You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
680 lines
20 KiB
680 lines
20 KiB
#---------------------------------------------------------------------
|
|
# Sample Qpopper 4.0 configuration file.
|
|
#
|
|
# This file lists all Qpopper configuration file options. To use,
|
|
# copy the desired setting to your own configuration file, remove
|
|
# the leading '#' and set the desired value.
|
|
#
|
|
#---------------------------------------------------------------------
|
|
|
|
|
|
|
|
# An integer value for the number of seconds to announce in
|
|
# the CAPA response for the server's minimum login delay.
|
|
#
|
|
# Default:
|
|
#
|
|
# set announce-login-delay =
|
|
|
|
|
|
# An integer value for the number of days to announce in
|
|
# the CAPA response for the server's maximum message
|
|
# retention period.
|
|
#
|
|
# Default:
|
|
#
|
|
# set announce-expire =
|
|
|
|
|
|
# The full path to the bulletins directory.
|
|
#
|
|
# Default: /var/spool/bulls
|
|
#
|
|
# set bulldir = "/var/spool/bulls"
|
|
|
|
|
|
# Set TRUE to permit sessions to continue even if the
|
|
# bulletins database can't be accessed. This permits
|
|
# users to get their mail, but they might not see some
|
|
# bulletins for a while, or at all.
|
|
#
|
|
# Only valid when compiled with '--enable-bulldb'.
|
|
#
|
|
# Default: false.
|
|
#
|
|
# set bulldb-nonfatal = false
|
|
|
|
|
|
# Sets the maximum number of attempts to lock the bulletins
|
|
# database. You normally do not need to adjust this. This value
|
|
# should only be changed if you know if your system has usleep(3C)
|
|
# or not. On systems with usleep(3C), this can be a large value
|
|
# (the default is 75). On systems without usleep(3C), this should
|
|
# remain small (the default is 10).
|
|
#
|
|
# Only valid when compiled with '--enable-bulldb'.
|
|
#
|
|
# Default: 75 (10 on systems without usleep(3c)).
|
|
#
|
|
# set bulldb-max-tries = 75
|
|
|
|
|
|
# Sets clear text handling options. Values are:
|
|
# o 'default' Clear text passwords are permitted for all users,
|
|
# except those in the APOP database
|
|
# o 'never' Clear text passwords are never permitted
|
|
# o 'always' Clear text passwords are always permitted
|
|
# o 'local' Clear text passwords are permitted on the local
|
|
# (127.*.*.*) loop back interface only
|
|
# o 'tls' Clear text passwords are permitted when TLS/SSL
|
|
# has been negotiated for the session
|
|
# o 'ssl' Same as tls
|
|
#
|
|
# The 'tls' and 'ssl' values are only valid if '--with-openssl' or
|
|
# '--with-sslplus' was used with ./configure.
|
|
#
|
|
# Default: default
|
|
#
|
|
# set clear-text-password = default
|
|
|
|
|
|
# Reads additional run-time options from the specified file.
|
|
#
|
|
# Caution. There are no restrictions on which options may
|
|
# appear in files specified with the '-f' command-line flag
|
|
# or the 'config-file' configuration file option in files
|
|
# chained from -f. Be certain that the file specified with
|
|
# '-f' or in any files it chains to are not writable by
|
|
# users.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set config-file = /etc/mail/pop/qpopper.config
|
|
|
|
|
|
# Enables debug logging. Output is in syslog. If this option is used,
|
|
# it should be first, so that debug records are generated for subsequent
|
|
# options.
|
|
#
|
|
# Only valid if ./configure was run with '--enable-debugging'
|
|
#
|
|
# Default: false
|
|
#
|
|
# set debug = false
|
|
|
|
|
|
# Changes uppercase user names to lowercase. This permits users to
|
|
# configure their clients with user names in UPPER or MiXeD case.
|
|
# They can then login, assuming their actual user name is all
|
|
# lowercase.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set downcase-user = false
|
|
|
|
|
|
# If '--with-drac' used with ./configure, this option specifies the DRAC
|
|
# host.
|
|
#
|
|
# Default: localhost
|
|
#
|
|
# set drac-host = localhost
|
|
|
|
|
|
# Enables Kerberos support.
|
|
#
|
|
# Only valid if ./configure run with '--enable-kerberos5'.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set kerberos = false
|
|
|
|
|
|
# Specifies the Kerberos service to use (same as the compile time
|
|
# KERBEROS_SERVICE define). The default is rcmd, although the use of
|
|
# pop is popular.
|
|
#
|
|
# Only valid if ./configure run with '--enable-kerberos5'.
|
|
#
|
|
# Default: rcmd
|
|
#
|
|
# set kerberos-service = "rcmd"
|
|
|
|
|
|
# Checks if mail lock needs to be refreshed every this many messages.
|
|
#
|
|
# You normally do not need to adjust this. See "Performance" in the
|
|
# Qpopper Administrator's Guide for more information.
|
|
#
|
|
# Default:
|
|
#
|
|
# set mail-lock-check =
|
|
|
|
|
|
# Disables the reverse lookups on client IP addresses.
|
|
#
|
|
# Default: true
|
|
#
|
|
# set reverse-lookup = true
|
|
|
|
|
|
# Enables server mode by default. See the Qpopper Administrator's
|
|
# Guide for more information.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set server-mode = false
|
|
|
|
|
|
# Enables statistics logging. After each session ends, a statistics
|
|
# record is written to the log. This record resembles the following
|
|
# example: 'stats randy 0 0 1 385 randy.example.org 192.168.2.4' and
|
|
# has the following meaning:
|
|
# Username: 'randy'
|
|
# Deleted messages: 0
|
|
# Deleted octets: 0
|
|
# Messages left on server: 1
|
|
# Octets left on server: 385
|
|
# Name of client machine: 'randy.example.org'
|
|
# IP address of client machine: '192.168.2.4'
|
|
#
|
|
# Default: false
|
|
#
|
|
# set statistics = false
|
|
|
|
|
|
# Sets the timeout for network reads. Qpopper terminates the
|
|
# connection with the client if no input is received in this
|
|
# many seconds. RFC 1939 states that this timeout must be
|
|
# 600 seconds (10 minutes). However, ideal settings in some
|
|
# cases are between 30 and 120 seconds. In other cases the 600
|
|
# value is best, and sometimes a value in between is better.
|
|
#
|
|
# Default: 120
|
|
#
|
|
# set timeout = 120
|
|
|
|
|
|
# Enables debug logging if '--enable-debugging' was used with
|
|
# ./configure. All debug and standard log records are written to
|
|
# the specified file. If this option is used, it should be first,
|
|
# so that debug records are generated for subsequent options.
|
|
#
|
|
# If used without '--enable-debugging', redirects all log messages
|
|
# to the specified file but does not enable debug logging.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set tracefile =
|
|
|
|
|
|
# Reads additional run-time options from a file named
|
|
# '.qpopper-options' in the user's home directory, if present.
|
|
#
|
|
# This file is normally owned by the user.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set user-options = false
|
|
|
|
|
|
# Reads additional run-time options from a file named
|
|
# 'username.qpopper-options' in the spool directory.
|
|
#
|
|
# This file should not be owned by nor writable by the user.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set spool-options = false
|
|
|
|
|
|
# When updating the spool at the end of a session, this option
|
|
# instructs Qpopper to rename the temporary file to the spool instead
|
|
# of copying it. This reduces I/O at session end by a third, but is
|
|
# likely to break programs such as biff or the shell's mail check
|
|
# feature. Use this option only if such programs are not used. It is
|
|
# safest to only enable this option when users do not have shell
|
|
# access to the mail server.
|
|
#
|
|
# See "Performance" in the Qpopper Administrator's Guide for more
|
|
# information.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set fast-update = false
|
|
|
|
|
|
# When set, domains are trimmed from user names before use. For
|
|
# example, if a user named 'maida' enters her login name in her POP
|
|
# client as 'maida@example.org', Qpopper treats this as just 'maida'.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set trim-domain = false
|
|
|
|
|
|
# Specifies TLS/SSL support. The permitted values are:
|
|
# o 'default' TLS/SSL is not supported
|
|
# o 'none' Same as default
|
|
# o 'stls' Enables support for the STLS command. This
|
|
# permits TLS/SSL negotiations on the
|
|
# standard (or any) port, allowing the same
|
|
# port to be used by TLS/SSL and regular
|
|
# clients.
|
|
# o 'alternate-port' Enables alternate-port TLS/SSL. Some older
|
|
# clients require this. (The usual port for
|
|
# alternate-port TLS/SSL with pop is 995.)
|
|
#
|
|
# Only valid when '--with-openssl' or '--with-sslplus' used with
|
|
# ./configure
|
|
#
|
|
# Default: default
|
|
#
|
|
# set tls-support = default
|
|
|
|
|
|
# Specifies the permitted cipher suites. See the OpenSSL documentation
|
|
# for syntax. You normally do not need to set this.
|
|
#
|
|
# Only valid when '--with-openssl' used with ./configure
|
|
#
|
|
# Default:
|
|
#
|
|
# set tls-cipher-list =
|
|
|
|
|
|
# Restricts the version of TLS/SSL recognized in session negotiations.
|
|
# You normally do not need to set this. Supported values are:
|
|
# o 'default' (same as SSLv23)
|
|
# o 'SSLv2' Forces Qpopper only to understand SSLv2 client hello
|
|
# messages.
|
|
# o 'SSLv3' Forces Qpopper only to understand SSLv3 client hello
|
|
# messages. This especially means that it does not
|
|
# understand SSLv2 client hello messages, which are
|
|
# widely used for compatibility reasons.
|
|
# o 'TLSv1' Forces Qpopper only to understand TLSv1 client hello
|
|
# messages. This especially means that it does not
|
|
# understand SSLv2 client hello messages, which are
|
|
# widely used for compatibility reasons. It also does
|
|
# not understand SSLv3 client hello messages.
|
|
# o 'SSLv23' Allows Qpopper to understand SSLv2, SSLv3, and TLSv1
|
|
# client hello messages. This is the best choice when
|
|
# compatibility is a concern. This is the default
|
|
# value.
|
|
# o 'all' (same as SSLv23)
|
|
#
|
|
# Only valid when '--with-openssl' used with ./configure
|
|
#
|
|
# Default: default
|
|
#
|
|
# set tls-version = default
|
|
|
|
|
|
# Specifies the file containing the server's TLS/SSL certificate and
|
|
# encrypted private key.
|
|
#
|
|
# Only valid if '--with-sslplus' used with ./configure.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set tls-identity-file =
|
|
|
|
|
|
# Specifies the passphrase to decrypt the server's private key (in the
|
|
# identify file).
|
|
#
|
|
# Only valid if '--with-sslplus' used with ./configure.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set tls-passphrase =
|
|
|
|
|
|
# Specifies the file which contains the server's TLS/SSL certificate.
|
|
# This file may also contain the server's unencrypted private key.
|
|
#
|
|
# Only valid if '--with-openssl' used with ./configure
|
|
#
|
|
# Default: none
|
|
#
|
|
#
|
|
# set tls-server-cert-file = /etc/mail/certs/cert.pem
|
|
|
|
|
|
# Specifies a file which contains the server's TLS/SSL private key.
|
|
# Note: This private key must not be encrypted.
|
|
#
|
|
# If the private key is contained in the same file as the certificate
|
|
# (as specified with tls-server-cert-file), you do not need to set
|
|
# this option.
|
|
#
|
|
# Only valid if '--with-openssl' used with ./configure
|
|
#
|
|
# Default: none
|
|
#
|
|
# set tls-private-key-file =
|
|
|
|
|
|
# When set, Qpopper writes a log record at the end of a session
|
|
# containing the elapsed time for the session authentication,
|
|
# initialization. and cleanup.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set timing = false
|
|
|
|
|
|
# When set, Qpopper checks for old .user.pop files in old locations
|
|
# when hash-spool or homedirmail is used. When reset, Qpopper skips
|
|
# this check, which speeds things up.
|
|
#
|
|
# Default: true
|
|
#
|
|
# set check-old-spool-loc = true
|
|
|
|
|
|
# When set, Qpopper checks for and creates if needed the hashed spool
|
|
# directories. When reset, Qpopper doesn't check for or create the
|
|
# hashed spool directories. Set to false if you precreate the
|
|
# directories.
|
|
#
|
|
# Default: true
|
|
#
|
|
# set check-hash-dir = true
|
|
|
|
|
|
# When set, Qpopper checks for expired passwords (if the platform
|
|
# permits). When reset, Qpopper omits this check.
|
|
#
|
|
# Default: true
|
|
#
|
|
# set check-password-expired = true
|
|
|
|
|
|
# Determines whether Qpopper updates the read/unread status of
|
|
# messages (a feature relied on by some mail clients). Also
|
|
# determines if Qpopper saves the message's unique identifier
|
|
# (UID) in the spool.
|
|
#
|
|
# When reset, it forces the UID for every message to be
|
|
# recalculated, using more CPU but potentially less I/O.
|
|
#
|
|
# See the "Performance" section of the Qpopper Administrator's Guide
|
|
# for more information.
|
|
#
|
|
# Default: true
|
|
#
|
|
# set update-status-headers = true
|
|
|
|
|
|
# Determines whether Qpopper enters update state when a session
|
|
# aborts. Resetting this option causes Qpopper to ignore any
|
|
# deletions if the session is aborted.
|
|
#
|
|
# Note that RFC 1939, section 6 prohibits the default behavior,
|
|
# but experience showed that otherwise users on noisy lines were
|
|
# often unable to delete their mail. Reset this option to inhibit
|
|
# the default behavior, and obey RFC 1939, but watch for users who
|
|
# download the same messages over and over, or whose spools fill up.
|
|
#
|
|
# Default: true
|
|
#
|
|
# set update-on-abort = true
|
|
|
|
|
|
# When set, Qpopper automatically and unconditionally deletes messages
|
|
# that have been downloaded using the RETR command (the normal command
|
|
# for accessing messages).
|
|
#
|
|
# Caution: This option could result in lost mail. Be sure to
|
|
# inform your users that the option is in effect before enabling.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set auto-delete = false
|
|
|
|
|
|
# When set, Qpopper shows bulletins to users by groups (the group name
|
|
# is the second dot-separated element in each bulletin's name). See
|
|
# "Using Bulletins" in the Qpopper Administrator's Guide for more
|
|
# information. Use a group name of 'ALL' for all users.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set group-bulletins = false
|
|
|
|
|
|
# When set to a 1 or 2, the subdirectory for the mail spools is
|
|
# determined from the user name by either (1) hashing the first four
|
|
# characters or (2) by using directories equal to the first letter and
|
|
# the second letter (if any). For example, if the spool directory is
|
|
# '/var/mail', the spool file for user 'maida' would be:
|
|
# '/var/mail/maida' hash-spool = 0
|
|
# '/var/mail/o/maida' hash-spool = 1
|
|
# '/var/mail/m/a/maida' hash-spool = 2
|
|
#
|
|
# See the "Performance" section of the Qpopper Administrator's Guide
|
|
# for more information.
|
|
#
|
|
# Default: 0
|
|
#
|
|
# set hash-spool = 0
|
|
|
|
|
|
# To have the user's home directory be the spool location, set this
|
|
# option to be the correct file name for the spool.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set home-dir-mail = ".mail"
|
|
|
|
|
|
# When set, instructs Qpopper to generate message unique identifiers
|
|
# (UIDs) using old (pre-3.x) style encoding. This is useful only if
|
|
# you also set 'update-status-headers' to false, have existing users
|
|
# with old (pre-3.x) spool files, and you want to keep the UIDs the
|
|
# same.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set old-style-uid = false
|
|
|
|
|
|
# When set, Qpopper checks for and hides status messages created by
|
|
# University of Washington software.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set UW-kluge = false
|
|
|
|
|
|
# When set, Qpopper keeps (does not delete) the '.user.pop' file (the
|
|
# temporary drop file). Normally this file is deleted when the
|
|
# session ends. Some sites like to retain it to determine the last
|
|
# time a user has accessed his or her mail.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set keep-temp-drop = false
|
|
|
|
|
|
# When set, causes server mode to be on for users who are members of
|
|
# the specified group. See the "Enabling Server Mode" and
|
|
# "Performance" sections of the Qpopper Administrator's Guide for more
|
|
# information.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set group-server-mode =
|
|
|
|
|
|
# When set, causes server mode to be off for users who are members of
|
|
# the specified group. See the "Enabling Server Mode" and
|
|
# "Performance" sections of the Qpopper Administrator's Guide for more
|
|
# information.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set group-no-server-mode =
|
|
|
|
|
|
# Specifies a file that permits only users listed in the file to have
|
|
# Qpopper access. The format is a list of user names, one per line.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set auth-file =
|
|
|
|
|
|
# Specifies a file that denies access to users listed in the file.
|
|
# The format is a list of user names, one per line.
|
|
#
|
|
# Default: none
|
|
#
|
|
# set nonauth-file =
|
|
|
|
|
|
# Set this option if you don't want Qpopper to display its version in
|
|
# the POP protocol banner or CAPA IMPLEMENTATION response of
|
|
# unauthenticated users.
|
|
# Some sites believe this improves security since it avoids advertising
|
|
# that an old version (perhaps with known vulnerabilities) is being
|
|
# used. Others feel is makes the site more likely to be attacked,
|
|
# since it also avoids advertising when running a secure version.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set shy = false
|
|
|
|
|
|
# Set this to the full path to sendmail or other such program used to
|
|
# submit new messages. Qpopper uses this to implement XTND XMIT.
|
|
#
|
|
# The default is determined at compile time.
|
|
#
|
|
#
|
|
# set mail-command = /usr/sbin/sendmail
|
|
|
|
|
|
# Set this to the full path to the mail spool directory.
|
|
#
|
|
# The default is determined at compile time.
|
|
#
|
|
# set spool-dir = /var/spool/mail
|
|
|
|
|
|
# If you do not want '.user.pop' (temporary drop files) to be in the
|
|
# spool directory, set this to the full path to the directory to be
|
|
# used for temp drop files. Note that use of /tmp is not recommended,
|
|
# because a system reboot will wipe out the files. This could cause
|
|
# lost mail.
|
|
#
|
|
# Default: spool directory
|
|
#
|
|
# set temp-dir =
|
|
|
|
|
|
# The name of the temporary drop files. You should not normally set
|
|
# this option.
|
|
#
|
|
# Default: ".%s.pop"
|
|
#
|
|
# set temp-name = ".%s.pop"
|
|
|
|
|
|
# If you do not want user cache files to be in the same directory as
|
|
# temporary drop files, set this to the full path to the directory for
|
|
# cache files. Note that use of /tmp is not recommended, because a
|
|
# system reboot wipes out the files.
|
|
#
|
|
# Default: temp-dir
|
|
#
|
|
# set cache-dir =
|
|
|
|
|
|
# The name of the cache files. You should not normally set this
|
|
# option.
|
|
#
|
|
# Default: ".%s.cache"
|
|
#
|
|
# set cache-name = ".%s.cache"
|
|
|
|
|
|
# Specifies the maximum number of old bulletins seen by new users.
|
|
#
|
|
# Default: 1
|
|
#
|
|
# set max-bulletins = 1
|
|
|
|
|
|
# When set, Qpopper uses a method of opening lock files that may work
|
|
# over NFS. This has not been thoroughly tested, however.
|
|
#
|
|
# Default: false
|
|
#
|
|
# set no-atomic-open = false
|
|
|
|
|
|
# Qpopper sends network output to client in small chunks (for example,
|
|
# line-by-line when sending a message). By default, Qpopper
|
|
# aggregates data to be sent to clients in large chunks. This may be
|
|
# faster or slower, depending on specifics of both the client and
|
|
# server hardware and networking stacks as wel as network elements in
|
|
# between (such as routers). Also, some networking stacks do their
|
|
# own aggregation.
|
|
#
|
|
# Under congested network conditions, larger packets increase the
|
|
# incidence of lost packets and thus client or server timeouts,
|
|
# leading to "POP timeout" or "EOF" errors.
|
|
#
|
|
# When TLS/SSL is in effect, smaller packets increase the overhead
|
|
# needed to send data, which may result in worse performance.
|
|
#
|
|
# You can adjust the Qpopper behavior by setting this option. The
|
|
# values are:
|
|
# o 'default' Always send large chunks
|
|
# o 'always' Same as 'default'
|
|
# o 'never' Never aggregate data into large chunks
|
|
# o 'tls' Only aggregate data into large chunks when TLS/SSL
|
|
# has been negotiated for the session
|
|
# o 'ssl' Same as 'tls'
|
|
#
|
|
# Default: default
|
|
#
|
|
# set chunky-writes = default
|
|
|
|
|
|
# Specifies the log facility that Qpopper uses.
|
|
#
|
|
# Note that this does not apply to popauth, nor to the daemon in
|
|
# standalone mode. These continue to use the compile-time default.
|
|
#
|
|
# Values are:
|
|
# o 'mail' Qpopper logs to LOG_MAIL facility.
|
|
# o 'local0' Qpopper logs to LOG_LOCAL0 facility.
|
|
# o 'local1' Qpopper logs to LOG_LOCAL1 facility.
|
|
# o 'local2' Qpopper logs to LOG_LOCAL2 facility.
|
|
# o 'local3' Qpopper logs to LOG_LOCAL3 facility.
|
|
# o 'local4' Qpopper logs to LOG_LOCAL4 facility.
|
|
# o 'local5' Qpopper logs to LOG_LOCAL5 facility.
|
|
# o 'local6' Qpopper logs to LOG_LOCAL6 facility.
|
|
# o 'local7' Qpopper logs to LOG_LOCAL7 facility.
|
|
#
|
|
# Default: determined at compile time, usually LOG_LOCAL0 or
|
|
# LOG_MAIL, depending on the operating system.
|
|
#
|
|
# set log-facility = local1
|
|
|
|
|
|
# When set, Qpopper logs successful authentications using the
|
|
# specified string. Within the string, an occurrence of '%0' is
|
|
# replaced with the Qpopper version, '%1' with the user name, '%2'
|
|
# with the user's host name, and '%3' with the user's IP address.
|
|
#
|
|
# Default: none, unless '--enable-log-login' used with ./configure,
|
|
# in which case "(v%0) POP login by user /"%1/" at (%2) %3" is used.
|
|
#
|
|
# set log-login = "(v%0) POP login by user /"%1/" at (%2) %3"
|
|
|
|
|