#--------------------------------------------------------------------- # Sample Qpopper 4.0 configuration file. # # This file lists all Qpopper configuration file options. To use, # copy the desired setting to your own configuration file, remove # the leading '#' and set the desired value. # #--------------------------------------------------------------------- # An integer value for the number of seconds to announce in # the CAPA response for the server's minimum login delay. # # Default: # # set announce-login-delay = # An integer value for the number of days to announce in # the CAPA response for the server's maximum message # retention period. # # Default: # # set announce-expire = # The full path to the bulletins directory. # # Default: /var/spool/bulls # # set bulldir = "/var/spool/bulls" # Set TRUE to permit sessions to continue even if the # bulletins database can't be accessed. This permits # users to get their mail, but they might not see some # bulletins for a while, or at all. # # Only valid when compiled with '--enable-bulldb'. # # Default: false. # # set bulldb-nonfatal = false # Sets the maximum number of attempts to lock the bulletins # database. You normally do not need to adjust this. This value # should only be changed if you know if your system has usleep(3C) # or not. On systems with usleep(3C), this can be a large value # (the default is 75). On systems without usleep(3C), this should # remain small (the default is 10). # # Only valid when compiled with '--enable-bulldb'. # # Default: 75 (10 on systems without usleep(3c)). # # set bulldb-max-tries = 75 # Sets clear text handling options. Values are: # o 'default' Clear text passwords are permitted for all users, # except those in the APOP database # o 'never' Clear text passwords are never permitted # o 'always' Clear text passwords are always permitted # o 'local' Clear text passwords are permitted on the local # (127.*.*.*) loop back interface only # o 'tls' Clear text passwords are permitted when TLS/SSL # has been negotiated for the session # o 'ssl' Same as tls # # The 'tls' and 'ssl' values are only valid if '--with-openssl' or # '--with-sslplus' was used with ./configure. # # Default: default # # set clear-text-password = default # Reads additional run-time options from the specified file. # # Caution. There are no restrictions on which options may # appear in files specified with the '-f' command-line flag # or the 'config-file' configuration file option in files # chained from -f. Be certain that the file specified with # '-f' or in any files it chains to are not writable by # users. # # Default: none # # set config-file = /etc/mail/pop/qpopper.config # Enables debug logging. Output is in syslog. If this option is used, # it should be first, so that debug records are generated for subsequent # options. # # Only valid if ./configure was run with '--enable-debugging' # # Default: false # # set debug = false # Changes uppercase user names to lowercase. This permits users to # configure their clients with user names in UPPER or MiXeD case. # They can then login, assuming their actual user name is all # lowercase. # # Default: false # # set downcase-user = false # If '--with-drac' used with ./configure, this option specifies the DRAC # host. # # Default: localhost # # set drac-host = localhost # Enables Kerberos support. # # Only valid if ./configure run with '--enable-kerberos5'. # # Default: false # # set kerberos = false # Specifies the Kerberos service to use (same as the compile time # KERBEROS_SERVICE define). The default is rcmd, although the use of # pop is popular. # # Only valid if ./configure run with '--enable-kerberos5'. # # Default: rcmd # # set kerberos-service = "rcmd" # Checks if mail lock needs to be refreshed every this many messages. # # You normally do not need to adjust this. See "Performance" in the # Qpopper Administrator's Guide for more information. # # Default: # # set mail-lock-check = # Disables the reverse lookups on client IP addresses. # # Default: true # # set reverse-lookup = true # Enables server mode by default. See the Qpopper Administrator's # Guide for more information. # # Default: false # # set server-mode = false # Enables statistics logging. After each session ends, a statistics # record is written to the log. This record resembles the following # example: 'stats randy 0 0 1 385 randy.example.org 192.168.2.4' and # has the following meaning: # Username: 'randy' # Deleted messages: 0 # Deleted octets: 0 # Messages left on server: 1 # Octets left on server: 385 # Name of client machine: 'randy.example.org' # IP address of client machine: '192.168.2.4' # # Default: false # # set statistics = false # Sets the timeout for network reads. Qpopper terminates the # connection with the client if no input is received in this # many seconds. RFC 1939 states that this timeout must be # 600 seconds (10 minutes). However, ideal settings in some # cases are between 30 and 120 seconds. In other cases the 600 # value is best, and sometimes a value in between is better. # # Default: 120 # # set timeout = 120 # Enables debug logging if '--enable-debugging' was used with # ./configure. All debug and standard log records are written to # the specified file. If this option is used, it should be first, # so that debug records are generated for subsequent options. # # If used without '--enable-debugging', redirects all log messages # to the specified file but does not enable debug logging. # # Default: none # # set tracefile = # Reads additional run-time options from a file named # '.qpopper-options' in the user's home directory, if present. # # This file is normally owned by the user. # # Default: false # # set user-options = false # Reads additional run-time options from a file named # 'username.qpopper-options' in the spool directory. # # This file should not be owned by nor writable by the user. # # Default: false # # set spool-options = false # When updating the spool at the end of a session, this option # instructs Qpopper to rename the temporary file to the spool instead # of copying it. This reduces I/O at session end by a third, but is # likely to break programs such as biff or the shell's mail check # feature. Use this option only if such programs are not used. It is # safest to only enable this option when users do not have shell # access to the mail server. # # See "Performance" in the Qpopper Administrator's Guide for more # information. # # Default: false # # set fast-update = false # When set, domains are trimmed from user names before use. For # example, if a user named 'maida' enters her login name in her POP # client as 'maida@example.org', Qpopper treats this as just 'maida'. # # Default: false # # set trim-domain = false # Specifies TLS/SSL support. The permitted values are: # o 'default' TLS/SSL is not supported # o 'none' Same as default # o 'stls' Enables support for the STLS command. This # permits TLS/SSL negotiations on the # standard (or any) port, allowing the same # port to be used by TLS/SSL and regular # clients. # o 'alternate-port' Enables alternate-port TLS/SSL. Some older # clients require this. (The usual port for # alternate-port TLS/SSL with pop is 995.) # # Only valid when '--with-openssl' or '--with-sslplus' used with # ./configure # # Default: default # # set tls-support = default # Specifies the permitted cipher suites. See the OpenSSL documentation # for syntax. You normally do not need to set this. # # Only valid when '--with-openssl' used with ./configure # # Default: # # set tls-cipher-list = # Restricts the version of TLS/SSL recognized in session negotiations. # You normally do not need to set this. Supported values are: # o 'default' (same as SSLv23) # o 'SSLv2' Forces Qpopper only to understand SSLv2 client hello # messages. # o 'SSLv3' Forces Qpopper only to understand SSLv3 client hello # messages. This especially means that it does not # understand SSLv2 client hello messages, which are # widely used for compatibility reasons. # o 'TLSv1' Forces Qpopper only to understand TLSv1 client hello # messages. This especially means that it does not # understand SSLv2 client hello messages, which are # widely used for compatibility reasons. It also does # not understand SSLv3 client hello messages. # o 'SSLv23' Allows Qpopper to understand SSLv2, SSLv3, and TLSv1 # client hello messages. This is the best choice when # compatibility is a concern. This is the default # value. # o 'all' (same as SSLv23) # # Only valid when '--with-openssl' used with ./configure # # Default: default # # set tls-version = default # Specifies the file containing the server's TLS/SSL certificate and # encrypted private key. # # Only valid if '--with-sslplus' used with ./configure. # # Default: none # # set tls-identity-file = # Specifies the passphrase to decrypt the server's private key (in the # identify file). # # Only valid if '--with-sslplus' used with ./configure. # # Default: none # # set tls-passphrase = # Specifies the file which contains the server's TLS/SSL certificate. # This file may also contain the server's unencrypted private key. # # Only valid if '--with-openssl' used with ./configure # # Default: none # # # set tls-server-cert-file = /etc/mail/certs/cert.pem # Specifies a file which contains the server's TLS/SSL private key. # Note: This private key must not be encrypted. # # If the private key is contained in the same file as the certificate # (as specified with tls-server-cert-file), you do not need to set # this option. # # Only valid if '--with-openssl' used with ./configure # # Default: none # # set tls-private-key-file = # When set, Qpopper writes a log record at the end of a session # containing the elapsed time for the session authentication, # initialization. and cleanup. # # Default: false # # set timing = false # When set, Qpopper checks for old .user.pop files in old locations # when hash-spool or homedirmail is used. When reset, Qpopper skips # this check, which speeds things up. # # Default: true # # set check-old-spool-loc = true # When set, Qpopper checks for and creates if needed the hashed spool # directories. When reset, Qpopper doesn't check for or create the # hashed spool directories. Set to false if you precreate the # directories. # # Default: true # # set check-hash-dir = true # When set, Qpopper checks for expired passwords (if the platform # permits). When reset, Qpopper omits this check. # # Default: true # # set check-password-expired = true # Determines whether Qpopper updates the read/unread status of # messages (a feature relied on by some mail clients). Also # determines if Qpopper saves the message's unique identifier # (UID) in the spool. # # When reset, it forces the UID for every message to be # recalculated, using more CPU but potentially less I/O. # # See the "Performance" section of the Qpopper Administrator's Guide # for more information. # # Default: true # # set update-status-headers = true # Determines whether Qpopper enters update state when a session # aborts. Resetting this option causes Qpopper to ignore any # deletions if the session is aborted. # # Note that RFC 1939, section 6 prohibits the default behavior, # but experience showed that otherwise users on noisy lines were # often unable to delete their mail. Reset this option to inhibit # the default behavior, and obey RFC 1939, but watch for users who # download the same messages over and over, or whose spools fill up. # # Default: true # # set update-on-abort = true # When set, Qpopper automatically and unconditionally deletes messages # that have been downloaded using the RETR command (the normal command # for accessing messages). # # Caution: This option could result in lost mail. Be sure to # inform your users that the option is in effect before enabling. # # Default: false # # set auto-delete = false # When set, Qpopper shows bulletins to users by groups (the group name # is the second dot-separated element in each bulletin's name). See # "Using Bulletins" in the Qpopper Administrator's Guide for more # information. Use a group name of 'ALL' for all users. # # Default: false # # set group-bulletins = false # When set to a 1 or 2, the subdirectory for the mail spools is # determined from the user name by either (1) hashing the first four # characters or (2) by using directories equal to the first letter and # the second letter (if any). For example, if the spool directory is # '/var/mail', the spool file for user 'maida' would be: # '/var/mail/maida' hash-spool = 0 # '/var/mail/o/maida' hash-spool = 1 # '/var/mail/m/a/maida' hash-spool = 2 # # See the "Performance" section of the Qpopper Administrator's Guide # for more information. # # Default: 0 # # set hash-spool = 0 # To have the user's home directory be the spool location, set this # option to be the correct file name for the spool. # # Default: none # # set home-dir-mail = ".mail" # When set, instructs Qpopper to generate message unique identifiers # (UIDs) using old (pre-3.x) style encoding. This is useful only if # you also set 'update-status-headers' to false, have existing users # with old (pre-3.x) spool files, and you want to keep the UIDs the # same. # # Default: false # # set old-style-uid = false # When set, Qpopper checks for and hides status messages created by # University of Washington software. # # Default: false # # set UW-kluge = false # When set, Qpopper keeps (does not delete) the '.user.pop' file (the # temporary drop file). Normally this file is deleted when the # session ends. Some sites like to retain it to determine the last # time a user has accessed his or her mail. # # Default: false # # set keep-temp-drop = false # When set, causes server mode to be on for users who are members of # the specified group. See the "Enabling Server Mode" and # "Performance" sections of the Qpopper Administrator's Guide for more # information. # # Default: none # # set group-server-mode = # When set, causes server mode to be off for users who are members of # the specified group. See the "Enabling Server Mode" and # "Performance" sections of the Qpopper Administrator's Guide for more # information. # # Default: none # # set group-no-server-mode = # Specifies a file that permits only users listed in the file to have # Qpopper access. The format is a list of user names, one per line. # # Default: none # # set auth-file = # Specifies a file that denies access to users listed in the file. # The format is a list of user names, one per line. # # Default: none # # set nonauth-file = # Set this option if you don't want Qpopper to display its version in # the POP protocol banner or CAPA IMPLEMENTATION response of # unauthenticated users. # Some sites believe this improves security since it avoids advertising # that an old version (perhaps with known vulnerabilities) is being # used. Others feel is makes the site more likely to be attacked, # since it also avoids advertising when running a secure version. # # Default: false # # set shy = false # Set this to the full path to sendmail or other such program used to # submit new messages. Qpopper uses this to implement XTND XMIT. # # The default is determined at compile time. # # # set mail-command = /usr/sbin/sendmail # Set this to the full path to the mail spool directory. # # The default is determined at compile time. # # set spool-dir = /var/spool/mail # If you do not want '.user.pop' (temporary drop files) to be in the # spool directory, set this to the full path to the directory to be # used for temp drop files. Note that use of /tmp is not recommended, # because a system reboot will wipe out the files. This could cause # lost mail. # # Default: spool directory # # set temp-dir = # The name of the temporary drop files. You should not normally set # this option. # # Default: ".%s.pop" # # set temp-name = ".%s.pop" # If you do not want user cache files to be in the same directory as # temporary drop files, set this to the full path to the directory for # cache files. Note that use of /tmp is not recommended, because a # system reboot wipes out the files. # # Default: temp-dir # # set cache-dir = # The name of the cache files. You should not normally set this # option. # # Default: ".%s.cache" # # set cache-name = ".%s.cache" # Specifies the maximum number of old bulletins seen by new users. # # Default: 1 # # set max-bulletins = 1 # When set, Qpopper uses a method of opening lock files that may work # over NFS. This has not been thoroughly tested, however. # # Default: false # # set no-atomic-open = false # Qpopper sends network output to client in small chunks (for example, # line-by-line when sending a message). By default, Qpopper # aggregates data to be sent to clients in large chunks. This may be # faster or slower, depending on specifics of both the client and # server hardware and networking stacks as wel as network elements in # between (such as routers). Also, some networking stacks do their # own aggregation. # # Under congested network conditions, larger packets increase the # incidence of lost packets and thus client or server timeouts, # leading to "POP timeout" or "EOF" errors. # # When TLS/SSL is in effect, smaller packets increase the overhead # needed to send data, which may result in worse performance. # # You can adjust the Qpopper behavior by setting this option. The # values are: # o 'default' Always send large chunks # o 'always' Same as 'default' # o 'never' Never aggregate data into large chunks # o 'tls' Only aggregate data into large chunks when TLS/SSL # has been negotiated for the session # o 'ssl' Same as 'tls' # # Default: default # # set chunky-writes = default # Specifies the log facility that Qpopper uses. # # Note that this does not apply to popauth, nor to the daemon in # standalone mode. These continue to use the compile-time default. # # Values are: # o 'mail' Qpopper logs to LOG_MAIL facility. # o 'local0' Qpopper logs to LOG_LOCAL0 facility. # o 'local1' Qpopper logs to LOG_LOCAL1 facility. # o 'local2' Qpopper logs to LOG_LOCAL2 facility. # o 'local3' Qpopper logs to LOG_LOCAL3 facility. # o 'local4' Qpopper logs to LOG_LOCAL4 facility. # o 'local5' Qpopper logs to LOG_LOCAL5 facility. # o 'local6' Qpopper logs to LOG_LOCAL6 facility. # o 'local7' Qpopper logs to LOG_LOCAL7 facility. # # Default: determined at compile time, usually LOG_LOCAL0 or # LOG_MAIL, depending on the operating system. # # set log-facility = local1 # When set, Qpopper logs successful authentications using the # specified string. Within the string, an occurrence of '%0' is # replaced with the Qpopper version, '%1' with the user name, '%2' # with the user's host name, and '%3' with the user's IP address. # # Default: none, unless '--enable-log-login' used with ./configure, # in which case "(v%0) POP login by user /"%1/" at (%2) %3" is used. # # set log-login = "(v%0) POP login by user /"%1/" at (%2) %3"