[7503] | 1 | # Debian Cyrus imapd.conf |
---|
| 2 | # See imapd.conf(5) for more information and more options |
---|
| 3 | |
---|
| 4 | # Configuration directory |
---|
| 5 | configdirectory: /var/lib/cyrus |
---|
| 6 | |
---|
| 7 | # Directories for proc and lock files |
---|
| 8 | proc_path: /run/cyrus/proc |
---|
| 9 | mboxname_lockpath: /run/cyrus/lock |
---|
| 10 | |
---|
| 11 | # Which partition to use for default mailboxes |
---|
| 12 | defaultpartition: default |
---|
| 13 | partition-default: /var/spool/cyrus/mail |
---|
| 14 | |
---|
| 15 | # News setup |
---|
| 16 | partition-news: /var/spool/cyrus/news |
---|
| 17 | newsspool: /var/spool/news |
---|
| 18 | |
---|
| 19 | # Alternate namespace |
---|
| 20 | # If enabled, activate the alternate namespace as documented in |
---|
| 21 | # /usr/share/doc/cyrus-doc-2.4/html/altnamespace.html, where an user's |
---|
| 22 | # subfolders are in the same level as the INBOX |
---|
| 23 | # See also userprefix and sharedprefix on imapd.conf(5) |
---|
| 24 | altnamespace: no |
---|
| 25 | |
---|
| 26 | # UNIX Hierarchy Convention |
---|
| 27 | # Set to yes, and cyrus will accept dots in names, and use the forward |
---|
| 28 | # slash "/" to delimit levels of the hierarchy. This is done by converting |
---|
| 29 | # internally all dots to "^", and all "/" to dots. So the "rabbit.holes" |
---|
| 30 | # mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes" |
---|
| 31 | unixhierarchysep: yes |
---|
| 32 | |
---|
| 33 | # Rejecting illegal characters in headers |
---|
| 34 | # Headers of RFC2882 messages must not have characters with the 8th bit |
---|
| 35 | # set. However, too many badly-written MUAs generate this, including most |
---|
| 36 | # spamware. Enable this to reject such messages. |
---|
| 37 | #reject8bit: yes |
---|
| 38 | |
---|
| 39 | # Munging illegal characters in headers |
---|
| 40 | # Headers of RFC2882 messages must not have characters with the 8th bit |
---|
| 41 | # set. However, too many badly-written MUAs generate this, including most |
---|
| 42 | # spamware. If you kept reject8bit disabled, you can choose to leave the |
---|
| 43 | # crappage untouched by disabling this (if you don't care that IMAP SEARCH |
---|
| 44 | # won't work right anymore. |
---|
| 45 | #munge8bit: no |
---|
| 46 | |
---|
| 47 | # Forcing recipient user to lowercase |
---|
| 48 | # Cyrus IMAPD is case-sensitive. If all your mail users are in lowercase, it is |
---|
| 49 | # probably a very good idea to set lmtp_downcase_rcpt to true. This is set by |
---|
| 50 | # default, per RFC2821. This was not set by default in debian versions up to |
---|
| 51 | # and including 2.2.12-4. |
---|
| 52 | lmtp_downcase_rcpt: yes |
---|
| 53 | |
---|
| 54 | # Uncomment the following and add the space-separated users who |
---|
| 55 | # have admin rights for all services. |
---|
| 56 | admins: cyrus expresso-admin |
---|
| 57 | |
---|
| 58 | # Space-separated list of users that have lmtp "admin" status (i.e. that |
---|
| 59 | # can deliver email through TCP/IP lmtp). If specified, this parameter |
---|
| 60 | # overrides the "admins" parameter above |
---|
| 61 | #lmtp_admins: postman |
---|
| 62 | |
---|
| 63 | # Space-separated list of users that have mupdate "admin" status, in |
---|
| 64 | # addition to those in the admins: entry above. Note that mupdate slaves and |
---|
| 65 | # backends in a Murder cluster need to autenticate against the mupdate master |
---|
| 66 | # as admin users. |
---|
| 67 | #mupdate_admins: mupdateman |
---|
| 68 | |
---|
| 69 | # Space-separated list of users that have imapd "admin" status, in |
---|
| 70 | # addition to those in the admins: entry above |
---|
| 71 | #imap_admins: cyrus |
---|
| 72 | |
---|
| 73 | # Space-separated list of users that have sieve "admin" status, in |
---|
| 74 | # addition to those in the admins: entry above |
---|
| 75 | #sieve_admins: cyrus |
---|
| 76 | |
---|
| 77 | # List of users and groups that are allowed to proxy for other users, |
---|
| 78 | # seperated by spaces. Any user listed in this will be allowed to login |
---|
| 79 | # for any other user. Like "admins:" above, you can have imap_proxyservers |
---|
| 80 | # and sieve_proxyservers. |
---|
| 81 | #proxyservers: cyrus |
---|
| 82 | |
---|
| 83 | # No anonymous logins |
---|
| 84 | allowanonymouslogin: no |
---|
| 85 | |
---|
| 86 | # Minimum time between POP mail fetches in minutes |
---|
| 87 | popminpoll: 1 |
---|
| 88 | |
---|
| 89 | # If nonzero, normal users may create their own IMAP accounts by creating |
---|
| 90 | # the mailbox INBOX. The user's quota is set to the value if it is positive, |
---|
| 91 | # otherwise the user has unlimited quota. |
---|
| 92 | autocreatequota: 0 |
---|
| 93 | |
---|
| 94 | # umask used by Cyrus programs |
---|
| 95 | umask: 077 |
---|
| 96 | |
---|
| 97 | # Sendmail binary location |
---|
| 98 | # DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3. |
---|
| 99 | # For now, to work around the bug, set this to a wrapper that calls |
---|
| 100 | # /usr/sbin/sendmail -dropcr instead if you use Exim 3. |
---|
| 101 | #sendmail: /usr/sbin/sendmail |
---|
| 102 | |
---|
| 103 | # If enabled, cyrdeliver will look for Sieve scripts in user's home |
---|
| 104 | # directories: ~user/.sieve. |
---|
| 105 | sieveusehomedir: false |
---|
| 106 | |
---|
| 107 | # If sieveusehomedir is false, this directory is searched for Sieve scripts. |
---|
| 108 | sievedir: /var/spool/sieve |
---|
| 109 | |
---|
| 110 | # Extencoes para o SIEVE |
---|
| 111 | # Para o cyrus >= 2.4 |
---|
| 112 | sieve_extensions: fileinto reject vacation imapflags notify envelope relational regex subaddress copy body include |
---|
| 113 | |
---|
| 114 | # notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL" |
---|
| 115 | # notifications are disabled. Valid methods are: null, log, zephyr |
---|
| 116 | #mailnotifier: zephyr |
---|
| 117 | |
---|
| 118 | # notifyd(8) method to use for "SIEVE" notifications. If not set, "SIEVE" |
---|
| 119 | # notifications are disabled. This method is only used when no method is |
---|
| 120 | # specified in the script. Valid methods are null, log, zephyr, mailto |
---|
| 121 | #sievenotifier: zephyr |
---|
| 122 | |
---|
| 123 | # DRAC (pop-before-smtp, imap-before-smtp) support |
---|
| 124 | # Set dracinterval to the time in minutes to call DRAC while a user is |
---|
| 125 | # connected to the imap/pop services. Set to 0 to disable DRAC (default) |
---|
| 126 | # Set drachost to the host where the rpc drac service is running |
---|
| 127 | #dracinterval: 0 |
---|
| 128 | #drachost: localhost |
---|
| 129 | |
---|
| 130 | # If enabled, the partitions will also be hashed, in addition to the hashing |
---|
| 131 | # done on configuration directories. This is recommended if one partition has a |
---|
| 132 | # very bushy mailbox tree. |
---|
| 133 | hashimapspool: true |
---|
| 134 | |
---|
| 135 | # Allow plaintext logins by default (SASL PLAIN) |
---|
| 136 | allowplaintext: yes |
---|
| 137 | |
---|
| 138 | # Force PLAIN/LOGIN authentication only |
---|
| 139 | # (you need to uncomment this if you are not using an auxprop-based SASL |
---|
| 140 | # mechanism. saslauthd users, that means you!). And pay attention to |
---|
| 141 | # sasl_minimum_layer and allowapop below, too. |
---|
| 142 | sasl_mech_list: PLAIN |
---|
| 143 | |
---|
| 144 | # Allow use of the POP3 APOP authentication command. |
---|
| 145 | # Note that this command requires that the plaintext passwords are |
---|
| 146 | # available in a SASL auxprop backend (eg. sasldb), and that the system |
---|
| 147 | # can provide enough entropy (eg. from /dev/urandom) to create a challenge |
---|
| 148 | # in the banner. |
---|
| 149 | #allowapop: no |
---|
| 150 | |
---|
| 151 | # The minimum SSF that the server will allow a client to negotiate. A |
---|
| 152 | # value of 1 requires integrity protection; any higher value requires some |
---|
| 153 | # amount of encryption. |
---|
| 154 | #sasl_minimum_layer: 0 |
---|
| 155 | |
---|
| 156 | # The maximum SSF that the server will allow a client to negotiate. A |
---|
| 157 | # value of 1 requires integrity protection; any higher value requires some |
---|
| 158 | # amount of encryption. |
---|
| 159 | #sasl_maximum_layer: 256 |
---|
| 160 | |
---|
| 161 | # List of remote realms whose users may log in using cross-realm |
---|
| 162 | # authentications. Seperate each realm name by a space. A cross-realm |
---|
| 163 | # identity is considered any identity returned by SASL with an "@" in it. |
---|
| 164 | # NOTE: To support multiple virtual domains on the same interface/IP, |
---|
| 165 | # you need to list them all as loginreals. If you don't list them here, |
---|
| 166 | # (most of) your users probably won't be able to log in. |
---|
| 167 | #loginrealms: example.com |
---|
| 168 | |
---|
| 169 | # Enable virtual domain support. If enabled, the user's domain will |
---|
| 170 | # be determined by splitting a fully qualified userid at the last '@' |
---|
| 171 | # or '%' symbol. If the userid is unqualified, and the virtdomains |
---|
| 172 | # option is set to "on", then the domain will be determined by doing |
---|
| 173 | # a reverse lookup on the IP address of the incoming network |
---|
| 174 | # interface, otherwise the user is assumed to be in the default |
---|
| 175 | # domain (if set). |
---|
| 176 | #virtdomains: userid |
---|
| 177 | |
---|
| 178 | # The default domain for virtual domain support |
---|
| 179 | # If the domain of a user can't be taken from its login and it can't |
---|
| 180 | # be determined by doing a reverse lookup on the interface IP, this |
---|
| 181 | # domain is used. |
---|
| 182 | #defaultdomain: |
---|
| 183 | |
---|
| 184 | # |
---|
| 185 | # SASL library options (these are handled directly by the SASL libraries, |
---|
| 186 | # refer to SASL documentation for an up-to-date list of these) |
---|
| 187 | # |
---|
| 188 | |
---|
| 189 | # The mechanism(s) used by the server to verify plaintext passwords. Possible |
---|
| 190 | # values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue". They |
---|
| 191 | # are tried in order, you can specify more than one, separated by spaces. |
---|
| 192 | # |
---|
| 193 | # Do note that, since sasl will be run as user cyrus, you may have a lot of |
---|
| 194 | # trouble to set this up right. |
---|
| 195 | sasl_pwcheck_method: saslauthd |
---|
| 196 | #sasl_pwcheck_method: auxprop |
---|
| 197 | |
---|
| 198 | # What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop |
---|
| 199 | # by default, all plugins are tried (which is probably NOT what you want). |
---|
| 200 | #sasl_auxprop_plugin: sasldb |
---|
| 201 | |
---|
| 202 | # If enabled, the SASL library will automatically create authentication secrets |
---|
| 203 | # when given a plaintext password. Refer to SASL documentation |
---|
| 204 | sasl_auto_transition: no |
---|
| 205 | |
---|
| 206 | # |
---|
| 207 | # SSL/TLS Options |
---|
| 208 | # |
---|
| 209 | |
---|
| 210 | # File containing the global certificate used for ALL services (imap, pop3, |
---|
| 211 | # lmtp, sieve) |
---|
| 212 | #tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem |
---|
| 213 | |
---|
| 214 | # File containing the private key belonging to the global server certificate. |
---|
| 215 | #tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key |
---|
| 216 | |
---|
| 217 | # File containing the certificate used for imap. If not specified, the global |
---|
| 218 | # certificate is used. A value of "disabled" will disable SSL/TLS for imap. |
---|
| 219 | #imap_tls_cert_file: /etc/ssl/certs/cyrus-imap.pem |
---|
| 220 | |
---|
| 221 | # File containing the private key belonging to the imap-specific server |
---|
| 222 | # certificate. If not specified, the global private key is used. A value of |
---|
| 223 | # "disabled" will disable SSL/TLS for imap. |
---|
| 224 | #imap_tls_key_file: /etc/ssl/private/cyrus-imap.key |
---|
| 225 | |
---|
| 226 | # File containing the certificate used for pop3. If not specified, the global |
---|
| 227 | # certificate is used. A value of "disabled" will disable SSL/TLS for pop3. |
---|
| 228 | #pop3_tls_cert_file: /etc/ssl/certs/cyrus-pop3.pem |
---|
| 229 | |
---|
| 230 | # File containing the private key belonging to the pop3-specific server |
---|
| 231 | # certificate. If not specified, the global private key is used. A value of |
---|
| 232 | # "disabled" will disable SSL/TLS for pop3. |
---|
| 233 | #pop3_tls_key_file: /etc/ssl/private/cyrus-pop3.key |
---|
| 234 | |
---|
| 235 | # File containing the certificate used for lmtp. If not specified, the global |
---|
| 236 | # certificate is used. A value of "disabled" will disable SSL/TLS for lmtp. |
---|
| 237 | #lmtp_tls_cert_file: /etc/ssl/certs/cyrus-lmtp.pem |
---|
| 238 | |
---|
| 239 | # File containing the private key belonging to the lmtp-specific server |
---|
| 240 | # certificate. If not specified, the global private key is used. A value of |
---|
| 241 | # "disabled" will disable SSL/TLS for lmtp. |
---|
| 242 | #lmtp_tls_key_file: /etc/ssl/private/cyrus-lmtp.key |
---|
| 243 | |
---|
| 244 | # File containing the certificate used for sieve. If not specified, the global |
---|
| 245 | # certificate is used. A value of "disabled" will disable SSL/TLS for sieve. |
---|
| 246 | #sieve_tls_cert_file: /etc/ssl/certs/cyrus-sieve.pem |
---|
| 247 | |
---|
| 248 | # File containing the private key belonging to the sieve-specific server |
---|
| 249 | # certificate. If not specified, the global private key is used. A value of |
---|
| 250 | # "disabled" will disable SSL/TLS for sieve. |
---|
| 251 | #sieve_tls_key_file: /etc/ssl/private/cyrus-sieve.key |
---|
| 252 | |
---|
| 253 | # File containing one or more Certificate Authority (CA) certificates. |
---|
| 254 | #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem |
---|
| 255 | |
---|
| 256 | # Path to directory with certificates of CAs. |
---|
| 257 | tls_ca_path: /etc/ssl/certs |
---|
| 258 | |
---|
| 259 | # The length of time (in minutes) that a TLS session will be cached for later |
---|
| 260 | # reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will |
---|
| 261 | # disable session caching. |
---|
| 262 | tls_session_timeout: 1440 |
---|
| 263 | |
---|
| 264 | # The list of SSL/TLS ciphers to allow, in decreasing order of precedence. |
---|
| 265 | # The format of the string is described in ciphers(1). The Debian default |
---|
| 266 | # selects TLSv1 high-security ciphers only, and removes all anonymous ciphers |
---|
| 267 | # from the list (because they provide no defense against man-in-the-middle |
---|
| 268 | # attacks). It also orders the list so that stronger ciphers come first. |
---|
| 269 | tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH |
---|
| 270 | |
---|
| 271 | # Require a client certificate for ALL services (imap, pop3, lmtp, sieve). |
---|
| 272 | #tls_require_cert: false |
---|
| 273 | |
---|
| 274 | # Require a client certificate for imap ONLY. |
---|
| 275 | #imap_tls_require_cert: false |
---|
| 276 | |
---|
| 277 | # Require a client certificate for pop3 ONLY. |
---|
| 278 | #pop3_tls_require_cert: false |
---|
| 279 | |
---|
| 280 | # Require a client certificate for lmtp ONLY. |
---|
| 281 | #lmtp_tls_require_cert: false |
---|
| 282 | |
---|
| 283 | # Require a client certificate for sieve ONLY. |
---|
| 284 | #sieve_tls_require_cert: false |
---|
| 285 | |
---|
| 286 | # |
---|
| 287 | # Cyrus Murder cluster configuration |
---|
| 288 | # |
---|
| 289 | # Set the following options to the values needed for this server to |
---|
| 290 | # autenticate against the mupdate master server: |
---|
| 291 | # mupdate_server |
---|
| 292 | # mupdate_port |
---|
| 293 | # mupdate_username |
---|
| 294 | # mupdate_authname |
---|
| 295 | # mupdate_realm |
---|
| 296 | # mupdate_password |
---|
| 297 | # mupdate_retry_delay |
---|
| 298 | |
---|
| 299 | ## |
---|
| 300 | ## KEEP THESE IN SYNC WITH cyrus.conf |
---|
| 301 | ## |
---|
| 302 | # Unix domain socket that lmtpd listens on. |
---|
| 303 | lmtpsocket: /var/run/cyrus/socket/lmtp |
---|
| 304 | |
---|
| 305 | # Unix domain socket that idled listens on. |
---|
| 306 | idlesocket: /var/run/cyrus/socket/idle |
---|
| 307 | |
---|
| 308 | # Unix domain socket that the new mail notification daemon listens on. |
---|
| 309 | notifysocket: /var/run/cyrus/socket/notify |
---|
| 310 | |
---|
| 311 | # Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.) |
---|
| 312 | syslog_prefix: cyrus |
---|
| 313 | |
---|
| 314 | ## |
---|
| 315 | ## DEBUGGING |
---|
| 316 | ## |
---|
| 317 | # Debugging hook. See /usr/share/doc/cyrus-common-2.4/README.Debian.debug |
---|
| 318 | # Keep the hook disabled when it is not in use |
---|
| 319 | # |
---|
| 320 | # gdb Back-traces |
---|
| 321 | #debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 & |
---|
| 322 | # |
---|
| 323 | # system-call traces |
---|
| 324 | #debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 & |
---|
| 325 | # |
---|
| 326 | # library traces |
---|
| 327 | #debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 & |
---|
| 328 | |
---|
| 329 | ## Para o Expresso ## |
---|
| 330 | # Allow rename of users |
---|
| 331 | allowusermoves: yes |
---|
| 332 | |
---|
| 333 | #Size (in kilobytes) of the shared memory buffer pool (cache) used by the berkeley environment. |
---|
| 334 | berkeley_cachesize: 2048 |
---|
| 335 | |
---|
| 336 | #Maximum number of transactions to be supported in the berkeley environment. |
---|
| 337 | berkeley_txns_max: 200 |
---|
| 338 | |
---|
| 339 | # Disable duplicate message suppression |
---|
| 340 | duplicatesuppression: 0 |
---|
| 341 | |
---|
| 342 | #lmtpd returns a permanent failure code when a user's mailbox is over quota. |
---|
| 343 | lmtp_over_quota_perm_failure: 1 |
---|