diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf

--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings	2018-02-28 15:28:57.000000000 +0100

+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf	2018-03-01 10:29:38.208368555 +0100

@@ -322,6 +322,7 @@ protocol !indexer-worker {

 # them simultaneously.

 #mbox_read_locks = fcntl

 #mbox_write_locks = dotlock fcntl

+mbox_write_locks = fcntl

 # Maximum time to wait for lock (all of them) before aborting.

 #mbox_lock_timeout = 5 mins

diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf

--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings	2018-02-28 15:28:57.000000000 +0100

+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf	2018-03-01 10:33:54.779499044 +0100

@@ -3,7 +3,9 @@

 ##

 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>

-#ssl = yes

+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps

+# plain imap and pop3 are still allowed for local connections

+ssl = required

 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before

 # dropping root privileges, so keep the key file unreadable by anyone but

@@ -57,6 +59,7 @@ ssl_key = 

 #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH

 # To disable non-EC DH, use:

 #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH

+ssl_cipher_list = PROFILE=SYSTEM

 # Colon separated list of elliptic curves to use. Empty value (the default)

 # means use the defaults from the SSL library. P-521:P-384:P-256 would be an