[packages/courier-imap.git] / courier-imap-pop3.sysconfig

# Maximum number of POP3 servers started
#
MAXDAEMONS=40

# Maximum number of connections to accept from the same IP address
#
MAXPERIP=4

# Where mail is stored (relative to $HOME)
#
MAILDIR="Maildir"

# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
# variable:
#
#POP3AUTH="LOGIN"

# To also advertise SASL PLAIN if SSL is enabled, uncomment the
# POP3AUTH_TLS environment variable:
#
#POP3AUTH_TLS="LOGIN PLAIN"

# IP address to listen on.  0 means all IP addresses.
#
ADDRESS=0

# Other couriertcpd(1) options.  The following defaults should be fine.
#
#TCPDOPTS="-nodnslookup -noidentlookup"

POP3DSSLSTART=yes

# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# SSL2 - SSLv2
# SSL3 - SSLv3
# TLS1 - TLS1
#
TLS_PROTOCOL=SSL3

# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"

# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
# you must generate a DH pair that will be used.  In most situations the
# DH pair is to be treated as confidential, and the file specified by
# TLS_DHCERTFILE must not be world-readable.
#
#TLS_DHCERTFILE=

# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/var/lib/openssl/certs/pop3d.pem

# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
# certificates are signed by a specific certificate authority, set
# TLS_OURCACERT to the name of the file containing the certificate authority
# root key, and set TLS_PEERCERTDIR to the name of the directory containing
# the allowed certificates.
#
#TLS_PEERCERTDIR=
#TLS_OURCACERT=

# TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
# this setting are:
#
# NONE - do not verify anything
#
# PEER - verify the peer certificate, if one's presented
#
# REQUIREPEER - require a peer certificate, fail if one's not presented
#
# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
# will usually set TLS_VERIFYPEER to REQUIREPEER.
#
TLS_VERIFYPEER=NONE

# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
# TLS_VERIFYPEER=NONE.  TLS_ALLOWSELFSIGNEDCERT ignores server certificates
# that are not signed by a recognized certificate authority.  This allows
# clients to simply verify that a server certificate is available.
#
#TLS_ALLOWSELFSIGNEDCERT=1
Commit	Line	Data
a0c812d1	1	# Maximum number of POP3 servers started
	2	#
	3	MAXDAEMONS=40
	4
	5	# Maximum number of connections to accept from the same IP address
	6	#
	7	MAXPERIP=4
	8
	9	# Where mail is stored (relative to $HOME)
	10	#
	11	MAILDIR="Maildir"
	12
	13	# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
	14	# variable:
	15	#
	16	#POP3AUTH="LOGIN"
	17
	18	# To also advertise SASL PLAIN if SSL is enabled, uncomment the
	19	# POP3AUTH_TLS environment variable:
	20	#
	21	#POP3AUTH_TLS="LOGIN PLAIN"
	22
	23	# IP address to listen on. 0 means all IP addresses.
	24	#
48f9fb9c	25	ADDRESS=0
a0c812d1	26
	27	# Other couriertcpd(1) options. The following defaults should be fine.
	28	#
	29	#TCPDOPTS="-nodnslookup -noidentlookup"
	30
	31	POP3DSSLSTART=yes
	32
	33	# TLS_PROTOCOL sets the protocol version. The possible versions are:
	34	#
	35	# SSL2 - SSLv2
	36	# SSL3 - SSLv3
	37	# TLS1 - TLS1
	38	#
	39	TLS_PROTOCOL=SSL3
	40
	41	# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
	42	# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
	43	# undefined
	44	#
	45	#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
	46
	47	# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
	48	# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
	49	# you must generate a DH pair that will be used. In most situations the
	50	# DH pair is to be treated as confidential, and the file specified by
	51	# TLS_DHCERTFILE must not be world-readable.
	52	#
	53	#TLS_DHCERTFILE=
	54
	55	# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
	56	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	57	# treated as confidential, and must not be world-readable.
	58	#
	59	TLS_CERTFILE=/var/lib/openssl/certs/pop3d.pem
	60
	61	# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
	62	# certificates are signed by a specific certificate authority, set
	63	# TLS_OURCACERT to the name of the file containing the certificate authority
	64	# root key, and set TLS_PEERCERTDIR to the name of the directory containing
	65	# the allowed certificates.
	66	#
	67	#TLS_PEERCERTDIR=
	68	#TLS_OURCACERT=
	69
	70	# TLS_VERIFYPEER - how to verify peer certificates. The possible values of
	71	# this setting are:
	72	#
	73	# NONE - do not verify anything
	74	#
	75	# PEER - verify the peer certificate, if one's presented
	76	#
	77	# REQUIREPEER - require a peer certificate, fail if one's not presented
	78	#
	79	# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
	80	# will usually set TLS_VERIFYPEER to REQUIREPEER.
	81	#
	82	TLS_VERIFYPEER=NONE
	83
	84	# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
	85	# TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
	86	# that are not signed by a recognized certificate authority. This allows
	87	# clients to simply verify that a server certificate is available.
	88	#
	89	#TLS_ALLOWSELFSIGNEDCERT=1
90