[packages/courier-imap.git] / courier-imap.sysconfig

# Address to listen on, can be set to a single IP address.
#
ADDRESS=0.0.0.0

# Maximum number of IMAP servers started
#
MAXDAEMONS=40

# Maximum number of connections to accept from the same IP address
#
MAXPERIP=4

# Where mail is stored (relative to $HOME)
#
MAILDIR="Maildir"

# Miscellaneous couriertcpd options that shouldn't be changed.
#
#TCPDOPTS="-nodnslookup -noidentlookup"

# If this version of Courier-IMAP includes support for CRAM-MD5
# authentication (the authcram authentication modules gets compiled and
# installed), you change IMAP_CAPABILITY below to read as follows:
#
# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5"
#
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"

# The following setting will advertise SASL PLAIN authentication after
# STARTTLS is established.  If you want to allow SASL PLAIN authentication
# with or without TLS then just comment this out, and add AUTH=PLAIN to
# IMAP_CAPABILITY
#
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
# server side sorting and threading.
#
# Those capabilities will still be advertised, but the server will reject
# them.  Set this option if you want to disable all the extra load from
# server-side threading and sorting.  Not advertising those capabilities
# will simply result in the clients reading the entire folder, and sorting
# it on the client side.  That will still put some load on the server.
# advertising these capabilities, but rejecting the commands, will stop this
# silliness.
#
IMAP_DISABLETHREADSORT=0

# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
# mail in every folder.  Not all IMAP clients use an IMAP's server new mail
# indicator, but some do, and normally new mail is checked only in INBOX,
# because it is a comparatively time consuming operation, and it would be
# a complete waste of time unless mail filters are used to deliver new
# mail directly to folders.
#
# When IMAP clients are used which support new mail indication, and when
# mail filters are used to sort incoming mail into folders, setting
# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
# mail in folders.  Note that this will result in slightly more load on the
# server.
#
IMAP_CHECK_ALL_FOLDERS=0

# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
# what \\HasNoChildren really means.
#
IMAP_OBSOLETE_CLIENT=0

# IMAP_ULIMITD sets the maximum size of the data segment of the server
# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
# command.  The argument to ulimit -d sets the upper limit on the size
# of the data segment of the server process, in kilobytes.  The default
# value of 65536 sets a very generous limit of 64 megabytes, which should
# be more than plenty for anyone.
#
# This feature is used as an additional safety check that should stop
# any potential denial-of-service attacks that exploit any kind of
# a memory leak to exhaust all the available memory on the server.
# It is theoretically possible that obscenely huge folders will also
# result in the server running out of memory when doing server-side
# sorting (by my calculations you have to have at least 100,000 messages
# in a single folder, for that to happen).
#
IMAP_ULIMITD=65536

# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
# clients that open multiple connections to the server.  I would hope that
# most IMAP clients are sane enough not to issue commands to multiple IMAP
# channels which conflict with each other.
#
IMAP_USELOCKS=0

# Purge messages from the Trash folder after this number of days.  This is
# mainly for the Netscape Communicator client, which automatically moves
# deleted messages into Trash.  Remove this variable complete to disable
# Trash purging.
#
IMAP_EMPTYTRASH=7

# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This
# effectively allows an undo of message deletion by fishing the deleted
# mail from trash.  Trash can be manually expunged as usually, and mail
# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
#
# NOTE: shared folders are still expunged as usual.  Shared folders are
# not affected.
#
IMAP_MOVE_EXPUNGE_TO_TRASH=0

# Whether or not to start IMAP over SSL on simap port:
#
IMAPDSSLSTART=NO

# Whether or not to implement IMAP STARTTLS extension instead:
#
IMAPDSTARTTLS=YES

# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
# is issued).
#
#IMAP_TLS_REQUIRED=1

# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# SSL2 - SSLv2
# SSL3 - SSLv3
# TLS1 - TLS1
#
TLS_PROTOCOL=SSL3

# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"

# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
# you must generate a DH pair that will be used.  In most situations the
# DH pair is to be treated as confidential, and the file specified by
# TLS_DHCERTFILE must not be world-readable.
#
#TLS_DHCERTFILE=

# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem

# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
# certificates are signed by a specific certificate authority, set
# TLS_OURCACERT to the name of the file containing the certificate authority
# root key, and set TLS_PEERCERTDIR to the name of the directory containing
# the allowed certificates.
#
#TLS_PEERCERTDIR=
#TLS_OURCACERT=

# TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
# this setting are:
#
# NONE - do not verify anything
#
# PEER - verify the peer certificate, if one's presented
#
# REQUIREPEER - require a peer certificate, fail if one's not presented
#
# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
# will usually set TLS_VERIFYPEER to REQUIREPEER.
#
TLS_VERIFYPEER=NONE

# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
# TLS_VERIFYPEER=NONE.  TLS_ALLOWSELFSIGNEDCERT ignores server certificates
# that are not signed by a recognized certificate authority.  This allows
# clients to simply verify that a server certificate is available.
#
#TLS_ALLOWSELFSIGNEDCERT=1
Commit	Line	Data
5287ceef	1	# Address to listen on, can be set to a single IP address.
e93af56d	2	#
5287ceef	3	ADDRESS=0.0.0.0
	4
	5	# Maximum number of IMAP servers started
e93af56d	6	#
5287ceef	7	MAXDAEMONS=40
	8
	9	# Maximum number of connections to accept from the same IP address
e93af56d	10	#
5287ceef	11	MAXPERIP=4
e93af56d	12
5287ceef	13	# Where mail is stored (relative to $HOME)
e93af56d	14	#
5287ceef	15	MAILDIR="Maildir"
	16
	17	# Miscellaneous couriertcpd options that shouldn't be changed.
e93af56d	18	#
5287ceef	19	#TCPDOPTS="-nodnslookup -noidentlookup"
e93af56d	20
5287ceef	21	# If this version of Courier-IMAP includes support for CRAM-MD5
	22	# authentication (the authcram authentication modules gets compiled and
	23	# installed), you change IMAP_CAPABILITY below to read as follows:
e93af56d	24	#
5287ceef	25	# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5"
e93af56d	26	#
5287ceef	27	IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"
e93af56d	28
5287ceef	29	# The following setting will advertise SASL PLAIN authentication after
	30	# STARTTLS is established. If you want to allow SASL PLAIN authentication
	31	# with or without TLS then just comment this out, and add AUTH=PLAIN to
	32	# IMAP_CAPABILITY
e93af56d	33	#
5287ceef	34	IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
	35
	36	# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
	37	# server side sorting and threading.
e93af56d	38	#
5287ceef	39	# Those capabilities will still be advertised, but the server will reject
	40	# them. Set this option if you want to disable all the extra load from
	41	# server-side threading and sorting. Not advertising those capabilities
	42	# will simply result in the clients reading the entire folder, and sorting
	43	# it on the client side. That will still put some load on the server.
	44	# advertising these capabilities, but rejecting the commands, will stop this
	45	# silliness.
	46	#
	47	IMAP_DISABLETHREADSORT=0
	48
	49	# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
	50	# mail in every folder. Not all IMAP clients use an IMAP's server new mail
	51	# indicator, but some do, and normally new mail is checked only in INBOX,
	52	# because it is a comparatively time consuming operation, and it would be
	53	# a complete waste of time unless mail filters are used to deliver new
	54	# mail directly to folders.
	55	#
	56	# When IMAP clients are used which support new mail indication, and when
	57	# mail filters are used to sort incoming mail into folders, setting
	58	# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
	59	# mail in folders. Note that this will result in slightly more load on the
	60	# server.
	61	#
	62	IMAP_CHECK_ALL_FOLDERS=0
e93af56d	63
5287ceef	64	# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
5287ceef	65	# what \\HasNoChildren really means.
e93af56d	66	#
5287ceef	67	IMAP_OBSOLETE_CLIENT=0
	68
	69	# IMAP_ULIMITD sets the maximum size of the data segment of the server
	70	# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
	71	# command. The argument to ulimit -d sets the upper limit on the size
	72	# of the data segment of the server process, in kilobytes. The default
	73	# value of 65536 sets a very generous limit of 64 megabytes, which should
	74	# be more than plenty for anyone.
e93af56d	75	#
5287ceef	76	# This feature is used as an additional safety check that should stop
	77	# any potential denial-of-service attacks that exploit any kind of
	78	# a memory leak to exhaust all the available memory on the server.
	79	# It is theoretically possible that obscenely huge folders will also
	80	# result in the server running out of memory when doing server-side
	81	# sorting (by my calculations you have to have at least 100,000 messages
	82	# in a single folder, for that to happen).
e93af56d	83	#
5287ceef	84	IMAP_ULIMITD=65536
	85
	86	# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
	87	# clients that open multiple connections to the server. I would hope that
	88	# most IMAP clients are sane enough not to issue commands to multiple IMAP
	89	# channels which conflict with each other.
e93af56d	90	#
5287ceef	91	IMAP_USELOCKS=0
e93af56d	92
5287ceef	93	# Purge messages from the Trash folder after this number of days. This is
	94	# mainly for the Netscape Communicator client, which automatically moves
	95	# deleted messages into Trash. Remove this variable complete to disable
	96	# Trash purging.
e93af56d	97	#
5287ceef	98	IMAP_EMPTYTRASH=7
	99
	100	# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
	101	# effectively allows an undo of message deletion by fishing the deleted
	102	# mail from trash. Trash can be manually expunged as usually, and mail
	103	# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
e93af56d	104	#
5287ceef	105	# NOTE: shared folders are still expunged as usual. Shared folders are
	106	# not affected.
	107	#
	108	IMAP_MOVE_EXPUNGE_TO_TRASH=0
	109
	110	# Whether or not to start IMAP over SSL on simap port:
	111	#
	112	IMAPDSSLSTART=NO
	113
	114	# Whether or not to implement IMAP STARTTLS extension instead:
	115	#
	116	IMAPDSTARTTLS=YES
	117
	118	# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
	119	# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
	120	# is issued).
	121	#
	122	#IMAP_TLS_REQUIRED=1
	123
	124	# TLS_PROTOCOL sets the protocol version. The possible versions are:
	125	#
	126	# SSL2 - SSLv2
	127	# SSL3 - SSLv3
	128	# TLS1 - TLS1
	129	#
	130	TLS_PROTOCOL=SSL3
	131
	132	# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
	133	# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
	134	# undefined
	135	#
	136	#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
	137
	138	# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
	139	# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
	140	# you must generate a DH pair that will be used. In most situations the
	141	# DH pair is to be treated as confidential, and the file specified by
	142	# TLS_DHCERTFILE must not be world-readable.
	143	#
	144	#TLS_DHCERTFILE=
	145
	146	# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
	147	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	148	# treated as confidential, and must not be world-readable.
	149	#
	150	TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem
	151
	152	# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
	153	# certificates are signed by a specific certificate authority, set
	154	# TLS_OURCACERT to the name of the file containing the certificate authority
	155	# root key, and set TLS_PEERCERTDIR to the name of the directory containing
	156	# the allowed certificates.
	157	#
	158	#TLS_PEERCERTDIR=
	159	#TLS_OURCACERT=
	160
	161	# TLS_VERIFYPEER - how to verify peer certificates. The possible values of
	162	# this setting are:
	163	#
	164	# NONE - do not verify anything
	165	#
	166	# PEER - verify the peer certificate, if one's presented
	167	#
	168	# REQUIREPEER - require a peer certificate, fail if one's not presented
169	#
170	# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
171	# will usually set TLS_VERIFYPEER to REQUIREPEER.
172	#
173	TLS_VERIFYPEER=NONE
174
175	# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
176	# TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
177	# that are not signed by a recognized certificate authority. This allows
178	# clients to simply verify that a server certificate is available.
179	#
180	#TLS_ALLOWSELFSIGNEDCERT=1
181