[packages/courier-imap.git] / courier-imap.sysconfig

# Addresses to listen on, can be set to a single IP address.
# 0 means all IP addresses.
#
# ADDRESS/ADDRESS_SSL can be used to default a specific IP
# address for every listed port number.

ADDRESS=0
ADDRESS_SSL=0

# Multiple port numbers can be separated by commas.  When multiple port
# numbers are used it is possibly to select a specific IP address for
# given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1

PORTS=143
PORTS_SSL=993

# Maximum number of IMAP servers started
#
MAXDAEMONS=40

# Maximum number of connections to accept from the same IP address
#
MAXPERIP=4

# Where mail is stored (relative to $HOME)
#
MAILDIR="Maildir"

# Miscellaneous couriertcpd options that shouldn't be changed.
#
#TCPDOPTS="-nodnslookup -noidentlookup"

# IMAP_CAPABILITY specifies what most of the response should be to the
# CAPABILITY command.
#
# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
# authentication (see INSTALL), set IMAP_CAPABILITY as follows:
#
# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1"
#
# Otherwise, leave it set to the default value.  The IDLE keyword can also
# be added, in experimental mode.
#
# NOTE: CRAM-SHA1 is considered experimental at this time.
#
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"

# The following setting will advertise SASL PLAIN authentication after
# STARTTLS is established.  If you want to allow SASL PLAIN authentication
# with or without TLS then just comment this out, and add AUTH=PLAIN to
# IMAP_CAPABILITY
#
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

# If you want to try out the IDLE extension, this setting controls how often
# the server polls for changes to the folder, in IDLE mode (in seconds).
#
IMAP_IDLE_TIMEOUT=60

# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
# server side sorting and threading.
#
# Those capabilities will still be advertised, but the server will reject
# them.  Set this option if you want to disable all the extra load from
# server-side threading and sorting.  Not advertising those capabilities
# will simply result in the clients reading the entire folder, and sorting
# it on the client side.  That will still put some load on the server.
# advertising these capabilities, but rejecting the commands, will stop this
# silliness.
#
IMAP_DISABLETHREADSORT=0

# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
# mail in every folder.  Not all IMAP clients use an IMAP's server new mail
# indicator, but some do, and normally new mail is checked only in INBOX,
# because it is a comparatively time consuming operation, and it would be
# a complete waste of time unless mail filters are used to deliver new
# mail directly to folders.
#
# When IMAP clients are used which support new mail indication, and when
# mail filters are used to sort incoming mail into folders, setting
# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
# mail in folders.  Note that this will result in slightly more load on the
# server.
#
IMAP_CHECK_ALL_FOLDERS=0

# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
# what \\HasNoChildren really means.
#
IMAP_OBSOLETE_CLIENT=0

# IMAP_ULIMITD sets the maximum size of the data segment of the server
# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
# command.  The argument to ulimit -d sets the upper limit on the size
# of the data segment of the server process, in kilobytes.  The default
# value of 65536 sets a very generous limit of 64 megabytes, which should
# be more than plenty for anyone.
#
# This feature is used as an additional safety check that should stop
# any potential denial-of-service attacks that exploit any kind of
# a memory leak to exhaust all the available memory on the server.
# It is theoretically possible that obscenely huge folders will also
# result in the server running out of memory when doing server-side
# sorting (by my calculations you have to have at least 100,000 messages
# in a single folder, for that to happen).
#
IMAP_ULIMITD=65536

# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
# clients that open multiple connections to the server.  I would hope that
# most IMAP clients are sane enough not to issue commands to multiple IMAP
# channels which conflict with each other.
#
IMAP_USELOCKS=0

# The following setting is optional, and causes messages from the given
# folder to be automatically deleted after the given number of days.
# IMAP_EMPTYTRASH is a comma-separated list of folder:days.  The default
# setting, below, purges 7 day old messages from the Trash folder.
# Another useful setting would be:
#
# IMAP_EMPTYTRASH=Trash:7,Sent:30
#
# This would also delete messages from the Sent folder (presumably copies
# of sent mail) after 30 days.  This is a global setting that is applied to
# every mail account, and is probably useful in a controlled, corporate
# environment.
#
# You might want to disable this setting in certain situations - it results
# in a stat() of every file in each folder, at login and logout.
#
IMAP_EMPTYTRASH=Trash:7

# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This
# effectively allows an undo of message deletion by fishing the deleted
# mail from trash.  Trash can be manually expunged as usually, and mail
# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
#
# NOTE: shared folders are still expunged as usual.  Shared folders are
# not affected.
#
IMAP_MOVE_EXPUNGE_TO_TRASH=0

# Whether or not to start IMAP over SSL on simap port:
#
IMAPDSSLSTART=NO

# Whether or not to implement IMAP STARTTLS extension instead:
#
IMAP_STARTTLS=YES

# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
# is issued).
#
IMAP_TLS_REQUIRED=0

# The following variables configure IMAP over SSL.  If OpenSSL is available
# during configuration, the couriertls helper gets compiled, and upon
# installation a dummy TLS_CERTFILE gets generated.  courieresmtpd will
# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
# and COURIERTLS exist.
#
COURIERTLS=/usr/bin/couriertls

# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# SSL2 - SSLv2
# SSL3 - SSLv3
# TLS1 - TLS1
#
TLS_PROTOCOL=SSL3

# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
# extension, as opposed to IMAP over SSL on port 993.
#
TLS_STARTTLS_PROTOCOL=TLS1

# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"

# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
# you must generate a DH pair that will be used.  In most situations the
# DH pair is to be treated as confidential, and the file specified by
# TLS_DHCERTFILE must not be world-readable.
#
#TLS_DHCERTFILE=

# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem

# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
# pathname can be a file or a directory. If a file, the file should
# contain a list of trusted certificates, in PEM format. If a
# directory, the directory should contain the trusted certificates,
# in PEM format, one per file and hashed using OpenSSL's c_rehash
# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
# to PEER or REQUIREPEER).
#
# TLS_TRUSTCERTS=

# TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
# this setting are:
#
# NONE - do not verify anything
#
# PEER - verify the peer certificate, if one's presented
#
# REQUIREPEER - require a peer certificate, fail if one's not presented
#
# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
# will usually set TLS_VERIFYPEER to REQUIREPEER.
#
TLS_VERIFYPEER=NONE

# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
# TLS_VERIFYPEER=NONE.  TLS_ALLOWSELFSIGNEDCERT ignores server certificates
# that are not signed by a recognized certificate authority.  This allows
# clients to simply verify that a server certificate is available.
#
#TLS_ALLOWSELFSIGNEDCERT=1
Commit	Line	Data
b0f689e2	1	# Addresses to listen on, can be set to a single IP address.
48f9fb9c	2	# 0 means all IP addresses.
e93af56d	3	#
b0f689e2	4	# ADDRESS/ADDRESS_SSL can be used to default a specific IP
	5	# address for every listed port number.
	6
48f9fb9c	7	ADDRESS=0
b0f689e2	8	ADDRESS_SSL=0
	9
	10	# Multiple port numbers can be separated by commas. When multiple port
	11	# numbers are used it is possibly to select a specific IP address for
	12	# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
	13	# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
	14
	15	PORTS=143
	16	PORTS_SSL=993
5287ceef	17
5287ceef	18	# Maximum number of IMAP servers started
e93af56d	19	#
5287ceef	20	MAXDAEMONS=40
	21
	22	# Maximum number of connections to accept from the same IP address
e93af56d	23	#
5287ceef	24	MAXPERIP=4
e93af56d	25
5287ceef	26	# Where mail is stored (relative to $HOME)
e93af56d	27	#
5287ceef	28	MAILDIR="Maildir"
	29
	30	# Miscellaneous couriertcpd options that shouldn't be changed.
e93af56d	31	#
5287ceef	32	#TCPDOPTS="-nodnslookup -noidentlookup"
e93af56d	33
b0f689e2	34	# IMAP_CAPABILITY specifies what most of the response should be to the
	35	# CAPABILITY command.
	36	#
	37	# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
	38	# authentication (see INSTALL), set IMAP_CAPABILITY as follows:
e93af56d	39	#
b0f689e2	40	# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1"
	41	#
	42	# Otherwise, leave it set to the default value. The IDLE keyword can also
	43	# be added, in experimental mode.
	44	#
	45	# NOTE: CRAM-SHA1 is considered experimental at this time.
e93af56d	46	#
5287ceef	47	IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"
e93af56d	48
5287ceef	49	# The following setting will advertise SASL PLAIN authentication after
	50	# STARTTLS is established. If you want to allow SASL PLAIN authentication
	51	# with or without TLS then just comment this out, and add AUTH=PLAIN to
	52	# IMAP_CAPABILITY
e93af56d	53	#
5287ceef	54	IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
5287ceef	55
b0f689e2	56	# If you want to try out the IDLE extension, this setting controls how often
	57	# the server polls for changes to the folder, in IDLE mode (in seconds).
	58	#
	59	IMAP_IDLE_TIMEOUT=60
	60
5287ceef	61	# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
5287ceef	62	# server side sorting and threading.
e93af56d	63	#
5287ceef	64	# Those capabilities will still be advertised, but the server will reject
	65	# them. Set this option if you want to disable all the extra load from
	66	# server-side threading and sorting. Not advertising those capabilities
	67	# will simply result in the clients reading the entire folder, and sorting
	68	# it on the client side. That will still put some load on the server.
	69	# advertising these capabilities, but rejecting the commands, will stop this
	70	# silliness.
	71	#
	72	IMAP_DISABLETHREADSORT=0
	73
	74	# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
	75	# mail in every folder. Not all IMAP clients use an IMAP's server new mail
	76	# indicator, but some do, and normally new mail is checked only in INBOX,
	77	# because it is a comparatively time consuming operation, and it would be
	78	# a complete waste of time unless mail filters are used to deliver new
	79	# mail directly to folders.
	80	#
	81	# When IMAP clients are used which support new mail indication, and when
	82	# mail filters are used to sort incoming mail into folders, setting
	83	# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
	84	# mail in folders. Note that this will result in slightly more load on the
	85	# server.
	86	#
	87	IMAP_CHECK_ALL_FOLDERS=0
e93af56d	88
5287ceef	89	# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
5287ceef	90	# what \\HasNoChildren really means.
e93af56d	91	#
5287ceef	92	IMAP_OBSOLETE_CLIENT=0
	93
	94	# IMAP_ULIMITD sets the maximum size of the data segment of the server
	95	# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
	96	# command. The argument to ulimit -d sets the upper limit on the size
	97	# of the data segment of the server process, in kilobytes. The default
	98	# value of 65536 sets a very generous limit of 64 megabytes, which should
	99	# be more than plenty for anyone.
e93af56d	100	#
5287ceef	101	# This feature is used as an additional safety check that should stop
	102	# any potential denial-of-service attacks that exploit any kind of
	103	# a memory leak to exhaust all the available memory on the server.
	104	# It is theoretically possible that obscenely huge folders will also
	105	# result in the server running out of memory when doing server-side
	106	# sorting (by my calculations you have to have at least 100,000 messages
	107	# in a single folder, for that to happen).
e93af56d	108	#
5287ceef	109	IMAP_ULIMITD=65536
	110
	111	# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
	112	# clients that open multiple connections to the server. I would hope that
	113	# most IMAP clients are sane enough not to issue commands to multiple IMAP
	114	# channels which conflict with each other.
e93af56d	115	#
5287ceef	116	IMAP_USELOCKS=0
e93af56d	117
b0f689e2	118	# The following setting is optional, and causes messages from the given
	119	# folder to be automatically deleted after the given number of days.
	120	# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default
	121	# setting, below, purges 7 day old messages from the Trash folder.
	122	# Another useful setting would be:
e93af56d	123	#
b0f689e2	124	# IMAP_EMPTYTRASH=Trash:7,Sent:30
	125	#
	126	# This would also delete messages from the Sent folder (presumably copies
	127	# of sent mail) after 30 days. This is a global setting that is applied to
	128	# every mail account, and is probably useful in a controlled, corporate
	129	# environment.
	130	#
	131	# You might want to disable this setting in certain situations - it results
	132	# in a stat() of every file in each folder, at login and logout.
	133	#
	134	IMAP_EMPTYTRASH=Trash:7
5287ceef	135
	136	# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
	137	# effectively allows an undo of message deletion by fishing the deleted
	138	# mail from trash. Trash can be manually expunged as usually, and mail
	139	# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
e93af56d	140	#
5287ceef	141	# NOTE: shared folders are still expunged as usual. Shared folders are
	142	# not affected.
	143	#
	144	IMAP_MOVE_EXPUNGE_TO_TRASH=0
	145
	146	# Whether or not to start IMAP over SSL on simap port:
	147	#
	148	IMAPDSSLSTART=NO
	149
	150	# Whether or not to implement IMAP STARTTLS extension instead:
	151	#
b0f689e2	152	IMAP_STARTTLS=YES
5287ceef	153
	154	# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
	155	# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
	156	# is issued).
	157	#
b0f689e2	158	IMAP_TLS_REQUIRED=0
	159
	160	# The following variables configure IMAP over SSL. If OpenSSL is available
	161	# during configuration, the couriertls helper gets compiled, and upon
	162	# installation a dummy TLS_CERTFILE gets generated. courieresmtpd will
	163	# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
	164	# and COURIERTLS exist.
	165	#
	166	COURIERTLS=/usr/bin/couriertls
5287ceef	167
	168	# TLS_PROTOCOL sets the protocol version. The possible versions are:
	169	#
	170	# SSL2 - SSLv2
	171	# SSL3 - SSLv3
	172	# TLS1 - TLS1
	173	#
	174	TLS_PROTOCOL=SSL3
	175
b0f689e2	176	# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
	177	# extension, as opposed to IMAP over SSL on port 993.
	178	#
	179	TLS_STARTTLS_PROTOCOL=TLS1
	180
5287ceef	181	# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
	182	# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
	183	# undefined
	184	#
	185	#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
	186
	187	# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
	188	# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
	189	# you must generate a DH pair that will be used. In most situations the
	190	# DH pair is to be treated as confidential, and the file specified by
	191	# TLS_DHCERTFILE must not be world-readable.
	192	#
	193	#TLS_DHCERTFILE=
	194
	195	# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
	196	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	197	# treated as confidential, and must not be world-readable.
	198	#
	199	TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem
	200
5e6a8c3d	201	# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
	202	# pathname can be a file or a directory. If a file, the file should
	203	# contain a list of trusted certificates, in PEM format. If a
	204	# directory, the directory should contain the trusted certificates,
	205	# in PEM format, one per file and hashed using OpenSSL's c_rehash
	206	# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
	207	# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
	208	# to PEER or REQUIREPEER).
	209	#
	210	# TLS_TRUSTCERTS=
5287ceef	211
	212	# TLS_VERIFYPEER - how to verify peer certificates. The possible values of
	213	# this setting are:
	214	#
	215	# NONE - do not verify anything
	216	#
	217	# PEER - verify the peer certificate, if one's presented
	218	#
	219	# REQUIREPEER - require a peer certificate, fail if one's not presented
	220	#
	221	# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
	222	# will usually set TLS_VERIFYPEER to REQUIREPEER.
	223	#
	224	TLS_VERIFYPEER=NONE
	225
	226	# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
	227	# TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
	228	# that are not signed by a recognized certificate authority. This allows
	229	# clients to simply verify that a server certificate is available.
	230	#
	231	#TLS_ALLOWSELFSIGNEDCERT=1
	232