]>
Commit | Line | Data |
---|---|---|
5287ceef | 1 | # Address to listen on, can be set to a single IP address. |
48f9fb9c | 2 | # 0 means all IP addresses. |
e93af56d | 3 | # |
48f9fb9c | 4 | ADDRESS=0 |
5287ceef | 5 | |
6 | # Maximum number of IMAP servers started | |
e93af56d | 7 | # |
5287ceef | 8 | MAXDAEMONS=40 |
9 | ||
10 | # Maximum number of connections to accept from the same IP address | |
e93af56d | 11 | # |
5287ceef | 12 | MAXPERIP=4 |
e93af56d | 13 | |
5287ceef | 14 | # Where mail is stored (relative to $HOME) |
e93af56d | 15 | # |
5287ceef | 16 | MAILDIR="Maildir" |
17 | ||
18 | # Miscellaneous couriertcpd options that shouldn't be changed. | |
e93af56d | 19 | # |
5287ceef | 20 | #TCPDOPTS="-nodnslookup -noidentlookup" |
e93af56d | 21 | |
5287ceef | 22 | # If this version of Courier-IMAP includes support for CRAM-MD5 |
23 | # authentication (the authcram authentication modules gets compiled and | |
24 | # installed), you change IMAP_CAPABILITY below to read as follows: | |
e93af56d | 25 | # |
5287ceef | 26 | # IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5" |
e93af56d | 27 | # |
5287ceef | 28 | IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT" |
e93af56d | 29 | |
5287ceef | 30 | # The following setting will advertise SASL PLAIN authentication after |
31 | # STARTTLS is established. If you want to allow SASL PLAIN authentication | |
32 | # with or without TLS then just comment this out, and add AUTH=PLAIN to | |
33 | # IMAP_CAPABILITY | |
e93af56d | 34 | # |
5287ceef | 35 | IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" |
36 | ||
37 | # Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands - | |
38 | # server side sorting and threading. | |
e93af56d | 39 | # |
5287ceef | 40 | # Those capabilities will still be advertised, but the server will reject |
41 | # them. Set this option if you want to disable all the extra load from | |
42 | # server-side threading and sorting. Not advertising those capabilities | |
43 | # will simply result in the clients reading the entire folder, and sorting | |
44 | # it on the client side. That will still put some load on the server. | |
45 | # advertising these capabilities, but rejecting the commands, will stop this | |
46 | # silliness. | |
47 | # | |
48 | IMAP_DISABLETHREADSORT=0 | |
49 | ||
50 | # Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new | |
51 | # mail in every folder. Not all IMAP clients use an IMAP's server new mail | |
52 | # indicator, but some do, and normally new mail is checked only in INBOX, | |
53 | # because it is a comparatively time consuming operation, and it would be | |
54 | # a complete waste of time unless mail filters are used to deliver new | |
55 | # mail directly to folders. | |
56 | # | |
57 | # When IMAP clients are used which support new mail indication, and when | |
58 | # mail filters are used to sort incoming mail into folders, setting | |
59 | # IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new | |
60 | # mail in folders. Note that this will result in slightly more load on the | |
61 | # server. | |
62 | # | |
63 | IMAP_CHECK_ALL_FOLDERS=0 | |
e93af56d | 64 | |
5287ceef | 65 | # Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean |
66 | # what \\HasNoChildren really means. | |
e93af56d | 67 | # |
5287ceef | 68 | IMAP_OBSOLETE_CLIENT=0 |
69 | ||
70 | # IMAP_ULIMITD sets the maximum size of the data segment of the server | |
71 | # process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d" | |
72 | # command. The argument to ulimit -d sets the upper limit on the size | |
73 | # of the data segment of the server process, in kilobytes. The default | |
74 | # value of 65536 sets a very generous limit of 64 megabytes, which should | |
75 | # be more than plenty for anyone. | |
e93af56d | 76 | # |
5287ceef | 77 | # This feature is used as an additional safety check that should stop |
78 | # any potential denial-of-service attacks that exploit any kind of | |
79 | # a memory leak to exhaust all the available memory on the server. | |
80 | # It is theoretically possible that obscenely huge folders will also | |
81 | # result in the server running out of memory when doing server-side | |
82 | # sorting (by my calculations you have to have at least 100,000 messages | |
83 | # in a single folder, for that to happen). | |
e93af56d | 84 | # |
5287ceef | 85 | IMAP_ULIMITD=65536 |
86 | ||
87 | # Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP | |
88 | # clients that open multiple connections to the server. I would hope that | |
89 | # most IMAP clients are sane enough not to issue commands to multiple IMAP | |
90 | # channels which conflict with each other. | |
e93af56d | 91 | # |
5287ceef | 92 | IMAP_USELOCKS=0 |
e93af56d | 93 | |
5287ceef | 94 | # Purge messages from the Trash folder after this number of days. This is |
95 | # mainly for the Netscape Communicator client, which automatically moves | |
96 | # deleted messages into Trash. Remove this variable complete to disable | |
97 | # Trash purging. | |
e93af56d | 98 | # |
5287ceef | 99 | IMAP_EMPTYTRASH=7 |
100 | ||
101 | # Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This | |
102 | # effectively allows an undo of message deletion by fishing the deleted | |
103 | # mail from trash. Trash can be manually expunged as usually, and mail | |
104 | # will get automatically expunged from Trash according to IMAP_EMPTYTRASH. | |
e93af56d | 105 | # |
5287ceef | 106 | # NOTE: shared folders are still expunged as usual. Shared folders are |
107 | # not affected. | |
108 | # | |
109 | IMAP_MOVE_EXPUNGE_TO_TRASH=0 | |
110 | ||
111 | # Whether or not to start IMAP over SSL on simap port: | |
112 | # | |
113 | IMAPDSSLSTART=NO | |
114 | ||
115 | # Whether or not to implement IMAP STARTTLS extension instead: | |
116 | # | |
117 | IMAPDSTARTTLS=YES | |
118 | ||
119 | # Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. | |
120 | # (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS | |
121 | # is issued). | |
122 | # | |
123 | #IMAP_TLS_REQUIRED=1 | |
124 | ||
125 | # TLS_PROTOCOL sets the protocol version. The possible versions are: | |
126 | # | |
127 | # SSL2 - SSLv2 | |
128 | # SSL3 - SSLv3 | |
129 | # TLS1 - TLS1 | |
130 | # | |
131 | TLS_PROTOCOL=SSL3 | |
132 | ||
133 | # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the | |
134 | # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST | |
135 | # undefined | |
136 | # | |
137 | #TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" | |
138 | ||
139 | # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair. | |
140 | # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA | |
141 | # you must generate a DH pair that will be used. In most situations the | |
142 | # DH pair is to be treated as confidential, and the file specified by | |
143 | # TLS_DHCERTFILE must not be world-readable. | |
144 | # | |
145 | #TLS_DHCERTFILE= | |
146 | ||
147 | # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS | |
148 | # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually | |
149 | # treated as confidential, and must not be world-readable. | |
150 | # | |
151 | TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem | |
152 | ||
153 | # TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer | |
154 | # certificates are signed by a specific certificate authority, set | |
155 | # TLS_OURCACERT to the name of the file containing the certificate authority | |
156 | # root key, and set TLS_PEERCERTDIR to the name of the directory containing | |
157 | # the allowed certificates. | |
158 | # | |
159 | #TLS_PEERCERTDIR= | |
160 | #TLS_OURCACERT= | |
161 | ||
162 | # TLS_VERIFYPEER - how to verify peer certificates. The possible values of | |
163 | # this setting are: | |
164 | # | |
165 | # NONE - do not verify anything | |
166 | # | |
167 | # PEER - verify the peer certificate, if one's presented | |
168 | # | |
169 | # REQUIREPEER - require a peer certificate, fail if one's not presented | |
170 | # | |
171 | # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients | |
172 | # will usually set TLS_VERIFYPEER to REQUIREPEER. | |
173 | # | |
174 | TLS_VERIFYPEER=NONE | |
175 | ||
176 | # TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using | |
177 | # TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates | |
178 | # that are not signed by a recognized certificate authority. This allows | |
179 | # clients to simply verify that a server certificate is available. | |
180 | # | |
181 | #TLS_ALLOWSELFSIGNEDCERT=1 | |
182 |