegroups = "webstatus-ssl";
        _webstatus_name = "IMAP";
        _webstatus_url = "imap.immae.eu";
      }

    ];
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
a929614f IB	2	let
	3	sieve_bin = pkgs.runCommand "sieve_bin" {
	4	buildInputs = [ pkgs.makeWrapper ];
	5	} ''
	6	cp -a ${./sieve_bin} $out
	7	chmod -R u+w $out
	8	patchShebangs $out
	9	for i in $out/*; do
	10	wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils ]}
	11	done
	12	'';
	13	in
	14	{
8415083e	15	config = lib.mkIf config.myServices.mail.enable {
1a64deeb IB	16	myServices.dns.zones."immae.eu".subdomains =
	17	with config.myServices.dns.helpers;
	18	{
	19	imap = ips servers.eldiron.ips.main;
	20	pop3 = ips servers.eldiron.ips.main;
	21	};
	22
	23	myServices.chatonsProperties.services.email = {
	24	file.datetime = "2022-08-22T01:00:00";
	25	service = {
	26	name = "E-mail account";
	27	description = "Compte e-mail avec configuration imap et smtp/pop3";
	28	logo = "https://www.dovecot.org/wp-content/uploads/2021/09/favicon.ico";
	29	website = "https://mail.immae.eu/";
	30	status.level = "OK";
	31	status.description = "OK";
	32	registration."" = ["MEMBER" "CLIENT"];
	33	registration.load = "OPEN";
	34	install.type = "PACKAGE";
	35	};
	36	software = {
	37	name = "Dovecot";
	38	website = "https://www.dovecot.org/";
	39	license.url = "https://github.com/dovecot/core/blob/main/COPYING";
	40	license.name = "MIT and LGPLv2.1 Licenses";
	41	version = pkgs.dovecot.version;
	42	source.url = "https://github.com/dovecot/core";
	43	modules = ["roundcube" "rainloop"] ++ map (a: a.pname) config.services.dovecot2.modules;
	44	};
	45	};
850adcf4	46	systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
4c4652aa IB	47	secrets.keys."dovecot/ldap" = {
	48	user = config.services.dovecot2.user;
	49	group = config.services.dovecot2.group;
	50	permissions = "0400";
	51	text = ''
	52	hosts = ${config.myEnv.mail.dovecot.ldap.host}
	53	tls = yes
	54
	55	dn = ${config.myEnv.mail.dovecot.ldap.dn}
	56	dnpass = ${config.myEnv.mail.dovecot.ldap.password}
	57
	58	auth_bind = yes
	59
	60	ldap_version = 3
	61
	62	base = ${config.myEnv.mail.dovecot.ldap.base}
	63	scope = subtree
	64
	65	pass_filter = ${config.myEnv.mail.dovecot.ldap.filter}
	66	pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs}
	67
	68	user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs}
	69	user_filter = ${config.myEnv.mail.dovecot.ldap.filter}
	70	iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs}
	71	iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter}
	72	'';
	73	};
8415083e IB	74
	75	users.users.vhost = {
	76	group = "vhost";
	77	uid = config.ids.uids.vhost;
	78	};
	79	users.groups.vhost.gid = config.ids.gids.vhost;
1a64deeb IB	80	users.users."${config.services.dovecot2.user}".extraGroups = [ "acme" ];
	81
	82	nixpkgs.overlays = [
	83	(self: super: {
	84	dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; };
	85	})
	86	];
8415083e IB	87
	88	# https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
	89	services.dovecot2 = {
	90	enable = true;
	91	enablePAM = false;
	92	enablePop3 = true;
	93	enableImap = true;
	94	enableLmtp = true;
	95	protocols = [ "sieve" ];
	96	modules = [
	97	pkgs.dovecot_pigeonhole
1a64deeb	98	pkgs.dovecot_fts_xapian
8415083e IB	99	];
	100	mailUser = "vhost";
	101	mailGroup = "vhost";
	102	createMailUser = false;
2053ddac IB	103	mailboxes = {
	104	Trash = { auto = "subscribe"; specialUse = "Trash"; };
	105	Junk = { auto = "subscribe"; specialUse = "Junk"; };
	106	Sent = { auto = "subscribe"; specialUse = "Sent"; };
	107	Drafts = { auto = "subscribe"; specialUse = "Drafts"; };
	108	};
8415083e	109	mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
1a64deeb	110	sslServerCert = "/etc/dovecot/fullchain.pem";
8415083e	111	sslServerKey = "/var/lib/acme/mail/key.pem";
1a64deeb	112	sslCACert = "/etc/dovecot/fullchain.pem";
8415083e	113	extraConfig = builtins.concatStringsSep "\n" [
5153eb54 IB	114	# For printer which doesn’t support elliptic curve
5153eb54 IB	115	''
1a64deeb	116	ssl_alt_cert = </etc/dovecot/fullchain-rsa.pem
5153eb54 IB	117	ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
	118	''
	119
8415083e IB	120	''
	121	postmaster_address = postmaster@immae.eu
	122	mail_attribute_dict = file:%h/dovecot-attributes
	123	imap_idle_notify_interval = 20 mins
	124	namespace inbox {
	125	type = private
	126	separator = /
	127	inbox = yes
	128	list = yes
	129	}
	130	''
	131
089f5093 IB	132	# ACL
	133	''
	134	mail_plugins = $mail_plugins acl
	135	plugin {
	136	acl = vfile:${pkgs.writeText "dovecot-acl" ''
	137	Backup/* owner lrp
	138	''}
	139	acl_globals_only = yes
	140	}
	141	''
	142
8415083e IB	143	# Full text search
	144	''
	145	# needs to be bigger than any mailbox size
	146	default_vsz_limit = 2GB
	147	mail_plugins = $mail_plugins fts fts_xapian
	148	plugin {
	149	plugin = fts fts_xapian
	150	fts = xapian
	151	fts_xapian = partial=2 full=20
	152	fts_autoindex = yes
	153	fts_autoindex_exclude = \Junk
	154	fts_autoindex_exclude2 = \Trash
	155	fts_autoindex_exclude3 = Virtual/*
	156	}
	157	''
	158
	159	# Antispam
	160	# https://docs.iredmail.org/dovecot.imapsieve.html
	161	''
	162	# imap_sieve plugin added below
	163
a929614f	164	plugin {
8415083e IB	165	sieve_plugins = sieve_imapsieve sieve_extprograms
	166	imapsieve_url = sieve://127.0.0.1:4190
	167
304a7dac	168	sieve_before = file:${./sieve_scripts}/backup.sieve;bindir=/var/lib/vhost/.sieve_bin
089f5093	169
8415083e IB	170	# From elsewhere to Junk folder
	171	imapsieve_mailbox1_name = Junk
	172	imapsieve_mailbox1_causes = COPY APPEND
	173	imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
	174
	175	# From Junk folder to elsewhere
	176	imapsieve_mailbox2_name = *
	177	imapsieve_mailbox2_from = Junk
	178	imapsieve_mailbox2_causes = COPY
	179	imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
	180
95ca3110 IB	181	# From anywhere to NoJunk folder
	182	imapsieve_mailbox3_name = NoJunk
	183	imapsieve_mailbox3_causes = COPY APPEND
	184	imapsieve_mailbox3_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
	185
8415083e IB	186	sieve_pipe_bin_dir = ${sieve_bin}
	187
	188	sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
a929614f	189	}
8415083e IB	190	''
	191	# Services to listen
	192	''
	193	service imap-login {
	194	inet_listener imap {
	195	}
	196	inet_listener imaps {
	197	}
a929614f	198	}
8415083e IB	199	service pop3-login {
	200	inet_listener pop3 {
	201	}
	202	inet_listener pop3s {
	203	}
a929614f	204	}
8415083e	205	service imap {
a929614f	206	}
8415083e	207	service pop3 {
a929614f	208	}
8415083e IB	209	service auth {
	210	unix_listener auth-userdb {
	211	}
	212	unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
	213	mode = 0666
	214	}
a929614f	215	}
8415083e	216	service auth-worker {
a929614f	217	}
8415083e IB	218	service dict {
	219	unix_listener dict {
	220	}
a929614f	221	}
8415083e IB	222	service stats {
	223	unix_listener stats-reader {
	224	user = vhost
	225	group = vhost
	226	mode = 0660
	227	}
	228	unix_listener stats-writer {
	229	user = vhost
	230	group = vhost
	231	mode = 0660
	232	}
a929614f	233	}
8415083e IB	234	''
	235
	236	# Authentification
	237	''
	238	first_valid_uid = ${toString config.ids.uids.vhost}
	239	disable_plaintext_auth = yes
	240	passdb {
	241	driver = ldap
	242	args = ${config.secrets.fullPaths."dovecot/ldap"}
	243	}
	244	userdb {
98f8f4de IB	245	driver = ldap
98f8f4de IB	246	args = ${config.secrets.fullPaths."dovecot/ldap"}
8415083e IB	247	}
8415083e IB	248	''
a929614f	249
8415083e IB	250	# Zlib
	251	''
	252	mail_plugins = $mail_plugins zlib
	253	plugin {
	254	zlib_save_level = 6
	255	zlib_save = gz
	256	}
	257	''
a929614f	258
8415083e IB	259	# Sieve
	260	''
	261	plugin {
	262	sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
	263	}
	264	service managesieve-login {
	265	}
	266	service managesieve {
	267	}
	268	''
	269
	270	# Virtual mailboxes
	271	''
	272	mail_plugins = $mail_plugins virtual
	273	namespace Virtual {
	274	prefix = Virtual/
	275	location = virtual:~/Virtual
	276	}
	277	''
a929614f	278
8415083e IB	279	# Protocol specific configuration
	280	# Needs to come last if there are mail_plugins entries
	281	''
	282	protocol imap {
089f5093	283	mail_plugins = $mail_plugins imap_sieve imap_acl
8415083e IB	284	}
	285	protocol lda {
	286	mail_plugins = $mail_plugins sieve
	287	}
	288	''
	289	];
	290	};
	291	networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
	292	system.activationScripts.dovecot = {
	293	deps = [ "users" ];
	294	text =''
	295	install -m 0755 -o vhost -g vhost -d /var/lib/vhost
	296	'';
	297	};
	298
98f8f4de IB	299	services.cron.systemCronJobs = let
98f8f4de IB	300	cron_script = pkgs.writeScriptBin "cleanup-imap-folders" ''
5dc338f0	301	${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT FLAGGED BEFORE 8w 2>&1 > /dev/null \| grep -v "Mailbox doesn't exist:" \| grep -v "Info: Opening DB"
cecfa2f6 IB	302	${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w 2>&1 > /dev/null \| grep -v "Mailbox doesn't exist:" \| grep -v "Info: Opening DB"
cecfa2f6 IB	303	${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Trash NOT FLAGGED BEFORE 4w 2>&1 > /dev/null \| grep -v "Mailbox doesn't exist:" \| grep -v "Info: Opening DB"
98f8f4de IB	304	'';
	305	in
	306	[
	307	"0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
	308	];
5153eb54 IB	309	security.acme.certs."mail-rsa" = {
	310	postRun = ''
	311	systemctl restart dovecot2.service
	312	'';
1a64deeb	313	extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
5153eb54	314	};
5400b9b6	315	security.acme.certs."mail" = {
8415083e IB	316	postRun = ''
	317	systemctl restart dovecot2.service
	318	'';
1a64deeb	319	extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
a929614f	320	};
1a64deeb IB	321	myServices.monitoring.fromMasterActivatedPlugins = [ "imap" "tcp" ];
	322	myServices.monitoring.fromMasterObjects.service = [
	323	{
	324	service_description = "imap connection works";
	325	host_name = config.hostEnv.fqdn;
	326	use = "external-service";
	327	check_command = "check_imap_connection";
	328
	329	servicegroups = "webstatus-remote-services,webstatus-email";
	330	_webstatus_name = "IMAP";
	331	_webstatus_url = "imap.immae.eu";
	332	}
	333
	334	{
	335	service_description = "imap SSL is up to date";
	336	host_name = config.hostEnv.fqdn;
	337	use = "external-service";
	338	check_command = ["check_tcp_ssl" "993"];
	339
	340	servicegroups = "webstatus-ssl";
	341	_webstatus_name = "IMAP";
	342	_webstatus_url = "imap.immae.eu";
	343	}
	344
	345	];
a929614f IB	346	};
	347	}
	348