[5797] | 1 | # Debian Cyrus imapd.conf |
---|
| 2 | # See imapd.conf(5) for more information and more options |
---|
| 3 | |
---|
| 4 | # Configuration directory |
---|
| 5 | configdirectory: /var/lib/cyrus |
---|
| 6 | |
---|
| 7 | # Which partition to use for default mailboxes |
---|
| 8 | defaultpartition: default |
---|
| 9 | partition-default: /var/spool/cyrus/mail |
---|
| 10 | |
---|
| 11 | # News setup |
---|
| 12 | partition-news: /var/spool/cyrus/news |
---|
| 13 | newsspool: /var/spool/news |
---|
| 14 | |
---|
| 15 | # Alternate namespace |
---|
| 16 | # If enabled, activate the alternate namespace as documented in |
---|
| 17 | # /usr/share/doc/cyrus21-doc/html/altnamespace.html, where an user's |
---|
| 18 | # subfolders are in the same level as the INBOX |
---|
| 19 | # See also userprefix and sharedprefix on imapd.conf(5) |
---|
| 20 | altnamespace: no |
---|
| 21 | |
---|
| 22 | # UNIX Hierarchy Convention |
---|
| 23 | # Set to yes, and cyrus will accept dots in names, and use the forward |
---|
| 24 | # slash "/" to delimit levels of the hierarchy. This is done by converting |
---|
| 25 | # internally all dots to "^", and all "/" to dots. So the "rabbit.holes" |
---|
| 26 | # mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes" |
---|
| 27 | unixhierarchysep: yes |
---|
| 28 | |
---|
| 29 | # Munging illegal characters in headers |
---|
| 30 | # Headers of RFC2882 messages must not have characters with the 8th bit |
---|
| 31 | # set. However, too many badly-written MUAs generate this, including most |
---|
| 32 | # spamware. Disable this if you want Cyrus to leave the crappage untouched |
---|
| 33 | # and you don't care that IMAP SEARCH won't work right anymore. |
---|
| 34 | reject8bit: no |
---|
| 35 | munge8bit: no |
---|
| 36 | |
---|
| 37 | # Forcing recipient user to lowercase |
---|
| 38 | # Cyrus 2.1 is case-sensitive. If all your mail users are in lowercase, it is |
---|
| 39 | # probably a very good idea to set lmtp_downcase_rcpt to true. The default is |
---|
| 40 | # to assume the user knows what he is doing, and not downcase anything. |
---|
| 41 | #lmtp_downcase_rcpt: yes |
---|
| 42 | |
---|
| 43 | # Uncomment the following and add the space-separated users who |
---|
| 44 | # have admin rights for all services. |
---|
| 45 | admins: expresso-admin |
---|
| 46 | |
---|
| 47 | # Space-separated list of users that have lmtp "admin" status (i.e. that |
---|
| 48 | # can deliver email through TCP/IP lmtp) in addition to those in the |
---|
| 49 | # admins: entry above |
---|
| 50 | #lmtp_admins: postman |
---|
| 51 | |
---|
| 52 | # Space-separated list of users that have mupdate "admin" status, in |
---|
| 53 | # addition to those in the admins: entry above. Note that mupdate slaves and |
---|
| 54 | # backends in a Murder cluster need to autenticate against the mupdate master |
---|
| 55 | # as admin users. |
---|
| 56 | #mupdate_admins: mupdateman |
---|
| 57 | |
---|
| 58 | # Space-separated list of users that have imapd "admin" status, in |
---|
| 59 | # addition to those in the admins: entry above |
---|
| 60 | #imap_admins: cyrus |
---|
| 61 | |
---|
| 62 | # Space-separated list of users that have sieve "admin" status, in |
---|
| 63 | # addition to those in the admins: entry above |
---|
| 64 | #sieve_admins: cyrus |
---|
| 65 | |
---|
| 66 | # List of users and groups that are allowed to proxy for other users, |
---|
| 67 | # seperated by spaces. Any user listed in this will be allowed to login |
---|
| 68 | # for any other user. Like "admins:" above, you can have imap_proxyservers |
---|
| 69 | # and sieve_proxyservers. |
---|
| 70 | #proxyservers: cyrus |
---|
| 71 | |
---|
| 72 | # No anonymous logins |
---|
| 73 | allowanonymouslogin: no |
---|
| 74 | |
---|
| 75 | # Minimum time between POP mail fetches in minutes |
---|
| 76 | popminpoll: 1 |
---|
| 77 | |
---|
| 78 | # If nonzero, normal users may create their own IMAP accounts by creating |
---|
| 79 | # the mailbox INBOX. The user's quota is set to the value if it is positive, |
---|
| 80 | # otherwise the user has unlimited quota. |
---|
| 81 | autocreatequota: 0 |
---|
| 82 | |
---|
| 83 | # umask used by Cyrus programs |
---|
| 84 | umask: 077 |
---|
| 85 | |
---|
| 86 | # Sendmail binary location |
---|
| 87 | # DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3. |
---|
| 88 | # For now, to work around the bug, set this to a wrapper that calls |
---|
| 89 | # /usr/sbin/sendmail -dropcr instead if you use Exim 3. |
---|
| 90 | #sendmail: /usr/sbin/sendmail |
---|
| 91 | |
---|
| 92 | # If enabled, cyrdeliver will look for Sieve scripts in user's home |
---|
| 93 | # directories: ~user/.sieve. |
---|
| 94 | sieveusehomedir: false |
---|
| 95 | |
---|
| 96 | # If sieveusehomedir is false, this directory is searched for Sieve scripts. |
---|
| 97 | sievedir: /var/spool/sieve |
---|
| 98 | |
---|
[6081] | 99 | # Extencoes para o SIEVE |
---|
| 100 | # Para o cyrus >= 2.4 |
---|
| 101 | sieve_extensions: fileinto reject vacation imapflags notify envelope relational regex subaddress copy body include |
---|
| 102 | |
---|
[5797] | 103 | # notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL" |
---|
| 104 | # notifications are disabled. Valid methods are: null, log, zephyr |
---|
| 105 | #mailnotifier: zephyr |
---|
| 106 | |
---|
| 107 | # notifyd(8) method to use for "SIEVE" notifications. If not set, "SIEVE" |
---|
| 108 | # notifications are disabled. This method is only used when no method is |
---|
| 109 | # specified in the script. Valid methods are null, log, zephyr, mailto |
---|
| 110 | #sievenotifier: zephyr |
---|
| 111 | |
---|
| 112 | # DRAC (pop-before-smtp, imap-before-smtp) support |
---|
| 113 | # Set dracinterval to the time in minutes to call DRAC while a user is |
---|
| 114 | # connected to the imap/pop services. Set to 0 to disable DRAC (default) |
---|
| 115 | # Set drachost to the host where the rpc drac service is running |
---|
| 116 | #dracinterval: 0 |
---|
| 117 | #drachost: localhost |
---|
| 118 | |
---|
| 119 | # If enabled, the partitions will also be hashed, in addition to the hashing |
---|
| 120 | # done on configuration directories. This is recommended if one partition has a |
---|
| 121 | # very bushy mailbox tree. |
---|
| 122 | hashimapspool: true |
---|
| 123 | |
---|
| 124 | # Allow plaintext logins by default (SASL PLAIN) |
---|
| 125 | allowplaintext: yes |
---|
| 126 | |
---|
| 127 | # Force PLAIN/LOGIN authentication only |
---|
| 128 | # (you need to uncomment this if you are not using an auxprop-based SASL |
---|
| 129 | # mechanism. saslauthd users, that means you!). And pay attention to |
---|
| 130 | # sasl_minimum_layer and allowapop below, too. |
---|
| 131 | sasl_mech_list: PLAIN |
---|
| 132 | |
---|
| 133 | # Allow use of the POP3 APOP authentication command. |
---|
| 134 | # Note that this command requires that the plaintext passwords are |
---|
| 135 | # available in a SASL auxprop backend (eg. sasldb), and that the system |
---|
| 136 | # can provide enough entropy (eg. from /dev/urandom) to create a challenge |
---|
| 137 | # in the banner. |
---|
| 138 | #allowapop: no |
---|
| 139 | |
---|
| 140 | # The minimum SSF that the server will allow a client to negotiate. A |
---|
| 141 | # value of 1 requires integrity protection; any higher value requires some |
---|
| 142 | # amount of encryption. |
---|
| 143 | #sasl_minimum_layer: 0 |
---|
| 144 | |
---|
| 145 | # The maximum SSF that the server will allow a client to negotiate. A |
---|
| 146 | # value of 1 requires integrity protection; any higher value requires some |
---|
| 147 | # amount of encryption. |
---|
| 148 | #sasl_maximum_layer: 256 |
---|
| 149 | |
---|
| 150 | # List of remote realms whose users may log in using cross-realm |
---|
| 151 | # authentications. Seperate each realm name by a space. A cross-realm |
---|
| 152 | # identity is considered any identity returned by SASL with an "@" in it. |
---|
| 153 | #loginrealms: |
---|
| 154 | |
---|
| 155 | # |
---|
| 156 | # SASL library options (these are handled directly by the SASL libraries, |
---|
| 157 | # refer to SASL documentation for an up-to-date list of these) |
---|
| 158 | # |
---|
| 159 | |
---|
| 160 | # The mechanism(s) used by the server to verify plaintext passwords. Possible |
---|
| 161 | # values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue". They |
---|
| 162 | # are tried in order, you can specify more than one, separated by spaces. |
---|
| 163 | # |
---|
| 164 | # Do note that, since sasl will be run as user cyrus, you may have a lot of |
---|
| 165 | # trouble to set this up right. |
---|
| 166 | sasl_pwcheck_method: saslauthd |
---|
| 167 | |
---|
| 168 | # What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop |
---|
| 169 | # by default, all plugins are tried (which is probably NOT what you want). |
---|
| 170 | #sasl_auxprop_plugin: sasldb |
---|
| 171 | |
---|
| 172 | # If enabled, the SASL library will automatically create authentication secrets |
---|
| 173 | # when given a plaintext password. Refer to SASL documentation |
---|
| 174 | sasl_auto_transition: no |
---|
| 175 | |
---|
| 176 | # |
---|
| 177 | # SSL/TLS Options |
---|
| 178 | # |
---|
| 179 | |
---|
| 180 | # File containing the global certificate used for ALL services (imap, pop3, |
---|
| 181 | # lmtp, sieve) |
---|
| 182 | #tls_cert_file: /etc/ssl/certs/cyrus-global.pem |
---|
| 183 | |
---|
| 184 | # File containing the private key belonging to the global server certificate. |
---|
| 185 | #tls_key_file: /etc/ssl/private/cyrus-global.key |
---|
| 186 | |
---|
| 187 | # File containing the certificate used for imap. If not specified, the global |
---|
| 188 | # certificate is used. A value of "disabled" will disable SSL/TLS for imap. |
---|
| 189 | #tls_imap_cert_file: /etc/ssl/certs/cyrus-imap.pem |
---|
| 190 | |
---|
| 191 | # File containing the private key belonging to the imap-specific server |
---|
| 192 | # certificate. If not specified, the global private key is used. A value of |
---|
| 193 | # "disabled" will disable SSL/TLS for imap. |
---|
| 194 | #tls_imap_key_file: /etc/ssl/private/cyrus-imap.key |
---|
| 195 | |
---|
| 196 | # File containing the certificate used for pop3. If not specified, the global |
---|
| 197 | # certificate is used. A value of "disabled" will disable SSL/TLS for pop3. |
---|
| 198 | #tls_pop3_cert_file: /etc/ssl/certs/cyrus-pop3.pem |
---|
| 199 | |
---|
| 200 | # File containing the private key belonging to the pop3-specific server |
---|
| 201 | # certificate. If not specified, the global private key is used. A value of |
---|
| 202 | # "disabled" will disable SSL/TLS for pop3. |
---|
| 203 | #tls_pop3_key_file: /etc/ssl/private/cyrus-pop3.key |
---|
| 204 | |
---|
| 205 | # File containing the certificate used for lmtp. If not specified, the global |
---|
| 206 | # certificate is used. A value of "disabled" will disable SSL/TLS for lmtp. |
---|
| 207 | #tls_lmtp_cert_file: /etc/ssl/certs/cyrus-lmtp.pem |
---|
| 208 | |
---|
| 209 | # File containing the private key belonging to the lmtp-specific server |
---|
| 210 | # certificate. If not specified, the global private key is used. A value of |
---|
| 211 | # "disabled" will disable SSL/TLS for lmtp. |
---|
| 212 | #tls_lmtp_key_file: /etc/ssl/private/cyrus-lmtp.key |
---|
| 213 | |
---|
| 214 | # File containing the certificate used for sieve. If not specified, the global |
---|
| 215 | # certificate is used. A value of "disabled" will disable SSL/TLS for sieve. |
---|
| 216 | #tls_sieve_cert_file: /etc/ssl/certs/cyrus-sieve.pem |
---|
| 217 | |
---|
| 218 | # File containing the private key belonging to the sieve-specific server |
---|
| 219 | # certificate. If not specified, the global private key is used. A value of |
---|
| 220 | # "disabled" will disable SSL/TLS for sieve. |
---|
| 221 | #tls_sieve_key_file: /etc/ssl/private/cyrus-sieve.key |
---|
| 222 | |
---|
| 223 | # File containing one or more Certificate Authority (CA) certificates. |
---|
| 224 | #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem |
---|
| 225 | |
---|
| 226 | # Path to directory with certificates of CAs. |
---|
| 227 | tls_ca_path: /etc/ssl/certs |
---|
| 228 | |
---|
| 229 | # The length of time (in minutes) that a TLS session will be cached for later |
---|
| 230 | # reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will |
---|
| 231 | # disable session caching. |
---|
| 232 | tls_session_timeout: 1440 |
---|
| 233 | |
---|
| 234 | # The list of SSL/TLS ciphers to allow. The format of the string is described |
---|
| 235 | # in ciphers(1). THIS DISABLES THE WEAK 'FOR EXPORT' CRAP! |
---|
| 236 | tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH |
---|
| 237 | |
---|
| 238 | # Require a client certificate for ALL services (imap, pop3, lmtp, sieve). |
---|
| 239 | #tls_require_cert: false |
---|
| 240 | |
---|
| 241 | # Require a client certificate for imap ONLY. |
---|
| 242 | #tls_imap_require_cert: false |
---|
| 243 | |
---|
| 244 | # Require a client certificate for pop3 ONLY. |
---|
| 245 | #tls_pop3_require_cert: false |
---|
| 246 | |
---|
| 247 | # Require a client certificate for lmtp ONLY. |
---|
| 248 | #tls_lmtp_require_cert: false |
---|
| 249 | |
---|
| 250 | # Require a client certificate for sieve ONLY. |
---|
| 251 | #tls_sieve_require_cert: false |
---|
| 252 | |
---|
| 253 | # |
---|
| 254 | # Cyrus Murder cluster configuration |
---|
| 255 | # |
---|
| 256 | # Set the following options to the values needed for this server to |
---|
| 257 | # autenticate against the mupdate master server: |
---|
| 258 | # mupdate_server |
---|
| 259 | # mupdate_port |
---|
| 260 | # mupdate_username |
---|
| 261 | # mupdate_authname |
---|
| 262 | # mupdate_realm |
---|
| 263 | # mupdate_password |
---|
| 264 | # mupdate_retry_delay |
---|
| 265 | |
---|
| 266 | ## |
---|
| 267 | ## KEEP THESE IN SYNC WITH cyrus.conf |
---|
| 268 | ## |
---|
| 269 | # Unix domain socket that lmtpd listens on. |
---|
| 270 | lmtpsocket: /var/run/cyrus/socket/lmtp |
---|
| 271 | |
---|
| 272 | # Unix domain socket that idled listens on. |
---|
| 273 | idlesocket: /var/run/cyrus/socket/idle |
---|
| 274 | |
---|
| 275 | # Unix domain socket that the new mail notification daemon listens on. |
---|
| 276 | notifysocket: /var/run/cyrus/socket/notify |
---|
| 277 | |
---|
| 278 | ## |
---|
| 279 | ## DEBUGGING |
---|
| 280 | ## |
---|
| 281 | # Debugging hook. See /usr/share/doc/cyrus21-common/README.Debian.debug |
---|
| 282 | # Keep the hook disabled when it is not in use |
---|
| 283 | # |
---|
| 284 | # gdb Back-traces |
---|
| 285 | #debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 & |
---|
| 286 | # |
---|
| 287 | # system-call traces |
---|
| 288 | #debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 & |
---|
| 289 | # |
---|
| 290 | # library traces |
---|
| 291 | #debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 & |
---|
| 292 | |
---|
| 293 | # Allow rename of users |
---|
| 294 | allowusermoves: yes |
---|
| 295 | |
---|
| 296 | #Size (in kilobytes) of the shared memory buffer pool (cache) used by the berkeley environment. |
---|
| 297 | berkeley_cachesize: 2048 |
---|
| 298 | |
---|
| 299 | #Maximum number of transactions to be supported in the berkeley environment. |
---|
| 300 | berkeley_txns_max: 200 |
---|
| 301 | |
---|
| 302 | # Disable duplicate message suppression |
---|
| 303 | duplicatesuppression: 0 |
---|
| 304 | |
---|
| 305 | #lmtpd returns a permanent failure code when a user's mailbox is over quota. |
---|
| 306 | lmtp_over_quota_perm_failure: 1 |
---|