[packages/courier-imap.git] / courier-imap.sysconfig

# Address to listen on, can be set to a single IP address.
# 0 means all IP addresses.
#
ADDRESS=0

# Maximum number of IMAP servers started
#
MAXDAEMONS=40

# Maximum number of connections to accept from the same IP address
#
MAXPERIP=4

# Where mail is stored (relative to $HOME)
#
MAILDIR="Maildir"

# Miscellaneous couriertcpd options that shouldn't be changed.
#
#TCPDOPTS="-nodnslookup -noidentlookup"

# If this version of Courier-IMAP includes support for CRAM-MD5
# authentication (the authcram authentication modules gets compiled and
# installed), you change IMAP_CAPABILITY below to read as follows:
#
# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5"
#
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"

# The following setting will advertise SASL PLAIN authentication after
# STARTTLS is established.  If you want to allow SASL PLAIN authentication
# with or without TLS then just comment this out, and add AUTH=PLAIN to
# IMAP_CAPABILITY
#
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
# server side sorting and threading.
#
# Those capabilities will still be advertised, but the server will reject
# them.  Set this option if you want to disable all the extra load from
# server-side threading and sorting.  Not advertising those capabilities
# will simply result in the clients reading the entire folder, and sorting
# it on the client side.  That will still put some load on the server.
# advertising these capabilities, but rejecting the commands, will stop this
# silliness.
#
IMAP_DISABLETHREADSORT=0

# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
# mail in every folder.  Not all IMAP clients use an IMAP's server new mail
# indicator, but some do, and normally new mail is checked only in INBOX,
# because it is a comparatively time consuming operation, and it would be
# a complete waste of time unless mail filters are used to deliver new
# mail directly to folders.
#
# When IMAP clients are used which support new mail indication, and when
# mail filters are used to sort incoming mail into folders, setting
# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
# mail in folders.  Note that this will result in slightly more load on the
# server.
#
IMAP_CHECK_ALL_FOLDERS=0

# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
# what \\HasNoChildren really means.
#
IMAP_OBSOLETE_CLIENT=0

# IMAP_ULIMITD sets the maximum size of the data segment of the server
# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
# command.  The argument to ulimit -d sets the upper limit on the size
# of the data segment of the server process, in kilobytes.  The default
# value of 65536 sets a very generous limit of 64 megabytes, which should
# be more than plenty for anyone.
#
# This feature is used as an additional safety check that should stop
# any potential denial-of-service attacks that exploit any kind of
# a memory leak to exhaust all the available memory on the server.
# It is theoretically possible that obscenely huge folders will also
# result in the server running out of memory when doing server-side
# sorting (by my calculations you have to have at least 100,000 messages
# in a single folder, for that to happen).
#
IMAP_ULIMITD=65536

# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
# clients that open multiple connections to the server.  I would hope that
# most IMAP clients are sane enough not to issue commands to multiple IMAP
# channels which conflict with each other.
#
IMAP_USELOCKS=0

# Purge messages from the Trash folder after this number of days.  This is
# mainly for the Netscape Communicator client, which automatically moves
# deleted messages into Trash.  Remove this variable complete to disable
# Trash purging.
#
IMAP_EMPTYTRASH=7

# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This
# effectively allows an undo of message deletion by fishing the deleted
# mail from trash.  Trash can be manually expunged as usually, and mail
# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
#
# NOTE: shared folders are still expunged as usual.  Shared folders are
# not affected.
#
IMAP_MOVE_EXPUNGE_TO_TRASH=0

# Whether or not to start IMAP over SSL on simap port:
#
IMAPDSSLSTART=NO

# Whether or not to implement IMAP STARTTLS extension instead:
#
IMAPDSTARTTLS=YES

# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
# is issued).
#
#IMAP_TLS_REQUIRED=1

# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# SSL2 - SSLv2
# SSL3 - SSLv3
# TLS1 - TLS1
#
TLS_PROTOCOL=SSL3

# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"

# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
# you must generate a DH pair that will be used.  In most situations the
# DH pair is to be treated as confidential, and the file specified by
# TLS_DHCERTFILE must not be world-readable.
#
#TLS_DHCERTFILE=

# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem

# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
# certificates are signed by a specific certificate authority, set
# TLS_OURCACERT to the name of the file containing the certificate authority
# root key, and set TLS_PEERCERTDIR to the name of the directory containing
# the allowed certificates.
#
#TLS_PEERCERTDIR=
#TLS_OURCACERT=

# TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
# this setting are:
#
# NONE - do not verify anything
#
# PEER - verify the peer certificate, if one's presented
#
# REQUIREPEER - require a peer certificate, fail if one's not presented
#
# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
# will usually set TLS_VERIFYPEER to REQUIREPEER.
#
TLS_VERIFYPEER=NONE

# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
# TLS_VERIFYPEER=NONE.  TLS_ALLOWSELFSIGNEDCERT ignores server certificates
# that are not signed by a recognized certificate authority.  This allows
# clients to simply verify that a server certificate is available.
#
#TLS_ALLOWSELFSIGNEDCERT=1
Commit	Line	Data
5287ceef	1	# Address to listen on, can be set to a single IP address.
48f9fb9c	2	# 0 means all IP addresses.
e93af56d	3	#
48f9fb9c	4	ADDRESS=0
5287ceef	5
5287ceef	6	# Maximum number of IMAP servers started
e93af56d	7	#
5287ceef	8	MAXDAEMONS=40
	9
	10	# Maximum number of connections to accept from the same IP address
e93af56d	11	#
5287ceef	12	MAXPERIP=4
e93af56d	13
5287ceef	14	# Where mail is stored (relative to $HOME)
e93af56d	15	#
5287ceef	16	MAILDIR="Maildir"
	17
	18	# Miscellaneous couriertcpd options that shouldn't be changed.
e93af56d	19	#
5287ceef	20	#TCPDOPTS="-nodnslookup -noidentlookup"
e93af56d	21
5287ceef	22	# If this version of Courier-IMAP includes support for CRAM-MD5
	23	# authentication (the authcram authentication modules gets compiled and
	24	# installed), you change IMAP_CAPABILITY below to read as follows:
e93af56d	25	#
5287ceef	26	# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5"
e93af56d	27	#
5287ceef	28	IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"
e93af56d	29
5287ceef	30	# The following setting will advertise SASL PLAIN authentication after
	31	# STARTTLS is established. If you want to allow SASL PLAIN authentication
	32	# with or without TLS then just comment this out, and add AUTH=PLAIN to
	33	# IMAP_CAPABILITY
e93af56d	34	#
5287ceef	35	IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
	36
	37	# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
	38	# server side sorting and threading.
e93af56d	39	#
5287ceef	40	# Those capabilities will still be advertised, but the server will reject
	41	# them. Set this option if you want to disable all the extra load from
	42	# server-side threading and sorting. Not advertising those capabilities
	43	# will simply result in the clients reading the entire folder, and sorting
	44	# it on the client side. That will still put some load on the server.
	45	# advertising these capabilities, but rejecting the commands, will stop this
	46	# silliness.
	47	#
	48	IMAP_DISABLETHREADSORT=0
	49
	50	# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
	51	# mail in every folder. Not all IMAP clients use an IMAP's server new mail
	52	# indicator, but some do, and normally new mail is checked only in INBOX,
	53	# because it is a comparatively time consuming operation, and it would be
	54	# a complete waste of time unless mail filters are used to deliver new
	55	# mail directly to folders.
	56	#
	57	# When IMAP clients are used which support new mail indication, and when
	58	# mail filters are used to sort incoming mail into folders, setting
	59	# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
	60	# mail in folders. Note that this will result in slightly more load on the
	61	# server.
	62	#
	63	IMAP_CHECK_ALL_FOLDERS=0
e93af56d	64
5287ceef	65	# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
5287ceef	66	# what \\HasNoChildren really means.
e93af56d	67	#
5287ceef	68	IMAP_OBSOLETE_CLIENT=0
	69
	70	# IMAP_ULIMITD sets the maximum size of the data segment of the server
	71	# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
	72	# command. The argument to ulimit -d sets the upper limit on the size
	73	# of the data segment of the server process, in kilobytes. The default
	74	# value of 65536 sets a very generous limit of 64 megabytes, which should
	75	# be more than plenty for anyone.
e93af56d	76	#
5287ceef	77	# This feature is used as an additional safety check that should stop
	78	# any potential denial-of-service attacks that exploit any kind of
	79	# a memory leak to exhaust all the available memory on the server.
	80	# It is theoretically possible that obscenely huge folders will also
	81	# result in the server running out of memory when doing server-side
	82	# sorting (by my calculations you have to have at least 100,000 messages
	83	# in a single folder, for that to happen).
e93af56d	84	#
5287ceef	85	IMAP_ULIMITD=65536
	86
	87	# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
	88	# clients that open multiple connections to the server. I would hope that
	89	# most IMAP clients are sane enough not to issue commands to multiple IMAP
	90	# channels which conflict with each other.
e93af56d	91	#
5287ceef	92	IMAP_USELOCKS=0
e93af56d	93
5287ceef	94	# Purge messages from the Trash folder after this number of days. This is
	95	# mainly for the Netscape Communicator client, which automatically moves
	96	# deleted messages into Trash. Remove this variable complete to disable
	97	# Trash purging.
e93af56d	98	#
5287ceef	99	IMAP_EMPTYTRASH=7
	100
	101	# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
	102	# effectively allows an undo of message deletion by fishing the deleted
	103	# mail from trash. Trash can be manually expunged as usually, and mail
	104	# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
e93af56d	105	#
5287ceef	106	# NOTE: shared folders are still expunged as usual. Shared folders are
	107	# not affected.
	108	#
	109	IMAP_MOVE_EXPUNGE_TO_TRASH=0
	110
	111	# Whether or not to start IMAP over SSL on simap port:
	112	#
	113	IMAPDSSLSTART=NO
	114
	115	# Whether or not to implement IMAP STARTTLS extension instead:
	116	#
	117	IMAPDSTARTTLS=YES
	118
	119	# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
	120	# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
	121	# is issued).
	122	#
	123	#IMAP_TLS_REQUIRED=1
	124
	125	# TLS_PROTOCOL sets the protocol version. The possible versions are:
	126	#
	127	# SSL2 - SSLv2
	128	# SSL3 - SSLv3
	129	# TLS1 - TLS1
	130	#
	131	TLS_PROTOCOL=SSL3
	132
	133	# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
	134	# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
	135	# undefined
	136	#
	137	#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
	138
	139	# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
	140	# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
	141	# you must generate a DH pair that will be used. In most situations the
	142	# DH pair is to be treated as confidential, and the file specified by
	143	# TLS_DHCERTFILE must not be world-readable.
	144	#
	145	#TLS_DHCERTFILE=
	146
	147	# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
	148	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	149	# treated as confidential, and must not be world-readable.
	150	#
	151	TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem
	152
	153	# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
	154	# certificates are signed by a specific certificate authority, set
	155	# TLS_OURCACERT to the name of the file containing the certificate authority
	156	# root key, and set TLS_PEERCERTDIR to the name of the directory containing
	157	# the allowed certificates.
	158	#
	159	#TLS_PEERCERTDIR=
	160	#TLS_OURCACERT=
	161
	162	# TLS_VERIFYPEER - how to verify peer certificates. The possible values of
	163	# this setting are:
	164	#
	165	# NONE - do not verify anything
	166	#
	167	# PEER - verify the peer certificate, if one's presented
	168	#
	169	# REQUIREPEER - require a peer certificate, fail if one's not presented
170	#
171	# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
172	# will usually set TLS_VERIFYPEER to REQUIREPEER.
173	#
174	TLS_VERIFYPEER=NONE
175
176	# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
177	# TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
178	# that are not signed by a recognized certificate authority. This allows
179	# clients to simply verify that a server certificate is available.
180	#
181	#TLS_ALLOWSELFSIGNEDCERT=1
182