diff -up dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf
--- dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf.default-settings 2013-04-23 12:33:55.000000000 +0200
+++ dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf 2016-06-17 17:56:17.353210369 +0200
@@ -165,7 +165,7 @@ namespace inbox {
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
-#first_valid_uid = 500
+first_valid_uid = 1000
#last_valid_uid = 0
# Valid GID range for users, defaults to non-root/wheel. Users having
@@ -286,6 +286,7 @@ namespace inbox {
# them simultaneously.
#mbox_read_locks = fcntl
#mbox_write_locks = dotlock fcntl
+mbox_write_locks = fcntl
# Maximum time to wait for lock (all of them) before aborting.
#mbox_lock_timeout = 5 mins
diff -up dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf
--- dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf.default-settings 2013-11-19 21:36:30.000000000 +0100
+++ dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf 2016-06-17 17:54:18.749626750 +0200
@@ -3,7 +3,9 @@
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-#ssl = yes
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
+# plain imap and pop3 are still allowed for local connections
+ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but