--- /dev/null
+#!/bin/sh
+# IMAP Auth Daemon
+#
+# chkconfig: 345 80 20
+# description: IMAP Auth Daemon
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+# Get network config
+. /etc/sysconfig/network
+
+METHOD="plain"
+
+[ -f /etc/sysconfig/authdaemon ] && . /etc/sysconfig/authdaemon
+
+# Check that networking is up.
+if is_no "${NETWORKING}" ; then
+ msg_Network_Down "Courier IMAP - Authdaemon"
+ exit 1
+fi
+
+# See how we were called.
+case "$1" in
+ start)
+ # Check if the service is already running?
+ if [ ! -f /var/lock/subsys/authdaemon ]; then
+ msg_starting "Courier IMAP - Authdaemon"
+ daemon /usr/lib/courier-imap/authlib/authdaemond.$METHOD start
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/authdaemon
+ else
+ msg_Already_Running "Courier IMAP - Authdaemon"
+ exit 1
+ fi
+ ;;
+ stop)
+ if [ -f /var/lock/subsys/authdaemon ]; then
+ msg_stopping "Courier IMAP - Authdaemon"
+ daemon /usr/lib/courier-imap/authlib/authdaemond.$METHOD stop
+ RETVAL=$?
+ rm -f /var/lock/subsys/authdaemon
+ else
+ msg_not_running "Courier IMAP - Authdaemon"
+ exit 1
+ fi
+ ;;
+ restart|reload)
+ $0 stop
+ $0 start
+ ;;
+ status)
+ status authdaemond.$METHOD
+ ;;
+ *)
+ msg_Usage "$0 {start|stop|restart|reload|status}"
+ exit 1
+esac
+
+exit $RETVAL
+
--- /dev/null
+#%PAM-1.0
+auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
+auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/security/blacklist.pop3 onerr=succeed
+auth required /lib/security/pam_unix.so
+auth required /lib/security/pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root
+auth required /lib/security/pam_nologin.so
+account required /lib/security/pam_tally.so deny=0 file=/var/log/faillog onerr=succeed no_magic_root
+account required /lib/security/pam_unix.so
+session required /lib/security/pam_unix.so
--- /dev/null
+# Maximum number of POP3 servers started
+#
+MAXDAEMONS=40
+
+# Maximum number of connections to accept from the same IP address
+#
+MAXPERIP=4
+
+# Where mail is stored (relative to $HOME)
+#
+MAILDIR="Maildir"
+
+# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
+# variable:
+#
+#POP3AUTH="LOGIN"
+
+# To also advertise SASL PLAIN if SSL is enabled, uncomment the
+# POP3AUTH_TLS environment variable:
+#
+#POP3AUTH_TLS="LOGIN PLAIN"
+
+# IP address to listen on. 0 means all IP addresses.
+#
+ADDRESS=0.0.0.0
+
+# Other couriertcpd(1) options. The following defaults should be fine.
+#
+#TCPDOPTS="-nodnslookup -noidentlookup"
+
+POP3DSSLSTART=yes
+
+# TLS_PROTOCOL sets the protocol version. The possible versions are:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# TLS1 - TLS1
+#
+TLS_PROTOCOL=SSL3
+
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+
+# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used. In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+#TLS_DHCERTFILE=
+
+# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable.
+#
+TLS_CERTFILE=/var/lib/openssl/certs/pop3d.pem
+
+# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
+# certificates are signed by a specific certificate authority, set
+# TLS_OURCACERT to the name of the file containing the certificate authority
+# root key, and set TLS_PEERCERTDIR to the name of the directory containing
+# the allowed certificates.
+#
+#TLS_PEERCERTDIR=
+#TLS_OURCACERT=
+
+# TLS_VERIFYPEER - how to verify peer certificates. The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the peer certificate, if one's presented
+#
+# REQUIREPEER - require a peer certificate, fail if one's not presented
+#
+# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
+# will usually set TLS_VERIFYPEER to REQUIREPEER.
+#
+TLS_VERIFYPEER=NONE
+
+# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
+# TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
+# that are not signed by a recognized certificate authority. This allows
+# clients to simply verify that a server certificate is available.
+#
+#TLS_ALLOWSELFSIGNEDCERT=1
+