| [vhffs-dev] [953] Updated courier configuration files examples (with comments) |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 953
Author: gradator
Date: 2007-09-30 15:14:12 +0000 (Sun, 30 Sep 2007)
Log Message:
-----------
Updated courier configuration files examples (with comments)
Modified Paths:
--------------
trunk/vhffs-doc/config/courier/authdaemonrc
trunk/vhffs-doc/config/courier/authpgsqlrc
trunk/vhffs-doc/config/courier/imapd
trunk/vhffs-doc/config/courier/imapd-ssl
trunk/vhffs-doc/config/courier/pop3d
trunk/vhffs-doc/config/courier/pop3d-ssl
Modified: trunk/vhffs-doc/config/courier/authdaemonrc
===================================================================
--- trunk/vhffs-doc/config/courier/authdaemonrc 2007-09-30 12:20:12 UTC (rev 952)
+++ trunk/vhffs-doc/config/courier/authdaemonrc 2007-09-30 15:14:12 UTC (rev 953)
@@ -1,5 +1,68 @@
+##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
+#
+# Copyright 2000-2001 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# authdaemonrc created from authdaemonrc.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# This file configures authdaemond, the resident authentication daemon.
+#
+# Comments in this file are ignored. Although this file is intended to
+# be sourced as a shell script, authdaemond parses it manually, so
+# the acceptable syntax is a bit limited. Multiline variable contents,
+# with the \ continuation character, are not allowed. Everything must
+# fit on one line. Do not use any additional whitespace for indentation,
+# or anything else.
+
+##NAME: authmodulelist:0
+#
+# The authentication modules that are linked into authdaemond. The
+# default list is installed. You may selectively disable modules simply
+# by removing them from the following list. The available modules you
+# can use are: authcustom authcram authuserdb authldap authpgsql authmysql authpam
+
authmodulelist="authpgsql"
+
+##NAME: authmodulelistorig:1
+#
+# This setting is used by Courier's webadmin module, and should be left
+# alone
+
authmodulelistorig="authcustom authcram authuserdb authldap authpgsql authmysql authpam"
+
+##NAME: daemons:0
+#
+# The number of daemon processes that are started. authdaemon is typically
+# installed where authentication modules are relatively expensive: such
+# as authldap, or authmysql, so it's better to have a number of them running.
+# PLEASE NOTE: Some platforms may experience a problem if there's more than
+# one daemon. Specifically, SystemV derived platforms that use TLI with
+# socket emulation. I'm suspicious of TLI's ability to handle multiple
+# processes accepting connections on the same filesystem domain socket.
+#
+# You may need to increase daemons if as your system load increases. Symptoms
+# include sporadic authentication failures. If you start getting
+# authentication failures, increase daemons. However, the default of 5
+# SHOULD be sufficient. Bumping up daemon count is only a short-term
+# solution. The permanent solution is to add more resources: RAM, faster
+# disks, faster CPUs...
+
daemons=5
+
+##NAME: version:0
+#
+# When you have multiple versions of authdaemond.* installed, authdaemond
+# just picks the first one it finds. Set "version" to override that.
+# For example: version=authdaemond.plain
+
version=""
+
+##NAME: authdaemonvar:0
+#
+# authdaemonvar is here, but is not used directly by authdaemond. It's
+# used by various configuration and build scripts, so don't touch it!
+
authdaemonvar=/var/run/courier/authdaemon
Modified: trunk/vhffs-doc/config/courier/authpgsqlrc
===================================================================
--- trunk/vhffs-doc/config/courier/authpgsqlrc 2007-09-30 12:20:12 UTC (rev 952)
+++ trunk/vhffs-doc/config/courier/authpgsqlrc 2007-09-30 15:14:12 UTC (rev 953)
@@ -1,19 +1,233 @@
+#
+# Copyright 2000-2004 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# authpgsqlrc created from authpgsqlrc.dist by sysconftool
+#
+# DO NOT INSTALL THIS FILE with world read permissions. This file
+# might contain the PostgreSQL admin password!
+#
+# Each line in this file must follow the following format:
+#
+# field[spaces|tabs]value
+#
+# That is, the name of the field, followed by spaces or tabs, followed by
+# field value. Trailing spaces are prohibited.
+
+
+##NAME: LOCATION:0
+#
+# The server hostname, port, userid, and password used to log in.
+#
+# To connect to a filesystem socket, delete PGSQL_HOST, and set PGSQL_PORT to
+# the socket's last component. So, if your pg socket is /tmp/.s.PGSQL.5400
+# set PGSQL_PORT to 5400.
+
PGSQL_HOST 127.0.0.1
PGSQL_PORT 5432
PGSQL_USERNAME vhffs
-PGSQL_PASSWORD pass
+PGSQL_PASSWORD vhffs
+
+
+##NAME: PGSQL_OPT:0
+#
+# PGSQL_OPT specifies the connection debug options to PQsetdbLogin().
+# Don't bother with this setting unless you know what you're doing
+#
+# PGSQL_OPT
+
+##NAME: PGSQL_DATABASE:0
+#
+# The name of the MySQL database we will open:
+
PGSQL_DATABASE vhffs
+
+##NAME: PGSQL_USER_TABLE:0
+#
+# The name of the table containing your user data. See README.authmysqlrc
+# for the required fields in this table (both MySQL and Postgress use the
+# same suggested layout.
+
PGSQL_USER_TABLE vhffs_boxes
-PGSQL_CRYPT_PWFIELD password_hash
-PGSQL_CLEAR_PWFIELD password
+
+##NAME: PGSQL_CRYPT_PWFIELD:0
+#
+# Either PGSQL_CRYPT_PWFIELD or PGSQL_CLEAR_PWFIELD must be defined. Both
+# are OK too. crypted passwords go into PGSQL_CRYPT_PWFIELD, cleartext
+# passwords go into PGSQL_CLEAR_PWFIELD. Cleartext passwords allow
+# CRAM-MD5 authentication to be implemented.
+PGSQL_CRYPT_PWFIELD password
+
+##NAME: PGSQL_CLEAR_PWFIELD:0
+#
+#
+#PGSQL_CLEAR_PWFIELD password
+
+##NAME: PGSQL_DEFAULT_DOMAIN:0
+#
+# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
+# we will look up 'user@DEFAULT_DOMAIN' instead.
+#
+#
DEFAULT_DOMAIN vhffs.org
+
PGSQL_DOMAIN_FIELD domain
+##NAME: PGSQL_UID_FIELD:0
+#
+# Other fields in the mysql table:
+#
+# PGSQL_UID_FIELD - contains the numerical userid of the account
+#
+#UID_FILED 102
+#GID_FILED 104
PGSQL_UID_FIELD 102 as uid
-PGSQL_GID_FIELD 102 as gid
+
+##NAME: PGSQL_GID_FIELD:0
+#
+# Numerical groupid of the account
+PGSQL_GID_FIELD 104 as gid
+
+##NAME: PGSQL_LOGIN_FIELD:0
+#
+# The login id, default is id. Basically the query is:
+#
+# SELECT PGSQL_UID_FIELD, PGSQL_GID_FIELD, ... WHERE id='loginid'
+#
+
PGSQL_LOGIN_FIELD local_part
PGSQL_USER_FIELD local_part
+
+##NAME: PGSQL_HOME_FIELD:0
+#
+
PGSQL_HOME_FIELD mbox_name
HOME_PREFIX /data/mail/boxes
-PGSQL_SELECT_CLAUSE SELECT local_part||'@'||domain , password_hash, password, 102 as uid, 102 as gid, '/data/mail/boxes/'||domain_hash||'/', mbox_name || '/Maildir', '', '', '' FROM vhffs_boxes WHERE local_part = '$(local_part)' AND domain='$(domain)'
-PGSQL_ENUMERATE_CLAUSE SELECT local_part, 102 as uid, 102 as gid, domain_hash|| '/'|| mbox_name), '' FROM vhffs_boxes WHERE local_part = '$(local_part)' AND domain = '$(domain)'
-PGSQL_CHPASS_CLAUSE UPDATE vhffs_boxes SET clearpw='$(newpass)', password_hash='$(newpass_crypt)' WHERE local_part='$(local_part)' AND domain_name='$(domain)'
+##NAME: PGSQL_NAME_FIELD:0
+#
+# The user's name (optional)
+
+#PGSQL_NAME_FIELD name
+
+##NAME: PGSQL_MAILDIR_FIELD:0
+#
+# This is an optional field, and can be used to specify an arbitrary
+# location of the maildir for the account, which normally defaults to
+# $HOME/Maildir (where $HOME is read from PGSQL_HOME_FIELD).
+#
+# You still need to provide a PGSQL_HOME_FIELD, even if you uncomment this
+# out.
+#
+# PGSQL_MAILDIR_FIELD maildir
+
+##NAME: PGSQL_DEFAULTDELIVERY:0
+#
+# Courier mail server only: optional field specifies custom mail delivery
+# instructions for this account (if defined) -- essentially overrides
+# DEFAULTDELIVERY from ${sysconfdir}/courierd
+#
+# PGSQL_DEFAULTDELIVERY defaultDelivery
+
+##NAME: PGSQL_QUOTA_FIELD:0
+#
+# Define PGSQL_QUOTA_FIELD to be the name of the field that can optionally
+# specify a maildir quota. See README.maildirquota for more information
+#
+# PGSQL_QUOTA_FIELD quota
+
+##NAME: PGSQL_AUXOPTIONS:0
+#
+# Auxiliary options. The PGSQL_AUXOPTIONS field should be a char field that
+# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
+# pairs. These names are additional attributes that define various per-account
+# "options", as given in INSTALL's description of the "Account OPTIONS"
+# setting.
+#
+# PGSQL_AUXOPTIONS_FIELD auxoptions
+#
+# You might want to try something like this, if you'd like to use a bunch
+# of individual fields, instead of a single text blob:
+#
+# PGSQL_AUXOPTIONS_FIELD 'disableimap=' || disableimap || ',disablepop3=' || disablepop3 || ',disablewebmail=' || disablewebmail || ',sharedgroup=' || sharedgroup
+#
+# This will let you define fields called "disableimap", etc, with the end result
+# being something that the OPTIONS parser understands.
+
+##NAME: PGSQL_WHERE_CLAUSE:0
+#
+# This is optional, PGSQL_WHERE_CLAUSE can be basically set to an arbitrary
+# fixed string that is appended to the WHERE clause of our query
+#
+# PGSQL_WHERE_CLAUSE server='mailhost.example.com'
+
+##NAME: PGSQL_SELECT_CLAUSE:0
+#
+# (EXPERIMENTAL)
+# This is optional, PGSQL_SELECT_CLAUSE can be set when you have a database,
+# which is structuraly different from proposed. The fixed string will
+# be used to do a SELECT operation on database, which should return fields
+# in order specified bellow:
+#
+# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
+#
+# Enabling this option causes ignorance of any other field-related
+# options, excluding default domain.
+#
+# There are two variables, which you can use. Substitution will be made
+# for them, so you can put entered username (local part) and domain name
+# in the right place of your query. These variables are:
+# $(local_part), $(domain), and $(service)
+#
+# If a $(domain) is empty (not given by the remote user) the default domain
+# name is used in its place.
+#
+# $(service) will expand out to the service being authenticated: imap, imaps,
+# pop3 or pop3s. Courier mail server only: service will also expand out to
+# "courier", when searching for local mail account's location. In this case,
+# if the "maildir" field is not empty it will be used in place of
+# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing
+# authenticated ESMTP.
+#
+# This example is a little bit modified adaptation of vmail-sql
+# database scheme:
+#
+
+PGSQL_SELECT_CLAUSE SELECT local_part||'@'||domain , password, '', 102 as uid, 104 as gid, '/data/mail/boxes/'||domain_hash||'/', mbox_name || '/Maildir', '', '', '' FROM vhffs_boxes WHERE local_part = '$(local_part)' AND domain='$(domain)'
+
+
+##NAME: PGSQL_ENUMERATE_CLAUSE:0
+#
+# {EXPERIMENTAL}
+# Optional custom SQL query used to enumerate accounts for authenumerate,
+# in order to compile a list of accounts for shared folders. The query
+# should return the following fields: name, uid, gid, homedir, maildir
+#
+# Example:
+PGSQL_ENUMERATE_CLAUSE SELECT local_part, 102 as uid, 104 as gid, domain_hash|| '/'|| mbox_name), '' FROM vhffs_boxes WHERE local_part = '$(local_part)' AND domain = '$(domain)'
+
+
+##NAME: PGSQL_CHPASS_CLAUSE:0
+#
+# (EXPERIMENTAL)
+# This is optional, PGSQL_CHPASS_CLAUSE can be set when you have a database,
+# which is structuraly different from proposed. The fixed string will
+# be used to do an UPDATE operation on database. In other words, it is
+# used, when changing password.
+#
+# There are four variables, which you can use. Substitution will be made
+# for them, so you can put entered username (local part) and domain name
+# in the right place of your query. There variables are:
+# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
+#
+# If a $(domain) is empty (not given by the remote user) the default domain
+# name is used in its place.
+# $(newpass) contains plain password
+# $(newpass_crypt) contains its crypted form
+#
+PGSQL_CHPASS_CLAUSE UPDATE vhffs_boxes \
+ SET clearpw='$(newpass)', \
+ password='$(newpass_crypt)' \
+ WHERE local_part='$(local_part)' \
+ AND domain_name='$(domain)'
Modified: trunk/vhffs-doc/config/courier/imapd
===================================================================
--- trunk/vhffs-doc/config/courier/imapd 2007-09-30 12:20:12 UTC (rev 952)
+++ trunk/vhffs-doc/config/courier/imapd 2007-09-30 15:14:12 UTC (rev 953)
@@ -1,29 +1,379 @@
+##VERSION: $Id: imapd.dist.in,v 1.29 2004/04/18 15:54:39 mrsam Exp $
+#
+# imapd created from imapd.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# Copyright 1998 - 2004 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# This configuration file sets various options for the Courier-IMAP server
+# when used with the couriertcpd server.
+# A lot of the stuff here is documented in the manual page for couriertcpd.
+#
+# NOTE - do not use \ to split long variable contents on multiple lines.
+# This will break the default imapd.rc script, which parses this file.
+#
+##NAME: ADDRESS:0
+#
+# Address to listen on, can be set to a single IP address.
+#
+# ADDRESS=127.0.0.1
+
ADDRESS=0
+
+##NAME: PORT:1
+#
+# Port numbers that connections are accepted on. The default is 143,
+# the standard IMAP port.
+#
+# Multiple port numbers can be separated by commas. When multiple port
+# numbers are used it is possible to select a specific IP address for a
+# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
+# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+# The previous ADDRESS setting is a default for ports that do not have
+# a specified IP address.
+
PORT=143
+
+##NAME: AUTHSERVICE:0
+#
+# It's possible to authenticate using a different 'service' parameter
+# depending on the connection's port. This only works with authentication
+# modules that use the 'service' parameter, such as PAM. Example:
+#
+# AUTHSERVICE143=imap
+# AUTHSERVICE993=imaps
+
+##NAME: MAXDAEMONS:0
+#
+# Maximum number of IMAP servers started
+#
+
MAXDAEMONS=40
+
+##NAME: MAXPERIP:0
+#
+# Maximum number of connections to accept from the same IP address
+
MAXPERIP=20
+
+##NAME: PIDFILE:0
+#
+# File where couriertcpd will save its process ID
+#
+
PIDFILE=/var/run/courier/imapd.pid
+
+##NAME: TCPDOPTS:0
+#
+# Miscellaneous couriertcpd options that shouldn't be changed.
+#
+
TCPDOPTS="-nodnslookup -noidentlookup"
+
+##NAME: AUTHMODULES:0
+#
+# Authentication modules. Here's the default list:
+#
+# authdaemon
+#
+# The default is set during the initial configuration.
+#
+# If this is currently set to AUTHMODULES="authdaemon", DO NOT CHANGE IT.
+# Instead, change the parameter authmodulelist in authdaemonrc.
+
AUTHMODULES="authdaemon"
+
+##NAME: AUTHMODULES_ORIG:0
+#
+# For use by webadmin
+
AUTHMODULES_ORIG="authdaemon"
+
+##NAME: DEBUG_LOGIN:0
+#
+# Dump additional login diagnostics to syslog
+#
+# DEBUG_LOGIN=0 - turn off login debugging
+# DEBUG_LOGIN=1 - turn on login debugging
+# DEBUG_LOGIN=2 - turn on login debugging + log passwords too
+#
+# Note that most information is sent to syslog at level 'debug', so
+# you may need to modify your /etc/syslog.conf to be able to see it.
+
DEBUG_LOGIN=1
+
+##NAME: IMAP_CAPABILITY:1
+#
+# IMAP_CAPABILITY specifies what most of the response should be to the
+# CAPABILITY command.
+#
+# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
+# authentication (see INSTALL), set IMAP_CAPABILITY as follows:
+#
+# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
+#
+
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
+
+##NAME: KEYWORDS_CAPABILITY:0
+#
+# IMAP_KEYWORDS=1 enables custom IMAP keywords. Set this option to 0 to
+# disable custom keywords.
+
IMAP_KEYWORDS=1
+
+##NAME: SMAP1_CAPABILITY:0
+#
+# EXPERIMENTAL
+#
+# To enable the experimental "Simple Mail Access Protocol" extensions,
+# uncomment the following setting.
+#
+# SMAP_CAPABILITY=SMAP1
+
+##NAME: IMAP_CAPABILITY_ORIG:1
+#
+# For use by webadmin
+
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
+
+##NAME: IMAP_IDLE_TIMEOUT:0
+#
+# This setting controls how often
+# the server polls for changes to the folder, in IDLE mode (in seconds).
+
IMAP_IDLE_TIMEOUT=60
+
+##NAME: IMAP_CAPABILITY_TLS:0
+#
+# The following setting will advertise SASL PLAIN authentication after
+# STARTTLS is established. If you want to allow SASL PLAIN authentication
+# with or without TLS then just comment this out, and add AUTH=PLAIN to
+# IMAP_CAPABILITY
+
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
+
+##NAME: IMAP_TLS_ORIG:0
+#
+# For use by webadmin
+
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
+
+##NAME: IMAP_DISABLETHREADSORT:0
+#
+# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
+# server side sorting and threading.
+#
+# Those capabilities will still be advertised, but the server will reject
+# them. Set this option if you want to disable all the extra load from
+# server-side threading and sorting. Not advertising those capabilities
+# will simply result in the clients reading the entire folder, and sorting
+# it on the client side. That will still put some load on the server.
+# advertising these capabilities, but rejecting the commands, will stop this
+# silliness.
+#
+
IMAP_DISABLETHREADSORT=0
+
+##NAME: IMAP_CHECK_ALL_FOLDERS:0
+#
+# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
+# mail in every folder. Not all IMAP clients use the IMAP's new mail
+# indicator, but some do. Normally new mail is checked only in INBOX,
+# because it is a comparatively time consuming operation, and it would be
+# a complete waste of time unless mail filters are used to deliver
+# mail directly to folders.
+#
+# When IMAP clients are used which support new mail indication, and when
+# mail filters are used to sort incoming mail into folders, setting
+# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
+# mail in folders. Note that this will result in slightly more load on the
+# server.
+#
+
IMAP_CHECK_ALL_FOLDERS=0
+
+##NAME: IMAP_OBSOLETE_CLIENT:0
+#
+# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
+# what \\HasNoChildren really means.
+
IMAP_OBSOLETE_CLIENT=0
+
+##NAME: IMAP_ULIMITD:0
+#
+# IMAP_ULIMITD sets the maximum size of the data segment of the server
+# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
+# command (or ulimit -v). The argument to ulimi sets the upper limit on the
+# size of the data segment of the server process, in kilobytes. The default
+# value of 65536 sets a very generous limit of 64 megabytes, which should
+# be more than plenty for anyone.
+#
+# This feature is used as an additional safety check that should stop
+# any potential denial-of-service attacks that exploit any kind of
+# a memory leak to exhaust all the available memory on the server.
+# It is theoretically possible that obscenely huge folders will also
+# result in the server running out of memory when doing server-side
+# sorting (by my calculations you have to have at least 100,000 messages
+# in a single folder, for that to happen).
+
IMAP_ULIMITD=65536
+
+##NAME: IMAP_USELOCKS:0
+#
+# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent
+# multiple access to the same folder. This incurs slight additional
+# overhead. Concurrent multiple access will still work without this setting,
+# however occasionally a minor race condition may result in an IMAP client
+# downloading the same message twice, or a keyword update will fail.
+#
+# IMAP_USELOCKS=1 is strongly recommended when shared folders are used.
+
IMAP_USELOCKS=1
+
+##NAME: IMAP_SHAREDINDEXFILE:0
+#
+# The index of all accessible folders. Do not change this setting unless
+# you know what you're doing. See README.sharedfolders for additional
+# information.
+
IMAP_SHAREDINDEXFILE=/etc/courier/shared/index
+
+##NAME: IMAP_ENHANCEDIDLE:0
+#
+# If Courier was compiled with the File Alteration Monitor, setting
+# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple
+# clients may open the same folder concurrently, and receive updates to
+# folder contents in realtime. See the imapd(8) man page for additional
+# information.
+#
+# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included
+# in the IMAP_CAPABILITY list.
+#
+
IMAP_ENHANCEDIDLE=0
+
+##NAME: IMAP_TRASHFOLDERNAME:0
+#
+# The name of the magic trash Folder. For MSOE compatibility,
+# you can set IMAP_TRASHFOLDERNAME="Deleted Items".
+#
+# IMPORTANT: If you change this, you must also change IMAP_EMPTYTRASH
+
IMAP_TRASHFOLDERNAME=Trash
+
+##NAME: IMAP_EMPTYTRASH:0
+#
+# The following setting is optional, and causes messages from the given
+# folder to be automatically deleted after the given number of days.
+# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default
+# setting, below, purges 7 day old messages from the Trash folder.
+# Another useful setting would be:
+#
+# IMAP_EMPTYTRASH=Trash:7,Sent:30
+#
+# This would also delete messages from the Sent folder (presumably copies
+# of sent mail) after 30 days. This is a global setting that is applied to
+# every mail account, and is probably useful in a controlled, corporate
+# environment.
+#
+# Important: the purging is controlled by CTIME, not MTIME (the file time
+# as shown by ls). It is perfectly ordinary to see stuff in Trash that's
+# a year old. That's the file modification time, MTIME, that's displayed.
+# This is generally when the message was originally delivered to this
+# mailbox. Purging is controlled by a different timestamp, CTIME, which is
+# changed when the file is moved to the Trash folder (and at other times too).
+#
+# You might want to disable this setting in certain situations - it results
+# in a stat() of every file in each folder, at login and logout.
+#
+
IMAP_EMPTYTRASH=Trash:7
+
+##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0
+#
+# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
+# effectively allows an undo of message deletion by fishing the deleted
+# mail from trash. Trash can be manually expunged as usually, and mail
+# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
+#
+# NOTE: shared folders are still expunged as usual. Shared folders are
+# not affected.
+#
+
IMAP_MOVE_EXPUNGE_TO_TRASH=0
+
+
+##NAME: OUTBOX:0
+#
+# The next set of options deal with the "Outbox" enhancement.
+# Uncomment the following setting to create a special folder, named
+# INBOX.Outbox
+#
+# OUTBOX=.Outbox
+
+##NAME: SENDMAIL:0
+#
+# If OUTBOX is defined, mail can be sent via the IMAP connection by copying
+# a message to the INBOX.Outbox folder. For all practical matters,
+# INBOX.Outbox looks and behaves just like any other IMAP folder. If this
+# folder doesn't exist it must be created by the IMAP mail client, just
+# like any other IMAP folder. The kicker: any message copied or moved to
+# this folder is will be E-mailed by the Courier-IMAP server, by running
+# the SENDMAIL program. Therefore, messages copied or moved to this
+# folder must be well-formed RFC-2822 messages, with the recipient list
+# specified in the To:, Cc:, and Bcc: headers. Courier-IMAP relies on
+# SENDMAIL to read the recipient list from these headers (and delete the Bcc:
+# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the
+# message piped on standard input. $SENDER will be the return address
+# of the message, which is set by the authentication module.
+#
+# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.
+#
+
SENDMAIL=/usr/sbin/sendmail
+
+##NAME: HEADERFROM:0
+#
+# For administrative and oversight purposes, the return address, $SENDER
+# will also be saved in the X-IMAP-Sender mail header. This header gets
+# added to the sent E-mail (but it doesn't get saved in the copy of the
+# message that's saved in the folder)
+#
+# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive
+# the magic OUTBOX treatment. Therefore advance LARTing is in order for
+# _all_ of your lusers, until every one of them is aware of this. Otherwise if
+# OUTBOX is left at its default setting - a folder name that might be used
+# accidentally - some people may be in for a rude surprise. You can redefine
+# the name of the magic folder by changing OUTBOX, above. You should do that
+# and pick a less-obvious name. Perhaps brand it with your organizational
+# name ( OUTBOX=.WidgetsAndSonsOutbox )
+
HEADERFROM=X-IMAP-Sender
+
+##NAME: IMAPDSTART:0
+#
+# IMAPDSTART is not used directly. Rather, this is a convenient flag to
+# be read by your system startup script in /etc/rc.d, like this:
+#
+# . /etc/courier/imapd
+#
+# case x$IMAPDSTART in
+# x[yY]*)
+# /usr/lib/courier/imapd.rc start
+# ;;
+# esac
+#
+# The default setting is going to be NO, so you'll have to manually flip
+# it to yes.
+
IMAPDSTART=YES
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
MAILDIRPATH=Maildir
Modified: trunk/vhffs-doc/config/courier/imapd-ssl
===================================================================
--- trunk/vhffs-doc/config/courier/imapd-ssl 2007-09-30 12:20:12 UTC (rev 952)
+++ trunk/vhffs-doc/config/courier/imapd-ssl 2007-09-30 15:14:12 UTC (rev 953)
@@ -1,14 +1,197 @@
+##VERSION: $Id: imapd-ssl.dist.in,v 1.10 2004/06/14 00:56:07 mrsam Exp $
+#
+# imapd-ssl created from imapd-ssl.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# Copyright 2000 - 2002 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# This configuration file sets various options for the Courier-IMAP server
+# when used to handle SSL IMAP connections.
+#
+# SSL and non-SSL connections are handled by a dedicated instance of the
+# couriertcpd daemon. If you are accepting both SSL and non-SSL IMAP
+# connections, you will start two instances of couriertcpd, one on the
+# IMAP port 143, and another one on the IMAP-SSL port 993.
+#
+# Download OpenSSL from http://www.openssl.org/
+#
+##NAME: SSLPORT:1
+#
+# Options in the imapd-ssl configuration file AUGMENT the options in the
+# imapd configuration file. First the imapd configuration file is read,
+# then the imapd-ssl configuration file, so we do not have to redefine
+# anything.
+#
+# However, some things do have to be redefined. The port number is
+# specified by SSLPORT, instead of PORT. The default port is port 993.
+#
+# Multiple port numbers can be separated by commas. When multiple port
+# numbers are used it is possibly to select a specific IP address for a
+# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
+# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+# The SSLADDRESS setting is a default for ports that do not have
+# a specified IP address.
+
SSLPORT=993
+
+##NAME: SSLADDRESS:0
+#
+# Address to listen on, can be set to a single IP address.
+#
+# SSLADDRESS=127.0.0.1
+
SSLADDRESS=0
+
+##NAME: SSLPIDFILE:0
+#
+# That's the SSL IMAP port we'll listen on.
+# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP.
+
SSLPIDFILE=/var/run/courier/imapd-ssl.pid
+
+##NAME: IMAPDSSLSTART:0
+#
+# Different pid files, so that both instances of couriertcpd can coexist
+# happily.
+#
+# You can also redefine AUTHMODULES and IMAP_CAPABILITY, although I can't
+# think of why you'd want to do that.
+#
+#
+# Ok, the following settings are new to imapd-ssl:
+#
+# Whether or not to start IMAP over SSL on simap port:
+
IMAPDSSLSTART=YES
+
+##NAME: IMAPDSTARTTLS:0
+#
+# Whether or not to implement IMAP STARTTLS extension instead:
+
IMAPDSTARTTLS=YES
+
+##NAME: IMAP_TLS_REQUIRED:1
+#
+# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
+# is issued).
+
IMAP_TLS_REQUIRED=0
+
+
+#########################################################################
+#
+# The following variables configure IMAP over SSL. If OpenSSL is available
+# during configuration, the couriertls helper gets compiled, and upon
+# installation a dummy TLS_CERTFILE gets generated. courieresmtpd will
+# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
+# and COURIERTLS exist.
+#
+# WARNING: Peer certificate verification has NOT yet been tested. Proceed
+# at your own risk. Only the basic SSL/TLS functionality is known to be
+# working. Keep this in mind as you play with the following variables.
+#
+##NAME: COURIERTLS:0
+#
+
COURIERTLS=/usr/bin/couriertls
+
+##NAME: TLS_PROTOCOL:0
+#
+# TLS_PROTOCOL sets the protocol version. The possible versions are:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# TLS1 - TLS1
+
TLS_PROTOCOL=SSL3
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+#
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
+#
+
TLS_STARTTLS_PROTOCOL=TLS1
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+
+##NAME: TLS_TIMEOUT:0
+# TLS_TIMEOUT is currently not implemented, and reserved for future use.
+# This is supposed to be an inactivity timeout, but its not yet implemented.
+#
+
+##NAME: TLS_DHCERTFILE:0
+#
+# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used. In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+# TLS_DHCERTFILE=
+
+##NAME: TLS_CERTFILE:0
+#
+# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable.
+#
TLS_CERTFILE=/etc/courier/imapd.pem
+
+##NAME: TLS_TRUSTCERTS:0
+#
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+#
+# TLS_TRUSTCERTS=
+
+##NAME: TLS_VERIFYPEER:0
+#
+# TLS_VERIFYPEER - how to verify client certificates. The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the client certificate, if one's presented
+#
+# REQUIREPEER - require a client certificate, fail if one's not presented
+#
+#
TLS_VERIFYPEER=NONE
+
+##NAME: TLS_CACHE:0
+#
+# A TLS/SSL session cache may slightly improve response for IMAP clients
+# that open multiple SSL sessions to the server. TLS_CACHEFILE will be
+# automatically created, TLS_CACHESIZE bytes long, and used as a cache
+# buffer.
+#
+# This is an experimental feature and should be disabled if it causes
+# problems with SSL clients. Disable SSL caching by commenting out the
+# following settings:
+
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
MAILDIRPATH=Maildir
Modified: trunk/vhffs-doc/config/courier/pop3d
===================================================================
--- trunk/vhffs-doc/config/courier/pop3d 2007-09-30 12:20:12 UTC (rev 952)
+++ trunk/vhffs-doc/config/courier/pop3d 2007-09-30 15:14:12 UTC (rev 953)
@@ -1,15 +1,154 @@
+##VERSION: $Id: pop3d.dist.in,v 1.9 2004/04/18 15:54:39 mrsam Exp $
+#
+# pop3d created from pop3d.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# Copyright 1998 - 2002 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# Courier POP3 daemon configuration
+#
+##NAME: PIDFILE:0
+#
+
PIDFILE=/var/run/courier/pop3d.pid
+
+##NAME: MAXDAEMONS:0
+#
+# Maximum number of POP3 servers started
+#
+
MAXDAEMONS=40
+
+##NAME: MAXPERIP:4
+#
+# Maximum number of connections to accept from the same IP address
+
MAXPERIP=4
+
+##NAME: AUTHMODULES:0
+#
+#########################################################################
+##
+## Authentication modules which attempt to validate userid/password
+## combinations. See authpam(8) for more information. The default set
+## is installed at configuration time. You may have to edit the following
+## to remove unnecessary authentication modules. In particular, if
+## authpam is included in the list below, you will have to remove authpwd
+## and authshadow, since their functionality is included in the authpam
+## module.
+##
+#########################################################################
+#
+# If this is currently set to AUTHMODULES="authdaemon", DO NOT CHANGE IT.
+# Instead, change the parameter authmodulelist in authdaemonrc.
+
AUTHMODULES="authdaemon"
+
+
+##NAME: AUTHMODULES_ORIG:0
+#
+# This setting is for use with webadmin
+
AUTHMODULES_ORIG="authdaemon"
+
+##NAME: DEBUG_LOGIN:0
+#
+# Dump additional login diagnostics to syslog
+#
+# DEBUG_LOGIN=0 - turn off login debugging
+# DEBUG_LOGIN=1 - turn on login debugging
+# DEBUG_LOGIN=2 - turn on login debugging + log passwords too
+#
+# Note that most information is sent to syslog at level 'debug', so
+# you may need to modify your /etc/syslog.conf to be able to see it.
+
DEBUG_LOGIN=1
+
+##NAME: POP3AUTH:1
+#
+# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
+# variable:
+#
+# POP3AUTH="LOGIN"
+#
+# If you have configured the CRAM-MD5 or CRAM-SHA1, set POP3AUTH to something
+# like this:
+#
+# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
+
POP3AUTH=""
+
+##NAME: POP3AUTH_ORIG:0
+#
+# For use by webadmin
+
POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1"
+
+##NAME: POP3AUTH_TLS:1
+#
+# To also advertise SASL PLAIN if SSL is enabled, uncomment the
+# POP3AUTH_TLS environment variable:
+#
+# POP3AUTH_TLS="LOGIN PLAIN"
+
POP3AUTH_TLS=""
+
+##NAME: POP3AUTH_TLS_ORIG:0
+#
+# For use by webadmin
+
POP3AUTH_TLS_ORIG="LOGIN PLAIN"
+
+##NAME: PORT:1
+#
+# Port to listen on for connections. The default is port 110.
+#
+# Multiple port numbers can be separated by commas. When multiple port
+# numbers are used it is possibly to select a specific IP address for a
+# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
+# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+# The ADDRESS setting is a default for ports that do not have a specified
+# IP address.
+
PORT=110
+
+##NAME: ADDRESS:0
+#
+# IP address to listen on. 0 means all IP addresses.
+
ADDRESS=0
+
+##NAME: TCPDOPTS:0
+#
+# Other couriertcpd(1) options. The following defaults should be fine.
+#
+
TCPDOPTS="-nodnslookup -noidentlookup"
+
+##NAME: POP3DSTART:0
+#
+# POP3DSTART is not referenced anywhere in the standard Courier programs
+# or scripts. Rather, this is a convenient flag to be read by your system
+# startup script in /etc/rc.d, like this:
+#
+# . /etc/courier/pop3d
+# case x$POP3DSTART in
+# x[yY]*)
+# /usr/lib/courier/pop3d.rc start
+# ;;
+# esac
+#
+# The default setting is going to be NO, until Courier is shipped by default
+# with enough platforms so that people get annoyed with having to flip it to
+# YES every time.
+
POP3DSTART=YES
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
MAILDIRPATH=Maildir
Modified: trunk/vhffs-doc/config/courier/pop3d-ssl
===================================================================
--- trunk/vhffs-doc/config/courier/pop3d-ssl 2007-09-30 12:20:12 UTC (rev 952)
+++ trunk/vhffs-doc/config/courier/pop3d-ssl 2007-09-30 15:14:12 UTC (rev 953)
@@ -1,14 +1,185 @@
+##VERSION: $Id: pop3d-ssl.dist.in,v 1.11 2004/06/14 00:56:07 mrsam Exp $
+#
+# pop3d-ssl created from pop3d-ssl.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# Copyright 2000-2002 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# This configuration file sets various options for the Courier-IMAP server
+# when used to handle SSL POP3 connections.
+#
+# SSL and non-SSL connections are handled by a dedicated instance of the
+# couriertcpd daemon. If you are accepting both SSL and non-SSL POP3
+# connections, you will start two instances of couriertcpd, one on the
+# POP3 port 110, and another one on the POP3-SSL port 995.
+#
+# Download OpenSSL from http://www.openssl.org/
+#
+##NAME: SSLPORT:0
+#
+# Options in the pop3d-ssl configuration file AUGMENT the options in the
+# pop3d configuration file. First the pop3d configuration file is read,
+# then the pop3d-ssl configuration file, so we do not have to redefine
+# anything.
+#
+# However, some things do have to be redefined. The port number is
+# specified by SSLPORT, instead of PORT. The default port is port 995.
+#
+# Multiple port numbers can be separated by commas. When multiple port
+# numbers are used it is possibly to select a specific IP address for a
+# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
+# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+# The SSLADDRESS setting is a default for ports that do not have
+# a specified IP address.
+
SSLPORT=995
+
+##NAME: SSLADDRESS:0
+#
+# Address to listen on, can be set to a single IP address.
+#
+# SSLADDRESS=127.0.0.1
+
SSLADDRESS=0
+
+##NAME: SSLPIDFILE:0
+#
+# You can also redefine AUTHMODULES, although I can't
+# think of why you'd want to do that.
+#
+#
+
SSLPIDFILE=/var/run/courier/pop3d-ssl.pid
+
+##NAME: POP3DSSLSTART:0
+#
+# Whether or not to start POP3 over SSL on spop3 port:
+
POP3DSSLSTART=YES
+
+##NAME: POP3_STARTTLS:0
+#
+# Whether or not to implement the POP3 STLS extension:
+
POP3_STARTTLS=YES
+
+##NAME: POP3_TLS_REQUIRED:1
+#
+# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS
+# is issued).
+
POP3_TLS_REQUIRED=0
+
+##NAME: COURIERTLS:0
+#
+# The following variables configure POP3 over SSL. If OpenSSL is available
+# during configuration, the couriertls helper gets compiled, and upon
+# installation a dummy TLS_CERTFILE gets generated. courieresmtpd will
+# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
+# and COURIERTLS exist.
+#
+# WARNING: Peer certificate verification has NOT yet been tested. Proceed
+# at your own risk. Only the basic SSL/TLS functionality is known to be
+# working. Keep this in mind as you play with the following variables.
+
COURIERTLS=/usr/bin/couriertls
+
+##NAME: TLS_PROTOCOL:0
+#
+# TLS_PROTOCOL sets the protocol version. The possible versions are:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# TLS1 - TLS1
+
TLS_PROTOCOL=SSL3
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+#
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS
+# extension, as opposed to POP3 over SSL on port 995.
+#
+
TLS_STARTTLS_PROTOCOL=TLS1
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+
+##NAME: TLS_TIMEOUT:0
+# TLS_TIMEOUT is currently not implemented, and reserved for future use.
+# This is supposed to be an inactivity timeout, but its not yet implemented.
+#
+
+##NAME: TLS_DHCERTFILE:0
+#
+# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used. In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+# TLS_DHCERTFILE=
+
+##NAME: TLS_CERTFILE:0
+#
+# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable.
+#
TLS_CERTFILE=/etc/courier/pop3d.pem
+
+##NAME: TLS_TRUSTCERTS:0
+#
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+#
+# TLS_TRUSTCERTS=
+
+##NAME: TLS_VERIFYPEER:0
+#
+# TLS_VERIFYPEER - how to verify client certificates. The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the client certificate, if one's presented
+#
+# REQUIREPEER - require a client certificate, fail if one's not presented
+#
+#
TLS_VERIFYPEER=NONE
+
+##NAME: TLS_CACHE:0
+#
+# A TLS/SSL session cache may slightly improve response for long-running
+# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE
+# bytes long, and used as a cache buffer.
+#
+# This is an experimental feature and should be disabled if it causes
+# problems with SSL clients. Disable SSL caching by commenting out the
+# following settings:
+
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
MAILDIRPATH=Maildir