From b2a5a80e12c8038994ed87309e07098816fcb920 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Mon, 28 Aug 2023 11:56:25 +0200
Subject: [PATCH] Ensure that dovecot doesn't bind v6 if not required

---
 core/dovecot/conf/dovecot.conf      | 5 +++++
 core/nginx/dovecot/proxy.conf       | 6 ++++++
 towncrier/newsfragments/2906.bugfix | 1 +
 3 files changed, 12 insertions(+)

diff --git a/core/dovecot/conf/dovecot.conf b/core/dovecot/conf/dovecot.conf
index 35280d21..7b00bee1 100644
--- a/core/dovecot/conf/dovecot.conf
+++ b/core/dovecot/conf/dovecot.conf
@@ -6,6 +6,11 @@ protocols = imap pop3 lmtp sieve
 postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
 hostname = {{ HOSTNAMES.split(",")[0] }}
 submission_host = {{ FRONT_ADDRESS }}
+{%- if SUBNET6 -%}
+listen = *,::
+{%- else -%}
+listen = *
+{%- endif %}
 
 default_internal_user = dovecot
 default_login_user = mail
diff --git a/core/nginx/dovecot/proxy.conf b/core/nginx/dovecot/proxy.conf
index 4ab54005..e9e605d7 100644
--- a/core/nginx/dovecot/proxy.conf
+++ b/core/nginx/dovecot/proxy.conf
@@ -21,6 +21,12 @@ imap_urlauth_host=
 lmtp_proxy = yes
 lmtp_client_workarounds = whitespace-before-path mailbox-for-path
 
+{%- if SUBNET6 -%}
+listen = *,::
+{%- else -%}
+listen = *
+{%- endif %}
+
 default_internal_user = dovecot
 default_login_user = mail
 default_internal_group = dovecot
diff --git a/towncrier/newsfragments/2906.bugfix b/towncrier/newsfragments/2906.bugfix
index 18b506b0..a4b5c18f 100644
--- a/towncrier/newsfragments/2906.bugfix
+++ b/towncrier/newsfragments/2906.bugfix
@@ -1,2 +1,3 @@
 Switch the admin container from port 80 to port 8080. This should solve issues related to capabilities not working as expected
 Document that systemd-resolve may need to be configured to validate DNSSEC
+Ensure that dovecot is not attempting to bind a v6 socket if SUBNET6 is not configured