1 # Address to listen on, can be set to a single IP address.
5 # Maximum number of IMAP servers started
9 # Maximum number of connections to accept from the same IP address
13 # Where mail is stored (relative to $HOME)
17 # Miscellaneous couriertcpd options that shouldn't be changed.
19 #TCPDOPTS="-nodnslookup -noidentlookup"
21 # If this version of Courier-IMAP includes support for CRAM-MD5
22 # authentication (the authcram authentication modules gets compiled and
23 # installed), you change IMAP_CAPABILITY below to read as follows:
25 # IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5"
27 IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"
29 # The following setting will advertise SASL PLAIN authentication after
30 # STARTTLS is established. If you want to allow SASL PLAIN authentication
31 # with or without TLS then just comment this out, and add AUTH=PLAIN to
34 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
36 # Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
37 # server side sorting and threading.
39 # Those capabilities will still be advertised, but the server will reject
40 # them. Set this option if you want to disable all the extra load from
41 # server-side threading and sorting. Not advertising those capabilities
42 # will simply result in the clients reading the entire folder, and sorting
43 # it on the client side. That will still put some load on the server.
44 # advertising these capabilities, but rejecting the commands, will stop this
47 IMAP_DISABLETHREADSORT=0
49 # Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
50 # mail in every folder. Not all IMAP clients use an IMAP's server new mail
51 # indicator, but some do, and normally new mail is checked only in INBOX,
52 # because it is a comparatively time consuming operation, and it would be
53 # a complete waste of time unless mail filters are used to deliver new
54 # mail directly to folders.
56 # When IMAP clients are used which support new mail indication, and when
57 # mail filters are used to sort incoming mail into folders, setting
58 # IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
59 # mail in folders. Note that this will result in slightly more load on the
62 IMAP_CHECK_ALL_FOLDERS=0
64 # Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
65 # what \\HasNoChildren really means.
67 IMAP_OBSOLETE_CLIENT=0
69 # IMAP_ULIMITD sets the maximum size of the data segment of the server
70 # process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
71 # command. The argument to ulimit -d sets the upper limit on the size
72 # of the data segment of the server process, in kilobytes. The default
73 # value of 65536 sets a very generous limit of 64 megabytes, which should
74 # be more than plenty for anyone.
76 # This feature is used as an additional safety check that should stop
77 # any potential denial-of-service attacks that exploit any kind of
78 # a memory leak to exhaust all the available memory on the server.
79 # It is theoretically possible that obscenely huge folders will also
80 # result in the server running out of memory when doing server-side
81 # sorting (by my calculations you have to have at least 100,000 messages
82 # in a single folder, for that to happen).
86 # Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
87 # clients that open multiple connections to the server. I would hope that
88 # most IMAP clients are sane enough not to issue commands to multiple IMAP
89 # channels which conflict with each other.
93 # Purge messages from the Trash folder after this number of days. This is
94 # mainly for the Netscape Communicator client, which automatically moves
95 # deleted messages into Trash. Remove this variable complete to disable
100 # Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
101 # effectively allows an undo of message deletion by fishing the deleted
102 # mail from trash. Trash can be manually expunged as usually, and mail
103 # will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
105 # NOTE: shared folders are still expunged as usual. Shared folders are
108 IMAP_MOVE_EXPUNGE_TO_TRASH=0
110 # Whether or not to start IMAP over SSL on simap port:
114 # Whether or not to implement IMAP STARTTLS extension instead:
118 # Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
119 # (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
124 # TLS_PROTOCOL sets the protocol version. The possible versions are:
132 # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
133 # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
136 #TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
138 # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
139 # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
140 # you must generate a DH pair that will be used. In most situations the
141 # DH pair is to be treated as confidential, and the file specified by
142 # TLS_DHCERTFILE must not be world-readable.
146 # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
147 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
148 # treated as confidential, and must not be world-readable.
150 TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem
152 # TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
153 # certificates are signed by a specific certificate authority, set
154 # TLS_OURCACERT to the name of the file containing the certificate authority
155 # root key, and set TLS_PEERCERTDIR to the name of the directory containing
156 # the allowed certificates.
161 # TLS_VERIFYPEER - how to verify peer certificates. The possible values of
164 # NONE - do not verify anything
166 # PEER - verify the peer certificate, if one's presented
168 # REQUIREPEER - require a peer certificate, fail if one's not presented
170 # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
171 # will usually set TLS_VERIFYPEER to REQUIREPEER.
175 # TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
176 # TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
177 # that are not signed by a recognized certificate authority. This allows
178 # clients to simply verify that a server certificate is available.
180 #TLS_ALLOWSELFSIGNEDCERT=1