Adapted from https://gist.github.com/barryo/8918488:

dovecot-sql.conf.ext SQL queries

PostgreSQL query for password:

password_query = SELECT username as user, password as password, \
        homedir AS userdb_home, maildir AS userdb_mail, \
        concat('*:bytes=', quota) as userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid \
    FROM mailbox \
    WHERE username = '%Lu' AND active = '1' \
          AND ( access_restriction = 'ALL' OR POSITION( '%Us' IN access_restriction ) > 0 )

The MySQL user query can be used as is:

user_query = SELECT homedir AS home, maildir AS mail, \
        concat('*:bytes=', quota) as quota_rule, uid, gid \
    FROM mailbox WHERE username = '%u'

Also, we need to declare Dovecot ports at https://netbox.nasqueron.org/virtualization/virtual-machines/10/ services table (on the public IP)

An example of custom port build: https://devcentral.nasqueron.org/source/operations/browse/main/roles/dbserver-pgsql/server/build.sls

We also need a monitoring script to detect those cases:

Oct 7 00:47:06 hervil dovecot[28342]: imap-login: Fatal: Dovecot version mismatch: Master is v2.3.21, imap-login is v2.3.21.1 (if you don't care, set version_ignore=yes)
Oct 7 00:51:02 hervil dovecot[28342]: pop3-login: Fatal: Dovecot version mismatch: Master is v2.3.21, pop3-login is v2.3.21.1 (if you don't care, set version_ignore=yes)

(And to answer the note in the log message, I guess yes we care as if they log that, those should be kept in sync).

We'll see that scenario each time we update Dovecot, and before the restart.

Monitoring could be as simple as:`

tail -n100 /var/log/mail... | grep -q "Dovecot version mismatch" && echo "Dovecot versions don't match" 1>&2 && exit 2