]>
Commit | Line | Data |
---|---|---|
b0f689e2 | 1 | # Addresses to listen on, can be set to a single IP address. |
48f9fb9c | 2 | # 0 means all IP addresses. |
e93af56d | 3 | # |
b0f689e2 | 4 | # ADDRESS/ADDRESS_SSL can be used to default a specific IP |
5 | # address for every listed port number. | |
6 | ||
48f9fb9c | 7 | ADDRESS=0 |
b0f689e2 | 8 | ADDRESS_SSL=0 |
9 | ||
10 | # Multiple port numbers can be separated by commas. When multiple port | |
11 | # numbers are used it is possibly to select a specific IP address for | |
12 | # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" | |
13 | # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 | |
14 | ||
15 | PORTS=143 | |
16 | PORTS_SSL=993 | |
5287ceef | 17 | |
18 | # Maximum number of IMAP servers started | |
e93af56d | 19 | # |
5287ceef | 20 | MAXDAEMONS=40 |
21 | ||
22 | # Maximum number of connections to accept from the same IP address | |
e93af56d | 23 | # |
5287ceef | 24 | MAXPERIP=4 |
e93af56d | 25 | |
5287ceef | 26 | # Where mail is stored (relative to $HOME) |
e93af56d | 27 | # |
18488c22 | 28 | MAILDIR="Mail/Maildir" |
5287ceef | 29 | |
30 | # Miscellaneous couriertcpd options that shouldn't be changed. | |
e93af56d | 31 | # |
5287ceef | 32 | #TCPDOPTS="-nodnslookup -noidentlookup" |
e93af56d | 33 | |
b0f689e2 | 34 | # IMAP_CAPABILITY specifies what most of the response should be to the |
35 | # CAPABILITY command. | |
36 | # | |
37 | # If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1 | |
38 | # authentication (see INSTALL), set IMAP_CAPABILITY as follows: | |
e93af56d | 39 | # |
b0f689e2 | 40 | # IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1" |
41 | # | |
42 | # Otherwise, leave it set to the default value. The IDLE keyword can also | |
43 | # be added, in experimental mode. | |
44 | # | |
45 | # NOTE: CRAM-SHA1 is considered experimental at this time. | |
e93af56d | 46 | # |
5287ceef | 47 | IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT" |
e93af56d | 48 | |
5287ceef | 49 | # The following setting will advertise SASL PLAIN authentication after |
50 | # STARTTLS is established. If you want to allow SASL PLAIN authentication | |
51 | # with or without TLS then just comment this out, and add AUTH=PLAIN to | |
52 | # IMAP_CAPABILITY | |
e93af56d | 53 | # |
5287ceef | 54 | IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" |
55 | ||
b0f689e2 | 56 | # If you want to try out the IDLE extension, this setting controls how often |
57 | # the server polls for changes to the folder, in IDLE mode (in seconds). | |
58 | # | |
59 | IMAP_IDLE_TIMEOUT=60 | |
60 | ||
5287ceef | 61 | # Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands - |
62 | # server side sorting and threading. | |
e93af56d | 63 | # |
5287ceef | 64 | # Those capabilities will still be advertised, but the server will reject |
65 | # them. Set this option if you want to disable all the extra load from | |
66 | # server-side threading and sorting. Not advertising those capabilities | |
67 | # will simply result in the clients reading the entire folder, and sorting | |
68 | # it on the client side. That will still put some load on the server. | |
69 | # advertising these capabilities, but rejecting the commands, will stop this | |
70 | # silliness. | |
71 | # | |
72 | IMAP_DISABLETHREADSORT=0 | |
73 | ||
74 | # Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new | |
75 | # mail in every folder. Not all IMAP clients use an IMAP's server new mail | |
76 | # indicator, but some do, and normally new mail is checked only in INBOX, | |
77 | # because it is a comparatively time consuming operation, and it would be | |
78 | # a complete waste of time unless mail filters are used to deliver new | |
79 | # mail directly to folders. | |
80 | # | |
81 | # When IMAP clients are used which support new mail indication, and when | |
82 | # mail filters are used to sort incoming mail into folders, setting | |
83 | # IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new | |
84 | # mail in folders. Note that this will result in slightly more load on the | |
85 | # server. | |
86 | # | |
87 | IMAP_CHECK_ALL_FOLDERS=0 | |
e93af56d | 88 | |
5287ceef | 89 | # Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean |
90 | # what \\HasNoChildren really means. | |
e93af56d | 91 | # |
5287ceef | 92 | IMAP_OBSOLETE_CLIENT=0 |
93 | ||
94 | # IMAP_ULIMITD sets the maximum size of the data segment of the server | |
95 | # process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d" | |
96 | # command. The argument to ulimit -d sets the upper limit on the size | |
97 | # of the data segment of the server process, in kilobytes. The default | |
98 | # value of 65536 sets a very generous limit of 64 megabytes, which should | |
99 | # be more than plenty for anyone. | |
e93af56d | 100 | # |
5287ceef | 101 | # This feature is used as an additional safety check that should stop |
102 | # any potential denial-of-service attacks that exploit any kind of | |
103 | # a memory leak to exhaust all the available memory on the server. | |
104 | # It is theoretically possible that obscenely huge folders will also | |
105 | # result in the server running out of memory when doing server-side | |
106 | # sorting (by my calculations you have to have at least 100,000 messages | |
107 | # in a single folder, for that to happen). | |
e93af56d | 108 | # |
5287ceef | 109 | IMAP_ULIMITD=65536 |
110 | ||
111 | # Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP | |
112 | # clients that open multiple connections to the server. I would hope that | |
113 | # most IMAP clients are sane enough not to issue commands to multiple IMAP | |
114 | # channels which conflict with each other. | |
e93af56d | 115 | # |
5287ceef | 116 | IMAP_USELOCKS=0 |
e93af56d | 117 | |
b0f689e2 | 118 | # The following setting is optional, and causes messages from the given |
119 | # folder to be automatically deleted after the given number of days. | |
120 | # IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default | |
121 | # setting, below, purges 7 day old messages from the Trash folder. | |
122 | # Another useful setting would be: | |
e93af56d | 123 | # |
b0f689e2 | 124 | # IMAP_EMPTYTRASH=Trash:7,Sent:30 |
125 | # | |
126 | # This would also delete messages from the Sent folder (presumably copies | |
127 | # of sent mail) after 30 days. This is a global setting that is applied to | |
128 | # every mail account, and is probably useful in a controlled, corporate | |
129 | # environment. | |
130 | # | |
131 | # You might want to disable this setting in certain situations - it results | |
132 | # in a stat() of every file in each folder, at login and logout. | |
133 | # | |
134 | IMAP_EMPTYTRASH=Trash:7 | |
5287ceef | 135 | |
136 | # Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This | |
137 | # effectively allows an undo of message deletion by fishing the deleted | |
138 | # mail from trash. Trash can be manually expunged as usually, and mail | |
139 | # will get automatically expunged from Trash according to IMAP_EMPTYTRASH. | |
e93af56d | 140 | # |
5287ceef | 141 | # NOTE: shared folders are still expunged as usual. Shared folders are |
142 | # not affected. | |
143 | # | |
144 | IMAP_MOVE_EXPUNGE_TO_TRASH=0 | |
145 | ||
146 | # Whether or not to start IMAP over SSL on simap port: | |
147 | # | |
148 | IMAPDSSLSTART=NO | |
149 | ||
150 | # Whether or not to implement IMAP STARTTLS extension instead: | |
151 | # | |
b0f689e2 | 152 | IMAP_STARTTLS=YES |
5287ceef | 153 | |
154 | # Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. | |
155 | # (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS | |
156 | # is issued). | |
157 | # | |
b0f689e2 | 158 | IMAP_TLS_REQUIRED=0 |
159 | ||
160 | # The following variables configure IMAP over SSL. If OpenSSL is available | |
161 | # during configuration, the couriertls helper gets compiled, and upon | |
162 | # installation a dummy TLS_CERTFILE gets generated. courieresmtpd will | |
163 | # automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE | |
164 | # and COURIERTLS exist. | |
165 | # | |
166 | COURIERTLS=/usr/bin/couriertls | |
5287ceef | 167 | |
168 | # TLS_PROTOCOL sets the protocol version. The possible versions are: | |
169 | # | |
170 | # SSL2 - SSLv2 | |
171 | # SSL3 - SSLv3 | |
172 | # TLS1 - TLS1 | |
173 | # | |
174 | TLS_PROTOCOL=SSL3 | |
175 | ||
b0f689e2 | 176 | # TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS |
177 | # extension, as opposed to IMAP over SSL on port 993. | |
178 | # | |
179 | TLS_STARTTLS_PROTOCOL=TLS1 | |
180 | ||
5287ceef | 181 | # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the |
182 | # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST | |
183 | # undefined | |
184 | # | |
185 | #TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" | |
186 | ||
187 | # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair. | |
188 | # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA | |
189 | # you must generate a DH pair that will be used. In most situations the | |
190 | # DH pair is to be treated as confidential, and the file specified by | |
191 | # TLS_DHCERTFILE must not be world-readable. | |
192 | # | |
193 | #TLS_DHCERTFILE= | |
194 | ||
195 | # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS | |
196 | # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually | |
197 | # treated as confidential, and must not be world-readable. | |
198 | # | |
199 | TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem | |
200 | ||
5e6a8c3d | 201 | # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. |
202 | # pathname can be a file or a directory. If a file, the file should | |
203 | # contain a list of trusted certificates, in PEM format. If a | |
204 | # directory, the directory should contain the trusted certificates, | |
205 | # in PEM format, one per file and hashed using OpenSSL's c_rehash | |
206 | # script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying | |
207 | # the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set | |
208 | # to PEER or REQUIREPEER). | |
209 | # | |
210 | # TLS_TRUSTCERTS= | |
5287ceef | 211 | |
212 | # TLS_VERIFYPEER - how to verify peer certificates. The possible values of | |
213 | # this setting are: | |
214 | # | |
215 | # NONE - do not verify anything | |
216 | # | |
217 | # PEER - verify the peer certificate, if one's presented | |
218 | # | |
219 | # REQUIREPEER - require a peer certificate, fail if one's not presented | |
220 | # | |
221 | # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients | |
222 | # will usually set TLS_VERIFYPEER to REQUIREPEER. | |
223 | # | |
224 | TLS_VERIFYPEER=NONE | |
225 | ||
226 | # TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using | |
227 | # TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates | |
228 | # that are not signed by a recognized certificate authority. This allows | |
229 | # clients to simply verify that a server certificate is available. | |
230 | # | |
231 | #TLS_ALLOWSELFSIGNEDCERT=1 | |
232 |