1IMAPD.CONF(5) File Formats Manual IMAPD.CONF(5)
2*
6
9 imapd.conf - IMAP configuration file
10
12 /etc/imapd.conf is the configuration file for the Cyrus IMAP server.
13 It defines local parameters for IMAP.
14 Each line of the /etc/imapd.conf file has the form
16 option: value
18 where option is the name of the configuration option being set and
20 value is the value that the configuration option is being set to.
21 Although there is no limit to the length of a line, a ``\'' (backslash)
23 character may be used as the last character on a line to force it to
24 continue on the next one. No additional whitespace is inserted before
25 or after the ``\''. Note that a line that is split using ``\'' charac‐
26 ter(s) is still considered a single line. For example
27 option:\
29 value1 value2 \
30 value3
31 is equivalent to
33 option: value1 value2 value3
35 Blank lines and lines beginning with ``#'' are ignored.
37 For boolean and enumerated options, the values ``yes'', ``on'', ``t'',
39 ``true'' and ``1'' turn the option on, the values ``no'', ``off'',
40 ``f'', ``false'' and ``0'' turn the option off.
41
43 The sections below detail options that can be placed in the
44 /etc/imapd.conf file, and show each option's default value. Some
45 options have no default value, these are listed with ``<no default>''.
46 Some options default to the empty string, these are listed with
47 ``<none>''.
48 admins: <empty string>
51 The list of userids with administrative rights. Separate each
52 userid with a space. Sites using Kerberos authentication may use
53 separate "admin" instances.
54 Note that accounts used by users should not be administrators. Admin‐
56 istrative accounts should not receive mail. That is, if user "jbRo" is
57 a user reading mail, he should not also be in the admins line. Some
58 problems may occur otherwise, most notably the ability of administra‐
59 tors to create top-level mailboxes visible to users, but not writable
60 by users.
61 afspts_localrealms: <none>
63 The list of realms which are to be treated as local, and thus
64 stripped during identifier canonicalization (for the AFSPTS
65 ptloader module). This is different from loginrealms in that it
66 occurs later in the authorization process (as the user id is
67 canonified for PTS lookup)
68 afspts_mycell: <none>
70 Cell to use for AFS PTS lookups. Defaults to the local cell.
71 allowallsubscribe: 0
73 Allow subscription to nonexistent mailboxes. This option is typi‐
74 cally used on backend servers in a Murder so that users can sub‐
75 scribe to mailboxes that don't reside on their "home" server.
76 This option can also be used as a workaround for IMAP clients
77 which don't play well with nonexistent or unselectable mailboxes
78 (e.g., Microsoft Outlook).
79 allowanonymouslogin: 0
81 Permit logins by the user "anonymous" using any password. Also
82 allows use of the SASL ANONYMOUS mechanism.
83 allowapop: 1
85 Allow use of the POP3 APOP authentication command.
86 Note that this command requires that SASL is compiled with APOP sup‐
88 port, that the plaintext passwords are available in a SASL auxprop
89 backend (e.g., sasldb), and that the system can provide enough entropy
90 (e.g., from /dev/urandom) to create a challenge in the banner.
91 allownewnews: 0
93 Allow use of the NNTP NEWNEWS command.
94 Note that this is a very expensive command and should only be enabled
96 when absolutely necessary.
97 allowplaintext: 0
99 Allow the use of cleartext passwords on the wire.
100 allowusermoves: 0
102 Allow moving user accounts (with associated meta-data) via RENAME
103 or XFER.
104 Note that measures should be taken to make sure that the user being
106 moved is not logged in, and cannot login during the move. Failure to
107 do so may result in the user's meta-data (seen state, subscriptions,
108 etc) being corrupted or out of date.
109 altnamespace: 0
111 Use the alternate IMAP namespace, where personal folders reside at
112 the same level in the hierarchy as INBOX.
113 This option ONLY applies where interaction takes place with the
115 client/user. Currently this is limited to the IMAP protocol (imapd)
116 and Sieve scripts (lmtpd). This option does NOT apply to admin tools
117 such as cyradm (admins ONLY), reconstruct, quota, etc., NOR does it
118 affect LMTP delivery of messages directly to mailboxes via plus-
119 addressing.
120 annotation_db: skiplist
122 The cyrusdb backend to use for mailbox annotations.
123 Allowed values: berkeley, berkeley-hash, skiplist
125 annotation_db_path: <none>
127 The absolute path to the annotations db file. If not specified,
128 will be confdir/annotations.db
129 anyoneuseracl: 1
131 Should non-admin users be allowed to set ACLs for the 'anyone'
132 user on their mailboxes? In a large organization this can cause
133 support problems, but it's enabled by default.
134 annotation_definitions: <none>
136 File containing external (third-party) annotation definitions.
137 Each line of the file specifies the properties of an annotation and has
139 the following form:
140 name, scope, attrib-type, proxy-type, attrib-names, acl
142 name is the hierarchical name as in the draft standard, typically of
144 the form /vendor/acme/blurdybloop
145 scope
147 specifies whether the annotation is for the server or a mailbox
148 attrib-type
150 specifies the attribute data type which is one of: string, bool‐
151 ean, int, uint, or content-type
152 proxy-type
154 specifies whether this attribute is for the backend or proxy
155 servers or both (proxy_and_backend)
156 attrib-names
158 is the space-separated list of available attributes for the anno‐
159 tation. Possible attribute names are (where the suffixless foo
160 permits both foo.priv and foo.shared): alue, value.shared,
161 value.priv, size, size.shared, size.priv, modifiedsince, modi‐
162 fiedsince.shared, modifiedsince.priv, content-type, content-
163 type.shared, content-type.priv
164 acl is the extra ACL requirements for setting annotations. This is the
166 standard IMAP ACL permission bit string format. Particularly use‐
167 ful is the a right to require admin privileges. Note that some ACL
168 requirements (read and write on the mailbox) are hard-wired in the
169 server
170 Blank lines and lines beginning with ``#'' are ignored.
172 auditlog: 0
175 Should cyrus output log entries for every action taken on a mes‐
176 sage file or mailboxes list entry? It's noisy so disabled by
177 default, but can be very useful for tracking down what happened if
178 things look strange
179 auth_mech: unix
181 The authorization mechanism to use.
182 Allowed values: unix, pts, krb, krb5
184 autocreatequota: 0
186 If nonzero, normal users may create their own IMAP accounts by
187 creating the mailbox INBOX. The user's quota is set to the value
188 if it is positive, otherwise the user has unlimited quota.
189 berkeley_cachesize: 512
191 Size (in kilobytes) of the shared memory buffer pool (cache) used
192 by the berkeley environment. The minimum allowed value is 20.
193 The maximum allowed value is 4194303 (4GB).
194 berkeley_locks_max: 50000
196 Maximum number of locks to be held or requested in the berkeley
197 environment.
198 berkeley_txns_max: 100
200 Maximum number of transactions to be supported in the berkeley
201 environment.
202 boundary_limit: 1000
204 messages are parsed recursively and a deep enough MIME structure
205 can cause a stack overflow. Do not parse deeper than this many
206 layers of MIME structure. The default of 1000 is much higher than
207 any sane message should have.
208 client_timeout: 10
210 Number of seconds to wait before returning a timeout failure when
211 performing a client connection (e.g., in a murder environment)
212 commandmintimer: <none>
214 Time in seconds. Any imap command that takes longer than this time
215 is logged.
216 configdirectory: <none>
218 The pathname of the IMAP configuration directory. This field is
219 required.
220 debug_command: <none>
222 Debug command to be used by processes started with -D option. The
223 string is a C format string that gets 3 options: the first is the
224 name of the executable (without path). The second is the pid
225 (integer) and the third is the service ID. Example:
226 /usr/local/bin/gdb /usr/cyrus/bin/%s %d
227 defaultacl: anyone lrs
229 The Access Control List (ACL) placed on a newly-created (non-user)
230 mailbox that does not have a parent mailbox.
231 defaultdomain: <none>
233 The default domain for virtual domain support
234 defaultpartition: <none>
236 The partition name used by default for new mailboxes. If not
237 specified, the partition with the most free space will be used for
238 new mailboxes.
239 defaultserver: <none>
241 The backend server name used by default for new mailboxes. If not
242 specified, the server with the most free space will be used for
243 new mailboxes.
244 deletedprefix: DELETED
246 If "delete_mode" set to be "delayed", the prefix for the deleted
247 mailboxes hierarchy. The hierarchy delimiter will be automati‐
248 cally appended.
249 delete_mode: immediate
251 The manner in which mailboxes are deleted. "immediate" mode is the
252 default behavior in which mailboxes are removed immediately. In
253 "delayed" mode, mailboxes are renamed to a special hiearchy
254 defined by the "deletedprefix" option to be removed later by
255 cyr_expire.
256 Allowed values: immediate, delayed
259 deleteright: c
261 Deprecated - only used for backwards compatibility with existing
262 installations. Lists the old RFC 2086 right which was used to
263 grant the user the ability to delete a mailbox. If a user has
264 this right, they will automatically be given the new 'x' right.
265 disable_user_namespace: 0
267 Preclude list command on user namespace. If set to 'yes', the
268 LIST response will never include any other user's mailbox. Admin
269 users will always see all mailboxes. The default is 'no'
270 disable_shared_namespace: 0
272 Preclude list command on user namespace. If set to 'yes', the
273 LIST response will never include any non-user mailboxes. Admin
274 users will always see all mailboxes. The default is 'no'
275 disconnect_on_vanished_mailbox: 0
277 If enabled, IMAP/POP3/NNTP clients will be disconnected by the
278 server if the currently selected mailbox is (re)moved by another
279 session. Otherwise, the missing mailbox is treated as empty while
280 in use by the client.
281 duplicate_db: skiplist
283 The cyrusdb backend to use for the duplicate delivery suppression
284 and sieve.
285 Allowed values: berkeley, berkeley-nosync, berkeley-hash, berke‐
287 ley-hash-nosync, skiplist, sql
288 duplicate_db_path: <none>
290 The absolute path to the duplicate db file. If not specified,
291 will be confdir/deliver.db
292 duplicatesuppression: 1
294 If enabled, lmtpd will suppress delivery of a message to a mailbox
295 if a message with the same message-id (or resent-message-id) is
296 recorded as having already been delivered to the mailbox. Records
297 the mailbox and message-id/resent-message-id of all successful
298 deliveries.
299 expunge_mode: default
301 The mode in which messages (and their corresponding cache entries)
302 are expunged. "default" mode is the default behavior in which the
303 message files are purged at the time of the EXPUNGE, but index and
304 cache records are retained to facilitate QRESYNC. In "delayed"
305 mode, the message files are also retained, allowing unexpunge to
306 rescue them. In "immediate" mode, both the message files and the
307 index records are removed as soon as possible. In all cases,
308 nothing will be finally purged until all other processes have
309 closed the mailbox to ensure they never see data disappear under
310 them. In "default" or "delayed" mode, a later run of "cyr_expire"
311 will clean out the retained records (and possibly message files).
312 This reduces the amount of I/O that takes place at the time of
313 EXPUNGE and should result in greater responsiveness for the
314 client, especially when expunging a large number of messages.
315 Allowed values: default, immediate, delayed
317 expunge_days: 7
319 Number of days to retain expunged messages before cleaning up
320 their index records. The default is 7. This is necessary for
321 QRESYNC to work correctly. If combined with delayed expunge
322 (above) you will also be able to unexpunge messages during this
323 time.
324 failedloginpause: 3
326 Number of seconds to pause after a failed login.
327 flushseenstate: 0
329 If enabled, changes to the seen state will be flushed to disk
330 immediately, otherwise changes will be cached and flushed when the
331 mailbox is closed. This option may be used to fix the problem of
332 previously read messages being marked as unread in Microsoft Out‐
333 look, at the expense of a loss of performance/scalability.
334 foolstupidclients: 0
336 If enabled, only list the personal namespace when a LIST "*" is
337 performed (it changes the request to a LIST "INBOX*").
338 force_sasl_client_mech: <none>
340 Force preference of a given SASL mechanism for client side opera‐
341 tions (e.g., murder environments). This is separate from (and
342 overridden by) the ability to use the <host shortname>_mechs
343 option to set preferred mechanisms for a specific host
344 fulldirhash: 0
346 If enabled, uses an improved directory hashing scheme which hashes
347 on the entire username instead of using just the first letter as
348 the hash. This changes hash algorithm used for quota and user
349 directories and if hashimapspool is enabled, the entire mail
350 spool.
351 Note that this option CANNOT be changed on a live system. The server
353 must be quiesced and then the directories moved with the rehash util‐
354 ity.
355 hashimapspool: 0
357 If enabled, the partitions will also be hashed, in addition to the
358 hashing done on configuration directories. This is recommended if
359 one partition has a very bushy mailbox tree.
360 debug: 0
362 If enabled, allow syslog() to pass LOG_DEBUG messages.
363 hostname_mechs: <none>
365 Force a particular list of SASL mechanisms to be used when authen‐
366 ticating to the backend server hostname (where hostname is the
367 short hostname of the server in question). If it is not specified
368 it will query the server for available mechanisms and pick one to
369 use. - Cyrus Murder
370 hostname_password: <none>
372 The password to use for authentication to the backend server host‐
373 name (where hostname is the short hostname of the server) - Cyrus
374 Murder
375 idlesocket: {configdirectory}/socket/idle
377 Unix domain socket that idled listens on.
378 ignorereference: 0
380 For backwards compatibility with Cyrus 1.5.10 and earlier --
381 ignore the reference argument in LIST or LSUB commands.
382 imapidlepoll: 60
384 The interval (in seconds) for polling for mailbox changes and
385 ALERTs while running the IDLE command. This option is used when
386 idled is not enabled or cannot be contacted. The minimum value is
387 1. A value of 0 will disable IDLE.
388 imapidresponse: 1
390 If enabled, the server responds to an ID command with a parameter
391 list containing: version, vendor, support-url, os, os-version,
392 command, arguments, environment. Otherwise the server returns
393 NIL.
394 imapmagicplus: 0
396 Only list a restricted set of mailboxes via IMAP by using
397 userid+namespace syntax as the authentication/authorization id.
398 Using userid+ (with an empty namespace) will list only subscribed
399 mailboxes.
400 implicit_owner_rights: lkxa
402 The implicit Access Control List (ACL) for the owner of a mailbox.
403 @include: <none>
405 Directive which includes the specified file as part of the config‐
406 uration. If the path to the file is not absolute, CYRUS_PATH is
407 prepended.
408 improved_mboxlist_sort: 0
410 If enabled, a special comparator will be used which will correctly
411 sort mailbox names that contain characters such as ' ' and '-'.
412 Note that this option SHOULD NOT be changed on a live system. The
414 mailboxes database should be dumped (ctl_mboxlist) before the option is
415 changed, removed, and then undumped after changing the option. When
416 not using flat files for the subscriptions databases the same has to be
417 done (cyr_dbtool) for each subscription database See
418 improved_mboxlist_sort.html.
419 internaldate_heuristic: standard
421 Mechanism to determine email internaldates on delivery/recon‐
422 struct. "standard" uses time() when delivering a message, mtime
423 on reconstruct. "receivedheader" looks at the top most Received
424 header or time/mtime otherwise
425 Allowed values: standard, receivedheader
427 ldap_authz: <none>
429 SASL authorization ID for the LDAP server
430 ldap_base: <empty string>
432 Contains the LDAP base dn for the LDAP ptloader module
433 ldap_bind_dn: <none>
435 Bind DN for the connection to the LDAP server (simple bind). Do
436 not use for anonymous simple binds
437 ldap_deref: never
439 Specify how aliases dereferencing is handled during search.
440 Allowed values: search, find, always, never
442 ldap_filter: (uid=%u)
444 Specify a filter that searches user identifiers. The following
445 tokens can be used in the filter string:
446 %% = % %u = user %U = user portion of %u (%U = test when %u
448 = test@domain.tld) %d = domain portion of %u if available (%d =
449 domain.tld when %u = %test@domain.tld), otherwise same as %r %D
450 = user dn. (use when ldap_member_method: filter) %1-9 = domain
451 tokens (%1 = tld, %2 = domain when %d = domain.tld)
452 ldap_filter is not used when ldap_sasl is enabled.
454 ldap_group_base: <empty string>
456 LDAP base dn for ldap_group_filter.
457 ldap_group_filter: (cn=%u)
459 Specify a filter that searches for group identifiers. See
460 ldap_filter for more options.
461 ldap_group_scope: sub
463 Specify search scope for ldap_group_filter.
464 Allowed values: sub, one, base
466 ldap_id: <none>
468 SASL authentication ID for the LDAP server
469 ldap_mech: <none>
471 SASL mechanism for LDAP authentication
472 ldap_member_attribute: <none>
474 See ldap_member_method.
475 ldap_member_base: <empty string>
477 LDAP base dn for ldap_member_filter.
478 ldap_member_filter: (member=%D)
480 Specify a filter for "ldap_member_method: filter". See ldap_fil‐
481 ter for more options.
482 ldap_member_method: attribute
484 Specify a group method. The "attribute" method retrieves groups
485 from a multi-valued attribute specified in ldap_member_attribute.
486 The "filter" method uses a filter, specified by ldap_member_fil‐
488 ter, to find groups; ldap_member_attribute is a single-value
489 attribute group name.
490 Allowed values: attribute, filter
492 ldap_member_scope: sub
494 Specify search scope for ldap_member_filter.
495 Allowed values: sub, one, base
497 ldap_password: <none>
499 Password for the connection to the LDAP server (SASL and simple
500 bind). Do not use for anonymous simple binds
501 ldap_realm: <none>
503 SASL realm for LDAP authentication
504 ldap_referrals: 0
506 Specify whether or not the client should follow referrals.
507 ldap_restart: 1
509 Specify whether or not LDAP I/O operations are automatically
510 restarted if they abort prematurely.
511 ldap_sasl: 1
513 Use SASL for LDAP binds in the LDAP PTS module.
514 ldap_sasl_authc: <none>
516 Deprecated. Use ldap_id
517 ldap_sasl_authz: <none>
519 Deprecated. Use ldap_authz
520 ldap_sasl_mech: <none>
522 Deprecated. Use ldap_mech
523 ldap_sasl_password: <none>
525 Deprecated. User ldap_password
526 ldap_sasl_realm: <none>
528 Deprecated. Use ldap_realm
529 ldap_scope: sub
531 Specify search scope.
532 Allowed values: sub, one, base
534 ldap_servers: ldap://localhost/
536 Deprecated. Use ldap_uri
537 ldap_size_limit: 1
539 Specify a number of entries for a search request to return.
540 ldap_start_tls: 0
542 Use StartTLS extended operation. Do not use ldaps: ldap_uri when
543 this option is enabled.
544 ldap_time_limit: 5
546 Specify a number of seconds for a search request to complete.
547 ldap_timeout: 5
549 Specify a number of seconds a search can take before timing out.
550 ldap_tls_cacert_dir: <none>
552 Path to directory with CA (Certificate Authority) certificates.
553 ldap_tls_cacert_file: <none>
555 File containing CA (Certificate Authority) certificate(s).
556 ldap_tls_cert: <none>
558 File containing the client certificate.
559 ldap_tls_check_peer: 0
561 Require and verify server certificate. If this option is yes, you
562 must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.
563 ldap_tls_ciphers: <none>
565 List of SSL/TLS ciphers to allow. The format of the string is
566 described in ciphers(1).
567 ldap_tls_key: <none>
569 File containing the private client key.
570 ldap_uri: <none>
572 Contains a list of the URLs of all the LDAP servers when using the
573 LDAP PTS module.
574 ldap_version: 3
576 Specify the LDAP protocol version. If ldap_start_tls and/or
577 ldap_use_sasl are enabled, ldap_version will be automatically set
578 to 3.
579 lmtp_downcase_rcpt: 0
581 If enabled, lmtpd will convert the recipient addresses to lower‐
582 case (up to a '+' character, if present).
583 lmtp_fuzzy_mailbox_match: 0
585 If enabled, and the mailbox specified in the detail part of the
586 recipient (everything after the '+') does not exist, lmtpd will
587 try to find the closest match (ignoring case, ignoring whitespace,
588 falling back to parent) to the specified mailbox name.
589 lmtp_over_quota_perm_failure: 0
591 If enabled, lmtpd returns a permanent failure code when a user's
592 mailbox is over quota. By default, the failure is temporary,
593 causing the MTA to queue the message and retry later.
594 lmtp_strict_quota: 0
596 If enabled, lmtpd returns a failure code when the incoming message
597 will cause the user's mailbox to exceed its quota. By default,
598 the failure won't occur until the mailbox is already over quota.
599 lmtp_strict_rfc2821: 1
601 By default, lmtpd will be strict (per RFC 2821) with regards to
602 which envelope addresses are allowed. If this option is set to
603 false, 8bit characters in the local-part of envelope addresses are
604 changed to 'X' instead. This is useful to avoid generating
605 backscatter with certain MTAs like Postfix or Exim which accept
606 such messages.
607 lmtpsocket: {configdirectory}/socket/lmtp
609 Unix domain socket that lmtpd listens on, used by deliver(8). This
610 should match the path specified in cyrus.conf(5).
611 lmtptxn_timeout: 300
613 Timeout (in seconds) used during a lmtp transaction to a remote
614 backend (e.g. in a murder environment). Can be used to prevent
615 hung lmtpds on proxy hosts when a backend server becomes unrespon‐
616 sive during a lmtp transaction. The default is 300 - change to
617 zero for infinite.
618 loginrealms: <empty string>
620 The list of remote realms whose users may authenticate using
621 cross-realm authentication identifiers. Separate each realm name
622 by a space. (A cross-realm identity is considered any identity
623 returned by SASL with an "@" in it.).
624 loginuseacl: 0
626 If enabled, any authentication identity which has a rights on a
627 user's INBOX may log in as that user.
628 logtimestamps: 0
630 Include notations in the protocol telemetry logs indicating the
631 number of seconds since the last command or response.
632 mailbox_default_options: 0
634 Default "options" field for the mailbox on create. You'll want to
635 know what you're doing before setting this, but it can apply some
636 default annotations like duplicate supression
637 mailnotifier: <none>
639 Notifyd(8) method to use for "MAIL" notifications. If not set,
640 "MAIL" notifications are disabled.
641 maxheaderlines: 1000
643 Maximum number of lines of header that will be processed into
644 cache records. Default 1000. If set to zero, it is unlimited.
645 If a message hits the limit, an error will be logged and the rest
646 of the lines in the header will be skipped. This is to avoid mal‐
647 formed messages causing giant cache records
648 maxmessagesize: 0
650 Maximum incoming LMTP message size. If non-zero, lmtpd will
651 reject messages larger than maxmessagesize bytes. If set to 0,
652 this will allow messages of any size (the default).
653 maxquoted: 131072
655 Maximum size of a single quoted string for the parser. Default
656 128k
657 maxword: 131072
659 Maximum size of a single word for the parser. Default 128k
660 mboxkey_db: skiplist
662 The cyrusdb backend to use for mailbox keys.
663 Allowed values: berkeley, skiplist
665 mboxlist_db: skiplist
667 The cyrusdb backend to use for the mailbox list.
668 Allowed values: flat, berkeley, berkeley-hash, skiplist
670 mboxlist_db_path: <none>
672 The absolute path to the mailboxes db file. If not specified will
673 be confdir/mailboxes.db
674 mboxname_lockpath: <none>
676 Path to mailbox name lock files (default $conf/lock)
677 metapartition_files: <empty string>
679 Space-separated list of metadata files to be stored on a meta‐
680 partition rather than in the mailbox directory on a spool parti‐
681 tion.
682 Allowed values: header, index, cache, expunge, squat
684 metapartition-name: <none>
686 The pathname of the metadata partition name, corresponding to
687 spool partition partition-name. For any mailbox residing in a
688 directory on partition-name, the metadata files listed in meta‐
689 partition_files will be stored in a corresponding directory on
690 metapartition-name. Note that not every partition-name option is
691 required to have a corresponding metapartition-name option, so
692 that you can selectively choose which spool partitions will have
693 separate metadata partitions.
694 mupdate_authname: <none>
696 The SASL username (Authentication Name) to use when authenticating
697 to the mupdate server (if needed).
698 mupdate_config: standard
700 The configuration of the mupdate servers in the Cyrus Murder. The
701 "standard" config is one in which there are discreet frontend
702 (proxy) and backend servers. The "unified" config is one in which
703 a server can be both a frontend and backend. The "replicated"
704 config is one in which multiple backend servers all share the same
705 mailspool, but each have their own "replicated" copy of mail‐
706 boxes.db.
707 Allowed values: standard, unified, replicated
709 munge8bit: 1
711 If enabled, lmtpd munges messages with 8-bit characters in the
712 headers. The 8-bit characters are changed to `X'. If reject8bit
713 is enabled, setting munge8bit has no effect. (A proper solution
714 to non-ASCII characters in headers is offered by RFC 2047 and its
715 predecessors.)
716 mupdate_connections_max: 128
718 The max number of connections that a mupdate process will allow,
719 this is related to the number of file descriptors in the mupdate
720 process. Beyond this number connections will be immediately
721 issued a BYE response.
722 mupdate_password: <none>
724 The SASL password (if needed) to use when authenticating to the
725 mupdate server.
726 mupdate_realm: <none>
728 The SASL realm (if needed) to use when authenticating to the mup‐
729 date server.
730 mupdate_retry_delay: 20
732 The base time to wait between connection retries to the mupdate
733 server.
734 mupdate_server: <none>
736 The mupdate server for the Cyrus Murder
737 mupdate_username: <empty string>
739 The SASL username (Authorization Name) to use when authenticating
740 to the mupdate server
741 mupdate_workers_max: 50
743 The maximum number of mupdate worker threads (overall)
744 mupdate_workers_maxspare: 10
746 The maximum number of idle mupdate worker threads
747 mupdate_workers_minspare: 2
749 The minimum number of idle mupdate worker threads
750 mupdate_workers_start: 5
752 The number of mupdate worker threads to start
753 netscapeurl: <none>
755 If enabled at compile time, this specifies a URL to reply when
756 Netscape asks the server where the mail administration HTTP server
757 is. Administrators should set this to a local resource.
758 newsaddheaders: to
760 Space-separated list of headers to be added to incoming usenet
761 articles. Added To: headers will contain email delivery addresses
762 corresponding to each newsgroup in the Newsgroups: header. Added
763 Reply-To: headers will contain email delivery addresses corre‐
764 sponding to each newsgroup in the Followup-To: or Newsgroups:
765 header. If the specified header(s) already exist in an article,
766 the email delivery addresses will be appended to the original
767 header body(s).
768 This option applies if and only if the newspostuser option is set.
770 Allowed values: to, replyto
772 newsgroups: *
774 A wildmat pattern specifying which mailbox hierarchies should be
775 treated as newsgroups. Only mailboxes matching the wildmat will
776 accept and/or serve articles via NNTP. If not set, a default
777 wildmat of "*" (ALL shared mailboxes) will be used. If the
778 newsprefix option is also set, the default wildmat will be trans‐
779 lated to "<newsprefix>.*"
780 newsmaster: news
782 Userid that is used for checking access controls when executing
783 Usenet control messages. For instance, to allow articles to be
784 automatically deleted by cancel messages, give the "news" user the
785 'd' right on the desired mailboxes. To allow newsgroups to be
786 automatically created, deleted and renamed by the corresponding
787 control messages, give the "news" user the 'c' right on the
788 desired mailbox hierarchies.
789 newspeer: <none>
791 A list of whitespace-separated news server specifications to which
792 articles should be fed. Each server specification is a string of
793 the form [user[:pass]@]host[:port][/wildmat] where 'host' is the
794 fully qualified hostname of the server, 'port' is the port on
795 which the server is listening, 'user' and 'pass' are the authenti‐
796 cation credentials and 'wildmat' is a pattern that specifies which
797 groups should be fed. If no 'port' is specified, port 119 is
798 used. If no 'wildmat' is specified, all groups are fed. If
799 'user' is specified (even if empty), then the NNTP POST command
800 will be used to feed the article to the server, otherwise the
801 IHAVE command will be used.
802 A '@' may be used in place of '!' in the wildmat to prevent feed‐
804 ing articles cross-posted to the given group, otherwise cross-
805 posted articles are fed if any part of the wildmat matches. For
806 example, the string "peer.example.com:*,!control.*,@local.*" would
807 feed all groups except control messages and local groups to
808 peer.example.com. In the case of cross-posting to local groups,
809 these articles would not be fed.
810 newspostuser: <none>
812 Userid used to deliver usenet articles to newsgroup folders (usu‐
813 ally via lmtp2nntp). For example, if set to "post", email sent to
814 "post+comp.mail.imap" would be delivered to the "comp.mail.imap"
815 folder.
816 When set, the Cyrus NNTP server will add the header(s) specified
818 in the newsaddheaders option to each incoming usenet article. The
819 added header(s) will contain email delivery addresses correspond‐
820 ing to each relevent newsgroup. If not set, no headers are added
821 to usenet articles.
822 newsprefix: <none>
824 Prefix to be prepended to newsgroup names to make the correspond‐
825 ing IMAP mailbox names.
826 newsrc_db_path: <none>
828 The absolute path to the newsrc db file. If not specified, will
829 be confdir/fetchnews.db
830 nntptimeout: 3
832 Set the length of the NNTP server's inactivity autologout timer,
833 in minutes. The minimum value is 3, the default.
834 normalizeuid: 0
836 Lowercase uid and strip leading and trailing blanks. It is recom‐
837 mended to set this to yes, especially if OpenLDAP is used as
838 authentication source.
839 notifysocket: {configdirectory}/socket/notify
841 Unix domain socket that the mail notification daemon listens on.
842 notify_external: <none>
844 Path to the external program that notifyd(8) will call to send
845 mail notifications.
846 The external program will be called with the following command line
848 options:
849 -c class
851 -p priority
853 -u user
855 -m mailbox
857 And the notification message will be available on stdin.
859 partition-name: <none>
862 The pathname of the partition name. At least one partition path‐
863 name MUST be specified. If the defaultpartition option is used,
864 then its pathname MUST be specified. For example, if the value of
865 the defaultpartion option is default, then the partition-default
866 field is required.
867 plaintextloginpause: 0
869 Number of seconds to pause after a successful plaintext login.
870 For systems that support strong authentication, this permits users
871 to perceive a cost of using plaintext passwords. (This does not
872 affect the use of PLAIN in SASL authentications.)
873 plaintextloginalert: <none>
875 Message to send to client after a successful plaintext login.
876 popexpiretime: -1
878 The number of days advertised as being the minimum a message may
879 be left on the POP server before it is deleted (via the CAPA com‐
880 mand, defined in the POP3 Extension Mechanism, which some clients
881 may support). "NEVER", the default, may be specified with a nega‐
882 tive number. The Cyrus POP3 server never deletes mail, no matter
883 what the value of this parameter is. However, if a site imple‐
884 ments a less liberal policy, it needs to change this parameter
885 accordingly.
886 popminpoll: 0
888 Set the minimum amount of time the server forces users to wait
889 between successive POP logins, in minutes.
890 popsubfolders: 0
892 Allow access to subfolders of INBOX via POP3 by using userid+sub‐
893 folder syntax as the authentication/authorization id.
894 poppollpadding: 1
896 Create a softer minimum poll restriction. Allows poppollpadding
897 connections before the minpoll restriction is triggered. Addi‐
898 tionally, one padding entry is recovered every popminpoll minutes.
899 This allows for the occasional polling rate faster than popmin‐
900 poll, (i.e., for clients that require a send/receive to send mail)
901 but still enforces the rate long-term. Default is 1 (disabled).
902 The easiest way to think of it is a queue of past connections,
904 with one slot being filled for every connection, and one slot
905 being cleared every popminpoll minutes. When the queue is full,
906 the user will not be able to check mail again until a slot is
907 cleared. If the user waits a sufficient amount of time, they will
908 get back many or all of the slots.
909 poptimeout: 10
911 Set the length of the POP server's inactivity autologout timer, in
912 minutes. The minimum value is 10, the default.
913 popuseacl: 0
915 Enforce IMAP ACLs in the pop server. Due to the nature of the
916 POP3 protocol, the only rights which are used by the pop server
917 are 'r', user to open the mailbox and list/retrieve messages. The
918 't' right allows the user to delete messages. The 's' right
919 allows messages retrieved by the user to have the \Seen flag set
920 (only if popuseimapflags is also enabled).
921 popuseimapflags: 0
923 If enabled, the pop server will set and obey IMAP flags. Messages
924 having the \Deleted flag are ignored as if they do not exist.
925 Messages that are retrieved by the client will have the \Seen flag
926 set. All messages will have the \Recent flag unset.
927 postmaster: postmaster
929 Username that is used as the 'From' address in rejection MDNs pro‐
930 duced by sieve.
931 postuser: <empty string>
933 Userid used to deliver messages to shared folders. For example,
934 if set to "bb", email sent to "bb+shared.blah" would be delivered
935 to the "shared.blah" folder. By default, an email address of
936 "+shared.blah" would be used.
937 proc_path: <none>
939 Path to proc directory. Default is NULL - must be an absolute
940 path if specified. If not specified, the path $confdir/proc/ will
941 be used.
942 proxy_authname: proxy
944 The authentication name to use when authenticating to a backend
945 server in the Cyrus Murder.
946 proxy_compress: 0
948 Try to enable protocol-specific compression when performing a
949 client connection to a backend server in the Cyrus Murder.
950 Note that this should only be necessary over slow network connections.
952 Also note that currently only IMAP and MUPDATE support compression.
953 proxy_password: <none>
955 The default password to use when authenticating to a backend
956 server in the Cyrus Murder. May be overridden on a host-specific
957 basis using the hostname_password option.
958 proxy_realm: <none>
960 The authentication realm to use when authenticating to a backend
961 server in the Cyrus Murder
962 proxyd_allow_status_referral: 0
964 Set to true to allow proxyd to issue referrals to clients that
965 support it when answering the STATUS command. This is disabled by
966 default since some clients issue many STATUS commands in a row,
967 and do not cache the connections that these referrals would cause,
968 thus resulting in a higher authentication load on the respective
969 backend server.
970 proxyd_disable_mailbox_referrals: 0
972 Set to true to disable the use of mailbox-referrals on the proxy
973 servers.
974 proxyservers: <none>
976 A list of users and groups that are allowed to proxy for other
977 users, separated by spaces. Any user listed in this will be
978 allowed to login for any other user: use with caution. In a stan‐
979 dard murder this option should ONLY be set on backends. DO NOT
980 SET on frontends or things won't work properly.
981 pts_module: afskrb
983 The PTS module to use.
984 Allowed values: afskrb, ldap
986 ptloader_sock: <none>
988 Unix domain socket that ptloader listens on. (defaults to con‐
989 figdir/ptclient/ptsock)
990 ptscache_db: skiplist
992 The cyrusdb backend to use for the pts cache.
993 Allowed values: berkeley, berkeley-hash, skiplist
995 ptscache_db_path: <none>
997 The absolute path to the ptscache db file. If not specified, will
998 be confdir/ptscache.db
999 ptscache_timeout: 10800
1001 The timeout (in seconds) for the PTS cache database when using the
1002 auth_krb_pts authorization method (default: 3 hours).
1003 ptskrb5_convert524: 1
1005 When using the AFSKRB ptloader module with Kerberos 5 canonical‐
1006 ization, do the final 524 conversion to get a n AFS style name
1007 (using '.' instead of '/', and using short names
1008 ptskrb5_strip_default_realm: 1
1010 When using the AFSKRB ptloader module with Kerberos 5 canonical‐
1011 ization, strip the default realm from the userid (this does not
1012 affect the stripping of realms specified by the afspts_localrealms
1013 option)
1014 qosmarking: cs0
1016 This specifies the Class Selector or Differentiated Services Code
1017 Point designation on IP headers (in the ToS field).
1018 Allowed values: cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11,
1020 af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43,
1021 ef
1022 quota_db: quotalegacy
1024 The cyrusdb backend to use for quotas.
1025 Allowed values: flat, berkeley, berkeley-hash, skiplist, sql, quo‐
1027 talegacy
1028 quota_db_path: <none>
1030 The absolute path for the quota database (if you choose a single-
1031 file quota DB type - or the base path if you choose quotalegacy).
1032 If not specified will be confdir/quota.db or confdir/quota/
1033 quotawarn: 90
1035 The percent of quota utilization over which the server generates
1036 warnings.
1037 quotawarnkb: 0
1039 The maximum amount of free space (in kB) at which to give a quota
1040 warning (if this value is 0, or if the quota is smaller than this
1041 amount, than warnings are always given).
1042 reject8bit: 0
1044 If enabled, lmtpd rejects messages with 8-bit characters in the
1045 headers.
1046 rfc2046_strict: 0
1048 If enabled, imapd will be strict (per RFC 2046) when matching MIME
1049 boundary strings. This means that boundaries containing other
1050 boundaries as substrings will be treated as identical. Since
1051 enabling this option will break some messages created by Eudora
1052 5.1 (and earlier), it is recommended that it be left disabled
1053 unless there is good reason to do otherwise.
1054 rfc3028_strict: 1
1056 If enabled, Sieve will be strict (per RFC 3028) with regards to
1057 which headers are allowed to be used in address and envelope
1058 tests. This means that only those headers which are defined to
1059 contain addresses will be allowed in address tests and only "to"
1060 and "from" will be allowed in envelope tests. When disabled, ANY
1061 grammatically correct header will be allowed.
1062 sasl_auto_transition: 0
1064 If enabled, the SASL library will automatically create authentica‐
1065 tion secrets when given a plaintext password. See the SASL docu‐
1066 mentation.
1067 sasl_maximum_layer: 256
1069 Maximum SSF (security strength factor) that the server will allow
1070 a client to negotiate.
1071 sasl_minimum_layer: 0
1073 The minimum SSF that the server will allow a client to negotiate.
1074 A value of 1 requires integrity protection; any higher value
1075 requires some amount of encryption.
1076 sasl_option: 0
1078 Any SASL option can be set by preceding it with "sasl_". This
1079 file overrides the SASL configuration file.
1080 sasl_pwcheck_method: <none>
1082 The mechanism used by the server to verify plaintext passwords.
1083 Possible values include "auxprop", "saslauthd", and "pwcheck".
1084 seenstate_db: skiplist
1086 The cyrusdb backend to use for the seen state.
1087 Allowed values: flat, berkeley, berkeley-hash, skiplist
1089 sendmail: /usr/lib/sendmail
1091 The pathname of the sendmail executable. Sieve invokes sendmail
1092 for sending rejections, redirects and vacation responses.
1093 serverlist: <none>
1095 Whitespace separated list of backend server names. Used for find‐
1096 ing server with the most available free space for proxying CREATE.
1097 servername: <none>
1099 This is the hostname visible in the greeting messages of the POP,
1100 IMAP and LMTP daemons. If it is unset, then the result returned
1101 from gethostname(2) is used.
1102 serverinfo: on
1104 The server information to display in the greeting and capability
1105 responses. Information is displayed as follows:
1106 "off" = no server information in the greeting or capabilities
1108 "min" = servername in the greeting; no server information in the
1109 capabilities
1110 "on" = servername and product version in the greeting; product
1111 version in the capabilities
1112 Allowed values: off, min, on
1114 sharedprefix: Shared Folders
1116 If using the alternate IMAP namespace, the prefix for the shared
1117 namespace. The hierarchy delimiter will be automatically
1118 appended.
1119 sieve_allowreferrals: 1
1121 If enabled, timsieved will issue referrals to clients when the
1122 user's scripts reside on a remote server (in a Murder). Other‐
1123 wise, timsieved will proxy traffic to the remote server.
1124 sieve_extensions: fileinto reject vacation imapflags notify envelope
1126 relational regex subaddress copy
1127 Space-separated list of Sieve extensions allowed to be used in
1128 sieve scripts, enforced at submission by timsieved(8). Any previ‐
1129 ously installed script will be unaffected by this option and will
1130 continue to execute regardless of the extensions used. This
1131 option has no effect on options that are disabled at compile time
1132 (e.g., "regex").
1133 Allowed values: fileinto, reject, vacation, imapflags, notify,
1135 include, envelope, body, relational, regex, subaddress, copy
1136 sieve_maxscriptsize: 32
1138 Maximum size (in kilobytes) any sieve script can be, enforced at
1139 submission by timsieved(8).
1140 sieve_maxscripts: 5
1142 Maximum number of sieve scripts any user may have, enforced at
1143 submission by timsieved(8).
1144 sieve_utf8fileinto: 0
1146 If enabled, the sieve engine expects folder names for the fileinto
1147 action in scripts to use UTF8 encoding. Otherwise, modified UTF7
1148 encoding should be used.
1149 sieve_sasl_send_unsolicited_capability: 0
1151 If enabled, timsieved will emit a capability response after a suc‐
1152 cessful SASL authentication, per draft-martin-managesieve-12.txt .
1153 sievedir: /usr/sieve
1155 If sieveusehomedir is false, this directory is searched for Sieve
1156 scripts.
1157 sievenotifier: <none>
1159 Notifyd(8) method to use for "SIEVE" notifications. If not set,
1160 "SIEVE" notifications are disabled.
1161 This method is only used when no method is specified in the script.
1163 sieveusehomedir: 0
1165 If enabled, lmtpd will look for Sieve scripts in user's home
1166 directories: ~user/.sieve.
1167 singleinstancestore: 1
1169 If enabled, imapd, lmtpd and nntpd attempt to only write one copy
1170 of a message per partition and create hard links, resulting in a
1171 potentially large disk savings.
1172 skiplist_always_checkpoint: 1
1174 If enabled, this option forces the skiplist cyrusdb backend to
1175 always checkpoint when doing a recovery. This causes slightly
1176 more IO, but on the other hand leads to more efficient databases,
1177 and the entire file is already "hot".
1178 skiplist_unsafe: 0
1180 If enabled, this option forces the skiplist cyrusdb backend to not
1181 sync writes to the disk. Enabling this option is NOT RECOMMENDED.
1182 soft_noauth: 1
1184 If enabled, lmtpd returns temporary failures if the client does
1185 not successfully authenticate. Otherwise lmtpd returns permanent
1186 failures (causing the mail to bounce immediately).
1187 specialusealways: 0
1189 If enabled, this option causes LIST and LSUB output to always
1190 include the XLIST "special-use" flags. See "xlist-*'"
1191 sql_database: <none>
1193 Name of the database which contains the cyrusdb table(s).
1194 sql_engine: <none>
1196 Name of the SQL engine to use.
1197 Allowed values: mysql, pgsql, sqlite
1199 sql_hostnames: <empty string>
1201 Comma separated list of SQL servers (in host[:port] format).
1202 sql_passwd: <none>
1204 Password to use for authentication to the SQL server.
1205 sql_user: <none>
1207 Username to use for authentication to the SQL server.
1208 sql_usessl: 0
1210 If enabled, a secure connection will be made to the SQL server.
1211 srvtab: <empty string>
1213 The pathname of srvtab file containing the server's private key.
1214 This option is passed to the SASL library and overrides its
1215 default setting.
1216 submitservers: <none>
1218 A list of users and groups that are allowed to resolve
1219 "urlauth=submit+" IMAP URLs, separated by spaces. Any user listed
1220 in this will be allowed to fetch the contents of any valid
1221 "urlauth=submit+" IMAP URL: use with caution.
1222 subscription_db: flat
1224 The cyrusdb backend to use for the subscriptions list.
1225 Allowed values: flat, berkeley, berkeley-hash, skiplist
1227 suppress_capabilities: <none>
1229 Suppress the named capabilities from any capability response. Use
1230 the exact case as it appears in the response, e.g. "sup‐
1231 press_capabilities: ESEARCH QRESYNC WITHIN XLIST LIST-EXTENDED" if
1232 you have a murder with 2.3.x backends and don't want clients being
1233 confused by new capabilities that some backends don't support.
1234 statuscache: 0
1236 Enable/disable the imap status cache.
1237 statuscache_db: skiplist
1239 The cyrusdb backend to use for the imap status cache.
1240 Allowed values: berkeley, berkeley-nosync, berkeley-hash, berke‐
1242 ley-hash-nosync, skiplist
1243 statuscache_db_path: <none>
1245 The absolute path to the statuscache db file. If not specified,
1246 will be confdir/statuscache.db
1247 sync_authname: <none>
1249 The authentication name to use when authenticating to a sync
1250 server. Prefix with a channel name to only apply for that channel
1251 sync_compress: 0
1253 Enable compression on replication traffic. Prefix with a channel
1254 name to only apply for that channel
1255 sync_host: <none>
1257 Name of the host (replica running sync_server(8)) to which repli‐
1258 cation actions will be sent by sync_client(8). Prefix with a
1259 channel name to only apply for that channel
1260 sync_log: 0
1262 Enable replication action logging by lmtpd(8), imapd(8), pop3d(8),
1263 and nntpd(8). The log {configdirectory}/sync/log is used by
1264 sync_client(8) for "rolling" replication.
1265 sync_log_chain: 0
1267 Enable replication action logging by sync_server as well, allowing
1268 chaining of replicas. Use this on 'B' for A => B => C replication
1269 layout
1270 sync_log_channels: <none>
1272 If specified, log all events to multiple log files in directories
1273 specified by each "channel". To run these log files, you need to
1274 pass the -n option to sync_client -r with the channel name. Use
1275 this for a mesh style replication layout - every machine replicat‐
1276 ing to every other machine.
1277 sync_password: <none>
1279 The default password to use when authenticating to a sync server.
1280 Prefix with a channel name to only apply for that channel
1281 sync_port: csync
1283 Name of the service (or port number) of the replication service on
1284 replica host. The default is "csync" which is usally port 2005,
1285 but any service name or numeric port can be specified. Prefix
1286 with a channel name to only apply for that channel
1287 sync_realm: <none>
1289 The authentication realm to use when authenticating to a sync
1290 server. Prefix with a channel name to only apply for that channel
1291 sync_repeat_interval: 1
1293 Minimum interval (in seconds) between replication runs in rolling
1294 replication mode. If a replication run takes longer than this
1295 time, we repeat immediately. Prefix with a channel name to only
1296 apply for that channel
1297 sync_shutdown_file: <none>
1299 Simple latch used to tell sync_client(8) that it should shut down
1300 at the next opportunity. Safer than sending signals to running
1301 processes. Prefix with a channel name to only apply for that
1302 channel
1303 syslog_prefix: <none>
1305 String to be prepended to the process name in syslog entries.
1306 tcp_keepalive: 0
1308 Enable keepalive on TCP connections
1309 tcp_keepalive_cnt: 0
1311 Number of TCP keepalive probes to send before declaring the con‐
1312 nection dead (0 == system default)
1313 tcp_keepalive_idle: 0
1315 Number of seconds a connection must be idle before keepalive
1316 probes are sent (0 == system default)
1317 tcp_keepalive_intvl: 0
1319 Number of seconds between keepalive probes (0 == system default)
1320 temp_path: /tmp
1322 The pathname to store temporary files in
1323 timeout: 30
1325 The length of the IMAP server's inactivity autologout timer, in
1326 minutes. The minimum value is 30, the default.
1327 tls_ca_file: <none>
1329 File containing one or more Certificate Authority (CA) certifi‐
1330 cates.
1331 tls_ca_path: <none>
1333 Path to directory with certificates of CAs. This directory must
1334 have filenames with the hashed value of the certificates (see
1335 openssl(XXX)).
1336 tlscache_db: skiplist
1338 The cyrusdb backend to use for the TLS cache.
1339 Allowed values: berkeley, berkeley-nosync, berkeley-hash, berke‐
1341 ley-hash-nosync, skiplist, sql
1342 tlscache_db_path: <none>
1344 The absolute path to the tlscache db file. If not specified, will
1345 be confdir/tls_sessions.db
1346 tls_cert_file: <none>
1348 File containing the certificate presented for server authentica‐
1349 tion during STARTTLS. A value of "disabled" will disable SSL/TLS.
1350 tls_cipher_list: DEFAULT
1352 The list of SSL/TLS ciphers to allow. The format of the string is
1353 described in ciphers(1).
1354 tls_key_file: <none>
1356 File containing the private key belonging to the server certifi‐
1357 cate. A value of "disabled" will disable SSL/TLS.
1358 tls_require_cert: 0
1360 Require a client certificate for ALL services (imap, pop3, lmtp,
1361 sieve).
1362 tls_session_timeout: 1440
1364 The length of time (in minutes) that a TLS session will be cached
1365 for later reuse. The maximum value is 1440 (24 hours), the
1366 default. A value of 0 will disable session caching.
1367 umask: 077
1369 The umask value used by various Cyrus IMAP programs.
1370 userdeny_db: flat
1372 The cyrusdb backend to use for the user access list.
1373 Allowed values: flat, berkeley, berkeley-hash, skiplist, sql
1375 userdeny_db_path: <none>
1377 The absolute path to the userdeny db file. If not specified, will
1378 be confdir/user_deny.db
1379 user_folder_limit: 0
1381 Limit the number of folders a user can create in their INBOX. Set
1382 to 0 (default) for no limit. Only affects folders in user.
1383 username_tolower: 1
1385 Convert usernames to all lowercase before login/authentication.
1386 This is useful with authentication backends which ignore case dur‐
1387 ing username lookups (such as LDAP).
1388 userprefix: Other Users
1390 If using the alternate IMAP namespace, the prefix for the other
1391 users namespace. The hierarchy delimiter will be automatically
1392 appended.
1393 unix_group_enable: 1
1395 Should we look up groups when using auth_unix (disable this if you
1396 are not using groups in ACLs for your IMAP server, and you are
1397 using auth_unix with a backend (such as LDAP) that can make get‐
1398 grent() calls very slow)
1399 unixhierarchysep: 0
1401 Use the UNIX separator character '/' for delimiting levels of
1402 mailbox hierarchy. The default is to use the netnews separator
1403 character '.'.
1404 virtdomains: off
1406 Enable virtual domain support. If enabled, the user's domain will
1407 be determined by splitting a fully qualified userid at the last
1408 '@' or '%' symbol. If the userid is unqualified, and the virtdo‐
1409 mains option is set to "on", then the domain will be determined by
1410 doing a reverse lookup on the IP address of the incoming network
1411 interface, otherwise the user is assumed to be in the default
1412 domain (if set).
1413 Allowed values: off, userid, on
1415 xlist-*: <none>
1417 Cyrus 2.4 ONLY - enable special use flags. The valid names can be
1418 taken from GMail's XLIST documents or RFC 6154. Attribute name in
1419 the configuration key should be defined in lowercase. The
1420 attribute value is case sensitive, may contain whitespace and must
1421 be valid UTF7-IMAP string. It must exactly match the name of the
1422 subfolder of a user's INBOX.
1423 Example: xlist-drafts: My Drafts
1425 Every user on your server with a 'INBOX.My Drafts' folder will get
1427 the special use flag " versions of Cyrus have a much more flexible
1428 RFC 6154 compatible system.
1429 tls_prefer_server_ciphers: 0
1431 Prefer the ciphers on the server side instead of client side
1432 tls_versions: ssl2 ssl3 tls1_0 tls1_1 tls1_2
1434 A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS
1435 starts with all protocols, and substracts protocols not in this
1436 list. Newer versions of SSL/TLS will need to be added here to
1437 allow them to get disabled.
1438
1441 imapd(8), pop3d(8), nntpd(8), lmtpd(8), timsieved(8), idled(8), noti‐
1442 fyd(8), deliver(8), cyrus-master(8), ciphers(1)
1443CMU Project Cyrus IMAPD.CONF(5)