]>
Commit | Line | Data |
---|---|---|
a0c812d1 | 1 | # Maximum number of POP3 servers started |
2 | # | |
3 | MAXDAEMONS=40 | |
4 | ||
5 | # Maximum number of connections to accept from the same IP address | |
6 | # | |
7 | MAXPERIP=4 | |
8 | ||
9 | # Where mail is stored (relative to $HOME) | |
10 | # | |
11 | MAILDIR="Maildir" | |
12 | ||
13 | # To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH | |
14 | # variable: | |
15 | # | |
16 | #POP3AUTH="LOGIN" | |
17 | ||
18 | # To also advertise SASL PLAIN if SSL is enabled, uncomment the | |
19 | # POP3AUTH_TLS environment variable: | |
20 | # | |
21 | #POP3AUTH_TLS="LOGIN PLAIN" | |
22 | ||
23 | # IP address to listen on. 0 means all IP addresses. | |
24 | # | |
48f9fb9c | 25 | ADDRESS=0 |
a0c812d1 | 26 | |
27 | # Other couriertcpd(1) options. The following defaults should be fine. | |
28 | # | |
29 | #TCPDOPTS="-nodnslookup -noidentlookup" | |
30 | ||
31 | POP3DSSLSTART=yes | |
32 | ||
33 | # TLS_PROTOCOL sets the protocol version. The possible versions are: | |
34 | # | |
35 | # SSL2 - SSLv2 | |
36 | # SSL3 - SSLv3 | |
37 | # TLS1 - TLS1 | |
38 | # | |
39 | TLS_PROTOCOL=SSL3 | |
40 | ||
41 | # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the | |
42 | # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST | |
43 | # undefined | |
44 | # | |
45 | #TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" | |
46 | ||
47 | # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair. | |
48 | # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA | |
49 | # you must generate a DH pair that will be used. In most situations the | |
50 | # DH pair is to be treated as confidential, and the file specified by | |
51 | # TLS_DHCERTFILE must not be world-readable. | |
52 | # | |
53 | #TLS_DHCERTFILE= | |
54 | ||
55 | # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS | |
56 | # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually | |
57 | # treated as confidential, and must not be world-readable. | |
58 | # | |
59 | TLS_CERTFILE=/var/lib/openssl/certs/pop3d.pem | |
60 | ||
61 | # TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer | |
62 | # certificates are signed by a specific certificate authority, set | |
63 | # TLS_OURCACERT to the name of the file containing the certificate authority | |
64 | # root key, and set TLS_PEERCERTDIR to the name of the directory containing | |
65 | # the allowed certificates. | |
66 | # | |
67 | #TLS_PEERCERTDIR= | |
68 | #TLS_OURCACERT= | |
69 | ||
70 | # TLS_VERIFYPEER - how to verify peer certificates. The possible values of | |
71 | # this setting are: | |
72 | # | |
73 | # NONE - do not verify anything | |
74 | # | |
75 | # PEER - verify the peer certificate, if one's presented | |
76 | # | |
77 | # REQUIREPEER - require a peer certificate, fail if one's not presented | |
78 | # | |
79 | # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients | |
80 | # will usually set TLS_VERIFYPEER to REQUIREPEER. | |
81 | # | |
82 | TLS_VERIFYPEER=NONE | |
83 | ||
84 | # TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using | |
85 | # TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates | |
86 | # that are not signed by a recognized certificate authority. This allows | |
87 | # clients to simply verify that a server certificate is available. | |
88 | # | |
89 | #TLS_ALLOWSELFSIGNEDCERT=1 | |
90 |