-# $Revision$
+# Addresses to listen on, can be set to a single IP address.
+# 0 means all IP addresses.
#
-# Address to listen on, can be set to a single IP address.
+# ADDRESS/ADDRESS_SSL can be used to default a specific IP
+# address for every listed port number.
+
+ADDRESS=0
+ADDRESS_SSL=0
+
+# Multiple port numbers can be separated by commas. When multiple port
+# numbers are used it is possibly to select a specific IP address for
+# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
+# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+
+PORTS=143
+PORTS_SSL=993
+
+# Maximum number of IMAP servers started
#
-# Example: ADDRESS=127.0.0.1
+MAXDAEMONS=40
+
+# Maximum number of connections to accept from the same IP address
#
-ADDRESS=0
+MAXPERIP=4
+# Where mail is stored (relative to $HOME)
#
-# You better have a good reason for changing the port
+MAILDIR="Mail/Maildir"
+
+# Miscellaneous couriertcpd options that shouldn't be changed.
#
-PORT=143
+#TCPDOPTS="-nodnslookup -noidentlookup"
+# IMAP_CAPABILITY specifies what most of the response should be to the
+# CAPABILITY command.
#
-# Maximum number of IMAP servers started
+# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
+# authentication (see INSTALL), set IMAP_CAPABILITY as follows:
#
-MAXDAEMONS=40
+# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1"
+#
+# Otherwise, leave it set to the default value. The IDLE keyword can also
+# be added, in experimental mode.
+#
+# NOTE: CRAM-SHA1 is considered experimental at this time.
+#
+IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"
+
+# The following setting will advertise SASL PLAIN authentication after
+# STARTTLS is established. If you want to allow SASL PLAIN authentication
+# with or without TLS then just comment this out, and add AUTH=PLAIN to
+# IMAP_CAPABILITY
+#
+IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
+
+# If you want to try out the IDLE extension, this setting controls how often
+# the server polls for changes to the folder, in IDLE mode (in seconds).
+#
+IMAP_IDLE_TIMEOUT=60
+# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
+# server side sorting and threading.
#
-# Maximum number of connections to accept from the same IP address
+# Those capabilities will still be advertised, but the server will reject
+# them. Set this option if you want to disable all the extra load from
+# server-side threading and sorting. Not advertising those capabilities
+# will simply result in the clients reading the entire folder, and sorting
+# it on the client side. That will still put some load on the server.
+# advertising these capabilities, but rejecting the commands, will stop this
+# silliness.
#
-MAXPERIP=4
+IMAP_DISABLETHREADSORT=0
+# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
+# mail in every folder. Not all IMAP clients use an IMAP's server new mail
+# indicator, but some do, and normally new mail is checked only in INBOX,
+# because it is a comparatively time consuming operation, and it would be
+# a complete waste of time unless mail filters are used to deliver new
+# mail directly to folders.
#
-# Authentication modules. Here's the default list:
+# When IMAP clients are used which support new mail indication, and when
+# mail filters are used to sort incoming mail into folders, setting
+# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
+# mail in folders. Note that this will result in slightly more load on the
+# server.
#
-# authpam authuserdb authvchkpw
+IMAP_CHECK_ALL_FOLDERS=0
+
+# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
+# what \\HasNoChildren really means.
+#
+IMAP_OBSOLETE_CLIENT=0
+
+# IMAP_ULIMITD sets the maximum size of the data segment of the server
+# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
+# command. The argument to ulimit -d sets the upper limit on the size
+# of the data segment of the server process, in kilobytes. The default
+# value of 65536 sets a very generous limit of 64 megabytes, which should
+# be more than plenty for anyone.
#
-# The default is set during the initial configuration.
+# This feature is used as an additional safety check that should stop
+# any potential denial-of-service attacks that exploit any kind of
+# a memory leak to exhaust all the available memory on the server.
+# It is theoretically possible that obscenely huge folders will also
+# result in the server running out of memory when doing server-side
+# sorting (by my calculations you have to have at least 100,000 messages
+# in a single folder, for that to happen).
#
-AUTHMODULES="authpam authuserdb authvchkpw"
+IMAP_ULIMITD=65536
+# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
+# clients that open multiple connections to the server. I would hope that
+# most IMAP clients are sane enough not to issue commands to multiple IMAP
+# channels which conflict with each other.
#
-# Courier supports only Mailbox in QMAIL Maildir Format
+IMAP_USELOCKS=0
+
+# The following setting is optional, and causes messages from the given
+# folder to be automatically deleted after the given number of days.
+# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default
+# setting, below, purges 7 day old messages from the Trash folder.
+# Another useful setting would be:
#
-MAILDIR="Maildir"
+# IMAP_EMPTYTRASH=Trash:7,Sent:30
+#
+# This would also delete messages from the Sent folder (presumably copies
+# of sent mail) after 30 days. This is a global setting that is applied to
+# every mail account, and is probably useful in a controlled, corporate
+# environment.
+#
+# You might want to disable this setting in certain situations - it results
+# in a stat() of every file in each folder, at login and logout.
+#
+IMAP_EMPTYTRASH=Trash:7
+
+# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
+# effectively allows an undo of message deletion by fishing the deleted
+# mail from trash. Trash can be manually expunged as usually, and mail
+# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
+#
+# NOTE: shared folders are still expunged as usual. Shared folders are
+# not affected.
+#
+IMAP_MOVE_EXPUNGE_TO_TRASH=0
+
+# Whether or not to start IMAP over SSL on simap port:
+#
+IMAPDSSLSTART=NO
+
+# Whether or not to implement IMAP STARTTLS extension instead:
+#
+IMAP_STARTTLS=YES
+
+# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
+# is issued).
+#
+IMAP_TLS_REQUIRED=0
+
+# The following variables configure IMAP over SSL. If OpenSSL is available
+# during configuration, the couriertls helper gets compiled, and upon
+# installation a dummy TLS_CERTFILE gets generated. courieresmtpd will
+# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
+# and COURIERTLS exist.
+#
+COURIERTLS=/usr/bin/couriertls
+
+# TLS_PROTOCOL sets the protocol version. The possible versions are:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# TLS1 - TLS1
+#
+TLS_PROTOCOL=SSL3
+
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
+#
+TLS_STARTTLS_PROTOCOL=TLS1
+
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+
+# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used. In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+#TLS_DHCERTFILE=
+
+# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable.
+#
+TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem
+
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+# TLS_TRUSTCERTS=
+
+# TLS_VERIFYPEER - how to verify peer certificates. The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the peer certificate, if one's presented
+#
+# REQUIREPEER - require a peer certificate, fail if one's not presented
+#
+# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
+# will usually set TLS_VERIFYPEER to REQUIREPEER.
+#
+TLS_VERIFYPEER=NONE
+
+# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
+# TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
+# that are not signed by a recognized certificate authority. This allows
+# clients to simply verify that a server certificate is available.
+#
+#TLS_ALLOWSELFSIGNEDCERT=1
+
projects / packages / courier-imap.git / blobdiff