--- a/doc/example-config/conf.d/10-mail.conf
+++ b/doc/example-config/conf.d/10-mail.conf
@@ -208,10 +208,10 @@
 
 # UNIX socket path to master authentication server to find users.
 # This is used by imap (for shared users) and lda.
-#auth_socket_path = /var/run/dovecot/auth-userdb
+#auth_socket_path = /run/dovecot/auth-userdb
 
 # Directory where to look up mail plugins.
-#mail_plugin_dir = /usr/lib/dovecot
+#mail_plugin_dir = /usr/lib/dovecot/modules
 
 # Space separated list of plugins to load for all services. Plugins specific to
 # IMAP, LDA, etc. are added to this list in their own .conf files.
@@ -322,6 +322,7 @@ protocol !indexer-worker {
 # them simultaneously.
 #mbox_read_locks = fcntl
 #mbox_write_locks = dotlock fcntl
+mbox_write_locks = fcntl
 
 # Maximum time to wait for lock (all of them) before aborting.
 #mbox_lock_timeout = 5 mins
--- a/doc/example-config/conf.d/10-ssl.conf
+++ b/doc/example-config/conf.d/10-ssl.conf
@@ -3,7 +3,10 @@
 ##
 
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-#ssl = yes
+# Disable plain (unencrypted) POP3 and IMAP, allowed are only POP3+TLS,
+# POP3S, IMAP+TLS and IMAPS.
+# Plain IMAP and POP3 are still allowed for local connections.
+ssl = required
 
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
@@ -67,7 +67,7 @@
 #ssl_curve_list =
 
 # Prefer the server's order of ciphers over client's.
-#ssl_prefer_server_ciphers = no
+ssl_prefer_server_ciphers = yes
 
 # SSL crypto device to use, for valid values run "openssl engine"
 #ssl_crypto_device =