1 # Maximum number of POP3 servers started
5 # Maximum number of connections to accept from the same IP address
9 # Where mail is stored (relative to $HOME)
13 # To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
18 # To also advertise SASL PLAIN if SSL is enabled, uncomment the
19 # POP3AUTH_TLS environment variable:
21 #POP3AUTH_TLS="LOGIN PLAIN"
23 # IP address to listen on. 0 means all IP addresses.
27 # Other couriertcpd(1) options. The following defaults should be fine.
29 #TCPDOPTS="-nodnslookup -noidentlookup"
33 # TLS_PROTOCOL sets the protocol version. The possible versions are:
41 # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
42 # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
45 #TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
47 # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
48 # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
49 # you must generate a DH pair that will be used. In most situations the
50 # DH pair is to be treated as confidential, and the file specified by
51 # TLS_DHCERTFILE must not be world-readable.
55 # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
56 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
57 # treated as confidential, and must not be world-readable.
59 TLS_CERTFILE=/var/lib/openssl/certs/pop3d.pem
61 # TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
62 # certificates are signed by a specific certificate authority, set
63 # TLS_OURCACERT to the name of the file containing the certificate authority
64 # root key, and set TLS_PEERCERTDIR to the name of the directory containing
65 # the allowed certificates.
70 # TLS_VERIFYPEER - how to verify peer certificates. The possible values of
73 # NONE - do not verify anything
75 # PEER - verify the peer certificate, if one's presented
77 # REQUIREPEER - require a peer certificate, fail if one's not presented
79 # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
80 # will usually set TLS_VERIFYPEER to REQUIREPEER.
84 # TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
85 # TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
86 # that are not signed by a recognized certificate authority. This allows
87 # clients to simply verify that a server certificate is available.
89 #TLS_ALLOWSELFSIGNEDCERT=1