manpagez: man pages & more
man imapd.conf(5)
Home | html | info | man
imapd.conf(5)                                                    imapd.conf(5)




NAME

       imapd.conf - IMAP configuration file


DESCRIPTION

       /etc/imapd.conf  is  the  configuration file for the Cyrus IMAP server.
       It defines local parameters for IMAP.

       Each line of the /etc/imapd.conf file has the form

              option: value

       where option is the name of the  configuration  option  being  set  and
       value is the value that the configuration option is being set to.

       Blank lines and lines beginning with ``#'' are ignored.

       For  boolean and enumerated options, the values ``yes'', ``on'', ``t'',
       ``true'' and ``1'' turn the option  on,  the  values  ``no'',  ``off'',
       ``f'', ``false'' and ``0'' turn the option off.


FIELD DESCRIPTIONS

       The   sections   below  detail  options  that  can  be  placed  in  the
       /etc/imapd.conf file, and  show  each  option's  default  value.   Some
       options  have no default value, these are listed with ``<no default>''.
       Some options default  to  the  empty  string,  these  are  listed  with
       ``<none>''.


       admins: <empty string>
            The  list  of  userids  with administrative rights.  Separate each
            userid with a space.  Sites using Kerberos authentication may  use
            separate "admin" instances.

       Note  that accounts used by users should not be administrators.  Admin-
       istrative accounts should not receive mail.  That is, if user "jbRo" is
       a  user  reading  mail, he should not also be in the admins line.  Some
       problems may occur otherwise, most notably the ability  of  administra-
       tors  to  create top-level mailboxes visible to users, but not writable
       by users.

       afspts_localrealms: <none>
            The list of realms which are to be  treated  as  local,  and  thus
            stripped   during  identifier  canonicalization  (for  the  AFSPTS
            ptloader module).  This is different from loginrealms in  that  it
            occurs  later  in  the  authorization  process  (as the user id is
            canonified for PTS lookup)

       afspts_mycell: <none>
            Cell to use for AFS PTS lookups.  Defaults to the local cell.

       allowallsubscribe: 0
            Allow subscription to nonexistent mailboxes.  This option is typi-
            cally  used  on backend servers in a Murder so that users can sub-
            scribe to mailboxes that don't  reside  on  their  "home"  server.
            This  option  can  also  be  used as a workaround for IMAP clients
            which don't play well with nonexistent or  unselectable  mailboxes
            (eg.  Microsoft Outlook).

       allowanonymouslogin: 0
            Permit  logins  by  the user "anonymous" using any password.  Also
            allows use of the SASL ANONYMOUS mechanism.

       allowapop: 1
            Allow use of the POP3 APOP authentication command.

       Note that this command requires that SASL is compiled  with  APOP  sup-
       port,  that  the  plaintext  passwords  are available in a SASL auxprop
       backend (eg. sasldb), and that the system can  provide  enough  entropy
       (eg. from /dev/urandom) to create a challenge in the banner.

       allownewnews: 0
            Allow use of the NNTP NEWNEWS command.

       Note  that  this is a very expensive command and should only be enabled
       when absolutely necessary.

       allowplaintext: 1
            Allow the use of cleartext passwords on the wire.

       allowusermoves: 0
            Allow moving user accounts (with associated meta-data) via  RENAME
            or XFER.

       Note  that  measures  should  be taken to make sure that the user being
       moved is not logged in, and can not login during the move.  Failure  to
       do  so  may  result in the user's meta-data (seen state, subscriptions,
       etc) being corrupted or out of date.

       altnamespace: 0
            Use the alternate IMAP namespace, where personal folders reside at
            the same level in the hierarchy as INBOX.

       This  option  ONLY  applies  where  interaction  takes  place  with the
       client/user.  Currently this is limited to the  IMAP  protocol  (imapd)
       and  Sieve  scripts (lmtpd).  This option does NOT apply to admin tools
       such as cyradm (admins ONLY), reconstruct, quota,  etc.,  NOR  does  it
       affect  LMTP  delivery  of  messages  directly  to  mailboxes via plus-
       addressing.

       annotation_db: skiplist
            The cyrusdb backend to use for mailbox annotations.

            Allowed values: berkeley, berkeley-hash, skiplist

       anyoneuseracl: 1
            Should non-admin users be allowed to set  ACLs  for  the  'anyone'
            user  on  their mailboxes?  In a large organization this can cause
            support problems, but it's enabled by default.

       auth_mech: unix
            The authorization mechanism to use.

            Allowed values: unix, pts, krb, krb5

       autocreatequota: 0
            If nonzero, normal users may create their  own  IMAP  accounts  by
            creating  the mailbox INBOX.  The user's quota is set to the value
            if it is positive, otherwise the user has unlimited quota.

       berkeley_cachesize: 512
            Size (in kilobytes) of the shared memory buffer pool (cache)  used
            by  the  berkeley  environment.   The minimum allowed value is 20.
            The maximum allowed value is 4194303 (4GB).

       berkeley_locks_max: 50000
            Maximum number of locks to be held or requested  in  the  berkeley
            environment.

       berkeley_txns_max: 100
            Maximum  number  of  transactions  to be supported in the berkeley
            environment.

       client_timeout: 10
            Number of seconds to wait before returning a timeout failure  when
            performing a client connection (e.g. in a murder environment)

       configdirectory: <none>
            The  pathname  of the IMAP configuration directory.  This field is
            required.

       debug_command: <none>
            Debug command to be used by processes started with -D option.  The
            string  is a C format string that gets 3 options: the first is the
            name of the executable (without path).   The  second  is  the  pid
            (integer)   and   the   third   is   the   service  ID.   Example:
            /usr/local/bin/gdb /usr/cyrus/bin/%s %d

       defaultacl: anyone lrs
            The Access Control List (ACL) placed on a newly-created (non-user)
            mailbox that does not have a parent mailbox.

       defaultdomain: <none>
            The default domain for virtual domain support

       defaultpartition: default
            The partition name used by default for new mailboxes.

       deleteright: c
            Deprecated  -  only used for backwards compatibility with existing
            installations.  Lists the old RFC 2086 right  which  was  used  to
            grant  the  user  the  ability to delete a mailbox.  If a user has
            this right, they will automatically be given the new 'x' right.

       duplicate_db: berkeley-nosync
            The cyrusdb backend to use for the duplicate delivery  suppression
            and sieve.

            Allowed  values:  berkeley, berkeley-nosync, berkeley-hash, berke-
            ley-hash-nosync, skiplist

       duplicatesuppression: 1
            If enabled, lmtpd will suppress delivery of a message to a mailbox
            if  a  message  with the same message-id (or resent-message-id) is
            recorded as having already been delivered to the mailbox.  Records
            the  mailbox  and  message-id/resent-message-id  of all successful
            deliveries.

       expunge_mode: immediate
            The mode in which messages (and their corresponding cache entries)
            are  expunged.   "Immediate" mode is the default behavior in which
            the message files and cache entries are purged at the time of  the
            EXPUNGE.   In  "delayed"  mode,  the messages are removed from the
            mailbox index at the time of the EXPUNGE  (hiding  them  from  the
            client),  but the message files and cache entries are left behind,
            to be purged at a later time by "cyr_expire".   This  reduces  the
            amount  of  I/O that takes place at the time of EXPUNGE and should
            result in greater responsiveness for the client,  especially  when
            expunging a large number of messages.

            Allowed values: immediate, delayed

       flushseenstate: 0
            If  enabled,  changes  to  the  seen state will be flushed to disk
            immediately, otherwise changes will be cached and flushed when the
            mailbox  is closed.  This option may be used to fix the problem of
            previously read messages being marked as unread in Microsoft  Out-
            look, at the expense of a loss of performance/scalability.

       foolstupidclients: 0
            If  enabled,  only  list the personal namespace when a LIST "*" is
            performed.  (it changes the request to a LIST "INBOX*"

       force_sasl_client_mech: <none>
            Force preference of a given SASL mechanism for client side  opera-
            tions  (e.g.  murder  environments).   This  is separate from (and
            overridden by) the  ability  to  use  the  <host  shortname>_mechs
            option to set preferred mechanisms for a specific host

       fulldirhash: 0
            If enabled, uses an improved directory hashing scheme which hashes
            the entire username instead of using just the first letter.   This
            changes  hash algorithm used for quota and user directories and if
            hashimapspool is enabled, the entire mail spool.

       Note that this option can NOT be changed on a live system.  The  server
       must  be  quiesced and then the directories moved with the rehash util-
       ity.

       hashimapspool: 0
            If enabled, the partitions will also be hashed, in addition to the
            hashing done on configuration directories.  This is recommended if
            one partition has a very bushy mailbox tree.

       hostname_mechs: <none>
            Force a particular list of SASL mechanisms to be used when authen-
            ticating  to  the  backend  server hostname (where hostname is the
            short hostname of the server in question). If it is not  specified
            it  will query the server for available mechanisms and pick one to
            use. - Cyrus Murder

       hostname_password: <none>
            The password to use for authentication to the backend server host-
            name  (where hostname is the short hostname of the server) - Cyrus
            Murder

       idlesocket: {configdirectory}/socket/idle
            Unix domain socket that idled listens on.

       ignorereference: 0
            For backwards compatibility  with  Cyrus  1.5.10  and  earlier  --
            ignore the reference argument in LIST or LSUB commands.

       imapidlepoll: 60
            The  interval  (in  seconds)  for  polling for mailbox changes and
            ALERTs while running the IDLE command.  This option is  used  when
            idled  is  not enabled or can not be contacted.  The minimum value
            is 1.  A value of 0 will disable IDLE.

       imapidresponse: 1
            If enabled, the server responds to an ID command with a  parameter
            list  containing:  version,  vendor,  support-url, os, os-version,
            command, arguments, environment.   Otherwise  the  server  returns
            NIL.

       imapmagicplus: 0
            Only  list  a  restricted  set  of  mailboxes  via  IMAP  by using
            userid+namespace syntax as  the  authentication/authorization  id.
            Using  userid+ (with an empty namespace) will list only subscribed
            mailboxes.

       implicit_owner_rights: lca
            The implicit Access Control List (ACL) for the owner of a mailbox.

       @include: <none>
            Directive which includes the specified file as part of the config-
            uration.  If the path to the file is not absolute,  CYRUS_PATH  is
            prepended.

       improved_mboxlist_sort: 0
            If enabled, a special comparator will be used which will correctly
            sort mailbox names that contain characters such as ' ' and '-'.

       Note that this option SHOULD NOT be changed  on  a  live  system.   The
       mailboxes  database  should  be  dumped  before  the option is changed,
       removed, and then undumped after changing the option.

       ldap_authz: <none>
            SASL authorization ID for the LDAP server

       ldap_base: <empty string>
            Contains the LDAP base dn for the LDAP ptloader module

       ldap_bind_dn: <none>
            Bind DN for the connection to the LDAP server (simple  bind).   Do
            not use for anonymous simple binds

       ldap_deref: never
            Specify how aliases dereferencing is handled during search.

            Allowed values: search, find, always, never

       ldap_filter: (uid=%u)
            Specify  a  filter  that searches user identifiers.  The following
            tokens can be used in the filter string:

            %%   = % %u   = user %U   = user portion of %u (%U = test when  %u
            =  test@domain.tld) %d   = domain portion of %u if available (%d =
            domain.tld when %u = %test@domain.tld), otherwise same  as  %r  %D
            =  user  dn.   (use when ldap_member_method: filter) %1-9 = domain
            tokens (%1 = tld, %2 = domain when %d = domain.tld)

            ldap_filter is not used when ldap_sasl is enabled.

       ldap_group_base: <empty string>
            LDAP base dn for ldap_group_filter.

       ldap_group_filter: (cn=%u)
            Specify  a  filter  that  searches  for  group  identifiers.   See
            ldap_filter for more options.

       ldap_group_scope: sub
            Specify search scope for ldap_group_filter.

            Allowed values: sub, one, base

       ldap_id: <none>
            SASL authentication ID for the LDAP server

       ldap_mech: <none>
            SASL mechanism for LDAP authentication

       ldap_member_attribute: <none>
            See ldap_member_method.

       ldap_member_base: <empty string>
            LDAP base dn for ldap_member_filter.

       ldap_member_filter: (member=%D)
            Specify  a filter for "ldap_member_method: filter".  See ldap_fil-
            ter for more options.

       ldap_member_method: attribute
            Specify a group method.  The "attribute" method  retrieves  groups
            from  a multi-valued attribute specified in ldap_member_attribute.

            The "filter" method uses a filter, specified  by  ldap_member_fil-
            ter,  to  find  groups;  ldap_member_attribute  is  a single-value
            attribute group name.

            Allowed values: attribute, filter

       ldap_member_scope: sub
            Specify search scope for ldap_member_filter.

            Allowed values: sub, one, base

       ldap_password: <none>
            Password for the connection to the LDAP server  (SASL  and  simple
            bind).  Do not use for anonymous simple binds

       ldap_realm: <none>
            SASL realm for LDAP authentication

       ldap_referrals: 0
            Specify whether or not the client should follow referrals.

       ldap_restart: 1
            Specify  whether  or  not  LDAP  I/O  operations are automatically
            restarted if they abort prematurely.

       ldap_sasl: 1
            Use SASL for LDAP binds in the LDAP PTS module.

       ldap_sasl_authc: <none>
            Deprecated.  Use ldap_id

       ldap_sasl_authz: <none>
            Deprecated.  Use ldap_authz

       ldap_sasl_mech: <none>
            Deprecated.  Use ldap_mech

       ldap_sasl_password: <none>
            Deprecated.  User ldap_password

       ldap_sasl_realm: <none>
            Deprecated.  Use ldap_realm

       ldap_scope: sub
            Specify search scope.

            Allowed values: sub, one, base

       ldap_servers: ldap://localhost/
            Deprecated.  Use ldap_uri

       ldap_size_limit: 1
            Specify a number of entries for a search request to return.

       ldap_start_tls: 0
            Use StartTLS extended operation.  Do not use ldaps: ldap_uri  when
            this option is enabled.

       ldap_time_limit: 5
            Specify a number of seconds for a search request to complete.

       ldap_timeout: 5
            Specify a number of seconds a search can take before timing out.

       ldap_tls_cacert_dir: <none>
            Path to directory with CA (Certificate Authority) certificates.

       ldap_tls_cacert_file: <none>
            File containing CA (Certificate Authority) certificate(s).

       ldap_tls_cert: <none>
            File containing the client certificate.

       ldap_tls_check_peer: 0
            Require and verify server certificate.  If this option is yes, you
            must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.

       ldap_tls_ciphers: <none>
            List of SSL/TLS ciphers to allow.  The format  of  the  string  is
            described in ciphers(1).

       ldap_tls_key: <none>
            File containing the private client key.

       ldap_uri: <none>
            Contains a list of the URLs of all the LDAP servers when using the
            LDAP PTS module.

       ldap_version: 3
            Specify the  LDAP  protocol  version.   If  ldap_start_tls  and/or
            ldap_use_sasl  are enabled, ldap_version will be automatically set
            to 3.

       lmtp_downcase_rcpt: 0
            If enabled, lmtpd will convert the recipient address to  lowercase
            (up to a '+' character, if present).

       lmtp_fuzzy_mailbox_match: 0
            If  enabled,  and  the mailbox specified in the detail part of the
            recipient (everything after the '+') does not  exist,  lmtpd  will
            try to find the closest match (ignoring case, ignoring whitespace,
            falling back to parent) to the specified mailbox name.

       lmtp_over_quota_perm_failure: 0
            If enabled, lmtpd returns a permanent failure code when  a  user's
            mailbox  is  over  quota.   By  default, the failure is temporary,
            causing the MTA to queue the message and retry later.

       lmtp_strict_quota: 0
            If enabled, lmtpd returns a failure code when the incoming message
            will  cause  the  user's mailbox to exceed its quota.  By default,
            the failure won't occur until the mailbox is already over quota.

       lmtpsocket: {configdirectory}/socket/lmtp
            Unix domain socket that lmtpd listens on, used by deliver(8). This
            should match the path specified in cyrus.conf(5).

       loginrealms: <empty string>
            The  list  of  remote  realms  whose  users may authenticate using
            cross-realm authentication identifiers.  Separate each realm  name
            by  a  space.   (A cross-realm identity is considered any identity
            returned by SASL with an "@" in it.).

       loginuseacl: 0
            If enabled, any authentication identity which has a  rights  on  a
            user's INBOX may log in as that user.

       logtimestamps: 0
            Include  notations  in  the protocol telemetry logs indicating the
            number of seconds since the last command or response.

       mailnotifier: <none>
            Notifyd(8) method to use for "MAIL" notifications.   If  not  set,
            "MAIL" notifications are disabled.

       maxmessagesize: 0
            Maximum  incoming  LMTP  message  size.   If  non-zero, lmtpd will
            reject messages larger than maxmessagesize bytes.  If  set  to  0,
            this will allow messages of any size (the default).

       mboxkey_db: skiplist
            The cyrusdb backend to use for mailbox keys.

            Allowed values: berkeley, skiplist

       mboxlist_db: skiplist
            The cyrusdb backend to use for the mailbox list.

            Allowed values: flat, berkeley, berkeley-hash, skiplist

       metapartition_files: <empty string>
            Space-separated  list  of  metadata  files to be stored on a meta-
            partition rather than in the mailbox directory on a  spool  parti-
            tion.

            Allowed values: header, index, cache, expunge, squat

       metapartition-name: <none>
            The  pathname  of  the  metadata  partition name, corresponding to
            spool partition partition-name.  For any  mailbox  residing  in  a
            directory  on  partition-name,  the metadata files listed in meta-
            partition_files will be stored in  a  corresponding  directory  on
            metapartition-name.   Note that not every partition-name option is
            required to have a  corresponding  metapartition-name  option,  so
            that  you  can selectively choose which spool partitions will have
            separate metadata partitions.

       mupdate_authname: <none>
            The SASL username (Authentication Name) to use when authenticating
            to the mupdate server (if needed).

       mupdate_config: standard
            The configuration of the mupdate servers in the Cyrus Murder.  The
            "standard" config is one in  which  there  are  discreet  frontend
            (proxy) and backend servers.  The "unified" config is one in which
            a server can be both a frontend  and  backend.   The  "replicated"
            config is one in which multiple backend servers all share the same
            mailspool, but each have their  own  "replicated"  copy  of  mail-
            boxes.db.

            Allowed values: standard, unified, replicated

       md5_dir: <none>
            Top  level  directory  for MD5 store manipulated by make_md5. File
            structure within this directory is one file for each user  on  the
            system,   hashed   on   the  first  letter  of  the  userid  (e.g:
            /var/imap/md5/d/dpc22).

       md5_user_map: <none>
            Map file (cdb) to allow partial make_md5 runs.  Maps  username  to
            UID

       munge8bit: 1
            If  enabled,  lmtpd  munges  messages with 8-bit characters in the
            headers.  The 8-bit characters are changed to `X'.  If  reject8bit
            is  enabled,  setting munge8bit has no effect.  (A proper solution
            to non-ASCII characters in headers is offered by RFC 2047 and  its
            predecessors.)

       mupdate_connections_max: 128
            The  max  number of connections that a mupdate process will allow,
            this is related to the number of file descriptors in  the  mupdate
            process.   Beyond  this  number  connections  will  be immediately
            issued a BYE response.

       mupdate_password: <none>
            The SASL password (if needed) to use when  authenticating  to  the
            mupdate server.

       mupdate_port: 3905
            The port of the mupdate server for the Cyrus Murder

       mupdate_realm: <none>
            The  SASL realm (if needed) to use when authenticating to the mup-
            date server.

       mupdate_retry_delay: 20
            The base time to wait between connection retries  to  the  mupdate
            server.

       mupdate_server: <none>
            The mupdate server for the Cyrus Murder

       mupdate_username: <empty string>
            The  SASL username (Authorization Name) to use when authenticating
            to the mupdate server

       mupdate_workers_max: 50
            The maximum number of mupdate worker threads (overall)

       mupdate_workers_maxspare: 10
            The maximum number of idle mupdate worker threads

       mupdate_workers_minspare: 2
            The minimum number of idle mupdate worker threads

       mupdate_workers_start: 5
            The number of mupdate worker threads to start

       netscapeurl: <none>
            If enabled at compile time, this specifies a  URL  to  reply  when
            Netscape asks the server where the mail administration HTTP server
            is.  Administrators should set this to a local resource.

       newsmaster: news
            Userid that is used for checking access  controls  when  executing
            Usenet  control  messages.   For instance, to allow articles to be
            automatically deleted by cancel messages, give the "news" user the
            'd'  right  on  the  desired mailboxes.  To allow newsgroups to be
            automatically created, deleted and renamed  by  the  corresponding
            control  messages,  give  the  "news"  user  the  'c' right on the
            desired mailbox hierarchies.

       newspeer: <none>
            A list of whitespace-separated news server specifications to which
            articles  should be fed.  Each server specification is a string of
            the form [user[:pass]@]host[:port][/wildmat] where 'host'  is  the
            fully  qualified  hostname  of  the  server, 'port' is the port on
            which the server is listening, 'user' and 'pass' are the authenti-
            cation credentials and 'wildmat' is a pattern that specifies which
            groups should be fed.  If no 'port'  is  specified,  port  119  is
            used.   If  no  'wildmat'  is  specified,  all groups are fed.  If
            'user' is specified (even if empty), then the  NNTP  POST  command
            will  be  used  to  feed  the article to the server, otherwise the
            IHAVE command will be used.

            A '@' may be used in place of '!' in the wildmat to prevent  feed-
            ing  articles  cross-posted  to  the given group, otherwise cross-
            posted articles are fed if any part of the wildmat  matches.   For
            example, the string "peer.example.com:*,!control.*,@local.*" would
            feed all groups  except  control  messages  and  local  groups  to
            peer.example.com.   In  the case of cross-posting to local groups,
            these articles would not be fed.

       newspostuser: <none>
            Userid used to deliver usenet articles to newsgroup folders  (usu-
            ally via lmtp2nntp).  For example, if set to "post", email sent to
            "post+comp.mail.imap" would be delivered to  the  "comp.mail.imap"
            folder.

            When  set,  the  Cyrus  NNTP  server will add a To: header to each
            incoming usenet article.   This  To:  header  will  contain  email
            delivery  addresses  corresponding  to each newsgroup in the News-
            groups: header.  By default, a To: header is not added  to  usenet
            articles.

       newsprefix: <none>
            Prefix  to be prepended to newsgroup names to make the correspond-
            ing IMAP mailbox names.

       nntptimeout: 3
            Set the length of the NNTP server's inactivity  autologout  timer,
            in minutes.  The minimum value is 3, the default.

       notifysocket: {configdirectory}/socket/notify
            Unix domain socket that the mail notification daemon listens on.

       partition-name: <none>
            The  pathname  of the partition name.  At least one field, for the
            partition named in the defaultpartition option, is required.   For
            example,  if  the  value  of the defaultpartion option is default,
            then the partition-default field is required.

       plaintextloginpause: 0
            Number of seconds to pause after  a  successful  plaintext  login.
            For systems that support strong authentication, this permits users
            to perceive a cost of using plaintext passwords.  (This  does  not
            affect the use of PLAIN in SASL authentications.)

       plaintextloginalert: <none>
            Message to send to client after a successful plaintext login.

       popexpiretime: -1
            The  number  of days advertised as being the minimum a message may
            be left on the POP server before it is deleted (via the CAPA  com-
            mand,  defined in the POP3 Extension Mechanism, which some clients
            may support).  "NEVER", the default, may be specified with a nega-
            tive  number.  The Cyrus POP3 server never deletes mail, no matter
            what the value of this parameter is.  However, if  a  site  imple-
            ments  a  less  liberal  policy, it needs to change this parameter
            accordingly.

       popminpoll: 0
            Set the minimum amount of time the server  forces  users  to  wait
            between successive POP logins, in minutes.

       popsubfolders: 0
            Allow  access to subfolders of INBOX via POP3 by using userid+sub-
            folder syntax as the authentication/authorization id.

       poppollpadding: 1
            Create a softer minimum poll restriction.   Allows  poppollpadding
            connections  before  the  minpoll restriction is triggered.  Addi-
            tionally, one padding entry is recovered every popminpoll minutes.
            This  allows  for  the occasional polling rate faster than popmin-
            poll, (i.e. for clients that require a send/receive to send  mail)
            but still enforces the rate long-term.  Default is 1 (disabled).

            The  easiest  way  to  think of it is a queue of past connections,
            with one slot being filled for  every  connection,  and  one  slot
            being  cleared  every  popminpoll minutes. When the queue is full,
            the user will not be able to check mail  again  until  a  slot  is
            cleared.  If the user waits a sufficient amount of time, they will
            get back many or all of the slots.

       poptimeout: 10
            Set the length of the POP server's inactivity autologout timer, in
            minutes.  The minimum value is 10, the default.

       popuseacl: 0
            Enforce  IMAP  ACLs  in  the pop server.  Due to the nature of the
            POP3 protocol, the only rights which are used by  the  pop  server
            are  'r'  and  'd'  for  the  owner of the mailbox.  The 'r' right
            allows the user to open the mailbox  and  list/retrieve  messages.
            The 'd' right allows the user to delete messages.

       postmaster: postmaster
            Username that is used as the 'From' address in rejection MDNs pro-
            duced by sieve.

       postuser: <empty string>
            Userid used to deliver messages to shared folders.   For  example,
            if  set to "bb", email sent to "bb+shared.blah" would be delivered
            to the "shared.blah" folder.  By  default,  an  email  address  of
            "+shared.blah" would be used.

       proxy_authname: proxy
            The  authentication  name  to use when authenticating to a backend
            server in the Cyrus Murder.

       proxy_password: <none>
            The default password to  use  when  authenticating  to  a  backend
            server  in the Cyrus Murder.  May be overridden on a host-specific
            basis using the hostname_password option.

       proxy_realm: <none>
            The authentication realm to use when authenticating to  a  backend
            server in the Cyrus Murder

       proxyd_allow_status_referral: 0
            Set  to  true  to  allow proxyd to issue referrals to clients that
            support it when answering the STATUS command.  This is disabled by
            default  since  some  clients issue many STATUS commands in a row,
            and do not cache the connections that these referrals would cause,
            thus  resulting  in a higher authentication load on the respective
            backend server.

       proxyservers: <none>
            A list of users and groups that are allowed  to  proxy  for  other
            users,  separated  by  spaces.   Any  user  listed in this will be
            allowed to login for any other user: use with caution.

       pts_module: afskrb
            The PTS module to use.

            Allowed values: afskrb, ldap

       ptloader_sock: <none>
            Unix domain socket that ptloader listens on.   (defaults  to  con-
            figdir/ptclient/ptsock)

       ptscache_db: berkeley
            The cyrusdb backend to use for the pts cache.

            Allowed values: berkeley, berkeley-hash, skiplist

       ptscache_timeout: 10800
            The timeout (in seconds) for the PTS cache database when using the
            auth_krb_pts authorization method (default: 3 hours).

       ptskrb5_convert524: 1
            When using the AFSKRB ptloader module with Kerberos  5  canonical-
            ization,  do  the  final  524 conversion to get a n AFS style name
            (using '.' instead of '/', and using short names

       ptskrb5_strip_default_realm: 1
            When using the AFSKRB ptloader module with Kerberos  5  canonical-
            ization,  strip  the  default realm from the userid (this does not
            affect the stripping of realms specified by the afspts_localrealms
            option)

       quota_db: quotalegacy
            The cyrusdb backend to use for quotas.

            Allowed  values: flat, berkeley, berkeley-hash, skiplist, quotale-
            gacy

       quotawarn: 90
            The percent of quota utilization over which the  server  generates
            warnings.

       quotawarnkb: 0
            The  maximum amount of free space (in kB) in which to give a quota
            warning (if this value is 0, or if the quota is smaller than  this
            amount, than warnings are always given).

       reject8bit: 0
            If  enabled,  lmtpd  rejects messages with 8-bit characters in the
            headers.

       rfc2046_strict: 0
            If enabled, imapd will be strict (per RFC 2046) when matching MIME
            boundary  strings.   This  means  that boundaries containing other
            boundaries as substrings will  be  treated  as  identical.   Since
            enabling  this  option  will break some messages created by Eudora
            5.1 (and earlier), it is recommended  that  it  be  left  disabled
            unless there is good reason to do otherwise.

       rfc3028_strict: 1
            If  enabled,  Sieve  will be strict (per RFC 3028) with regards to
            which headers are allowed to  be  used  in  address  and  envelope
            tests.   This  means  that only those headers which are defined to
            contain addresses will be allowed in address tests and  only  "to"
            and  "from" will be allowed in envelope tests.  When disabled, ANY
            grammatically correct header will be allowed.

       sasl_auto_transition: 0
            If enabled, the SASL library will automatically create authentica-
            tion  secrets when given a plaintext password.  See the SASL docu-
            mentation.

       sasl_maximum_layer: 256
            Maximum SSF (security strength factor) that the server will  allow
            a client to negotiate.

       sasl_minimum_layer: 0
            The  minimum SSF that the server will allow a client to negotiate.
            A value of 1  requires  integrity  protection;  any  higher  value
            requires some amount of encryption.

       sasl_option: 0
            Any  SASL  option  can  be set by preceding it with "sasl_".  This
            file overrides the SASL configuration file.

       sasl_pwcheck_method: <none>
            The mechanism used by the server to  verify  plaintext  passwords.
            Possible values include "auxprop", "saslauthd", and "pwcheck".

       seenstate_db: skiplist
            The cyrusdb backend to use for the seen state.

            Allowed values: flat, berkeley, berkeley-hash, skiplist

       sendmail: /usr/lib/sendmail
            The  pathname  of the sendmail executable.  Sieve invokes sendmail
            for sending rejections, redirects and vacation responses.

       servername: <none>
            This is the hostname visible in the greeting messages of the  POP,
            IMAP  and  LMTP  daemons. If it is unset, then the result returned
            from gethostname(2) is used.

       sharedprefix: Shared Folders
            If using the alternate IMAP namespace, the prefix for  the  shared
            namespace.    The   hierarchy   delimiter  will  be  automatically
            appended.

       sieve_allowreferrals: 1
            If enabled, timsieved will issue referrals  to  clients  when  the
            user's  scripts  reside  on a remote server (in a Murder).  Other-
            wise, timsieved will proxy traffic to the remote server.

       sieve_extensions: fileinto reject vacation  imapflags  notify  envelope
       relational regex subaddress copy
            Space-separated list of Sieve extensions allowed  to  be  used  in
            sieve scripts, enforced at submission by timsieved(8).  Any previ-
            ously installed script will be unaffected by this option and  will
            continue  to  execute  regardless  of  the  extensions used.  This
            option has no effect on options that are disabled at compile  time
            (e.g. "regex").

            Allowed  values:  fileinto,  reject,  vacation, imapflags, notify,
            include, envelope, body, relational, regex, subaddress, copy

       sieve_maxscriptsize: 32
            Maximum size (in kilobytes) any sieve script can be,  enforced  at
            submission by timsieved(8).

       sieve_maxscripts: 5
            Maximum  number  of  sieve  scripts any user may have, enforced at
            submission by timsieved(8).

       sievedir: /usr/sieve
            If sieveusehomedir is false, this directory is searched for  Sieve
            scripts.

       sievenotifier: <none>
            Notifyd(8)  method  to use for "SIEVE" notifications.  If not set,
            "SIEVE" notifications are disabled.

       This method is only used when no method is specified in the script.

       sieveusehomedir: 0
            If enabled, lmtpd will look  for  Sieve  scripts  in  user's  home
            directories: ~user/.sieve.

       singleinstancestore: 1
            If  enabled, imapd, lmtpd and nntpd attempt to only write one copy
            of a message per partition and create hard links, resulting  in  a
            potentially large disk savings.

       skiplist_unsafe: 0
            If enabled, this option forces the skiplist cyrusdb backend to not
            sync writes to the disk.  Enabling this option is NOT RECOMMENDED.

       soft_noauth: 1
            If  enabled,  lmtpd  returns temporary failures if the client does
            not successfully authenticate.  Otherwise lmtpd returns  permanent
            failures (causing the mail to bounce immediately).

       srvtab: <empty string>
            The  pathname  of srvtab file containing the server's private key.
            This option is passed  to  the  SASL  library  and  overrides  its
            default setting.

       submitservers: <none>
            A   list   of  users  and  groups  that  are  allowed  to  resolve
            "urlauth=submit+" IMAP URLs, separated by spaces.  Any user listed
            in  this  will  be  allowed  to  fetch  the  contents of any valid
            "urlauth=submit+" IMAP URL: use with caution.

       subscription_db: flat
            The cyrusdb backend to use for the subscriptions list.

            Allowed values: flat, berkeley, berkeley-hash, skiplist

       sync_authname: <none>
            The authentication name to  use  when  authenticating  to  a  sync
            server.

       sync_batch_size: 0
            Maximum  number of messages to upload to a replica at one time.  A
            batch size of 0, the default, will disable batching (ALL  messages
            will be sent).

       sync_host: <none>
            Name  of the host (replica running sync_server(8)) to which repli-
            cation actions will be sent by sync_client(8).

       sync_log: 0
            Enable replication action logging by lmtpd(8), imapd(8), pop3d(8),
            and  nntpd(8).   The  log  {configdirectory}/sync/log  is  used by
            sync_client(8) for "rolling" replication.

       sync_machineid: -1
            Machine ID of this server which must be unique within  a  cluster.
            Any  negative  number,  the default, will disable the use of UUIDs
            for replication.

       sync_password: <none>
            The default password to use when authenticating to a sync  server.

       sync_realm: <none>
            The  authentication  realm  to  use  when authenticating to a sync
            server.

       sync_repeat_interval: 1
            Minimum interval (in seconds) between replication runs in  rolling
            replication  mode.  If  a  replication  run takes longer than this
            time, we repeat immediately.

       sync_shutdown_file: <none>
            Simple latch used to tell sync_client(8) that it should shut  down
            at  the  next  opportunity.  Safer than sending signals to running
            processes

       syslog_prefix: <none>
            String to be prepended to the process name in syslog entries.

       temp_path: /tmp
            The pathname to store temporary files in

       timeout: 30
            The length of the IMAP server's inactivity  autologout  timer,  in
            minutes.  The minimum value is 30, the default.

       tls_ca_file: <none>
            File  containing  one  or more Certificate Authority (CA) certifi-
            cates.

       tls_ca_path: <none>
            Path to directory with certificates of CAs.  This  directory  must
            have  filenames  with  the  hashed  value  of the certificate (see
            openssl(XXX)).

       tlscache_db: berkeley-nosync
            The cyrusdb backend to use for the TLS cache.

            Allowed values: berkeley, berkeley-nosync,  berkeley-hash,  berke-
            ley-hash-nosync, skiplist

       tls_cert_file: <none>
            File  containing  the certificate presented for server authentica-
            tion during STARTTLS.  A value of "disabled" will disable SSL/TLS.

       tls_cipher_list: DEFAULT
            The list of SSL/TLS ciphers to allow.  The format of the string is
            described in ciphers(1).

       tls_key_file: <none>
            File containing the private key belonging to the  server  certifi-
            cate.  A value of "disabled" will disable SSL/TLS.

       tls_require_cert: 0
            Require  a  client certificate for ALL services (imap, pop3, lmtp,
            sieve).

       tls_session_timeout: 1440
            The length of time (in minutes) that a TLS session will be  cached
            for  later  reuse.   The  maximum  value  is  1440 (24 hours), the
            default.  A value of 0 will disable session caching.

       umask: 077
            The umask value used by various Cyrus IMAP programs.

       username_tolower: 1
            Convert usernames  to  all  lowercase  before  login/authenticate.
            This is useful with authentication backends which ignore case dur-
            ing username lookups (such as LDAP).

       userprefix: Other Users
            If using the alternate IMAP namespace, the prefix  for  the  other
            users  namespace.   The  hierarchy delimiter will be automatically
            appended.

       unix_group_enable: 1
            Should we look up groups when using auth_unix (disable this if you
            are  not  using  groups  in ACLs for your IMAP server, and you are
            using auth_unix with a backend (such as LDAP) that can  make  get-
            grent() calls very slow)

       unixhierarchysep: 0
            Use  the  UNIX  separator  character  '/' for delimiting levels of
            mailbox hierarchy.  The default is to use  the  netnews  separator
            character '.'.

       apple_auth: 1
            Use apple authentication methods.

       pop_auth_clear: 1
            Allow POP3 clear text authentication.

       pop_auth_apop: 0
            Allow APOP authentication.

       pop_auth_gssapi: 0
            Allow APOP authentication.

       imap_auth_clear: 1
            Allow IMAP clear text authentication.

       imap_auth_plain: 0
            Allow IMAP PLAIN authentication.

       imap_auth_login: 0
            Allow IMAP LOGIN authentication.

       imap_auth_cram_md5: 0
            Allow IMAP CRAM-MD5 authentication.

       imap_auth_gssapi: 0
            Allow IMAP GSSAPI authentication.

       enable_quota_warnings: 0
            Allow for sending of over quota warnings.

       quota_custom_warning_path: /etc/mail/quota_warning.txt
            Use the text from this message as custom quota warning.

       quota_enforce_restrictions: 0
            Temporarily reject new mail delivery while user is over quota.

       quota_custom_error_path: /etc/mail/quota_exceeded.txt
            Use the text from this message as custom quota error.

       quot_max_custom_message_size: 2048
            Maximum custom message size.

       lmtp_luser_relay: <none>
            Send  mail  to mailboxes, which do not exists, to this user. NOTE:
            This must be an existing local mailbox name. NOT an email address!

       virtual_user_lookup: 1
            Set to 0 to bypass Open Directory virtual user lookup.

       mupdate_shared_secret: <empty string>
            Shared secret for mupdate clients APPLE_OS_X_SERVER

       virtdomains: off
            Enable virtual domain support.  If enabled, the user's domain will
            be determined by splitting a fully qualified userid  at  the  last
            '@'  or '%' symbol.  If the userid is unqualified, and the virtdo-
            mains option is set to "on", then the domain will be determined by
            doing  a  reverse lookup on the IP address of the incoming network
            interface, otherwise the user is assumed  to  be  in  the  default
            domain (if set).

            Allowed values: off, userid, on



SEE ALSO

       imapd(8), pop3d(8), nntpd(8), lmtpd(8), timsieved(8),  idled(8),  noti-
       fyd(8), deliver(8), master(8), ciphers(1)


       Allowed values: off, userid, on



CMU                              Project Cyrus                   imapd.conf(5)

Mac OS X 10.6Server - Generated Thu Apr 15 07:12:14 CDT 2010
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.