Ubuntu Feisty 7.04 manual page repository

Ubuntu is a free computer operating system based on the Linux kernel. Many IT companies, like DeployIS is using it to provide an up-to-date, stable operating system.

Provided by: kolab-cyrus-common_2.2.13-1_i386

 

NAME

        imapd.conf - IMAP configuration file
 

DESCRIPTION

        /etc/imapd.conf  is  the  configuration file for the Cyrus IMAP server.
        It defines local parameters for IMAP.
 
        Each line of the /etc/imapd.conf file has the form
 
               option: value
 
        where option is the name of the  configuration  option  being  set  and
        value is the value that the configuration option is being set to.
 
        Blank lines and lines beginning with ‘‘#’’ are ignored.
 
        For  boolean and enumerated options, the values ‘‘yes’’, ‘‘on’’, ‘‘t’’,
        ‘‘true’’ and ‘‘1’’ turn the option  on,  the  values  ‘‘no’’,  ‘‘off’’,
        ‘‘f’’, ‘‘false’’ and ‘‘0’’ turn the option off.
        The   sections   below  detail  options  that  can  be  placed  in  the
        /etc/imapd.conf file, and  show  each  option’s  default  value.   Some
        options  have no default value, these are listed with ‘‘<no default>’’.
        Some options default  to  the  empty  string,  these  are  listed  with
        ‘‘<none>’’.  It is also possible to override options by specifying them
        as <service_id>_<optionname>. One  example  is  ‘‘lmtp_admins’’,  which
        overrides ‘‘admins’’ just for the lmtp service. The <service_id> is the
        one you specified in the /etc/cyrus.conf file.
 
        admins: <empty string>
             The list of userids with  administrative  rights.   Separate  each
             userid  with a space.  Sites using Kerberos authentication may use
             separate "admin" instances.
 
        Note that accounts used by users should not be administrators.   Admin‐
        istrative accounts should not receive mail.  That is, if user "jbRo" is
        a user reading mail, he should not also be in the  admins  line.   Some
        problems  may  occur otherwise, most notably the ability of administra‐
        tors to create top-level mailboxes visible to users, but  not  writable
        by users.
 
        afspts_localrealms: <none>
             The  list  of  realms  which  are to be treated as local, and thus
             stripped  during  identifier  canoicalization  (for   the   AFSPTS
             ptloader  module).   This is different from loginrealms in that it
             occurs later in the authorization  process  (as  the  user  id  is
             canonified for PTS lookup)
 
        afspts_mycell: <none>
             Cell to use for AFS PTS lookups.  Defaults to the local cell.
 
        allowallsubscribe: 0
             Allow subscription to nonexistent mailboxes.  This option is typi‐
             cally used on backend servers in a Murder so that users  can  sub‐
             scribe  to  mailboxes  that  don’t  reside on their "home" server.
             This option can also be used as  a  workaround  for  IMAP  clients
             which  don’t  play well with nonexistent or unselectable mailboxes
             (eg.  Microsoft Outlook).
 
        allowanonymouslogin: 0
             Permit logins by the user "anonymous" using  any  password.   Also
             allows use of the SASL ANONYMOUS mechanism.
 
        allowapop: 1
             Allow use of the POP3 APOP authentication command.
 
        Note  that  this  command requires that SASL is compiled with APOP sup‐
        port, that the plaintext passwords are  available  in  a  SASL  auxprop
        backend  (eg.  sasldb),  and that the system can provide enough entropy
        (eg. from /dev/urandom) to create a challenge in the banner.
 
        allownewnews: 0
             Allow use of the NNTP NEWNEWS command.
 
        Note that this is a very expensive command and should only  be  enabled
        when absolutely necessary.
 
        allowplaintext: 1
             Allow the use of cleartext passwords on the wire.
 
        To  disallow the use of plaintext passwords for authentication, you can
        set ‘‘allowplaintext: no’’ in imapd.conf. This will still  allow  PLAIN
        under TLS, but IMAP LOGIN commands will now fail.
 
        If    you    only   list   plaintext   authentication   mechanisms   in
        ‘‘sasl_mech_list’’  and  set  ‘‘allowplaintext:  no’’,  only  users  on
        encrypted  sessions  (TLS  or SSL) will be able to authenticate. On the
        other  hand,  if  you  list  no  plaintext  authentication  options  in
        ‘‘sasl_mech_list’’, ‘‘allowplaintext: yes’’ would have no effect.
 
        allowusermoves: 0
             Allow  moving user accounts (with associated meta-data) via RENAME
             or XFER.
 
        Note that measures should be taken to make sure  that  the  user  being
        moved  is not logged in, and can not login during the move.  Failure to
        do so may result in the user’s meta-data  (seen  state,  subscriptions,
        etc) being corrupted or out of date.
 
        altnamespace: 0
             Use the alternate IMAP namespace, where personal folders reside at
             the same level in the hierarchy as INBOX.
 
        This option  ONLY  applies  where  interaction  takes  place  with  the
        client/user.   Currently  this  is limited to the IMAP protocol (imapd)
        and Sieve scripts (lmtpd).  This option does NOT apply to  admin  tools
        such  as  cyradm  (admins  ONLY), reconstruct, quota, etc., NOR does it
        affect LMTP delivery  of  messages  directly  to  mailboxes  via  plus-
        addressing.
 
        annotation_db: skiplist
             The cyrusdb backend to use for mailbox annotations.
 
             Allowed values: berkeley, berkeley-hash, skiplist
 
        auth_mech: unix
             The authorization mechanism to use.
 
             Allowed values: unix, pts, krb, krb5
 
        autocreatequota: 0
             If  nonzero,  normal  users  may create their own IMAP accounts by
             creating the mailbox INBOX.  The user’s quota is set to the  value
             if it is positive, otherwise the user has unlimited quota.
 
        berkeley_cachesize: 512
             Size  (in kilobytes) of the shared memory buffer pool (cache) used
             by the berkeley environment.  The minimum  allowed  value  is  20.
             The maximum allowed value is 4194303 (4GB).
 
        berkeley_locks_max: 50000
             Maximum  number  of  locks to be held or requested in the berkeley
             environment.
 
        berkeley_txns_max: 100
             Maximum number of transactions to be  supported  in  the  berkeley
             environment.
 
        client_timeout: 10
             Number  of seconds to wait before returning a timeout failure when
             performing a client connection (e.g. in a murder enviornment)
 
        configdirectory: <none>
             The pathname of the IMAP configuration directory.  This  field  is
             required.
 
        debug_command: <none>
             Debug command to be used by processes started with -D option.  The
             string is a C format string that gets 3 options: the first is  the
             name  of  the  executable  (without  path).  The second is the pid
             (integer)  and  the   third   is   the   service   ID.    Example:
             /usr/local/bin/gdb /usr/cyrus/bin/%s %d
 
        defaultacl: anyone lrs
             The Access Control List (ACL) placed on a newly-created (non-user)
             mailbox that does not have a parent mailbox.
 
        defaultdomain: <none>
             The default domain for virtual  domain  support.  Note  that  this
             domain  is stripped from the email-address transmitted using LMTP,
             but  it  is  not  stripped  from  usernames  at  login-time.   For
             imapd/pop3d, "user" and "user@defaultdomain" specify two different
             users.  Please check install-virtdomains.html for details.
 
        defaultpartition: default
             The partition name used by default for new mailboxes.
 
        deleteright: c
             The right that a user needs to delete a mailbox.
 
        duplicate_db: berkeley-nosync
             The cyrusdb backend to use for the duplicate delivery  suppression
             and sieve.
 
             Allowed  values:  berkeley, berkeley-nosync, berkeley-hash, berke‐
             ley-hash-nosync, skiplist
 
        duplicatesuppression: 1
             If enabled, lmtpd will suppress delivery of a message to a mailbox
             if  a  message  with the same message-id (or resent-message-id) is
             recorded as having already been delivered to the mailbox.  Records
             the  mailbox  and  message-id/resent-message-id  of all successful
             deliveries.
 
        foolstupidclients: 0
             If enabled, only list the personal namespace when a  LIST  "*"  is
             performed.  (it changes the request to a LIST "INBOX*"
 
        force_sasl_client_mech: <none>
             Force  preference of a given SASL mechanism for client side opera‐
             tions (e.g. murder enviornments).   This  is  separate  from  (and
             overridden  by)  the  ability  to  use  the <host shortname>_mechs
             option to set prefered mechanisms for a specific host
 
        fulldirhash: 0
             If enabled, uses an improved directory hashing scheme which hashes
             the  entire username instead of using just the first letter.  This
             changes hash algorithm used for quota and user directories and  if
             hashimapspool is enabled, the entire mail spool.
 
        Note  that this option can NOT be changed on a live system.  The server
        must be quiesced and then the directories moved with the  rehash  util‐
        ity.
 
        hashimapspool: 0
             If enabled, the partitions will also be hashed, in addition to the
             hashing done on configuration directories.  This is recommended if
             one partition has a very bushy mailbox tree.
 
        hostname_mechs: <none>
             Force  a particuar list of SASL mechanisms to be used when authen‐
             ticating to the backend server hostname  (where  hostname  is  the
             short  hostname of the server in question). If it is not specified
             it will query the server for available mechanisms and pick one  to
             use. - Cyrus Murder
 
        hostname_password: <none>
             The password to use for authentication to the backend server host‐
             name (where hostname is the short hostname of the server) -  Cyrus
             Murder
 
        idlemethod: %IDLE%
             The idle backend to use for IDLE command.
 
             Allowed values: no, poll, idled
 
        idlesocket: {configdirectory}/socket/idle
             Unix domain socket that idled listens on.
 
        ignorereference: 0
             For  backwards  compatibility  with  Cyrus  1.5.10  and earlier --
             ignore the reference argument in LIST or LSUB commands.
 
        imapidlepoll: 60
             The interval (in seconds) for  polling  the  mailbox  for  changes
             while  running  the  IDLE command.  This option is used when idled
             can not be contacted or when polling  is  used  exclusively.   The
             minimum  value  is 1.  A value of 0 will disable polling (and dis‐
             able IDLE if polling is the only method available).
 
        imapidresponse: 1
             If enabled, the server responds to an ID command with a  parameter
             list  containing:  version,  vendor,  support-url, os, os-version,
             command, arguments, environment.   Otherwise  the  server  returns
             NIL.
 
        imapmagicplus: 0
             Only  list  a  restricted  set  of  mailboxes  via  IMAP  by using
             userid+namespace syntax as  the  authentication/authorization  id.
             Using  userid+ (with an empty namespace) will list only subscribed
             mailboxes.
 
        implicit_owner_rights: lca
             The implicit Access Control List (ACL) for the owner of a mailbox.
 
        @include: <none>
             Directive which includes the specified file as part of the config‐
             uration.  If the path to the file is not absolute,  CYRUS_PATH  is
             prepended.
 
        ldap_authz: <none>
             SASL authorization ID for the LDAP server
 
        ldap_base: <empty string>
             Contains the LDAP base dn for the LDAP ptloader module
 
        ldap_bind_dn: <none>
             Bind  DN  for the connection to the LDAP server (simple bind).  Do
             not use for anonymous simple binds
 
        ldap_deref: never
             Specify how aliases dereferencing is handled during search.
 
             Allowed values: search, find, always, never
 
        ldap_filter: (uid=%u)
             Specify a filter that searches user  identifiers.   The  following
             tokens can be used in the filter string:
 
             %%    = % %u   = user %U   = user portion of %u (%U = test when %u
             = test@domain.tld) %d   = domain portion of %u if available (%d  =
             domain.tld  when  %u  = %test@domain.tld), otherwise same as %r %D
             = user dn.  (use when ldap_member_method: filter)  %1-9  =  domain
             tokens (%1 = tld, %2 = domain when %d = domain.tld)
 
             ldap_filter is not used when ldap_sasl is enabled.
 
        ldap_group_base: <empty string>
             LDAP base dn for ldap_group_filter.
 
        ldap_group_filter: (cn=%u)
             Specify  a  filter  that  searches  for  group  identifiers.   See
             ldap_filter for more options.
 
        ldap_group_scope: sub
             Specify search scope for ldap_group_filter.
 
             Allowed values: sub, one, base
 
        ldap_id: <none>
             SASL authentication ID for the LDAP server
 
        ldap_mech: <none>
             SASL mechanism for LDAP authentication
 
        ldap_member_attribute: <none>
             See ldap_member_method.
 
        ldap_member_base: <empty string>
             LDAP base dn for ldap_member_filter.
 
        ldap_member_filter: (member=%D)
             Specify a filter for "ldap_member_method: filter".  See  ldap_fil‐
             ter for more options.
 
        ldap_member_method: attribute
             Specify  a  group method.  The "attribute" method retrieves groups
             from a multi-valued attribute specified in  ldap_member_attribute.
 
             The  "filter"  method uses a filter, specified by ldap_member_fil‐
             ter, to  find  groups;  ldap_member_attribute  is  a  single-value
             attribute group name.
 
             Allowed values: attribute, filter
 
        ldap_member_scope: sub
             Specify search scope for ldap_member_filter.
 
             Allowed values: sub, one, base
 
        ldap_password: <none>
             Password  for  the  connection to the LDAP server (SASL and simple
             bind).  Do not use for anonymous simple binds
 
        ldap_realm: <none>
             SASL realm for LDAP authentication
 
        ldap_referrals: 0
             Specify whether or not the client should follow referrals.
 
        ldap_restart: 1
             Specify whether or  not  LDAP  I/O  operations  are  automatically
             restarted if they abort prematurely.
 
        ldap_sasl: 1
             Use SASL for LDAP binds in the LDAP PTS module.
 
        ldap_sasl_authc: <none>
             Depricated.  Use ldap_id
 
        ldap_sasl_authz: <none>
             Depricated.  Use ldap_authz
 
        ldap_sasl_mech: <none>
             Depricated.  Use ldap_mech
 
        ldap_sasl_password: <none>
             Depricated.  User ldap_password
 
        ldap_sasl_realm: <none>
             Depricated.  Use ldap_realm
 
        ldap_scope: sub
             Specify search scope.
 
             Allowed values: sub, one, base
 
ldap://localhost/
             Depricated.  Use ldap_uri
 
        ldap_size_limit: 1
             Specify a number of entries for a search request to return.
 
        ldap_start_tls: 0
             Use  StartTLS extended operation.  Do not use ldaps: ldap_uri when
             this option is enabled.
 
        ldap_time_limit: 5
             Specify a number of seconds for a search request to complete.
 
        ldap_timeout: 5
             Specify a number of seconds a search can take before timing out.
 
        ldap_tls_cacert_dir: <none>
             Path to directory with CA (Certificate Authority) certificates.
 
        ldap_tls_cacert_file: <none>
             File containing CA (Certificate Authority) certificate(s).
 
        ldap_tls_cert: <none>
             File containing the client certificate.
 
        ldap_tls_check_peer: 0
             Require and verify server certificate.  If this option is yes, you
             must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.
 
        ldap_tls_ciphers: <none>
             List  of  SSL/TLS  ciphers  to allow.  The format of the string is
ciphers(1).
 
        ldap_tls_key: <none>
             File containing the private client key.
 
        ldap_uri: <none>
             Contains a list of the URLs of all the LDAP servers when using the
             LDAP PTS module.
 
        ldap_version: 3
             Specify  the  LDAP  protocol  version.   If  ldap_start_tls and/or
             ldap_use_sasl are enabled, ldap_version will be automatiacally set
             to 3.
 
        lmtp_downcase_rcpt: 0
             If  enabled, lmtpd will convert the recipient address to lowercase
             (up to a ’+’ character, if present).
 
        lmtp_over_quota_perm_failure: 0
             If enabled, lmtpd returns a permanent failure code when  a  user’s
             mailbox  is  over  quota.   By  default, the failure is temporary,
             causing the MTA to queue the message and retry later.
 
        lmtpsocket: {configdirectory}/socket/lmtp
deliver(8). This
cyrus.conf(5).
 
        loginrealms: <empty string>
             The  list  of  remote  realms  whose  users may authenticate using
             cross-realm authentication identifiers.  Seperate each realm  name
             by  a  space.   (A cross-realm identity is considered any identity
             returned by SASL with an "@" in it.) Note that to support multiple
             virtual  domains  on  the same interface/IP, you need to list them
             all as loginreals.  If you don’t list them here, your users proba‐
             bly won’t be able to log in.
 
        loginuseacl: 0
             If  enabled,  any  authentication identity which has a rights on a
             user’s INBOX may log in as that user.
 
        logtimestamps: 0
             Include notations in the protocol telemetry  logs  indicating  the
             number of seconds since the last command or response.
 
        mailnotifier: <none>
Notifyd(8)  method  to  use for "MAIL" notifications.  If not set,
             "MAIL" notifications are disabled.
 
        maxmessagesize: 0
             Maximum incoming LMTP  message  size.   If  non-zero,  lmtpd  will
             reject  messages  larger  than maxmessagesize bytes.  If set to 0,
             this will allow messages of any size (the default).
 
        mboxlist_db: skiplist
             The cyrusdb backend to use for the mailbox list.
 
             Allowed values: flat, berkeley, berkeley-hash, skiplist
 
        munge8bit: 1
             If enabled, lmtpd  changes  8-bit  characters  to  ‘X’.  Also  see
             reject8bit.  (A proper soultion to non-ASCII characters in headers
             is offered by RFC 2047 and its predecessors.)
 
        mupdate_connections_max: 128
             The max number of connections that a mupdate process  will  allow,
             this  is  related to the number of file descriptors in the mupdate
             process.  Beyond this number connections will be immedately issued
             a BYE response.
 
        mupdate_authname: <none>
             The SASL username (Authentication Name) to use when authenticating
             to the mupdate server (if needed).
 
        mupdate_password: <none>
             The SASL password (if needed) to use when  authenticating  to  the
             mupdate server.
 
        mupdate_port: 3905
             The port of the mupdate server for the Cyrus Murder
 
        mupdate_realm: <none>
             The  SASL realm (if needed) to use when authenticating to the mup‐
             date server.
 
        mupdate_retry_delay: 20
             The base time to wait between connection retries  to  the  mupdate
             server.
 
        mupdate_server: <none>
             The mupdate server for the Cyrus Murder
 
        mupdate_workers_start: 5
             The number of mupdate worker threads to start
 
        mupdate_workers_minspare: 2
             The minimum number of idle mupdate worker threads
 
        mupdate_workers_maxspare: 10
             The maximum number of idle mupdate worker threads
 
        mupdate_workers_max: 50
             The maximum number of mupdate worker threads (overall)
 
        mupdate_username: <empty string>
             The  SASL username (Authorization Name) to use when authenticating
             to the mupdate server
 
http://asg.web.cmu.edu/cyrus/imapd/netscape-admin.html
             If enabled at compile time, this specifies a  URL  to  reply  when
             Netscape asks the server where the mail administration HTTP server
             is.  The default is a site at CMU  with  a  hopefully  informative
             message;  administrators  should set this to a local resource with
             some information of greater use.
 
        newsmaster: news
             Userid that is used for checking access  controls  when  executing
             Usenet  control  messages.   For instance, to allow articles to be
             automatically deleted by cancel messages, give the "news" user the
             ’d’  right  on  the  desired mailboxes.  To allow newsgroups to be
             automatically created, deleted and renamed  by  the  corresponding
             control  messages,  give  the  "news"  user  the  ’c’ right on the
             desired mailbox hierarchies.
 
        newspeer: <none>
             A list of whitespace-separated news server specifications to which
             articles  should be fed.  Each server specification is a string of
             the form [user[:pass]@]host[:port][/wildmat] where ’host’  is  the
             fully  qualified  hostname  of  the  server, ’port’ is the port on
             which the server is listening, ’user’ and ’pass’ are the authenti‐
             cation credentials and ’wildmat’ is a pattern that specifies which
             groups should be fed.  If no ’port’  is  specified,  port  119  is
             used.   If  no  ’wildmat’  is  specified,  all groups are fed.  If
             ’user’ is specified (even if empty), then the  NNTP  POST  command
             will  be  used  to  feed  the article to the server, otherwise the
             IHAVE command will be used.
 
             A ’@’ may be used in place of ’!’ in the wildmat to prevent  feed‐
             ing  articles  cross-posted  to  the given group, otherwise cross-
             posted articles are fed if any part of the wildmat  matches.   For
             example, the string "peer.example.com:*,!control.*,@local.*" would
             feed all groups  except  control  messages  and  local  groups  to
             peer.example.com.   In  the case of cross-posting to local groups,
             these articles would not be fed.
 
        newspostuser: <none>
             Userid used to deliver usenet articles to newsgroup folders  (usu‐
             ally via lmtp2nntp).  For example, if set to "post", email sent to
             "post+comp.mail.imap" would be delivered to  the  "comp.mail.imap"
             folder.
 
             When  set,  the  Cyrus  NNTP  server will add a To: header to each
             incoming usenet article.   This  To:  header  will  contain  email
             delivery  addresses  corresponding  to each newsgroup in the News‐
             groups: header.  By default, a To: header is not added  to  usenet
             articles.
 
        newsprefix: <none>
             Prefix  to be prepended to newsgroup names to make the correspond‐
             ing IMAP mailbox names.
 
        notifysocket: {configdirectory}/socket/notify
             Unix domain socket that the mail notification daemon listens on.
 
        partition-name: <none>
             The pathname of the partition name.  At least one field,  for  the
             partition  named in the defaultpartition option, is required.  For
             example, if the value of the  defaultpartion  option  is  default,
             then the partition-default field is required.
 
        plaintextloginpause: 0
             Number  of  seconds  to  pause after a successful plaintext login.
             For systems that support strong authentication, this permits users
             to  perceive  a cost of using plaintext passwords.  (This does not
             affect the use of PLAIN in SASL authentications.)
 
        plaintextloginalert: <none>
             Message to send to client after a successful plaintext login.
 
        popexpiretime: -1
             The number of days advertised as being the minimum a  message  may
             be  left on the POP server before it is deleted (via the CAPA com‐
             mand, defined in the POP3 Extension Mechanism, which some  clients
             may support).  "NEVER", the default, may be specified with a nega‐
             tive number.  The Cyrus POP3 server never deletes mail, no  matter
             what  the  value  of this parameter is.  However, if a site imple‐
             ments a less liberal policy, it needs  to  change  this  parameter
             accordingly.
 
        popminpoll: 0
             Set  the  minimum  amount  of time the server forces users to wait
             between successive POP logins, in minutes.
 
        poppollpadding: 1
             Create a softer minimum poll restriction.   Allows  poppollpadding
             connections  before  the  minpoll restriction is triggered.  Addi‐
             tionally, one padding entry is recovered every popminpoll minutes.
             This  allows  for  the occasional polling rate faster than popmin‐
             poll, (i.e. for clients that require a send/recieve to send  mail)
             but still enforces the rate long-term.  Default is 1 (disabled).
 
             The  easiest  way  to  think of it is a queue of past connections,
             with one slot being filled for  every  connection,  and  one  slot
             being  cleared  every  popminpoll minutes. When the queue is full,
             the user will not be able to check mail  again  until  a  slot  is
             cleared.   If the user waits a sufficent amount of time, they will
             get back many or all of the slots.
 
        poptimeout: 10
             Set the length of the POP server’s inactivity autologout timer, in
             minutes.  The minimum value is 10, the default.
 
        popuseacl: 0
             Enforce  IMAP  ACLs  in  the pop server.  Due to the nature of the
             POP3 protocol, the only rights which are used by  the  pop  server
             are  ’r’  and  ’d’  for  the  owner of the mailbox.  The ’r’ right
             allows the user to open the mailbox  and  list/retrieve  messages.
             The ’d’ right allows the user to delete messages.
 
        postmaster: postmaster
             Username that is used as the ’From’ address in rejection MDNs pro‐
             duced by sieve.
 
        postuser: <empty string>
             Userid used to deliver messages to shared folders.   For  example,
             if  set to "bb", email sent to "bb+shared.blah" would be delivered
             to the "shared.blah" folder.  By  default,  an  email  address  of
             "+shared.blah" would be used.
 
        proxy_authname: proxy
             The  authentication  name  to use when authenticating to a backend
             server in the Cyrus Murder.
 
        proxy_password: <none>
             The default password to  use  when  authenticating  to  a  backend
             server  in the Cyrus Murder.  May be overridden on a host-specific
             basis using the hostname_password option.
 
        proxy_realm: <none>
             The authentication realm to use when authenticating to  a  backend
             server in the Cyrus Murder
 
        proxyd_allow_status_referral: 0
             Set  to  true  to  allow proxyd to issue referrals to clients that
             support it when answering the STATUS command.  This is disabled by
             default  since  some  clients issue many STATUS commands in a row,
             and do not cache the connections that these referrals would cause,
             thus  resulting  in a higher authentication load on the respective
             backend server.
 
        proxyservers: <none>
             A list of users and groups that are allowed  to  proxy  for  other
             users,  seperated  by  spaces.   Any  user  listed in this will be
             allowed to login for any other user: use with caution.
 
        pts_module: afskrb
             The PTS module to use.
 
             Allowed values: afskrb, ldap
 
        ptloader_sock: <none>
             Unix domain socket that ptloader listens on.   (defaults  to  con‐
             figdir/ptclient/ptsock)
 
        ptscache_db: berkeley
             The cyrusdb backend to use for the pts cache.
 
             Allowed values: berkeley, berkeley-hash, skiplist
 
        ptscache_timeout: 10800
             The timeout (in seconds) for the PTS cache database when using the
             auth_krb_pts authorization method (default: 3 hours).
 
        ptskrb5_convert524: 1
             When using the AFSKRB ptloader module with Kerberos  5  canonical‐
             ization,  do  the  final  524 conversion to get a n AFS style name
             (using ’.’ instead of ’/’, and using short names
 
        ptskrb5_strip_default_realm: 1
             When using the AFSKRB ptloader module with Kerberos  5  canonical‐
             ization,  strip  the  default realm from the userid (this does not
             affect the stripping of realms specified by the afspts_localrealms
             option)
 
        quota_db: quotalegacy
             The cyrusdb backend to use for quotas.
 
             Allowed  values: flat, berkeley, berkeley-hash, skiplist, quotale‐
             gacy
 
        quotawarn: 90
             The percent of quota utilization over which the  server  generates
             warnings.
 
        quotawarnkb: 0
             The  maximum amount of free space (in kB) in which to give a quota
             warning (if this value is 0, or if the quota is smaller than  this
             amount, than warnings are always given).
 
        reject8bit: 0
             If  enabled,  lmtpd  rejects messages with 8-bit characters in the
             headers. Also see munge8bit, which is only applied  if  reject8bit
             is  not  activated.  (A proper soultion to non-ASCII characters in
             headers is offered by RFC 2047 and its predecessors.)
 
        rfc2046_strict: 0
             If enabled, imapd will be strict (per RFC 2046) when matching MIME
             boundary  strings.   This  means  that boundaries containing other
             boundaries as substrings will  be  treated  as  identical.   Since
             enabling  this  option  will break some messages created by Eudora
             5.1 (and earlier), it is recommended  that  it  be  left  disabled
             unless there is good reason to do otherwise.
 
        rfc3028_strict: 1
             If  enabled,  Sieve  will be strict (per RFC 3028) with regards to
             which headers are allowed to  be  used  in  address  and  envelope
             tests.   This  means  that only those headers which are defined to
             contain addresses will be allowed in address tests and  only  "to"
             and  "from" will be allowed in envelope tests.  When disabled, ANY
             grammatically correct header will be allowed.
 
        sasl_auto_transition: 0
             If enabled, the SASL library will automatically create authentica‐
             tion  secrets when given a plaintext password.  See the SASL docu‐
             mentation.
 
        sasl_maximum_layer: 256
             Maximum SSF (security strength factor) that the server will  allow
             a client to negotiate.
 
        sasl_minimum_layer: 0
             The  minimum SSF that the server will allow a client to negotiate.
             A value of 1  requires  integrity  protection;  any  higher  value
             requires some amount of encryption.
 
        sasl_option: 0
             Any  SASL  option  can be set by preceeding it with "sasl_".  This
             file overrides the SASL configuration file.
 
        sasl_pwcheck_method: <none>
             The mechanism used by the server to  verify  plaintext  passwords.
             Possible values include "auxprop", "saslauthd", and "pwcheck".
 
        seenstate_db: skiplist
             The cyrusdb backend to use for the seen state.
 
             Allowed values: flat, berkeley, berkeley-hash, skiplist
 
        sendmail: /usr/lib/sendmail
             The  pathname  of the sendmail executable.  Sieve invokes sendmail
             for sending rejections, redirects and vacation responses.
 
        servername: <none>
             This is the hostname visible in the greeting messages of the  POP,
             IMAP  and  LMTP  daemons. If it is unset, then the result returned
gethostname(2) is used.
 
        sharedprefix: Shared Folders
             If using the alternate IMAP namespace, the prefix for  the  shared
             namespace.    The   hierarchy   delimiter  will  be  automatically
             appended.
 
        sieve_maxscriptsize: 32
             Maximum size (in kilobytes) any sieve script can be,  enforced  at
timsieved(8).
 
        sieve_maxscripts: 5
             Maximum  number  of  sieve  scripts any user may have, enforced at
timsieved(8).
 
        sievedir: /usr/sieve
             If sieveusehomedir is false, this directory is searched for  Sieve
             scripts.
 
        sievenotifier: <none>
Notifyd(8)  method  to use for "SIEVE" notifications.  If not set,
             "SIEVE" notifications are disabled.
 
        This method is only used when no method is specified in the script.
 
        sieveusehomedir: 0
             If enabled, lmtpd will look  for  Sieve  scripts  in  user’s  home
             directories: ~user/.sieve.
 
        singleinstancestore: 1
             If  enabled, imapd, lmtpd and nntpd attempt to only write one copy
             of a message per partition and create hard links, resulting  in  a
             potentially large disk savings.
 
        skiplist_unsafe: 0
             If enabled, this option forces the skiplist cyrusdb backend to not
             sync writes to the disk.  Enabling this option is NOT RECOMMENDED.
 
        soft_noauth: 1
             If  enabled,  lmtpd  returns temporary failures if the client does
             not successfully authenticate.  Otherwise lmtpd returns  permanant
             failures (causing the mail to bounce immediately).
 
        srvtab: <empty string>
             The  pathname  of srvtab file containing the server’s private key.
             This option is passed  to  the  SASL  library  and  overrides  its
             default setting.
 
        subscription_db: flat
             The cyrusdb backend to use for the subscriptions list.
 
             Allowed values: flat, berkeley, berkeley-hash, skiplist
 
        syslog_prefix: <none>
             String to be prepended to the process name in syslog entries.
 
        temp_path: /tmp
             The pathname to store temporary files in
 
        timeout: 30
             The  length  of  the IMAP server’s inactivity autologout timer, in
             minutes.  The minimum value is 30, the default.
 
        tls_ca_file: <none>
             File containing one or more Certificate  Authority  (CA)  certifi‐
             cates.
 
        tls_ca_path: <none>
             Path  to  directory with certificates of CAs.  This directory must
             have filenames with the  hashed  value  of  the  certificate  (see
             openssl(XXX)).
 
        tlscache_db: berkeley-nosync
             The cyrusdb backend to use for the TLS cache.
 
             Allowed  values:  berkeley, berkeley-nosync, berkeley-hash, berke‐
             ley-hash-nosync, skiplist
 
        tls_cert_file: <none>
             File containing the certificate presented for  server  authentica‐
             tion during STARTTLS.  A value of "disabled" will disable SSL/TLS.
 
        tls_cipher_list: DEFAULT
             The list of SSL/TLS ciphers to allow.  The format of the string is
ciphers(1).
 
        tls_key_file: <none>
             File  containing  the private key belonging to the server certifi‐
             cate.  A value of "disabled" will disable SSL/TLS.
 
        tls_require_cert: 0
             Require a client certificate for ALL services (imap,  pop3,  lmtp,
             sieve).
 
        tls_session_timeout: 1440
             The  length of time (in minutes) that a TLS session will be cached
             for later reuse.  The  maximum  value  is  1440  (24  hours),  the
             default.  A value of 0 will disable session caching.
 
        umask: 077
             The umask value used by various Cyrus IMAP programs.
 
        username_tolower: 1
             Convert  usernames  to  all  lowercase  before login/authenticate.
             This is useful with authentication backends which ignore case dur‐
             ing username lookups (such as LDAP).
 
        userprefix: Other Users
             If  using  the  alternate IMAP namespace, the prefix for the other
             users namespace.  The hierarchy delimiter  will  be  automatically
             appended.
 
        sieve_allowreferrals: 1
             If  enabled,  timsieved  will  issue referrals to clients when the
             user’s scripts reside on a remote server (in  a  Murder).   Other‐
             wise, timsieved will proxy traffic to the remote server.
 
        unix_group_enable: 1
             Should we look up groups when using auth_unix (disable this if you
             are not using groups in ACLs for your IMAP  server,  and  you  are
             using  auth_unix  with a backend (such as LDAP) that can make get‐
             grent() calls very slow)
 
        unixhierarchysep: 0
             Use the UNIX separator character  ’/’  for  delimiting  levels  of
             mailbox  hierarchy.   The  default is to use the netnews separator
             character ’.’.
 
        virtdomains: off
             Enable virtual domain support.  If enabled, the user’s domain will
             be  determined  by  splitting a fully qualified userid at the last
             ’@’ or ’%’ symbol.  If the userid is unqualified, and the  virtdo‐
             mains option is set to "on", then the domain will be determined by
             doing a reverse lookup on the IP address of the  incoming  network
             interface,  otherwise  the  user  is  assumed to be in the default
             domain (if set).
 
             Allowed values: off, userid, ldap, on
idled(8),  noti     
ciphers(1)
 
        Allowed values: off, userid, ldap, on
 

Sections

What does Ubuntu mean?
Ubuntu is an African word meaning 'Humanity to others', or 'I am what I am because of who we all are'. The Ubuntu distribution brings the spirit of Ubuntu to the software world.