1 | # Debian Cyrus imapd.conf |
---|
2 | # See imapd.conf(5) for more information and more options |
---|
3 | |
---|
4 | # Configuration directory |
---|
5 | configdirectory: /var/lib/cyrus |
---|
6 | |
---|
7 | # Which partition to use for default mailboxes |
---|
8 | defaultpartition: default |
---|
9 | partition-default: /var/spool/cyrus/mail |
---|
10 | |
---|
11 | # News setup |
---|
12 | partition-news: /var/spool/cyrus/news |
---|
13 | newsspool: /var/spool/news |
---|
14 | |
---|
15 | # Alternate namespace |
---|
16 | # If enabled, activate the alternate namespace as documented in |
---|
17 | # /usr/share/doc/cyrus21-doc/html/altnamespace.html, where an user's |
---|
18 | # subfolders are in the same level as the INBOX |
---|
19 | # See also userprefix and sharedprefix on imapd.conf(5) |
---|
20 | altnamespace: no |
---|
21 | |
---|
22 | # UNIX Hierarchy Convention |
---|
23 | # Set to yes, and cyrus will accept dots in names, and use the forward |
---|
24 | # slash "/" to delimit levels of the hierarchy. This is done by converting |
---|
25 | # internally all dots to "^", and all "/" to dots. So the "rabbit.holes" |
---|
26 | # mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes" |
---|
27 | unixhierarchysep: yes |
---|
28 | |
---|
29 | # Munging illegal characters in headers |
---|
30 | # Headers of RFC2882 messages must not have characters with the 8th bit |
---|
31 | # set. However, too many badly-written MUAs generate this, including most |
---|
32 | # spamware. Disable this if you want Cyrus to leave the crappage untouched |
---|
33 | # and you don't care that IMAP SEARCH won't work right anymore. |
---|
34 | reject8bit: no |
---|
35 | munge8bit: no |
---|
36 | |
---|
37 | # Forcing recipient user to lowercase |
---|
38 | # Cyrus 2.1 is case-sensitive. If all your mail users are in lowercase, it is |
---|
39 | # probably a very good idea to set lmtp_downcase_rcpt to true. The default is |
---|
40 | # to assume the user knows what he is doing, and not downcase anything. |
---|
41 | #lmtp_downcase_rcpt: yes |
---|
42 | |
---|
43 | # Uncomment the following and add the space-separated users who |
---|
44 | # have admin rights for all services. |
---|
45 | admins: expresso-admin |
---|
46 | |
---|
47 | # Space-separated list of users that have lmtp "admin" status (i.e. that |
---|
48 | # can deliver email through TCP/IP lmtp) in addition to those in the |
---|
49 | # admins: entry above |
---|
50 | #lmtp_admins: postman |
---|
51 | |
---|
52 | # Space-separated list of users that have mupdate "admin" status, in |
---|
53 | # addition to those in the admins: entry above. Note that mupdate slaves and |
---|
54 | # backends in a Murder cluster need to autenticate against the mupdate master |
---|
55 | # as admin users. |
---|
56 | #mupdate_admins: mupdateman |
---|
57 | |
---|
58 | # Space-separated list of users that have imapd "admin" status, in |
---|
59 | # addition to those in the admins: entry above |
---|
60 | #imap_admins: cyrus |
---|
61 | |
---|
62 | # Space-separated list of users that have sieve "admin" status, in |
---|
63 | # addition to those in the admins: entry above |
---|
64 | #sieve_admins: cyrus |
---|
65 | |
---|
66 | # List of users and groups that are allowed to proxy for other users, |
---|
67 | # seperated by spaces. Any user listed in this will be allowed to login |
---|
68 | # for any other user. Like "admins:" above, you can have imap_proxyservers |
---|
69 | # and sieve_proxyservers. |
---|
70 | #proxyservers: cyrus |
---|
71 | |
---|
72 | # No anonymous logins |
---|
73 | allowanonymouslogin: no |
---|
74 | |
---|
75 | # Minimum time between POP mail fetches in minutes |
---|
76 | popminpoll: 1 |
---|
77 | |
---|
78 | # If nonzero, normal users may create their own IMAP accounts by creating |
---|
79 | # the mailbox INBOX. The user's quota is set to the value if it is positive, |
---|
80 | # otherwise the user has unlimited quota. |
---|
81 | autocreatequota: 0 |
---|
82 | |
---|
83 | # umask used by Cyrus programs |
---|
84 | umask: 077 |
---|
85 | |
---|
86 | # Sendmail binary location |
---|
87 | # DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3. |
---|
88 | # For now, to work around the bug, set this to a wrapper that calls |
---|
89 | # /usr/sbin/sendmail -dropcr instead if you use Exim 3. |
---|
90 | #sendmail: /usr/sbin/sendmail |
---|
91 | |
---|
92 | # If enabled, cyrdeliver will look for Sieve scripts in user's home |
---|
93 | # directories: ~user/.sieve. |
---|
94 | sieveusehomedir: false |
---|
95 | |
---|
96 | # If sieveusehomedir is false, this directory is searched for Sieve scripts. |
---|
97 | sievedir: /var/spool/sieve |
---|
98 | |
---|
99 | # Extencoes para o SIEVE |
---|
100 | # Para o cyrus >= 2.4 |
---|
101 | sieve_extensions: fileinto reject vacation imapflags notify envelope relational regex subaddress copy body include |
---|
102 | |
---|
103 | # notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL" |
---|
104 | # notifications are disabled. Valid methods are: null, log, zephyr |
---|
105 | #mailnotifier: zephyr |
---|
106 | |
---|
107 | # notifyd(8) method to use for "SIEVE" notifications. If not set, "SIEVE" |
---|
108 | # notifications are disabled. This method is only used when no method is |
---|
109 | # specified in the script. Valid methods are null, log, zephyr, mailto |
---|
110 | #sievenotifier: zephyr |
---|
111 | |
---|
112 | # DRAC (pop-before-smtp, imap-before-smtp) support |
---|
113 | # Set dracinterval to the time in minutes to call DRAC while a user is |
---|
114 | # connected to the imap/pop services. Set to 0 to disable DRAC (default) |
---|
115 | # Set drachost to the host where the rpc drac service is running |
---|
116 | #dracinterval: 0 |
---|
117 | #drachost: localhost |
---|
118 | |
---|
119 | # If enabled, the partitions will also be hashed, in addition to the hashing |
---|
120 | # done on configuration directories. This is recommended if one partition has a |
---|
121 | # very bushy mailbox tree. |
---|
122 | hashimapspool: true |
---|
123 | |
---|
124 | # Allow plaintext logins by default (SASL PLAIN) |
---|
125 | allowplaintext: yes |
---|
126 | |
---|
127 | # Force PLAIN/LOGIN authentication only |
---|
128 | # (you need to uncomment this if you are not using an auxprop-based SASL |
---|
129 | # mechanism. saslauthd users, that means you!). And pay attention to |
---|
130 | # sasl_minimum_layer and allowapop below, too. |
---|
131 | sasl_mech_list: PLAIN |
---|
132 | |
---|
133 | # Allow use of the POP3 APOP authentication command. |
---|
134 | # Note that this command requires that the plaintext passwords are |
---|
135 | # available in a SASL auxprop backend (eg. sasldb), and that the system |
---|
136 | # can provide enough entropy (eg. from /dev/urandom) to create a challenge |
---|
137 | # in the banner. |
---|
138 | #allowapop: no |
---|
139 | |
---|
140 | # The minimum SSF that the server will allow a client to negotiate. A |
---|
141 | # value of 1 requires integrity protection; any higher value requires some |
---|
142 | # amount of encryption. |
---|
143 | #sasl_minimum_layer: 0 |
---|
144 | |
---|
145 | # The maximum SSF that the server will allow a client to negotiate. A |
---|
146 | # value of 1 requires integrity protection; any higher value requires some |
---|
147 | # amount of encryption. |
---|
148 | #sasl_maximum_layer: 256 |
---|
149 | |
---|
150 | # List of remote realms whose users may log in using cross-realm |
---|
151 | # authentications. Seperate each realm name by a space. A cross-realm |
---|
152 | # identity is considered any identity returned by SASL with an "@" in it. |
---|
153 | #loginrealms: |
---|
154 | |
---|
155 | # |
---|
156 | # SASL library options (these are handled directly by the SASL libraries, |
---|
157 | # refer to SASL documentation for an up-to-date list of these) |
---|
158 | # |
---|
159 | |
---|
160 | # The mechanism(s) used by the server to verify plaintext passwords. Possible |
---|
161 | # values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue". They |
---|
162 | # are tried in order, you can specify more than one, separated by spaces. |
---|
163 | # |
---|
164 | # Do note that, since sasl will be run as user cyrus, you may have a lot of |
---|
165 | # trouble to set this up right. |
---|
166 | sasl_pwcheck_method: saslauthd |
---|
167 | |
---|
168 | # What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop |
---|
169 | # by default, all plugins are tried (which is probably NOT what you want). |
---|
170 | #sasl_auxprop_plugin: sasldb |
---|
171 | |
---|
172 | # If enabled, the SASL library will automatically create authentication secrets |
---|
173 | # when given a plaintext password. Refer to SASL documentation |
---|
174 | sasl_auto_transition: no |
---|
175 | |
---|
176 | # |
---|
177 | # SSL/TLS Options |
---|
178 | # |
---|
179 | |
---|
180 | # File containing the global certificate used for ALL services (imap, pop3, |
---|
181 | # lmtp, sieve) |
---|
182 | #tls_cert_file: /etc/ssl/certs/cyrus-global.pem |
---|
183 | |
---|
184 | # File containing the private key belonging to the global server certificate. |
---|
185 | #tls_key_file: /etc/ssl/private/cyrus-global.key |
---|
186 | |
---|
187 | # File containing the certificate used for imap. If not specified, the global |
---|
188 | # certificate is used. A value of "disabled" will disable SSL/TLS for imap. |
---|
189 | #tls_imap_cert_file: /etc/ssl/certs/cyrus-imap.pem |
---|
190 | |
---|
191 | # File containing the private key belonging to the imap-specific server |
---|
192 | # certificate. If not specified, the global private key is used. A value of |
---|
193 | # "disabled" will disable SSL/TLS for imap. |
---|
194 | #tls_imap_key_file: /etc/ssl/private/cyrus-imap.key |
---|
195 | |
---|
196 | # File containing the certificate used for pop3. If not specified, the global |
---|
197 | # certificate is used. A value of "disabled" will disable SSL/TLS for pop3. |
---|
198 | #tls_pop3_cert_file: /etc/ssl/certs/cyrus-pop3.pem |
---|
199 | |
---|
200 | # File containing the private key belonging to the pop3-specific server |
---|
201 | # certificate. If not specified, the global private key is used. A value of |
---|
202 | # "disabled" will disable SSL/TLS for pop3. |
---|
203 | #tls_pop3_key_file: /etc/ssl/private/cyrus-pop3.key |
---|
204 | |
---|
205 | # File containing the certificate used for lmtp. If not specified, the global |
---|
206 | # certificate is used. A value of "disabled" will disable SSL/TLS for lmtp. |
---|
207 | #tls_lmtp_cert_file: /etc/ssl/certs/cyrus-lmtp.pem |
---|
208 | |
---|
209 | # File containing the private key belonging to the lmtp-specific server |
---|
210 | # certificate. If not specified, the global private key is used. A value of |
---|
211 | # "disabled" will disable SSL/TLS for lmtp. |
---|
212 | #tls_lmtp_key_file: /etc/ssl/private/cyrus-lmtp.key |
---|
213 | |
---|
214 | # File containing the certificate used for sieve. If not specified, the global |
---|
215 | # certificate is used. A value of "disabled" will disable SSL/TLS for sieve. |
---|
216 | #tls_sieve_cert_file: /etc/ssl/certs/cyrus-sieve.pem |
---|
217 | |
---|
218 | # File containing the private key belonging to the sieve-specific server |
---|
219 | # certificate. If not specified, the global private key is used. A value of |
---|
220 | # "disabled" will disable SSL/TLS for sieve. |
---|
221 | #tls_sieve_key_file: /etc/ssl/private/cyrus-sieve.key |
---|
222 | |
---|
223 | # File containing one or more Certificate Authority (CA) certificates. |
---|
224 | #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem |
---|
225 | |
---|
226 | # Path to directory with certificates of CAs. |
---|
227 | tls_ca_path: /etc/ssl/certs |
---|
228 | |
---|
229 | # The length of time (in minutes) that a TLS session will be cached for later |
---|
230 | # reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will |
---|
231 | # disable session caching. |
---|
232 | tls_session_timeout: 1440 |
---|
233 | |
---|
234 | # The list of SSL/TLS ciphers to allow. The format of the string is described |
---|
235 | # in ciphers(1). THIS DISABLES THE WEAK 'FOR EXPORT' CRAP! |
---|
236 | tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH |
---|
237 | |
---|
238 | # Require a client certificate for ALL services (imap, pop3, lmtp, sieve). |
---|
239 | #tls_require_cert: false |
---|
240 | |
---|
241 | # Require a client certificate for imap ONLY. |
---|
242 | #tls_imap_require_cert: false |
---|
243 | |
---|
244 | # Require a client certificate for pop3 ONLY. |
---|
245 | #tls_pop3_require_cert: false |
---|
246 | |
---|
247 | # Require a client certificate for lmtp ONLY. |
---|
248 | #tls_lmtp_require_cert: false |
---|
249 | |
---|
250 | # Require a client certificate for sieve ONLY. |
---|
251 | #tls_sieve_require_cert: false |
---|
252 | |
---|
253 | # |
---|
254 | # Cyrus Murder cluster configuration |
---|
255 | # |
---|
256 | # Set the following options to the values needed for this server to |
---|
257 | # autenticate against the mupdate master server: |
---|
258 | # mupdate_server |
---|
259 | # mupdate_port |
---|
260 | # mupdate_username |
---|
261 | # mupdate_authname |
---|
262 | # mupdate_realm |
---|
263 | # mupdate_password |
---|
264 | # mupdate_retry_delay |
---|
265 | |
---|
266 | ## |
---|
267 | ## KEEP THESE IN SYNC WITH cyrus.conf |
---|
268 | ## |
---|
269 | # Unix domain socket that lmtpd listens on. |
---|
270 | lmtpsocket: /var/run/cyrus/socket/lmtp |
---|
271 | |
---|
272 | # Unix domain socket that idled listens on. |
---|
273 | idlesocket: /var/run/cyrus/socket/idle |
---|
274 | |
---|
275 | # Unix domain socket that the new mail notification daemon listens on. |
---|
276 | notifysocket: /var/run/cyrus/socket/notify |
---|
277 | |
---|
278 | ## |
---|
279 | ## DEBUGGING |
---|
280 | ## |
---|
281 | # Debugging hook. See /usr/share/doc/cyrus21-common/README.Debian.debug |
---|
282 | # Keep the hook disabled when it is not in use |
---|
283 | # |
---|
284 | # gdb Back-traces |
---|
285 | #debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 & |
---|
286 | # |
---|
287 | # system-call traces |
---|
288 | #debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 & |
---|
289 | # |
---|
290 | # library traces |
---|
291 | #debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 & |
---|
292 | |
---|
293 | # Allow rename of users |
---|
294 | allowusermoves: yes |
---|
295 | |
---|
296 | #Size (in kilobytes) of the shared memory buffer pool (cache) used by the berkeley environment. |
---|
297 | berkeley_cachesize: 2048 |
---|
298 | |
---|
299 | #Maximum number of transactions to be supported in the berkeley environment. |
---|
300 | berkeley_txns_max: 200 |
---|
301 | |
---|
302 | # Disable duplicate message suppression |
---|
303 | duplicatesuppression: 0 |
---|
304 | |
---|
305 | #lmtpd returns a permanent failure code when a user's mailbox is over quota. |
---|
306 | lmtp_over_quota_perm_failure: 1 |
---|