1 # Addresses to listen on, can be set to a single IP address.
2 # 0 means all IP addresses.
4 # ADDRESS/ADDRESS_SSL can be used to default a specific IP
5 # address for every listed port number.
10 # Multiple port numbers can be separated by commas. When multiple port
11 # numbers are used it is possibly to select a specific IP address for
12 # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
13 # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
18 # Maximum number of IMAP servers started
22 # Maximum number of connections to accept from the same IP address
26 # Where mail is stored (relative to $HOME)
30 # Miscellaneous couriertcpd options that shouldn't be changed.
32 #TCPDOPTS="-nodnslookup -noidentlookup"
34 # IMAP_CAPABILITY specifies what most of the response should be to the
37 # If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
38 # authentication (see INSTALL), set IMAP_CAPABILITY as follows:
40 # IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1"
42 # Otherwise, leave it set to the default value. The IDLE keyword can also
43 # be added, in experimental mode.
45 # NOTE: CRAM-SHA1 is considered experimental at this time.
47 IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"
49 # The following setting will advertise SASL PLAIN authentication after
50 # STARTTLS is established. If you want to allow SASL PLAIN authentication
51 # with or without TLS then just comment this out, and add AUTH=PLAIN to
54 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
56 # If you want to try out the IDLE extension, this setting controls how often
57 # the server polls for changes to the folder, in IDLE mode (in seconds).
61 # Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
62 # server side sorting and threading.
64 # Those capabilities will still be advertised, but the server will reject
65 # them. Set this option if you want to disable all the extra load from
66 # server-side threading and sorting. Not advertising those capabilities
67 # will simply result in the clients reading the entire folder, and sorting
68 # it on the client side. That will still put some load on the server.
69 # advertising these capabilities, but rejecting the commands, will stop this
72 IMAP_DISABLETHREADSORT=0
74 # Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
75 # mail in every folder. Not all IMAP clients use an IMAP's server new mail
76 # indicator, but some do, and normally new mail is checked only in INBOX,
77 # because it is a comparatively time consuming operation, and it would be
78 # a complete waste of time unless mail filters are used to deliver new
79 # mail directly to folders.
81 # When IMAP clients are used which support new mail indication, and when
82 # mail filters are used to sort incoming mail into folders, setting
83 # IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
84 # mail in folders. Note that this will result in slightly more load on the
87 IMAP_CHECK_ALL_FOLDERS=0
89 # Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
90 # what \\HasNoChildren really means.
92 IMAP_OBSOLETE_CLIENT=0
94 # IMAP_ULIMITD sets the maximum size of the data segment of the server
95 # process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
96 # command. The argument to ulimit -d sets the upper limit on the size
97 # of the data segment of the server process, in kilobytes. The default
98 # value of 65536 sets a very generous limit of 64 megabytes, which should
99 # be more than plenty for anyone.
101 # This feature is used as an additional safety check that should stop
102 # any potential denial-of-service attacks that exploit any kind of
103 # a memory leak to exhaust all the available memory on the server.
104 # It is theoretically possible that obscenely huge folders will also
105 # result in the server running out of memory when doing server-side
106 # sorting (by my calculations you have to have at least 100,000 messages
107 # in a single folder, for that to happen).
111 # Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
112 # clients that open multiple connections to the server. I would hope that
113 # most IMAP clients are sane enough not to issue commands to multiple IMAP
114 # channels which conflict with each other.
118 # The following setting is optional, and causes messages from the given
119 # folder to be automatically deleted after the given number of days.
120 # IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default
121 # setting, below, purges 7 day old messages from the Trash folder.
122 # Another useful setting would be:
124 # IMAP_EMPTYTRASH=Trash:7,Sent:30
126 # This would also delete messages from the Sent folder (presumably copies
127 # of sent mail) after 30 days. This is a global setting that is applied to
128 # every mail account, and is probably useful in a controlled, corporate
131 # You might want to disable this setting in certain situations - it results
132 # in a stat() of every file in each folder, at login and logout.
134 IMAP_EMPTYTRASH=Trash:7
136 # Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
137 # effectively allows an undo of message deletion by fishing the deleted
138 # mail from trash. Trash can be manually expunged as usually, and mail
139 # will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
141 # NOTE: shared folders are still expunged as usual. Shared folders are
144 IMAP_MOVE_EXPUNGE_TO_TRASH=0
146 # Whether or not to start IMAP over SSL on simap port:
150 # Whether or not to implement IMAP STARTTLS extension instead:
154 # Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
155 # (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
160 # The following variables configure IMAP over SSL. If OpenSSL is available
161 # during configuration, the couriertls helper gets compiled, and upon
162 # installation a dummy TLS_CERTFILE gets generated. courieresmtpd will
163 # automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
164 # and COURIERTLS exist.
166 COURIERTLS=/usr/bin/couriertls
168 # TLS_PROTOCOL sets the protocol version. The possible versions are:
176 # TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
177 # extension, as opposed to IMAP over SSL on port 993.
179 TLS_STARTTLS_PROTOCOL=TLS1
181 # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
182 # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
185 #TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
187 # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
188 # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
189 # you must generate a DH pair that will be used. In most situations the
190 # DH pair is to be treated as confidential, and the file specified by
191 # TLS_DHCERTFILE must not be world-readable.
195 # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
196 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
197 # treated as confidential, and must not be world-readable.
199 TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem
201 # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
202 # pathname can be a file or a directory. If a file, the file should
203 # contain a list of trusted certificates, in PEM format. If a
204 # directory, the directory should contain the trusted certificates,
205 # in PEM format, one per file and hashed using OpenSSL's c_rehash
206 # script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
207 # the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
208 # to PEER or REQUIREPEER).
212 # TLS_VERIFYPEER - how to verify peer certificates. The possible values of
215 # NONE - do not verify anything
217 # PEER - verify the peer certificate, if one's presented
219 # REQUIREPEER - require a peer certificate, fail if one's not presented
221 # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE. SSL/TLS clients
222 # will usually set TLS_VERIFYPEER to REQUIREPEER.
226 # TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
227 # TLS_VERIFYPEER=NONE. TLS_ALLOWSELFSIGNEDCERT ignores server certificates
228 # that are not signed by a recognized certificate authority. This allows
229 # clients to simply verify that a server certificate is available.
231 #TLS_ALLOWSELFSIGNEDCERT=1