From f4c7453675df6d8a3d4344853d3e2df0d8ec3c82 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Thu, 21 Aug 2025 23:38:55 +0200
Subject: [PATCH] install_update_dovecot-2.4.sh: add parameter
 'maildir_broken_filename_sizes = yes' and 'auth_allow_weak_schemes = yes'.

---
 install_update_dovecot-2.4.sh | 53 +++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/install_update_dovecot-2.4.sh b/install_update_dovecot-2.4.sh
index 32f4858..e3a353c 100755
--- a/install_update_dovecot-2.4.sh
+++ b/install_update_dovecot-2.4.sh
@@ -5150,6 +5150,8 @@ if [[ $dovecot_major_version -gt 2 ]] \
    #
    #     mailbox_list_index
    #
+   #     maildir_broken_filename_sizes = 
+   #
    echononl "   Adjusting base configurations ($(basename "${_conf_file}")).."
    :> "${log_file}"
 
@@ -5366,6 +5368,31 @@ EOF
 mailbox_list_index = yes
 EOF
 
+   fi
+
+
+   if grep -qE '^\s*maildir_broken_filename_sizes\s*=' "${_conf_file}" ; then
+      replace_variable \
+         "maildir_broken_filename_sizes" \
+         "yes" \
+         "${_conf_file}"  >> "${log_file}" 2>&1
+
+      if [[ $? -gt 0 ]] ; then
+         _failed=true
+      fi
+
+   else
+      cat <<EOF >> "${_conf_file}" || _failed=true
+
+# maildir_broken_filename_sizes
+#
+# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
+# getting the mail's physical size, except when recalculating Maildir++ quota.
+# This can be useful in systems where a lot of the Maildir filenames have a
+# broken size. The performance hit for enabling this is very small.
+#maildir_broken_filename_sizes = no
+maildir_broken_filename_sizes = yes
+EOF
 
    fi
 
@@ -6169,6 +6196,7 @@ if [[ $dovecot_major_version -gt 2 ]] \
    #  edit /usr/local/dovecot/etc/dovecot/conf.d/10-auth.conf
    #
    #     auth_allow_cleartext = no
+   #     auth_allow_weak_schemes = ys
    #     auth_username_translation = "%@"
    #     auth_mechanisms = $auth_mechanisms
    #     !include auth-sql.conf.ext          # !! comment all other includes
@@ -6189,6 +6217,31 @@ auth_allow_cleartext = no
 EOF
    fi
 
+   if grep -qE "^\s*auth_allow_weak_schemes\s*=" "${_conf_file}"; then
+
+      replace_variable "auth_allow_weak_schemes" "yes" "${_conf_file}" || _failed=true
+
+   else
+      cat <<'EOF' >> "${_conf_file}" || _failed=true
+
+# auth_allow_weak_schemes
+#
+#     Default  no
+#     Value    boolean
+#     Changes  Added: 2.4.0
+#
+# Controls whether password schemes marked as weak are allowed to be used. See
+# Password Schemes for disabled by default schemes.
+#
+# If enabled, will emit warning to logs. If a disabled scheme is used, an error
+# is logged.
+#
+# Notably, any explicitly cleartext schemes (such as PLAIN), CRAM-MD5, and
+# DIGEST-MD5 are not affected by this setting.
+auth_allow_weak_schemes = yes
+EOF
+   fi
+
    if grep -qE "^\s*auth_username_translation\s*=" "${_conf_file}"; then
 
       replace_variable "auth_username_translation" "%@" "${_conf_file}" || _failed=true