This installs a complete mailserver based on a standard install of dovecot and postfix. No patched, no weird stuff, just a couple of configuration files that make it work!
This way there will be no trouble when updating the server unless they change option names in dovecot or postfix.

The specific points on this server:

NO PATCHING of any kind, making updates easy
Everything has to be virtual, so no usernames on the system itself, they reside in database (or AD if needed)
imap/imaps, pop3/pop3s, submission using login and using SSL and TLS
Vacation notice
Mail filters on the server, so we want sieve support
Quota support, enforcement and emails with warnings at certain points warning the user
Login seperate from email address
Multiple domains and email addresses, linked to accounts or forwarded
Possibility to forward an entire domain to another server
Support for CARDDAV
Support for CALDAV (while we are having CARDDAV, might aswell)

All but the last 2 items can be done with the standard packages on the system. For carddav and caldav some custom software will be needed.
Since this software has to be created anyway, we can define the points on this:

RFC compatible, meaning: no strange variations or adaptations support. If the client sticks to rfc, it will work.
Discovery and .well-known support.
Hooked into the database we use for the email server, in particular the accounts used for pop3/imap
Unlimited calendars and addressbooks
Sharing of calendars and addressbooks (so we can have a central address repository or a company calendar for instance)
No limis on items in either the calendar or addressbook

This document is based on freebsd, but i don't see a problem replicating things on any sort of OS short of windows..

All we will need for the email server are 2 services: dovecot and postfix. For storing the data, we will need some sort of database. In this case, we simply use MariaDB since that is natively supported by these 2 services.
First of all, install a clean freebsd system without the ports.
Then install the services needed:

Installation

#portsnap fetch extract
#cd /usr/ports/ports-mgmt/portmaster
#make install clean
#cd /
-- we need to install mariadb first, else either dovecot or postfix will install the mysql client instead of mariadb
#postmaster database/mariadb102-server
-- do the usual setup and finis mariadb installation

#portmaster mail/dovecot2
-- make sure you select MYSQL and VPOPMAIL

#portmaster mail/dovecot2-pigeonhole
-- make sure the MANAGESIEVE option is selected here

#portmaster mail/postfix
-- again, make sure you select MYSQL support. Also, select TLS, anything else is not needed.

For the mailserver, that's all the installation needed.

As stated, we didn't patch the software in any way. So it's all up to the configuration of both services to make things work the way we want them to.
First of all, download the configuration files and the sql to create the database:

On freebsd, you can extract these into /usr/local/etc/dovecot and /usr/local/etc/postfix. Also, we will need a folder to contain the certificates for SSL and TLS:

Configuration

-- we install wget to fetch those tar files..
#portmaster ftp/wget

#adduser
-- add a user called vmail with group vmail, and make sure these have UID and GID 1003!
-- if these are not available, write down the UID and GID, obtainable from /etc/passwd and /etc/groups. We will need them later.

#mkdir -p /datastore/mailstore
#chown -R vmail:vmail /datastore/mailstore

#cd /usr/local/etc

#mkdir certificates

#wget http://www.tec4u.nl/emailserver/dovecot.tar.gz
#tar -xzvf dovecot.tar.gz

#wget http://www.tec4u.nl/emailserver/postfix.tar.gz
#tar -xzvf postfix.tar.gz

-- set up the entire database with one SQL file. Reminder: if you already have this, all data will be killed!
#wget http://www.tec4u.nl/emailserver/database.sql
#mysql -p < database.sql
-- login with the information from the mariadb setup

We need to do some minor changes in the configuration to make sure we are using the correct domains etc.:

Postfix configuration

#nano /usr/local/etc/postfix/main.cf

-- change the following lines and enter YOUR domain:
myhostname 			= mail.domain.tld
smtp_helo_name 	= mail.domain.tld

-- change the line:
mydomain				= mydomain.local
-- mydomain can be anything, but make sure it ends on .local!

-- if your vmail uid and gid isn't 1003, change the lines to the correct value:
virtual_uid_maps = static:1003
virtual_gid_maps = static:1003

-- the current configuration allows for an email to be 50MB maximum. If you want to change this, change the line containing:
message_size_limit = 50000000

-- the current configuration allows for a maximum of 20 email recipients in any email. To change this, change the line:
smtpd_recipient_limit = 20

Postfix configuration

#nano /usr/local/etc/postfix/

-- change the following lines and enter YOUR domain:
myhostname 			= mail.domain.tld
smtp_helo_name 	= mail.domain.tld

-- change the line:
mydomain				= mydomain.local
-- mydomain can be anything, but make sure it ends on .local!

-- if your vmail uid and gid isn't 1002, change the lines to the correct value:
virtual_uid_maps = static:1002
virtual_gid_maps = static:1002

-- the current configuration allows for an email to be 50MB maximum. If you want to change this, change the line containing:
message_size_limit = 50000000

-- the current configuration allows for a maximum of 20 email recipients in any email. To change this, change the line:
smtpd_recipient_limit = 20

Last, we change the file regex_helo_checks. This file has lines that will deny anybody that either uses our IP address or our (primary) domain name when sending the HELO command.
This SHOULD NOT be our name! It SHOULD be the servername that is sending the email. We check at a later point if that name is valid and resolveable.
Open the file with nano and make the changes so it reflects your domain name and IP address..

TODO:

SPF checker
DKIM setup

There isn't much to change in dovecot other than maybe the uid and gid used to deliver mail:

Postfix configuration

#nano /usr/local/etc/dovecot/dovecot.conf
-- look for these lines and change 1003 to the correct uid and gid:
mail_uid = 1003
mail_gid = 1003
first_valid_uid = 1003
first_valid_gid = 1003

-- change the line and fill in your own email address:
postmaster_address = postmaster@domain.tld

-- the quota amount is dictated by the quotadict. This is done by an sql query. if that fails, the standard quota is enforced which is set to 1GB plus a maximum of 100MB for the trash.
-- any spam folder is ignored in quota calculations.
-- to change this, change the lines:

quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+100M
quota_rule3 = Spam:ignore

-- in the current configuration the user will get 2 quota warnings: at 80% and 95% and 1 critical warning at 100%. Also, they will receive a critical message if the mailbox is over 100%
-- to change this, change the lines:
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = storage=100%% quota-critical %u
quota_warning4 = -storage=100%% quota-warning below %u

To send the quota warnings 2 files are used. Edit these files and change domain.tld to your domain!

Postfix configuration

#nano /usr/local/etc/dovecot/quota-warning.sh
-- edit the file and change the sender email address. Make any changes you like, even html email is possible. Store it after you are done

#nano /usr/local/etc/dovecot/quota-critical.sh
-- edit the file and change the sender email address. Make any changes you like, even html email is possible. Store it after you are done

To make TLS and SSL work, we will need certificates. If you can, get valid ones from a provider! If you don't, you can make self-signed ones:

Postfix certificates

#cd /usr/local/etc/certificates/
-- enter the following commands, make sure you enter the correct infomation!
-- especially the YOUR name, which should be your full server name as is found in DNS.
#openssl genrsa -des3 -out postfix.key.pass
#openssl req -new -key postfix.key.pass -out postfix.csr
#openssl x509 -req -days 3650 -in postfix.csr -signkey postfix.key.pass -out postfix.crt
#openssl rsa -in postfix.key.pass -out postfix.key.nopass
#mv postfix.key.nopass postfix.key
#openssl req -new -x509 -extensions v3_ca -keyout postfix.cakey.pem -out postfix.cacert.pem -days 3650

For dovecot we need a certificate also to use imaps and/or pop3s:

Dovecot certificates

#cd /usr/local/etc/certificates/
-- enter the following commands, make sure you enter the correct infomation!
-- especially the YOUR name, which should be your full server name as is found in DNS.
openssl req -new -x509 -nodes -keyout dovecot.key -out dovecot.crt -days 365
openssl x509 -subject -fingerprint -noout -in dovecot.crt

The database can become quite complicated, so i made a front-end for it. Granted, the code can be way better, so excuse the mess here and there.
Most important part is: it works, and you can drag and drop even!

To use it, we will need 3 things: the apache webserver, perl with a couple of modules and some software
We are still asuming a clean system, no previous install of apache etc. If there is, just create a folder for the manager and put the software in that, making sure you are allowed to use the .htaccess file and overrule the ExecCGI option. Skip any apache related stuff then.

(please check the todo list at the bottom of this panel!)

Install manager

#portmaster www/apache24
-- just use the standard config
		
-- perl itself was installed with the postfix and dovecot install, so no need to re-install.
-- we do need some modules though..
#cpan DBD-mysql
#cpan CGI
#cpan File::Copy
#cpan Data::Dumper
#cpan Encode
#cpan HTML::Entities

-- we create a folder for the document root
#mkdir -p /www/hostconfig
#mkdir -p /www/sites/myhost/htdocs
#mkdir -p /www/sites/myhost/logs
#chown -R www:www /www/sites/myhost
#cd /www/sites/myhost/htdocs
#wget http://www.tec4u.nl/emailserver/manager.tar.gz
#tar -xzvf manager.tar.gz
#mv manager/htaccess manager/.htaccess
#touch index.html

After this, you ended up with everything needed, except for the apache configuration:

Apache configuration

#nano /usr/local/etc/apache24/httpd.conf
-- enable the modules: ssl_module, rewrite_module
-- add as the last line in this file:
Include /www/hostconfig/*.active		
-- save and close the file

#nano /www/hostconfig/default.active

-- enter the following in this file. Please note: it is a basic configuration! 
-- you might change Options and AllowOverride to something else than All, but this will work.
-- change any domain.tld entries in your domain or ip address

<VirtualHost *>
	Servername domain.tld
	Redirect permanent / https://domain.tld/
</VirtualHost>

<VirtualHost *:443>
	ServerName domain.tld
	DocumentRoot /www/sites/myhost/htdocs
	Errorlog /www/myhost/logs/error.log
	CustomLog /www/myhost/logs/transfer.log combined
</VirtualHost>
<Directory "/www/sites/myhost/htdocs">
        AllowOverride All
        Options All
        Order allow,deny
        Allow from all
        require all granted
</Directory>

-- save it and close it

-- start apache:
#service apache start
-- or
#apachectl start

If all is well, apache should now be running. Open up a browser and enter the url: http://<your domain or ip>/manager
you should see a login screen. The default username and password is admin/password.
Once logged in, enter at least 1 domain to accept mail for, and set it mail enabled.
After this, create at least one email address on the entered domain, and you are set for testing!!

If everything seems ok, you can add as many pop3 accounts, domains and email adresses as needed.

TODO

Code cleanup, it's a mess in some places
I have to finish up so i can post a tarball with the manager software
enable some sort of user panel so any pop3 user can manage their account
enable a manager for sharing contacts and calendars

If you are like me, you either have a seperate firewall in front of your server or one at least on-board!
make sure the following ports are open to the world:

pop3: 110 and 995
imap: 143 and 993
smtp: 25
submission: 587

In freebsd there is the easy firewall ipfw. It only takes one line to accomplish this:

Apache configuration

#ipfw add 1000 allow tcp from any to any 25,110,143,587,993,995

After creating at lease one pop3 account, you can enter an account in your email client. This can be outlook, thunderbird, your phone, pad, etc.
The most important settings for a new account:

Incoming server
- Servername: your servername or ip address
- Server type: IMAP (you can use pop3, but i prefer imap)
- use SSL/TLS or starttls
- port number: 993 (usually this will be automatic when selecting SSL, 143 if you use starttls)
- username and password as entered in the pop3 account
- use encrypted passwords
Outgoing mailserver
- Servername: your servername or ip address
- use STARTTLS
- server port: 587 (if not selected automatically)
- use logging in for sending, using the same username/password as for the incoming server
- use password encryption

Sieve (server side email scripts) is supported in this setup as is!
All you need is a sieve rule editor to make the script and activate it.
Editing these rules is very easy if you use the email client: thunderbird
There is a nice extension for it called (how else: sieve). But do NOT install the latest version (0.2.8 at the time of writing). It will crash.
Instead, i have found a working version: 0.2.5, which you can download here, sieve-0.2.3k
Download and save it, then install it in thunderbird
After installation, you will see a new option in the dropdown bar menu, under message filters: Sieve message filters. (Or, hit the alt key, and find it under the 'tools' menu)
it's worth reading up on sieve rules (for instance on the page https://p5r.uk/blog/2011/sieve-tutorial.html, but the interface has a nice drag and drop way of creating your rules.

There are actually 2 ways of setting a vacation notice!

using the manager (pop3 accounts)
using sieve

If you use the manager, you can enter it on any pop3 account and enable it. The script that handles the vacation notice will take care of the rest, including not sending any recipient the vacation notice more than once!

If you use the sieve option: it is included in the sieve extension in thunderbird.

These services got installed when the manager was installed, it is part of the code!
So there is nothing to do as far as configuration goes..

To use it: use login/password login with the url: https://domain.tld/manager/dav/ (don't forget the trailing /!) as the basic url for it.
Any caldav/carddav client that can handle discovery will accept and use it.

I tested it with:

IOS on ipad and iphone, using the built in caldav/carddav accounts
andriod, using davdroid synchronisation tool
infcloud client. Not the prettiest thing ever, but it works with calendars and contacts.

I am still trying to get lightning to work, but that seems to have some issues still.

If you need the url's for your calendars and/or contactlists (for instance for lighting, which doesn't do discovery....), you can simply enter https://your domain/manager/dav/mystuff in your browser. Log in with your pop3 account, and it will show you an XML response listing all your calendars and contact lists.

TODO

Look into lighting why it's not fetching the items from the caldav service.