imapd.conf man page on SuSE

Man page or keyword search:  
man Server   14857 pages
apropos Keyword Search (all sections)
Output format
SuSE logo
[printable version]

IMAPD.CONF(5)							 IMAPD.CONF(5)

NAME
       imapd.conf - IMAP configuration file

DESCRIPTION
       /etc/imapd.conf	is  the	 configuration file for the Cyrus IMAP server.
       It defines local parameters for IMAP.

       Each line of the /etc/imapd.conf file has the form

	      option: value

       where option is the name of the	configuration  option  being  set  and
       value is the value that the configuration option is being set to.

       Blank lines and lines beginning with ``#'' are ignored.

       For  boolean and enumerated options, the values ``yes'', ``on'', ``t'',
       ``true'' and ``1'' turn the option  on,	the  values  ``no'',  ``off'',
       ``f'', ``false'' and ``0'' turn the option off.

FIELD DESCRIPTIONS
       The   sections	below  detail  options	that  can  be  placed  in  the
       /etc/imapd.conf file, and  show	each  option's	default	 value.	  Some
       options	have no default value, these are listed with ``<no default>''.
       Some options default  to	 the  empty  string,  these  are  listed  with
       ``<none>''.

       admins: <empty string>
	    The	 list  of  userids  with administrative rights.	 Separate each
	    userid with a space.  Sites using Kerberos authentication may  use
	    separate "admin" instances.

       Note  that accounts used by users should not be administrators.	Admin‐
       istrative accounts should not receive mail.  That is, if user "jbRo" is
       a  user	reading	 mail, he should not also be in the admins line.  Some
       problems may occur otherwise, most notably the ability  of  administra‐
       tors  to	 create top-level mailboxes visible to users, but not writable
       by users.

       afspts_localrealms: <none>
	    The list of realms which are to be	treated	 as  local,  and  thus
	    stripped   during  identifier  canonicalization  (for  the	AFSPTS
	    ptloader module).  This is different from loginrealms in  that  it
	    occurs  later  in  the  authorization  process  (as the user id is
	    canonified for PTS lookup)

       afspts_mycell: <none>
	    Cell to use for AFS PTS lookups.  Defaults to the local cell.

       allowallsubscribe: 0
	    Allow subscription to nonexistent mailboxes.  This option is typi‐
	    cally  used	 on backend servers in a Murder so that users can sub‐
	    scribe to mailboxes that don't  reside  on	their  "home"  server.
	    This  option  can  also  be	 used as a workaround for IMAP clients
	    which don't play well with nonexistent or  unselectable  mailboxes
	    (eg.  Microsoft Outlook).

       allowanonymouslogin: 0
	    Permit  logins  by	the user "anonymous" using any password.  Also
	    allows use of the SASL ANONYMOUS mechanism.

       allowapop: 1
	    Allow use of the POP3 APOP authentication command.

       Note that this command requires that SASL is compiled  with  APOP  sup‐
       port,  that  the	 plaintext  passwords  are available in a SASL auxprop
       backend (eg. sasldb), and that the system can  provide  enough  entropy
       (eg. from /dev/urandom) to create a challenge in the banner.

       allownewnews: 0
	    Allow use of the NNTP NEWNEWS command.

       Note  that  this is a very expensive command and should only be enabled
       when absolutely necessary.

       allowplaintext: 0
	    Allow the use of cleartext passwords on the wire.

       allowusermoves: 0
	    Allow moving user accounts (with associated meta-data) via	RENAME
	    or XFER.

       Note  that  measures  should  be taken to make sure that the user being
       moved is not logged in, and can not login during the move.  Failure  to
       do  so  may  result in the user's meta-data (seen state, subscriptions,
       etc) being corrupted or out of date.

       altnamespace: 0
	    Use the alternate IMAP namespace, where personal folders reside at
	    the same level in the hierarchy as INBOX.

       This  option  ONLY  applies  where  interaction	takes  place  with the
       client/user.  Currently this is limited to the  IMAP  protocol  (imapd)
       and  Sieve  scripts (lmtpd).  This option does NOT apply to admin tools
       such as cyradm (admins ONLY), reconstruct, quota,  etc.,	 NOR  does  it
       affect  LMTP  delivery  of  messages  directly  to  mailboxes via plus-
       addressing.

       annotation_db: skiplist
	    The cyrusdb backend to use for mailbox annotations.

	    Allowed values: berkeley, berkeley-hash, skiplist

       anyoneuseracl: 1
	    Should non-admin users be allowed to set  ACLs  for	 the  'anyone'
	    user  on  their mailboxes?	In a large organization this can cause
	    support problems, but it's enabled by default.

       auth_mech: unix
	    The authorization mechanism to use.

	    Allowed values: unix, pts, krb, krb5

       autocreatequota: 0
	    If nonzero, normal users may create their  own  IMAP  accounts  by
	    creating  the mailbox INBOX.  The user's quota is set to the value
	    if it is positive, otherwise the user has unlimited quota.

       berkeley_cachesize: 512
	    Size (in kilobytes) of the shared memory buffer pool (cache)  used
	    by	the  berkeley  environment.   The minimum allowed value is 20.
	    The maximum allowed value is 4194303 (4GB).

       berkeley_locks_max: 50000
	    Maximum number of locks to be held or requested  in	 the  berkeley
	    environment.

       berkeley_txns_max: 100
	    Maximum  number  of	 transactions  to be supported in the berkeley
	    environment.

       client_timeout: 10
	    Number of seconds to wait before returning a timeout failure  when
	    performing a client connection (e.g. in a murder environment)

       createonpost: 0
	    If	yes,  when  lmtpd  receives an incoming mail for an INBOX that
	    does not exist, then the INBOX is automatically created by lmtpd.

       autocreateinboxfolders: <none>
	    If a user does not have an INBOX created then the INBOX as well as
	    some  INBOX	 subfolders  are created under two conditions.	1. The
	    user logins via the IMAP or the  POP3  protocol.  (autocreatequota
	    option  must  have	a  nonzero value) 2. A message arrives for the
	    user through the LMTPD protocol.(createonpost option must be  yes)
	    autocreateinboxfolders  is	a list of INBOX's subfolders separated
	    by a "|", that are automatically created by the server  under  the
	    previous two situations.

       autosubscribeinboxfolders: <none>
	    A list of folder names, separated by "|", that the users get auto‐
	    matically subscribed to, when their INBOX is created. These folder
	    names must have been included in the autocreateinboxfolders option
	    of the imapd.conf.

       autosubscribesharedfolders: <none>
	    A list of shared folders (bulletin boards), separated by "|", that
	    the	 users	get  automatically subscribed to, after their INBOX is
	    created. The shared folder must have been  created	and  the  user
	    must have the required permissions to get subscribed to it. Other‐
	    wise, subscribing to the shared folder fails.

       autosubscribe_all_sharedfolders: 0
	    If set to yes, the user is automatically subscribed to all	shared
	    folders, one has permission to subscribe to.

       autocreate_sieve_script: <none>
	    The	 full path of a file that contains a sieve script. This script
	    automatically  becomes  a  user's  initial	default	 sieve	filter
	    script.  When  this option is not defined, no default sieve filter
	    is created. The file must be readable by the cyrus daemon.

       autocreate_sieve_compiledscript: <none>
	    The full path of a file that contains a compiled in bytecode sieve
	    script. This script automatically becomes a user's initial default
	    sieve filter script.  If this option  is  not  specified,  or  the
	    filename  doesn't  exist  then  the	 script	 defined  by  autocre‐
	    ate_sieve_script is compiled on  the  fly  and  installed  as  the
	    user's default sieve script

       generate_compiled_sieve_script: 0
	    If	set to yes and no compiled sieve script file exists, the sieve
	    script which is compiled on the fly will be saved in the file name
	    that  autocreate_sieve_compiledscript option points to. In order a
	    compiled  script  to  be  generated,  autocreate_sieve_script  and
	    autocreate_sieve_compiledscript must have valid values

       autocreate_users: anyone
	    A  space  separated	 list  of users and/or groups that are allowed
	    their INBOX to be automatically created.

       configdirectory: <none>
	    The pathname of the IMAP configuration directory.  This  field  is
	    required.

       debug_command: <none>
	    Debug command to be used by processes started with -D option.  The
	    string is a C format string that gets 3 options: the first is  the
	    name  of  the  executable  (without	 path).	 The second is the pid
	    (integer)  and  the	  third	  is   the   service   ID.    Example:
	    /usr/local/bin/gdb /usr/cyrus/bin/%s %d

       defaultacl: anyone lrs
	    The Access Control List (ACL) placed on a newly-created (non-user)
	    mailbox that does not have a parent mailbox.

       defaultdomain: <none>
	    The default domain for virtual domain support

       defaultpartition: default
	    The partition name used by default for new mailboxes.

       deletedprefix: DELETED
	    If "delete_mode" set to be "delayed", the prefix for  the  deleted
	    mailboxes  hierarchy.   The	 hierarchy delimiter will be automati‐
	    cally appended.

       delete_mode: immediate
	    The manner in which mailboxes are deleted. "Immediate" mode is the
	    default  behavior  in which mailboxes are removed immediately.  In
	    "delayed" mode,  mailboxes	are  renamed  to  a  special  hiearchy
	    defined  by	 the  "deletedprefix"  option  to  be removed later by
	    cyr_expire.

	    Allowed values: immediate, delayed

       deleteright: c
	    Deprecated - only used for backwards compatibility	with  existing
	    installations.   Lists  the	 old  RFC 2086 right which was used to
	    grant the user the ability to delete a mailbox.   If  a  user  has
	    this right, they will automatically be given the new 'x' right.

       dracinterval: 5
	    If	nonzero,  enables the use of DRAC (Dynamic Relay Authorization
	    Control) by the pop3d and imapd daemons.  Also sets	 the  interval
	    (in minutes) between re-authorization requests made by imapd.

       drachost: localhost
	    Hostname of the RPC dracd server.

       duplicate_db: berkeley-nosync
	    The	 cyrusdb backend to use for the duplicate delivery suppression
	    and sieve.

	    Allowed values: berkeley, berkeley-nosync,	berkeley-hash,	berke‐
	    ley-hash-nosync, skiplist

       duplicatesuppression: 1
	    If enabled, lmtpd will suppress delivery of a message to a mailbox
	    if a message with the same message-id  (or	resent-message-id)  is
	    recorded as having already been delivered to the mailbox.  Records
	    the mailbox and  message-id/resent-message-id  of  all  successful
	    deliveries.

       expunge_mode: immediate
	    The mode in which messages (and their corresponding cache entries)
	    are expunged.  "Immediate" mode is the default behavior  in	 which
	    the	 message files and cache entries are purged at the time of the
	    EXPUNGE.  In "delayed" mode, the messages  are  removed  from  the
	    mailbox  index  at	the  time of the EXPUNGE (hiding them from the
	    client), but the message files and cache entries are left  behind,
	    to	be  purged  at a later time by "cyr_expire".  This reduces the
	    amount of I/O that takes place at the time of EXPUNGE  and	should
	    result  in	greater responsiveness for the client, especially when
	    expunging a large number of messages.

	    Allowed values: immediate, delayed

       flushseenstate: 0
	    If enabled, changes to the seen state  will	 be  flushed  to  disk
	    immediately, otherwise changes will be cached and flushed when the
	    mailbox is closed.	This option may be used to fix the problem  of
	    previously	read messages being marked as unread in Microsoft Out‐
	    look, at the expense of a loss of performance/scalability.

       foolstupidclients: 0
	    If enabled, only list the personal namespace when a	 LIST  "*"  is
	    performed.	(it changes the request to a LIST "INBOX*"

       force_sasl_client_mech: <none>
	    Force  preference of a given SASL mechanism for client side opera‐
	    tions (e.g. murder environments).	This  is  separate  from  (and
	    overridden	by)  the  ability  to  use  the <host shortname>_mechs
	    option to set preferred mechanisms for a specific host

       fulldirhash: 0
	    If enabled, uses an improved directory hashing scheme which hashes
	    the	 entire username instead of using just the first letter.  This
	    changes hash algorithm used for quota and user directories and  if
	    hashimapspool is enabled, the entire mail spool.

       Note  that this option can NOT be changed on a live system.  The server
       must be quiesced and then the directories moved with the	 rehash	 util‐
       ity.

       guid_mode: off
	    The	 method	 used to calculate Globally Unique IDentifiers of mes‐
	    sages (used by the replication engine).  The "sha1" method	calcu‐
	    lates a SHA1 hash of the entire message

	    Allowed values: off, sha1

       hashimapspool: 0
	    If enabled, the partitions will also be hashed, in addition to the
	    hashing done on configuration directories.	This is recommended if
	    one partition has a very bushy mailbox tree.

       hostname_mechs: <none>
	    Force a particular list of SASL mechanisms to be used when authen‐
	    ticating to the backend server hostname  (where  hostname  is  the
	    short  hostname of the server in question). If it is not specified
	    it will query the server for available mechanisms and pick one  to
	    use. - Cyrus Murder

       hostname_password: <none>
	    The password to use for authentication to the backend server host‐
	    name (where hostname is the short hostname of the server) -	 Cyrus
	    Murder

       idlesocket: {configdirectory}/socket/idle
	    Unix domain socket that idled listens on.

       ignorereference: 0
	    For	 backwards  compatibility  with	 Cyrus	1.5.10	and earlier --
	    ignore the reference argument in LIST or LSUB commands.

       imapidlepoll: 60
	    The interval (in seconds) for  polling  for	 mailbox  changes  and
	    ALERTs  while  running the IDLE command.  This option is used when
	    idled is not enabled or can not be contacted.  The	minimum	 value
	    is 1.  A value of 0 will disable IDLE.

       imapidresponse: 1
	    If	enabled, the server responds to an ID command with a parameter
	    list containing: version,  vendor,	support-url,  os,  os-version,
	    command,  arguments,  environment.	 Otherwise  the server returns
	    NIL.

       imapmagicplus: 0
	    Only list  a  restricted  set  of  mailboxes  via  IMAP  by	 using
	    userid+namespace  syntax  as  the authentication/authorization id.
	    Using userid+ (with an empty namespace) will list only  subscribed
	    mailboxes.

       implicit_owner_rights: lca
	    The implicit Access Control List (ACL) for the owner of a mailbox.

       @include: <none>
	    Directive which includes the specified file as part of the config‐
	    uration.  If the path to the file is not absolute,	CYRUS_PATH  is
	    prepended.

       improved_mboxlist_sort: 0
	    If enabled, a special comparator will be used which will correctly
	    sort mailbox names that contain characters such as ' ' and '-'.

       Note that this option SHOULD NOT be changed  on	a  live	 system.   The
       mailboxes  database  should  be	dumped	before	the option is changed,
       removed, and then undumped after changing the option.

       ldap_authz: <none>
	    SASL authorization ID for the LDAP server

       ldap_base: <empty string>
	    Contains the LDAP base dn for the LDAP ptloader module

       ldap_bind_dn: <none>
	    Bind DN for the connection to the LDAP server (simple  bind).   Do
	    not use for anonymous simple binds

       ldap_deref: never
	    Specify how aliases dereferencing is handled during search.

	    Allowed values: search, find, always, never

       ldap_filter: (uid=%u)
	    Specify  a	filter	that searches user identifiers.	 The following
	    tokens can be used in the filter string:

	    %%	 = % %u	  = user %U   = user portion of %u (%U = test when  %u
	    =  test@domain.tld) %d   = domain portion of %u if available (%d =
	    domain.tld when %u = %test@domain.tld), otherwise same  as	%r  %D
	    =  user  dn.   (use when ldap_member_method: filter) %1-9 = domain
	    tokens (%1 = tld, %2 = domain when %d = domain.tld)

	    ldap_filter is not used when ldap_sasl is enabled.

       ldap_group_base: <empty string>
	    LDAP base dn for ldap_group_filter.

       ldap_group_filter: (cn=%u)
	    Specify  a	filter	that  searches	for  group  identifiers.   See
	    ldap_filter for more options.

       ldap_group_scope: sub
	    Specify search scope for ldap_group_filter.

	    Allowed values: sub, one, base

       ldap_id: <none>
	    SASL authentication ID for the LDAP server

       ldap_mech: <none>
	    SASL mechanism for LDAP authentication

       ldap_member_attribute: <none>
	    See ldap_member_method.

       ldap_member_base: <empty string>
	    LDAP base dn for ldap_member_filter.

       ldap_member_filter: (member=%D)
	    Specify  a filter for "ldap_member_method: filter".	 See ldap_fil‐
	    ter for more options.

       ldap_member_method: attribute
	    Specify a group method.  The "attribute" method  retrieves	groups
	    from a multi-valued attribute specified in ldap_member_attribute.

	    The	 "filter"  method uses a filter, specified by ldap_member_fil‐
	    ter, to  find  groups;  ldap_member_attribute  is  a  single-value
	    attribute group name.

	    Allowed values: attribute, filter

       ldap_member_scope: sub
	    Specify search scope for ldap_member_filter.

	    Allowed values: sub, one, base

       ldap_password: <none>
	    Password  for  the	connection to the LDAP server (SASL and simple
	    bind).  Do not use for anonymous simple binds

       ldap_realm: <none>
	    SASL realm for LDAP authentication

       ldap_referrals: 0
	    Specify whether or not the client should follow referrals.

       ldap_restart: 1
	    Specify whether or	not  LDAP  I/O	operations  are	 automatically
	    restarted if they abort prematurely.

       ldap_sasl: 1
	    Use SASL for LDAP binds in the LDAP PTS module.

       ldap_sasl_authc: <none>
	    Deprecated.	 Use ldap_id

       ldap_sasl_authz: <none>
	    Deprecated.	 Use ldap_authz

       ldap_sasl_mech: <none>
	    Deprecated.	 Use ldap_mech

       ldap_sasl_password: <none>
	    Deprecated.	 User ldap_password

       ldap_sasl_realm: <none>
	    Deprecated.	 Use ldap_realm

       ldap_scope: sub
	    Specify search scope.

	    Allowed values: sub, one, base

       ldap_servers: ldap://localhost/
	    Deprecated.	 Use ldap_uri

       ldap_size_limit: 1
	    Specify a number of entries for a search request to return.

       ldap_start_tls: 0
	    Use	 StartTLS extended operation.  Do not use ldaps: ldap_uri when
	    this option is enabled.

       ldap_time_limit: 5
	    Specify a number of seconds for a search request to complete.

       ldap_timeout: 5
	    Specify a number of seconds a search can take before timing out.

       ldap_tls_cacert_dir: <none>
	    Path to directory with CA (Certificate Authority) certificates.

       ldap_tls_cacert_file: <none>
	    File containing CA (Certificate Authority) certificate(s).

       ldap_tls_cert: <none>
	    File containing the client certificate.

       ldap_tls_check_peer: 0
	    Require and verify server certificate.  If this option is yes, you
	    must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.

       ldap_tls_ciphers: <none>
	    List  of  SSL/TLS  ciphers	to allow.  The format of the string is
	    described in ciphers(1).

       ldap_tls_key: <none>
	    File containing the private client key.

       ldap_uri: <none>
	    Contains a list of the URLs of all the LDAP servers when using the
	    LDAP PTS module.

       ldap_version: 3
	    Specify  the  LDAP	protocol  version.   If	 ldap_start_tls and/or
	    ldap_use_sasl are enabled, ldap_version will be automatically  set
	    to 3.

       lmtp_downcase_rcpt: 0
	    If	enabled, lmtpd will convert the recipient address to lowercase
	    (up to a '+' character, if present).

       lmtp_fuzzy_mailbox_match: 0
	    If enabled, and the mailbox specified in the detail	 part  of  the
	    recipient  (everything  after  the '+') does not exist, lmtpd will
	    try to find the closest match (ignoring case, ignoring whitespace,
	    falling back to parent) to the specified mailbox name.

       lmtp_over_quota_perm_failure: 0
	    If	enabled,  lmtpd returns a permanent failure code when a user's
	    mailbox is over quota.  By	default,  the  failure	is  temporary,
	    causing the MTA to queue the message and retry later.

       lmtp_strict_quota: 0
	    If enabled, lmtpd returns a failure code when the incoming message
	    will cause the user's mailbox to exceed its	 quota.	  By  default,
	    the failure won't occur until the mailbox is already over quota.

       lmtpsocket: {configdirectory}/socket/lmtp
	    Unix domain socket that lmtpd listens on, used by deliver(8). This
	    should match the path specified in cyrus.conf(5).

       loginrealms: <empty string>
	    The list of remote	realms	whose  users  may  authenticate	 using
	    cross-realm	 authentication identifiers.  Separate each realm name
	    by a space.	 (A cross-realm identity is  considered	 any  identity
	    returned by SASL with an "@" in it.).

       loginuseacl: 0
	    If	enabled,  any  authentication identity which has a rights on a
	    user's INBOX may log in as that user.

       logtimestamps: 0
	    Include notations in the protocol telemetry	 logs  indicating  the
	    number of seconds since the last command or response.

       mailnotifier: <none>
	    Notifyd(8)	method	to  use for "MAIL" notifications.  If not set,
	    "MAIL" notifications are disabled.

       maxmessagesize: 0
	    Maximum incoming LMTP  message  size.   If	non-zero,  lmtpd  will
	    reject  messages  larger  than maxmessagesize bytes.  If set to 0,
	    this will allow messages of any size (the default).

       mboxkey_db: skiplist
	    The cyrusdb backend to use for mailbox keys.

	    Allowed values: berkeley, skiplist

       mboxlist_db: skiplist
	    The cyrusdb backend to use for the mailbox list.

	    Allowed values: flat, berkeley, berkeley-hash, skiplist

       metapartition_files: <empty string>
	    Space-separated list of metadata files to be  stored  on  a	 meta‐
	    partition  rather  than in the mailbox directory on a spool parti‐
	    tion.

	    Allowed values: header, index, cache, expunge, squat

       metapartition-name: <none>
	    The pathname of the	 metadata  partition  name,  corresponding  to
	    spool  partition  partition-name.	For  any mailbox residing in a
	    directory on partition-name, the metadata files  listed  in	 meta‐
	    partition_files  will  be  stored  in a corresponding directory on
	    metapartition-name.	  Note that not every partition-name option is
	    required  to  have	a  corresponding metapartition-name option, so
	    that you can selectively choose which spool partitions  will  have
	    separate metadata partitions.

       mupdate_authname: <none>
	    The SASL username (Authentication Name) to use when authenticating
	    to the mupdate server (if needed).

       mupdate_config: standard
	    The configuration of the mupdate servers in the Cyrus Murder.  The
	    "standard"	config	is  one	 in  which there are discreet frontend
	    (proxy) and backend servers.  The "unified" config is one in which
	    a  server  can  be	both a frontend and backend.  The "replicated"
	    config is one in which multiple backend servers all share the same
	    mailspool,	but  each  have	 their	own "replicated" copy of mail‐
	    boxes.db.

	    Allowed values: standard, unified, replicated

       md5_dir: <none>
	    Top level directory for MD5 store manipulated  by  make_md5.  File
	    structure  within  this directory is one file for each user on the
	    system,  hashed  on	 the  first  letter  of	  the	userid	 (e.g:
	    /var/imap/md5/d/dpc22).

       md5_user_map: <none>
	    Map	 file  (cdb)  to allow partial make_md5 runs. Maps username to
	    UID

       munge8bit: 1
	    If enabled, lmtpd munges messages with  8-bit  characters  in  the
	    headers.   The 8-bit characters are changed to `X'.	 If reject8bit
	    is enabled, setting munge8bit has no effect.  (A  proper  solution
	    to	non-ASCII characters in headers is offered by RFC 2047 and its
	    predecessors.)

       mupdate_connections_max: 128
	    The max number of connections that a mupdate process  will	allow,
	    this  is  related to the number of file descriptors in the mupdate
	    process.  Beyond  this  number  connections	 will  be  immediately
	    issued a BYE response.

       mupdate_password: <none>
	    The	 SASL  password	 (if needed) to use when authenticating to the
	    mupdate server.

       mupdate_port: 3905
	    The port of the mupdate server for the Cyrus Murder

       mupdate_realm: <none>
	    The SASL realm (if needed) to use when authenticating to the  mup‐
	    date server.

       mupdate_retry_delay: 20
	    The	 base  time  to wait between connection retries to the mupdate
	    server.

       mupdate_server: <none>
	    The mupdate server for the Cyrus Murder

       mupdate_username: <empty string>
	    The SASL username (Authorization Name) to use when	authenticating
	    to the mupdate server

       mupdate_workers_max: 50
	    The maximum number of mupdate worker threads (overall)

       mupdate_workers_maxspare: 10
	    The maximum number of idle mupdate worker threads

       mupdate_workers_minspare: 2
	    The minimum number of idle mupdate worker threads

       mupdate_workers_start: 5
	    The number of mupdate worker threads to start

       netscapeurl: <none>
	    If	enabled	 at  compile  time, this specifies a URL to reply when
	    Netscape asks the server where the mail administration HTTP server
	    is.	 Administrators should set this to a local resource.

       newsmaster: news
	    Userid  that  is  used for checking access controls when executing
	    Usenet control messages.  For instance, to allow  articles	to  be
	    automatically deleted by cancel messages, give the "news" user the
	    'd' right on the desired mailboxes.	 To  allow  newsgroups	to  be
	    automatically  created,  deleted  and renamed by the corresponding
	    control messages, give the	"news"	user  the  'c'	right  on  the
	    desired mailbox hierarchies.

       newspeer: <none>
	    A list of whitespace-separated news server specifications to which
	    articles should be fed.  Each server specification is a string  of
	    the	 form  [user[:pass]@]host[:port][/wildmat] where 'host' is the
	    fully qualified hostname of the server,  'port'  is	 the  port  on
	    which the server is listening, 'user' and 'pass' are the authenti‐
	    cation credentials and 'wildmat' is a pattern that specifies which
	    groups  should  be	fed.   If  no 'port' is specified, port 119 is
	    used.  If no 'wildmat' is  specified,  all	groups	are  fed.   If
	    'user'  is	specified  (even if empty), then the NNTP POST command
	    will be used to feed the article  to  the  server,	otherwise  the
	    IHAVE command will be used.

	    A  '@' may be used in place of '!' in the wildmat to prevent feed‐
	    ing articles cross-posted to the  given  group,  otherwise	cross-
	    posted  articles  are fed if any part of the wildmat matches.  For
	    example, the string "peer.example.com:*,!control.*,@local.*" would
	    feed  all  groups  except  control	messages  and  local groups to
	    peer.example.com.  In the case of cross-posting to	local  groups,
	    these articles would not be fed.

       newspostuser: <none>
	    Userid  used to deliver usenet articles to newsgroup folders (usu‐
	    ally via lmtp2nntp).  For example, if set to "post", email sent to
	    "post+comp.mail.imap"  would  be delivered to the "comp.mail.imap"
	    folder.

	    When set, the Cyrus NNTP server will add  a	 To:  header  to  each
	    incoming  usenet  article.	 This  To:  header  will contain email
	    delivery addresses corresponding to each newsgroup	in  the	 News‐
	    groups:  header.   By default, a To: header is not added to usenet
	    articles.

       newsprefix: <none>
	    Prefix to be prepended to newsgroup names to make the  correspond‐
	    ing IMAP mailbox names.

       nntptimeout: 3
	    Set	 the  length of the NNTP server's inactivity autologout timer,
	    in minutes.	 The minimum value is 3, the default.

       notifysocket: {configdirectory}/socket/notify
	    Unix domain socket that the mail notification daemon listens on.

       partition-name: <none>
	    The pathname of the partition name.	 At least one field,  for  the
	    partition  named in the defaultpartition option, is required.  For
	    example, if the value of the  defaultpartion  option  is  default,
	    then the partition-default field is required.

       plaintextloginpause: 0
	    Number  of	seconds	 to  pause after a successful plaintext login.
	    For systems that support strong authentication, this permits users
	    to	perceive  a cost of using plaintext passwords.	(This does not
	    affect the use of PLAIN in SASL authentications.)

       plaintextloginalert: <none>
	    Message to send to client after a successful plaintext login.

       popexpiretime: -1
	    The number of days advertised as being the minimum a  message  may
	    be	left on the POP server before it is deleted (via the CAPA com‐
	    mand, defined in the POP3 Extension Mechanism, which some  clients
	    may support).  "NEVER", the default, may be specified with a nega‐
	    tive number.  The Cyrus POP3 server never deletes mail, no	matter
	    what  the  value  of this parameter is.  However, if a site imple‐
	    ments a less liberal policy, it needs  to  change  this  parameter
	    accordingly.

       popminpoll: 0
	    Set	 the  minimum  amount  of time the server forces users to wait
	    between successive POP logins, in minutes.

       popsubfolders: 0
	    Allow access to subfolders of INBOX via POP3 by using  userid+sub‐
	    folder syntax as the authentication/authorization id.

       poppollpadding: 1
	    Create  a  softer minimum poll restriction.	 Allows poppollpadding
	    connections before the minpoll restriction	is  triggered.	 Addi‐
	    tionally, one padding entry is recovered every popminpoll minutes.
	    This allows for the occasional polling rate	 faster	 than  popmin‐
	    poll,  (i.e. for clients that require a send/receive to send mail)
	    but still enforces the rate long-term.  Default is 1 (disabled).

	    The easiest way to think of it is a	 queue	of  past  connections,
	    with  one  slot  being  filled  for every connection, and one slot
	    being cleared every popminpoll minutes. When the  queue  is	 full,
	    the	 user  will  not  be  able to check mail again until a slot is
	    cleared.  If the user waits a sufficient amount of time, they will
	    get back many or all of the slots.

       poptimeout: 10
	    Set the length of the POP server's inactivity autologout timer, in
	    minutes.  The minimum value is 10, the default.

       popuseacl: 0
	    Enforce IMAP ACLs in the pop server.  Due to  the  nature  of  the
	    POP3  protocol,  the  only rights which are used by the pop server
	    are 'r' and 'd' for the owner  of  the  mailbox.   The  'r'	 right
	    allows  the	 user  to open the mailbox and list/retrieve messages.
	    The 'd' right allows the user to delete messages.

       postmaster: postmaster
	    Username that is used as the 'From' address in rejection MDNs pro‐
	    duced by sieve.

       postuser: <empty string>
	    Userid  used  to deliver messages to shared folders.  For example,
	    if set to "bb", email sent to "bb+shared.blah" would be  delivered
	    to	the  "shared.blah"  folder.   By  default, an email address of
	    "+shared.blah" would be used.

       proxy_authname: proxy
	    The authentication name to use when authenticating	to  a  backend
	    server in the Cyrus Murder.

       proxy_password: <none>
	    The	 default  password  to	use  when  authenticating to a backend
	    server in the Cyrus Murder.	 May be overridden on a	 host-specific
	    basis using the hostname_password option.

       proxy_realm: <none>
	    The	 authentication	 realm to use when authenticating to a backend
	    server in the Cyrus Murder

       proxyd_allow_status_referral: 0
	    Set to true to allow proxyd to issue  referrals  to	 clients  that
	    support it when answering the STATUS command.  This is disabled by
	    default since some clients issue many STATUS commands  in  a  row,
	    and do not cache the connections that these referrals would cause,
	    thus resulting in a higher authentication load on  the  respective
	    backend server.

       proxyservers: <none>
	    A  list  of	 users	and groups that are allowed to proxy for other
	    users, separated by spaces.	 Any  user  listed  in	this  will  be
	    allowed to login for any other user: use with caution.

       pts_module: afskrb
	    The PTS module to use.

	    Allowed values: afskrb, ldap

       ptloader_sock: <none>
	    Unix  domain  socket  that ptloader listens on.  (defaults to con‐
	    figdir/ptclient/ptsock)

       ptscache_db: berkeley
	    The cyrusdb backend to use for the pts cache.

	    Allowed values: berkeley, berkeley-hash, skiplist

       ptscache_timeout: 10800
	    The timeout (in seconds) for the PTS cache database when using the
	    auth_krb_pts authorization method (default: 3 hours).

       ptskrb5_convert524: 1
	    When  using	 the AFSKRB ptloader module with Kerberos 5 canonical‐
	    ization, do the final 524 conversion to get a  n  AFS  style  name
	    (using '.' instead of '/', and using short names

       ptskrb5_strip_default_realm: 1
	    When  using	 the AFSKRB ptloader module with Kerberos 5 canonical‐
	    ization, strip the default realm from the userid  (this  does  not
	    affect the stripping of realms specified by the afspts_localrealms
	    option)

       quota_db: quotalegacy
	    The cyrusdb backend to use for quotas.

	    Allowed values: flat, berkeley, berkeley-hash, skiplist,  quotale‐
	    gacy

       quotawarn: 90
	    The	 percent  of quota utilization over which the server generates
	    warnings.

       quotawarnkb: 0
	    The maximum amount of free space (in kB) in which to give a	 quota
	    warning  (if this value is 0, or if the quota is smaller than this
	    amount, than warnings are always given).

       reject8bit: 0
	    If enabled, lmtpd rejects messages with 8-bit  characters  in  the
	    headers.

       rfc2046_strict: 0
	    If enabled, imapd will be strict (per RFC 2046) when matching MIME
	    boundary strings.  This means  that	 boundaries  containing	 other
	    boundaries	as  substrings	will  be  treated as identical.	 Since
	    enabling this option will break some messages  created  by	Eudora
	    5.1	 (and  earlier),  it  is  recommended that it be left disabled
	    unless there is good reason to do otherwise.

       rfc3028_strict: 1
	    If enabled, Sieve will be strict (per RFC 3028)  with  regards  to
	    which  headers  are	 allowed  to  be  used in address and envelope
	    tests.  This means that only those headers which  are  defined  to
	    contain  addresses	will be allowed in address tests and only "to"
	    and "from" will be allowed in envelope tests.  When disabled,  ANY
	    grammatically correct header will be allowed.

       sasl_auto_transition: 0
	    If enabled, the SASL library will automatically create authentica‐
	    tion secrets when given a plaintext password.  See the SASL	 docu‐
	    mentation.

       sasl_maximum_layer: 256
	    Maximum  SSF (security strength factor) that the server will allow
	    a client to negotiate.

       sasl_minimum_layer: 0
	    The minimum SSF that the server will allow a client to  negotiate.
	    A  value  of  1  requires  integrity  protection; any higher value
	    requires some amount of encryption.

       sasl_option: 0
	    Any SASL option can be set by preceding  it	 with  "sasl_".	  This
	    file overrides the SASL configuration file.

       sasl_pwcheck_method: <none>
	    The	 mechanism  used  by the server to verify plaintext passwords.
	    Possible values include "auxprop", "saslauthd", and "pwcheck".

       seenstate_db: skiplist
	    The cyrusdb backend to use for the seen state.

	    Allowed values: flat, berkeley, berkeley-hash, skiplist

       sendmail: /usr/lib/sendmail
	    The pathname of the sendmail executable.  Sieve  invokes  sendmail
	    for sending rejections, redirects and vacation responses.

       servername: <none>
	    This  is the hostname visible in the greeting messages of the POP,
	    IMAP and LMTP daemons. If it is unset, then	 the  result  returned
	    from gethostname(2) is used.

       sha1_dir: <none>
	    Top	 level directory for SHA1 store manipulated by make_sha1. File
	    structure within this directory is one file for each user  on  the
	    system,   hashed   on   the	 first	letter	of  the	 userid	 (e.g:
	    /var/imap/sha1/d/dpc22).

       sharedprefix: Shared Folders
	    If using the alternate IMAP namespace, the prefix for  the	shared
	    namespace.	  The	hierarchy   delimiter  will  be	 automatically
	    appended.

       sieve_allowreferrals: 1
	    If enabled, timsieved will issue referrals	to  clients  when  the
	    user's  scripts  reside  on a remote server (in a Murder).	Other‐
	    wise, timsieved will proxy traffic to the remote server.

       sieve_extensions: fileinto reject vacation  imapflags  notify  envelope
       relational regex subaddress copy
	    Space-separated  list  of  Sieve  extensions allowed to be used in
	    sieve scripts, enforced at submission by timsieved(8).  Any previ‐
	    ously  installed script will be unaffected by this option and will
	    continue to execute	 regardless  of	 the  extensions  used.	  This
	    option  has no effect on options that are disabled at compile time
	    (e.g. "regex").

	    Allowed values: fileinto,  reject,	vacation,  imapflags,  notify,
	    include, envelope, body, relational, regex, subaddress, copy

       sieve_maxscriptsize: 32
	    Maximum  size  (in kilobytes) any sieve script can be, enforced at
	    submission by timsieved(8).

       sieve_maxscripts: 5
	    Maximum number of sieve scripts any user  may  have,  enforced  at
	    submission by timsieved(8).

       sievedir: /usr/sieve
	    If	sieveusehomedir is false, this directory is searched for Sieve
	    scripts.

       sievenotifier: <none>
	    Notifyd(8) method to use for "SIEVE" notifications.	 If  not  set,
	    "SIEVE" notifications are disabled.

       This method is only used when no method is specified in the script.

       sieveusehomedir: 0
	    If	enabled,  lmtpd	 will  look  for  Sieve scripts in user's home
	    directories: ~user/.sieve.

       singleinstancestore: 1
	    If enabled, imapd, lmtpd and nntpd attempt to only write one  copy
	    of	a  message per partition and create hard links, resulting in a
	    potentially large disk savings.

       skiplist_unsafe: 0
	    If enabled, this option forces the skiplist cyrusdb backend to not
	    sync writes to the disk.  Enabling this option is NOT RECOMMENDED.

       soft_noauth: 1
	    If	enabled,  lmtpd	 returns temporary failures if the client does
	    not successfully authenticate.  Otherwise lmtpd returns  permanent
	    failures (causing the mail to bounce immediately).

       srvtab: <empty string>
	    The	 pathname  of srvtab file containing the server's private key.
	    This option is passed  to  the  SASL  library  and	overrides  its
	    default setting.

       submitservers: <none>
	    A	list   of  users  and  groups  that  are  allowed  to  resolve
	    "urlauth=submit+" IMAP URLs, separated by spaces.  Any user listed
	    in	this  will  be	allowed	 to  fetch  the	 contents of any valid
	    "urlauth=submit+" IMAP URL: use with caution.

       subscription_db: flat
	    The cyrusdb backend to use for the subscriptions list.

	    Allowed values: flat, berkeley, berkeley-hash, skiplist

       sync_authname: <none>
	    The authentication name to	use  when  authenticating  to  a  sync
	    server.

       sync_batch_size: 0
	    Maximum  number of messages to upload to a replica at one time.  A
	    batch size of 0, the default, will disable batching (ALL  messages
	    will be sent).

       sync_host: <none>
	    Name  of the host (replica running sync_server(8)) to which repli‐
	    cation actions will be sent by sync_client(8).

       sync_log: 0
	    Enable replication action logging by lmtpd(8), imapd(8), pop3d(8),
	    and	 nntpd(8).   The  log  {configdirectory}/sync/log  is  used by
	    sync_client(8) for "rolling" replication.

       sync_password: <none>
	    The default password to use when authenticating to a sync server.

       sync_realm: <none>
	    The authentication realm to use  when  authenticating  to  a  sync
	    server.

       sync_repeat_interval: 1
	    Minimum  interval (in seconds) between replication runs in rolling
	    replication mode. If a replication	run  takes  longer  than  this
	    time, we repeat immediately.

       sync_shutdown_file: <none>
	    Simple  latch used to tell sync_client(8) that it should shut down
	    at the next opportunity. Safer than	 sending  signals  to  running
	    processes

       syslog_prefix: <none>
	    String to be prepended to the process name in syslog entries.

       temp_path: /tmp
	    The pathname to store temporary files in

       timeout: 30
	    The	 length	 of  the IMAP server's inactivity autologout timer, in
	    minutes.  The minimum value is 30, the default.

       tls_ca_file: <none>
	    File containing one or more Certificate  Authority	(CA)  certifi‐
	    cates.

       tls_ca_path: <none>
	    Path  to  directory with certificates of CAs.  This directory must
	    have filenames with the  hashed  value  of	the  certificate  (see
	    openssl(XXX)).

       tlscache_db: berkeley-nosync
	    The cyrusdb backend to use for the TLS cache.

	    Allowed  values:  berkeley, berkeley-nosync, berkeley-hash, berke‐
	    ley-hash-nosync, skiplist

       tls_cert_file: <none>
	    File containing the certificate presented for  server  authentica‐
	    tion during STARTTLS.  A value of "disabled" will disable SSL/TLS.

       tls_cipher_list: DEFAULT
	    The list of SSL/TLS ciphers to allow.  The format of the string is
	    described in ciphers(1).

       tls_key_file: <none>
	    File containing the private key belonging to the  server  certifi‐
	    cate.  A value of "disabled" will disable SSL/TLS.

       tls_require_cert: 0
	    Require  a	client certificate for ALL services (imap, pop3, lmtp,
	    sieve).

       tls_session_timeout: 1440
	    The length of time (in minutes) that a TLS session will be	cached
	    for	 later	reuse.	 The  maximum  value  is  1440 (24 hours), the
	    default.  A value of 0 will disable session caching.

       umask: 077
	    The umask value used by various Cyrus IMAP programs.

       username_tolower: 1
	    Convert usernames  to  all	lowercase  before  login/authenticate.
	    This is useful with authentication backends which ignore case dur‐
	    ing username lookups (such as LDAP).

       userprefix: Other Users
	    If using the alternate IMAP namespace, the prefix  for  the	 other
	    users  namespace.	The  hierarchy delimiter will be automatically
	    appended.

       unix_group_enable: 1
	    Should we look up groups when using auth_unix (disable this if you
	    are	 not  using  groups  in ACLs for your IMAP server, and you are
	    using auth_unix with a backend (such as LDAP) that can  make  get‐
	    grent() calls very slow)

       unixhierarchysep: 0
	    Use	 the  UNIX  separator  character  '/' for delimiting levels of
	    mailbox hierarchy.	The default is to use  the  netnews  separator
	    character '.'.

       virtdomains: off
	    Enable virtual domain support.  If enabled, the user's domain will
	    be determined by splitting a fully qualified userid	 at  the  last
	    '@'	 or '%' symbol.	 If the userid is unqualified, and the virtdo‐
	    mains option is set to "on", then the domain will be determined by
	    doing  a  reverse lookup on the IP address of the incoming network
	    interface, otherwise the user is assumed  to  be  in  the  default
	    domain (if set).

	    Allowed values: off, userid, on

       normalizeuid: 1
	    Lowercase  uid and strip leading and trailing blanks. It is recom‐
	    mended to set this to yes,	especially  if	OpenLDAP  is  used  as
	    authentication source.

       lmtp_luser_relay: <none>
	    Send  mail	to mailboxes, which do not exists, to this user. NOTE:
	    This must be an existing local mailbox name. NOT an email address!

SEE ALSO
       imapd(8), pop3d(8), nntpd(8), lmtpd(8), timsieved(8),  idled(8),	 noti‐
       fyd(8), deliver(8), master(8), ciphers(1)

CMU				 Project Cyrus			 IMAPD.CONF(5)
[top]

List of man pages available for SuSE

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net