1IMAPD.CONF(5) Cyrus IMAP IMAPD.CONF(5)
2
6 imapd.conf - Cyrus IMAP documentation
7 IMAP configuration file
9
11 /etc/imapd.conf is the configuration file for the Cyrus IMAP server.
12 It defines local parameters for IMAP.
13 Each line of the /etc/imapd.conf file has the form
15 option: value
16 where option is the name of the configuration option being set and
18 value is the value that the configuration option is being set to.
19 Although there is no limit to the length of a line, a ``\'' (back‐
21 slash) character may be used as the last character on a line to
22 force it to continue on the next one. No additional whitespace is
23 inserted before or after the ``\''. Note that a line that is split
24 using ``\'' character(s) is still considered a single line.
25 For example
27 option:\
28 value1 value2 \
29 value3
30 is equivalent to
32 option: value1 value2 value3
33 Blank lines and lines beginning with ``#'' are ignored.
35 For boolean and enumerated options, the values ``yes'', ``on'',
37 ``t'', ``true'' and ``1'' turn the option on, the values ``no'',
38 ``off'', ``f'', ``false'' and ``0'' turn the option off.
39
41 The sections below detail options that can be placed in the
42 /etc/imapd.conf file, and show each option's default value. Some
43 options have no default value, these are listed with ``<no
44 default>''. Some options default to the empty string, these are
45 listed with ``<none>''.
46 addressbookprefix: #addressbooks
48 The prefix for the addressbook mailboxes hierarchies. The hier‐
49 archy delimiter will be automatically appended. The public
50 addressbook hierarchy will be at the toplevel of the shared
51 namespace. A user's personal addressbook hierarchy will be a
52 child of their Inbox.
53 admins: <empty string>
55 The list of userids with administrative rights. Separate each
56 userid with a space. Sites using Kerberos authentication may
57 use separate "admin" instances.
58 Note that accounts used by users should not be administrators.
60 Administrative accounts should not receive mail. That is, if
61 user "jbRo" is a user reading mail, he should not also be in the
62 admins line. Some problems may occur otherwise, most notably
63 the ability of administrators to create top-level mailboxes vis‐
64 ible to users, but not writable by users.
65 afspts_localrealms: <none>
67 The list of realms which are to be treated as local, and thus
68 stripped during identifier canonicalization (for the AFSPTS
69 ptloader module). This is different from loginrealms in that it
70 occurs later in the authorization process (as the user id is
71 canonified for PTS lookup)
72 afspts_mycell: <none>
74 Cell to use for AFS PTS lookups. Defaults to the local cell.
75 allowallsubscribe: 0
77 Allow subscription to nonexistent mailboxes. This option is
78 typically used on backend servers in a Murder so that users can
79 subscribe to mailboxes that don't reside on their "home" server.
80 This option can also be used as a workaround for IMAP clients
81 which don't play well with nonexistent or unselectable mailboxes
82 (e.g., Microsoft Outlook).
83 allowanonymouslogin: 0
85 Permit logins by the user "anonymous" using any password. Also
86 allows use of the SASL ANONYMOUS mechanism.
87 allowapop: 1
89 Allow use of the POP3 APOP authentication command.
90 Note that this command requires that SASL is compiled with APOP
92 support, that the plaintext passwords are available in a SASL
93 auxprop backend (e.g., sasldb), and that the system can provide
94 enough entropy (e.g., from /dev/urandom) to create a challenge
95 in the banner.
96 allownewnews: 0
98 Allow use of the NNTP NEWNEWS command.
99 Note that this is a very expensive command and should only be
101 enabled when absolutely necessary.
102 allowplaintext: 0
104 If enabled, allows the use of cleartext passwords on the wire.
105 By default, the use of cleartext passwords requires a TLS/SSL
107 encryption layer to be negotiated prior to any cleartext authen‐
108 tication mechanisms being advertised or allowed. To require a
109 TLS/SSL encryption layer to be negotiated prior to ANY authenti‐
110 cation, see the tls_required option.
111 allowusermoves: 0
113 Allow moving user accounts (with associated meta-data) via
114 RENAME or XFER.
115 Note that measures should be taken to make sure that the user
117 being moved is not logged in, and cannot login during the move.
118 Failure to do so may result in the user's meta-data (seen state,
119 subscriptions, etc) being corrupted or out of date.
120 altnamespace: 1
122 Use the alternate IMAP namespace, where personal folders reside
123 at the same level in the hierarchy as INBOX.
124 This option ONLY applies where interaction takes place with the
126 client/user. Currently this is limited to the IMAP protocol
127 (imapd) and Sieve scripts (lmtpd). This option does NOT apply
128 to admin tools such as cyradm (admins ONLY), reconstruct, quota,
129 etc., NOR does it affect LMTP delivery of messages directly to
130 mailboxes via plus-addressing. The default changed in 3.0 from
131 off to on.
132 altprefix: Alt Folders
134 Alternative INBOX spellings that can't be accessed in altnames‐
135 pace otherwise go under here
136 annotation_db: twoskip
138 The cyrusdb backend to use for mailbox annotations.
139 Allowed values: skiplist, twoskip, lmdb
141 annotation_db_path: <none>
143 The absolute path to the annotations db file. If not specified,
144 will be confdir/annotations.db
145 anyoneuseracl: 1
147 Should non-admin users be allowed to set ACLs for the 'anyone'
148 user on their mailboxes? In a large organization this can cause
149 support problems, but it's enabled by default.
150 annotation_allow_undefined: 0
152 Allow clients to store values for entries which are not defined
153 either by Cyrus or in the annotations_definitions file.
154 annotation_definitions: <none>
156 File containing external (third-party) annotation definitions.
157 Each line of the file specifies the properties of an annotation
159 and has the following form:
160 name, scope, attrib-type, proxy-type, attrib-names, acl
161 name is the hierarchical name as in RFC 5257 or RFC 5464 (in
163 the latter case, without the leading /shared or /pri‐
164 vate). For example, /vendor/acme/blurdybloop.
165 scope specifies whether the annotation is for the server, a
167 mailbox, or a message.
168 attrib-type
170 specifies the attribute data type, which is used only
171 to check the string value passed by clients when set‐
172 ting annotations. The attrib-type is one of:
173 string any value is accepted.
175 content-type
177 this obsolete data type, which was useful for
178 early drafts of the standard, is accepted but
179 silently translated to string.
180 boolean
182 only the strings "true" or "false" are accepted.
183 Checking is case-insensitive but the value is
184 forced to lowercase.
185 int integers are accepted.
187 uint non-negative integers are accepted.
189 proxy-type
191 specifies whether this attribute is for the backend or
192 proxy servers or both (proxy_and_backend)
193 attrib-names
195 is the space-separated list of available attributes for
196 the annotation. Possible attribute names are
197 value.shared, value.priv, and value (which permits both
198 value.priv and value.shared). The attribute names size,
199 size.shared, and size.priv are accepted but ignored;
200 these attributes are automatically provided by the server
201 if the corresponding value attribute is specified. Some
202 obsolete attributes, which were defined early drafts of
203 the standard, are accepted and ignored with a warning.
204 extra-permissions
206 is the extra ACL permission bits required for setting
207 this annotation, in standard IMAP ACL permission bit
208 string format. Note that this is in addition to the per‐
209 mission bits specified in RFC 5257 and RFC 5464, so leav‐
210 ing this field empty is harmless. Note also that there
211 is no way to specify that an annotation can only be set
212 by an admin user; in particular the a permission bit does
213 not achieve this.
214 Blank lines and lines beginning with ``#'' are ignored.
216 annotation_callout: <none>
218 The pathname of a callout to be used to automatically add anno‐
219 tations or flags to a message when it is appended to a mailbox.
220 The path can be either an executable (including a script), or a
221 UNIX domain socket.
222 aps_topic: <none>
224 Topic for Apple Push Service registration.
225 aps_topic_caldav: <none>
227 Topic for Apple Push Service registration for CalDAV.
228 aps_topic_carddav: <none>
230 Topic for Apple Push Service registration for CardDAV.
231 archive_enabled: 0
233 Is archiving enabled for this server. You also need to have an
234 archivepartition for the mailbox. Archiving allows older email
235 to be stored on slower, cheaper disks - even within the same
236 mailbox, as distinct from partitions.
237 archive_days: 7
239 The number of days after which to move messages to the archive
240 partition if archiving is enabled
241 archive_maxsize: 1024
243 The size in kilobytes of the largest message that won't be
244 archived immediately. Default is 1Mb
245 archive_keepflagged: 0
247 If set, messages with the \Flagged system flag won't be
248 archived, provided they are smaller than archive_maxsize.
249 archivepartition-name: <none>
251 The pathname of the archive partition name, corresponding to
252 spool partition partition-name. For any mailbox residing in a
253 directory on partition-name, the archived messages will be
254 stored in a corresponding directory on archivepartition-name.
255 Note that not every partition-name option is strictly required
256 to have a corresponding archivepartition-name option, but that
257 without one there's no benefit to enabling archiving.
258 auditlog: 0
260 Should cyrus output log entries for every action taken on a mes‐
261 sage file or mailboxes list entry? It's noisy so disabled by
262 default, but can be very useful for tracking down what happened
263 if things look strange
264 auth_mech: unix
266 The authorization mechanism to use.
267 Allowed values: unix, pts, krb, krb5
269 autocreateinboxfolders: <none>
271 Deprecated in favor of autocreate_inbox_folders.
272 autocreatequota: 0
274 Deprecated in favor of autocreate_quota.
275 autocreatequotamsg: -1
277 Deprecated in favor of autocreate_quota_messages.
278 autosievefolders: <none>
280 Deprecated in favor of autocreate_sieve_folders.
281 generate_compiled_sieve_script: 0
283 Deprecated in favor of autocreate_sieve_script_compile.
284 autocreate_sieve_compiled_script: <none>
286 Deprecated in favor of autocreate_sieve_script_compiled.
287 autosubscribeinboxfolders: <none>
289 Deprecated in favor of autocreate_subscribe_folders.
290 autosubscribesharedfolders: <none>
292 Deprecated in favor of autocreate_subscribe_sharedfolders.
293 autosubscribe_all_sharedfolders: 0
295 Deprecated in favor of autocreate_subscribe_sharedfolders_all.
296 autocreate_inbox_folders: <none>
298 If a user does not have an INBOX already, and the INBOX is to be
299 created, create the list of folders in this setting as well.
300 autocreate_inbox_folders is a list of INBOX's subfolders sepa‐
301 rated by a "|", that are automatically created by the server
302 under the following two scenarios. Leading and trailing white‐
303 space is stripped, so "Junk | Trash" results in two folders:
304 "Junk" and "Trash". See also the xlist-flag option, for setting
305 special-use flags on autocreated folders.
306 INBOX folders are created under both the following conditions:
308 1. The user logins via the IMAP or the POP3 protocol. autocre‐
310 ate_quota option must have a value of zero or greater.
311 2. A message arrives for the user through the lmtpd(8).
313 autocreate_post option must be enabled.
314 autocreate_post: 0
316 If enabled, when lmtpd(8) receives an incoming mail for an INBOX
317 that does not exist, then the INBOX is automatically created by
318 lmtpd(8) and delivery of the message continues.
319 autocreate_quota: -1
321 If set to a value of zero or higher, users have their INBOX
322 folders created upon a successful login event or upon lmtpd(8)
323 message delivery if autocreate_post is enabled, provided their
324 INBOX did not yet already exist.
325 The user's quota is set to the value if it is greater than zero,
327 otherwise the user has unlimited quota.
328 Note that quota is specified in kilobytes.
330 autocreate_quota_messages: -1
332 If set to a value of zero or higher, users who have their INBOX
333 folders created upon a successful login event (see autocre‐
334 ate_quota), or upon lmtpd(8) message delivery if autocreate_post
335 is enabled, receive the message quota configured in this option.
336 The default of -1 disables assigning message quota.
338 For consistency with autocreate_quota, a value of zero is
340 treated as unlimited message quota, rather than a message quota
341 of zero.
342 autocreate_sieve_folders: <none>
344 A "|" separated list of subfolders of INBOX that will be auto‐
345 matically created, if requested by a sieve filter, through the
346 "fileinto" action. The default is to create no folders automati‐
347 cally.
348 Leading and trailing whitespace is stripped from each folder, so
350 a setting of "Junk | Trash" will create two folders: "Junk" and
351 "Trash".
352 autocreate_sieve_script: <none>
354 The full path of a file that contains a sieve script. This
355 script automatically becomes a user's initial default sieve fil‐
356 ter script.
357 When this option is not defined, no default sieve filter is cre‐
359 ated. The file must be readable by the Cyrus daemon.
360 autocreate_sieve_script_compile: 0
362 If set to yes and no compiled sieve script file exists, the
363 sieve script which is compiled on the fly will be saved in the
364 file name that autocreate_sieve_compiledscript option points to.
365 In order a compiled script to be generated, autocre‐
366 ate_sieve_script and autocreate_sieve_compiledscript must have
367 valid values
368 autocreate_sieve_script_compiled: <none>
370 The full path of a file that contains a compiled in bytecode
371 sieve script. This script automatically becomes a user's initial
372 default sieve filter script. If this option is not specified,
373 or the filename doesn't exist then the script defined by
374 autocreate_sieve_script is compiled on the fly and installed as
375 the user's default sieve script
376 autocreate_subscribe_folders: <none>
378 A list of folder names, separated by "|", that the users get
379 automatically subscribed to, when their INBOX is created. These
380 folder names must have been included in the autocreateinboxfold‐
381 ers option of the imapd.conf.
382 autocreate_subscribe_sharedfolders: <none>
384 A list of shared folders (bulletin boards), separated by "|",
385 that the users get automatically subscribed to, after their
386 INBOX is created. The shared folder must have been created and
387 the user must have the required permissions to get subscribed to
388 it. Otherwise, subscribing to the shared folder fails.
389 autocreate_subscribe_sharedfolders_all: 0
391 If set to yes, the user is automatically subscribed to all
392 shared folders, one has permission to subscribe to.
393 autocreate_users: anyone
395 A space separated list of users and/or groups that are allowed
396 their INBOX to be automatically created.
397 backuppartition-name: <none>
399 The pathname of the backup partition name. At least one backup
400 partition pathname MUST be specified if backups are in use.
401 Note that there is no relationship between spool partitions and
402 backup partitions.
403 backup_compact_minsize: 0
405 The minimum size in kilobytes of chunks in each backup. The
406 compact tool will try to combine adjacent chunks that are
407 smaller than this.
408 Setting this value to zero or negative disables combining of
410 chunks.
411 backup_compact_maxsize: 0
413 The maximum size in kilobytes of chunks in each backup. The
414 compact tool will try to split chunks larger than this into
415 smaller chunks.
416 Setting this value to zero or negative disables splitting of
418 chunks.
419 backup_compact_work_threshold: 1
421 The number of chunks that must obviously need compaction before
422 the compact tool will go ahead with the compaction. If set to
423 less than one, the value is treated as being one.
424 backup_staging_path: <none>
426 The absolute path of the backup staging area. If not specified,
427 will be temp_path/backup
428 backup_retention_days: 7
430 The number of days to keep content in backup after it has been
431 deleted from the source. If set to a negative value or zero,
432 deleted content will be kept indefinitely.
433 backup_db: twoskip
435 The cyrusdb backend to use for the backup locations database.
436 Allowed values: skiplist, sql, twoskip, lmdb
438 backup_db_path: <none>
440 The absolute path to the backup db file. If not specified, will
441 be confdir/backups.db
442 backup_keep_previous: 0
444 Whether the ctl_backups compact and ctl_backups reindex commands
445 should preserve the original file. The original file will be
446 named with a timestamped suffix. This is mostly useful for
447 debugging.
448 Note that with this enabled, compacting a backup will actually
450 increase the disk used by it (because there will now be an extra
451 copy: the original version, and the compacted version).
452 boundary_limit: 1000
454 messages are parsed recursively and a deep enough MIME structure
455 can cause a stack overflow. Do not parse deeper than this many
456 layers of MIME structure. The default of 1000 is much higher
457 than any sane message should have.
458 caldav_allowattach: 1
460 Enable managed attachments support on the caldav server.
461 caldav_allowscheduling: on
463 Enable calendar scheduling operations. If set to "apple", the
464 server will emulate Apple CalendarServer behavior as closely as
465 possible. Allowed values: off, on, apple
466 caldav_create_attach: 1
468 Create the 'Attachments' calendar if it doesn't already exist
469 caldav_create_default: 1
471 Create the 'Default' calendar if it doesn't already exist
472 caldav_create_sched: 1
474 Create the 'Inbox' and 'Outbox' calendars if they don't already
475 exist
476 caldav_maxdatetime: 20380119T031407Z
478 The latest date and time accepted by the server (ISO format).
479 This value is also used for expanding non-terminating recurrence
480 rules.
481 Note that increasing this value will require the DAV databases
483 for calendars to be reconstructed with the dav_reconstruct util‐
484 ity in order to see its effect on serer-side time-based queries.
485 caldav_mindatetime: 19011213T204552Z
487 The earliest date and time accepted by the server (ISO format).
488 caldav_realm: <none>
490 The realm to present for HTTP authentication of CalDAV
491 resources. If not set (the default), the value of the "server‐
492 name" option will be used.
493 calendarprefix: #calendars
495 The prefix for the calendar mailboxes hierarchies. The hierar‐
496 chy delimiter will be automatically appended. The public calen‐
497 dar hierarchy will be at the toplevel of the shared namespace.
498 A user's personal calendar hierarchy will be a child of their
499 Inbox.
500 calendar_user_address_set: <none>
502 Space-separated list of domains corresponding to calendar user
503 addresses for which the server is responsible. If not set (the
504 default), the value of the "servername" option will be used.
505 carddav_realm: <none>
507 The realm to present for HTTP authentication of CardDAV
508 resources. If not set (the default), the value of the "server‐
509 name" option will be used.
510 carddav_repair_vcard: 0
512 If enabled, VCARDs with invalid content are attempted to be
513 repaired during creation.
514 chatty: 0
516 If yes, syslog tags and commands for every IMAP command, mail‐
517 boxes for every lmtp connection, every POP3 command, etc
518 client_bind: 0
520 If enabled, a specific IP will be bound when performing a client
521 connection. client_bind_name is used if it is set, otherwise
522 servername is used. This is useful on multi-homed servers where
523 Cyrus should not use other services' interfaces.
524 If not enabled (the default), no bind will be performed. Client
526 connections will use an IP chosen by the operating system.
527 client_bind_name: <none>
529 IPv4, IPv6 address or hostname to bind for client connections
530 when client_bind is enabled. If not set (the default), server‐
531 name will be used.
532 client_timeout: 10
534 Number of seconds to wait before returning a timeout failure
535 when performing a client connection (e.g., in a murder environ‐
536 ment)
537 commandmintimer: <none>
539 Time in seconds. Any imap command that takes longer than this
540 time is logged.
541 configdirectory: <none>
543 The pathname of the IMAP configuration directory. This field is
544 required.
545 createonpost: 0
547 Deprecated in favor of autocreate_post.
548 conversations: 0
550 Enable the XCONVERSATIONS extensions. Extract conversation
551 tracking information from incoming messages and track them in
552 per-user databases.
553 conversations_counted_flags: <none>
555 space-separated list of flags for which per-conversation counts
556 will be kept. Note that you need to reconstruct the conversa‐
557 tions database with ctl_conversationsdb if you change this
558 option on a running server, or the counts will be wrong.
559 conversations_db: skiplist
561 The cyrusdb backend to use for the per-user conversations data‐
562 base.
563 Allowed values: skiplist, sql, twoskip, lmdb
565 conversations_expire_days: 90
567 How long the conversations database keeps the message tracking
568 information needed for receiving new messages in existing con‐
569 versations, in days.
570 crossdomains: 0
572 Enable cross domain sharing. This works best with alt namespace
573 and unix hierarchy separators on, so you get Other
574 Users/foo@example.com/...
575 crossdomains_onlyother: 0
577 only show the domain for users in other domains than your own
578 (for backwards compatibility if you're already sharing
579 cyrus_user: <none>
581 The username to use as the 'cyrus' user. If not configured, the
582 compile time default will be used. Can be further overridden by
583 setting the $CYRUS_USER environment variable.
584 davdriveprefix: #drive
586 The prefix for the DAV storage mailboxes hierarchies. The hier‐
587 archy delimiter will be automatically appended. The public
588 storage hierarchy will be at the toplevel of the shared names‐
589 pace. A user's personal storage hierarchy will be a child of
590 their Inbox.
591 davnotificationsprefix: #notifications
593 The prefix for the DAV notifications hierarchy. The hierarchy
594 delimiter will be automatically appended. The public notifica‐
595 tions hierarchy will be at the toplevel of the shared namespace.
596 A user's personal notifications hierarchy will be a child of
597 their Inbox.
598 dav_realm: <none>
600 The realm to present for HTTP authentication of generic DAV
601 resources (principals). If not set (the default), the value of
602 the "servername" option will be used.
603 debug_command: <none>
605 Debug command to be used by processes started with -D option.
606 The string is a C format string that gets 3 options: the first
607 is the name of the executable (without path). The second is the
608 pid (integer) and the third is the service ID. Example:
609 /usr/local/bin/gdb /usr/cyrus/bin/%s %d
610 defaultacl: anyone lrs
612 The Access Control List (ACL) placed on a newly-created
613 (non-user) mailbox that does not have a parent mailbox.
614 defaultdomain: internal
616 The default domain for virtual domain support
617 defaultpartition: <none>
619 The partition name used by default for new mailboxes. If not
620 specified, the partition with the most free space will be used
621 for new mailboxes.
622 Note that the partition specified by this option must also be
624 specified as partition-name, where you substitute 'name' for the
625 alphanumeric string you set defaultpartition to.
626 defaultsearchtier: <empty string>
628 Name of the default tier that messages will be indexed to.
629 Search indexes can be organized in tiers to allow index storage
630 in different directories and physical media. See the man page of
631 squatter for details. The default search tier also requires the
632 definition of an according searchtierpartition-name entry.
633 This option MUST be specified for xapian search.
635 defaultserver: <none>
637 The backend server name used by default for new mailboxes. If
638 not specified, the server with the most free space will be used
639 for new mailboxes.
640 deletedprefix: DELETED
642 With delete_mode set to delayed, the deletedprefix setting
643 defines the prefix for the hierarchy of deleted mailboxes.
644 The hierarchy delimiter will be automatically appended.
646 delete_mode: delayed
648 The manner in which mailboxes are deleted. In the default
649 delayed mode, mailboxes that are being deleted are renamed to a
650 special mailbox hierarchy under the deletedprefix, to be removed
651 later by cyr_expire(8).
652 In immediate mode, the mailbox is removed from the filesystem
654 immediately.
655 Allowed values: immediate, delayed
657 delete_unsubscribe: 0
659 Whether to also unsubscribe from mailboxes when they are
660 deleted. Note that this behaviour contravenes RFC 3501 section
661 6.3.9, but may be useful for avoiding user/client software con‐
662 fusion. The default is 'no'.
663 deleteright: c
665 Deprecated - only used for backwards compatibility with existing
666 installations. Lists the old RFC 2086 right which was used to
667 grant the user the ability to delete a mailbox. If a user has
668 this right, they will automatically be given the new 'x' right.
669 disable_user_namespace: 0
671 Preclude list command on user namespace. If set to 'yes', the
672 LIST response will never include any other user's mailbox.
673 Admin users will always see all mailboxes. The default is 'no'
674 disable_shared_namespace: 0
676 Preclude list command on shared namespace. If set to 'yes', the
677 LIST response will never include any non-user mailboxes. Admin
678 users will always see all mailboxes. The default is 'no'
679 disconnect_on_vanished_mailbox: 0
681 If enabled, IMAP/POP3/NNTP clients will be disconnected by the
682 server if the currently selected mailbox is (re)moved by another
683 session. Otherwise, the missing mailbox is treated as empty
684 while in use by the client.
685 ischedule_dkim_domain: <none>
687 The domain to be reported as doing iSchedule DKIM signing.
688 ischedule_dkim_key_file: <none>
690 File containing the private key for iSchedule DKIM signing.
691 ischedule_dkim_selector: <none>
693 Name of the selector subdividing the domain namespace. This
694 specifies the actual key used for iSchedule DKIM signing within
695 the domain.
696 duplicate_db: twoskip
698 The cyrusdb backend to use for the duplicate delivery suppres‐
699 sion and sieve. Allowed values: skiplist, sql, twoskip, lmdb
700 duplicate_db_path: <none>
702 The absolute path to the duplicate db file. If not specified,
703 will be confdir/deliver.db
704 duplicatesuppression: 1
706 If enabled, lmtpd will suppress delivery of a message to a mail‐
707 box if a message with the same message-id (or resent-message-id)
708 is recorded as having already been delivered to the mailbox.
709 Records the mailbox and message-id/resent-message-id of all suc‐
710 cessful deliveries.
711 event_content_inclusion_mode: standard
713 The mode in which message content may be included with Mes‐
714 sageAppend and MessageNew. "standard" mode is the default behav‐
715 ior in which message is included up to a size with the notifica‐
716 tion. In "message" mode, the message is included and may be
717 truncated to a size. In "header" mode, it includes headers trun‐
718 cated to a size. In "body" mode, it includes body truncated to a
719 size. In "headerbody" mode, it includes full headers and body
720 truncated to a size Allowed values: standard, message, header,
721 body, headerbody
722 event_content_size: 0
724 Truncate the message content that may be included with Mes‐
725 sageAppend and MessageNew. Set 0 to include the entire message
726 itself
727 event_exclude_flags: <none>
729 Don't send event notification for given IMAP flag(s)
730 event_exclude_specialuse: \Junk
732 Don't send event notification for folder with given special-use
733 attributes. Set ALL for any folder
734 event_extra_params: timestamp
736 Space-separated list of extra parameters to add to any appropri‐
737 ated event.
738 Allowed values: bodyStructure, clientAddress, diskUsed,
740 flagNames, messageContent, messageSize, messages, modseq, ser‐
741 vice, timestamp, uidnext, vnd.cmu.midset, vnd.cmu.unseenMes‐
742 sages, vnd.cmu.envelope, vnd.cmu.sessionId, vnd.cmu.mailboxACL,
743 vnd.cmu.mbtype, vnd.cmu.davFilename, vnd.cmu.davUid, vnd.fast‐
744 mail.clientId, vnd.fastmail.sessionId, vnd.fastmail.convExists,
745 vnd.fastmail.convUnseen, vnd.fastmail.cid, vnd.fastmail.counters
746 event_groups: message mailbox
748 Space-separated list of groups of related events to turn on
749 notification
750 Allowed values: message, quota, flags, access, mailbox, sub‐
752 scription, calendar, applepushservice
753 event_notifier: <none>
755 Notifyd(8) method to use for "EVENT" notifications which are
756 based on the RFC 5423. If not set, "EVENT" notifications are
757 disabled.
758 expunge_mode: delayed
760 The mode in which messages (and their corresponding cache
761 entries) are expunged. "default" mode is the old behavior in
762 which the message files are purged at the time of the EXPUNGE,
763 but index and cache records are retained to facilitate QRESYNC.
764 (Note that this behaviour is no longer the default, but is so
765 named for historical reasons.) In "delayed" mode, which is the
766 default since Cyrus 2.5.0, the message files are also retained,
767 allowing unexpunge to rescue them. In "immediate" mode, both
768 the message files and the index records are removed as soon as
769 possible. In all cases, nothing will be finally purged until
770 all other processes have closed the mailbox to ensure they never
771 see data disappear under them. In "default" or "delayed" mode,
772 a later run of "cyr_expire" will clean out the retained records
773 (and possibly message files). This reduces the amount of I/O
774 that takes place at the time of EXPUNGE and should result in
775 greater responsiveness for the client, especially when expunging
776 a large number of messages. Allowed values: default, immediate,
777 delayed
778 failedloginpause: 3
780 Number of seconds to pause after a failed login.
781 flushseenstate: 1
783 Deprecated. No longer used
784 foolstupidclients: 0
786 If enabled, only list the personal namespace when a LIST "*" is
787 performed (it changes the request to a LIST "INBOX*").
788 force_sasl_client_mech: <none>
790 Force preference of a given SASL mechanism for client side oper‐
791 ations (e.g., murder environments). This is separate from (and
792 overridden by) the ability to use the <host shortname>_mechs
793 option to set preferred mechanisms for a specific host
794 fulldirhash: 0
796 If enabled, uses an improved directory hashing scheme which
797 hashes on the entire username instead of using just the first
798 letter as the hash. This changes hash algorithm used for quota
799 and user directories and if hashimapspool is enabled, the entire
800 mail spool.
801 Note that this option CANNOT be changed on a live system. The
803 server must be quiesced and then the directories moved with the
804 rehash utility.
805 hashimapspool: 0
807 If enabled, the partitions will also be hashed, in addition to
808 the hashing done on configuration directories. This is recom‐
809 mended if one partition has a very bushy mailbox tree.
810 debug: 0
812 If enabled, allow syslog() to pass LOG_DEBUG messages.
813 hostname_mechs: <none>
815 Force a particular list of SASL mechanisms to be used when
816 authenticating to the backend server hostname (where hostname is
817 the short hostname of the server in question). If it is not
818 specified it will query the server for available mechanisms and
819 pick one to use. - Cyrus Murder
820 hostname_password: <none>
822 The password to use for authentication to the backend server
823 hostname (where hostname is the short hostname of the server) -
824 Cyrus Murder
825 httpallowcompress: 1
827 If enabled, the server will compress response payloads if the
828 client indicates that it can accept them. Note that the com‐
829 pressed data will appear in telemetry logs, leaving only the
830 response headers as human-readable.
831 httpallowcors: <none>
833 A wildmat pattern specifying a list of origin URIs ( scheme
834 "://" host [ ":" port ] ) that are allowed to make Cross-Origin
835 Resource Sharing (CORS) requests on the server. By default,
836 CORS requests are disabled.
837 Note that the scheme and host should both be lowercase, the port
839 should be omitted if using the default for the scheme (80 for
840 http, 443 for https), and there should be no trailing '/' (e.g.:
841 "http://www.example.com:8080", "https://example.org").
842 httpallowtrace: 0
844 Allow use of the TRACE method.
845 Note that sensitive data might be disclosed by the response.
847 httpallowedurls: <none>
849 Space-separated list of relative URLs (paths) rooted at "http‐
850 docroot" (see below) to be served by httpd. If set, this option
851 will limit served static content to only those paths specified
852 (returning "404 Not Found" to any other client requested URLs).
853 Otherwise, httpd will serve any content found in "httpdocroot".
854 Note that any path specified by "rss_feedlist_template" is an
856 exception to this rule.
857 httpcontentmd5: 0
859 If enabled, HTTP responses will include a Content-MD5 header for
860 the purpose of providing an end-to-end message integrity check
861 (MIC) of the payload body. Note that enabling this option will
862 use additional CPU to generate the MD5 digest, which may be
863 ignored by clients anyways.
864 httpdocroot: <none>
866 If set, http will serve the static content (html/text/jpeg/gif
867 files, etc) rooted at this directory. Otherwise, httpd will not
868 serve any static content.
869 httpkeepalive: 20
871 Set the length of the HTTP server's keepalive heartbeat in sec‐
872 onds. The default is 20. The minimum value is 0, which will
873 disable the keepalive heartbeat. When enabled, if a request
874 takes longer than httpkeepalive seconds to process, the server
875 will send the client provisional responses every httpkeepalive
876 seconds until the final response can be sent
877 httpmodules: <empty string>
879 Space-separated list of HTTP modules that will be enabled in
880 httpd(8). This option has no effect on modules that are dis‐
881 abled at compile time due to missing dependencies (e.g. libi‐
882 cal).
883 Note that "domainkey" depends on "ischedule" being enabled, and
885 that both "freebusy" and "ischedule" depend on "caldav" being
886 enabled. Allowed values: admin, caldav, carddav, domainkey,
887 freebusy, ischedule, rss, tzdist, webdav
888 httpprettytelemetry: 0
890 If enabled, HTTP response payloads including server-generated
891 markup languages (HTML, XML) will utilize line breaks and inden‐
892 tation to promote better human-readability in telemetry logs.
893 Note that enabling this option will increase the amount of data
894 sent across the wire.
895 httptimeout: 5
897 Set the length of the HTTP server's inactivity autologout timer,
898 in minutes. The default is 5. The minimum value is 0, which
899 will disable persistent connections.
900 idlesocket: {configdirectory}/socket/idle
902 Unix domain socket that idled listens on.
903 ignorereference: 0
905 For backwards compatibility with Cyrus 1.5.10 and earlier --
906 ignore the reference argument in LIST or LSUB commands.
907 imapidlepoll: 60
909 The interval (in seconds) for polling for mailbox changes and
910 ALERTs while running the IDLE command. This option is used when
911 idled is not enabled or cannot be contacted. The minimum value
912 is 1. A value of 0 will disable IDLE.
913 imapidresponse: 1
915 If enabled, the server responds to an ID command with a parame‐
916 ter list containing: version, vendor, support-url, os, os-ver‐
917 sion, command, arguments, environment. Otherwise the server
918 returns NIL.
919 imapmagicplus: 0
921 Only list a restricted set of mailboxes via IMAP by using
922 userid+namespace syntax as the authentication/authorization id.
923 Using userid+ (with an empty namespace) will list only sub‐
924 scribed mailboxes.
925 imipnotifier: <none>
927 Notifyd(8) method to use for "IMIP" notifications which are
928 based on the RFC 6047. If not set, "IMIP" notifications are
929 disabled.
930 implicit_owner_rights: lkxa
932 The implicit Access Control List (ACL) for the owner of a mail‐
933 box.
934 @include: <none>
936 Directive which includes the specified file as part of the con‐
937 figuration. If the path to the file is not absolute, CYRUS_PATH
938 is prepended.
939 improved_mboxlist_sort: 0
941 If enabled, a special comparator will be used which will cor‐
942 rectly sort mailbox names that contain characters such as ' '
943 and '-'.
944 Note that this option SHOULD NOT be changed on a live system.
946 The mailboxes database should be dumped (ctl_mboxlist) before
947 the option is changed, removed, and then undumped after changing
948 the option. When not using flat files for the subscriptions
949 databases the same has to be done (cyr_dbtool) for each sub‐
950 scription database See improved_mboxlist_sort.html.
951 internaldate_heuristic: standard
953 Mechanism to determine email internaldates on delivery/recon‐
954 struct. "standard" uses time() when delivering a message, mtime
955 on reconstruct. "receivedheader" looks at the top most Received
956 header or time/mtime otherwise Allowed values: standard,
957 receivedheader
958 iolog: 0
960 Should cyrus output I/O log entries
961 ldap_authz: <none>
963 SASL authorization ID for the LDAP server
964 ldap_base: <empty string>
966 Contains the LDAP base dn for the LDAP ptloader module
967 ldap_bind_dn: <none>
969 Bind DN for the connection to the LDAP server (simple bind). Do
970 not use for anonymous simple binds
971 ldap_deref: never
973 Specify how aliases dereferencing is handled during search.
974 Allowed values: search, find, always, never
976 ldap_domain_base_dn: <empty string>
978 Base DN to search for domain name spaces.
979 ldap_domain_filter: (&(objectclass=domainrelatedobject)(associated‐
981 domain=%s))
982 Filter to use searching for domains
983 ldap_domain_name_attribute: associateddomain
985 The attribute name for domains.
986 ldap_domain_scope: sub
988 Search scope
989 Allowed values: sub, one, base
991 ldap_domain_result_attribute: inetdomainbasedn
993 Result attribute
994 ldap_filter: (uid=%u)
996 Specify a filter that searches user identifiers. The following
997 tokens can be used in the filter string:
998 %% = % %u = user %U = user portion of %u (%U = test when
1000 %u = test@domain.tld) %d = domain portion of %u if available
1001 (%d = domain.tld when %u = %test@domain.tld), otherwise same as
1002 %r %D = user dn. (use when ldap_member_method: filter) %1-9 =
1003 domain tokens (%1 = tld, %2 = domain when %d = domain.tld)
1004 ldap_filter is not used when ldap_sasl is enabled.
1006 ldap_group_base: <empty string>
1008 LDAP base dn for ldap_group_filter.
1009 ldap_group_filter: (cn=%u)
1011 Specify a filter that searches for group identifiers. See
1012 ldap_filter for more options.
1013 ldap_group_scope: sub
1015 Specify search scope for ldap_group_filter.
1016 Allowed values: sub, one, base
1018 ldap_id: <none>
1020 SASL authentication ID for the LDAP server
1021 ldap_mech: <none>
1023 SASL mechanism for LDAP authentication
1024 ldap_user_attribute: <none>
1026 Specify LDAP attribute to use as canonical user id
1027 ldap_member_attribute: <none>
1029 See ldap_member_method.
1030 ldap_member_base: <empty string>
1032 LDAP base dn for ldap_member_filter.
1033 ldap_member_filter: (member=%D)
1035 Specify a filter for "ldap_member_method: filter". See
1036 ldap_filter for more options.
1037 ldap_member_method: attribute
1039 Specify a group method. The "attribute" method retrieves groups
1040 from a multi-valued attribute specified in ldap_mem‐
1041 ber_attribute.
1042 The "filter" method uses a filter, specified by ldap_member_fil‐
1044 ter, to find groups; ldap_member_attribute is a single-value
1045 attribute group name. Allowed values: attribute, filter
1046 ldap_member_scope: sub
1048 Specify search scope for ldap_member_filter.
1049 Allowed values: sub, one, base
1051 ldap_password: <none>
1053 Password for the connection to the LDAP server (SASL and simple
1054 bind). Do not use for anonymous simple binds
1055 ldap_realm: <none>
1057 SASL realm for LDAP authentication
1058 ldap_referrals: 0
1060 Specify whether or not the client should follow referrals.
1061 ldap_restart: 1
1063 Specify whether or not LDAP I/O operations are automatically
1064 restarted if they abort prematurely.
1065 ldap_sasl: 1
1067 Use SASL for LDAP binds in the LDAP PTS module.
1068 ldap_sasl_authc: <none>
1070 Deprecated. Use ldap_id
1071 ldap_sasl_authz: <none>
1073 Deprecated. Use ldap_authz
1074 ldap_sasl_mech: <none>
1076 Deprecated. Use ldap_mech
1077 ldap_sasl_password: <none>
1079 Deprecated. User ldap_password
1080 ldap_sasl_realm: <none>
1082 Deprecated. Use ldap_realm
1083 ldap_scope: sub
1085 Specify search scope.
1086 Allowed values: sub, one, base
1088 ldap_servers: ldap://localhost/
1090 Deprecated. Use ldap_uri
1091 ldap_size_limit: 1
1093 Specify a number of entries for a search request to return.
1094 ldap_start_tls: 0
1096 Use transport layer security for ldap:// using STARTTLS. Do not
1097 use ldaps:// in 'ldap_uri' with this option enabled.
1098 ldap_time_limit: 5
1100 Specify a number of seconds for a search request to complete.
1101 ldap_timeout: 5
1103 Specify a number of seconds a search can take before timing out.
1104 ldap_ca_dir: <none>
1106 Path to a directory with CA (Certificate Authority) certifi‐
1107 cates.
1108 ldap_ca_file: <none>
1110 Patch to a file containing CA (Certificate Authority) certifi‐
1111 cate(s).
1112 ldap_ciphers: <none>
1114 List of SSL/TLS ciphers to allow. The format of the string is
1115 described in ciphers(1).
1116 ldap_client_cert: <none>
1118 File containing the client certificate.
1119 ldap_client_key: <none>
1121 File containing the private client key.
1122 ldap_verify_peer: 0
1124 Require and verify server certificate. If this option is yes,
1125 you must specify ldap_ca_file or ldap_ca_dir.
1126 ldap_tls_cacert_dir: <none>
1128 Deprecated in favor of ldap_ca_dir.
1129 ldap_tls_cacert_file: <none>
1131 Deprecated in favor of ldap_ca_file.
1132 ldap_tls_cert: <none>
1134 Deprecated in favor of ldap_client_cert.
1135 ldap_tls_key: <none>
1137 Deprecated in favor of ldap_client_key.
1138 ldap_tls_check_peer: 0
1140 Deprecated in favor of ldap_verify_peer.
1141 ldap_tls_ciphers: <none>
1143 Deprecated in favor of ldap_ciphers.
1144 ldap_uri: <none>
1146 Contains a list of the URLs of all the LDAP servers when using
1147 the LDAP PTS module.
1148 ldap_version: 3
1150 Specify the LDAP protocol version. If ldap_start_tls and/or
1151 ldap_use_sasl are enabled, ldap_version will be automatically
1152 set to 3.
1153 literalminus: 0
1155 if enabled, CAPABILITIES will reply with LITERAL- rather than
1156 LITERAL+ (RFC 7888). Doesn't actually size-restrict uploads
1157 though
1158 lmtp_downcase_rcpt: 1
1160 If enabled, lmtpd will convert the recipient addresses to lower‐
1161 case (up to a '+' character, if present).
1162 lmtp_fuzzy_mailbox_match: 0
1164 If enabled, and the mailbox specified in the detail part of the
1165 recipient (everything after the '+') does not exist, lmtpd will
1166 try to find the closest match (ignoring case, ignoring white‐
1167 space, falling back to parent) to the specified mailbox name.
1168 lmtp_over_quota_perm_failure: 0
1170 If enabled, lmtpd returns a permanent failure code when a user's
1171 mailbox is over quota. By default, the failure is temporary,
1172 causing the MTA to queue the message and retry later.
1173 lmtp_strict_quota: 0
1175 If enabled, lmtpd returns a failure code when the incoming mes‐
1176 sage will cause the user's mailbox to exceed its quota. By
1177 default, the failure won't occur until the mailbox is already
1178 over quota.
1179 lmtp_strict_rfc2821: 1
1181 By default, lmtpd will be strict (per RFC 2821) with regards to
1182 which envelope addresses are allowed. If this option is set to
1183 false, 8bit characters in the local-part of envelope addresses
1184 are changed to 'X' instead. This is useful to avoid generating
1185 backscatter with certain MTAs like Postfix or Exim which accept
1186 such messages.
1187 lmtpsocket: {configdirectory}/socket/lmtp
1189 Unix domain socket that lmtpd listens on, used by deliver(8).
1190 This should match the path specified in cyrus.conf(5).
1191 lmtptxn_timeout: 300
1193 Timeout (in seconds) used during a lmtp transaction to a remote
1194 backend (e.g. in a murder environment). Can be used to prevent
1195 hung lmtpds on proxy hosts when a backend server becomes unre‐
1196 sponsive during a lmtp transaction. The default is 300 - change
1197 to zero for infinite.
1198 loginrealms: <empty string>
1200 The list of remote realms whose users may authenticate using
1201 cross-realm authentication identifiers. Separate each realm
1202 name by a space. (A cross-realm identity is considered any
1203 identity returned by SASL with an "@" in it.).
1204 loginuseacl: 0
1206 If enabled, any authentication identity which has a rights on a
1207 user's INBOX may log in as that user.
1208 logtimestamps: 0
1210 Include notations in the protocol telemetry logs indicating the
1211 number of seconds since the last command or response.
1212 mailbox_default_options: 0
1214 Default "options" field for the mailbox on create. You'll want
1215 to know what you're doing before setting this, but it can apply
1216 some default annotations like duplicate supression
1217 mailbox_initial_flags: <none>
1219 space-separated list of permanent flags which will be pre-set in
1220 every newly created mailbox. If you know you will require par‐
1221 ticular flag names then this avoids a possible race condition
1222 against a client that fills the entire 128 available slots.
1223 Default is NULL, which is no flags. Example: $Label1 $Label2
1224 $Label3 NotSpam Spam
1225 mailnotifier: <none>
1227 Notifyd(8) method to use for "MAIL" notifications. If not set,
1228 "MAIL" notifications are disabled.
1229 maxheaderlines: 1000
1231 Maximum number of lines of header that will be processed into
1232 cache records. Default 1000. If set to zero, it is unlimited.
1233 If a message hits the limit, an error will be logged and the
1234 rest of the lines in the header will be skipped. This is to
1235 avoid malformed messages causing giant cache records
1236 maxlogins_per_host: 0
1238 Maximum number of logged in sessions allowed per host, zero
1239 means no limit
1240 maxlogins_per_user: 0
1242 Maximum number of logged in sessions allowed per user, zero
1243 means no limit
1244 maxmessagesize: 0
1246 Maximum incoming LMTP message size. If non-zero, lmtpd will
1247 reject messages larger than maxmessagesize bytes. If set to 0,
1248 this will allow messages of any size (the default).
1249 maxquoted: 131072
1251 Maximum size of a single quoted string for the parser. Default
1252 128k
1253 maxword: 131072
1255 Maximum size of a single word for the parser. Default 128k
1256 mboxkey_db: twoskip
1258 The cyrusdb backend to use for mailbox keys.
1259 Allowed values: skiplist, twoskip, lmdb
1261 mboxlist_db: twoskip
1263 The cyrusdb backend to use for the mailbox list.
1264 Allowed values: flat, skiplist, sql, twoskip, lmdb
1266 mboxlist_db_path: <none>
1268 The absolute path to the mailboxes db file. If not specified
1269 will be confdir/mailboxes.db
1270 mboxname_lockpath: <none>
1272 Path to mailbox name lock files (default $conf/lock)
1273 metapartition_files: <empty string>
1275 Space-separated list of metadata files to be stored on a meta‐
1276 partition rather than in the mailbox directory on a spool parti‐
1277 tion. Allowed values: header, index, cache, expunge, squat,
1278 annotations, lock, dav, archivecache
1279 metapartition-name: <none>
1281 The pathname of the metadata partition name, corresponding to
1282 spool partition partition-name. For any mailbox residing in a
1283 directory on partition-name, the metadata files listed in meta‐
1284 partition_files will be stored in a corresponding directory on
1285 metapartition-name. Note that not every partition-name option
1286 is required to have a corresponding metapartition-name option,
1287 so that you can selectively choose which spool partitions will
1288 have separate metadata partitions.
1289 mupdate_authname: <none>
1291 The SASL username (Authentication Name) to use when authenticat‐
1292 ing to the mupdate server (if needed).
1293 mupdate_config: standard
1295 The configuration of the mupdate servers in the Cyrus Murder.
1296 The "standard" config is one in which there are discreet fron‐
1297 tend (proxy) and backend servers. The "unified" config is one
1298 in which a server can be both a frontend and backend. The
1299 "replicated" config is one in which multiple backend servers all
1300 share the same mailspool, but each have their own "replicated"
1301 copy of mailboxes.db. Allowed values: standard, unified, repli‐
1302 cated
1303 munge8bit: 1
1305 If enabled, lmtpd munges messages with 8-bit characters in the
1306 headers. The 8-bit characters are changed to `X'. If
1307 reject8bit is enabled, setting munge8bit has no effect. (A
1308 proper solution to non-ASCII characters in headers is offered by
1309 RFC 2047 and its predecessors.)
1310 mupdate_connections_max: 128
1312 The max number of connections that a mupdate process will allow,
1313 this is related to the number of file descriptors in the mupdate
1314 process. Beyond this number connections will be immediately
1315 issued a BYE response.
1316 mupdate_password: <none>
1318 The SASL password (if needed) to use when authenticating to the
1319 mupdate server.
1320 mupdate_port: 3905
1322 The port of the mupdate server for the Cyrus Murder
1323 mupdate_realm: <none>
1325 The SASL realm (if needed) to use when authenticating to the
1326 mupdate server.
1327 mupdate_retry_delay: 20
1329 The base time to wait between connection retries to the mupdate
1330 server.
1331 mupdate_server: <none>
1333 The mupdate server for the Cyrus Murder
1334 mupdate_username: <empty string>
1336 The SASL username (Authorization Name) to use when authenticat‐
1337 ing to the mupdate server
1338 mupdate_workers_max: 50
1340 The maximum number of mupdate worker threads (overall)
1341 mupdate_workers_maxspare: 10
1343 The maximum number of idle mupdate worker threads
1344 mupdate_workers_minspare: 2
1346 The minimum number of idle mupdate worker threads
1347 mupdate_workers_start: 5
1349 The number of mupdate worker threads to start
1350 netscapeurl: <none>
1352 If enabled at compile time, this specifies a URL to reply when
1353 Netscape asks the server where the mail administration HTTP
1354 server is. Administrators should set this to a local resource.
1355 newsaddheaders: to
1357 Space-separated list of headers to be added to incoming usenet
1358 articles. Added To: headers will contain email delivery
1359 addresses corresponding to each newsgroup in the Newsgroups:
1360 header. Added Reply-To: headers will contain email delivery
1361 addresses corresponding to each newsgroup in the Followup-To: or
1362 Newsgroups: header. If the specified header(s) already exist in
1363 an article, the email delivery addresses will be appended to the
1364 original header body(s).
1365 This option applies if and only if the newspostuser option is
1367 set. Allowed values: to, replyto
1368 newsgroups: *
1370 A wildmat pattern specifying which mailbox hierarchies should be
1371 treated as newsgroups. Only mailboxes matching the wildmat will
1372 accept and/or serve articles via NNTP. If not set, a default
1373 wildmat of "*" (ALL shared mailboxes) will be used. If the
1374 newsprefix option is also set, the default wildmat will be
1375 translated to "<newsprefix>.*"
1376 newsmaster: news
1378 Userid that is used for checking access controls when executing
1379 Usenet control messages. For instance, to allow articles to be
1380 automatically deleted by cancel messages, give the "news" user
1381 the 'd' right on the desired mailboxes. To allow newsgroups to
1382 be automatically created, deleted and renamed by the correspond‐
1383 ing control messages, give the "news" user the 'c' right on the
1384 desired mailbox hierarchies.
1385 newspeer: <none>
1387 A list of whitespace-separated news server specifications to
1388 which articles should be fed. Each server specification is a
1389 string of the form [user[:pass]@]host[:port][/wildmat] where
1390 'host' is the fully qualified hostname of the server, 'port' is
1391 the port on which the server is listening, 'user' and 'pass' are
1392 the authentication credentials and 'wildmat' is a pattern that
1393 specifies which groups should be fed. If no 'port' is speci‐
1394 fied, port 119 is used. If no 'wildmat' is specified, all
1395 groups are fed. If 'user' is specified (even if empty), then
1396 the NNTP POST command will be used to feed the article to the
1397 server, otherwise the IHAVE command will be used.
1398 A '@' may be used in place of '!' in the wildmat to prevent
1400 feeding articles cross-posted to the given group, otherwise
1401 cross-posted articles are fed if any part of the wildmat
1402 matches. For example, the string "peer.example.com:*,!con‐
1403 trol.*,@local.*" would feed all groups except control messages
1404 and local groups to peer.example.com. In the case of
1405 cross-posting to local groups, these articles would not be fed.
1406 newspostuser: <none>
1408 Userid used to deliver usenet articles to newsgroup folders
1409 (usually via lmtp2nntp). For example, if set to "post", email
1410 sent to "post+comp.mail.imap" would be delivered to the
1411 "comp.mail.imap" folder.
1412 When set, the Cyrus NNTP server will add the header(s) specified
1414 in the newsaddheaders option to each incoming usenet article.
1415 The added header(s) will contain email delivery addresses corre‐
1416 sponding to each relevent newsgroup. If not set, no headers are
1417 added to usenet articles.
1418 newsprefix: <none>
1420 Prefix to be prepended to newsgroup names to make the corre‐
1421 sponding IMAP mailbox names.
1422 newsrc_db_path: <none>
1424 The absolute path to the newsrc db file. If not specified, will
1425 be confdir/fetchnews.db
1426 nntptimeout: 3
1428 Set the length of the NNTP server's inactivity autologout timer,
1429 in minutes. The minimum value is 3, the default.
1430 notesmailbox: <none>
1432 The top level mailbox in each user's account which is used to
1433 store * Apple-style Notes. Default is blank (disabled)
1434 notifysocket: {configdirectory}/socket/notify
1436 Unix domain socket that the mail notification daemon listens on.
1437 notify_external: <none>
1439 Path to the external program that notifyd(8) will call to send
1440 mail notifications.
1441 The external program will be called with the following command
1443 line options:
1444 -c class
1446 -p priority
1448 -u user
1450 -m mailbox
1452 And the notification message will be available on stdin.
1454 partition-name: <none>
1456 The pathname of the partition name. At least one partition
1457 pathname MUST be specified. If the defaultpartition option is
1458 used, then its pathname MUST be specified. For example, if the
1459 value of the defaultpartion option is part1, then the parti‐
1460 tion-part1 field is required.
1461 outbox_sendlater: 0
1463 If enabled, any message with a Draft flag will be sent at the
1464 time of its INTERNALDATE
1465 partition_select_mode: freespace-most
1467 Partition selection mode.
1468 random (pseudo-)random selection
1470 freespace-most
1472 partition with the most free space (KiB)
1473 freespace-percent-most
1475 partition with the most free space (%)
1476 freespace-percent-weighted
1478 each partition is weighted according to its free space
1479 (%); the more free space the partition has, the more
1480 chances it has to be selected
1481 freespace-percent-weighted-delta
1483 each partition is weighted according to its difference of
1484 free space (%) compared to the most used partition; the
1485 more the partition is lagging behind the most used parti‐
1486 tion, the more chances it has to be selected
1487 Note that actually even the most used partition has a few
1489 chances to be selected, and those chances increase when
1490 other partitions get closer
1491 Allowed values: random, freespace-most, freespace-per‐
1493 cent-most, freespace-percent-weighted, freespace-per‐
1494 cent-weighted-delta
1495 partition_select_exclude: <none>
1497 List of partitions to exclude from selection mode.
1498 partition_select_usage_reinit: 0
1500 For a given session, number of operations (e.g. partition selec‐
1501 tion) for which partitions usage data are cached.
1502 partition_select_soft_usage_limit: 0
1504 Limit of partition usage (%): if a partition is over that limit,
1505 it is automatically excluded from selection mode.
1506 If all partitions are over that limit, this feature is not used
1508 anymore.
1509 plaintextloginpause: 0
1511 Number of seconds to pause after a successful plaintext login.
1512 For systems that support strong authentication, this permits
1513 users to perceive a cost of using plaintext passwords. (This
1514 does not affect the use of PLAIN in SASL authentications.)
1515 plaintextloginalert: <none>
1517 Message to send to client after a successful plaintext login.
1518 popexpiretime: -1
1520 The number of days advertised as being the minimum a message may
1521 be left on the POP server before it is deleted (via the CAPA
1522 command, defined in the POP3 Extension Mechanism, which some
1523 clients may support). "NEVER", the default, may be specified
1524 with a negative number. The Cyrus POP3 server never deletes
1525 mail, no matter what the value of this parameter is. However,
1526 if a site implements a less liberal policy, it needs to change
1527 this parameter accordingly.
1528 popminpoll: 0
1530 Set the minimum amount of time the server forces users to wait
1531 between successive POP logins, in minutes.
1532 popsubfolders: 0
1534 Allow access to subfolders of INBOX via POP3 by using
1535 userid+subfolder syntax as the authentication/authorization id.
1536 poppollpadding: 1
1538 Create a softer minimum poll restriction. Allows poppollpadding
1539 connections before the minpoll restriction is triggered. Addi‐
1540 tionally, one padding entry is recovered every popminpoll min‐
1541 utes. This allows for the occasional polling rate faster than
1542 popminpoll, (i.e., for clients that require a send/receive to
1543 send mail) but still enforces the rate long-term. Default is 1
1544 (disabled).
1545 The easiest way to think of it is a queue of past connections,
1547 with one slot being filled for every connection, and one slot
1548 being cleared every popminpoll minutes. When the queue is full,
1549 the user will not be able to check mail again until a slot is
1550 cleared. If the user waits a sufficient amount of time, they
1551 will get back many or all of the slots.
1552 poptimeout: 10
1554 Set the length of the POP server's inactivity autologout timer,
1555 in minutes. The minimum value is 10, the default.
1556 popuseacl: 0
1558 Enforce IMAP ACLs in the pop server. Due to the nature of the
1559 POP3 protocol, the only rights which are used by the pop server
1560 are 'r', 't', and 's' for the owner of the mailbox. The 'r'
1561 right allows the user to open the mailbox and list/retrieve mes‐
1562 sages. The 't' right allows the user to delete messages. The
1563 's' right allows messages retrieved by the user to have the
1564 \Seen flag set (only if popuseimapflags is also enabled).
1565 popuseimapflags: 0
1567 If enabled, the pop server will set and obey IMAP flags. Mes‐
1568 sages having the \Deleted flag are ignored as if they do not
1569 exist. Messages that are retrieved by the client will have the
1570 \Seen flag set. All messages will have the \Recent flag unset.
1571 postmaster: postmaster
1573 Username that is used as the 'From' address in rejection MDNs
1574 produced by sieve.
1575 postuser: <empty string>
1577 Userid used to deliver messages to shared folders. For example,
1578 if set to "bb", email sent to "bb+shared.blah" would be deliv‐
1579 ered to the "shared.blah" folder. By default, an email address
1580 of "+shared.blah" would be used.
1581 proc_path: <none>
1583 Path to proc directory. Default is NULL - must be an absolute
1584 path if specified. If not specified, the path $confdir/proc/
1585 will be used.
1586 proxy_authname: proxy
1588 The authentication name to use when authenticating to a backend
1589 server in the Cyrus Murder.
1590 proxy_compress: 0
1592 Try to enable protocol-specific compression when performing a
1593 client connection to a backend server in the Cyrus Murder.
1594 Note that this should only be necessary over slow network con‐
1596 nections. Also note that currently only IMAP and MUPDATE sup‐
1597 port compression.
1598 proxy_password: <none>
1600 The default password to use when authenticating to a backend
1601 server in the Cyrus Murder. May be overridden on a host-spe‐
1602 cific basis using the hostname_password option.
1603 proxy_realm: <none>
1605 The authentication realm to use when authenticating to a backend
1606 server in the Cyrus Murder
1607 proxyd_allow_status_referral: 0
1609 Set to true to allow proxyd to issue referrals to clients that
1610 support it when answering the STATUS command. This is disabled
1611 by default since some clients issue many STATUS commands in a
1612 row, and do not cache the connections that these referrals would
1613 cause, thus resulting in a higher authentication load on the
1614 respective backend server.
1615 proxyd_disable_mailbox_referrals: 0
1617 Set to true to disable the use of mailbox-referrals on the proxy
1618 servers.
1619 proxyservers: <none>
1621 A list of users and groups that are allowed to proxy for other
1622 users, separated by spaces. Any user listed in this will be
1623 allowed to login for any other user: use with caution. In a
1624 standard murder this option should ONLY be set on backends. DO
1625 NOT SET on frontends or things won't work properly.
1626 pts_module: afskrb
1628 The PTS module to use.
1629 Allowed values: afskrb, ldap
1631 ptloader_sock: <none>
1633 Unix domain socket that ptloader listens on. (defaults to con‐
1634 figdir/ptclient/ptsock)
1635 ptscache_db: twoskip
1637 The cyrusdb backend to use for the pts cache.
1638 Allowed values: skiplist, twoskip, lmdb
1640 ptscache_db_path: <none>
1642 The absolute path to the ptscache db file. If not specified,
1643 will be confdir/ptscache.db
1644 ptscache_timeout: 10800
1646 The timeout (in seconds) for the PTS cache database when using
1647 the auth_krb_pts authorization method (default: 3 hours).
1648 ptskrb5_convert524: 1
1650 When using the AFSKRB ptloader module with Kerberos 5 canonical‐
1651 ization, do the final 524 conversion to get a n AFS style name
1652 (using '.' instead of '/', and using short names
1653 ptskrb5_strip_default_realm: 1
1655 When using the AFSKRB ptloader module with Kerberos 5 canonical‐
1656 ization, strip the default realm from the userid (this does not
1657 affect the stripping of realms specified by the afspts_local‐
1658 realms option)
1659 qosmarking: cs0
1661 This specifies the Class Selector or Differentiated Services
1662 Code Point designation on IP headers (in the ToS field).
1663 Allowed values: cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11,
1664 af12, af13, af21, af22, af23, af31, af32, af33, af41, af42,
1665 af43, ef
1666 quota_db: quotalegacy
1668 The cyrusdb backend to use for quotas.
1669 Allowed values: flat, skiplist, sql, quotalegacy, twoskip, lmdb
1671 quota_db_path: <none>
1673 The absolute path for the quota database (if you choose a sin‐
1674 gle-file quota DB type - or the base path if you choose quotale‐
1675 gacy). If not specified will be confdir/quotas.db or
1676 confdir/quota/
1677 quotawarn: 90
1679 The percent of quota utilization over which the server generates
1680 warnings.
1681 quotawarnkb: 0
1683 The maximum amount of free space (in kB) at which to give a
1684 quota warning (if this value is 0, or if the quota is smaller
1685 than this amount, then warnings are always given).
1686 quotawarnmsg: 0
1688 The maximum amount of messages at which to give a quota warning
1689 (if this value is 0, or if the quota is smaller than this
1690 amount, then warnings are always given).
1691 reject8bit: 0
1693 If enabled, lmtpd rejects messages with 8-bit characters in the
1694 headers.
1695 restore_authname: <none>
1697 The authentication used by the restore tool when authenticating
1698 to an IMAP/sync server.
1699 restore_password: <none>
1701 The password used by the restore tool when authenticating to an
1702 IMAP/sync server.
1703 restore_realm: <none>
1705 The authentication realm used by the restore tool when authenti‐
1706 cating to an IMAP/sync server.
1707 reverseacls: 0
1709 At startup time, ctl_cyrusdb -r will check this value and it
1710 will either add or remove reverse ACL pointers from mailboxes.db
1711 rfc2046_strict: 0
1713 If enabled, imapd will be strict (per RFC 2046) when matching
1714 MIME boundary strings. This means that boundaries containing
1715 other boundaries as substrings will be treated as identical.
1716 Since enabling this option will break some messages created by
1717 Eudora 5.1 (and earlier), it is recommended that it be left dis‐
1718 abled unless there is good reason to do otherwise.
1719 rfc2047_utf8: 0
1721 If enabled, imapd will parse any non-encoded character sequence
1722 in MIME header values as UTF8. This is useful for installations
1723 that either advertise the UTF8SMTP (RFC 5335) extension or
1724 receive mails with improperly escaped UTF-8 byte sequences. It
1725 is recommended that this option is left disabled unless there is
1726 good reason to do otherwise.
1727 rfc3028_strict: 1
1729 If enabled, Sieve will be strict (per RFC 3028) with regards to
1730 which headers are allowed to be used in address and envelope
1731 tests. This means that only those headers which are defined to
1732 contain addresses will be allowed in address tests and only "to"
1733 and "from" will be allowed in envelope tests. When disabled,
1734 ANY grammatically correct header will be allowed.
1735 rss_feedlist_template: <none>
1737 File containing HTML that will be used as a template for dis‐
1738 playing the list of available RSS feeds. A single instance of
1739 the variable %RSS_FEEDLIST% should appear in the file, which
1740 will be replaced by a nested unordered list of feeds. The
1741 toplevel unordered list will be tagged with an id of "feed" (<ul
1742 id='feed'>) which can be used by stylesheet(s) in your template.
1743 The dynamically created list of feeds based on the HTML template
1744 will be accessible at the "/rss" URL on the server.
1745 rss_feeds: *
1747 A wildmat pattern specifying which mailbox hierarchies should be
1748 treated as RSS feeds. Only mailboxes matching the wildmat will
1749 have their messages available via RSS. If not set, a default
1750 wildmat of "*" (ALL mailboxes) will be used.
1751 rss_maxage: 0
1753 Maximum age (in days) of items to display in an RSS channel. If
1754 non-zero, httpd will only display items received within the last
1755 rss_maxage days. If set to 0, all available items will be dis‐
1756 played (the default).
1757 rss_maxitems: 0
1759 Maximum number of items to display in an RSS channel. If
1760 non-zero, httpd will display no more than the rss_maxitems most
1761 recent items. If set to 0, all available items will be dis‐
1762 played (the default).
1763 rss_maxsynopsis: 0
1765 Maximum RSS item synopsis length. If non-zero, httpd will dis‐
1766 play no more than the first rss_maxsynopsis characters of an
1767 item's synopsis. If set to 0, the entire synopsis will be dis‐
1768 played (the default).
1769 rss_realm: <none>
1771 The realm to present for HTTP authentication of RSS feeds. If
1772 not set (the default), the value of the "servername" option will
1773 be used.
1774 sasl_auto_transition: 0
1776 If enabled, the SASL library will automatically create authenti‐
1777 cation secrets when given a plaintext password. See the SASL
1778 documentation.
1779 sasl_maximum_layer: 256
1781 Maximum SSF (security strength factor) that the server will
1782 allow a client to negotiate.
1783 sasl_minimum_layer: 0
1785 The minimum SSF that the server will allow a client to negoti‐
1786 ate. A value of 1 requires integrity protection; any higher
1787 value requires some amount of encryption.
1788 sasl_option: 0
1790 Any SASL option can be set by preceding it with sasl_. This
1791 file overrides the SASL configuration file.
1792 sasl_pwcheck_method: <none>
1794 The mechanism used by the server to verify plaintext passwords.
1795 Possible values include "auxprop", "saslauthd", and "pwcheck".
1796 search_batchsize: 20
1798 The number of messages to be indexed in one batch (default 20).
1799 Note that long batches may delay user commands or mail delivery.
1800 search_normalisation_max: 1000
1802 A resource bound for the combinatorial explosion of search
1803 expression tree complexity caused by normalising expressions
1804 with many OR nodes. These can use more CPU time to optimise
1805 than they save IO time in scanning folders.
1806 search_engine: none
1808 The indexing engine used to speed up searching.
1809 Allowed values: none, squat, sphinx, xapian
1811 search_index_headers: 1
1813 Whether to index headers other than From, To, Cc, Bcc, and Sub‐
1814 ject. Experiment shows that some headers such as Received and
1815 DKIM-Signature can contribute up to 2/3rds of the index size but
1816 almost nothing to the utility of searching. Note that is header
1817 indexing is disabled, headers can still be searched, the
1818 searches will just be slower.
1819 search_indexed_db: twoskip
1821 The cyrusdb backend to use for the search latest indexed uid
1822 state.
1823 Allowed values: flat, skiplist, twoskip, lmdb
1825 search_maxtime: <none>
1827 The maximum number of seconds to run a search for before abort‐
1828 ing. Default of no value means search "forever" until other
1829 timeouts.
1830 search_skipdiacrit: 1
1832 When searching, should diacriticals be stripped from the search
1833 terms. The default is "true", a search for "hav" will match
1834 "Håvard". This is not RFC 5051 complient, but it backwards com‐
1835 patible, and may be preferred by some sites.
1836 search_skiphtml: 0
1838 If enabled, HTML parts of messages are skipped, i.e. not indexed
1839 and not searchable. Otherwise, they're indexed.
1840 search_whitespace: merge
1842 When searching, how whitespace should be handled. Options are:
1843 "skip" (default in 2.3 and earlier series) - where a search for
1844 "equi" would match "the quick brown fox". "merge" - the
1845 default, where "he qu" would match "the quick brownfox", and
1846 "keep", where whitespace must match exactly. The default of
1847 "merge" is recommended for most cases - it's a good compromise
1848 which keeps words separate. Allowed values: skip, merge, keep
1849 search_snippet_length: 255
1851 The maximum byte length of a snippet generated by the XSNIPPETS
1852 command. Only supported by the Xapian search backend, which
1853 attempts to always fill search_snippet_length bytes in the gen‐
1854 erated snippet.
1855 search_stopword_path: <none>
1857 The absolute base path to the search stopword lists. If not
1858 specified, no stopwords will be taken into account during search
1859 indexing. Currently, the only supported and default stop word
1860 file is english.list.
1861 searchpartition-name: <none>
1863 The pathname where to store the xapian search indexes of
1864 searchtier for mailboxes of partition name. This must be config‐
1865 ured for the defaultsearchtier and any additional search tier
1866 (see squatter for details).
1867 For example: if defaultpartition is defined as part1 and
1869 defaultsearchtier as tier1 then the configuration must contain
1870 an entry tier1searchpartition-part1 that defines the path where
1871 to store this tier1's search index for the part1 partition.
1872 This option MUST be specified for xapian search.
1874 seenstate_db: twoskip
1876 The cyrusdb backend to use for the seen state.
1877 Allowed values: flat, skiplist, twoskip, lmdb
1879 sendmail: /usr/lib/sendmail
1881 The pathname of the sendmail executable. Sieve invokes sendmail
1882 for sending rejections, redirects and vacation responses.
1883 serverlist: <none>
1885 Whitespace separated list of backend server names. Used for
1886 finding server with the most available free space for proxying
1887 CREATE.
1888 serverlist_select_mode: freespace-most
1890 Server selection mode.
1891 random (pseudo-)random selection
1893 freespace-most
1895 backend with the most (total) free space (KiB)
1896 freespace-percent-most
1898 backend whose partition has the most free space (%)
1899 freespace-percent-weighted
1901 same as for partition selection, comparing the free space
1902 (%) of the least used partition of each backend
1903 freespace-percent-weighted-delta
1905 same as for partition selection, comparing the free space
1906 (%) of the least used partition of each backend.
1907 Allowed values: random, freespace-most, freespace-per‐
1909 cent-most, freespace-percent-weighted, freespace-per‐
1910 cent-weighted-delta
1911 serverlist_select_usage_reinit: 0
1913 For a given session, number of operations (e.g. backend selec‐
1914 tion) for which backend usage data are cached.
1915 serverlist_select_soft_usage_limit: 0
1917 Limit of backend usage (%): if a backend is over that limit, it
1918 is automatically excluded from selection mode.
1919 If all backends are over that limit, this feature is not used
1921 anymore.
1922 servername: <none>
1924 This is the hostname visible in the greeting messages of the
1925 POP, IMAP and LMTP daemons. If it is unset, then the result
1926 returned from gethostname(2) is used. This is also the value
1927 used by murder clusters to identify the host name. It should be
1928 resolvable by DNS to the correct host, and unique within an
1929 active cluster. If you are using low level replication (e.g.
1930 drbd) then it should be the same on each copy and the DNS name
1931 should also be moved to the new master on failover.
1932 serverinfo: on
1934 The server information to display in the greeting and capability
1935 responses. Information is displayed as follows:
1936 "off" = no server information in the greeting or capabilities
1937 "min" = servername in the greeting; no server information in
1939 the capabilities
1940 "on" = servername and product version in the greeting; prod‐
1942 uct version in the capabilities
1943 Allowed values: off, min, on
1945 sharedprefix: Shared Folders
1947 If using the alternate IMAP namespace, the prefix for the shared
1948 namespace. The hierarchy delimiter will be automatically
1949 appended.
1950 sieve_allowreferrals: 1
1952 If enabled, timsieved will issue referrals to clients when the
1953 user's scripts reside on a remote server (in a Murder). Other‐
1954 wise, timsieved will proxy traffic to the remote server.
1955 sieve_extensions: fileinto reject vacation vacation-seconds
1957 imapflags notify envelope relational regex subaddress copy date
1958 index imap4flags mailbox mboxmetadata servermetadata variables
1959 Space-separated list of Sieve extensions allowed to be used in
1960 sieve scripts, enforced at submission by timsieved(8). Any pre‐
1961 viously installed script will be unaffected by this option and
1962 will continue to execute regardless of the extensions used.
1963 This option has no effect on options that are disabled at com‐
1964 pile time (e.g., "regex"). Allowed values: fileinto, reject,
1965 vacation, vacation-seconds, imapflags, notify, include, enve‐
1966 lope, body, relational, regex, subaddress, copy, date, index,
1967 imap4flags, mailbox, mboxmetadata, servermetadata, variables
1968 sieve_maxscriptsize: 32
1970 Maximum size (in kilobytes) any sieve script can be, enforced at
1971 submission by timsieved(8).
1972 sieve_maxscripts: 5
1974 Maximum number of sieve scripts any user may have, enforced at
1975 submission by timsieved(8).
1976 sieve_utf8fileinto: 0
1978 If enabled, the sieve engine expects folder names for the
1979 fileinto action in scripts to use UTF8 encoding. Otherwise,
1980 modified UTF7 encoding should be used.
1981 sieve_sasl_send_unsolicited_capability: 0
1983 If enabled, timsieved will emit a capability response after a
1984 successful SASL authentication, per draft-martin-manage‐
1985 sieve-12.txt .
1986 sieve_vacation_min_response: 259200 /* 3 days */
1988 Minimum time interval (in seconds) between consecutive vacation
1989 responses, per draft-ietf-vacation-seconds.txt .
1990 sieve_vacation_max_response: 7776000 /* 90 days */
1992 Maximum time interval (in seconds) between consecutive vacation
1993 responses, per draft-ietf-vacation-seconds.txt .
1994 sievedir: /usr/sieve
1996 If sieveusehomedir is false, this directory is searched for
1997 Sieve scripts.
1998 sievenotifier: <none>
2000 Notifyd(8) method to use for "SIEVE" notifications. If not set,
2001 "SIEVE" notifications are disabled.
2002 This method is only used when no method is specified in the
2004 script.
2005 sieveusehomedir: 0
2007 If enabled, lmtpd will look for Sieve scripts in user's home
2008 directories: ~user/.sieve.
2009 anysievefolder: 0
2011 It must be "yes" in order to permit the autocreation of any
2012 INBOX subfolder requested by a sieve filter, through the
2013 "fileinto" action. (default = no)
2014 singleinstancestore: 1
2016 If enabled, imapd, lmtpd and nntpd attempt to only write one
2017 copy of a message per partition and create hard links, resulting
2018 in a potentially large disk savings.
2019 skiplist_always_checkpoint: 1
2021 If enabled, this option forces the skiplist cyrusdb backend to
2022 always checkpoint when doing a recovery. This causes slightly
2023 more IO, but on the other hand leads to more efficient data‐
2024 bases, and the entire file is already "hot".
2025 skiplist_unsafe: 0
2027 If enabled, this option forces the skiplist cyrusdb backend to
2028 not sync writes to the disk. Enabling this option is NOT RECOM‐
2029 MENDED.
2030 soft_noauth: 1
2032 If enabled, lmtpd returns temporary failures if the client does
2033 not successfully authenticate. Otherwise lmtpd returns perma‐
2034 nent failures (causing the mail to bounce immediately).
2035 sortcache_db: twoskip
2037 The cyrusdb backend to use for caching sort results (currently
2038 only used for xconvmultisort) Allowed values: skiplist, twoskip,
2039 lmdb
2040 specialuse_extra: <none>
2042 Whitespace separated list of extra special-use attributes that
2043 can be set on a mailbox. RFC 6154 currently lists what spe‐
2044 cial-use attributes can be set. This allows extending that list
2045 in the future or adding your own if needed.
2046 specialusealways: 0
2048 If enabled, this option causes LIST and LSUB output to always
2049 include the XLIST "special-use" flags
2050 sphinx_text_excludes_odd_headers: 0
2052 If enabled, Sphinx will perform a TEXT search as if it matches
2053 FROM, TO, CC, BCC or SUBJECT but not any other headers. This is
2054 contrary to the RFC but a more useful behaviour for most users.
2055 Default: disabled.
2056 sphinx_socket: {configdirectory}/socket/sphinx
2058 Unix domain socket that the Sphinx searchd daemons listens on.
2059 sphinx_pidfile: /var/run/sphinx.pid
2061 File where the Sphinx searchd daemon writes its pid.
2062 sql_database: <none>
2064 Name of the database which contains the cyrusdb table(s).
2065 sql_engine: <none>
2067 Name of the SQL engine to use.
2068 Allowed values: mysql, pgsql, sqlite
2070 sql_hostnames: <empty string>
2072 Comma separated list of SQL servers (in host[:port] format).
2073 sql_passwd: <none>
2075 Password to use for authentication to the SQL server.
2076 sql_user: <none>
2078 Username to use for authentication to the SQL server.
2079 sql_usessl: 0
2081 If enabled, a secure connection will be made to the SQL server.
2082 srvtab: <empty string>
2084 The pathname of srvtab file containing the server's private key.
2085 This option is passed to the SASL library and overrides its
2086 default setting.
2087 submitservers: <none>
2089 A list of users and groups that are allowed to resolve
2090 "urlauth=submit+" IMAP URLs, separated by spaces. Any user
2091 listed in this will be allowed to fetch the contents of any
2092 valid "urlauth=submit+" IMAP URL: use with caution.
2093 subscription_db: flat
2095 The cyrusdb backend to use for the subscriptions list.
2096 Allowed values: flat, skiplist, twoskip, lmdb
2098 suppress_capabilities: <none>
2100 Suppress the named capabilities from any capability response.
2101 Use the exact case as it appears in the response, e.g. "sup‐
2102 press_capabilities: ESEARCH QRESYNC WITHIN XLIST LIST-EXTENDED"
2103 if you have a murder with 2.3.x backends and don't want clients
2104 being confused by new capabilities that some backends don't sup‐
2105 port.
2106 statuscache: 0
2108 Enable/disable the imap status cache.
2109 statuscache_db: twoskip
2111 The cyrusdb backend to use for the imap status cache.
2112 Allowed values: skiplist, sql, twoskip, lmdb
2114 statuscache_db_path: <none>
2116 The absolute path to the statuscache db file. If not specified,
2117 will be confdir/statuscache.db
2118 sync_authname: <none>
2120 The authentication name to use when authenticating to a sync
2121 server. Prefix with a channel name to only apply for that chan‐
2122 nel
2123 sync_batchsize: 8192
2125 the number of messages to upload in a single mailbox replica‐
2126 tion. Default is 8192. If there are more than this many mes‐
2127 sages appended to the mailbox, generate a synthetic partial
2128 state and send that.
2129 sync_host: <none>
2131 Name of the host (replica running sync_server(8)) to which
2132 replication actions will be sent by sync_client(8). Prefix with
2133 a channel name to only apply for that channel
2134 sync_log: 0
2136 Enable replication action logging by lmtpd(8), imapd(8),
2137 pop3d(8), and nntpd(8). The log {configdirectory}/sync/log is
2138 used by sync_client(8) for "rolling" replication.
2139 sync_log_chain: 0
2141 Enable replication action logging by sync_server as well, allow‐
2142 ing chaining of replicas. Use this on 'B' for A => B => C
2143 replication layout
2144 sync_log_channels: <none>
2146 If specified, log all events to multiple log files in directo‐
2147 ries specified by each "channel". Each channel can then be pro‐
2148 cessed separately, such as by multiple sync_client(8)s in a mesh
2149 replication scheme, or by squatter(8) for rolling search index
2150 updates.
2151 You can use "" (the two-character string U+22 U+22) to mean the
2153 default sync channel.
2154 sync_log_unsuppressable_channels: squatter
2156 If specified, the named channels are exempt from the effect of
2157 setting sync_log_chain:off, i.e. they are always logged to by
2158 the sync_server process. This is only really useful to allow
2159 rolling search indexing on a replica.
2160 sync_password: <none>
2162 The default password to use when authenticating to a sync
2163 server. Prefix with a channel name to only apply for that chan‐
2164 nel
2165 sync_port: <none>
2167 Name of the service (or port number) of the replication service
2168 on replica host. Prefix with a channel name to only apply for
2169 that channel. If not specified, and if sync_try_imap is set to
2170 "yes" (the default), then the replication client will first try
2171 "imap" (port 143) to check if imapd supports replication. oth‐
2172 erwise it will default to "csync" (usually port 2005).
2173 sync_realm: <none>
2175 The authentication realm to use when authenticating to a sync
2176 server. Prefix with a channel name to only apply for that chan‐
2177 nel
2178 sync_repeat_interval: 1
2180 Minimum interval (in seconds) between replication runs in
2181 rolling replication mode. If a replication run takes longer than
2182 this time, we repeat immediately. Prefix with a channel name to
2183 only apply for that channel
2184 sync_shutdown_file: <none>
2186 Simple latch used to tell sync_client(8) that it should shut
2187 down at the next opportunity. Safer than sending signals to run‐
2188 ning processes. Prefix with a channel name to only apply for
2189 that channel
2190 sync_timeout: 1800
2192 Number of seconds to wait for a response before returning a
2193 timeout failure when talking to a replication peer (client or
2194 server).
2195 sync_try_imap: 1
2197 Whether sync_client should try to perform an IMAP connection
2198 before falling back to csync. If this is set to "no",
2199 sync_client will only use csync. Prefix with a channel name to
2200 apply only for that channel
2201 syslog_prefix: <none>
2203 String to be prepended to the process name in syslog entries.
2204 syslog_facility: <none>
2206 Configure a syslog facility. The default is whatever is com‐
2207 piled in. Allowed values are: DAEMON, MAIL, NEWS, USER, and
2208 LOCAL0 through to LOCAL7
2209 tcp_keepalive: 0
2211 Enable keepalive on TCP connections
2212 tcp_keepalive_cnt: 0
2214 Number of TCP keepalive probes to send before declaring the con‐
2215 nection dead (0 == system default)
2216 tcp_keepalive_idle: 0
2218 Number of seconds a connection must be idle before keepalive
2219 probes are sent (0 == system default)
2220 tcp_keepalive_intvl: 0
2222 Number of seconds between keepalive probes (0 == system default)
2223 temp_path: /tmp
2225 The pathname to store temporary files in
2226 telemetry_bysessionid: 0
2228 If true, log by sessionid instead of PID for telemetry
2229 timeout: 32
2231 The length of the IMAP server's inactivity autologout timer, in
2232 minutes. The minimum value is 30. The default is 32 to allow a
2233 bit of leeway for clients that try to NOOP every 30 minutes.
2234 imapidletimeout: 0
2236 Timeout for idling clients (RFC 2177) in minutes. If set to zero
2237 (the default) or less, the value of "timeout" will be used
2238 instead.
2239 tls_ca_file: <none>
2241 Deprecated in favor of tls_client_ca_file.
2242 tls_ca_path: <none>
2244 Deprecated in favor of tls_client_ca_dir.
2245 tlscache_db: twoskip
2247 Deprecated in favor of tls_sessions_db.
2248 tlscache_db_path: <none>
2250 Deprecated in favor of tls_sessions_db_path.
2251 tls_cert_file: <none>
2253 Deprecated in favor of tls_server_cert.
2254 tls_cipher_list: DEFAULT
2256 Deprecated in favor of tls_ciphers.
2257 tls_ciphers: DEFAULT
2259 The list of SSL/TLS ciphers to allow. The format of the string
2260 (and definition of "DEFAULT") is described in ciphers(1).
2261 See also Mozilla's server-side TLS recommendations:
2263 https://wiki.mozilla.org/Security/Server_Side_TLS
2265 tls_client_ca_dir: <none>
2267 Path to a directory containing the CA certificates used to ver‐
2268 ify client SSL certificates used for authentication.
2269 tls_client_ca_file: <none>
2271 Path to a file containing the CA certificate(s) used to verify
2272 client SSL certificates used for authentication.
2273 tls_client_cert: <none>
2275 File containing the certificate presented to a server for
2276 authentication during STARTTLS. A value of "disabled" will dis‐
2277 able this server's use of certificate-based authentication.
2278 tls_client_certs: optional
2280 Disable ("off"), allow ("optional", default) or require
2281 ("require") the use of SSL certificates by clients to authenti‐
2282 cate themselves. Allowed values: off, optional, require
2283 tls_client_key: <none>
2285 File containing the private key belonging to the tls_client_cert
2286 certificate. A value of "disabled" will disable this server's
2287 use of certificate-based authentication.
2288 tls_eccurve: prime256v1
2290 The elliptic curve used for ECDHE. Default is NIST Suite B
2291 prime256. See 'openssl ecparam -list_curves' for possible val‐
2292 ues.
2293 tls_key_file: <none>
2295 Deprecated in favor of tls_server_key.
2296 tls_required: 0
2298 If enabled, require a TLS/SSL encryption layer to be negotiated
2299 prior to ANY authentication mechanisms being advertised or
2300 allowed.
2301 tls_prefer_server_ciphers: 0
2303 Prefer the ciphers on the server side instead of client side.
2304 tls_server_ca_dir: <none>
2306 Path to a directory with CA certificates used to verify certifi‐
2307 cates offered when this server connects to other servers. This
2308 directory must have filenames with the hashed value of the cer‐
2309 tificates (see openssl(1)).
2310 tls_server_ca_file: <none>
2312 Path to a file containing CA certificates used to verify cer‐
2313 tificates offered when this server connects to other servers.
2314 tls_server_cert: <none>
2316 File containing the certificate presented to clients.
2317 tls_server_key: <none>
2319 File containing the private key belonging to the certificate in
2320 tls_server_cert.
2321 tls_sessions_db: twoskip
2323 The cyrusdb backend to use for the TLS cache.
2324 Allowed values: skiplist, sql, twoskip, lmdb
2326 tls_sessions_db_path: <none>
2328 The absolute path to the TLS sessions db file. If not specified,
2329 will be confdir/tls_sessions.db
2330 tls_session_timeout: 1440
2332 The length of time (in minutes) that a TLS session will be
2333 cached for later reuse. The maximum value is 1440 (24 hours),
2334 the default. A value of 0 will disable session caching.
2335 tls_versions: tls1_0 tls1_1 tls1_2
2337 A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS
2338 starts with all protocols, and substracts protocols not in this
2339 list. Newer versions of SSL/TLS will need to be added here to
2340 allow them to get disabled.
2341 uidl_format: cyrus
2343 Choose the format for UIDLs in pop3. Possible values are
2344 "uidonly", "cyrus", "dovecot" and "courier". "uidonly" forces
2345 the old default of UID, "cyrus" is UIDVALIDITY.UID. Dovecot is
2346 8 digits of leading hex (lower case) each UID UIDVALIDITY.
2347 Courier is UIDVALIDITY-UID. Allowed values: uidonly, cyrus,
2348 dovecot, courier
2349 umask: 077
2351 The umask value used by various Cyrus IMAP programs.
2352 userdeny_db: flat
2354 The cyrusdb backend to use for the user access list.
2355 Allowed values: flat, skiplist, sql, twoskip, lmdb
2357 userdeny_db_path: <none>
2359 The absolute path to the userdeny db file. If not specified,
2360 will be confdir/user_deny.db
2361 username_tolower: 1
2363 Convert usernames to all lowercase before login/authentication.
2364 This is useful with authentication backends which ignore case
2365 during username lookups (such as LDAP).
2366 userprefix: Other Users
2368 If using the alternate IMAP namespace, the prefix for the other
2369 users namespace. The hierarchy delimiter will be automatically
2370 appended.
2371 unix_group_enable: 1
2373 Should we look up groups when using auth_unix (disable this if
2374 you are not using groups in ACLs for your IMAP server, and you
2375 are using auth_unix with a backend (such as LDAP) that can make
2376 getgrent() calls very slow)
2377 unixhierarchysep: 1
2379 Use the UNIX separator character '/' for delimiting levels of
2380 mailbox hierarchy. Turn off to use the netnews separator char‐
2381 acter '.'. Note that with the newnews separator, no dots may
2382 occur in mailbox names. The default switched in 3.0 from off to
2383 on.
2384 virtdomains: off
2386 Enable virtual domain support. If enabled, the user's domain
2387 will be determined by splitting a fully qualified userid at the
2388 last '@' or '%' symbol. If the userid is unqualified, and the
2389 virtdomains option is set to "on", then the domain will be
2390 determined by doing a reverse lookup on the IP address of the
2391 incoming network interface, otherwise the user is assumed to be
2392 in the default domain (if set). Allowed values: off, userid, on
2393 xbackup_enabled: 0
2395 Enable support for the XBACKUP command in imapd. If enabled,
2396 admin users can use this command to provoke a replication of
2397 specified users to the named backup channel.
2398 xlist-flag: <none>
2400 Set the special-use flag flag on the specified folder when it is
2401 autocreated (see the autocreate_inbox_folders option). For
2402 example, if xlist-junk: Spam is set, and the folder Spam is
2403 autocreated, the special-use flag \Junk will be set on it.
2404 (This option is so named for backward compatibility with old
2406 config files.)
2407 lmtp_catchall_mailbox: <none>
2409 Mail sent to mailboxes which do not exist, will be delivered to
2410 this user. NOTE: This must be an existing local user name with
2411 an INBOX, NOT an email address!
2412 zoneinfo_db: twoskip
2414 The cyrusdb backend to use for zoneinfo.
2415 Allowed values: flat, skiplist, twoskip, lmdb
2417 zoneinfo_db_path: <none>
2419 The absolute path to the zoneinfo db file. If not specified,
2420 will be confdir/zoneinfo.db
2421 object_storage_enabled: 0
2423 Is Object storage enabled for this server. You also need to
2424 have archiving enabled and archivepartition for the mailbox.
2425 Only email files will be stored on object Storage archive parti‐
2426 tion will be used to store any other files
2427 object_storage_dummy_spool: <none>
2429 Dummy object storage spool; this is for test only. Spool where
2430 user directory (container) will be created to store all emails
2431 in a flat structure
2432 openio_namespace: <none>
2434 The OpenIO namespace used to store archived email messages. A
2435 namespace identifies the physical platform cyrus must contact.
2436 This directive is used by the OpenIO's SDK to locate its plat‐
2437 form entry point.
2438 openio_account: <none>
2440 The OpenIO account used to account for stored emails. Accounts
2441 are unique in their namespace. They provides virtual partitions,
2442 with quotas and QoS features.
2443 openio_rawx_timeout: 30
2445 The OpenIO timeout to query to the RAWX services (default 30
2446 sec).
2447 openio_proxy_timeout: 5
2449 The OpenIO timeout to query to the PROXY services (default 5
2450 sec).
2451 openio_autocreate: 0
2453 Allow the OpenIO SDK to autocreate containers. Mainly destined
2454 to be turned on development environments. In production, the
2455 container should have been provisioned with the mailboxes.
2456 openio_verbosity: <none>
2458 Sets the logging verbosity of the OpenIO's internal behavior.
2459 Admissible values are: "warning", "notice", "info", "debug",
2460 "trace", "quiet". The default verbosity is "warning". Set to
2461 "notice" for a few lines on a per-client basis. Set to "info"
2462 for a few lines on a per-request basis. Set to "debug" Set to
2463 "trace" to activate the underlying libcurl debug output.
2464 Enabling a verbosity higher to equal than "debug" requires the
2465 cyrus to be set in debug mode. The special "quiet" value dis‐
2466 ables all kinds of logging at the GLib level.
2467 caringo_hostname: <none>
2469 The Caringo hostname used to store archived email messages. A
2470 hostname identifies the physical platform cyrus must contact.
2471 This directive is used by the Caringo's SDK (CastorSDK: Caringo
2472 Simple Content Storage Protocol (SCSP) on HTTP 1.1 using a REST‐
2473 ful architecture
2474 caringo_port: 80
2476 The port of the caringo server (caringo_hostname); default is
2477 80.
2478 fastmailsharing: 0
2480 If enabled, use FastMail style sharing (oldschool full server
2481 paths)
2482
2484 imapd(8), pop3d(8), nntpd(8), lmtpd(8), httpd(8), timsieved(8),
2485 idled(8), notifyd(8), deliver(8), cyrus-master(8), ciphers(1)
2486
2488 The Cyrus Team
2489
2491 1993-2017, The Cyrus Team
24923.0.7 May 18, 2018 IMAPD.CONF(5)