1IMAPD.CONF(5)                 File Formats Manual                IMAPD.CONF(5)
2
3
4
5*
6
7

NAME

9       imapd.conf - IMAP configuration file
10

DESCRIPTION

12       /etc/imapd.conf  is  the  configuration file for the Cyrus IMAP server.
13       It defines local parameters for IMAP.
14
15       Each line of the /etc/imapd.conf file has the form
16
17              option: value
18
19       where option is the name of the  configuration  option  being  set  and
20       value is the value that the configuration option is being set to.
21
22       Although there is no limit to the length of a line, a ``\'' (backslash)
23       character may be used as the last character on a line to  force  it  to
24       continue  on the next one.  No additional whitespace is inserted before
25       or after the ``\''.  Note that a line that is split using ``\'' charac‐
26       ter(s) is still considered a single line.  For example
27
28              option:\
29               value1 value2 \
30                value3
31
32       is equivalent to
33
34              option: value1 value2   value3
35
36       Blank lines and lines beginning with ``#'' are ignored.
37
38       For  boolean and enumerated options, the values ``yes'', ``on'', ``t'',
39       ``true'' and ``1'' turn the option  on,  the  values  ``no'',  ``off'',
40       ``f'', ``false'' and ``0'' turn the option off.
41

FIELD DESCRIPTIONS

43       The   sections   below  detail  options  that  can  be  placed  in  the
44       /etc/imapd.conf file, and  show  each  option's  default  value.   Some
45       options  have no default value, these are listed with ``<no default>''.
46       Some options default  to  the  empty  string,  these  are  listed  with
47       ``<none>''.
48
49
50       admins: <empty string>
51            The  list  of  userids  with administrative rights.  Separate each
52            userid with a space.  Sites using Kerberos authentication may  use
53            separate "admin" instances.
54
55       Note  that accounts used by users should not be administrators.  Admin‐
56       istrative accounts should not receive mail.  That is, if user "jbRo" is
57       a  user  reading  mail, he should not also be in the admins line.  Some
58       problems may occur otherwise, most notably the ability  of  administra‐
59       tors  to  create top-level mailboxes visible to users, but not writable
60       by users.
61
62       afspts_localrealms: <none>
63            The list of realms which are to be  treated  as  local,  and  thus
64            stripped   during  identifier  canonicalization  (for  the  AFSPTS
65            ptloader module).  This is different from loginrealms in  that  it
66            occurs  later  in  the  authorization  process  (as the user id is
67            canonified for PTS lookup)
68
69       afspts_mycell: <none>
70            Cell to use for AFS PTS lookups.  Defaults to the local cell.
71
72       allowallsubscribe: 0
73            Allow subscription to nonexistent mailboxes.  This option is typi‐
74            cally  used  on backend servers in a Murder so that users can sub‐
75            scribe to mailboxes that don't  reside  on  their  "home"  server.
76            This  option  can  also  be  used as a workaround for IMAP clients
77            which don't play well with nonexistent or  unselectable  mailboxes
78            (e.g., Microsoft Outlook).
79
80       allowanonymouslogin: 0
81            Permit  logins  by  the user "anonymous" using any password.  Also
82            allows use of the SASL ANONYMOUS mechanism.
83
84       allowapop: 1
85            Allow use of the POP3 APOP authentication command.
86
87       Note that this command requires that SASL is compiled  with  APOP  sup‐
88       port,  that  the  plaintext  passwords  are available in a SASL auxprop
89       backend (e.g., sasldb), and that the system can provide enough  entropy
90       (e.g., from /dev/urandom) to create a challenge in the banner.
91
92       allownewnews: 0
93            Allow use of the NNTP NEWNEWS command.
94
95       Note  that  this is a very expensive command and should only be enabled
96       when absolutely necessary.
97
98       allowplaintext: 0
99            Allow the use of cleartext passwords on the wire.
100
101       allowusermoves: 0
102            Allow moving user accounts (with associated meta-data) via  RENAME
103            or XFER.
104
105       Note  that  measures  should  be taken to make sure that the user being
106       moved is not logged in, and cannot login during the move.   Failure  to
107       do  so  may  result in the user's meta-data (seen state, subscriptions,
108       etc) being corrupted or out of date.
109
110       altnamespace: 0
111            Use the alternate IMAP namespace, where personal folders reside at
112            the same level in the hierarchy as INBOX.
113
114       This  option  ONLY  applies  where  interaction  takes  place  with the
115       client/user.  Currently this is limited to the  IMAP  protocol  (imapd)
116       and  Sieve  scripts (lmtpd).  This option does NOT apply to admin tools
117       such as cyradm (admins ONLY), reconstruct, quota,  etc.,  NOR  does  it
118       affect  LMTP  delivery  of  messages  directly  to  mailboxes via plus-
119       addressing.
120
121       annotation_db: skiplist
122            The cyrusdb backend to use for mailbox annotations.
123
124            Allowed values: berkeley, berkeley-hash, skiplist
125
126       anyoneuseracl: 1
127            Should non-admin users be allowed to set  ACLs  for  the  'anyone'
128            user  on  their mailboxes?  In a large organization this can cause
129            support problems, but it's enabled by default.
130
131       annotation_definitions: <none>
132            File containing external (third-party) annotation definitions.
133
134       Each line of the file specifies the properties of an annotation and has
135       the following form:
136
137              name, scope, attrib-type, proxy-type, attrib-names, acl
138
139       name is  the  hierarchical  name as in the draft standard, typically of
140            the form /vendor/acme/blurdybloop
141
142       scope
143            specifies whether the annotation is for the server or a mailbox
144
145       attrib-type
146            specifies the attribute data type which is one of:  string,  bool‐
147            ean, int, uint, or content-type
148
149       proxy-type
150            specifies  whether  this  attribute  is  for  the backend or proxy
151            servers or both (proxy_and_backend)
152
153       attrib-names
154            is the space-separated list of available attributes for the  anno‐
155            tation.  Possible  attribute  names  are (where the suffixless foo
156            permits  both  foo.priv  and  foo.shared):   alue,   value.shared,
157            value.priv,  size,  size.shared,  size.priv,  modifiedsince, modi‐
158            fiedsince.shared,   modifiedsince.priv,   content-type,   content-
159            type.shared, content-type.priv
160
161       acl  is the extra ACL requirements for setting annotations. This is the
162            standard IMAP ACL permission bit string format. Particularly  use‐
163            ful is the a right to require admin privileges. Note that some ACL
164            requirements (read and write on the mailbox) are hard-wired in the
165            server
166
167       Blank lines and lines beginning with ``#'' are ignored.
168
169
170       auth_mech: unix
171            The authorization mechanism to use.
172
173            Allowed values: unix, pts, krb, krb5
174
175       autocreatequota: 0
176            If  nonzero,  normal  users  may create their own IMAP accounts by
177            creating the mailbox INBOX.  The user's quota is set to the  value
178            if it is positive, otherwise the user has unlimited quota.
179
180       berkeley_cachesize: 512
181            Size  (in kilobytes) of the shared memory buffer pool (cache) used
182            by the berkeley environment.  The minimum  allowed  value  is  20.
183            The maximum allowed value is 4194303 (4GB).
184
185       berkeley_locks_max: 50000
186            Maximum  number  of  locks to be held or requested in the berkeley
187            environment.
188
189       berkeley_txns_max: 100
190            Maximum number of transactions to be  supported  in  the  berkeley
191            environment.
192
193       client_timeout: 10
194            Number  of seconds to wait before returning a timeout failure when
195            performing a client connection (e.g., in a murder environment)
196
197       createonpost: 0
198            If yes, when lmtpd receives an incoming mail  for  an  INBOX  that
199            does not exist, then the INBOX is automatically created by lmtpd.
200
201       autocreateinboxfolders: <none>
202            If a user does not have an INBOX created then the INBOX as well as
203            some INBOX subfolders are created under two  conditions.   1.  The
204            user  logins  via  the IMAP or the POP3 protocol. (autocreatequota
205            option must have a nonzero value) 2. A  message  arrives  for  the
206            user  through the LMTPD protocol.(createonpost option must be yes)
207            autocreateinboxfolders is a list of INBOX's  subfolders  separated
208            by  a  "|", that are automatically created by the server under the
209            previous two situations.
210
211       autosubscribeinboxfolders: <none>
212            A list of folder names, separated by "|", that the users get auto‐
213            matically subscribed to, when their INBOX is created. These folder
214            names must have been included in the autocreateinboxfolders option
215            of the imapd.conf.
216
217       autosubscribesharedfolders: <none>
218            A list of shared folders (bulletin boards), separated by "|", that
219            the users get automatically subscribed to, after  their  INBOX  is
220            created.  The  shared  folder  must have been created and the user
221            must have the required permissions to get subscribed to it. Other‐
222            wise, subscribing to the shared folder fails.
223
224       autosubscribe_all_sharedfolders: 0
225            If  set to yes, the user is automatically subscribed to all shared
226            folders, one has permission to subscribe to.
227
228       autocreate_sieve_script: <none>
229            The full path of a file that contains a sieve script. This  script
230            automatically  becomes  a  user's  initial  default  sieve  filter
231            script. When this option is not defined, no default  sieve  filter
232            is created. The file must be readable by the cyrus daemon.
233
234       autocreate_sieve_compiledscript: <none>
235            The full path of a file that contains a compiled in bytecode sieve
236            script. This script automatically becomes a user's initial default
237            sieve  filter  script.   If  this  option is not specified, or the
238            filename  doesn't  exist  then  the  script  defined  by  autocre‐
239            ate_sieve_script  is  compiled  on  the  fly  and installed as the
240            user's default sieve script
241
242       generate_compiled_sieve_script: 0
243            If set to yes and no compiled sieve script file exists, the  sieve
244            script which is compiled on the fly will be saved in the file name
245            that autocreate_sieve_compiledscript option points to. In order  a
246            compiled  script  to  be  generated,  autocreate_sieve_script  and
247            autocreate_sieve_compiledscript must have valid values
248
249       autocreate_users: anyone
250            A space separated list of users and/or  groups  that  are  allowed
251            their INBOX to be automatically created.
252
253       configdirectory: <none>
254            The  pathname  of the IMAP configuration directory.  This field is
255            required.
256
257       debug_command: <none>
258            Debug command to be used by processes started with -D option.  The
259            string  is a C format string that gets 3 options: the first is the
260            name of the executable (without path).   The  second  is  the  pid
261            (integer)   and   the   third   is   the   service  ID.   Example:
262            /usr/local/bin/gdb /usr/cyrus/bin/%s %d
263
264       defaultacl: anyone lrs
265            The Access Control List (ACL) placed on a newly-created (non-user)
266            mailbox that does not have a parent mailbox.
267
268       defaultdomain: <none>
269            The default domain for virtual domain support
270
271       defaultpartition: <none>
272            The  partition  name  used  by  default for new mailboxes.  If not
273            specified, the partition with the most free space will be used for
274            new mailboxes.
275
276       defaultserver: <none>
277            The backend server name used by default for new mailboxes.  If not
278            specified, the server with the most free space will  be  used  for
279            new mailboxes.
280
281       deletedprefix: DELETED
282            If  "delete_mode"  set to be "delayed", the prefix for the deleted
283            mailboxes hierarchy.  The hierarchy delimiter  will  be  automati‐
284            cally appended.
285
286       delete_mode: immediate
287            The manner in which mailboxes are deleted. "Immediate" mode is the
288            default behavior in which mailboxes are removed  immediately.   In
289            "delayed"  mode,  mailboxes  are  renamed  to  a  special hiearchy
290            defined by the "deletedprefix"  option  to  be  removed  later  by
291            cyr_expire.
292
293
294            Allowed values: immediate, delayed
295
296       deleteright: c
297            Deprecated  -  only used for backwards compatibility with existing
298            installations.  Lists the old RFC 2086 right  which  was  used  to
299            grant  the  user  the  ability to delete a mailbox.  If a user has
300            this right, they will automatically be given the new 'x' right.
301
302       disconnect_on_vanished_mailbox: 0
303            If enabled, IMAP/POP3/NNTP clients will  be  disconnected  by  the
304            server  if  the currently selected mailbox is (re)moved by another
305            session.  Otherwise, the missing mailbox is treated as empty while
306            in use by the client.
307
308       duplicate_db: berkeley-nosync
309            The  cyrusdb backend to use for the duplicate delivery suppression
310            and sieve.
311
312            Allowed values: berkeley, berkeley-nosync,  berkeley-hash,  berke‐
313            ley-hash-nosync, skiplist, sql
314
315       duplicatesuppression: 1
316            If enabled, lmtpd will suppress delivery of a message to a mailbox
317            if a message with the same message-id  (or  resent-message-id)  is
318            recorded as having already been delivered to the mailbox.  Records
319            the mailbox and  message-id/resent-message-id  of  all  successful
320            deliveries.
321
322       expunge_mode: immediate
323            The mode in which messages (and their corresponding cache entries)
324            are expunged.  "Immediate" mode is the default behavior  in  which
325            the  message files and cache entries are purged at the time of the
326            EXPUNGE.  In "delayed" mode, the messages  are  removed  from  the
327            mailbox  index  at  the  time of the EXPUNGE (hiding them from the
328            client), but the message files and cache entries are left  behind,
329            to  be  purged  at a later time by "cyr_expire".  This reduces the
330            amount of I/O that takes place at the time of EXPUNGE  and  should
331            result  in  greater responsiveness for the client, especially when
332            expunging a large number of messages.
333
334            Allowed values: immediate, delayed
335
336       flushseenstate: 0
337            If enabled, changes to the seen state  will  be  flushed  to  disk
338            immediately, otherwise changes will be cached and flushed when the
339            mailbox is closed.  This option may be used to fix the problem  of
340            previously  read messages being marked as unread in Microsoft Out‐
341            look, at the expense of a loss of performance/scalability.
342
343       foolstupidclients: 0
344            If enabled, only list the personal namespace when a  LIST  "*"  is
345            performed (it changes the request to a LIST "INBOX*").
346
347       force_sasl_client_mech: <none>
348            Force  preference of a given SASL mechanism for client side opera‐
349            tions (e.g., murder environments).  This  is  separate  from  (and
350            overridden  by)  the  ability  to  use  the <host shortname>_mechs
351            option to set preferred mechanisms for a specific host
352
353       fulldirhash: 0
354            If enabled, uses an improved directory hashing scheme which hashes
355            on  the  entire username instead of using just the first letter as
356            the hash.  This changes hash algorithm used  for  quota  and  user
357            directories  and  if  hashimapspool  is  enabled,  the entire mail
358            spool.
359
360       Note that this option CANNOT be changed on a live system.   The  server
361       must  be  quiesced and then the directories moved with the rehash util‐
362       ity.
363
364       guid_mode: off
365            The method used to calculate Globally Unique IDentifiers  of  mes‐
366            sages  (used by the replication engine).  The "sha1" method calcu‐
367            lates a SHA1 hash of the entire message
368
369            Allowed values: off, sha1
370
371       hashimapspool: 0
372            If enabled, the partitions will also be hashed, in addition to the
373            hashing done on configuration directories.  This is recommended if
374            one partition has a very bushy mailbox tree.
375
376       hostname_mechs: <none>
377            Force a particular list of SASL mechanisms to be used when authen‐
378            ticating  to  the  backend  server hostname (where hostname is the
379            short hostname of the server in question). If it is not  specified
380            it  will query the server for available mechanisms and pick one to
381            use. - Cyrus Murder
382
383       hostname_password: <none>
384            The password to use for authentication to the backend server host‐
385            name  (where hostname is the short hostname of the server) - Cyrus
386            Murder
387
388       idlesocket: {configdirectory}/socket/idle
389            Unix domain socket that idled listens on.
390
391       ignorereference: 0
392            For backwards compatibility  with  Cyrus  1.5.10  and  earlier  --
393            ignore the reference argument in LIST or LSUB commands.
394
395       imapidlepoll: 60
396            The  interval  (in  seconds)  for  polling for mailbox changes and
397            ALERTs while running the IDLE command.  This option is  used  when
398            idled is not enabled or cannot be contacted.  The minimum value is
399            1.  A value of 0 will disable IDLE.
400
401       imapidresponse: 1
402            If enabled, the server responds to an ID command with a  parameter
403            list  containing:  version,  vendor,  support-url, os, os-version,
404            command, arguments, environment.   Otherwise  the  server  returns
405            NIL.
406
407       imapmagicplus: 0
408            Only  list  a  restricted  set  of  mailboxes  via  IMAP  by using
409            userid+namespace syntax as  the  authentication/authorization  id.
410            Using  userid+ (with an empty namespace) will list only subscribed
411            mailboxes.
412
413       implicit_owner_rights: lkxa
414            The implicit Access Control List (ACL) for the owner of a mailbox.
415
416       @include: <none>
417            Directive which includes the specified file as part of the config‐
418            uration.   If  the path to the file is not absolute, CYRUS_PATH is
419            prepended.
420
421       improved_mboxlist_sort: 0
422            If enabled, a special comparator will be used which will correctly
423            sort mailbox names that contain characters such as ' ' and '-'.
424
425       Note  that  this  option  SHOULD  NOT be changed on a live system.  The
426       mailboxes database should be  dumped  before  the  option  is  changed,
427       removed, and then undumped after changing the option.
428
429       ldap_authz: <none>
430            SASL authorization ID for the LDAP server
431
432       ldap_base: <empty string>
433            Contains the LDAP base dn for the LDAP ptloader module
434
435       ldap_bind_dn: <none>
436            Bind  DN  for the connection to the LDAP server (simple bind).  Do
437            not use for anonymous simple binds
438
439       ldap_deref: never
440            Specify how aliases dereferencing is handled during search.
441
442            Allowed values: search, find, always, never
443
444       ldap_filter: (uid=%u)
445            Specify a filter that searches user  identifiers.   The  following
446            tokens can be used in the filter string:
447
448            %%    = % %u   = user %U   = user portion of %u (%U = test when %u
449            = test@domain.tld) %d   = domain portion of %u if available (%d  =
450            domain.tld  when  %u  = %test@domain.tld), otherwise same as %r %D
451            = user dn.  (use when ldap_member_method: filter)  %1-9  =  domain
452            tokens (%1 = tld, %2 = domain when %d = domain.tld)
453
454            ldap_filter is not used when ldap_sasl is enabled.
455
456       ldap_group_base: <empty string>
457            LDAP base dn for ldap_group_filter.
458
459       ldap_group_filter: (cn=%u)
460            Specify  a  filter  that  searches  for  group  identifiers.   See
461            ldap_filter for more options.
462
463       ldap_group_scope: sub
464            Specify search scope for ldap_group_filter.
465
466            Allowed values: sub, one, base
467
468       ldap_id: <none>
469            SASL authentication ID for the LDAP server
470
471       ldap_mech: <none>
472            SASL mechanism for LDAP authentication
473
474       ldap_member_attribute: <none>
475            See ldap_member_method.
476
477       ldap_member_base: <empty string>
478            LDAP base dn for ldap_member_filter.
479
480       ldap_member_filter: (member=%D)
481            Specify a filter for "ldap_member_method: filter".  See  ldap_fil‐
482            ter for more options.
483
484       ldap_member_method: attribute
485            Specify  a  group method.  The "attribute" method retrieves groups
486            from a multi-valued attribute specified in ldap_member_attribute.
487
488            The "filter" method uses a filter, specified  by  ldap_member_fil‐
489            ter,  to  find  groups;  ldap_member_attribute  is  a single-value
490            attribute group name.
491
492            Allowed values: attribute, filter
493
494       ldap_member_scope: sub
495            Specify search scope for ldap_member_filter.
496
497            Allowed values: sub, one, base
498
499       ldap_password: <none>
500            Password for the connection to the LDAP server  (SASL  and  simple
501            bind).  Do not use for anonymous simple binds
502
503       ldap_realm: <none>
504            SASL realm for LDAP authentication
505
506       ldap_referrals: 0
507            Specify whether or not the client should follow referrals.
508
509       ldap_restart: 1
510            Specify  whether  or  not  LDAP  I/O  operations are automatically
511            restarted if they abort prematurely.
512
513       ldap_sasl: 1
514            Use SASL for LDAP binds in the LDAP PTS module.
515
516       ldap_sasl_authc: <none>
517            Deprecated.  Use ldap_id
518
519       ldap_sasl_authz: <none>
520            Deprecated.  Use ldap_authz
521
522       ldap_sasl_mech: <none>
523            Deprecated.  Use ldap_mech
524
525       ldap_sasl_password: <none>
526            Deprecated.  User ldap_password
527
528       ldap_sasl_realm: <none>
529            Deprecated.  Use ldap_realm
530
531       ldap_scope: sub
532            Specify search scope.
533
534            Allowed values: sub, one, base
535
536       ldap_servers: ldap://localhost/
537            Deprecated.  Use ldap_uri
538
539       ldap_size_limit: 1
540            Specify a number of entries for a search request to return.
541
542       ldap_start_tls: 0
543            Use StartTLS extended operation.  Do not use ldaps: ldap_uri  when
544            this option is enabled.
545
546       ldap_time_limit: 5
547            Specify a number of seconds for a search request to complete.
548
549       ldap_timeout: 5
550            Specify a number of seconds a search can take before timing out.
551
552       ldap_tls_cacert_dir: <none>
553            Path to directory with CA (Certificate Authority) certificates.
554
555       ldap_tls_cacert_file: <none>
556            File containing CA (Certificate Authority) certificate(s).
557
558       ldap_tls_cert: <none>
559            File containing the client certificate.
560
561       ldap_tls_check_peer: 0
562            Require and verify server certificate.  If this option is yes, you
563            must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.
564
565       ldap_tls_ciphers: <none>
566            List of SSL/TLS ciphers to allow.  The format  of  the  string  is
567            described in ciphers(1).
568
569       ldap_tls_key: <none>
570            File containing the private client key.
571
572       ldap_uri: <none>
573            Contains a list of the URLs of all the LDAP servers when using the
574            LDAP PTS module.
575
576       ldap_version: 3
577            Specify the  LDAP  protocol  version.   If  ldap_start_tls  and/or
578            ldap_use_sasl  are enabled, ldap_version will be automatically set
579            to 3.
580
581       lmtp_downcase_rcpt: 0
582            If enabled, lmtpd will convert the recipient addresses  to  lower‐
583            case (up to a '+' character, if present).
584
585       lmtp_fuzzy_mailbox_match: 0
586            If  enabled,  and  the mailbox specified in the detail part of the
587            recipient (everything after the '+') does not  exist,  lmtpd  will
588            try to find the closest match (ignoring case, ignoring whitespace,
589            falling back to parent) to the specified mailbox name.
590
591       lmtp_over_quota_perm_failure: 0
592            If enabled, lmtpd returns a permanent failure code when  a  user's
593            mailbox  is  over  quota.   By  default, the failure is temporary,
594            causing the MTA to queue the message and retry later.
595
596       lmtp_strict_quota: 0
597            If enabled, lmtpd returns a failure code when the incoming message
598            will  cause  the  user's mailbox to exceed its quota.  By default,
599            the failure won't occur until the mailbox is already over quota.
600
601       lmtpsocket: {configdirectory}/socket/lmtp
602            Unix domain socket that lmtpd listens on, used by deliver(8). This
603            should match the path specified in cyrus.conf(5).
604
605       loginrealms: <empty string>
606            The  list  of  remote  realms  whose  users may authenticate using
607            cross-realm authentication identifiers.  Separate each realm  name
608            by  a  space.   (A cross-realm identity is considered any identity
609            returned by SASL with an "@" in it.).
610
611       loginuseacl: 0
612            If enabled, any authentication identity which has a  rights  on  a
613            user's INBOX may log in as that user.
614
615       logtimestamps: 0
616            Include  notations  in  the protocol telemetry logs indicating the
617            number of seconds since the last command or response.
618
619       mailbox_default_options: 0
620            Default "options" field for the mailbox on create.  You'll want to
621            know  what you're doing before setting this, but it can apply some
622            default annotations like condstore or duplicate supression
623
624       mailnotifier: <none>
625            Notifyd(8) method to use for "MAIL" notifications.   If  not  set,
626            "MAIL" notifications are disabled.
627
628       maxheaderlines: 1000
629            Maximum  number  of  lines  of  header that will be processed into
630            cache records.  Default 1000.  If set to zero,  it  is  unlimited.
631            If  a message hits the limit, an error will be logged and the rest
632            of the lines in the header will be skipped.  This is to avoid mal‐
633            formed messages causing giant cache records
634
635       maxmessagesize: 0
636            Maximum  incoming  LMTP  message  size.   If  non-zero, lmtpd will
637            reject messages larger than maxmessagesize bytes.  If  set  to  0,
638            this will allow messages of any size (the default).
639
640       maxquoted: 131072
641            Maximum  size  of  a single quoted string for the parser.  Default
642            128k
643
644       maxword: 131072
645            Maximum size of a single word for the parser.  Default 128k
646
647       mboxkey_db: skiplist
648            The cyrusdb backend to use for mailbox keys.
649
650            Allowed values: berkeley, skiplist
651
652       mboxlist_db: skiplist
653            The cyrusdb backend to use for the mailbox list.
654
655            Allowed values: flat, berkeley, berkeley-hash, skiplist
656
657       metapartition_files: <empty string>
658            Space-separated list of metadata files to be  stored  on  a  meta‐
659            partition  rather  than in the mailbox directory on a spool parti‐
660            tion.
661
662            Allowed values: header, index, cache, expunge, squat
663
664       metapartition-name: <none>
665            The pathname of the  metadata  partition  name,  corresponding  to
666            spool  partition  partition-name.   For  any mailbox residing in a
667            directory on partition-name, the metadata files  listed  in  meta‐
668            partition_files  will  be  stored  in a corresponding directory on
669            metapartition-name.   Note that not every partition-name option is
670            required  to  have  a  corresponding metapartition-name option, so
671            that you can selectively choose which spool partitions  will  have
672            separate metadata partitions.
673
674       mupdate_authname: <none>
675            The SASL username (Authentication Name) to use when authenticating
676            to the mupdate server (if needed).
677
678       mupdate_config: standard
679            The configuration of the mupdate servers in the Cyrus Murder.  The
680            "standard"  config  is  one  in  which there are discreet frontend
681            (proxy) and backend servers.  The "unified" config is one in which
682            a  server  can  be  both a frontend and backend.  The "replicated"
683            config is one in which multiple backend servers all share the same
684            mailspool,  but  each  have  their  own "replicated" copy of mail‐
685            boxes.db.
686
687            Allowed values: standard, unified, replicated
688
689       md5_dir: /var/lib/imap/md5
690            Top level directory for MD5 store manipulated  by  make_md5.  File
691            structure  within  this directory is one file for each user on the
692            system,  hashed  on  the  first  letter  of  the   userid   (e.g.,
693            /var/imap/md5/d/dpc22).
694
695       Note:  This  Invoca RPM build uses /var/lib/imap/md5 by default instead
696       of /var/imap/md5 for md5_dir.
697
698       md5_user_map: <none>
699            Map file (cdb) to allow partial make_md5 runs.  Maps  username  to
700            UID
701
702       munge8bit: 1
703            If  enabled,  lmtpd  munges  messages with 8-bit characters in the
704            headers.  The 8-bit characters are changed to `X'.  If  reject8bit
705            is  enabled,  setting munge8bit has no effect.  (A proper solution
706            to non-ASCII characters in headers is offered by RFC 2047 and  its
707            predecessors.)
708
709       mupdate_connections_max: 128
710            The  max  number of connections that a mupdate process will allow,
711            this is related to the number of file descriptors in  the  mupdate
712            process.   Beyond  this  number  connections  will  be immediately
713            issued a BYE response.
714
715       mupdate_password: <none>
716            The SASL password (if needed) to use when  authenticating  to  the
717            mupdate server.
718
719       mupdate_port: 3905
720            The port of the mupdate server for the Cyrus Murder
721
722       mupdate_realm: <none>
723            The  SASL realm (if needed) to use when authenticating to the mup‐
724            date server.
725
726       mupdate_retry_delay: 20
727            The base time to wait between connection retries  to  the  mupdate
728            server.
729
730       mupdate_server: <none>
731            The mupdate server for the Cyrus Murder
732
733       mupdate_username: <empty string>
734            The  SASL username (Authorization Name) to use when authenticating
735            to the mupdate server
736
737       mupdate_workers_max: 50
738            The maximum number of mupdate worker threads (overall)
739
740       mupdate_workers_maxspare: 10
741            The maximum number of idle mupdate worker threads
742
743       mupdate_workers_minspare: 2
744            The minimum number of idle mupdate worker threads
745
746       mupdate_workers_start: 5
747            The number of mupdate worker threads to start
748
749       netscapeurl: <none>
750            If enabled at compile time, this specifies a  URL  to  reply  when
751            Netscape asks the server where the mail administration HTTP server
752            is.  Administrators should set this to a local resource.
753
754       newsmaster: news
755            Userid that is used for checking access  controls  when  executing
756            Usenet  control  messages.   For instance, to allow articles to be
757            automatically deleted by cancel messages, give the "news" user the
758            'd'  right  on  the  desired mailboxes.  To allow newsgroups to be
759            automatically created, deleted and renamed  by  the  corresponding
760            control  messages,  give  the  "news"  user  the  'c' right on the
761            desired mailbox hierarchies.
762
763       newspeer: <none>
764            A list of whitespace-separated news server specifications to which
765            articles  should be fed.  Each server specification is a string of
766            the form [user[:pass]@]host[:port][/wildmat] where 'host'  is  the
767            fully  qualified  hostname  of  the  server, 'port' is the port on
768            which the server is listening, 'user' and 'pass' are the authenti‐
769            cation credentials and 'wildmat' is a pattern that specifies which
770            groups should be fed.  If no 'port'  is  specified,  port  119  is
771            used.   If  no  'wildmat'  is  specified,  all groups are fed.  If
772            'user' is specified (even if empty), then the  NNTP  POST  command
773            will  be  used  to  feed  the article to the server, otherwise the
774            IHAVE command will be used.
775
776            A '@' may be used in place of '!' in the wildmat to prevent  feed‐
777            ing  articles  cross-posted  to  the given group, otherwise cross-
778            posted articles are fed if any part of the wildmat  matches.   For
779            example, the string "peer.example.com:*,!control.*,@local.*" would
780            feed all groups  except  control  messages  and  local  groups  to
781            peer.example.com.   In  the case of cross-posting to local groups,
782            these articles would not be fed.
783
784       newspostuser: <none>
785            Userid used to deliver usenet articles to newsgroup folders  (usu‐
786            ally via lmtp2nntp).  For example, if set to "post", email sent to
787            "post+comp.mail.imap" would be delivered to  the  "comp.mail.imap"
788            folder.
789
790            When  set,  the  Cyrus  NNTP  server will add a To: header to each
791            incoming usenet article.   This  To:  header  will  contain  email
792            delivery  addresses  corresponding  to each newsgroup in the News‐
793            groups: header.  By default, a To: header is not added  to  usenet
794            articles.
795
796       newsprefix: <none>
797            Prefix  to be prepended to newsgroup names to make the correspond‐
798            ing IMAP mailbox names.
799
800       nntptimeout: 3
801            Set the length of the NNTP server's inactivity  autologout  timer,
802            in minutes.  The minimum value is 3, the default.
803
804       notifysocket: {configdirectory}/socket/notify
805            Unix domain socket that the mail notification daemon listens on.
806
807       partition-name: <none>
808            The  pathname of the partition name.  At least one partition path‐
809            name MUST be specified.  If the defaultpartition option  is  used,
810            then its pathname MUST be specified.  For example, if the value of
811            the defaultpartion option is default, then  the  partition-default
812            field is required.
813
814       plaintextloginpause: 0
815            Number  of  seconds  to  pause after a successful plaintext login.
816            For systems that support strong authentication, this permits users
817            to  perceive  a cost of using plaintext passwords.  (This does not
818            affect the use of PLAIN in SASL authentications.)
819
820       plaintextloginalert: <none>
821            Message to send to client after a successful plaintext login.
822
823       popexpiretime: -1
824            The number of days advertised as being the minimum a  message  may
825            be  left on the POP server before it is deleted (via the CAPA com‐
826            mand, defined in the POP3 Extension Mechanism, which some  clients
827            may support).  "NEVER", the default, may be specified with a nega‐
828            tive number.  The Cyrus POP3 server never deletes mail, no  matter
829            what  the  value  of this parameter is.  However, if a site imple‐
830            ments a less liberal policy, it needs  to  change  this  parameter
831            accordingly.
832
833       popminpoll: 0
834            Set  the  minimum  amount  of time the server forces users to wait
835            between successive POP logins, in minutes.
836
837       popsubfolders: 0
838            Allow access to subfolders of INBOX via POP3 by using  userid+sub‐
839            folder syntax as the authentication/authorization id.
840
841       poppollpadding: 1
842            Create  a  softer minimum poll restriction.  Allows poppollpadding
843            connections before the minpoll restriction  is  triggered.   Addi‐
844            tionally, one padding entry is recovered every popminpoll minutes.
845            This allows for the occasional polling rate  faster  than  popmin‐
846            poll, (i.e., for clients that require a send/receive to send mail)
847            but still enforces the rate long-term.  Default is 1 (disabled).
848
849            The easiest way to think of it is a  queue  of  past  connections,
850            with  one  slot  being  filled  for every connection, and one slot
851            being cleared every popminpoll minutes. When the  queue  is  full,
852            the  user  will  not  be  able to check mail again until a slot is
853            cleared.  If the user waits a sufficient amount of time, they will
854            get back many or all of the slots.
855
856       poptimeout: 10
857            Set the length of the POP server's inactivity autologout timer, in
858            minutes.  The minimum value is 10, the default.
859
860       popuseacl: 0
861            Enforce IMAP ACLs in the pop server.  Due to  the  nature  of  the
862            POP3  protocol,  the  only rights which are used by the pop server
863            are 'r', 't', and 's' for the owner of the mailbox.  The 'r' right
864            allows  the  user  to open the mailbox and list/retrieve messages.
865            The 't' right allows the user to delete messages.  The  's'  right
866            allows  messages  retrieved  by the user to have the seen flag set
867            (only if popuseimapflags is also enabled).
868
869       popuseimapflags: 0
870            If enabled, the pop server will set and obey IMAP flags.  Messages
871            having the deleted flag are ignored as if they do not exist.  Mes‐
872            sages that are retrieved by the client will  have  the  seen  flag
873            set.  All messages will have the recent flag unset.
874
875       postmaster: postmaster
876            Username that is used as the 'From' address in rejection MDNs pro‐
877            duced by sieve.
878
879       postuser: <empty string>
880            Userid used to deliver messages to shared folders.   For  example,
881            if  set to "bb", email sent to "bb+shared.blah" would be delivered
882            to the "shared.blah" folder.  By  default,  an  email  address  of
883            "+shared.blah" would be used.
884
885       proxy_authname: proxy
886            The  authentication  name  to use when authenticating to a backend
887            server in the Cyrus Murder.
888
889       proxy_compress: 0
890            Try to enable  protocol-specific  compression  when  performing  a
891            client connection to a backend server in the Cyrus Murder.
892
893       Note  that this should only be necessary over slow network connections.
894       Also note that currently only IMAP and MUPDATE support compression.
895
896       proxy_password: <none>
897            The default password to  use  when  authenticating  to  a  backend
898            server  in the Cyrus Murder.  May be overridden on a host-specific
899            basis using the hostname_password option.
900
901       proxy_realm: <none>
902            The authentication realm to use when authenticating to  a  backend
903            server in the Cyrus Murder
904
905       proxyd_allow_status_referral: 0
906            Set  to  true  to  allow proxyd to issue referrals to clients that
907            support it when answering the STATUS command.  This is disabled by
908            default  since  some  clients issue many STATUS commands in a row,
909            and do not cache the connections that these referrals would cause,
910            thus  resulting  in a higher authentication load on the respective
911            backend server.
912
913       proxyd_disable_mailbox_referrals: 0
914            Set to true to disable the use of mailbox-referrals on  the  proxy
915            servers.
916
917       proxyservers: <none>
918            A  list  of  users  and groups that are allowed to proxy for other
919            users, separated by spaces.  Any  user  listed  in  this  will  be
920            allowed to login for any other user: use with caution.
921
922       pts_module: afskrb
923            The PTS module to use.
924
925            Allowed values: afskrb, ldap
926
927       ptloader_sock: <none>
928            Unix  domain  socket  that ptloader listens on.  (defaults to con‐
929            figdir/ptclient/ptsock)
930
931       ptscache_db: berkeley
932            The cyrusdb backend to use for the pts cache.
933
934            Allowed values: berkeley, berkeley-hash, skiplist
935
936       ptscache_timeout: 10800
937            The timeout (in seconds) for the PTS cache database when using the
938            auth_krb_pts authorization method (default: 3 hours).
939
940       ptskrb5_convert524: 1
941            When  using  the AFSKRB ptloader module with Kerberos 5 canonical‐
942            ization, do the final 524 conversion to get a  n  AFS  style  name
943            (using '.' instead of '/', and using short names
944
945       ptskrb5_strip_default_realm: 1
946            When  using  the AFSKRB ptloader module with Kerberos 5 canonical‐
947            ization, strip the default realm from the userid  (this  does  not
948            affect the stripping of realms specified by the afspts_localrealms
949            option)
950
951       qosmarking: cs0
952            This specifies the Class Selector or Differentiated Services  Code
953            Point designation on IP headers (in the ToS field).
954
955            Allowed  values:  cs0,  cs1,  cs2,  cs3, cs4, cs5, cs6, cs7, af11,
956            af12, af13, af21, af22, af23, af31, af32, af33, af41, af42,  af43,
957            ef
958
959       quota_db: quotalegacy
960            The cyrusdb backend to use for quotas.
961
962            Allowed values: flat, berkeley, berkeley-hash, skiplist, sql, quo‐
963            talegacy
964
965       quotawarn: 90
966            The percent of quota utilization over which the  server  generates
967            warnings.
968
969       quotawarnkb: 0
970            The  maximum amount of free space (in kB) at which to give a quota
971            warning (if this value is 0, or if the quota is smaller than  this
972            amount, than warnings are always given).
973
974       reject8bit: 0
975            If  enabled,  lmtpd  rejects messages with 8-bit characters in the
976            headers.
977
978       rfc2046_strict: 0
979            If enabled, imapd will be strict (per RFC 2046) when matching MIME
980            boundary  strings.   This  means  that boundaries containing other
981            boundaries as substrings will  be  treated  as  identical.   Since
982            enabling  this  option  will break some messages created by Eudora
983            5.1 (and earlier), it is recommended  that  it  be  left  disabled
984            unless there is good reason to do otherwise.
985
986       rfc3028_strict: 1
987            If  enabled,  Sieve  will be strict (per RFC 3028) with regards to
988            which headers are allowed to  be  used  in  address  and  envelope
989            tests.   This  means  that only those headers which are defined to
990            contain addresses will be allowed in address tests and  only  "to"
991            and  "from" will be allowed in envelope tests.  When disabled, ANY
992            grammatically correct header will be allowed.
993
994       sasl_auto_transition: 0
995            If enabled, the SASL library will automatically create authentica‐
996            tion  secrets when given a plaintext password.  See the SASL docu‐
997            mentation.
998
999       sasl_maximum_layer: 256
1000            Maximum SSF (security strength factor) that the server will  allow
1001            a client to negotiate.
1002
1003       sasl_minimum_layer: 0
1004            The  minimum SSF that the server will allow a client to negotiate.
1005            A value of 1  requires  integrity  protection;  any  higher  value
1006            requires some amount of encryption.
1007
1008       sasl_option: 0
1009            Any  SASL  option  can  be set by preceding it with "sasl_".  This
1010            file overrides the SASL configuration file.
1011
1012       sasl_pwcheck_method: <none>
1013            The mechanism used by the server to  verify  plaintext  passwords.
1014            Possible values include "auxprop", "saslauthd", and "pwcheck".
1015
1016       seenstate_db: skiplist
1017            The cyrusdb backend to use for the seen state.
1018
1019            Allowed values: flat, berkeley, berkeley-hash, skiplist
1020
1021       sendmail: /usr/lib/sendmail
1022            The  pathname  of the sendmail executable.  Sieve invokes sendmail
1023            for sending rejections, redirects and vacation responses.
1024
1025       serverlist: <none>
1026            Whitespace separated list of backend server names.  Used for find‐
1027            ing server with the most available free space for proxying CREATE.
1028
1029       servername: <none>
1030            This  is the hostname visible in the greeting messages of the POP,
1031            IMAP and LMTP daemons. If it is unset, then  the  result  returned
1032            from gethostname(2) is used.
1033
1034       serverinfo: on
1035            The  server  information to display in the greeting and capability
1036            responses. Information is displayed as follows:
1037
1038            "off" = no server information in the greeting or capabilities
1039            "min" = servername in the greeting; no server information  in  the
1040            capabilities
1041            "on"  =  servername  and  product version in the greeting; product
1042            version in the capabilities
1043
1044            Allowed values: off, min, on
1045
1046       sha1_dir: <none>
1047            Top level directory for SHA1 store manipulated by make_sha1.  File
1048            structure  within  this directory is one file for each user on the
1049            system,  hashed  on  the  first  letter  of   the   userid   (e.g:
1050            /var/imap/sha1/d/dpc22).
1051
1052       sharedprefix: Shared Folders
1053            If  using  the alternate IMAP namespace, the prefix for the shared
1054            namespace.   The  hierarchy  delimiter   will   be   automatically
1055            appended.
1056
1057       sieve_allowreferrals: 1
1058            If  enabled,  timsieved  will  issue referrals to clients when the
1059            user's scripts reside on a remote server (in  a  Murder).   Other‐
1060            wise, timsieved will proxy traffic to the remote server.
1061
1062       sieve_extensions:  fileinto  reject  vacation imapflags notify envelope
1063       relational regex subaddress copy
1064            Space-separated list of Sieve extensions allowed  to  be  used  in
1065            sieve scripts, enforced at submission by timsieved(8).  Any previ‐
1066            ously installed script will be unaffected by this option and  will
1067            continue  to  execute  regardless  of  the  extensions used.  This
1068            option has no effect on options that are disabled at compile  time
1069            (e.g., "regex").
1070
1071            Allowed  values:  fileinto,  reject,  vacation, imapflags, notify,
1072            include, envelope, body, relational, regex, subaddress, copy
1073
1074       sieve_maxscriptsize: 32
1075            Maximum size (in kilobytes) any sieve script can be,  enforced  at
1076            submission by timsieved(8).
1077
1078       sieve_maxscripts: 5
1079            Maximum  number  of  sieve  scripts any user may have, enforced at
1080            submission by timsieved(8).
1081
1082       sieve_utf8fileinto: 0
1083            If enabled, the sieve engine expects folder names for the fileinto
1084            action  in scripts to use UTF8 encoding.  Otherwise, modified UTF7
1085            encoding should be used.
1086
1087       sieve_sasl_send_unsolicited_capability: 0
1088            If enabled, timsieved will emit a capability response after a suc‐
1089            cessful SASL authentication, per draft-martin-managesieve-12.txt .
1090
1091       sievedir: /usr/sieve
1092            If  sieveusehomedir is false, this directory is searched for Sieve
1093            scripts.
1094
1095       sievenotifier: <none>
1096            Notifyd(8) method to use for "SIEVE" notifications.  If  not  set,
1097            "SIEVE" notifications are disabled.
1098
1099       This method is only used when no method is specified in the script.
1100
1101       sieveusehomedir: 0
1102            If  enabled,  lmtpd  will  look  for  Sieve scripts in user's home
1103            directories: ~user/.sieve.
1104
1105       anysievefolder: 0
1106            It must be "yes" in order to permit the autocreation of any  INBOX
1107            subfolder  requested  by  a  sieve  filter, through the "fileinto"
1108            action. (default = no)
1109
1110       autosievefolders: <none>
1111            It is a "|" separated list of subfolders of  INBOX  that  will  be
1112            automatically created, if requested by a sieve filter, through the
1113            "fileinto" action. (default = null) i.e. autosievefolders: Junk  |
1114            Spam
1115
1116       singleinstancestore: 1
1117            If  enabled, imapd, lmtpd and nntpd attempt to only write one copy
1118            of a message per partition and create hard links, resulting  in  a
1119            potentially large disk savings.
1120
1121       skiplist_always_checkpoint: 1
1122            If  enabled,  this  option  forces the skiplist cyrusdb backend to
1123            always checkpoint when doing a  recovery.   This  causes  slightly
1124            more  IO, but on the other hand leads to more efficient databases,
1125            and the entire file is already "hot".
1126
1127       skiplist_unsafe: 0
1128            If enabled, this option forces the skiplist cyrusdb backend to not
1129            sync writes to the disk.  Enabling this option is NOT RECOMMENDED.
1130
1131       soft_noauth: 1
1132            If  enabled,  lmtpd  returns temporary failures if the client does
1133            not successfully authenticate.  Otherwise lmtpd returns  permanent
1134            failures (causing the mail to bounce immediately).
1135
1136       sql_database: <none>
1137            Name of the database which contains the cyrusdb table(s).
1138
1139       sql_engine: <none>
1140            Name of the SQL engine to use.
1141
1142            Allowed values: mysql, pgsql, sqlite
1143
1144       sql_hostnames: <empty string>
1145            Comma separated list of SQL servers (in host[:port] format).
1146
1147       sql_passwd: <none>
1148            Password to use for authentication to the SQL server.
1149
1150       sql_user: <none>
1151            Username to use for authentication to the SQL server.
1152
1153       sql_usessl: 0
1154            If enabled, a secure connection will be made to the SQL server.
1155
1156       srvtab: <empty string>
1157            The  pathname  of srvtab file containing the server's private key.
1158            This option is passed  to  the  SASL  library  and  overrides  its
1159            default setting.
1160
1161       submitservers: <none>
1162            A   list   of  users  and  groups  that  are  allowed  to  resolve
1163            "urlauth=submit+" IMAP URLs, separated by spaces.  Any user listed
1164            in  this  will  be  allowed  to  fetch  the  contents of any valid
1165            "urlauth=submit+" IMAP URL: use with caution.
1166
1167       subscription_db: flat
1168            The cyrusdb backend to use for the subscriptions list.
1169
1170            Allowed values: flat, berkeley, berkeley-hash, skiplist
1171
1172       statuscache: 0
1173            Enable/disable the imap status cache.
1174
1175       statuscache_db: berkeley-nosync
1176            The cyrusdb backend to use for the imap status cache.
1177
1178            Allowed values: berkeley, berkeley-nosync,  berkeley-hash,  berke‐
1179            ley-hash-nosync, skiplist
1180
1181       sync_authname: <none>
1182            The  authentication  name  to  use  when  authenticating to a sync
1183            server.
1184
1185       sync_batch_size: 0
1186            Maximum number of messages to upload to a replica at one time.   A
1187            batch  size of 0, the default, will disable batching (ALL messages
1188            will be sent).
1189
1190       sync_compress: 0
1191            Enable compression on replication traffic
1192
1193       sync_host: <none>
1194            Name of the host (replica running sync_server(8)) to which  repli‐
1195            cation actions will be sent by sync_client(8).
1196
1197       sync_log: 0
1198            Enable replication action logging by lmtpd(8), imapd(8), pop3d(8),
1199            and nntpd(8).   The  log  {configdirectory}/sync/log  is  used  by
1200            sync_client(8) for "rolling" replication.
1201
1202       sync_password: <none>
1203            The default password to use when authenticating to a sync server.
1204
1205       sync_realm: <none>
1206            The  authentication  realm  to  use  when authenticating to a sync
1207            server.
1208
1209       sync_repeat_interval: 1
1210            Minimum interval (in seconds) between replication runs in  rolling
1211            replication  mode.  If  a  replication  run takes longer than this
1212            time, we repeat immediately.
1213
1214       sync_shutdown_file: <none>
1215            Simple latch used to tell sync_client(8) that it should shut  down
1216            at  the  next  opportunity.  Safer than sending signals to running
1217            processes
1218
1219       syslog_prefix: <none>
1220            String to be prepended to the process name in syslog entries.
1221
1222       temp_path: /tmp
1223            The pathname to store temporary files in
1224
1225       timeout: 30
1226            The length of the IMAP server's inactivity  autologout  timer,  in
1227            minutes.  The minimum value is 30, the default.
1228
1229       tls_ca_file: <none>
1230            File  containing  one  or more Certificate Authority (CA) certifi‐
1231            cates.
1232
1233       tls_ca_path: <none>
1234            Path to directory with certificates of CAs.  This  directory  must
1235            have  filenames  with  the  hashed  value of the certificates (see
1236            openssl(XXX)).
1237
1238       tlscache_db: berkeley-nosync
1239            The cyrusdb backend to use for the TLS cache.
1240
1241            Allowed values: berkeley, berkeley-nosync,  berkeley-hash,  berke‐
1242            ley-hash-nosync, skiplist, sql
1243
1244       tls_cert_file: <none>
1245            File  containing  the certificate presented for server authentica‐
1246            tion during STARTTLS.  A value of "disabled" will disable SSL/TLS.
1247
1248       tls_cipher_list: DEFAULT
1249            The list of SSL/TLS ciphers to allow.  The format of the string is
1250            described in ciphers(1).
1251
1252       tls_key_file: <none>
1253            File  containing  the private key belonging to the server certifi‐
1254            cate.  A value of "disabled" will disable SSL/TLS.
1255
1256       tls_require_cert: 0
1257            Require a client certificate for ALL services (imap,  pop3,  lmtp,
1258            sieve).
1259
1260       tls_session_timeout: 1440
1261            The  length of time (in minutes) that a TLS session will be cached
1262            for later reuse.  The  maximum  value  is  1440  (24  hours),  the
1263            default.  A value of 0 will disable session caching.
1264
1265       umask: 077
1266            The umask value used by various Cyrus IMAP programs.
1267
1268       userdeny_db: flat
1269            The cyrusdb backend to use for the user access list.
1270
1271            Allowed values: flat, berkeley, berkeley-hash, skiplist, sql
1272
1273       user_folder_limit: 0
1274            Limit the number of folders a user can create in their INBOX.  Set
1275            to 0 (default) for no limit.  Only affects folders in user.
1276
1277       username_tolower: 1
1278            Convert usernames to all  lowercase  before  login/authentication.
1279            This is useful with authentication backends which ignore case dur‐
1280            ing username lookups (such as LDAP).
1281
1282       userprefix: Other Users
1283            If using the alternate IMAP namespace, the prefix  for  the  other
1284            users  namespace.   The  hierarchy delimiter will be automatically
1285            appended.
1286
1287       unix_group_enable: 1
1288            Should we look up groups when using auth_unix (disable this if you
1289            are  not  using  groups  in ACLs for your IMAP server, and you are
1290            using auth_unix with a backend (such as LDAP) that can  make  get‐
1291            grent() calls very slow)
1292
1293       unixhierarchysep: 0
1294            Use  the  UNIX  separator  character  '/' for delimiting levels of
1295            mailbox hierarchy.  The default is to use  the  netnews  separator
1296            character '.'.
1297
1298       virtdomains: off
1299            Enable virtual domain support.  If enabled, the user's domain will
1300            be determined by splitting a fully qualified userid  at  the  last
1301            '@'  or '%' symbol.  If the userid is unqualified, and the virtdo‐
1302            mains option is set to "on", then the domain will be determined by
1303            doing  a  reverse lookup on the IP address of the incoming network
1304            interface, otherwise the user is assumed  to  be  in  the  default
1305            domain (if set).
1306
1307            Allowed values: off, userid, on
1308
1309       normalizeuid: 0
1310            Lowercase  uid and strip leading and trailing blanks. It is recom‐
1311            mended to set this to yes,  especially  if  OpenLDAP  is  used  as
1312            authentication source.
1313
1314       tls_prefer_server_ciphers: 0
1315            Prefer the ciphers on the server side instead of client side
1316
1317       tls_versions: ssl2 ssl3 tls1_0 tls1_1 tls1_2
1318            A  list  of  SSL/TLS  versions  to not disable. Cyrus IMAP SSL/TLS
1319            starts with all protocols, and substracts protocols  not  in  this
1320            list.  Newer  versions  of  SSL/TLS  will need to be added here to
1321            allow them to get disabled.
1322
1323

SEE ALSO

1325       imapd(8), pop3d(8), nntpd(8), lmtpd(8), timsieved(8),  idled(8),  noti‐
1326       fyd(8), deliver(8), cyrus-cyrus-master(8), ciphers(1)
1327
1328
1329
1330
1331CMU                              Project Cyrus                   IMAPD.CONF(5)
Impressum