# Addresses to listen on, can be set to a single IP address. # 0 means all IP addresses. # # ADDRESS/ADDRESS_SSL can be used to default a specific IP # address for every listed port number. ADDRESS=0 ADDRESS_SSL=0 # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 PORTS=143 PORTS_SSL=993 # Maximum number of IMAP servers started # MAXDAEMONS=40 # Maximum number of connections to accept from the same IP address # MAXPERIP=4 # Where mail is stored (relative to $HOME) # MAILDIR="Maildir" # Miscellaneous couriertcpd options that shouldn't be changed. # #TCPDOPTS="-nodnslookup -noidentlookup" # IMAP_CAPABILITY specifies what most of the response should be to the # CAPABILITY command. # # If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1 # authentication (see INSTALL), set IMAP_CAPABILITY as follows: # # IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1" # # Otherwise, leave it set to the default value. The IDLE keyword can also # be added, in experimental mode. # # NOTE: CRAM-SHA1 is considered experimental at this time. # IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT" # The following setting will advertise SASL PLAIN authentication after # STARTTLS is established. If you want to allow SASL PLAIN authentication # with or without TLS then just comment this out, and add AUTH=PLAIN to # IMAP_CAPABILITY # IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" # If you want to try out the IDLE extension, this setting controls how often # the server polls for changes to the folder, in IDLE mode (in seconds). # IMAP_IDLE_TIMEOUT=60 # Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands - # server side sorting and threading. # # Those capabilities will still be advertised, but the server will reject # them. Set this option if you want to disable all the extra load from # server-side threading and sorting. Not advertising those capabilities # will simply result in the clients reading the entire folder, and sorting # it on the client side. That will still put some load on the server. # advertising these capabilities, but rejecting the commands, will stop this # silliness. # IMAP_DISABLETHREADSORT=0 # Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new # mail in every folder. Not all IMAP clients use an IMAP's server new mail # indicator, but some do, and normally new mail is checked only in INBOX, # because it is a comparatively time consuming operation, and it would be # a complete waste of time unless mail filters are used to deliver new # mail directly to folders. # # When IMAP clients are used which support new mail indication, and when # mail filters are used to sort incoming mail into folders, setting # IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new # mail in folders. Note that this will result in slightly more load on the # server. # IMAP_CHECK_ALL_FOLDERS=0 # Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean # what \\HasNoChildren really means. # IMAP_OBSOLETE_CLIENT=0 # IMAP_ULIMITD sets the maximum size of the data segment of the server # process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d" # command. The argument to ulimit -d sets the upper limit on the size # of the data segment of the server process, in kilobytes. The default # value of 65536 sets a very generous limit of 64 megabytes, which should # be more than plenty for anyone. # # This feature is used as an additional safety check that should stop # any potential denial-of-service attacks that exploit any kind of # a memory leak to exhaust all the available memory on the server. # It is theoretically possible that obscenely huge folders will also # result in the server running out of memory when doing server-side # sorting (by my calculations you have to have at least 100,000 messages # in a single folder, for that to happen). # IMAP_ULIMITD=65536 # Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP # clients that open multiple connections to the server. I would hope that # most IMAP clients are sane enough not to issue commands to multiple IMAP # channels which conflict with each other. # IMAP_USELOCKS=0 # The following setting is optional, and causes messages from the given # folder to be automatically deleted after the given number of days. # IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default # setting, below, purges 7 day old messages from the Trash folder. # Another useful setting would be: # # IMAP_EMPTYTRASH=Trash:7,Sent:30 # # This would also delete messages from the Sent folder (presumably copies # of sent mail) after 30 days. This is a global setting that is applied to # every mail account, and is probably useful in a controlled, corporate # environment. # # You might want to disable this setting in certain situations - it results # in a stat() of every file in each folder, at login and logout. # IMAP_EMPTYTRASH=Trash:7 # Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This # effectively allows an undo of message deletion by fishing the deleted # mail from trash. Trash can be manually expunged as usually, and mail # will get automatically expunged from Trash according to IMAP_EMPTYTRASH. # # NOTE: shared folders are still expunged as usual. Shared folders are # not affected. # IMAP_MOVE_EXPUNGE_TO_TRASH=0 # Whether or not to start IMAP over SSL on simap port: # IMAPDSSLSTART=NO # Whether or not to implement IMAP STARTTLS extension instead: # IMAP_STARTTLS=YES # Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. # (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS # is issued). # IMAP_TLS_REQUIRED=0 # The following variables configure IMAP over SSL. If OpenSSL is available # during configuration, the couriertls helper gets compiled, and upon # installation a dummy TLS_CERTFILE gets generated. courieresmtpd will # automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE # and COURIERTLS exist. # COURIERTLS=/usr/bin/couriertls # TLS_PROTOCOL sets the protocol version. The possible versions are: # # SSL2 - SSLv2 # SSL3 - SSLv3 # TLS1 - TLS1 # TLS_PROTOCOL=SSL3 # TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS # extension, as opposed to IMAP over SSL on port 993. # TLS_STARTTLS_PROTOCOL=TLS1 # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST # undefined # #TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair. # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA # you must generate a DH pair that will be used. In most situations the # DH pair is to be treated as confidential, and the file specified by # TLS_DHCERTFILE must not be world-readable. # #TLS_DHCERTFILE= # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually # treated as confidential, and must not be world-readable. # TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. # pathname can be a file or a directory. If a file, the file should # contain a list of trusted certificates, in PEM format. If a # directory, the directory should contain the trusted certificates, # in PEM format, one per file and hashed using OpenSSL's c_rehash # script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying # the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set # to PEER or REQUIREPEER). # # TLS_TRUSTCERTS= # TLS_VERIFYPEER - how to verify peer certificates. The possible values of # this setting are: # # NONE - do not verify anything # # PEER - verify the peer certificate, if one's presented # # REQUIREPEER - require a peer certificate, fail if one's not presented # # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients # will usually set TLS_VERIFYPEER to REQUIREPEER. # TLS_VERIFYPEER=NONE # TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using # TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates # that are not signed by a recognized certificate authority. This allows # clients to simply verify that a server certificate is available. # #TLS_ALLOWSELFSIGNEDCERT=1