1IMAPD.CONF(5) Cyrus IMAP IMAPD.CONF(5)
2
6 imapd.conf - Cyrus IMAP documentation
7 IMAP configuration file
9
11 /etc/imapd.conf is the configuration file for the Cyrus IMAP server.
12 It defines local parameters for IMAP.
13 Each line of the /etc/imapd.conf file has the form
15 option: value
16 where option is the name of the configuration option being set and
18 value is the value that the configuration option is being set to.
19 Although there is no limit to the length of a line, a ``\'' (back‐
21 slash) character may be used as the last character on a line to
22 force it to continue on the next one. No additional whitespace is
23 inserted before or after the ``\''. Note that a line that is split
24 using ``\'' character(s) is still considered a single line.
25 For example
27 option:\
28 value1 value2 \
29 value3
30 is equivalent to
32 option: value1 value2 value3
33 Blank lines and lines beginning with ``#'' are ignored.
35 For boolean and enumerated options, the values ``yes'', ``on'',
37 ``t'', ``true'' and ``1'' turn the option on, the values ``no'',
38 ``off'', ``f'', ``false'' and ``0'' turn the option off.
39 Duration options take the form of a number followed by a unit, for
41 example 32m (32 minutes). Units are d (days), h (hours), m (min‐
42 utes) and s (seconds). Multiple units can be combined and will be
43 summed together, for example 1h30m is equivalent to 90m. If no unit
44 is specified, an option-specific backward-compatible default unit is
45 assumed (documented on an option-by-option basis). These are simple
46 time units: 1d=24h, 1h=60m, 1m=60s (daylight savings, timezones,
47 leap adjustments, etc are not considered).
48 Byte size options take the form of a number followed by a unit, for
50 example 1KiB (1 kibibyte). Units are B (bytes), KiB (kibibytes),
51 MiB (mebibytes), and GiB (gibibytes), which may also be spelt KB,
52 MB, and GB. Units are parsed without regard to case. Note that re‐
53 gardless of spelling, these units are always powers of 2, and never
54 metric. That is, 1GiB = 1024MiB, 1MiB = 1024KiB, 1KiB = 1024B. If
55 no unit is specified, an option-specific backward-compatible default
56 unit is assumed (documented on an option-by-option basis).
57
59 The sections below detail options that can be placed in the
60 /etc/imapd.conf file, and show each option's default value. Some
61 options have no default value, these are listed with ``<no de‐
62 fault>''. Some options default to the empty string, these are
63 listed with ``<none>''.
64 acl_admin_implies_write: 0
66 If enabled, any user with the admin ACL on a mailbox implicitly
67 gets the ability to write to that mailbox as well.
68 addressbookprefix: #addressbooks
70 The prefix for the addressbook mailboxes hierarchies. The hier‐
71 archy delimiter will be automatically appended. The public ad‐
72 dressbook hierarchy will be at the toplevel of the shared name‐
73 space. A user's personal addressbook hierarchy will be a child
74 of their Inbox.
75 admins: <empty string>
77 The list of userids with administrative rights. Separate each
78 userid with a space. Sites using Kerberos authentication may
79 use separate "admin" instances.
80 Note that accounts used by users should not be administrators.
82 Administrative accounts should not receive mail. That is, if
83 user "jbRo" is a user reading mail, he should not also be in the
84 admins line. Some problems may occur otherwise, most notably
85 the ability of administrators to create top-level mailboxes vis‐
86 ible to users, but not writable by users.
87 afspts_localrealms: <none>
89 The list of realms which are to be treated as local, and thus
90 stripped during identifier canonicalization (for the AFSPTS pt‐
91 loader module). This is different from loginrealms in that it
92 occurs later in the authorization process (as the user id is
93 canonified for PTS lookup)
94 afspts_mycell: <none>
96 Cell to use for AFS PTS lookups. Defaults to the local cell.
97 allowallsubscribe: 0
99 Allow subscription to nonexistent mailboxes. This option is
100 typically used on backend servers in a Murder so that users can
101 subscribe to mailboxes that don't reside on their "home" server.
102 This option can also be used as a workaround for IMAP clients
103 which don't play well with nonexistent or unselectable mailboxes
104 (e.g., Microsoft Outlook).
105 allowanonymouslogin: 0
107 Permit logins by the user "anonymous" using any password. Also
108 allows use of the SASL ANONYMOUS mechanism.
109 allowapop: 1
111 Allow use of the POP3 APOP authentication command.
112 Note that this command requires that SASL is compiled with APOP
114 support, that the plaintext passwords are available in a SASL
115 auxprop backend (e.g., sasldb), and that the system can provide
116 enough entropy (e.g., from /dev/urandom) to create a challenge
117 in the banner.
118 allowdeleted: 0
120 Allow access to deleted and expunged data via vendor.cmu-* ac‐
121 cess
122 allownewnews: 0
124 Allow use of the NNTP NEWNEWS command.
125 Note that this is a very expensive command and should only be
127 enabled when absolutely necessary.
128 allowplaintext: 0
130 If enabled, allows the use of cleartext passwords on the wire.
131 By default, the use of cleartext passwords requires a TLS/SSL
133 encryption layer to be negotiated prior to any cleartext authen‐
134 tication mechanisms being advertised or allowed. To require a
135 TLS/SSL encryption layer to be negotiated prior to ANY authenti‐
136 cation, see the tls_required option.
137 allowsetacl: 1
139 Defaults to enabled. If disabled, disallows the use of the SE‐
140 TACL command at all via IMAP.
141 allowusermoves: 0
143 Allow moving user accounts (with associated meta-data) via RE‐
144 NAME or XFER.
145 Note that measures should be taken to make sure that the user
147 being moved is not logged in, and cannot login during the move.
148 Failure to do so may result in the user's meta-data (seen state,
149 subscriptions, etc) being corrupted or out of date.
150 altnamespace: 1
152 Use the alternate IMAP namespace, where personal folders reside
153 at the same level in the hierarchy as INBOX.
154 This option ONLY applies where interaction takes place with the
156 client/user. Currently this is limited to the IMAP protocol
157 (imapd) and Sieve scripts (lmtpd). This option does NOT apply
158 to admin tools such as cyradm (admins ONLY), reconstruct, quota,
159 etc., NOR does it affect LMTP delivery of messages directly to
160 mailboxes via plus-addressing. The default changed in 3.0 from
161 off to on.
162 altprefix: Alt Folders
164 Alternative INBOX spellings that can't be accessed in altnames‐
165 pace otherwise go under here
166 annotation_db: twoskip
168 The cyrusdb backend to use for mailbox annotations.
169 Allowed values: skiplist, twoskip, zeroskip
171 annotation_db_path: <none>
173 The absolute path to the annotations db file. If not specified,
174 will be configdirectory/annotations.db
175 anyoneuseracl: 1
177 Should non-admin users be allowed to set ACLs for the 'anyone'
178 user on their mailboxes? In a large organization this can cause
179 support problems, but it's enabled by default.
180 annotation_allow_undefined: 0
182 Allow clients to store values for entries which are not defined
183 either by Cyrus or in the annotations_definitions file.
184 annotation_definitions: <none>
186 File containing external (third-party) annotation definitions.
187 Each line of the file specifies the properties of an annotation
189 and has the following form:
190 name, scope, attrib-type, proxy-type, attrib-names, acl
191 name is the hierarchical name as in RFC 5257 or RFC 5464 (in
193 the latter case, without the leading /shared or /pri‐
194 vate). For example, /vendor/acme/blurdybloop.
195 scope specifies whether the annotation is for the server, a
197 mailbox, or a message.
198 attrib-type
200 specifies the attribute data type, which is used only
201 to check the string value passed by clients when set‐
202 ting annotations. The attrib-type is one of:
203 string any value is accepted.
205 content-type
207 this obsolete data type, which was useful for
208 early drafts of the standard, is accepted but
209 silently translated to string.
210 boolean
212 only the strings "true" or "false" are accepted.
213 Checking is case-insensitive but the value is
214 forced to lowercase.
215 int integers are accepted.
217 uint non-negative integers are accepted.
219 proxy-type
221 specifies whether this attribute is for the backend or
222 proxy servers or both (proxy_and_backend)
223 attrib-names
225 is the space-separated list of available attributes for
226 the annotation. Possible attribute names are
227 value.shared, value.priv, and value (which permits both
228 value.priv and value.shared). The attribute names size,
229 size.shared, and size.priv are accepted but ignored;
230 these attributes are automatically provided by the server
231 if the corresponding value attribute is specified. Some
232 obsolete attributes, which were defined early drafts of
233 the standard, are accepted and ignored with a warning.
234 extra-permissions
236 is the extra ACL permission bits required for setting
237 this annotation, in standard IMAP ACL permission bit
238 string format. Note that this is in addition to the per‐
239 mission bits specified in RFC 5257 and RFC 5464, so leav‐
240 ing this field empty is harmless. Note also that there
241 is no way to specify that an annotation can only be set
242 by an admin user; in particular the a permission bit does
243 not achieve this.
244 Blank lines and lines beginning with ``#'' are ignored.
246 annotation_callout: <none>
248 The pathname of a callout to be used to automatically add anno‐
249 tations or flags to a message when it is appended to a mailbox.
250 The path can be either an executable (including a script), or a
251 UNIX domain socket.
252 annotation_callout_disable_append: 0
254 Disables annotations on append with xrunannotator
255 annotation_enable_legacy_commands: 0
257 Whether to enable the legacy GETANNOTATION/SETANNOTATION com‐
258 mands. These commands are deprecated and will be removed in the
259 future, but might be useful in the meantime for supporting old
260 clients that do not implement the RFC 5464 IMAP METADATA exten‐
261 sion.
262 aps_topic: <none>
264 Topic for Apple Push Service registration.
265 aps_topic_caldav: <none>
267 Topic for Apple Push Service registration for CalDAV.
268 aps_topic_carddav: <none>
270 Topic for Apple Push Service registration for CardDAV.
271 archive_enabled: 0
273 Is archiving enabled for this server. You also need to have an
274 archivepartition for the mailbox. Archiving allows older email
275 to be stored on slower, cheaper disks - even within the same
276 mailbox, as distinct from partitions.
277 archive_days: <none>
279 Deprecated in favour of archive_after.
280 archive_after: 7d
282 The duration after which to move messages to the archive parti‐
283 tion if archiving is enabled.
284 For backward compatibility, if no unit is specified, days is as‐
286 sumed.
287 archive_maxsize: 1024 K
289 The size of the largest message that won't be archived immedi‐
290 ately.
291 For backward compatibility, if no unit is specified, kibibytes
293 is assumed.
294 archive_keepflagged: 0
296 If set, messages with the \Flagged system flag won't be
297 archived, provided they are smaller than archive_maxsize.
298 archivepartition-name: <none>
300 The pathname of the archive partition name, corresponding to
301 spool partition partition-name. For any mailbox residing in a
302 directory on partition-name, the archived messages will be
303 stored in a corresponding directory on archivepartition-name.
304 Note that not every partition-name option is strictly required
305 to have a corresponding archivepartition-name option, but that
306 without one there's no benefit to enabling archiving.
307 auditlog: 0
309 Should cyrus output log entries for every action taken on a mes‐
310 sage file or mailboxes list entry? It's noisy so disabled by
311 default, but can be very useful for tracking down what happened
312 if things look strange
313 auth_mech: unix
315 The authorization mechanism to use.
316 Allowed values: unix, pts, krb, krb5
318 autocreateinboxfolders: <none>
320 Deprecated in favor of autocreate_inbox_folders.
321 autocreatequota: <none>
323 Deprecated in favor of autocreate_quota.
324 autocreatequotamsg: -1
326 Deprecated in favor of autocreate_quota_messages.
327 autosievefolders: <none>
329 Deprecated in favor of autocreate_sieve_folders.
330 generate_compiled_sieve_script: 0
332 Deprecated in favor of autocreate_sieve_script_compile.
333 autocreate_sieve_compiled_script: <none>
335 Deprecated in favor of autocreate_sieve_script_compiled.
336 autosubscribeinboxfolders: <none>
338 Deprecated in favor of autocreate_subscribe_folders.
339 autosubscribesharedfolders: <none>
341 Deprecated in favor of autocreate_subscribe_sharedfolders.
342 autosubscribe_all_sharedfolders: 0
344 Deprecated in favor of autocreate_subscribe_sharedfolders_all.
345 autocreate_acl: <none>
347 If folders are to be created by autocreate_inbox_folders, this
348 setting can be used to apply additional ACLs to the autocreated
349 folders. The syntax is "autocreate_acl folder identifier
350 rights", where folder must match one of the autocreate_in‐
351 box_folders folders, identifier must be a valid cyrus identi‐
352 fier, and rights must be a valid cyrus rights string. Multiple
353 identifier|rights pairs can be assigned to a single folder by
354 providing this setting multiple times.
355 For example, "autocreate_acl Plus anyone p" would allow lmtp de‐
357 livery to a folder named "Plus".
358 autocreate_inbox_folders: <none>
360 If a user does not have an INBOX already, and the INBOX is to be
361 created, create the list of folders in this setting as well.
362 autocreate_inbox_folders is a list of INBOX's subfolders sepa‐
363 rated by a "|", that are automatically created by the server un‐
364 der the following two scenarios. Leading and trailing whitespace
365 is stripped, so "Junk | Trash" results in two folders: "Junk"
366 and "Trash". See also the xlist-flag option, for setting spe‐
367 cial-use flags on autocreated folders.
368 INBOX folders are created under both the following conditions:
370 1. The user logins via the IMAP or the POP3 protocol. autocre‐
372 ate_quota option must have a value of zero or greater.
373 2. A message arrives for the user through the lmtpd(8). au‐
375 tocreate_post option must be enabled.
376 autocreate_post: 0
378 If enabled, when lmtpd(8) receives an incoming mail for an INBOX
379 that does not exist, then the INBOX is automatically created by
380 lmtpd(8) and delivery of the message continues.
381 autocreate_quota: -1
383 If set to a value of zero or higher, users have their INBOX
384 folders created upon a successful login event or upon lmtpd(8)
385 message delivery if autocreate_post is enabled, provided their
386 INBOX did not yet already exist.
387 The user's quota is set to the value if it is greater than zero,
389 otherwise the user has unlimited quota.
390 Note that quota has kibibyte granularity. Values specified here
392 will be truncated to the nearest whole kibibyte.
393 For backward compatibility, if no unit is specified, kibibytes
395 is assumed.
396 autocreate_quota_messages: -1
398 If set to a value of zero or higher, users who have their INBOX
399 folders created upon a successful login event (see autocre‐
400 ate_quota), or upon lmtpd(8) message delivery if autocreate_post
401 is enabled, receive the message quota configured in this option.
402 The default of -1 disables assigning message quota.
404 For consistency with autocreate_quota, a value of zero is
406 treated as unlimited message quota, rather than a message quota
407 of zero.
408 autocreate_sieve_folders: <none>
410 A "|" separated list of subfolders of INBOX that will be auto‐
411 matically created, if requested by a sieve filter, through the
412 "fileinto" action. The default is to create no folders automati‐
413 cally.
414 Leading and trailing whitespace is stripped from each folder, so
416 a setting of "Junk | Trash" will create two folders: "Junk" and
417 "Trash".
418 autocreate_sieve_script: <none>
420 The full path of a file that contains a sieve script. This
421 script automatically becomes a user's initial default sieve fil‐
422 ter script.
423 When this option is not defined, no default sieve filter is cre‐
425 ated. The file must be readable by the Cyrus daemon.
426 autocreate_sieve_script_compile: 0
428 If set to yes and no compiled sieve script file exists, the
429 sieve script which is compiled on the fly will be saved in the
430 file name that autocreate_sieve_compiledscript option points to.
431 In order a compiled script to be generated, autocre‐
432 ate_sieve_script and autocreate_sieve_compiledscript must have
433 valid values
434 autocreate_sieve_script_compiled: <none>
436 The full path of a file that contains a compiled in bytecode
437 sieve script. This script automatically becomes a user's initial
438 default sieve filter script. If this option is not specified,
439 or the filename doesn't exist then the script defined by au‐
440 tocreate_sieve_script is compiled on the fly and installed as
441 the user's default sieve script
442 autocreate_subscribe_folders: <none>
444 A list of folder names, separated by "|", that the users get au‐
445 tomatically subscribed to, when their INBOX is created. These
446 folder names must have been included in the autocreateinboxfold‐
447 ers option of the imapd.conf.
448 autocreate_subscribe_sharedfolders: <none>
450 A list of shared folders (bulletin boards), separated by "|",
451 that the users get automatically subscribed to, after their IN‐
452 BOX is created. The shared folder must have been created and the
453 user must have the required permissions to get subscribed to it.
454 Otherwise, subscribing to the shared folder fails.
455 autocreate_subscribe_sharedfolders_all: 0
457 If set to yes, the user is automatically subscribed to all
458 shared folders, one has permission to subscribe to.
459 autocreate_users: anyone
461 A space separated list of users and/or groups that are allowed
462 their INBOX to be automatically created.
463 autoexpunge: 0
465 If set to yes, then all Deleted messages will be automatically
466 expunged whenever an index is closed, whether CLOSE, UNSELECT,
467 SELECT or on disconnect
468 backuppartition-name: <none>
470 The pathname of the backup partition name. At least one backup
471 partition pathname MUST be specified if backups are in use.
472 Note that there is no relationship between spool partitions and
473 backup partitions.
474 backup_compact_minsize: 0
476 The minimum size of chunks in each backup. The compact tool
477 will try to combine adjacent chunks that are smaller than this.
478 Setting this value to zero or negative disables combining of
480 chunks.
481 For backward compatibility, if no unit is specified, kibibytes
483 is assumed.
484 backup_compact_maxsize: 0
486 The maximum size of chunks in each backup. The compact tool
487 will try to split chunks larger than this into smaller chunks.
488 Setting this value to zero or negative disables splitting of
490 chunks.
491 For backward compatibility, if no unit is specified, kibibytes
493 is assumed.
494 backup_compact_work_threshold: 1
496 The number of chunks that must obviously need compaction before
497 the compact tool will go ahead with the compaction. If set to
498 less than one, the value is treated as being one.
499 backup_staging_path: <none>
501 The absolute path of the backup staging area. If not specified,
502 will be temp_path/backup
503 backup_retention_days: <none>
505 Deprecated in favor of backup_retention.
506 backup_retention: 7d
508 How long to keep content in backup after it has been deleted
509 from the source. If set to a negative value or zero, deleted
510 content will be kept indefinitely.
511 For backward compatibility, if no unit is specified, days is as‐
513 sumed.
514 backup_db: twoskip
516 The cyrusdb backend to use for the backup locations database.
517 Allowed values: skiplist, sql, twoskip, zeroskip
519 backup_db_path: <none>
521 The absolute path to the backup db file. If not specified, will
522 be configdirectory/backups.db
523 backup_keep_previous: 0
525 Whether the ctl_backups compact and ctl_backups reindex commands
526 should preserve the original file. The original file will be
527 named with a timestamped suffix. This is mostly useful for de‐
528 bugging.
529 Note that with this enabled, compacting a backup will actually
531 increase the disk used by it (because there will now be an extra
532 copy: the original version, and the compacted version).
533 boundary_limit: 1000
535 messages are parsed recursively and a deep enough MIME structure
536 can cause a stack overflow. Do not parse deeper than this many
537 layers of MIME structure. The default of 1000 is much higher
538 than any sane message should have.
539 caldav_accept_invalid_rrules: 0
541 Accept invalid RRULEs (e.g. FREQ=WEEKLY;BYMONTHDAY=15) rather
542 than rejecting them as errors.
543 caldav_allowattach: 1
545 Enable managed attachments support on the CalDAV server.
546 caldav_allowcalendaradmin: 0
548 Enable per-user calendar administration web UI on the CalDAV
549 server.
550 caldav_allowscheduling: on
552 Enable calendar scheduling operations. If set to "apple", the
553 server will emulate Apple CalendarServer behavior as closely as
554 possible. Allowed values: off, on, apple
555 caldav_create_attach: 1
557 Create the 'Attachments' collection if it doesn't already exist
558 caldav_create_default: 1
560 Create the 'Default' calendar if it doesn't already exist
561 caldav_create_sched: 1
563 Create the 'Inbox' and 'Outbox' calendars if they don't already
564 exist
565 caldav_historical_age: 7d
567 How long after an occurrence of event or task has concluded that
568 it is considered 'historical'. Changes to historical occur‐
569 rences of events or tasks WILL NOT have invite or reply messages
570 sent for them. A negative value means that events and tasks are
571 NEVER considered historical.
572 For backward compatibility, if no unit is specified, days is as‐
574 sumed.
575 caldav_maxdatetime: 20380119T031407Z
577 The latest date and time accepted by the server (ISO format).
578 This value is also used for expanding non-terminating recurrence
579 rules.
580 Note that increasing this value will require the DAV databases
582 for calendars to be reconstructed with the dav_reconstruct util‐
583 ity in order to see its effect on serer-side time-based queries.
584 caldav_mindatetime: 19011213T204552Z
586 The earliest date and time accepted by the server (ISO format).
587 caldav_realm: <none>
589 The realm to present for HTTP authentication of CalDAV re‐
590 sources. If not set (the default), the value of the "server‐
591 name" option will be used.
592 calendarprefix: #calendars
594 The prefix for the calendar mailboxes hierarchies. The hierar‐
595 chy delimiter will be automatically appended. The public calen‐
596 dar hierarchy will be at the toplevel of the shared namespace.
597 A user's personal calendar hierarchy will be a child of their
598 Inbox.
599 calendar_default_displayname: personal
601 The displayname to be used when creating a user's 'Default' cal‐
602 endar.
603 calendar_user_address_set: <none>
605 Space-separated list of domains corresponding to calendar user
606 addresses for which the server is responsible. If not set (the
607 default), the value of the "servername" option will be used.
608 calendar_component_set: VEVENT VTODO VJOURNAL VFREEBUSY VAVAILABIL‐
610 ITY VPOLL
611 Space-separated list of iCalendar component types that calendar
612 object resources may contain in a calendar collection. This re‐
613 striction is only set at calendar creation time and only if the
614 CalDAV client hasn't specified a restriction in the creation re‐
615 quest. Allowed values: VEVENT, VTODO, VJOURNAL, VFREEBUSY,
616 VAVAILABILITY, VPOLL
617 calendar_minimum_alarm_interval: 5m
619 The minimum allowed interval between alarms for a recurring
620 event. Primarily used to suppress alarms for MINUTELY and SEC‐
621 ONDLY recurrences. The default is 5 minutes. The minimum value
622 is 0, which will allow all alarms.
623 carddav_allowaddmember: 0
625 Enable support for POST add-member on the CardDAV server.
626 carddav_allowaddressbookadmin: 0
628 Enable per-user addressbook administration web UI on the CardDAV
629 server.
630 carddav_realm: <none>
632 The realm to present for HTTP authentication of CardDAV re‐
633 sources. If not set (the default), the value of the "server‐
634 name" option will be used.
635 carddav_repair_vcard: 0
637 If enabled, VCARDs with invalid content are attempted to be re‐
638 paired during creation.
639 chatty: 0
641 If yes, syslog tags and commands for every IMAP command, mail‐
642 boxes for every lmtp connection, every POP3 command, etc
643 client_bind: 0
645 If enabled, a specific IP will be bound when performing a client
646 connection. client_bind_name is used if it is set, otherwise
647 servername is used. This is useful on multi-homed servers where
648 Cyrus should not use other services' interfaces.
649 If not enabled (the default), no bind will be performed. Client
651 connections will use an IP chosen by the operating system.
652 client_bind_name: <none>
654 IPv4, IPv6 address or hostname to bind for client connections
655 when client_bind is enabled. If not set (the default), server‐
656 name will be used.
657 client_timeout: 10s
659 Time to wait before returning a timeout failure when performing
660 a client connection (e.g. in a murder environment).
661 For backward compatibility, if no unit is specified, seconds is
663 assumed.
664 commandmintimer: <none>
666 Time in floating point seconds. Any imap command that takes
667 longer than this time is logged.
668 configdirectory: <none>
670 The pathname of the IMAP configuration directory. This field is
671 required.
672 createonpost: 0
674 Deprecated in favor of autocreate_post.
675 conversations: 0
677 Enable the XCONVERSATIONS extensions. Extract conversation
678 tracking information from incoming messages and track them in
679 per-user databases.
680 conversations_counted_flags: <none>
682 space-separated list of flags for which per-conversation counts
683 will be kept. Note that you need to reconstruct the conversa‐
684 tions database with ctl_conversationsdb if you change this op‐
685 tion on a running server, or the counts will be wrong.
686 conversations_db: skiplist
688 The cyrusdb backend to use for the per-user conversations data‐
689 base.
690 Allowed values: skiplist, sql, twoskip, zeroskip
692 conversations_expire_days: <none>
694 Deprecated in favor of conversations_expire_after.
695 conversations_expire_after: 90d
697 How long the conversations database keeps the message tracking
698 information needed for receiving new messages in existing con‐
699 versations.
700 For backward compatibility, if no unit is specified, days is as‐
702 sumed.
703 conversations_keep_existing: 1
705 during conversations cleanup, don't clean up if there are still
706 existing emails with one of the mentioned CIDs
707 conversations_max_thread: 100
709 maximum size for a single thread. Threads will split if they
710 have this many messages in them and another message arrives
711 conversations_max_guidrecords: 5000
713 maximum records with the same guid. This is just a sanity check
714 to stop the same email being added and removed over and over, so
715 the default is 5000
716 conversations_max_guidexists: 100
718 maximum records with the same guid. This maps to "labels", so
719 with the default of 100, you can only have 100 labels on an
720 email in JMAP
721 conversations_max_guidinfolder: 10
723 maximum records with the same guid in the same folder. You can't
724 do this via JMAP, but could via IMAP. The default of 10 should
725 be heaps normally!
726 crossdomains: 0
728 Enable cross domain sharing. This works best with alt namespace
729 and unix hierarchy separators on, so you get Other
730 Users/foo@example.com/...
731 crossdomains_onlyother: 0
733 only show the domain for users in other domains than your own
734 (for backwards compatibility if you're already sharing
735 cyrus_group: <none>
737 The name of the group Cyrus services will run as. If not con‐
738 figured, the primary group of cyrus_user will be used. Can be
739 further overridden by setting the $CYRUS_GROUP environment vari‐
740 able.
741 cyrus_user: <none>
743 The username to use as the 'cyrus' user. If not configured, the
744 compile time default will be used. Can be further overridden by
745 setting the $CYRUS_USER environment variable.
746 davdriveprefix: #drive
748 The prefix for the DAV storage mailboxes hierarchies. The hier‐
749 archy delimiter will be automatically appended. The public
750 storage hierarchy will be at the toplevel of the shared name‐
751 space. A user's personal storage hierarchy will be a child of
752 their Inbox.
753 davnotificationsprefix: #notifications
755 The prefix for the DAV notifications hierarchy. The hierarchy
756 delimiter will be automatically appended. The public notifica‐
757 tions hierarchy will be at the toplevel of the shared namespace.
758 A user's personal notifications hierarchy will be a child of
759 their Inbox.
760 dav_realm: <none>
762 The realm to present for HTTP authentication of generic DAV re‐
763 sources (principals). If not set (the default), the value of
764 the "servername" option will be used.
765 dav_lock_timeout: 20s
767 The maximum time to wait for a write lock on the per-user DAV
768 database before timeout. For HTTP requests, the HTTP status code
769 503 is returned if the lock can not be obtained within this
770 time.
771 For backward compatibility, if no unit is specified, seconds is
773 assumed.
774 debug: 0
776 If enabled, allow syslog() to pass LOG_DEBUG messages.
777 debug_command: <none>
779 Debug command to be used by processes started with -D option.
780 The string is a C format string that gets 3 options: the first
781 is the name of the executable (as specified in the cmd parameter
782 in cyrus.conf). The second is the pid (integer) and the third is
783 the service ID. Example: /usr/local/bin/gdb /usr/cyrus/bin/%s
784 %d
785 debug_log_sync_partition_choice: 0
787 If enabled, replication will log which partition it chose for
788 staging. This is mainly useful for regression testing the
789 sync_client -a switch.
790 debug_writefail_guid: <none>
792 If set, any arriving message with this guid will fail as if the
793 underlying disk write had failed, pretending to be a disk full
794 condition. This is mainly useful for regression testing certain
795 edge case handling. Currently only implemented for replication
796 uploads.
797 defaultacl: anyone lrs
799 The Access Control List (ACL) placed on a newly-created
800 (non-user) mailbox that does not have a parent mailbox.
801 defaultdomain: internal
803 The default domain for virtual domain support
804 defaultpartition: <none>
806 The partition name used by default for new mailboxes. If not
807 specified, the partition with the most free space will be used
808 for new mailboxes.
809 Note that the partition specified by this option must also be
811 specified as partition-name, where you substitute 'name' for the
812 alphanumeric string you set defaultpartition to.
813 defaultsearchtier: <empty string>
815 Name of the default tier that messages will be indexed to.
816 Search indexes can be organized in tiers to allow index storage
817 in different directories and physical media. See the man page of
818 squatter for details. The default search tier also requires the
819 definition of an according searchtierpartition-name entry.
820 This option MUST be specified for xapian search.
822 defaultserver: <none>
824 The backend server name used by default for new mailboxes. If
825 not specified, the server with the most free space will be used
826 for new mailboxes.
827 deletedprefix: DELETED
829 With delete_mode set to delayed, the deletedprefix setting de‐
830 fines the prefix for the hierarchy of deleted mailboxes.
831 The hierarchy delimiter will be automatically appended.
833 delete_mode: delayed
835 The manner in which mailboxes are deleted. In the default de‐
836 layed mode, mailboxes that are being deleted are renamed to a
837 special mailbox hierarchy under the deletedprefix, to be removed
838 later by cyr_expire(8).
839 In immediate mode, the mailbox is removed from the filesystem
841 immediately.
842 Allowed values: immediate, delayed
844 delete_unsubscribe: 0
846 Whether to also unsubscribe from mailboxes when they are
847 deleted. Note that this behaviour contravenes RFC 3501 section
848 6.3.9, but may be useful for avoiding user/client software con‐
849 fusion. The default is 'no'.
850 deleteright: c
852 Deprecated - only used for backwards compatibility with existing
853 installations. Lists the old RFC 2086 right which was used to
854 grant the user the ability to delete a mailbox. If a user has
855 this right, they will automatically be given the new 'x' right.
856 disable_user_namespace: 0
858 Preclude list command on user namespace. If set to 'yes', the
859 LIST response will never include any other user's mailbox. Ad‐
860 min users will always see all mailboxes. The default is 'no'
861 disable_shared_namespace: 0
863 Preclude list command on shared namespace. If set to 'yes', the
864 LIST response will never include any non-user mailboxes. Admin
865 users will always see all mailboxes. The default is 'no'
866 disconnect_on_vanished_mailbox: 0
868 If enabled, IMAP/POP3/NNTP clients will be disconnected by the
869 server if the currently selected mailbox is (re)moved by another
870 session. Otherwise, the missing mailbox is treated as empty
871 while in use by the client.
872 ischedule_dkim_domain: <none>
874 The domain to be reported as doing iSchedule DKIM signing.
875 ischedule_dkim_key_file: <none>
877 File containing the private key for iSchedule DKIM signing.
878 ischedule_dkim_required: 1
880 A DKIM signature is required on received iSchedule requests.
881 ischedule_dkim_selector: <none>
883 Name of the selector subdividing the domain namespace. This
884 specifies the actual key used for iSchedule DKIM signing within
885 the domain.
886 duplicate_db: twoskip
888 The cyrusdb backend to use for the duplicate delivery suppres‐
889 sion and sieve. Allowed values: skiplist, sql, twoskip, ze‐
890 roskip
891 duplicate_db_path: <none>
893 The absolute path to the duplicate db file. If not specified,
894 will be configdirectory/deliver.db
895 duplicatesuppression: 1
897 If enabled, lmtpd will suppress delivery of a message to a mail‐
898 box if a message with the same message-id (or resent-message-id)
899 is recorded as having already been delivered to the mailbox.
900 Records the mailbox and message-id/resent-message-id of all suc‐
901 cessful deliveries.
902 event_content_inclusion_mode: standard
904 The mode in which message content may be included with Mes‐
905 sageAppend and MessageNew. "standard" mode is the default behav‐
906 ior in which message is included up to a size with the notifica‐
907 tion. In "message" mode, the message is included and may be
908 truncated to a size. In "header" mode, it includes headers trun‐
909 cated to a size. In "body" mode, it includes body truncated to a
910 size. In "headerbody" mode, it includes full headers and body
911 truncated to a size Allowed values: standard, message, header,
912 body, headerbody
913 event_content_size: 0
915 Truncate the message content that may be included with Mes‐
916 sageAppend and MessageNew. Set 0 to include the entire message
917 itself.
918 If no unit is specified, bytes is assumed.
920 event_exclude_flags: <none>
922 Don't send event notification for given IMAP flag(s)
923 event_exclude_specialuse: \Junk
925 Don't send event notification for folder with given special-use
926 attributes. Set ALL for any folder
927 event_extra_params: timestamp
929 Space-separated list of extra parameters to add to any appropri‐
930 ated event.
931 Allowed values: bodyStructure, clientAddress, diskUsed,
933 flagNames, messageContent, messageSize, messages, modseq, ser‐
934 vice, timestamp, uidnext, vnd.cmu.midset, vnd.cmu.unseenMes‐
935 sages, vnd.cmu.envelope, vnd.cmu.sessionId, vnd.cmu.mailboxACL,
936 vnd.cmu.mbtype, vnd.cmu.davFilename, vnd.cmu.davUid, vnd.fast‐
937 mail.clientId, vnd.fastmail.sessionId, vnd.fastmail.convExists,
938 vnd.fastmail.convUnseen, vnd.fastmail.cid, vnd.fastmail.coun‐
939 ters, vnd.fastmail.jmapEmail, vnd.fastmail.jmapStates,
940 vnd.cmu.emailid, vnd.cmu.threadid
941 event_groups: message mailbox
943 Space-separated list of groups of related events to turn on no‐
944 tification
945 Allowed values: message, quota, flags, access, mailbox, sub‐
947 scription, calendar, applepushservice, jmap
948 event_notifier: <none>
950 Notifyd(8) method to use for "EVENT" notifications which are
951 based on the RFC 5423. If not set, "EVENT" notifications are
952 disabled.
953 expunge_mode: delayed
955 The mode in which messages (and their corresponding cache en‐
956 tries) are expunged. "semidelayed" mode is the old behavior in
957 which the message files are purged at the time of the EXPUNGE,
958 but index and cache records are retained to facilitate QRESYNC.
959 In "delayed" mode, which is the default since Cyrus 2.5.0, the
960 message files are also retained, allowing unexpunge to rescue
961 them. In "immediate" mode, both the message files and the index
962 records are removed as soon as possible. In all cases, nothing
963 will be finally purged until all other processes have closed the
964 mailbox to ensure they never see data disappear under them. In
965 "semidelayed" or "delayed" mode, a later run of "cyr_expire"
966 will clean out the retained records (and possibly message
967 files). This reduces the amount of I/O that takes place at the
968 time of EXPUNGE and should result in greater responsiveness for
969 the client, especially when expunging a large number of mes‐
970 sages. Allowed values: immediate, semidelayed, delayed
971 failedloginpause: 3s
973 Time to pause after a failed login.
974 For backward compatibility, if no unit is specified, seconds is
976 assumed.
977 flushseenstate: 1
979 Deprecated. No longer used
980 foolstupidclients: 0
982 If enabled, only list the personal namespace when a LIST "*" is
983 performed (it changes the request to a LIST "INBOX*").
984 force_sasl_client_mech: <none>
986 Force preference of a given SASL mechanism for client side oper‐
987 ations (e.g., murder environments). This is separate from (and
988 overridden by) the ability to use the <host shortname>_mechs op‐
989 tion to set preferred mechanisms for a specific host
990 fulldirhash: 0
992 If enabled, uses an improved directory hashing scheme which
993 hashes on the entire username instead of using just the first
994 letter as the hash. This changes hash algorithm used for quota
995 and user directories and if hashimapspool is enabled, the entire
996 mail spool.
997 Note that this option CANNOT be changed on a live system. The
999 server must be quiesced and then the directories moved with the
1000 rehash utility.
1001 hashimapspool: 0
1003 If enabled, the partitions will also be hashed, in addition to
1004 the hashing done on configuration directories. This is recom‐
1005 mended if one partition has a very bushy mailbox tree.
1006 hostname_mechs: <none>
1008 Force a particular list of SASL mechanisms to be used when au‐
1009 thenticating to the backend server hostname (where hostname is
1010 the short hostname of the server in question). If it is not
1011 specified it will query the server for available mechanisms and
1012 pick one to use. - Cyrus Murder
1013 hostname_password: <none>
1015 The password to use for authentication to the backend server
1016 hostname (where hostname is the short hostname of the server) -
1017 Cyrus Murder
1018 httpallowcompress: 1
1020 If enabled, the server will compress response payloads if the
1021 client indicates that it can accept them. Note that the com‐
1022 pressed data will appear in telemetry logs, leaving only the re‐
1023 sponse headers as human-readable.
1024 httpallowcors: <none>
1026 A wildmat pattern specifying a list of origin URIs ( scheme
1027 "://" host [ ":" port ] ) that are allowed to make Cross-Origin
1028 Resource Sharing (CORS) requests on the server. By default,
1029 CORS requests are disabled.
1030 Note that the scheme and host should both be lowercase, the port
1032 should be omitted if using the default for the scheme (80 for
1033 http, 443 for https), and there should be no trailing '/' (e.g.:
1034 "http://www.example.com:8080", "https://example.org").
1035 httpallowtrace: 0
1037 Allow use of the TRACE method.
1038 Note that sensitive data might be disclosed by the response.
1040 httpallowedurls: <none>
1042 Space-separated list of relative URLs (paths) rooted at "http‐
1043 docroot" (see below) to be served by httpd. If set, this option
1044 will limit served static content to only those paths specified
1045 (returning "404 Not Found" to any other client requested URLs).
1046 Otherwise, httpd will serve any content found in "httpdocroot".
1047 Note that any path specified by "rss_feedlist_template" is an
1049 exception to this rule.
1050 httpcontentmd5: 0
1052 If enabled, HTTP responses will include a Content-MD5 header for
1053 the purpose of providing an end-to-end message integrity check
1054 (MIC) of the payload body. Note that enabling this option will
1055 use additional CPU to generate the MD5 digest, which may be ig‐
1056 nored by clients anyways.
1057 httpdocroot: <none>
1059 If set, http will serve the static content (html/text/jpeg/gif
1060 files, etc) rooted at this directory. Otherwise, httpd will not
1061 serve any static content.
1062 httpkeepalive: 20s
1064 Set the length of the HTTP server's keepalive heartbeat. The
1065 default is 20 seconds. The minimum value is 0, which will dis‐
1066 able the keepalive heartbeat. When enabled, if a request takes
1067 longer than httpkeepalive to process, the server will send the
1068 client provisional responses every httpkeepalive until the final
1069 response can be sent.
1070 For backward compatibility, if no unit is specified, seconds is
1072 assumed.
1073 httplogheaders: <none>
1075 Space-separated list of HTTP header fields that will be included
1076 in the requests logged by httpd(8).
1077 httpmodules: <empty string>
1079 Space-separated list of HTTP modules that will be enabled in
1080 httpd(8). This option has no effect on modules that are dis‐
1081 abled at compile time due to missing dependencies (e.g. libi‐
1082 cal).
1083 Note that "domainkey" depends on "ischedule" being enabled, and
1085 that both "freebusy" and "ischedule" depend on "caldav" being
1086 enabled. Allowed values: admin, caldav, carddav, cgi, do‐
1087 mainkey, freebusy, ischedule, jmap, prometheus, rss, tzdist,
1088 webdav
1089 httpprettytelemetry: 0
1091 If enabled, HTTP response payloads including server-generated
1092 markup languages (HTML, XML) will utilize line breaks and inden‐
1093 tation to promote better human-readability in telemetry logs.
1094 Note that enabling this option will increase the amount of data
1095 sent across the wire.
1096 httppts_uri: <none>
1098 The URL endpoint to use when for querying group membership, in
1099 URI Template (level 1) format [RFC 6570]. The URL MUST contain
1100 a variable called "groupId"
1101 httptimeout: 5m
1103 Set the length of the HTTP server's inactivity autologout timer.
1104 The default is 5 minutes. The minimum value is 0, which will
1105 disable persistent connections.
1106 For backwards compatibility, if no unit is specified, minutes is
1108 assumed.
1109 http_h2_altsvc: <none>
1111 If set, HTTP/2 (over TLS) will be advertised as being available
1112 on the specified [host]:port.
1113 http_jwt_key_dir: <none>
1115 The absolute path to a directory containing one or more key
1116 files to authenticate JSON Web Tokens (RFC 7519) for HTTP con‐
1117 nections. Keys for the following JWS algorithms are supported:
1118 "HS256", "HS384", "HS512", "RS256", "RS384", "RS512".
1119 A key file consists of one or more keys encoded in PEM format.
1121 RSA keys must be embedded between the lines "-----BEGIN PUBLIC
1122 KEY-----" and "-----END PUBLIC KEY-----" HMAC digest keys must
1123 be embedded between the lines "-----BEGIN HMAC KEY-----" and
1124 "-----END HMAC KEY-----", encoded in base64. Any lines before
1125 or after a PEM key definition are ignored, empty lines are ig‐
1126 nored anywhere in the file.
1127 The JSON Web Token must be the value of the HTTP "Authorization"
1129 header, using the "Bearer" authentication scheme. The JWS Header
1130 must include the "alg" and "typ" parameter. A header with any
1131 other parameter is rejected. The JWS Payload must include the
1132 "sub" claim with the Cyrus user identifier as value. It may in‐
1133 clude the "iat" claim (see http_jwt_max_age). A payload with
1134 any other claim is rejected.
1135 http_jwt_max_age: 0s
1137 Defines the timespan in which a JSON Web Token is valid (see
1138 http_jwt_key). The value must be zero or positive.
1139 If non-zero, the timespan starts at the point in time specified
1141 in the "iat" claim of the JWS Payload and ends after the dura‐
1142 tion of this option value has passed. Tokens without an "iat"
1143 claim, or with an issue date in the future, are rejected. There
1144 is no leeway for clock skew.
1145 The zero value disables validation of the "iat" JWS claim.
1147 icalendar_max_size: 0
1149 Maximum allowed iCalendar size. CalDAV and JMAP will reject
1150 storage of resources whose iCalendar representation is larger
1151 than this.
1152 If set to 0 (the default), a large internally-defined limit will
1154 be applied.
1155 If no unit is specified, bytes is assumed.
1157 idlesocket: {configdirectory}/socket/idle
1159 Unix domain socket that idled listens on.
1160 ignorereference: 0
1162 For backwards compatibility with Cyrus 1.5.10 and earlier -- ig‐
1163 nore the reference argument in LIST or LSUB commands.
1164 imapidlepoll: 60s
1166 The interval for polling for mailbox changes and ALERTs while
1167 running the IDLE command. This option is used when idled is not
1168 enabled or cannot be contacted. The minimum value is 1 second.
1169 A value of 0 will disable IDLE.
1170 For backward compatibility, if no unit is specified, seconds is
1172 assumed.
1173 imapidresponse: 1
1175 If enabled, the server responds to an ID command with a parame‐
1176 ter list containing: version, vendor, support-url, os, os-ver‐
1177 sion, command, arguments, environment. Otherwise the server re‐
1178 turns NIL.
1179 imapmagicplus: 0
1181 Only list a restricted set of mailboxes via IMAP by using
1182 userid+namespace syntax as the authentication/authorization id.
1183 Using userid+ (with an empty namespace) will list only sub‐
1184 scribed mailboxes.
1185 imipnotifier: <none>
1187 Notifyd(8) method to use for "IMIP" notifications which are
1188 based on the RFC 6047. If not set, "IMIP" notifications are
1189 disabled.
1190 implicit_owner_rights: lkxan
1192 The implicit Access Control List (ACL) for the owner of a mail‐
1193 box.
1194 @include: <none>
1196 Directive which includes the specified file as part of the con‐
1197 figuration. If the path to the file is not absolute, CYRUS_PATH
1198 is prepended.
1199 improved_mboxlist_sort: 0
1201 If enabled, a special comparator will be used which will cor‐
1202 rectly sort mailbox names that contain characters such as ' '
1203 and '-'.
1204 Note that this option SHOULD NOT be changed on a live system.
1206 The mailboxes database should be dumped (ctl_mboxlist) before
1207 the option is changed, removed, and then undumped after changing
1208 the option. When not using flat files for the subscriptions
1209 databases the same has to be done (cyr_dbtool) for each sub‐
1210 scription database See improved_mboxlist_sort.html.
1211 jmap_emailsearch_db_path: <none>
1213 The absolute path to the JMAP email search cache file. If not
1214 specified, JMAP Email/query and Email/queryChanges will not
1215 cache email search results.
1216 jmap_querycache_max_age: 0m
1218 The duration after which unused cached JMAP query results must
1219 be evicted from process memory. If non-zero, then the full re‐
1220 sult of the last query (before windowing) is stored in-memory.
1221 Subsequent queries with the same expression and query state can
1222 then page through the cached result. A zero value disables
1223 query result caching.
1224 If no unit is specified, minutes is assumed.
1226 This feature currently only is enabled for Email/query.
1228 jmap_preview_annot: <none>
1230 The name of the per-message annotation, if any, to store message
1231 previews.
1232 jmap_imagesize_annot: <none>
1234 The name of the per-message annotation, if any, that stores a
1235 JSON object, mapping message part numbers of MIME image types to
1236 an array of their image dimensions. The array must have at least
1237 two entries, where the first entry denotes the width and the
1238 second entry the height of the image. Any additional values are
1239 ignored.
1240 For example, if message part 1.2 contains an image of width 300
1242 and height 200, then the value of this annotation would be:
1243 { "1.2" : [ 300, 200 ] }
1245 jmap_inlinedcids_annot: <none>
1247 The name of the per-message annotation, if any, that stores a
1248 JSON object, mapping RFC 2392 Content-IDs referenced in HTML
1249 bodies to the respective HTML body part number.
1250 For example, if message part 1.2 contains HTML and references an
1252 inlined image at "cid:foo", then the value of this annotation
1253 would be:
1254 { "<foo>" : "1.2" }
1256 Note that the Content-ID key must be URL-unescaped and enclosed
1258 in angular brackets, as defined in RFC 2392.
1259 jmap_preview_length: 64B
1261 The maximum length of dynamically generated message previews.
1262 Previews stored in jmap_preview_annot take precedence.
1263 If no unit is specified, bytes is assumed.
1265 jmap_max_catenate_items: 100
1267 The maximum number of items that can be catenated together by a
1268 JMAP Blob/set action. Returned as the maxCatenateItems property
1269 value of the JMAP "urn:ietf:params:jmap:blob" capabilities ob‐
1270 ject. Default value is 100.
1271 jmap_max_size_upload: 1G
1273 The maximum size that the JMAP API accepts for blob uploads. Re‐
1274 turned as the maxSizeUpload property value of the JMAP "‐
1275 urn:ietf:params:jmap:core" capabilities object.
1276 For backward compatibility, if no unit is specified, kibibytes
1278 is assumed.
1279 jmap_max_size_blob_set: 4M
1281 The maximum size that the JMAP API accepts for Blob/set. Re‐
1282 turned as the maxSizeBlobSet property value of the JMAP "‐
1283 https://cyrusimap.org/ns/jmap/blob" capabilities object.
1284 For backward compatibility, if no unit is specified, kibibytes
1286 is assumed.
1287 jmap_max_concurrent_upload: 5
1289 The value to return for the maxConcurrentUpload property of the
1290 JMAP "urn:ietf:params:jmap:core" capabilities object. The Cyrus
1291 JMAP implementation does not enforce this rate-limit.
1292 jmap_max_size_request: 10M
1294 The maximum size that the JMAP API accepts for requests at the
1295 API endpoint. Returned as the maxSizeRequest property value of
1296 the JMAP "urn:ietf:params:jmap:core" capabilities object.
1297 For backward compatibility, if no unit is specified, kibibytes
1299 is assumed.
1300 jmap_max_concurrent_requests: 5
1302 The value to return for the maxConcurrentRequests property of
1303 the JMAP "urn:ietf:params:jmap:core" capabilities object. The
1304 Cyrus JMAP implementation does not enforce this rate-limit.
1305 jmap_max_calls_in_request: 50
1307 The maximum number of calls per JMAP request object. Returned
1308 as the maxCallsInRequest property value of the JMAP "‐
1309 urn:ietf:params:jmap:core" capabilities object.
1310 jmap_max_delayed_send: 512d
1312 The value to return for the maxDelayedSend property of the JMAP
1313 "urn:ietf:params:jmap:emailsubmission" capabilities object. The
1314 Cyrus JMAP implementation does not enforce this limit.
1315 For backward compatibility, if no unit is specified, seconds is
1317 assumed.
1318 jmap_max_objects_in_get: 4096
1320 The maximum number of ids that a JMAP client may request in a
1321 single "/get" type method call. The actual number of returned
1322 objects in the response may exceed this number if the JMAP ob‐
1323 ject type supports unbounded "/get" calls. Returned as the
1324 maxObjectsInGet property value of the JMAP "‐
1325 urn:ietf:params:jmap:core" capabilities object.
1326 jmap_max_objects_in_set: 4096
1328 The maximum number of objects a JMAP client may send to create,
1329 update or destroy in a single /set type method call. Returned
1330 as the maxObjectsInSet property value of the JMAP "‐
1331 urn:ietf:params:jmap:core" capabilities object.
1332 jmap_mail_max_size_attachments_per_email: 10M
1334 The value to return for the maxSizeAttachmentsPerEmail property
1335 of the JMAP "urn:ietf:params:jmap:mail" capabilities object. The
1336 Cyrus JMAP implementation does not enforce this size limit.
1337 For backward compatibility, if no unit is specified, kibibytes
1339 is assumed.
1340 jmap_nonstandard_extensions: 0
1342 If enabled, support non-standard JMAP extensions. If not en‐
1343 abled, only IETF standard JMAP functionality is supported.
1344 jmap_pushpoll: 60s
1346 The interval for polling for changes on an EventSource connec‐
1347 tion or when push has been ennabled on a WebSocket channel. The
1348 minimum value is 1 second. A value of 0 will disable push.
1349 If no unit is specified, seconds is assumed.
1351 jmap_set_has_attachment: 1
1353 If enabled, the $hasAttachment flag is determined and set for
1354 new messages created with the JMAP Email/set or Email/import
1355 methods. This option should typically be enabled, but installa‐
1356 tions using Cyrus-external message annatotors to determine the
1357 $hasAttachment flag might want to disable it.
1358 jmap_vacation: 1
1360 If enabled, support the JMAP vacation extension
1361 jmapuploadfolder: #jmap
1363 the name of the folder for JMAP uploads (#jmap)
1364 jmapsubmission_deleteonsend: 1
1366 If enabled (the default) then delete the EmailSubmission as soon
1367 as the email * has been sent
1368 jmapsubmissionfolder: #jmapsubmission
1370 the name of the folder for JMAP Submissions (#jmapsubmission)
1371 jmappushsubscriptionfolder: #jmappushsubscription
1373 the name of the folder for JMAP Push Subscriptions (#jmappush‐
1374 subscription)
1375 jmapnotificationfolder: #jmapnotification
1377 the name of the folder for JMAP notifications (#jmapnotifica‐
1378 tion)
1379 iolog: 0
1381 Should cyrus output I/O log entries
1382 ldap_authz: <none>
1384 SASL authorization ID for the LDAP server
1385 ldap_base: <empty string>
1387 Contains the LDAP base dn for the LDAP ptloader module
1388 ldap_bind_dn: <none>
1390 Bind DN for the connection to the LDAP server (simple bind). Do
1391 not use for anonymous simple binds
1392 ldap_deref: never
1394 Specify how aliases dereferencing is handled during search.
1395 Allowed values: search, find, always, never
1397 ldap_domain_base_dn: <empty string>
1399 Base DN to search for domain name spaces.
1400 ldap_domain_filter: (&(objectclass=domainrelatedobject)(associated‐
1402 domain=%s))
1403 Filter to use searching for domains
1404 ldap_domain_name_attribute: associateddomain
1406 The attribute name for domains.
1407 ldap_domain_scope: sub
1409 Search scope
1410 Allowed values: sub, one, base
1412 ldap_domain_result_attribute: inetdomainbasedn
1414 Result attribute
1415 ldap_filter: (uid=%u)
1417 Specify a filter that searches user identifiers. The following
1418 tokens can be used in the filter string:
1419 %% = % %u = user %U = user portion of %u (%U = test when
1421 %u = test@domain.tld) %d = domain portion of %u if available
1422 (%d = domain.tld when %u = test@domain.tld), otherwise same as
1423 %R %R = domain portion of %u starting with @ (%R = @domain.tld
1424 when %u = test@domain.tld) %D = user dn. (use when ldap_mem‐
1425 ber_method: filter) %1-9 = domain tokens (%1 = tld, %2 = domain
1426 when %d = domain.tld)
1427 ldap_filter is not used when ldap_sasl is enabled.
1429 ldap_group_base: <empty string>
1431 LDAP base dn for ldap_group_filter.
1432 ldap_group_filter: (cn=%u)
1434 Specify a filter that searches for group identifiers. See
1435 ldap_filter for more options.
1436 ldap_group_scope: sub
1438 Specify search scope for ldap_group_filter.
1439 Allowed values: sub, one, base
1441 ldap_id: <none>
1443 SASL authentication ID for the LDAP server
1444 ldap_mech: <none>
1446 SASL mechanism for LDAP authentication
1447 ldap_user_attribute: <none>
1449 Specify LDAP attribute to use as canonical user id
1450 ldap_member_attribute: <none>
1452 See ldap_member_method.
1453 ldap_member_base: <empty string>
1455 LDAP base dn for ldap_member_filter.
1456 ldap_member_filter: (member=%D)
1458 Specify a filter for "ldap_member_method: filter". See
1459 ldap_filter for more options.
1460 ldap_member_method: attribute
1462 Specify a group method. The "attribute" method retrieves groups
1463 from a multi-valued attribute specified in ldap_member_attri‐
1464 bute.
1465 The "filter" method uses a filter, specified by ldap_member_fil‐
1467 ter, to find groups; ldap_member_attribute is a single-value at‐
1468 tribute group name. Allowed values: attribute, filter
1469 ldap_member_scope: sub
1471 Specify search scope for ldap_member_filter.
1472 Allowed values: sub, one, base
1474 ldap_password: <none>
1476 Password for the connection to the LDAP server (SASL and simple
1477 bind). Do not use for anonymous simple binds
1478 ldap_realm: <none>
1480 SASL realm for LDAP authentication
1481 ldap_referrals: 0
1483 Specify whether or not the client should follow referrals.
1484 ldap_restart: 1
1486 Specify whether or not LDAP I/O operations are automatically
1487 restarted if they abort prematurely.
1488 ldap_sasl: 1
1490 Use SASL for LDAP binds in the LDAP PTS module.
1491 ldap_sasl_authc: <none>
1493 Deprecated. Use ldap_id
1494 ldap_sasl_authz: <none>
1496 Deprecated. Use ldap_authz
1497 ldap_sasl_mech: <none>
1499 Deprecated. Use ldap_mech
1500 ldap_sasl_password: <none>
1502 Deprecated. User ldap_password
1503 ldap_sasl_realm: <none>
1505 Deprecated. Use ldap_realm
1506 ldap_scope: sub
1508 Specify search scope.
1509 Allowed values: sub, one, base
1511 ldap_servers: ldap://localhost/
1513 Deprecated. Use ldap_uri
1514 ldap_size_limit: 1
1516 Specify a number of entries for a search request to return.
1517 ldap_start_tls: 0
1519 Use transport layer security for ldap:// using STARTTLS. Do not
1520 use ldaps:// in 'ldap_uri' with this option enabled.
1521 ldap_time_limit: 5s
1523 How long to wait for a search request to complete.
1524 For backward compatibility, if no unit is specified, seconds is
1526 assumed.
1527 ldap_timeout: 5s
1529 How long a search can take before timing out.
1530 For backward compatibility, if no unit is specified, seconds is
1532 assumed.
1533 ldap_ca_dir: <none>
1535 Path to a directory with CA (Certificate Authority) certifi‐
1536 cates.
1537 ldap_ca_file: <none>
1539 Path to a file containing CA (Certificate Authority) certifi‐
1540 cate(s).
1541 ldap_ciphers: <none>
1543 List of SSL/TLS ciphers to allow. The format of the string is
1544 described in ciphers(1).
1545 ldap_client_cert: <none>
1547 File containing the client certificate.
1548 ldap_client_key: <none>
1550 File containing the private client key.
1551 ldap_verify_peer: 0
1553 Require and verify server certificate. If this option is yes,
1554 you must specify ldap_ca_file or ldap_ca_dir.
1555 ldap_tls_cacert_dir: <none>
1557 Deprecated in favor of ldap_ca_dir.
1558 ldap_tls_cacert_file: <none>
1560 Deprecated in favor of ldap_ca_file.
1561 ldap_tls_cert: <none>
1563 Deprecated in favor of ldap_client_cert.
1564 ldap_tls_key: <none>
1566 Deprecated in favor of ldap_client_key.
1567 ldap_tls_check_peer: 0
1569 Deprecated in favor of ldap_verify_peer.
1570 ldap_tls_ciphers: <none>
1572 Deprecated in favor of ldap_ciphers.
1573 ldap_uri: <none>
1575 Contains a list of the URLs of all the LDAP servers when using
1576 the LDAP PTS module.
1577 ldap_version: 3
1579 Specify the LDAP protocol version. If ldap_start_tls and/or
1580 ldap_use_sasl are enabled, ldap_version will be automatically
1581 set to 3.
1582 literalminus: 0
1584 if enabled, CAPABILITIES will reply with LITERAL- rather than
1585 LITERAL+ (RFC 7888). Doesn't actually size-restrict uploads
1586 though
1587 lmtp_downcase_rcpt: 1
1589 If enabled, lmtpd will convert the recipient addresses to lower‐
1590 case (up to a '+' character, if present).
1591 lmtp_exclude_specialuse: \Snoozed
1593 Don't allow delivery to folders with given special-use at‐
1594 tributes.
1595 Note that "snoozing" of emails can currently only be done via
1597 the JMAP protocol, so delivery directly to the Snoozed mailbox
1598 is prohibited by default as it will not be moved back into INBOX
1599 automatically.
1600 lmtp_fuzzy_mailbox_match: 0
1602 If enabled, and the mailbox specified in the detail part of the
1603 recipient (everything after the '+') does not exist, lmtpd will
1604 try to find the closest match (ignoring case, ignoring white‐
1605 space, falling back to parent) to the specified mailbox name.
1606 lmtp_over_quota_perm_failure: 0
1608 If enabled, lmtpd returns a permanent failure code when a user's
1609 mailbox is over quota. By default, the failure is temporary,
1610 causing the MTA to queue the message and retry later.
1611 lmtp_preparse: 0
1613 If enabled, lmtpd will map in the email and parse the xapian
1614 data for jmapsearch. The advantage is that the parsing is done
1615 without holding any locks. The disadvantage is that the parsing
1616 is done even if it winds up not being needed.
1617 lmtp_strict_quota: 0
1619 If enabled, lmtpd returns a failure code when the incoming mes‐
1620 sage will cause the user's mailbox to exceed its quota. By de‐
1621 fault, the failure won't occur until the mailbox is already over
1622 quota.
1623 lmtp_strict_rfc2821: 1
1625 By default, lmtpd will be strict (per RFC 2821) with regards to
1626 which envelope addresses are allowed. If this option is set to
1627 false, 8bit characters in the local-part of envelope addresses
1628 are changed to 'X' instead. This is useful to avoid generating
1629 backscatter with certain MTAs like Postfix or Exim which accept
1630 such messages.
1631 lmtpsocket: {configdirectory}/socket/lmtp
1633 Unix domain socket that lmtpd listens on, used by deliver(8).
1634 This should match the path specified in cyrus.conf(5).
1635 lmtptxn_timeout: 5m
1637 Timeout used during a lmtp transaction to a remote backend (e.g.
1638 in a murder environment). Can be used to prevent hung lmtpds on
1639 proxy hosts when a backend server becomes unresponsive during a
1640 lmtp transaction. The default is 5 minutes - change to zero for
1641 infinite.
1642 For backward compatibility, if no unit is specified, seconds is
1644 assumed.
1645 lock_debugtime: <none>
1647 A floating point number of seconds. If set, time how long we
1648 wait for any lock, and syslog the filename and time if it's
1649 longer than this value. The default of NULL means not to time
1650 locks.
1651 loginrealms: <empty string>
1653 The list of remote realms whose users may authenticate using
1654 cross-realm authentication identifiers. Separate each realm
1655 name by a space. (A cross-realm identity is considered any
1656 identity returned by SASL with an "@" in it.).
1657 loginuseacl: 0
1659 If enabled, any authentication identity which has a rights on a
1660 user's INBOX may log in as that user.
1661 logtimestamps: 0
1663 Include notations in the protocol telemetry logs indicating the
1664 number of seconds since the last command or response.
1665 mailbox_default_options: 0
1667 Default "options" field for the mailbox on create. You'll want
1668 to know what you're doing before setting this, but it can apply
1669 some default annotations like duplicate suppression
1670 mailbox_initial_flags: <none>
1672 space-separated list of permanent flags which will be pre-set in
1673 every newly created mailbox. If you know you will require par‐
1674 ticular flag names then this avoids a possible race condition
1675 against a client that fills the entire 128 available slots. De‐
1676 fault is NULL, which is no flags. Example: $Label1 $Label2 $La‐
1677 bel3 NotSpam Spam
1678 mailbox_legacy_dirs: 0
1680 if enabled, new mailboxes without parents will be created with
1681 legacy paths. sub mailboxes of users will still inherit the
1682 parent legacy setting
1683 mailbox_maxmessages_addressbook: 0
1685 Limit the number of messages that may exist in a single mailbox
1686 of "addressbook" type. Default (0) means no limit. This limit
1687 applies after quotas are checked, so if you have both quota lim‐
1688 its and this set, then you will be denied if you are either over
1689 quota or over this per-mailbox count.
1690 mailbox_maxmessages_calendar: 0
1692 Limit the number of messages that may exist in a single mailbox
1693 of "calendar" type. Default (0) means no limit. This limit ap‐
1694 plies after quotas are checked, so if you have both quota limits
1695 and this set, then you will be denied if you are either over
1696 quota or over this per-mailbox count.
1697 mailbox_maxmessages_email: 0
1699 Limit the number of messages that may exist in a single mailbox
1700 of "email" (normal) type. Default (0) means no limit. This
1701 limit applies after quotas are checked, so if you have both
1702 quota limits and this set, then you will be denied if you are
1703 either over quota or over this per-mailbox count.
1704 mailnotifier: <none>
1706 Notifyd(8) method to use for "MAIL" notifications. If not set,
1707 "MAIL" notifications are disabled.
1708 master_bind_errors_fatal: 0
1710 If enabled, failure to bind a port during startup is treated as
1711 a fatal error, causing master to shut down immediately. The de‐
1712 fault is to keep running, with the affected service disabled un‐
1713 til the next SIGHUP causes it to retry.
1714 Note that this only applies during startup. New services that
1716 fail to come up in response to a reconfig+SIGHUP will just be
1717 logged and disabled like the default behaviour, without causing
1718 master to exit.
1719 maxheaderlines: 1000
1721 Maximum number of lines of header that will be processed into
1722 cache records. Default 1000. If set to zero, it is unlimited.
1723 If a message hits the limit, an error will be logged and the
1724 rest of the lines in the header will be skipped. This is to
1725 avoid malformed messages causing giant cache records
1726 maxlogins_per_host: 0
1728 Maximum number of logged in sessions allowed per host, zero
1729 means no limit
1730 maxlogins_per_user: 0
1732 Maximum number of logged in sessions allowed per user, zero
1733 means no limit
1734 maxmessagesize: 0
1736 Maximum size of messages that will be accepted by Cyrus. This
1737 affects LMTP deliveries, IMAP appends, DAV uploads, etc. Mes‐
1738 sages larger than this will be rejected.
1739 If set to 0 (the default), a large internally-defined limit will
1741 be applied.
1742 If no unit is specified, bytes is assumed.
1744 maxquoted: 128K
1746 Maximum size of a single quoted string for the parser.
1747 If no unit is specified, bytes is assumed.
1749 maxword: 128K
1751 Maximum size of a single word for the parser.
1752 If no unit is specified, bytes is assumed.
1754 mboxkey_db: twoskip
1756 The cyrusdb backend to use for mailbox keys.
1757 Allowed values: skiplist, twoskip, zeroskip
1759 mboxlist_db: twoskip
1761 The cyrusdb backend to use for the mailbox list.
1762 Allowed values: flat, skiplist, sql, twoskip, zeroskip
1764 mboxlist_db_path: <none>
1766 The absolute path to the mailboxes db file. If not specified
1767 will be configdirectory/mailboxes.db
1768 mboxname_lockpath: <none>
1770 Path to mailbox name lock files (default $conf/lock)
1771 metapartition_files: <empty string>
1773 Space-separated list of metadata files to be stored on a meta‐
1774 partition rather than in the mailbox directory on a spool parti‐
1775 tion. Allowed values: header, index, cache, expunge, squat, an‐
1776 notations, lock, dav, archivecache
1777 metapartition-name: <none>
1779 The pathname of the metadata partition name, corresponding to
1780 spool partition partition-name. For any mailbox residing in a
1781 directory on partition-name, the metadata files listed in meta‐
1782 partition_files will be stored in a corresponding directory on
1783 metapartition-name. Note that not every partition-name option
1784 is required to have a corresponding metapartition-name option,
1785 so that you can selectively choose which spool partitions will
1786 have separate metadata partitions.
1787 mupdate_authname: <none>
1789 The SASL username (Authentication Name) to use when authenticat‐
1790 ing to the mupdate server (if needed).
1791 mupdate_config: standard
1793 The configuration of the mupdate servers in the Cyrus Murder.
1794 The "standard" config is one in which there are discreet front‐
1795 end (proxy) and backend servers. The "unified" config is one in
1796 which a server can be both a frontend and backend. The "repli‐
1797 cated" config is one in which multiple backend servers all share
1798 the same mailspool, but each have their own "replicated" copy of
1799 mailboxes.db. Allowed values: standard, unified, replicated
1800 munge8bit: 1
1802 If enabled, lmtpd munges messages with 8-bit characters in the
1803 headers. The 8-bit characters are changed to `X'. If re‐
1804 ject8bit is enabled, setting munge8bit has no effect. (A proper
1805 solution to non-ASCII characters in headers is offered by RFC
1806 2047 and its predecessors.)
1807 mupdate_connections_max: 128
1809 The max number of connections that a mupdate process will allow,
1810 this is related to the number of file descriptors in the mupdate
1811 process. Beyond this number connections will be immediately is‐
1812 sued a BYE response.
1813 mupdate_password: <none>
1815 The SASL password (if needed) to use when authenticating to the
1816 mupdate server.
1817 mupdate_port: 3905
1819 The port of the mupdate server for the Cyrus Murder
1820 mupdate_realm: <none>
1822 The SASL realm (if needed) to use when authenticating to the
1823 mupdate server.
1824 mupdate_retry_delay: 20
1826 The base time to wait between connection retries to the mupdate
1827 server.
1828 mupdate_server: <none>
1830 The mupdate server for the Cyrus Murder
1831 mupdate_username: <empty string>
1833 The SASL username (Authorization Name) to use when authenticat‐
1834 ing to the mupdate server
1835 mupdate_workers_max: 50
1837 The maximum number of mupdate worker threads (overall)
1838 mupdate_workers_maxspare: 10
1840 The maximum number of idle mupdate worker threads
1841 mupdate_workers_minspare: 2
1843 The minimum number of idle mupdate worker threads
1844 mupdate_workers_start: 5
1846 The number of mupdate worker threads to start
1847 netscapeurl: <none>
1849 If enabled at compile time, this specifies a URL to reply when
1850 Netscape asks the server where the mail administration HTTP
1851 server is. Administrators should set this to a local resource.
1852 newsaddheaders: to
1854 Space-separated list of headers to be added to incoming usenet
1855 articles. Added To: headers will contain email delivery ad‐
1856 dresses corresponding to each newsgroup in the Newsgroups:
1857 header. Added Reply-To: headers will contain email delivery ad‐
1858 dresses corresponding to each newsgroup in the Followup-To: or
1859 Newsgroups: header. If the specified header(s) already exist in
1860 an article, the email delivery addresses will be appended to the
1861 original header body(s).
1862 This option applies if and only if the newspostuser option is
1864 set. Allowed values: to, replyto
1865 newsgroups: *
1867 A wildmat pattern specifying which mailbox hierarchies should be
1868 treated as newsgroups. Only mailboxes matching the wildmat will
1869 accept and/or serve articles via NNTP. If not set, a default
1870 wildmat of "*" (ALL shared mailboxes) will be used. If the
1871 newsprefix option is also set, the default wildmat will be
1872 translated to "<newsprefix>.*"
1873 newsmaster: news
1875 Userid that is used for checking access controls when executing
1876 Usenet control messages. For instance, to allow articles to be
1877 automatically deleted by cancel messages, give the "news" user
1878 the 'd' right on the desired mailboxes. To allow newsgroups to
1879 be automatically created, deleted and renamed by the correspond‐
1880 ing control messages, give the "news" user the 'c' right on the
1881 desired mailbox hierarchies.
1882 newspeer: <none>
1884 A list of whitespace-separated news server specifications to
1885 which articles should be fed. Each server specification is a
1886 string of the form [user[:pass]@]host[:port][/wildmat] where
1887 'host' is the fully qualified hostname of the server, 'port' is
1888 the port on which the server is listening, 'user' and 'pass' are
1889 the authentication credentials and 'wildmat' is a pattern that
1890 specifies which groups should be fed. If no 'port' is speci‐
1891 fied, port 119 is used. If no 'wildmat' is specified, all
1892 groups are fed. If 'user' is specified (even if empty), then
1893 the NNTP POST command will be used to feed the article to the
1894 server, otherwise the IHAVE command will be used.
1895 A '@' may be used in place of '!' in the wildmat to prevent
1897 feeding articles cross-posted to the given group, otherwise
1898 cross-posted articles are fed if any part of the wildmat
1899 matches. For example, the string "peer.example.com:*,!con‐
1900 trol.*,@local.*" would feed all groups except control messages
1901 and local groups to peer.example.com. In the case of
1902 cross-posting to local groups, these articles would not be fed.
1903 newspostuser: <none>
1905 Userid used to deliver usenet articles to newsgroup folders
1906 (usually via lmtp2nntp). For example, if set to "post", email
1907 sent to "post+comp.mail.imap" would be delivered to the
1908 "comp.mail.imap" folder.
1909 When set, the Cyrus NNTP server will add the header(s) specified
1911 in the newsaddheaders option to each incoming usenet article.
1912 The added header(s) will contain email delivery addresses corre‐
1913 sponding to each relevant newsgroup. If not set, no headers are
1914 added to usenet articles.
1915 newsprefix: <none>
1917 Prefix to be prepended to newsgroup names to make the corre‐
1918 sponding IMAP mailbox names.
1919 newsrc_db_path: <none>
1921 The absolute path to the newsrc db file. If not specified, will
1922 be configdirectory/fetchnews.db
1923 nntptimeout: 3m
1925 Set the length of the NNTP server's inactivity autologout timer.
1926 The minimum value is 3 minutes, also the default.
1927 For backward compatibility, if no unit is specified, minutes is
1929 assumed.
1930 notesmailbox: <none>
1932 The top level mailbox in each user's account which is used to
1933 store * Apple-style Notes. Default is blank (disabled)
1934 notifysocket: {configdirectory}/socket/notify
1936 Unix domain socket that the mail notification daemon listens on.
1937 notify_external: <none>
1939 Path to the external program that notifyd(8) will call to send
1940 mail notifications.
1941 The external program will be called with the following command
1943 line options:
1944 -c class
1946 -p priority
1948 -u user
1950 -m mailbox
1952 And the notification message will be available on stdin.
1954 partition-name: <none>
1956 The pathname of the partition name. At least one partition
1957 pathname MUST be specified. If the defaultpartition option is
1958 used, then its pathname MUST be specified. For example, if the
1959 value of the defaultpartion option is part1, then the parti‐
1960 tion-part1 field is required.
1961 partition_select_mode: freespace-most
1963 Partition selection mode.
1964 random (pseudo-)random selection
1966 freespace-most
1968 partition with the most free space (KiB)
1969 freespace-percent-most
1971 partition with the most free space (%)
1972 freespace-percent-weighted
1974 each partition is weighted according to its free space
1975 (%); the more free space the partition has, the more
1976 chances it has to be selected
1977 freespace-percent-weighted-delta
1979 each partition is weighted according to its difference of
1980 free space (%) compared to the most used partition; the
1981 more the partition is lagging behind the most used parti‐
1982 tion, the more chances it has to be selected
1983 Note that actually even the most used partition has a few
1985 chances to be selected, and those chances increase when
1986 other partitions get closer
1987 Allowed values: random, freespace-most, freespace-per‐
1989 cent-most, freespace-percent-weighted, freespace-per‐
1990 cent-weighted-delta
1991 partition_select_exclude: <none>
1993 List of partitions to exclude from selection mode.
1994 partition_select_usage_reinit: 0
1996 For a given session, number of operations (e.g. partition selec‐
1997 tion) for which partitions usage data are cached.
1998 partition_select_soft_usage_limit: 0
2000 Limit of partition usage (%): if a partition is over that limit,
2001 it is automatically excluded from selection mode.
2002 If all partitions are over that limit, this feature is not used
2004 anymore.
2005 plaintextloginpause: <none>
2007 Time to pause after a successful plaintext login. For systems
2008 that support strong authentication, this permits users to per‐
2009 ceive a cost of using plaintext passwords. (This does not af‐
2010 fect the use of PLAIN in SASL authentications.)
2011 For backward compatibility, if no unit is specified, seconds is
2013 assumed.
2014 plaintextloginalert: <none>
2016 Message to send to client after a successful plaintext login.
2017 popexpiretime: -1
2019 The duration advertised as being the minimum a message may be
2020 left on the POP server before it is deleted (via the CAPA com‐
2021 mand, defined in the POP3 Extension Mechanism, which some
2022 clients may support). This duration has a granularity of whole
2023 days, with partial days truncated (so e.g. "45m" is effectively
2024 "0d"). "NEVER", the default, may be specified with a negative
2025 number.
2026 The Cyrus POP3 server never deletes mail, no matter what the
2028 value of this parameter is. However, if a site implements a
2029 less liberal policy, it needs to change this parameter accord‐
2030 ingly.
2031 For backward compatibility, if no unit is specified, days is as‐
2033 sumed.
2034 popminpoll: <none>
2036 Set the minimum amount of time the server forces users to wait
2037 between successive POP logins.
2038 For backward compatibility, if no unit is specified, minutes is
2040 assumed.
2041 popsubfolders: 0
2043 Allow access to subfolders of INBOX via POP3 by using
2044 userid+subfolder syntax as the authentication/authorization id.
2045 poppollpadding: 1
2047 Create a softer minimum poll restriction. Allows poppollpadding
2048 connections before the minpoll restriction is triggered. Addi‐
2049 tionally, one padding entry is recovered every popminpoll min‐
2050 utes. This allows for the occasional polling rate faster than
2051 popminpoll, (i.e., for clients that require a send/receive to
2052 send mail) but still enforces the rate long-term. Default is 1
2053 (disabled).
2054 The easiest way to think of it is a queue of past connections,
2056 with one slot being filled for every connection, and one slot
2057 being cleared every popminpoll minutes. When the queue is full,
2058 the user will not be able to check mail again until a slot is
2059 cleared. If the user waits a sufficient amount of time, they
2060 will get back many or all of the slots.
2061 poptimeout: 10m
2063 Set the length of the POP server's inactivity autologout timer.
2064 The minimum value is 10 minutes, the default.
2065 For backward compatibility, if no unit is specified, minutes is
2067 assumed.
2068 popuseacl: 0
2070 Enforce IMAP ACLs in the pop server. Due to the nature of the
2071 POP3 protocol, the only rights which are used by the pop server
2072 are 'r', 't', and 's' for the owner of the mailbox. The 'r'
2073 right allows the user to open the mailbox and list/retrieve mes‐
2074 sages. The 't' right allows the user to delete messages. The
2075 's' right allows messages retrieved by the user to have the
2076 \Seen flag set (only if popuseimapflags is also enabled).
2077 popuseimapflags: 0
2079 If enabled, the pop server will set and obey IMAP flags. Mes‐
2080 sages having the \Deleted flag are ignored as if they do not ex‐
2081 ist. Messages that are retrieved by the client will have the
2082 \Seen flag set. All messages will have the \Recent flag unset.
2083 postmaster: postmaster
2085 Username that is used as the 'From' address in rejection MDNs
2086 produced by sieve.
2087 postuser: <empty string>
2089 Userid used to deliver messages to shared folders. For example,
2090 if set to "bb", email sent to "bb+shared.blah" would be deliv‐
2091 ered to the "shared.blah" folder. By default, an email address
2092 of "+shared.blah" would be used.
2093 proc_path: <none>
2095 Path to proc directory. Default is NULL - must be an absolute
2096 path if specified. If not specified, the path $configdirec‐
2097 tory/proc/ will be used.
2098 prometheus_enabled: 0
2100 Whether tracking of service metrics for Prometheus is enabled.
2101 prometheus_need_auth: admin
2103 Authentication level required to fetch Prometheus metrics.
2104 Allowed values: none, user, admin
2106 prometheus_update_freq: 10s
2108 Frequency in at which promstatsd should re-collate its statis‐
2109 tics report. The minimum value is 1 second, the default is 10
2110 seconds.
2111 For backward compatibility, if no unit is specified, seconds is
2113 assumed.
2114 prometheus_stats_dir: <none>
2116 Directory to use for gathering prometheus statistics. If speci‐
2117 fied, must be an absolute path. If not specified, the default
2118 path $configdirectory/stats/ will be used. It may be advanta‐
2119 geous to locate this directory on ephemeral storage.
2120 proxy_authname: proxy
2122 The authentication name to use when authenticating to a backend
2123 server in the Cyrus Murder.
2124 proxy_compress: 0
2126 Try to enable protocol-specific compression when performing a
2127 client connection to a backend server in the Cyrus Murder.
2128 Note that this should only be necessary over slow network con‐
2130 nections. Also note that currently only IMAP and MUPDATE sup‐
2131 port compression.
2132 proxy_password: <none>
2134 The default password to use when authenticating to a backend
2135 server in the Cyrus Murder. May be overridden on a host-spe‐
2136 cific basis using the hostname_password option.
2137 proxy_realm: <none>
2139 The authentication realm to use when authenticating to a backend
2140 server in the Cyrus Murder
2141 proxyd_allow_status_referral: 0
2143 Set to true to allow proxyd to issue referrals to clients that
2144 support it when answering the STATUS command. This is disabled
2145 by default since some clients issue many STATUS commands in a
2146 row, and do not cache the connections that these referrals would
2147 cause, thus resulting in a higher authentication load on the re‐
2148 spective backend server.
2149 proxyd_disable_mailbox_referrals: 0
2151 Set to true to disable the use of mailbox-referrals on the proxy
2152 servers.
2153 proxyservers: <none>
2155 A list of users and groups that are allowed to proxy for other
2156 users, separated by spaces. Any user listed in this will be al‐
2157 lowed to login for any other user: use with caution. In a stan‐
2158 dard murder this option should ONLY be set on backends. DO NOT
2159 SET on frontends or things won't work properly.
2160 pts_module: afskrb
2162 The PTS module to use.
2163 Allowed values: afskrb, ldap, http
2165 ptloader_sock: <none>
2167 Unix domain socket that ptloader listens on. (defaults to con‐
2168 figdirectory/ptclient/ptsock)
2169 ptscache_db: twoskip
2171 The cyrusdb backend to use for the pts cache.
2172 Allowed values: skiplist, twoskip, zeroskip
2174 ptscache_db_path: <none>
2176 The absolute path to the ptscache db file. If not specified,
2177 will be configdirectory/ptscache.db
2178 ptscache_timeout: 3h
2180 The timeout for the PTS cache database when using the
2181 auth_krb_pts authorization method (default: 3 hours).
2182 For backward compatibility, if no unit is specified, seconds is
2184 assumed.
2185 ptskrb5_convert524: 1
2187 When using the AFSKRB ptloader module with Kerberos 5 canonical‐
2188 ization, do the final 524 conversion to get a n AFS style name
2189 (using '.' instead of '/', and using short names
2190 ptskrb5_strip_default_realm: 1
2192 When using the AFSKRB ptloader module with Kerberos 5 canonical‐
2193 ization, strip the default realm from the userid (this does not
2194 affect the stripping of realms specified by the afspts_local‐
2195 realms option)
2196 qosmarking: cs0
2198 This specifies the Class Selector or Differentiated Services
2199 Code Point designation on IP headers (in the ToS field). Al‐
2200 lowed values: cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11,
2201 af12, af13, af21, af22, af23, af31, af32, af33, af41, af42,
2202 af43, ef
2203 quota_db: quotalegacy
2205 The cyrusdb backend to use for quotas.
2206 Allowed values: flat, skiplist, sql, quotalegacy, twoskip, ze‐
2208 roskip
2209 quota_db_path: <none>
2211 The absolute path for the quota database (if you choose a sin‐
2212 gle-file quota DB type - or the base path if you choose quotale‐
2213 gacy). If not specified will be configdirectory/quotas.db or
2214 configdirectory/quota/
2215 quota_use_conversations: 0
2217 If conversations it enabled and quotaroot is a user folder, use
2218 the conversations quota counts, which count multiple copies of
2219 exactly the same message (by GUID) as only one
2220 quotawarn: 90
2222 Deprecated in favour of quotawarnpercent.
2223 quotawarnpercent: 90
2225 The percent of quota utilization over which the server generates
2226 warnings.
2227 quotawarnkb: <none>
2229 Deprecated in favour of quotawarnsize.
2230 quotawarnsize: 0
2232 The maximum amount of free space at which to give a quota warn‐
2233 ing (if this value is 0, or if the quota is smaller than this
2234 amount, then warnings are always given).
2235 Note that quota has kibibyte granularity. Values specified here
2237 will be truncated to the nearest whole kibibyte.
2238 For backward compatibility, if no unit is specified, kibibytes
2240 is assumed.
2241 quotawarnmsg: 0
2243 The maximum amount of messages at which to give a quota warning
2244 (if this value is 0, or if the quota is smaller than this
2245 amount, then warnings are always given).
2246 readonly: 0
2248 If enabled, all IMAP, POP and JMAP connections are read-only, *
2249 no writes allowed
2250 reject8bit: 0
2252 If enabled, lmtpd rejects messages with 8-bit characters in the
2253 headers.
2254 restore_authname: <none>
2256 The authentication used by the restore tool when authenticating
2257 to an IMAP/sync server.
2258 restore_password: <none>
2260 The password used by the restore tool when authenticating to an
2261 IMAP/sync server.
2262 restore_realm: <none>
2264 The authentication realm used by the restore tool when authenti‐
2265 cating to an IMAP/sync server.
2266 reverseacls: 0
2268 At startup time, ctl_cyrusdb -r will check this value and it
2269 will either add or remove reverse ACL pointers from mailboxes.db
2270 reverseuniqueids: 1
2272 Deprecated. No longer used
2273 rfc2046_strict: 0
2275 If enabled, imapd will be strict (per RFC 2046) when matching
2276 MIME boundary strings. This means that boundaries containing
2277 other boundaries as substrings will be treated as identical.
2278 Since enabling this option will break some messages created by
2279 Eudora 5.1 (and earlier), it is recommended that it be left dis‐
2280 abled unless there is good reason to do otherwise.
2281 rfc2047_utf8: 0
2283 If enabled, imapd will parse any non-encoded character sequence
2284 in MIME header values as UTF8. This is useful for installations
2285 that either advertise the UTF8SMTP (RFC 5335) extension or re‐
2286 ceive mails with improperly escaped UTF-8 byte sequences. It is
2287 recommended that this option is left disabled unless there is
2288 good reason to do otherwise.
2289 rfc3028_strict: 1
2291 If enabled, Sieve will be strict (per RFC 3028) with regards to
2292 which headers are allowed to be used in address and envelope
2293 tests. This means that only those headers which are defined to
2294 contain addresses will be allowed in address tests and only "to"
2295 and "from" will be allowed in envelope tests. When disabled,
2296 ANY grammatically correct header will be allowed.
2297 rss_feedlist_template: <none>
2299 File containing HTML that will be used as a template for dis‐
2300 playing the list of available RSS feeds. A single instance of
2301 the variable %RSS_FEEDLIST% should appear in the file, which
2302 will be replaced by a nested unordered list of feeds. The
2303 toplevel unordered list will be tagged with an id of "feed" (<ul
2304 id='feed'>) which can be used by stylesheet(s) in your template.
2305 The dynamically created list of feeds based on the HTML template
2306 will be accessible at the "/rss" URL on the server.
2307 rss_feeds: *
2309 A wildmat pattern specifying which mailbox hierarchies should be
2310 treated as RSS feeds. Only mailboxes matching the wildmat will
2311 have their messages available via RSS. If not set, a default
2312 wildmat of "*" (ALL mailboxes) will be used.
2313 rss_maxage: <none>
2315 Maximum age of items to display in an RSS channel. If non-zero,
2316 httpd will only display items received within this time period.
2317 If set to 0, all available items will be displayed (the de‐
2318 fault).
2319 For backward compatibility, if no unit is specified, days is as‐
2321 sumed.
2322 rss_maxitems: 0
2324 Maximum number of items to display in an RSS channel. If
2325 non-zero, httpd will display no more than the rss_maxitems most
2326 recent items. If set to 0, all available items will be dis‐
2327 played (the default).
2328 rss_maxsynopsis: 0
2330 Maximum RSS item synopsis length. If non-zero, httpd will dis‐
2331 play no more than the first rss_maxsynopsis characters of an
2332 item's synopsis. If set to 0, the entire synopsis will be dis‐
2333 played (the default).
2334 rss_realm: <none>
2336 The realm to present for HTTP authentication of RSS feeds. If
2337 not set (the default), the value of the "servername" option will
2338 be used.
2339 sasl_auto_transition: 0
2341 If enabled, the SASL library will automatically create authenti‐
2342 cation secrets when given a plaintext password. See the SASL
2343 documentation.
2344 sasl_maximum_layer: 256
2346 Maximum SSF (security strength factor) that the server will al‐
2347 low a client to negotiate.
2348 sasl_minimum_layer: 0
2350 The minimum SSF that the server will allow a client to negoti‐
2351 ate. A value of 1 requires integrity protection; any higher
2352 value requires some amount of encryption.
2353 sasl_option: 0
2355 Any SASL option can be set by preceding it with sasl_. This
2356 file overrides the SASL configuration file.
2357 sasl_pwcheck_method: <none>
2359 The mechanism used by the server to verify plaintext passwords.
2360 Possible values include "auxprop", "saslauthd", and "pwcheck".
2361 search_batchsize: 20
2363 The number of messages to be indexed in one batch (default 20).
2364 Note that long batches may delay user commands or mail delivery.
2365 search_attachment_extractor_url: <none>
2367 A HTTP or HTTPS URL to extract search text from rich text at‐
2368 tachments and other media during search indexing. The server at
2369 this URL must implement the following protocol:
2370 1. For each attachment of an email, Cyrus sends a GET request to
2372 the URL <extractor-url>/<cyrus-id>, where <extractor-url> is the
2373 configured URL and <cyrus-id> is a Cyrus-chosen path segment
2374 that uniquely identifies this attachment.
2375 2. If the extractor already has a cached plain text extract of
2377 the attachment identified by <cyrus-id> then it may return HTTP
2378 status code 200 (OK) and the plain text extract with a Con‐
2379 tent-Type "text/plain" header. Otherwise it must return HTTP
2380 status 404 (Not Found).
2381 3. If Cyrus receives the HTTP status code 404 (Not Found), then
2383 it sends a PUT request to the same URL as previously. The PUT
2384 request body contains the decoded, binary body of the attach‐
2385 ment. The Content-Type request header has the same value as de‐
2386 clared in the MIME part headers, including any type parameters.
2387 4. The extractor must return the plain text extract with either
2389 HTTP status 200 (OK) or 201 (Created) and a Content-Type
2390 "text/plain" header. If no text can be extracted, then the ex‐
2391 tractor may return any return code in the range 4xx, or 200 and
2392 an empty response body.
2393 Any other HTTP status code is treated as an error. For perfor‐
2395 mance reasons, the Cyrus indexer attempts to keep-alive the TCP
2396 connection to the extractor. Xapian only.
2397 search_index_language: 0
2399 If enabled, then messages bodies are stemmed by detected lan‐
2400 guage in addition to the default English stemmer. Xapian only.
2401 search_index_parts: 0
2403 Deprecated. No longer used.
2404 search_index_skip_domains: <none>
2406 A space separated list of domains - if set, any users in the
2407 listed domains will be skipped when indexing.
2408 search_index_skip_users: <none>
2410 A space separated list of usernames - if set, any users in the
2411 list will be skipped when indexing.
2412 search_query_language: 0
2414 Deprecated. No longer used.
2415 search_normalisation_max: 1000
2417 A resource bound for the combinatorial explosion of search ex‐
2418 pression tree complexity caused by normalising expressions with
2419 many OR nodes. These can use more CPU time to optimise than
2420 they save IO time in scanning folders.
2421 search_engine: none
2423 The indexing engine used to speed up searching.
2424 Allowed values: none, squat, xapian
2426 search_fuzzy_always: 0
2428 Whether to enable RFC 6203 FUZZY search for all IMAP SEARCH. If
2429 turned on, search attributes will be searched using FUZZY search
2430 by default. If turned off, clients have to explicitly use the
2431 FUZZY search key to enable fuzzy search for regular SEARCH com‐
2432 mands.
2433 search_index_headers: 1
2435 Whether to index headers other than From, To, Cc, Bcc, and Sub‐
2436 ject. Experiment shows that some headers such as Received and
2437 DKIM-Signature can contribute up to 2/3rds of the index size but
2438 almost nothing to the utility of searching. Note that if header
2439 indexing is disabled, headers can still be searched, the
2440 searches will just be slower.
2441 search_indexed_db: twoskip
2443 The cyrusdb backend to use for the search latest indexed uid
2444 state. Xapian only.
2445 Allowed values: flat, skiplist, twoskip, zeroskip
2447 search_maxtime: <none>
2449 The maximum number of seconds to run a search for before abort‐
2450 ing. Default of no value means search "forever" until other
2451 timeouts.
2452 search_maxsize: 4M
2454 The maximum size to index for each message part. Message con‐
2455 tents that occur after this byte offset will not be indexed nor
2456 used to generate search snippets. Xapian-only.
2457 For backward compatibility, if no unit is specified, kibibytes
2459 is assumed.
2460 search_queryscan: 5000
2462 The minimum number of records require to do a direct scan of all
2463 G keys * rather than indexed lookups. A value of 0 means always
2464 do indexed lookups.
2465 search_skipdiacrit: 1
2467 When searching, should diacriticals be stripped from the search
2468 terms. The default is "true", a search for "hav" will match
2469 "Håvard". This is not RFC 5051 compliant, but it backwards com‐
2470 patible, and may be preferred by some sites.
2471 search_skiphtml: 0
2473 If enabled, HTML parts of messages are skipped, i.e. not indexed
2474 and not searchable. Otherwise, they're indexed.
2475 search_whitespace: merge
2477 When searching, how whitespace should be handled. Options are:
2478 "skip" (default in 2.3 and earlier series) - where a search for
2479 "equi" would match "the quick brown fox". "merge" - the de‐
2480 fault, where "he qu" would match "the quick brownfox", and
2481 "keep", where whitespace must match exactly. The default of
2482 "merge" is recommended for most cases - it's a good compromise
2483 which keeps words separate. Allowed values: skip, merge, keep
2484 search_snippet_length: 255
2486 The maximum byte length of a snippet generated by the XSNIPPETS
2487 command. Only supported by the Xapian search backend, which at‐
2488 tempts to always fill search_snippet_length bytes in the gener‐
2489 ated snippet.
2490 search_stopword_path: <none>
2492 The absolute base path to the search stopword lists. If not
2493 specified, no stopwords will be taken into account during search
2494 indexing. Currently, the only supported and default stop word
2495 file is english.txt.
2496 searchpartition-name: <none>
2498 The pathname where to store the xapian search indexes of
2499 searchtier for mailboxes of partition name. This must be config‐
2500 ured for the defaultsearchtier and any additional search tier
2501 (see squatter for details).
2502 For example: if defaultpartition is defined as part1 and de‐
2504 faultsearchtier as tier1 then the configuration must contain an
2505 entry tier1searchpartition-part1 that defines the path where to
2506 store this tier1's search index for the part1 partition.
2507 This option MUST be specified for xapian search.
2509 seenstate_db: twoskip
2511 The cyrusdb backend to use for the seen state.
2512 Allowed values: flat, skiplist, twoskip, zeroskip
2514 sendmail: /usr/lib/sendmail
2516 The pathname of the sendmail executable. Sieve invokes sendmail
2517 for sending rejections, redirects and vacation responses.
2518 sendmail_auth_id: CYRUS_SENDMAIL_AUTH_ID
2520 The name of an environment variable to set when invoking send‐
2521 mail. The value of this environment variable will contain the
2522 user id of the currently authenticated user. If no user is au‐
2523 thenticated the environment variable is not set.
2524 serverlist: <none>
2526 Whitespace separated list of backend server names. Used for
2527 finding server with the most available free space for proxying
2528 CREATE.
2529 serverlist_select_mode: freespace-most
2531 Server selection mode.
2532 random (pseudo-)random selection
2534 freespace-most
2536 backend with the most (total) free space (KiB)
2537 freespace-percent-most
2539 backend whose partition has the most free space (%)
2540 freespace-percent-weighted
2542 same as for partition selection, comparing the free space
2543 (%) of the least used partition of each backend
2544 freespace-percent-weighted-delta
2546 same as for partition selection, comparing the free space
2547 (%) of the least used partition of each backend.
2548 Allowed values: random, freespace-most, freespace-per‐
2550 cent-most, freespace-percent-weighted, freespace-per‐
2551 cent-weighted-delta
2552 serverlist_select_usage_reinit: 0
2554 For a given session, number of operations (e.g. backend selec‐
2555 tion) for which backend usage data are cached.
2556 serverlist_select_soft_usage_limit: 0
2558 Limit of backend usage (%): if a backend is over that limit, it
2559 is automatically excluded from selection mode.
2560 If all backends are over that limit, this feature is not used
2562 anymore.
2563 servername: <none>
2565 This is the hostname visible in the greeting messages of the
2566 POP, IMAP and LMTP daemons. If it is unset, then the result re‐
2567 turned from gethostname(2) is used. This is also the value used
2568 by murder clusters to identify the host name. It should be re‐
2569 solvable by DNS to the correct host, and unique within an active
2570 cluster. If you are using low level replication (e.g. drbd)
2571 then it should be the same on each copy and the DNS name should
2572 also be moved to the new master on failover.
2573 serverinfo: on
2575 The server information to display in the greeting and capability
2576 responses. Information is displayed as follows:
2577 "off" = no server information in the greeting or capabilities
2578 "min" = servername in the greeting; no server information in
2580 the capabilities
2581 "on" = servername and product version in the greeting; prod‐
2583 uct version in the capabilities
2584 Allowed values: off, min, on
2586 sharedprefix: Shared Folders
2588 If using the alternate IMAP namespace, the prefix for the shared
2589 namespace. The hierarchy delimiter will be automatically ap‐
2590 pended.
2591 sieve_allowreferrals: 1
2593 If enabled, timsieved will issue referrals to clients when the
2594 user's scripts reside on a remote server (in a Murder). Other‐
2595 wise, timsieved will proxy traffic to the remote server.
2596 sieve_duplicate_max_expiration: 90d
2598 Maximum expiration time for duplicate message tracking records.
2599 For backward compatibility, if no unit is specified, seconds is
2601 assumed.
2602 sieve_extensions: fileinto reject vacation vacation-seconds notify
2604 include envelope environment body relational regex subaddress copy
2605 date index imap4flags mailbox mboxmetadata servermetadata variables
2606 editheader extlists duplicate ihave fcc special-use redirect-dsn re‐
2607 direct-deliverby mailboxid vnd.cyrus.log vnd.cyrus.jmapquery
2608 vnd.cyrus.imip snooze
2609 Space-separated list of Sieve extensions allowed to be used in
2610 sieve scripts, enforced at submission by timsieved(8). Any pre‐
2611 viously installed script will be unaffected by this option and
2612 will continue to execute regardless of the extensions used.
2613 This option has no effect on options that are disabled at com‐
2614 pile time (e.g., "regex"). Allowed values: fileinto, reject,
2615 vacation, vacation-seconds, notify, include, envelope, environ‐
2616 ment, body, relational, regex, subaddress, copy, date, index,
2617 imap4flags=imapflags, mailbox, mboxmetadata, servermetadata,
2618 variables, editheader, extlists, duplicate, ihave, fcc, spe‐
2619 cial-use, redirect-dsn, redirect-deliverby, mailboxid,
2620 vnd.cyrus.log=x-cyrus-log, vnd.cyrus.jmapquery=x-cyrus-jmap‐
2621 query, vnd.cyrus.imip, snooze=vnd.cyrus.snooze=x-cyrus-snooze
2622 sieve_folder: #sieve
2624 The name of the folder for storing Sieve scripts (#sieve)
2625 sieve_maxscriptsize: 32K
2627 Maximum size any sieve script can be, enforced at submission by
2628 timsieved(8) and JMAP.
2629 For backward compatibility, if no unit is specified, kibibytes
2631 is assumed.
2632 sieve_maxscripts: 5
2634 Maximum number of sieve scripts any user may have, enforced at
2635 submission by timsieved(8).
2636 sieve_utf8fileinto: 0
2638 If enabled, the sieve engine expects folder names for the
2639 fileinto action in scripts to use UTF8 encoding. Otherwise,
2640 modified UTF7 encoding should be used.
2641 sieve_sasl_send_unsolicited_capability: 0
2643 If enabled, timsieved will emit a capability response after a
2644 successful SASL authentication, per draft-martin-manage‐
2645 sieve-12.txt .
2646 sieve_use_lmtp_reject: 1
2648 Enabled by default. If reject can be done via LMTP, then return
2649 a 550 rather than generating the bounce message in Cyrus.
2650 sieve_vacation_min_response: 3d
2652 Minimum time interval between consecutive vacation responses,
2653 per draft-ietf-vacation-seconds.txt. The default is 3 days.
2654 For backward compatibility, if no unit is specified, seconds is
2656 assumed.
2657 sieve_vacation_max_response: 90d
2659 Maximum time interval between consecutive vacation responses,
2660 per draft-ietf-vacation-seconds.txt. The default is 90 days.
2661 The minimum is 7 days.
2662 For backward compatibility, if no unit is specified, seconds is
2664 assumed.
2665 sievedir: /usr/sieve
2667 If sieveusehomedir is false, this directory is searched for
2668 Sieve scripts.
2669 sievenotifier: <none>
2671 Notifyd(8) method to use for "SIEVE" notifications. If not set,
2672 "SIEVE" notifications are disabled.
2673 This method is only used when no method is specified in the
2675 script.
2676 sieveusehomedir: 0
2678 If enabled, lmtpd will look for Sieve scripts in user's home di‐
2679 rectories: ~user/.sieve.
2680 anysievefolder: 0
2682 It must be "yes" in order to permit the autocreation of any IN‐
2683 BOX subfolder requested by a sieve filter, through the
2684 "fileinto" action. (default = no)
2685 singleinstancestore: 1
2687 If enabled, imapd, lmtpd and nntpd attempt to only write one
2688 copy of a message per partition and create hard links, resulting
2689 in a potentially large disk savings.
2690 skiplist_always_checkpoint: 1
2692 If enabled, this option forces the skiplist cyrusdb backend to
2693 always checkpoint when doing a recovery. This causes slightly
2694 more IO, but on the other hand leads to more efficient data‐
2695 bases, and the entire file is already "hot".
2696 skiplist_unsafe: 0
2698 If enabled, this option forces the skiplist cyrusdb backend to
2699 not sync writes to the disk. Enabling this option is NOT RECOM‐
2700 MENDED.
2701 smtp_backend: sendmail
2703 The SMTP backend to use for sending email.
2704 The "host" backend sends message submissions via a TCP socket to
2706 the SMTP host defined in the config option smtp_host.
2707 The "sendmail" backend forks the Cyrus process into the exe‐
2709 cutable defined in the config option sendmail. The executable
2710 must accept "-bs" as command line argument, read from stdin and
2711 must implement the minimum SMTP protocol as defined in section
2712 4.5.1 of RFC 5321.
2713 If the SMTP EHLO command reports AUTH (RFC 4954) as a supported
2715 extension, then the MAIL FROM command includes the AUTH parame‐
2716 ter, with its value set to the name of any authenticated user
2717 which triggered the email. The AUTH parameter is omitted if the
2718 user is unknown to the calling process.
2719 If the directory configdirectory/log/smtpclient.smtp_backend ex‐
2721 ists, then telemetry logs for outgoing SMTP sessions will be
2722 created in this directory.
2723 Allowed values: host, sendmail
2725 smtp_host: localhost:587
2727 The SMTP host to use for sending mail (also see the smtp_backend
2728 option). The value of this option must the name or IP address of
2729 a TCP host, followed optionally by a colon and the port or ser‐
2730 vice to use. The default port is 587. TLS may be activated by
2731 appending "/tls" to the value. Authentication is enabled if
2732 smtp_auth_authname is set. Authentication can be explicitly dis‐
2733 abled by appending "/noauth" to the host address.
2734 smtp_auth_authname: <none>
2736 The authentication name to use when authenticating to the SMTP
2737 server defined in smtp_host.
2738 smtp_auth_password: <none>
2740 The password to use when authenticating to the SMTP server de‐
2741 fined in smtp_host.
2742 smtp_auth_realm: <none>
2744 The authentication SASL realm to use when authenticating to a
2745 SMTP server.
2746 soft_noauth: 1
2748 If enabled, lmtpd returns temporary failures if the client does
2749 not successfully authenticate. Otherwise lmtpd returns perma‐
2750 nent failures (causing the mail to bounce immediately).
2751 sortcache_db: twoskip
2753 The cyrusdb backend to use for caching sort results (currently
2754 only used for xconvmultisort) Allowed values: skiplist, twoskip,
2755 zeroskip
2756 specialuse_extra: <none>
2758 Whitespace separated list of extra special-use attributes that
2759 can be set on a mailbox. RFC 6154 currently lists what spe‐
2760 cial-use attributes can be set. This allows extending that list
2761 in the future or adding your own if needed.
2762 specialuse_nochildren: \Scheduled \Snooze
2764 Whitespace separated list of special-use attributes that may not
2765 contain child folders. If set, mailboxes with any of these at‐
2766 tributes may not have child folders created, and these at‐
2767 tributes cannot be added to mailboxes that already have chil‐
2768 dren..
2769 specialuse_protect: \Archive \Drafts \Important \Junk \Sent \Sched‐
2771 uled \Snooze \Trash
2772 Whitespace separated list of special-use attributes to protect
2773 the mailboxes for. If set, don't allow mailboxes with these
2774 special use attributes to be deleted or renamed to have a dif‐
2775 ferent parent. Default is the built-in list
2776 specialusealways: 1
2778 If enabled, this option causes LIST and LSUB output to always
2779 include the XLIST "special-use" flags
2780 sql_database: <none>
2782 Name of the database which contains the cyrusdb table(s).
2783 sql_engine: <none>
2785 Name of the SQL engine to use.
2786 Allowed values: mysql, pgsql, sqlite
2788 sql_hostnames: <empty string>
2790 Comma separated list of SQL servers (in host[:port] format).
2791 sql_passwd: <none>
2793 Password to use for authentication to the SQL server.
2794 sql_user: <none>
2796 Username to use for authentication to the SQL server.
2797 sql_usessl: 0
2799 If enabled, a secure connection will be made to the SQL server.
2800 srs_alwaysrewrite: 0
2802 If true, perform SRS rewriting for ALL forwarding, even when not
2803 required.
2804 srs_domain: <none>
2806 The domain to use in rewritten addresses. This must point only
2807 to machines which know the encoding secret used by this system.
2808 When present, SRS is enabled.
2809 srs_hashlength: 0
2811 The hash length to generate in a rewritten address.
2812 srs_secrets: <none>
2814 A list of secrets with which to generate addresses.
2815 srs_separator: <none>
2817 The separator to appear immediately after SRS[01] in rewritten
2818 addresses.
2819 srvtab: <empty string>
2821 The pathname of srvtab file containing the server's private key.
2822 This option is passed to the SASL library and overrides its de‐
2823 fault setting.
2824 submitservers: <none>
2826 A list of users and groups that are allowed to resolve
2827 "urlauth=submit+" IMAP URLs, separated by spaces. Any user
2828 listed in this will be allowed to fetch the contents of any
2829 valid "urlauth=submit+" IMAP URL: use with caution.
2830 subscription_db: flat
2832 The cyrusdb backend to use for the subscriptions list.
2833 Allowed values: flat, skiplist, twoskip, zeroskip
2835 suppress_capabilities: <none>
2837 Suppress the named capabilities from any capability response.
2838 Use the exact case as it appears in the response, e.g. "sup‐
2839 press_capabilities: ESEARCH QRESYNC WITHIN XLIST LIST-EXTENDED"
2840 if you have a murder with 2.3.x backends and don't want clients
2841 being confused by new capabilities that some backends don't sup‐
2842 port.
2843 statuscache: 0
2845 Enable/disable the imap status cache.
2846 statuscache_db: twoskip
2848 The cyrusdb backend to use for the imap status cache.
2849 Allowed values: skiplist, sql, twoskip, zeroskip
2851 statuscache_db_path: <none>
2853 The absolute path to the statuscache db file. If not specified,
2854 will be configdirectory/statuscache.db
2855 sync_authname: <none>
2857 The authentication name to use when authenticating to a sync
2858 server. Prefix with a channel name to only apply for that chan‐
2859 nel
2860 sync_batchsize: 8192
2862 the number of messages to upload in a single mailbox replica‐
2863 tion. Default is 8192. If there are more than this many mes‐
2864 sages appended to the mailbox, generate a synthetic partial
2865 state and send that.
2866 sync_cache_db: twoskip
2868 The cyrusdb backend to use for the replication cache.
2869 Allowed values: skiplist, sql, twoskip, zeroskip
2871 sync_cache_db_path: <none>
2873 The path for the replication cache. Prefix with a channel name
2874 to apply for that channel. NOTE, it's quite important to have a
2875 different one per backend!
2876 sync_host: <none>
2878 Name of the host (replica running sync_server(8)) to which
2879 replication actions will be sent by sync_client(8). Prefix with
2880 a channel name to only apply for that channel
2881 sync_log: 0
2883 Enable replication action logging by lmtpd(8), imapd(8),
2884 pop3d(8), and nntpd(8). The log {configdirectory}/sync/log is
2885 used by sync_client(8) for "rolling" replication.
2886 sync_log_chain: 0
2888 Enable replication action logging by sync_server as well, allow‐
2889 ing chaining of replicas. Use this on 'B' for A => B => C
2890 replication layout
2891 sync_log_channels: <none>
2893 If specified, log all events to multiple log files in directo‐
2894 ries specified by each "channel". Each channel can then be pro‐
2895 cessed separately, such as by multiple sync_client(8)s in a mesh
2896 replication scheme, or by squatter(8) for rolling search index
2897 updates.
2898 You can use "" (the two-character string U+22 U+22) to mean the
2900 default sync channel.
2901 sync_log_unsuppressable_channels: squatter
2903 If specified, the named channels are exempt from the effect of
2904 setting sync_log_chain:off, i.e. they are always logged to by
2905 the sync_server process. This is only really useful to allow
2906 rolling search indexing on a replica.
2907 sync_password: <none>
2909 The default password to use when authenticating to a sync
2910 server. Prefix with a channel name to only apply for that chan‐
2911 nel
2912 sync_port: <none>
2914 Name of the service (or port number) of the replication service
2915 on replica host. Prefix with a channel name to only apply for
2916 that channel. If not specified, and if sync_try_imap is set to
2917 "yes" (the default), then the replication client will first try
2918 "imap" (port 143) to check if imapd supports replication. Oth‐
2919 erwise it will default to "csync" (usually port 2005).
2920 sync_realm: <none>
2922 The authentication realm to use when authenticating to a sync
2923 server. Prefix with a channel name to only apply for that chan‐
2924 nel
2925 sync_reconnect_maxwait: 20m
2927 When a rolling sync_client cannot connect to the replica, it en‐
2928 ters a retry loop with an exponential backoff between attempts.
2929 This option sets the upper limit on that exponential backoff: no
2930 matter how long the replica has been down so far, sync_client
2931 will never wait longer than sync_reconnect_maxwait between re‐
2932 tries.
2933 If this is zero or negative, the backoff duration will be al‐
2935 lowed to increase indefinitely (not recommended).
2936 If no unit is specified, seconds is assumed.
2938 sync_repeat_interval: 1s
2940 Minimum interval between replication runs in rolling replication
2941 mode. If a replication run takes longer than this time, we re‐
2942 peat immediately. Prefix with a channel name to only apply for
2943 that channel.
2944 For backward compatibility, if no unit is specified, seconds is
2946 assumed.
2947 sync_rightnow_channel: <none>
2949 if set, run sync_client to this channel immediately. As with
2950 channels, set this value to '""' to sync the default channel!
2951 sync_shutdown_file: <none>
2953 Simple latch used to tell sync_client(8) that it should shut
2954 down at the next opportunity. Safer than sending signals to run‐
2955 ning processes. Prefix with a channel name to only apply for
2956 that channel
2957 sync_timeout: 30m
2959 How long to wait for a response before returning a timeout fail‐
2960 ure when talking to a replication peer (client or server). The
2961 minimum duration is 3 seconds, the default is 30 minutes.
2962 For backward compatibility, if no unit is specified, seconds is
2964 assumed.
2965 sync_try_imap: 1
2967 Whether sync_client should try to perform an IMAP connection be‐
2968 fore falling back to csync. If this is set to "no", sync_client
2969 will only use csync. Prefix with a channel name to apply only
2970 for that channel
2971 syslog_prefix: <none>
2973 String to be prepended to the process name in syslog entries.
2974 Can be further overridden by setting the $CYRUS_SYSLOG_PREFIX
2975 environment variable.
2976 Using the $CYRUS_SYSLOG_PREFIX environment variable has the ad‐
2978 ditional advantage that it can be set before the imapd.conf is
2979 read, so errors while reading the config file can be syslogged
2980 with the correct prefix.
2981 syslog_facility: <none>
2983 Configure a syslog facility. The default is whatever is com‐
2984 piled in. Allowed values are: DAEMON, MAIL, NEWS, USER, and LO‐
2985 CAL0 through to LOCAL7
2986 tcp_keepalive: 0
2988 Enable keepalive on TCP connections
2989 tcp_keepalive_cnt: 0
2991 Number of TCP keepalive probes to send before declaring the con‐
2992 nection dead (0 == system default)
2993 tcp_keepalive_idle: 0
2995 How long a connection must be idle before keepalive probes are
2996 sent (0 == system default).
2997 For backward compatibility, if no unit is specified, seconds is
2999 assumed.
3000 tcp_keepalive_intvl: 0
3002 Time between keepalive probes (0 == system default).
3003 For backward compatibility, if no unit is specified, seconds is
3005 assumed.
3006 temp_path: /tmp
3008 The pathname to store temporary files in. It is recommended to
3009 use an in-memory filesystem such as tmpfs for this path.
3010 telemetry_bysessionid: 0
3012 If true, log by sessionid instead of PID for telemetry
3013 timeout: 32m
3015 The length of the IMAP server's inactivity autologout timer.
3016 The minimum value is 30 minutes. The default is 32 minutes, to
3017 allow a bit of leeway for clients that try to NOOP every 30 min‐
3018 utes.
3019 For backward compatibility, if no unit is specified, minutes is
3021 assumed.
3022 imapidletimeout: <none>
3024 Timeout for idling clients (RFC 2177). If not set (the de‐
3025 fault), the value of "timeout" will be used instead.
3026 For backward compatibility, if no unit is specified, minutes is
3028 assumed.
3029 tls_ca_file: <none>
3031 Deprecated in favor of tls_client_ca_file.
3032 tls_ca_path: <none>
3034 Deprecated in favor of tls_client_ca_dir.
3035 tlscache_db: twoskip
3037 Deprecated in favor of tls_sessions_db.
3038 tlscache_db_path: <none>
3040 Deprecated in favor of tls_sessions_db_path.
3041 tls_cert_file: <none>
3043 Deprecated in favor of tls_server_cert.
3044 tls_cipher_list: DEFAULT
3046 Deprecated in favor of tls_ciphers.
3047 tls_ciphers: DEFAULT
3049 The list of SSL/TLS ciphers to allow. The format of the string
3050 (and definition of "DEFAULT") is described in ciphers(1).
3051 See also Mozilla's server-side TLS recommendations:
3053 https://wiki.mozilla.org/Security/Server_Side_TLS
3055 tls_crl_file: <none>
3057 Path to a file containing the Certificate Revocation List
3058 tls_client_ca_dir: <none>
3060 Path to a directory containing the CA certificates used to ver‐
3061 ify client SSL certificates used for authentication.
3062 tls_client_ca_file: <none>
3064 Path to a file containing the CA certificate(s) used to verify
3065 client SSL certificates used for authentication.
3066 tls_client_cert: <none>
3068 File containing the certificate presented to a server for au‐
3069 thentication during STARTTLS. A value of "disabled" will disable
3070 this server's use of certificate-based authentication.
3071 tls_client_certs: optional
3073 Disable ("off"), allow ("optional", default) or require ("re‐
3074 quire") the use of SSL certificates by clients to authenticate
3075 themselves. Allowed values: off, optional, require
3076 tls_client_key: <none>
3078 File containing the private key belonging to the tls_client_cert
3079 certificate. A value of "disabled" will disable this server's
3080 use of certificate-based authentication.
3081 tls_eccurve: prime256v1
3083 The elliptic curve used for ECDHE. Default is NIST Suite B
3084 prime256. See 'openssl ecparam -list_curves' for possible val‐
3085 ues.
3086 tls_key_file: <none>
3088 Deprecated in favor of tls_server_key.
3089 tls_required: 0
3091 If enabled, require a TLS/SSL encryption layer to be negotiated
3092 prior to ANY authentication mechanisms being advertised or al‐
3093 lowed.
3094 tls_prefer_server_ciphers: 0
3096 Prefer the ciphers on the server side instead of client side.
3097 tls_server_ca_dir: <none>
3099 Path to a directory with CA certificates used to verify certifi‐
3100 cates offered by the server, when cyrus acts as client. This di‐
3101 rectory must have filenames with the hashed value of the cer‐
3102 tificates (see openssl(1)).
3103 tls_server_ca_file: <none>
3105 Path to a file containing CA certificates used to verify cer‐
3106 tificates offered by the server, when cyrus acts as client.
3107 tls_server_cert: <none>
3109 File containing the certificate, including the full chain, pre‐
3110 sented to clients. Two certificates can be set, e.g RSA and EC,
3111 if the filenames are separated with comma without spaces.
3112 tls_server_dhparam: <none>
3114 File containing the DH parameters belonging to the certificate
3115 in tls_server_cert.
3116 tls_server_key: <none>
3118 File containing the private key belonging to the certificate in
3119 tls_server_cert. If not set, tls_server_cert must contain both
3120 private and public key. Two files with keys can be set, if two
3121 certificates are used, in which case the files must be separated
3122 with comma without spaces
3123 tls_sessions_db: twoskip
3125 The cyrusdb backend to use for the TLS cache.
3126 Allowed values: skiplist, sql, twoskip, zeroskip
3128 tls_sessions_db_path: <none>
3130 The absolute path to the TLS sessions db file. If not specified,
3131 will be configdirectory/tls_sessions.db
3132 tls_session_timeout: 24h
3134 The length of time that a TLS session will be cached for later
3135 reuse. The maximum value is 24 hours, also the default. A
3136 value of 0 will disable session caching.
3137 For backward compatibility, if no unit is specified, minutes is
3139 assumed.
3140 tls_versions: tls1_0 tls1_1 tls1_2 tls1_3
3142 A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS
3143 starts with all protocols, and subtracts protocols not in this
3144 list. Newer versions of SSL/TLS will need to be added here to
3145 allow them to get disabled.
3146 uidl_format: cyrus
3148 Choose the format for UIDLs in pop3. Possible values are
3149 "uidonly", "cyrus", "dovecot" and "courier". "uidonly" forces
3150 the old default of UID, "cyrus" is UIDVALIDITY.UID. Dovecot is
3151 8 digits of leading hex (lower case) each UID UIDVALIDITY.
3152 Courier is UIDVALIDITY-UID. Allowed values: uidonly, cyrus,
3153 dovecot, courier
3154 umask: 077
3156 The umask value used by various Cyrus IMAP programs.
3157 userdeny_db: flat
3159 The cyrusdb backend to use for the user access list.
3160 Allowed values: flat, skiplist, sql, twoskip, zeroskip
3162 userdeny_db_path: <none>
3164 The absolute path to the userdeny db file. If not specified,
3165 will be configdirectory/user_deny.db
3166 username_tolower: 1
3168 Convert usernames to all lowercase before login/authentication.
3169 This is useful with authentication backends which ignore case
3170 during username lookups (such as LDAP).
3171 userprefix: Other Users
3173 If using the alternate IMAP namespace, the prefix for the other
3174 users namespace. The hierarchy delimiter will be automatically
3175 appended.
3176 unix_group_enable: 1
3178 Should we look up groups when using auth_unix (disable this if
3179 you are not using groups in ACLs for your IMAP server, and you
3180 are using auth_unix with a backend (such as LDAP) that can make
3181 getgrent() calls very slow)
3182 unixhierarchysep: 1
3184 Use the UNIX separator character '/' for delimiting levels of
3185 mailbox hierarchy. Turn off to use the netnews separator char‐
3186 acter '.'. Note that with the newnews separator, no dots may oc‐
3187 cur in mailbox names. The default switched in 3.0 from off to
3188 on.
3189 vcard_max_size: 0
3191 Maximum allowed vCard size. If non-zero, CardDAV and JMAP will
3192 reject storage of contacts whose vCard representation is larger
3193 than vcard_max_size.
3194 If set to 0 (the default), a large internally-defined limit will
3196 be applied.
3197 If no unit is specified, bytes is assumed.
3199 virtdomains: off
3201 Configure virtual domain support.
3202 off Cyrus does not know or care about domains. Only the local
3204 part of email addresses is ever considered. This is not
3205 recommended for any deployment, but is currently the de‐
3206 fault.
3207 userid The user's domain is determined by splitting a fully
3209 qualified userid at the last '@' or '%' symbol. If the
3210 userid is unqualified, the defaultdomain will be used.
3211 This is the recommended configuration for all deploy‐
3212 ments. If you wish to provide calendaring services you
3213 must use this configuration.
3214 on Fully qualified userids are respected, as per "userid".
3216 Unqualified userids will have their domain determined by
3217 doing a reverse lookup on the IP address of the incoming
3218 network interface, or if no record is found, the default‐
3219 domain will be used.
3220 Allowed values: off, userid, on
3222 virusscan_notification_subject: Automatically deleted mail
3224 The text used in the subject of email notifications created by
3225 cyr_virusscan(8) when deleting infected mail.
3226 virusscan_notification_template: <none>
3228 The absolute path to a file containing a template to use to de‐
3229 scribe infected messages that have been deleted by cyr_viruss‐
3230 can(8). See cyr_virusscan(8) for specification of the format of
3231 this file. If not specified, the builtin default template will
3232 be used.
3233 websocket_timeout: 30m
3235 Set the length of the HTTP server's inactivity autologout timer
3236 when a WebSocket channel has been established. The default is
3237 30 minutes. The minimum value is 0, which will disable WebSock‐
3238 ets.
3239 If no unit is specified, minutes is assumed.
3241 webdav_attachments_baseurl: <none>
3243 The base URL for WebDAV managed attachments, excluding the
3244 Cyrus-specific URL paths. Typically, this only includes the HTTP
3245 scheme and host name at which DAV clients may fetch managed at‐
3246 tachments from, e.g. "https://dav.example.com". If not speci‐
3247 fied, the target host of the DAV HTTP request that uploaded the
3248 attachment will be used. For JMAP, the Link.blobId property of
3249 JSCalendar objects will be disabled.
3250 webdav_attachments_max_binary_attach_size: 1024K
3252 The maximum byte length of an ATTACH property value when managed
3253 attachment URIs get rewritten to BINARY during iTIP processing.
3254 Any attachment that exceeds this byte size keeps its managed at‐
3255 tachment URI as ATTACH value. A zero size limit causes attach‐
3256 ments of any size be rewritten as BINARY.
3257 xbackup_enabled: 0
3259 Enable support for the XBACKUP command in imapd. If enabled,
3260 admin users can use this command to provoke a replication of
3261 specified users to the named backup channel.
3262 xlist-flag: <none>
3264 Set the special-use flag flag on the specified folder when it is
3265 autocreated (see the autocreate_inbox_folders option). For ex‐
3266 ample, if xlist-junk: Spam is set, and the folder Spam is au‐
3267 tocreated, the special-use flag \Junk will be set on it.
3268 (This option is so named for backward compatibility with old
3270 config files.)
3271 lmtp_catchall_mailbox: <none>
3273 Mail sent to mailboxes which do not exist, will be delivered to
3274 this user. NOTE: This must be an existing local user name with
3275 an INBOX, NOT an email address!
3276 zoneinfo_db: twoskip
3278 The cyrusdb backend to use for zoneinfo. This database is used
3279 by the "tzdist" httpmodules, and is managed by ctl_zoneinfo(8).
3280 Allowed values: flat, skiplist, twoskip, zeroskip
3281 zoneinfo_db_path: <none>
3283 The absolute path to the zoneinfo db file. If not specified,
3284 will be configdirectory/zoneinfo.db
3285 zoneinfo_dir: <none>
3287 The absolute path to the zoneinfo directory, containing timezone
3288 definitions as generated by the vzic tool. If not specified,
3289 whatever definitions libical finds will be used.
3290 If you are providing a Time Zone Data Distribution Service (i.e.
3292 you have "tzdist" listed in httpmodules), then this configura‐
3293 tion option MUST be specified.
3294 object_storage_enabled: 0
3296 Is Object storage enabled for this server. You also need to
3297 have archiving enabled and archivepartition for the mailbox.
3298 Only email files will be stored on object Storage archive parti‐
3299 tion will be used to store any other files
3300 object_storage_dummy_spool: <none>
3302 Dummy object storage spool; this is for test only. Spool where
3303 user directory (container) will be created to store all emails
3304 in a flat structure
3305 openio_namespace: <none>
3307 The OpenIO namespace used to store archived email messages. A
3308 namespace identifies the physical platform cyrus must contact.
3309 This directive is used by the OpenIO's SDK to locate its plat‐
3310 form entry point.
3311 openio_account: <none>
3313 The OpenIO account used to account for stored emails. Accounts
3314 are unique in their namespace. They provides virtual partitions,
3315 with quotas and QoS features.
3316 openio_rawx_timeout: 30s
3318 The OpenIO timeout to query to the RAWX services (default 30
3319 sec).
3320 openio_proxy_timeout: 5s
3322 The OpenIO timeout to query to the PROXY services (default 5
3323 sec).
3324 openio_autocreate: 0
3326 Allow the OpenIO SDK to autocreate containers. Mainly destined
3327 to be turned on development environments. In production, the
3328 container should have been provisioned with the mailboxes.
3329 openio_verbosity: <none>
3331 Sets the logging verbosity of the OpenIO's internal behavior.
3332 Admissible values are: "warning", "notice", "info", "debug",
3333 "trace", "quiet". The default verbosity is "warning". Set to
3334 "notice" for a few lines on a per-client basis. Set to "info"
3335 for a few lines on a per-request basis. Set to "debug" Set to
3336 "trace" to activate the underlying libcurl debug output. En‐
3337 abling a verbosity higher to equal than "debug" requires the
3338 cyrus to be set in debug mode. The special "quiet" value dis‐
3339 ables all kinds of logging at the GLib level.
3340 caringo_hostname: <none>
3342 The Caringo hostname used to store archived email messages. A
3343 hostname identifies the physical platform cyrus must contact.
3344 This directive is used by the Caringo's SDK (CastorSDK: Caringo
3345 Simple Content Storage Protocol (SCSP) on HTTP 1.1 using a REST‐
3346 ful architecture
3347 caringo_port: 80
3349 The port of the caringo server (caringo_hostname); default is
3350 80.
3351 fastmailsharing: 0
3353 If enabled, use FastMail style sharing (oldschool full server
3354 paths)
3355
3357 imapd(8), pop3d(8), nntpd(8), lmtpd(8), httpd(8), timsieved(8),
3358 idled(8), notifyd(8), deliver(8), master(8), ciphers(1)
3359
3361 The Cyrus Team
3362
3364 1993–2023, The Cyrus Team
33653.8.1 Sep 11, 2023 IMAPD.CONF(5)