1## auto-generated by config2sample 1.6rst 2# 3 4## cyrusman:: imapd.conf(5) 5 6## _imap-reference-manpages-configs-imapd.conf: 7 8#========== 9#imapd.conf 10#========== 11 12 13 14 15 16 17 18 19 20#IMAP configuration file 21# 22#DESCRIPTION 23#=========== 24 25# /etc/imapd.conf 26# is the configuration file for the Cyrus IMAP server. It defines 27# local parameters for IMAP. 28## 29# Each line of the /etc/imapd.conf file has the form 30# option: value 31# # 32# where option is the name of the configuration option being set 33# and value is the value that the configuration option is being 34# set to. 35## 36# Although there is no limit to the length of a line, a ``\'' 37# (backslash) character may be used as the last character on a line to 38# force it to continue on the next one. No additional whitespace is 39# inserted before or after the ``\''. Note that a line that is split 40# using ``\'' character(s) is still considered a single line. 41 42# For example 43# option:\ 44# value1 value2 \ 45# value3 46# # 47# is equivalent to 48# option: value1 value2 value3 49# # 50# Blank lines and lines beginning with ``#'' are ignored. 51## 52# For boolean and enumerated options, the values ``yes'', ``on'', ``t'', 53# ``true'' and ``1'' turn the option on, the values ``no'', ``off'', 54# ``f'', ``false'' and ``0'' turn the option off. 55## 56# Duration options take the form of a number followed by a unit, for example 57# 32m (32 minutes). Units are d (days), h (hours), m 58# (minutes) and s (seconds). Multiple units can be combined and will 59# be summed together, for example 1h30m is equivalent to 90m. If 60# no unit is specified, an option-specific backward-compatible default unit 61# is assumed (documented on an option-by-option basis). These are simple time 62# units: 1d=24h, 1h=60m, 1m=60s (daylight savings, timezones, leap adjustments, 63# etc are not considered). 64# 65#FIELD DESCRIPTIONS 66#================== 67 68## 69# The sections below detail options that can be placed in the 70# /etc/imapd.conf file, and show each option's default value. 71# Some options have no default value, these are listed with 72# ``<no default>''. Some options default to the empty string, these 73# are listed with ``<none>''. 74 75 76# Addressbookprefix 77# ----------------- 78# The prefix for the addressbook mailboxes hierarchies. The hierarchy 79# delimiter will be automatically appended. The public addressbook 80# hierarchy will be at the toplevel of the shared namespace. A 81# user's personal addressbook hierarchy will be a child of their Inbox. 82#addressbookprefix: #addressbooks 83 84# Admins 85# ------ 86# The list of userids with administrative rights. Separate each userid 87# with a space. Sites using Kerberos authentication may use 88# separate "admin" instances. 89# # 90# Note that accounts used by users should not be administrators. 91# Administrative accounts should not receive mail. That is, if user 92# "jbRo" is a user reading mail, he should not also be in the admins line. 93# Some problems may occur otherwise, most notably the ability of 94# administrators to create top-level mailboxes visible to users, 95# but not writable by users. 96#admins: <empty string> 97 98# Afspts_localrealms 99# ------------------ 100# The list of realms which are to be treated as local, and thus stripped 101# during identifier canonicalization (for the AFSPTS ptloader module). 102# This is different from loginrealms in that it occurs later in the 103# authorization process (as the user id is canonified for PTS lookup) 104#afspts_localrealms: <none> 105 106# Afspts_mycell 107# ------------- 108# Cell to use for AFS PTS lookups. Defaults to the local cell. 109#afspts_mycell: <none> 110 111# Allowallsubscribe 112# ----------------- 113# Allow subscription to nonexistent mailboxes. This option is 114# typically used on backend servers in a Murder so that users can 115# subscribe to mailboxes that don't reside on their "home" server. 116# This option can also be used as a workaround for IMAP clients which 117# don't play well with nonexistent or unselectable mailboxes (e.g., 118# Microsoft Outlook). 119#allowallsubscribe: 0 120 121# Allowanonymouslogin 122# ------------------- 123# Permit logins by the user "anonymous" using any password. Also 124# allows use of the SASL ANONYMOUS mechanism. 125#allowanonymouslogin: 0 126 127# Allowapop 128# --------- 129# Allow use of the POP3 APOP authentication command. 130# # 131# Note that this command requires that SASL is compiled with APOP 132# support, that the plaintext passwords are available in a SASL auxprop 133# backend (e.g., sasldb), and that the system can provide enough entropy 134# (e.g., from /dev/urandom) to create a challenge in the banner. 135#allowapop: 1 136 137# Allowdeleted 138# ------------ 139# Allow access to deleted and expunged data via vendor.cmu-* access 140#allowdeleted: 0 141 142# Allownewnews 143# ------------ 144# Allow use of the NNTP NEWNEWS command. 145# # 146# Note that this is a very expensive command and should only be 147# enabled when absolutely necessary. 148#allownewnews: 0 149 150# Allowplaintext 151# -------------- 152# If enabled, allows the use of cleartext passwords on the wire. 153# # 154# By default, the use of cleartext passwords requires a TLS/SSL 155# encryption layer to be negotiated prior to any cleartext 156# authentication mechanisms being advertised or allowed. To require a 157# TLS/SSL encryption layer to be negotiated prior to ANY 158# authentication, see the tls_required option. 159#allowplaintext: 0 160 161# Allowsetacl 162# ----------- 163# Defaults to enabled. If disabled, disallows the use of the SETACL 164# command at all via IMAP. 165#allowsetacl: 1 166 167# Allowusermoves 168# -------------- 169# Allow moving user accounts (with associated meta-data) via RENAME 170# or XFER. 171# # 172# Note that measures should be taken to make sure that the user being 173# moved is not logged in, and cannot login during the move. Failure 174# to do so may result in the user's meta-data (seen state, 175# subscriptions, etc) being corrupted or out of date. 176#allowusermoves: 0 177 178# Altnamespace 179# ------------ 180# Use the alternate IMAP namespace, where personal folders reside at the 181# same level in the hierarchy as INBOX. 182# # 183# This option ONLY applies where interaction takes place with the 184# client/user. Currently this is limited to the IMAP protocol (imapd) 185# and Sieve scripts (lmtpd). This option does NOT apply to admin tools 186# such as cyradm (admins ONLY), reconstruct, quota, etc., NOR does it 187# affect LMTP delivery of messages directly to mailboxes via 188# plus-addressing. The default changed in 3.0 from off to on. 189#altnamespace: 1 190 191# Altprefix 192# --------- 193# Alternative INBOX spellings that can't be accessed in altnamespace 194# otherwise go under here 195#altprefix: Alt Folders 196 197# Annotation_db 198# ------------- 199# The cyrusdb backend to use for mailbox annotations. 200# Allowed values: skiplist, twoskip, zeroskip 201#annotation_db: twoskip 202 203# Annotation_db_path 204# ------------------ 205# The absolute path to the annotations db file. If not specified, 206# will be configdirectory/annotations.db 207#annotation_db_path: <none> 208 209# Anyoneuseracl 210# ------------- 211# Should non-admin users be allowed to set ACLs for the 'anyone' 212# user on their mailboxes? In a large organization this can cause 213# support problems, but it's enabled by default. 214#anyoneuseracl: 1 215 216# Annotation_allow_undefined 217# -------------------------- 218# Allow clients to store values for entries which are not 219# defined either by Cyrus or in the annotations_definitions 220# file. 221#annotation_allow_undefined: 0 222 223# Annotation_definitions 224# ---------------------- 225# File containing external (third-party) annotation definitions. 226# # 227# Each line of the file specifies the properties of an annotation and 228# has the following form: 229 230# name, scope, attrib-type, proxy-type, 231# attrib-names, acl 232# name 233# is the hierarchical name as in RFC 5257 or RFC 5464 (in the latter case, 234# without the leading /shared or /private). For example, 235# /vendor/acme/blurdybloop. 236# scope 237# specifies whether the annotation is for the server, a 238# mailbox, or a message. 239# attrib-type 240# specifies the attribute data type, which is used only to check the 241# string value passed by clients when setting annotations. The 242# attrib-type is one of: 243# string 244# any value is accepted. 245# content-type 246# this obsolete data type, which was useful for early drafts of the standard, 247# is accepted but silently translated to string. 248# boolean 249# only the strings "true" or "false" are accepted. Checking is 250# case-insensitive but the value is forced to lowercase. 251# int 252# integers are accepted. 253# uint 254# non-negative integers are accepted. 255# proxy-type 256# specifies whether this attribute is for the backend or 257# proxy servers or both (proxy_and_backend) 258# attrib-names 259# is the space-separated list of available attributes for the 260# annotation. Possible attribute names are value.shared, 261# value.priv, and value (which permits both value.priv 262# and value.shared). The attribute names size, 263# size.shared, and size.priv are accepted but ignored; these 264# attributes are automatically provided by the server if the corresponding 265# value attribute is specified. Some obsolete attributes, which were 266# defined early drafts of the standard, are accepted and ignored with a 267# warning. 268# extra-permissions 269# is the extra ACL permission bits required for setting this annotation, in 270# standard IMAP ACL permission bit string format. Note that this is 271# in addition to the permission bits specified in RFC 5257 and RFC 5464, 272# so leaving this field empty is harmless. Note also that there is no way 273# to specify that an annotation can only be set by an admin user; in 274# particular the a permission bit does not achieve this. 275# # 276# Blank lines and lines beginning with ``#'' are ignored. 277 278#annotation_definitions: <none> 279 280# Annotation_callout 281# ------------------ 282# The pathname of a callout to be used to automatically add annotations 283# or flags to a message when it is appended to a mailbox. The path can 284# be either an executable (including a script), or a UNIX domain 285# socket. 286#annotation_callout: <none> 287 288# Annotation_callout_disable_append 289# --------------------------------- 290# Disables annotations on append with xrunannotator 291#annotation_callout_disable_append: 0 292 293# Annotation_enable_legacy_commands 294# --------------------------------- 295# Whether to enable the legacy GETANNOTATION/SETANNOTATION commands. 296# These commands are deprecated and will be removed in the future, 297# but might be useful in the meantime for supporting old clients that 298# do not implement the RFC5464 IMAP METADATA extension. 299#annotation_enable_legacy_commands: 0 300 301# Aps_topic 302# --------- 303# Topic for Apple Push Service registration. 304#aps_topic: <none> 305 306# Aps_topic_caldav 307# ---------------- 308# Topic for Apple Push Service registration for CalDAV. 309#aps_topic_caldav: <none> 310 311# Aps_topic_carddav 312# ----------------- 313# Topic for Apple Push Service registration for CardDAV. 314#aps_topic_carddav: <none> 315 316# Archive_enabled 317# --------------- 318# Is archiving enabled for this server. You also need to have an 319# archivepartition for the mailbox. Archiving allows older email 320# to be stored on slower, cheaper disks - even within the same 321# mailbox, as distinct from partitions. 322#archive_enabled: 0 323 324# Archive_days 325# ------------ 326# Deprecated in favour of archive_after. 327#archive_days: <none> 328 329# Archive_after 330# ------------- 331# The duration after which to move messages to the archive partition 332# if archiving is enabled. 333# # 334# For backward compatibility, if no unit is specified, days is 335# assumed. 336#archive_after: 7d 337 338# Archive_maxsize 339# --------------- 340# The size in kilobytes of the largest message that won't be archived 341# immediately. Default is 1Mb 342#archive_maxsize: 1024 343 344# Archive_keepflagged 345# ------------------- 346# If set, messages with the \Flagged system flag won't be archived, 347# provided they are smaller than archive_maxsize. 348#archive_keepflagged: 0 349 350# Archivepartition-name 351# --------------------- 352# The pathname of the archive partition name, corresponding to 353# spool partition partition-name. For any mailbox residing in 354# a directory on partition-name, the archived messages will be 355# stored in a corresponding directory on archivepartition-name. 356# Note that not every partition-name option is strictly required 357# to have a corresponding archivepartition-name option, but that 358# without one there's no benefit to enabling archiving. 359#archivepartition-name: <none> 360 361# Auditlog 362# -------- 363# Should cyrus output log entries for every action taken on a message 364# file or mailboxes list entry? It's noisy so disabled by default, but 365# can be very useful for tracking down what happened if things look strange 366#auditlog: 0 367 368# Auth_mech 369# --------- 370# The authorization mechanism to use. 371# Allowed values: unix, pts, krb, krb5 372#auth_mech: unix 373 374# Autocreateinboxfolders 375# ---------------------- 376# Deprecated in favor of autocreate_inbox_folders. 377#autocreateinboxfolders: <none> 378 379# Autocreatequota 380# --------------- 381# Deprecated in favor of autocreate_quota. 382#autocreatequota: 0 383 384# Autocreatequotamsg 385# ------------------ 386# Deprecated in favor of autocreate_quota_messages. 387#autocreatequotamsg: -1 388 389# Autosievefolders 390# ---------------- 391# Deprecated in favor of autocreate_sieve_folders. 392#autosievefolders: <none> 393 394# Generate_compiled_sieve_script 395# ------------------------------ 396# Deprecated in favor of autocreate_sieve_script_compile. 397#generate_compiled_sieve_script: 0 398 399# Autocreate_sieve_compiled_script 400# -------------------------------- 401# Deprecated in favor of autocreate_sieve_script_compiled. 402#autocreate_sieve_compiled_script: <none> 403 404# Autosubscribeinboxfolders 405# ------------------------- 406# Deprecated in favor of autocreate_subscribe_folders. 407#autosubscribeinboxfolders: <none> 408 409# Autosubscribesharedfolders 410# -------------------------- 411# Deprecated in favor of autocreate_subscribe_sharedfolders. 412#autosubscribesharedfolders: <none> 413 414# Autosubscribe_all_sharedfolders 415# ------------------------------- 416# Deprecated in favor of autocreate_subscribe_sharedfolders_all. 417#autosubscribe_all_sharedfolders: 0 418 419# Autocreate_acl 420# -------------- 421# If folders are to be created by autocreate_inbox_folders, this 422# setting can be used to apply additional ACLs to the autocreated 423# folders. The syntax is "autocreate_acl folder identifier rights", 424# where folder must match one of the autocreate_inbox_folders 425# folders, identifier must be a valid cyrus identifier, and 426# rights must be a valid cyrus rights string. Multiple 427# identifier|rights pairs can be assigned to a single folder by providing 428# this setting multiple times. 429# # 430# For example, "autocreate_acl Plus anyone p" would allow lmtp delivery 431# to a folder named "Plus". 432 433#autocreate_acl: <none> 434 435# Autocreate_inbox_folders 436# ------------------------ 437# If a user does not have an INBOX already, and the INBOX is to be 438# created, create the list of folders in this setting as well. 439# autocreate_inbox_folders is a list of INBOX's subfolders 440# separated by a "|", that are automatically created by the server 441# under the following two scenarios. Leading and trailing whitespace is 442# stripped, so "Junk | Trash" results in two folders: "Junk" and 443# "Trash". See also the xlist-flag option, for setting 444# special-use flags on autocreated folders. 445# # 446# INBOX folders are created under both the following conditions: 447# 1. 448# The user logins via the IMAP or the POP3 protocol. 449# autocreate_quota option must have a value of zero or greater. 450# 2. 451# A message arrives for the user through the lmtpd(8). 452# autocreate_post option must be enabled. 453# # 454 455#autocreate_inbox_folders: <none> 456 457# Autocreate_post 458# --------------- 459# If enabled, when lmtpd(8) receives an incoming mail for an 460# INBOX that does not exist, then the INBOX is automatically created 461# by lmtpd(8) and delivery of the message continues. 462#autocreate_post: 0 463 464# Autocreate_quota 465# ---------------- 466# If set to a value of zero or higher, users have their INBOX folders 467# created upon a successful login event or upon lmtpd(8) 468# message delivery if autocreate_post is enabled, provided their 469# INBOX did not yet already exist. 470# # 471# The user's quota is set to the value if it is greater than zero, 472# otherwise the user has unlimited quota. 473# # 474# Note that quota is specified in kilobytes. 475#autocreate_quota: -1 476 477# Autocreate_quota_messages 478# ------------------------- 479# If set to a value of zero or higher, users who have their INBOX 480# folders created upon a successful login event (see 481# autocreate_quota), or upon lmtpd(8) message delivery if 482# autocreate_post is enabled, receive the message quota 483# configured in this option. 484# # 485# The default of -1 disables assigning message quota. 486# # 487# For consistency with autocreate_quota, a value of zero is treated 488# as unlimited message quota, rather than a message quota of zero. 489#autocreate_quota_messages: -1 490 491# Autocreate_sieve_folders 492# ------------------------ 493# A "|" separated list of subfolders of INBOX that will be 494# automatically created, if requested by a sieve filter, through the 495# "fileinto" action. The default is to create no folders 496# automatically. 497# # 498# Leading and trailing whitespace is stripped from each folder, so a 499# setting of "Junk | Trash" will create two folders: "Junk" and 500# "Trash". 501#autocreate_sieve_folders: <none> 502 503# Autocreate_sieve_script 504# ----------------------- 505# The full path of a file that contains a sieve script. This script 506# automatically becomes a user's initial default sieve filter script. 507# # 508# When this option is not defined, no default sieve filter is created. 509# The file must be readable by the Cyrus daemon. 510#autocreate_sieve_script: <none> 511 512# Autocreate_sieve_script_compile 513# ------------------------------- 514# If set to yes and no compiled sieve script file exists, the sieve script which is 515# compiled on the fly will be saved in the file name that autocreate_sieve_compiledscript 516# option points to. In order a compiled script to be generated, autocreate_sieve_script and 517# autocreate_sieve_compiledscript must have valid values 518#autocreate_sieve_script_compile: 0 519 520# Autocreate_sieve_script_compiled 521# -------------------------------- 522# The full path of a file that contains a compiled in bytecode sieve script. This script 523# automatically becomes a user's initial default sieve filter script. If this option is 524# not specified, or the filename doesn't exist then the script defined by 525# autocreate_sieve_script is compiled on the fly and installed as the user's default 526# sieve script 527#autocreate_sieve_script_compiled: <none> 528 529# Autocreate_subscribe_folders 530# ---------------------------- 531# A list of folder names, separated by "|", that the users get automatically subscribed to, 532# when their INBOX is created. These folder names must have been included in the 533# autocreateinboxfolders option of the imapd.conf. 534#autocreate_subscribe_folders: <none> 535 536# Autocreate_subscribe_sharedfolders 537# ---------------------------------- 538# A list of shared folders (bulletin boards), separated by "|", that the users get 539# automatically subscribed to, after their INBOX is created. The shared folder must 540# have been created and the user must have the required permissions to get subscribed 541# to it. Otherwise, subscribing to the shared folder fails. 542#autocreate_subscribe_sharedfolders: <none> 543 544# Autocreate_subscribe_sharedfolders_all 545# -------------------------------------- 546# If set to yes, the user is automatically subscribed to all shared folders, one has permission 547# to subscribe to. 548#autocreate_subscribe_sharedfolders_all: 0 549 550# Autocreate_users 551# ---------------- 552# A space separated list of users and/or groups that are allowed their INBOX to be 553# automatically created. 554#autocreate_users: anyone 555 556# Autoexpunge 557# ----------- 558# If set to yes, then all \Deleted messages will be automatically expunged whenever 559# an index is closed, whether CLOSE, UNSELECT, SELECT or on disconnect 560#autoexpunge: 0 561 562# Backuppartition-name 563# -------------------- 564# The pathname of the backup partition name. At least one backup 565# partition pathname MUST be specified if backups are in use. Note that 566# there is no relationship between spool partitions and backup partitions. 567#backuppartition-name: <none> 568 569# Backup_compact_minsize 570# ---------------------- 571# The minimum size in kilobytes of chunks in each backup. The compact tool 572# will try to combine adjacent chunks that are smaller than this. 573# # 574# Setting this value to zero or negative disables combining of chunks. 575#backup_compact_minsize: 0 576 577# Backup_compact_maxsize 578# ---------------------- 579# The maximum size in kilobytes of chunks in each backup. The compact tool 580# will try to split chunks larger than this into smaller chunks. 581# # 582# Setting this value to zero or negative disables splitting of chunks. 583#backup_compact_maxsize: 0 584 585# Backup_compact_work_threshold 586# ----------------------------- 587# The number of chunks that must obviously need compaction before the compact 588# tool will go ahead with the compaction. If set to less than one, the value 589# is treated as being one. 590#backup_compact_work_threshold: 1 591 592# Backup_staging_path 593# ------------------- 594# The absolute path of the backup staging area. If not specified, 595# will be temp_path/backup 596#backup_staging_path: <none> 597 598# Backup_retention_days 599# --------------------- 600# Deprecated in favor of backup_retention. 601#backup_retention_days: <none> 602 603# Backup_retention 604# ---------------- 605# How long to keep content in backup after it has been deleted 606# from the source. If set to a negative value or zero, deleted content 607# will be kept indefinitely. 608# # 609# For backward compatibility, if no unit is specified, days is 610# assumed. 611#backup_retention: 7d 612 613# Backup_db 614# --------- 615# The cyrusdb backend to use for the backup locations database. 616# Allowed values: skiplist, sql, twoskip, zeroskip 617#backup_db: twoskip 618 619# Backup_db_path 620# -------------- 621# The absolute path to the backup db file. If not specified, 622# will be configdirectory/backups.db 623#backup_db_path: <none> 624 625# Backup_keep_previous 626# -------------------- 627# Whether the ctl_backups compact and ctl_backups reindex 628# commands should preserve the original file. The original file will 629# be named with a timestamped suffix. This is mostly useful for 630# debugging. 631# # 632# Note that with this enabled, compacting a backup will actually 633# increase the disk used by it (because there will now be an extra 634# copy: the original version, and the compacted version). 635#backup_keep_previous: 0 636 637# Boundary_limit 638# -------------- 639# messages are parsed recursively and a deep enough MIME structure 640# can cause a stack overflow. Do not parse deeper than this many 641# layers of MIME structure. The default of 1000 is much higher 642# than any sane message should have. 643#boundary_limit: 1000 644 645# Caldav_allowattach 646# ------------------ 647# Enable managed attachments support on the CalDAV server. 648#caldav_allowattach: 1 649 650# Caldav_allowcalendaradmin 651# ------------------------- 652# Enable per-user calendar administration web UI on the CalDAV server. 653#caldav_allowcalendaradmin: 0 654 655# Caldav_allowscheduling 656# ---------------------- 657# Enable calendar scheduling operations. If set to "apple", the 658# server will emulate Apple CalendarServer behavior as closely as 659# possible. 660# Allowed values: off, on, apple 661#caldav_allowscheduling: on 662 663# Caldav_create_attach 664# -------------------- 665# Create the 'Attachments' collection if it doesn't already exist 666#caldav_create_attach: 1 667 668# Caldav_create_default 669# --------------------- 670# Create the 'Default' calendar if it doesn't already exist 671#caldav_create_default: 1 672 673# Caldav_create_sched 674# ------------------- 675# Create the 'Inbox' and 'Outbox' calendars if they don't already exist 676#caldav_create_sched: 1 677 678# Caldav_historical_age 679# --------------------- 680# How long after an occurrence of event or task has concluded 681# that it is considered 'historical'. Changes to historical 682# occurrences of events or tasks WILL NOT have invite or reply 683# messages sent for them. A negative value means that events 684# and tasks are NEVER considered historical. 685# # 686# For backward compatibility, if no unit is specified, days is 687# assumed. 688#caldav_historical_age: 7d 689 690# Caldav_maxdatetime 691# ------------------ 692# The latest date and time accepted by the server (ISO format). This 693# value is also used for expanding non-terminating recurrence rules. 694# # 695# Note that increasing this value will require the DAV databases for 696# calendars to be reconstructed with the dav_reconstruct 697# utility in order to see its effect on serer-side time-based 698# queries. 699#caldav_maxdatetime: 20380119T031407Z 700 701# Caldav_mindatetime 702# ------------------ 703# The earliest date and time accepted by the server (ISO format). 704#caldav_mindatetime: 19011213T204552Z 705 706# Caldav_realm 707# ------------ 708# The realm to present for HTTP authentication of CalDAV resources. 709# If not set (the default), the value of the "servername" option will 710# be used. 711#caldav_realm: <none> 712 713# Calendarprefix 714# -------------- 715# The prefix for the calendar mailboxes hierarchies. The hierarchy 716# delimiter will be automatically appended. The public calendar 717# hierarchy will be at the toplevel of the shared namespace. A 718# user's personal calendar hierarchy will be a child of their Inbox. 719#calendarprefix: #calendars 720 721# Calendar_user_address_set 722# ------------------------- 723# Space-separated list of domains corresponding to calendar user 724# addresses for which the server is responsible. If not set (the 725# default), the value of the "servername" option will be used. 726#calendar_user_address_set: <none> 727 728# Calendar_component_set 729# ---------------------- 730# Space-separated list of iCalendar component types that calendar 731# object resources may contain in a calendar collection. 732# This restriction is only set at calendar creation time and only 733# if the CalDAV client hasn't specified a restriction in the creation 734# request. 735# Allowed values: VEVENT, VTODO, VJOURNAL, VFREEBUSY, VAVAILABILITY, VPOLL 736#calendar_component_set: VEVENT VTODO VJOURNAL VFREEBUSY VAVAILABILITY VPOLL 737 738# Carddav_allowaddmember 739# ---------------------- 740# Enable support for POST add-member on the CardDAV server. 741#carddav_allowaddmember: 0 742 743# Carddav_allowaddressbookadmin 744# ----------------------------- 745# Enable per-user addressbook administration web UI on the CardDAV server. 746#carddav_allowaddressbookadmin: 0 747 748# Carddav_realm 749# ------------- 750# The realm to present for HTTP authentication of CardDAV resources. 751# If not set (the default), the value of the "servername" option will 752# be used. 753#carddav_realm: <none> 754 755# Carddav_repair_vcard 756# -------------------- 757# If enabled, VCARDs with invalid content are attempted to be repaired 758# during creation. 759#carddav_repair_vcard: 0 760 761# Chatty 762# ------ 763# If yes, syslog tags and commands for every IMAP command, mailboxes 764# for every lmtp connection, every POP3 command, etc 765#chatty: 0 766 767# Client_bind 768# ----------- 769# If enabled, a specific IP will be bound when performing a client 770# connection. client_bind_name is used if it is set, otherwise 771# servername is used. This is useful on multi-homed servers where 772# Cyrus should not use other services' interfaces. 773# # 774# If not enabled (the default), no bind will be performed. Client 775# connections will use an IP chosen by the operating system. 776#client_bind: 0 777 778# Client_bind_name 779# ---------------- 780# IPv4, IPv6 address or hostname to bind for client connections when 781# client_bind is enabled. If not set (the default), 782# servername will be used. 783#client_bind_name: <none> 784 785# Client_timeout 786# -------------- 787# Time to wait before returning a timeout failure when performing a 788# client connection (e.g. in a murder environment). 789# # 790# For backward compatibility, if no unit is specified, seconds is 791# assumed. 792#client_timeout: 10s 793 794# Commandmintimer 795# --------------- 796# Time in seconds. Any imap command that takes longer than this 797# time is logged. 798#commandmintimer: <none> 799 800# Configdirectory 801# --------------- 802# The pathname of the IMAP configuration directory. This field is 803# required. 804#configdirectory: <none> 805 806# Createonpost 807# ------------ 808# Deprecated in favor of autocreate_post. 809#createonpost: 0 810 811# Conversations 812# ------------- 813# Enable the XCONVERSATIONS extensions. Extract conversation 814# tracking information from incoming messages and track them 815# in per-user databases. 816#conversations: 0 817 818# Conversations_counted_flags 819# --------------------------- 820# space-separated list of flags for which per-conversation counts 821# will be kept. Note that you need to reconstruct the conversations 822# database with ctl_conversationsdb if you change this option on a 823# running server, or the counts will be wrong. 824#conversations_counted_flags: <none> 825 826# Conversations_db 827# ---------------- 828# The cyrusdb backend to use for the per-user conversations database. 829# Allowed values: skiplist, sql, twoskip, zeroskip 830#conversations_db: skiplist 831 832# Conversations_expire_days 833# ------------------------- 834# Deprecated in favor of conversations_expire_after. 835#conversations_expire_days: <none> 836 837# Conversations_expire_after 838# -------------------------- 839# How long the conversations database keeps the message tracking 840# information needed for receiving new messages in existing 841# conversations. 842# # 843# For backward compatibility, if no unit is specified, days is 844# assumed. 845#conversations_expire_after: 90d 846 847# Conversations_max_thread 848# ------------------------ 849# maximum size for a single thread. Threads will split if they have this many 850# * messages in them and another message arrives 851#conversations_max_thread: 100 852 853# Crossdomains 854# ------------ 855# Enable cross domain sharing. This works best with alt namespace and 856# unix hierarchy separators on, so you get Other Users/foo@example.com/... 857#crossdomains: 0 858 859# Crossdomains_onlyother 860# ---------------------- 861# only show the domain for users in other domains than your own (for 862# backwards compatibility if you're already sharing 863#crossdomains_onlyother: 0 864 865# Cyrus_group 866# ----------- 867# The name of the group Cyrus services will run as. If not configured, the 868# primary group of cyrus_user will be used. Can be further overridden by 869# setting the $CYRUS_GROUP environment variable. 870#cyrus_group: <none> 871 872# Cyrus_user 873# ---------- 874# The username to use as the 'cyrus' user. If not configured, the compile 875# time default will be used. Can be further overridden by setting the 876# $CYRUS_USER environment variable. 877#cyrus_user: <none> 878 879# Davdriveprefix 880# -------------- 881# The prefix for the DAV storage mailboxes hierarchies. The hierarchy 882# delimiter will be automatically appended. The public storage 883# hierarchy will be at the toplevel of the shared namespace. A 884# user's personal storage hierarchy will be a child of their Inbox. 885#davdriveprefix: #drive 886 887# Davnotificationsprefix 888# ---------------------- 889# The prefix for the DAV notifications hierarchy. The hierarchy 890# delimiter will be automatically appended. The public notifications 891# hierarchy will be at the toplevel of the shared namespace. A 892# user's personal notifications hierarchy will be a child of their Inbox. 893#davnotificationsprefix: #notifications 894 895# Dav_realm 896# --------- 897# The realm to present for HTTP authentication of generic DAV 898# resources (principals). If not set (the default), the value of the 899# "servername" option will be used. 900#dav_realm: <none> 901 902# Dav_lock_timeout 903# ---------------- 904# The maximum time to wait for a write lock on the per-user DAV database 905# before timeout. For HTTP requests, the HTTP status code 503 is returned 906# if the lock can not be obtained within this time. 907# # 908# For backward compatibility, if no unit is specified, seconds is 909# assumed. 910#dav_lock_timeout: 20s 911 912# Debug_command 913# ------------- 914# Debug command to be used by processes started with -D option. The string 915# is a C format string that gets 3 options: the first is the name of the 916# executable (as specified in the cmd parameter in cyrus.conf). The second 917# is the pid (integer) and the third is the service ID. 918# Example: /usr/local/bin/gdb /usr/cyrus/bin/%s %d 919#debug_command: <none> 920 921# Defaultacl 922# ---------- 923# The Access Control List (ACL) placed on a newly-created (non-user) 924# mailbox that does not have a parent mailbox. 925#defaultacl: anyone lrs 926 927# Defaultdomain 928# ------------- 929# The default domain for virtual domain support 930#defaultdomain: internal 931 932# Defaultpartition 933# ---------------- 934# The partition name used by default for new mailboxes. If not 935# specified, the partition with the most free space will be used for 936# new mailboxes. 937# # 938# Note that the partition specified by this option must also be 939# specified as partition-name, where you substitute 'name' 940# for the alphanumeric string you set defaultpartition to. 941#defaultpartition: <none> 942 943# Defaultsearchtier 944# ----------------- 945# Name of the default tier that messages will be indexed to. Search 946# indexes can be organized in tiers to allow index storage in different 947# directories and physical media. See the man page of squatter for 948# details. The default search tier also requires the definition 949# of an according searchtierpartition-name entry. 950# # 951# This option MUST be specified for xapian search. 952#defaultsearchtier: <empty string> 953 954# Defaultserver 955# ------------- 956# The backend server name used by default for new mailboxes. If not 957# specified, the server with the most free space will be used for new 958# mailboxes. 959#defaultserver: <none> 960 961# Deletedprefix 962# ------------- 963# With delete_mode set to delayed, the 964# deletedprefix setting defines the prefix for the hierarchy of 965# deleted mailboxes. 966# # 967# The hierarchy delimiter will be automatically appended. 968 969#deletedprefix: DELETED 970 971# Delete_mode 972# ----------- 973# The manner in which mailboxes are deleted. In the default 974# delayed mode, mailboxes that are being deleted are renamed to 975# a special mailbox hierarchy under the deletedprefix, to be 976# removed later by cyr_expire(8). 977# # 978# In immediate mode, the mailbox is removed from the filesystem 979# immediately. 980 981# Allowed values: immediate, delayed 982#delete_mode: delayed 983 984# Delete_unsubscribe 985# ------------------ 986# Whether to also unsubscribe from mailboxes when they are deleted. 987# Note that this behaviour contravenes RFC 3501 section 6.3.9, but 988# may be useful for avoiding user/client software confusion. 989# The default is 'no'. 990#delete_unsubscribe: 0 991 992# Deleteright 993# ----------- 994# Deprecated - only used for backwards compatibility with existing 995# installations. Lists the old RFC 2086 right which was used to 996# grant the user the ability to delete a mailbox. If a user has this 997# right, they will automatically be given the new 'x' right. 998#deleteright: c 999 1000# Disable_user_namespace 1001# ---------------------- 1002# Preclude list command on user namespace. If set to 'yes', the 1003# LIST response will never include any other user's mailbox. Admin 1004# users will always see all mailboxes. The default is 'no' 1005#disable_user_namespace: 0 1006 1007# Disable_shared_namespace 1008# ------------------------ 1009# Preclude list command on shared namespace. If set to 'yes', the 1010# LIST response will never include any non-user mailboxes. Admin 1011# users will always see all mailboxes. The default is 'no' 1012#disable_shared_namespace: 0 1013 1014# Disconnect_on_vanished_mailbox 1015# ------------------------------ 1016# If enabled, IMAP/POP3/NNTP clients will be disconnected by the 1017# server if the currently selected mailbox is (re)moved by another 1018# session. Otherwise, the missing mailbox is treated as empty while 1019# in use by the client. 1020#disconnect_on_vanished_mailbox: 0 1021 1022# Ischedule_dkim_domain 1023# --------------------- 1024# The domain to be reported as doing iSchedule DKIM signing. 1025#ischedule_dkim_domain: <none> 1026 1027# Ischedule_dkim_key_file 1028# ----------------------- 1029# File containing the private key for iSchedule DKIM signing. 1030#ischedule_dkim_key_file: <none> 1031 1032# Ischedule_dkim_required 1033# ----------------------- 1034# A DKIM signature is required on received iSchedule requests. 1035#ischedule_dkim_required: 1 1036 1037# Ischedule_dkim_selector 1038# ----------------------- 1039# Name of the selector subdividing the domain namespace. This 1040# specifies the actual key used for iSchedule DKIM signing within the 1041# domain. 1042#ischedule_dkim_selector: <none> 1043 1044# Duplicate_db 1045# ------------ 1046# The cyrusdb backend to use for the duplicate delivery suppression 1047# and sieve. 1048# Allowed values: skiplist, sql, twoskip, zeroskip 1049#duplicate_db: twoskip 1050 1051# Duplicate_db_path 1052# ----------------- 1053# The absolute path to the duplicate db file. If not specified, 1054# will be configdirectory/deliver.db 1055#duplicate_db_path: <none> 1056 1057# Duplicatesuppression 1058# -------------------- 1059# If enabled, lmtpd will suppress delivery of a message to a mailbox if 1060# a message with the same message-id (or resent-message-id) is recorded 1061# as having already been delivered to the mailbox. Records the mailbox 1062# and message-id/resent-message-id of all successful deliveries. 1063#duplicatesuppression: 1 1064 1065# Event_content_inclusion_mode 1066# ---------------------------- 1067# The mode in which message content may be included with MessageAppend and 1068# MessageNew. "standard" mode is the default behavior in which message is 1069# included up to a size with the notification. In "message" mode, the message 1070# is included and may be truncated to a size. In "header" mode, it includes 1071# headers truncated to a size. In "body" mode, it includes body truncated 1072# to a size. In "headerbody" mode, it includes full headers and body truncated 1073# to a size 1074# Allowed values: standard, message, header, body, headerbody 1075#event_content_inclusion_mode: standard 1076 1077# Event_content_size 1078# ------------------ 1079# Truncate the message content that may be included with MessageAppend and 1080# MessageNew. Set 0 to include the entire message itself 1081#event_content_size: 0 1082 1083# Event_exclude_flags 1084# ------------------- 1085# Don't send event notification for given IMAP flag(s) 1086#event_exclude_flags: <none> 1087 1088# Event_exclude_specialuse 1089# ------------------------ 1090# Don't send event notification for folder with given special-use attributes. 1091# Set ALL for any folder 1092#event_exclude_specialuse: \\Junk 1093 1094# Event_extra_params 1095# ------------------ 1096# Space-separated list of extra parameters to add to any appropriated event. 1097# Allowed values: bodyStructure, clientAddress, diskUsed, flagNames, messageContent, messageSize, messages, modseq, service, timestamp, uidnext, vnd.cmu.midset, vnd.cmu.unseenMessages, vnd.cmu.envelope, vnd.cmu.sessionId, vnd.cmu.mailboxACL, vnd.cmu.mbtype, vnd.cmu.davFilename, vnd.cmu.davUid, vnd.fastmail.clientId, vnd.fastmail.sessionId, vnd.fastmail.convExists, vnd.fastmail.convUnseen, vnd.fastmail.cid, vnd.fastmail.counters, vnd.cmu.emailid, vnd.cmu.threadid 1098#event_extra_params: timestamp 1099 1100# Event_groups 1101# ------------ 1102# Space-separated list of groups of related events to turn on notification 1103# Allowed values: message, quota, flags, access, mailbox, subscription, calendar, applepushservice 1104#event_groups: message mailbox 1105 1106# Event_notifier 1107# -------------- 1108# Notifyd(8) method to use for "EVENT" notifications which are based on 1109# the RFC 5423. If not set, "EVENT" notifications are disabled. 1110#event_notifier: <none> 1111 1112# Expunge_mode 1113# ------------ 1114# The mode in which messages (and their corresponding cache entries) 1115# are expunged. "semidelayed" mode is the old behavior in which the 1116# message files are purged at the time of the EXPUNGE, but index 1117# and cache records are retained to facilitate QRESYNC. 1118# In "delayed" mode, which is the default since Cyrus 2.5.0, 1119# the message files are also retained, allowing unexpunge to 1120# rescue them. In "immediate" mode, both the message files and the 1121# index records are removed as soon as possible. In all cases, 1122# nothing will be finally purged until all other processes have 1123# closed the mailbox to ensure they never see data disappear under 1124# them. In "semidelayed" or "delayed" mode, a later run of "cyr_expire" 1125# will clean out the retained records (and possibly message files). 1126# This reduces the amount of I/O that takes place at the time of 1127# EXPUNGE and should result in greater responsiveness for the client, 1128# especially when expunging a large number of messages. 1129# Allowed values: immediate, semidelayed, delayed 1130#expunge_mode: delayed 1131 1132# Failedloginpause 1133# ---------------- 1134# Time to pause after a failed login. 1135# # 1136# For backward compatibility, if no unit is specified, seconds is 1137# assumed. 1138#failedloginpause: 3s 1139 1140# Flushseenstate 1141# -------------- 1142# Deprecated. No longer used 1143#flushseenstate: 1 1144 1145# Foolstupidclients 1146# ----------------- 1147# If enabled, only list the personal namespace when a LIST "*" is performed 1148# (it changes the request to a LIST "INBOX*"). 1149#foolstupidclients: 0 1150 1151# Force_sasl_client_mech 1152# ---------------------- 1153# Force preference of a given SASL mechanism for client side operations 1154# (e.g., murder environments). This is separate from (and overridden by) 1155# the ability to use the <host shortname>_mechs option to set preferred 1156# mechanisms for a specific host 1157#force_sasl_client_mech: <none> 1158 1159# Fulldirhash 1160# ----------- 1161# If enabled, uses an improved directory hashing scheme which hashes 1162# on the entire username instead of using just the first letter as 1163# the hash. This changes hash algorithm used for quota and user 1164# directories and if hashimapspool is enabled, the entire mail 1165# spool. 1166# # 1167# Note that this option CANNOT be changed on a live system. The 1168# server must be quiesced and then the directories moved with the 1169# rehash utility. 1170#fulldirhash: 0 1171 1172# Hashimapspool 1173# ------------- 1174# If enabled, the partitions will also be hashed, in addition to the 1175# hashing done on configuration directories. This is recommended if 1176# one partition has a very bushy mailbox tree. 1177#hashimapspool: 0 1178 1179# Debug 1180# ----- 1181# If enabled, allow syslog() to pass LOG_DEBUG messages. 1182#debug: 0 1183 1184# Hostname_mechs 1185# -------------- 1186# Force a particular list of SASL mechanisms to be used when authenticating 1187# to the backend server hostname (where hostname is the short hostname of 1188# the server in question). If it is not specified it will query the server 1189# for available mechanisms and pick one to use. - Cyrus Murder 1190#hostname_mechs: <none> 1191 1192# Hostname_password 1193# ----------------- 1194# The password to use for authentication to the backend server hostname 1195# (where hostname is the short hostname of the server) - Cyrus Murder 1196#hostname_password: <none> 1197 1198# Httpallowcompress 1199# ----------------- 1200# If enabled, the server will compress response payloads if the client 1201# indicates that it can accept them. Note that the compressed data 1202# will appear in telemetry logs, leaving only the response headers as 1203# human-readable. 1204#httpallowcompress: 1 1205 1206# Httpallowcors 1207# ------------- 1208# A wildmat pattern specifying a list of origin URIs ( scheme "://" 1209# host [ ":" port ] ) that are allowed to make Cross-Origin Resource 1210# Sharing (CORS) requests on the server. By default, CORS requests 1211# are disabled. 1212# # 1213# Note that the scheme and host should both be lowercase, the port 1214# should be omitted if using the default for the scheme (80 for http, 1215# 443 for https), and there should be no trailing '/' (e.g.: 1216# "http://www.example.com:8080", "https://example.org"). 1217#httpallowcors: <none> 1218 1219# Httpallowtrace 1220# -------------- 1221# Allow use of the TRACE method. 1222# # 1223# Note that sensitive data might be disclosed by the response. 1224#httpallowtrace: 0 1225 1226# Httpallowedurls 1227# --------------- 1228# Space-separated list of relative URLs (paths) rooted at 1229# "httpdocroot" (see below) to be served by httpd. If set, this 1230# option will limit served static content to only those paths specified 1231# (returning "404 Not Found" to any other client requested URLs). 1232# Otherwise, httpd will serve any content found in "httpdocroot". 1233# # 1234# Note that any path specified by "rss_feedlist_template" is an 1235# exception to this rule. 1236#httpallowedurls: <none> 1237 1238# Httpcontentmd5 1239# -------------- 1240# If enabled, HTTP responses will include a Content-MD5 header for 1241# the purpose of providing an end-to-end message integrity check 1242# (MIC) of the payload body. Note that enabling this option will 1243# use additional CPU to generate the MD5 digest, which may be ignored 1244# by clients anyways. 1245#httpcontentmd5: 0 1246 1247# Httpdocroot 1248# ----------- 1249# If set, http will serve the static content (html/text/jpeg/gif 1250# files, etc) rooted at this directory. Otherwise, httpd will not 1251# serve any static content. 1252#httpdocroot: <none> 1253 1254# Httpkeepalive 1255# ------------- 1256# Set the length of the HTTP server's keepalive heartbeat. The 1257# default is 20 seconds. The minimum value is 0, which will disable 1258# the keepalive heartbeat. When enabled, if a request takes longer 1259# than httpkeepalive to process, the server will send the client 1260# provisional responses every httpkeepalive until the final 1261# response can be sent. 1262# # 1263# For backward compatibility, if no unit is specified, seconds is 1264# assumed. 1265#httpkeepalive: 20s 1266 1267# Httpmodules 1268# ----------- 1269# Space-separated list of HTTP modules that will be enabled in 1270# httpd(8). This option has no effect on modules that are disabled 1271# at compile time due to missing dependencies (e.g. libical). 1272# # 1273# Note that "domainkey" depends on "ischedule" being enabled, and 1274# that both "freebusy" and "ischedule" depend on "caldav" being 1275# enabled. 1276# Allowed values: admin, caldav, carddav, cgi, domainkey, freebusy, ischedule, jmap, prometheus, rss, tzdist, webdav 1277#httpmodules: <empty string> 1278 1279# Httpprettytelemetry 1280# ------------------- 1281# If enabled, HTTP response payloads including server-generated 1282# markup languages (HTML, XML) will utilize line breaks and 1283# indentation to promote better human-readability in telemetry logs. 1284# Note that enabling this option will increase the amount of data 1285# sent across the wire. 1286#httpprettytelemetry: 0 1287 1288# Httptimeout 1289# ----------- 1290# Set the length of the HTTP server's inactivity autologout timer. 1291# The default is 5 minutes. The minimum value is 0, which will 1292# disable persistent connections. 1293# # 1294# For backwards compatibility, if no unit is specified, minutes 1295# is assumed. 1296#httptimeout: 5m 1297 1298# Idlesocket 1299# ---------- 1300# Unix domain socket that idled listens on. 1301#idlesocket: {configdirectory}/socket/idle 1302 1303# Ignorereference 1304# --------------- 1305# For backwards compatibility with Cyrus 1.5.10 and earlier -- ignore 1306# the reference argument in LIST or LSUB commands. 1307#ignorereference: 0 1308 1309# Imapidlepoll 1310# ------------ 1311# The interval for polling for mailbox changes and ALERTs while running 1312# the IDLE command. This option is used when idled is not enabled or 1313# cannot be contacted. The minimum value is 1 second. A value of 0 1314# will disable IDLE. 1315# # 1316# For backward compatibility, if no unit is specified, seconds is 1317# assumed. 1318#imapidlepoll: 60s 1319 1320# Imapidresponse 1321# -------------- 1322# If enabled, the server responds to an ID command with a parameter 1323# list containing: version, vendor, support-url, os, os-version, 1324# command, arguments, environment. Otherwise the server returns NIL. 1325#imapidresponse: 1 1326 1327# Imapmagicplus 1328# ------------- 1329# Only list a restricted set of mailboxes via IMAP by using 1330# userid+namespace syntax as the authentication/authorization id. 1331# Using userid+ (with an empty namespace) will list only subscribed 1332# mailboxes. 1333#imapmagicplus: 0 1334 1335# Imipnotifier 1336# ------------ 1337# Notifyd(8) method to use for "IMIP" notifications which are based on 1338# the RFC 6047. If not set, "IMIP" notifications are disabled. 1339#imipnotifier: <none> 1340 1341# Implicit_owner_rights 1342# --------------------- 1343# The implicit Access Control List (ACL) for the owner of a mailbox. 1344#implicit_owner_rights: lkxan 1345 1346# @include 1347# -------- 1348# Directive which includes the specified file as part of the 1349# configuration. If the path to the file is not absolute, CYRUS_PATH 1350# is prepended. 1351#@include: <none> 1352 1353# Improved_mboxlist_sort 1354# ---------------------- 1355# If enabled, a special comparator will be used which will correctly 1356# sort mailbox names that contain characters such as ' ' and '-'. 1357# # 1358# Note that this option SHOULD NOT be changed on a live system. The 1359# mailboxes database should be dumped (ctl_mboxlist) before the 1360# option is changed, removed, and then undumped after changing the 1361# option. When not using flat files for the subscriptions databases 1362# the same has to be done (cyr_dbtool) for each subscription database 1363# See improved_mboxlist_sort.html. 1364#improved_mboxlist_sort: 0 1365 1366# Jmap_emailsearch_db_path 1367# ------------------------ 1368# The absolute path to the JMAP email search cache file. If not 1369# specified, JMAP Email/query and Email/queryChanges will not 1370# cache email search results. 1371#jmap_emailsearch_db_path: <none> 1372 1373# Jmap_preview_annot 1374# ------------------ 1375# The name of the per-message annotation, if any, to store message 1376# previews. 1377#jmap_preview_annot: <none> 1378 1379# Jmap_imagesize_annot 1380# -------------------- 1381# The name of the per-message annotation, if any, that stores a 1382# JSON object, mapping message part numbers of MIME image types 1383# to an array of their image dimensions. The array must have at 1384# least two entries, where the first entry denotes the width 1385# and the second entry the height of the image. Any additional 1386# values are ignored. 1387 1388# For example, if message part 1.2 contains an image of width 300 1389# and height 200, then the value of this annotation would be: 1390 1391# { "1.2" : [ 300, 200 ] } 1392 1393#jmap_imagesize_annot: <none> 1394 1395# Jmap_inlinedcids_annot 1396# ---------------------- 1397# The name of the per-message annotation, if any, that stores a 1398# JSON object, mapping RFC2392 Content-IDs referenced in HTML bodies 1399# to the respective HTML body part number. 1400 1401# For example, if message part 1.2 contains HTML and references an 1402# inlined image at "cid:foo", then the value of this annotation 1403# would be: 1404 1405# { "<foo>" : "1.2" } 1406 1407# Note that the Content-ID key must be URL-unescaped and enclosed in 1408# angular brackets, as defined in RFC2392. 1409#jmap_inlinedcids_annot: <none> 1410 1411# Jmap_preview_length 1412# ------------------- 1413# The maximum byte length of dynamically generated message previews. Previews 1414# stored in jmap_preview_annot take precedence. 1415#jmap_preview_length: 64 1416 1417# Jmap_max_size_upload 1418# -------------------- 1419# The maximum size (in kilobytes) that the JMAP API accepts 1420# for blob uploads. Returned as the maxSizeUpload property 1421# value of the JMAP \"urn:ietf:params:jmap:core\" capabilities object. 1422# Default is 1Gb. 1423#jmap_max_size_upload: 1048576 1424 1425# Jmap_max_concurrent_upload 1426# -------------------------- 1427# The value to return for the maxConcurrentUpload property of 1428# the JMAP \"urn:ietf:params:jmap:core\" capabilities object. The Cyrus JMAP 1429# implementation does not enforce this rate-limit. 1430#jmap_max_concurrent_upload: 5 1431 1432# Jmap_max_size_request 1433# --------------------- 1434# The maximum size (in kilobytes) that the JMAP API accepts 1435# for requests at the API endpoint. Returned as the 1436# maxSizeRequest property value of the JMAP \"urn:ietf:params:jmap:core\" 1437# capabilities object. Default is 10Mb. 1438#jmap_max_size_request: 10240 1439 1440# Jmap_max_concurrent_requests 1441# ---------------------------- 1442# The value to return for the maxConcurrentRequests property of 1443# the JMAP \"urn:ietf:params:jmap:core\" capabilities object. The Cyrus JMAP 1444# implementation does not enforce this rate-limit. 1445#jmap_max_concurrent_requests: 5 1446 1447# Jmap_max_calls_in_request 1448# ------------------------- 1449# The maximum number of calls per JMAP request object. 1450# Returned as the maxCallsInRequest property value of the 1451# JMAP \"urn:ietf:params:jmap:core\" capabilities object. 1452#jmap_max_calls_in_request: 50 1453 1454# Jmap_max_delayed_send 1455# --------------------- 1456# The value to return for the maxDelayedSend property of 1457# the JMAP \"urn:ietf:params:jmap:emailsubmission\" capabilities object. 1458# The Cyrus JMAP implementation does not enforce this limit. 1459# # 1460# For backward compatibility, if no unit is specified, seconds is 1461# assumed. 1462#jmap_max_delayed_send: 512d 1463 1464# Jmap_max_objects_in_get 1465# ----------------------- 1466# The maximum number of ids that a JMAP client may request in 1467# a single \"/get\" type method call. The actual number 1468# of returned objects in the response may exceed this number 1469# if the JMAP object type supports unbounded \"/get\" calls. 1470# Returned as the maxObjectsInGet property value of the 1471# JMAP \"urn:ietf:params:jmap:core\" capabilities object. 1472#jmap_max_objects_in_get: 4096 1473 1474# Jmap_max_objects_in_set 1475# ----------------------- 1476# The maximum number of objects a JMAP client may send to create, 1477# update or destroy in a single /set type method call. 1478# Returned as the maxObjectsInSet property value of the 1479# JMAP \"urn:ietf:params:jmap:core\" capabilities object. 1480#jmap_max_objects_in_set: 4096 1481 1482# Jmap_mail_max_size_attachments_per_email 1483# ---------------------------------------- 1484# The value (in kilobytes) to return for the maxSizeAttachmentsPerEmail 1485# property of the JMAP \"urn:ietf:params:jmap:mail\" capabilities object. The Cyrus 1486# JMAP implementation does not enforce this size limit. Default is 10 Mb. 1487#jmap_mail_max_size_attachments_per_email: 10240 1488 1489# Jmap_nonstandard_extensions 1490# --------------------------- 1491# If enabled, support non-standard JMAP extensions. If not enabled, 1492# only IETF standard JMAP functionality is supported. 1493#jmap_nonstandard_extensions: 0 1494 1495# Jmap_set_has_attachment 1496# ----------------------- 1497# If enabled, the $hasAttachment flag is determined and set for new messages 1498# created with the JMAP Email/set or Email/import methods. This option should 1499# typically be enabled, but installations using Cyrus-external message 1500# annatotors to determine the $hasAttachment flag might want to disable it. 1501#jmap_set_has_attachment: 1 1502 1503# Jmap_vacation 1504# ------------- 1505# If enabled, support the JMAP vacation extension 1506#jmap_vacation: 1 1507 1508# Jmapuploadfolder 1509# ---------------- 1510# the name of the folder for JMAP uploads (#jmap) 1511#jmapuploadfolder: #jmap 1512 1513# Jmapsubmission_deleteonsend 1514# --------------------------- 1515# If enabled (the default) then delete the EmailSubmission as soon as the email 1516# * has been sent 1517#jmapsubmission_deleteonsend: 1 1518 1519# Jmapsubmissionfolder 1520# -------------------- 1521# the name of the folder for JMAP Submissions (#jmapsubmission) 1522#jmapsubmissionfolder: #jmapsubmission 1523 1524# Jmappushsubscriptionfolder 1525# -------------------------- 1526# the name of the folder for JMAP Push Subscriptions (#jmappushsubscription) 1527#jmappushsubscriptionfolder: #jmappushsubscription 1528 1529# Iolog 1530# ----- 1531# Should cyrus output I/O log entries 1532#iolog: 0 1533 1534# Ldap_authz 1535# ---------- 1536# SASL authorization ID for the LDAP server 1537#ldap_authz: <none> 1538 1539# Ldap_base 1540# --------- 1541# Contains the LDAP base dn for the LDAP ptloader module 1542#ldap_base: <empty string> 1543 1544# Ldap_bind_dn 1545# ------------ 1546# Bind DN for the connection to the LDAP server (simple bind). 1547# Do not use for anonymous simple binds 1548#ldap_bind_dn: <none> 1549 1550# Ldap_deref 1551# ---------- 1552# Specify how aliases dereferencing is handled during search. 1553# Allowed values: search, find, always, never 1554#ldap_deref: never 1555 1556# Ldap_domain_base_dn 1557# ------------------- 1558# Base DN to search for domain name spaces. 1559#ldap_domain_base_dn: <empty string> 1560 1561# Ldap_domain_filter 1562# ------------------ 1563# Filter to use searching for domains 1564#ldap_domain_filter: (&(objectclass=domainrelatedobject)(associateddomain=%s)) 1565 1566# Ldap_domain_name_attribute 1567# -------------------------- 1568# The attribute name for domains. 1569#ldap_domain_name_attribute: associateddomain 1570 1571# Ldap_domain_scope 1572# ----------------- 1573# Search scope 1574# Allowed values: sub, one, base 1575#ldap_domain_scope: sub 1576 1577# Ldap_domain_result_attribute 1578# ---------------------------- 1579# Result attribute 1580#ldap_domain_result_attribute: inetdomainbasedn 1581 1582# Ldap_filter 1583# ----------- 1584# Specify a filter that searches user identifiers. The following tokens can be 1585# used in the filter string: 1586 1587# %% = % 1588# %u = user 1589# %U = user portion of %u (%U = test when %u = test@domain.tld) 1590# %d = domain portion of %u if available (%d = domain.tld when %u = 1591# test@domain.tld), otherwise same as %R 1592# %R = domain portion of %u starting with @ (%R = @domain.tld 1593# when %u = test@domain.tld) 1594# %D = user dn. (use when ldap_member_method: filter) 1595# %1-9 = domain tokens (%1 = tld, %2 = domain when %d = domain.tld) 1596 1597# ldap_filter is not used when ldap_sasl is enabled. 1598#ldap_filter: (uid=%u) 1599 1600# Ldap_group_base 1601# --------------- 1602# LDAP base dn for ldap_group_filter. 1603#ldap_group_base: <empty string> 1604 1605# Ldap_group_filter 1606# ----------------- 1607# Specify a filter that searches for group identifiers. 1608# See ldap_filter for more options. 1609#ldap_group_filter: (cn=%u) 1610 1611# Ldap_group_scope 1612# ---------------- 1613# Specify search scope for ldap_group_filter. 1614# Allowed values: sub, one, base 1615#ldap_group_scope: sub 1616 1617# Ldap_id 1618# ------- 1619# SASL authentication ID for the LDAP server 1620#ldap_id: <none> 1621 1622# Ldap_mech 1623# --------- 1624# SASL mechanism for LDAP authentication 1625#ldap_mech: <none> 1626 1627# Ldap_user_attribute 1628# ------------------- 1629# Specify LDAP attribute to use as canonical user id 1630#ldap_user_attribute: <none> 1631 1632# Ldap_member_attribute 1633# --------------------- 1634# See ldap_member_method. 1635#ldap_member_attribute: <none> 1636 1637# Ldap_member_base 1638# ---------------- 1639# LDAP base dn for ldap_member_filter. 1640#ldap_member_base: <empty string> 1641 1642# Ldap_member_filter 1643# ------------------ 1644# Specify a filter for "ldap_member_method: filter". 1645# See ldap_filter for more options. 1646#ldap_member_filter: (member=%D) 1647 1648# Ldap_member_method 1649# ------------------ 1650# Specify a group method. The "attribute" method retrieves groups from 1651# a multi-valued attribute specified in ldap_member_attribute. 1652 1653# The "filter" method uses a filter, specified by ldap_member_filter, to find 1654# groups; ldap_member_attribute is a single-value attribute group name. 1655# Allowed values: attribute, filter 1656#ldap_member_method: attribute 1657 1658# Ldap_member_scope 1659# ----------------- 1660# Specify search scope for ldap_member_filter. 1661# Allowed values: sub, one, base 1662#ldap_member_scope: sub 1663 1664# Ldap_password 1665# ------------- 1666# Password for the connection to the LDAP server (SASL and simple bind). 1667# Do not use for anonymous simple binds 1668#ldap_password: <none> 1669 1670# Ldap_realm 1671# ---------- 1672# SASL realm for LDAP authentication 1673#ldap_realm: <none> 1674 1675# Ldap_referrals 1676# -------------- 1677# Specify whether or not the client should follow referrals. 1678#ldap_referrals: 0 1679 1680# Ldap_restart 1681# ------------ 1682# Specify whether or not LDAP I/O operations are automatically restarted 1683# if they abort prematurely. 1684#ldap_restart: 1 1685 1686# Ldap_sasl 1687# --------- 1688# Use SASL for LDAP binds in the LDAP PTS module. 1689#ldap_sasl: 1 1690 1691# Ldap_sasl_authc 1692# --------------- 1693# Deprecated. Use ldap_id 1694#ldap_sasl_authc: <none> 1695 1696# Ldap_sasl_authz 1697# --------------- 1698# Deprecated. Use ldap_authz 1699#ldap_sasl_authz: <none> 1700 1701# Ldap_sasl_mech 1702# -------------- 1703# Deprecated. Use ldap_mech 1704#ldap_sasl_mech: <none> 1705 1706# Ldap_sasl_password 1707# ------------------ 1708# Deprecated. User ldap_password 1709#ldap_sasl_password: <none> 1710 1711# Ldap_sasl_realm 1712# --------------- 1713# Deprecated. Use ldap_realm 1714#ldap_sasl_realm: <none> 1715 1716# Ldap_scope 1717# ---------- 1718# Specify search scope. 1719# Allowed values: sub, one, base 1720#ldap_scope: sub 1721 1722# Ldap_servers 1723# ------------ 1724# Deprecated. Use ldap_uri 1725#ldap_servers: ldap://localhost/ 1726 1727# Ldap_size_limit 1728# --------------- 1729# Specify a number of entries for a search request to return. 1730#ldap_size_limit: 1 1731 1732# Ldap_start_tls 1733# -------------- 1734# Use transport layer security for ldap:// using STARTTLS. Do not use 1735# ldaps:// in 'ldap_uri' with this option enabled. 1736#ldap_start_tls: 0 1737 1738# Ldap_time_limit 1739# --------------- 1740# How long to wait for a search request to complete. 1741# # 1742# For backward compatibility, if no unit is specified, seconds is 1743# assumed. 1744#ldap_time_limit: 5s 1745 1746# Ldap_timeout 1747# ------------ 1748# How long a search can take before timing out. 1749# # 1750# For backward compatibility, if no unit is specified, seconds is 1751# assumed. 1752#ldap_timeout: 5s 1753 1754# Ldap_ca_dir 1755# ----------- 1756# Path to a directory with CA (Certificate Authority) certificates. 1757#ldap_ca_dir: <none> 1758 1759# Ldap_ca_file 1760# ------------ 1761# Path to a file containing CA (Certificate Authority) certificate(s). 1762#ldap_ca_file: <none> 1763 1764# Ldap_ciphers 1765# ------------ 1766# List of SSL/TLS ciphers to allow. The format of the string is 1767# described in ciphers(1). 1768#ldap_ciphers: <none> 1769 1770# Ldap_client_cert 1771# ---------------- 1772# File containing the client certificate. 1773#ldap_client_cert: <none> 1774 1775# Ldap_client_key 1776# --------------- 1777# File containing the private client key. 1778#ldap_client_key: <none> 1779 1780# Ldap_verify_peer 1781# ---------------- 1782# Require and verify server certificate. If this option is yes, 1783# you must specify ldap_ca_file or ldap_ca_dir. 1784#ldap_verify_peer: 0 1785 1786# Ldap_tls_cacert_dir 1787# ------------------- 1788# Deprecated in favor of ldap_ca_dir. 1789#ldap_tls_cacert_dir: <none> 1790 1791# Ldap_tls_cacert_file 1792# -------------------- 1793# Deprecated in favor of ldap_ca_file. 1794#ldap_tls_cacert_file: <none> 1795 1796# Ldap_tls_cert 1797# ------------- 1798# Deprecated in favor of ldap_client_cert. 1799#ldap_tls_cert: <none> 1800 1801# Ldap_tls_key 1802# ------------ 1803# Deprecated in favor of ldap_client_key. 1804#ldap_tls_key: <none> 1805 1806# Ldap_tls_check_peer 1807# ------------------- 1808# Deprecated in favor of ldap_verify_peer. 1809#ldap_tls_check_peer: 0 1810 1811# Ldap_tls_ciphers 1812# ---------------- 1813# Deprecated in favor of ldap_ciphers. 1814#ldap_tls_ciphers: <none> 1815 1816# Ldap_uri 1817# -------- 1818# Contains a list of the URLs of all the LDAP servers when using the 1819# LDAP PTS module. 1820#ldap_uri: <none> 1821 1822# Ldap_version 1823# ------------ 1824# Specify the LDAP protocol version. If ldap_start_tls and/or 1825# ldap_use_sasl are enabled, ldap_version will be automatically 1826# set to 3. 1827#ldap_version: 3 1828 1829# Literalminus 1830# ------------ 1831# if enabled, CAPABILITIES will reply with LITERAL- rather than 1832# LITERAL+ (RFC 7888). Doesn't actually size-restrict uploads though 1833#literalminus: 0 1834 1835# Lmtp_downcase_rcpt 1836# ------------------ 1837# If enabled, lmtpd will convert the recipient addresses to lowercase 1838# (up to a '+' character, if present). 1839#lmtp_downcase_rcpt: 1 1840 1841# Lmtp_exclude_specialuse 1842# ----------------------- 1843# Don't allow delivery to folders with given special-use attributes. 1844# # 1845# Note that "snoozing" of emails can currently only be done via the 1846# JMAP protocol, so delivery directly to the \Snoozed mailbox is 1847# prohibited by default as it will not be moved back into INBOX 1848# automatically. 1849#lmtp_exclude_specialuse: \\Snoozed 1850 1851# Lmtp_fuzzy_mailbox_match 1852# ------------------------ 1853# If enabled, and the mailbox specified in the detail part of the 1854# recipient (everything after the '+') does not exist, lmtpd will try 1855# to find the closest match (ignoring case, ignoring whitespace, 1856# falling back to parent) to the specified mailbox name. 1857#lmtp_fuzzy_mailbox_match: 0 1858 1859# Lmtp_over_quota_perm_failure 1860# ---------------------------- 1861# If enabled, lmtpd returns a permanent failure code when a user's 1862# mailbox is over quota. By default, the failure is temporary, 1863# causing the MTA to queue the message and retry later. 1864#lmtp_over_quota_perm_failure: 0 1865 1866# Lmtp_strict_quota 1867# ----------------- 1868# If enabled, lmtpd returns a failure code when the incoming message 1869# will cause the user's mailbox to exceed its quota. By default, the 1870# failure won't occur until the mailbox is already over quota. 1871#lmtp_strict_quota: 0 1872 1873# Lmtp_strict_rfc2821 1874# ------------------- 1875# By default, lmtpd will be strict (per RFC 2821) with regards to which 1876# envelope addresses are allowed. If this option is set to false, 8bit 1877# characters in the local-part of envelope addresses are changed to 'X' 1878# instead. This is useful to avoid generating backscatter with 1879# certain MTAs like Postfix or Exim which accept such messages. 1880#lmtp_strict_rfc2821: 1 1881 1882# Lmtpsocket 1883# ---------- 1884# Unix domain socket that lmtpd listens on, used by deliver(8). This should 1885# match the path specified in cyrus.conf(5). 1886#lmtpsocket: {configdirectory}/socket/lmtp 1887 1888# Lmtptxn_timeout 1889# --------------- 1890# Timeout used during a lmtp transaction to a remote backend (e.g. in a 1891# murder environment). Can be used to prevent hung lmtpds on proxy hosts 1892# when a backend server becomes unresponsive during a lmtp transaction. 1893# The default is 5 minutes - change to zero for infinite. 1894# # 1895# For backward compatibility, if no unit is specified, seconds is 1896# assumed. 1897#lmtptxn_timeout: 5m 1898 1899# Lock_debugtime 1900# -------------- 1901# A floating point number of seconds. If set, time how long we wait for 1902# any lock, and syslog the filename and time if it's longer than this 1903# value. The default of NULL means not to time locks. 1904#lock_debugtime: <none> 1905 1906# Loginrealms 1907# ----------- 1908# The list of remote realms whose users may authenticate using cross-realm 1909# authentication identifiers. Separate each realm name by a space. (A 1910# cross-realm identity is considered any identity returned by SASL 1911# with an "@" in it.). 1912#loginrealms: <empty string> 1913 1914# Loginuseacl 1915# ----------- 1916# If enabled, any authentication identity which has a rights on a 1917# user's INBOX may log in as that user. 1918#loginuseacl: 0 1919 1920# Logtimestamps 1921# ------------- 1922# Include notations in the protocol telemetry logs indicating the number of 1923# seconds since the last command or response. 1924#logtimestamps: 0 1925 1926# Mailbox_default_options 1927# ----------------------- 1928# Default "options" field for the mailbox on create. You'll want to know 1929# what you're doing before setting this, but it can apply some default 1930# annotations like duplicate suppression 1931#mailbox_default_options: 0 1932 1933# Mailbox_initial_flags 1934# --------------------- 1935# space-separated list of permanent flags which will be pre-set in every 1936# newly created mailbox. If you know you will require particular 1937# flag names then this avoids a possible race condition against a client 1938# that fills the entire 128 available slots. Default is NULL, which is 1939# no flags. Example: $Label1 $Label2 $Label3 NotSpam Spam 1940#mailbox_initial_flags: <none> 1941 1942# Mailnotifier 1943# ------------ 1944# Notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL" 1945# notifications are disabled. 1946#mailnotifier: <none> 1947 1948# Master_bind_errors_fatal 1949# ------------------------ 1950# If enabled, failure to bind a port during startup is treated as a fatal 1951# error, causing master to shut down immediately. The default is to keep 1952# running, with the affected service disabled until the next SIGHUP causes 1953# it to retry. 1954# # 1955# Note that this only applies during startup. New services that fail to 1956# come up in response to a reconfig+SIGHUP will just be logged and disabled 1957# like the default behaviour, without causing master to exit. 1958#master_bind_errors_fatal: 0 1959 1960# Maxheaderlines 1961# -------------- 1962# Maximum number of lines of header that will be processed into cache 1963# records. Default 1000. If set to zero, it is unlimited. 1964# If a message hits the limit, an error will be logged and the rest of 1965# the lines in the header will be skipped. This is to avoid malformed 1966# messages causing giant cache records 1967#maxheaderlines: 1000 1968 1969# Maxlogins_per_host 1970# ------------------ 1971# Maximum number of logged in sessions allowed per host, 1972# zero means no limit 1973#maxlogins_per_host: 0 1974 1975# Maxlogins_per_user 1976# ------------------ 1977# Maximum number of logged in sessions allowed per user, 1978# zero means no limit 1979#maxlogins_per_user: 0 1980 1981# Maxmessagesize 1982# -------------- 1983# Maximum incoming LMTP message size. If non-zero, lmtpd will reject 1984# messages larger than maxmessagesize bytes. If set to 0, this 1985# will allow messages of any size (the default). 1986#maxmessagesize: 0 1987 1988# Maxquoted 1989# --------- 1990# Maximum size of a single quoted string for the parser. Default 128k 1991#maxquoted: 131072 1992 1993# Maxword 1994# ------- 1995# Maximum size of a single word for the parser. Default 128k 1996#maxword: 131072 1997 1998# Mboxkey_db 1999# ---------- 2000# The cyrusdb backend to use for mailbox keys. 2001# Allowed values: skiplist, twoskip, zeroskip 2002#mboxkey_db: twoskip 2003 2004# Mboxlist_db 2005# ----------- 2006# The cyrusdb backend to use for the mailbox list. 2007# Allowed values: flat, skiplist, sql, twoskip, zeroskip 2008#mboxlist_db: twoskip 2009 2010# Mboxlist_db_path 2011# ---------------- 2012# The absolute path to the mailboxes db file. If not specified 2013# will be configdirectory/mailboxes.db 2014#mboxlist_db_path: <none> 2015 2016# Mboxname_lockpath 2017# ----------------- 2018# Path to mailbox name lock files (default $conf/lock) 2019#mboxname_lockpath: <none> 2020 2021# Metapartition_files 2022# ------------------- 2023# Space-separated list of metadata files to be stored on a 2024# metapartition rather than in the mailbox directory on a spool 2025# partition. 2026# Allowed values: header, index, cache, expunge, squat, annotations, lock, dav, archivecache 2027#metapartition_files: <empty string> 2028 2029# Metapartition-name 2030# ------------------ 2031# The pathname of the metadata partition name, corresponding to 2032# spool partition partition-name. For any mailbox residing in 2033# a directory on partition-name, the metadata files listed in 2034# metapartition_files will be stored in a corresponding directory on 2035# metapartition-name. Note that not every 2036# partition-name option is required to have a corresponding 2037# metapartition-name option, so that you can selectively choose 2038# which spool partitions will have separate metadata partitions. 2039#metapartition-name: <none> 2040 2041# Mupdate_authname 2042# ---------------- 2043# The SASL username (Authentication Name) to use when authenticating to the 2044# mupdate server (if needed). 2045#mupdate_authname: <none> 2046 2047# Mupdate_config 2048# -------------- 2049# The configuration of the mupdate servers in the Cyrus Murder. 2050# The "standard" config is one in which there are discreet frontend 2051# (proxy) and backend servers. The "unified" config is one in which 2052# a server can be both a frontend and backend. The "replicated" 2053# config is one in which multiple backend servers all share the same 2054# mailspool, but each have their own "replicated" copy of 2055# mailboxes.db. 2056# Allowed values: standard, unified, replicated 2057#mupdate_config: standard 2058 2059# Munge8bit 2060# --------- 2061# If enabled, lmtpd munges messages with 8-bit characters in the 2062# headers. The 8-bit characters are changed to `X'. If 2063# reject8bit is enabled, setting munge8bit has no effect. 2064# (A proper solution to non-ASCII characters in headers is offered by 2065# RFC 2047 and its predecessors.) 2066#munge8bit: 1 2067 2068# Mupdate_connections_max 2069# ----------------------- 2070# The max number of connections that a mupdate process will allow, this 2071# is related to the number of file descriptors in the mupdate process. 2072# Beyond this number connections will be immediately issued a BYE response. 2073#mupdate_connections_max: 128 2074 2075# Mupdate_password 2076# ---------------- 2077# The SASL password (if needed) to use when authenticating to the 2078# mupdate server. 2079#mupdate_password: <none> 2080 2081# Mupdate_port 2082# ------------ 2083# The port of the mupdate server for the Cyrus Murder 2084#mupdate_port: 3905 2085 2086# Mupdate_realm 2087# ------------- 2088# The SASL realm (if needed) to use when authenticating to the mupdate 2089# server. 2090#mupdate_realm: <none> 2091 2092# Mupdate_retry_delay 2093# ------------------- 2094# The base time to wait between connection retries to the mupdate server. 2095#mupdate_retry_delay: 20 2096 2097# Mupdate_server 2098# -------------- 2099# The mupdate server for the Cyrus Murder 2100#mupdate_server: <none> 2101 2102# Mupdate_username 2103# ---------------- 2104# The SASL username (Authorization Name) to use when authenticating to 2105# the mupdate server 2106#mupdate_username: <empty string> 2107 2108# Mupdate_workers_max 2109# ------------------- 2110# The maximum number of mupdate worker threads (overall) 2111#mupdate_workers_max: 50 2112 2113# Mupdate_workers_maxspare 2114# ------------------------ 2115# The maximum number of idle mupdate worker threads 2116#mupdate_workers_maxspare: 10 2117 2118# Mupdate_workers_minspare 2119# ------------------------ 2120# The minimum number of idle mupdate worker threads 2121#mupdate_workers_minspare: 2 2122 2123# Mupdate_workers_start 2124# --------------------- 2125# The number of mupdate worker threads to start 2126#mupdate_workers_start: 5 2127 2128# Netscapeurl 2129# ----------- 2130# If enabled at compile time, this specifies a URL to reply when 2131# Netscape asks the server where the mail administration HTTP server 2132# is. Administrators should set this to a local resource. 2133#netscapeurl: <none> 2134 2135# Newsaddheaders 2136# -------------- 2137# Space-separated list of headers to be added to incoming usenet 2138# articles. Added To: headers will contain email 2139# delivery addresses corresponding to each newsgroup in the 2140# Newsgroups: header. Added Reply-To: headers will 2141# contain email delivery addresses corresponding to each newsgroup in 2142# the Followup-To: or Newsgroups: header. If the 2143# specified header(s) already exist in an article, the email 2144# delivery addresses will be appended to the original header body(s). 2145# This option applies if and only if the newspostuser option is 2146# set. 2147# Allowed values: to, replyto 2148#newsaddheaders: to 2149 2150# Newsgroups 2151# ---------- 2152# A wildmat pattern specifying which mailbox hierarchies should be 2153# treated as newsgroups. Only mailboxes matching the wildmat will 2154# accept and/or serve articles via NNTP. If not set, a default 2155# wildmat of "*" (ALL shared mailboxes) will be used. If the 2156# newsprefix option is also set, the default wildmat will be 2157# translated to "<newsprefix>.*" 2158#newsgroups: * 2159 2160# Newsmaster 2161# ---------- 2162# Userid that is used for checking access controls when executing 2163# Usenet control messages. For instance, to allow articles to be 2164# automatically deleted by cancel messages, give the "news" user 2165# the 'd' right on the desired mailboxes. To allow newsgroups to be 2166# automatically created, deleted and renamed by the corresponding 2167# control messages, give the "news" user the 'c' right on the desired 2168# mailbox hierarchies. 2169#newsmaster: news 2170 2171# Newspeer 2172# -------- 2173# A list of whitespace-separated news server specifications to which 2174# articles should be fed. Each server specification is a string of 2175# the form [user[:pass]@]host[:port][/wildmat] where 'host' is the fully 2176# qualified hostname of the server, 'port' is the port on which the 2177# server is listening, 'user' and 'pass' are the authentication 2178# credentials and 'wildmat' is a pattern that specifies which groups 2179# should be fed. If no 'port' is specified, port 119 is used. If 2180# no 'wildmat' is specified, all groups are fed. If 'user' is specified 2181# (even if empty), then the NNTP POST command will be used to feed 2182# the article to the server, otherwise the IHAVE command will be 2183# used. 2184# A '@' may be used in place of '!' in the wildmat to prevent feeding 2185# articles cross-posted to the given group, otherwise cross-posted 2186# articles are fed if any part of the wildmat matches. For example, 2187# the string "peer.example.com:*,!control.*,@local.*" would feed all 2188# groups except control messages and local groups to 2189# peer.example.com. In the case of cross-posting to local groups, 2190# these articles would not be fed. 2191#newspeer: <none> 2192 2193# Newspostuser 2194# ------------ 2195# Userid used to deliver usenet articles to newsgroup folders 2196# (usually via lmtp2nntp). For example, if set to "post", email sent 2197# to "post+comp.mail.imap" would be delivered to the "comp.mail.imap" 2198# folder. 2199# When set, the Cyrus NNTP server will add the header(s) specified in 2200# the newsaddheaders option to each incoming usenet article. 2201# The added header(s) will contain email delivery addresses 2202# corresponding to each relevant newsgroup. If not set, no headers 2203# are added to usenet articles. 2204#newspostuser: <none> 2205 2206# Newsprefix 2207# ---------- 2208# Prefix to be prepended to newsgroup names to make the corresponding 2209# IMAP mailbox names. 2210#newsprefix: <none> 2211 2212# Newsrc_db_path 2213# -------------- 2214# The absolute path to the newsrc db file. If not specified, 2215# will be configdirectory/fetchnews.db 2216#newsrc_db_path: <none> 2217 2218# Nntptimeout 2219# ----------- 2220# Set the length of the NNTP server's inactivity autologout timer. 2221# The minimum value is 3 minutes, also the default. 2222# # 2223# For backward compatibility, if no unit is specified, minutes is 2224# assumed. 2225#nntptimeout: 3m 2226 2227# Notesmailbox 2228# ------------ 2229# The top level mailbox in each user's account which is used to store 2230# * Apple-style Notes. Default is blank (disabled) 2231#notesmailbox: <none> 2232 2233# Notifysocket 2234# ------------ 2235# Unix domain socket that the mail notification daemon listens on. 2236#notifysocket: {configdirectory}/socket/notify 2237 2238# Notify_external 2239# --------------- 2240# Path to the external program that notifyd(8) will call to send mail 2241# notifications. 2242# # 2243# The external program will be called with the following 2244# command line options: 2245 2246# .. option:: -c class 2247# .. option:: -p priority 2248# .. option:: -u user 2249# .. option:: -m mailbox 2250# # 2251# And the notification message will be available on stdin. 2252 2253#notify_external: <none> 2254 2255# Partition-name 2256# -------------- 2257# The pathname of the partition name. At least one partition 2258# pathname MUST be specified. If the defaultpartition option is 2259# used, then its pathname MUST be specified. For example, if the 2260# value of the defaultpartion option is part1, then the 2261# partition-part1 field is required. 2262#partition-name: <none> 2263 2264# Partition_select_mode 2265# --------------------- 2266# Partition selection mode. 2267# # 2268# random 2269# (pseudo-)random selection 2270# freespace-most 2271# partition with the most free space (KiB) 2272# freespace-percent-most 2273# partition with the most free space (%) 2274# freespace-percent-weighted 2275# each partition is weighted according to its free space (%); the more free space 2276# the partition has, the more chances it has to be selected 2277# freespace-percent-weighted-delta 2278# each partition is weighted according to its difference of free space (%) 2279# compared to the most used partition; the more the partition is lagging behind 2280# the most used partition, the more chances it has to be selected 2281# # 2282# Note that actually even the most used partition has a few chances to be 2283# selected, and those chances increase when other partitions get closer 2284 2285# Allowed values: random, freespace-most, freespace-percent-most, freespace-percent-weighted, freespace-percent-weighted-delta 2286#partition_select_mode: freespace-most 2287 2288# Partition_select_exclude 2289# ------------------------ 2290# List of partitions to exclude from selection mode. 2291#partition_select_exclude: <none> 2292 2293# Partition_select_usage_reinit 2294# ----------------------------- 2295# For a given session, number of operations (e.g. partition selection) 2296# for which partitions usage data are cached. 2297#partition_select_usage_reinit: 0 2298 2299# Partition_select_soft_usage_limit 2300# --------------------------------- 2301# Limit of partition usage (%): if a partition is over that limit, it is 2302# automatically excluded from selection mode. 2303# # 2304# If all partitions are over that limit, this feature is not used anymore. 2305 2306#partition_select_soft_usage_limit: 0 2307 2308# Plaintextloginpause 2309# ------------------- 2310# Time to pause after a successful plaintext login. For systems that 2311# support strong authentication, this permits users to perceive a cost 2312# of using plaintext passwords. (This does not affect the use of PLAIN 2313# in SASL authentications.) 2314# # 2315# For backward compatibility, if no unit is specified, seconds is 2316# assumed. 2317#plaintextloginpause: <none> 2318 2319# Plaintextloginalert 2320# ------------------- 2321# Message to send to client after a successful plaintext login. 2322#plaintextloginalert: <none> 2323 2324# Popexpiretime 2325# ------------- 2326# The duration advertised as being the minimum a message may be 2327# left on the POP server before it is deleted (via the CAPA command, 2328# defined in the POP3 Extension Mechanism, which some clients may 2329# support). This duration has a granularity of whole days, with partial 2330# days truncated (so e.g. "45m" is effectively "0d"). "NEVER", the 2331# default, may be specified with a negative number. 2332# # 2333# The Cyrus POP3 server never deletes mail, no matter what the value of 2334# this parameter is. However, if a site implements a less liberal policy, 2335# it needs to change this parameter accordingly. 2336# # 2337# For backward compatibility, if no unit is specified, days is 2338# assumed. 2339#popexpiretime: -1 2340 2341# Popminpoll 2342# ---------- 2343# Set the minimum amount of time the server forces users to wait 2344# between successive POP logins. 2345# # 2346# For backward compatibility, if no unit is specified, minutes is 2347# assumed. 2348#popminpoll: <none> 2349 2350# Popsubfolders 2351# ------------- 2352# Allow access to subfolders of INBOX via POP3 by using 2353# userid+subfolder syntax as the authentication/authorization id. 2354#popsubfolders: 0 2355 2356# Poppollpadding 2357# -------------- 2358# Create a softer minimum poll restriction. Allows poppollpadding 2359# connections before the minpoll restriction is triggered. Additionally, 2360# one padding entry is recovered every popminpoll minutes. 2361# This allows for the occasional polling rate faster than popminpoll, 2362# (i.e., for clients that require a send/receive to send mail) but still 2363# enforces the rate long-term. Default is 1 (disabled). 2364# The easiest way to think of it is a queue of past connections, with one 2365# slot being filled for every connection, and one slot being cleared 2366# every popminpoll minutes. When the queue is full, the user 2367# will not be able to check mail again until a slot is cleared. If the 2368# user waits a sufficient amount of time, they will get back many or all 2369# of the slots. 2370#poppollpadding: 1 2371 2372# Poptimeout 2373# ---------- 2374# Set the length of the POP server's inactivity autologout timer. 2375# The minimum value is 10 minutes, the default. 2376# # 2377# For backward compatibility, if no unit is specified, minutes is 2378# assumed. 2379#poptimeout: 10m 2380 2381# Popuseacl 2382# --------- 2383# Enforce IMAP ACLs in the pop server. Due to the nature of the POP3 2384# protocol, the only rights which are used by the pop server are 'r', 2385# 't', and 's' for the owner of the mailbox. The 'r' right allows the 2386# user to open the mailbox and list/retrieve messages. The 't' right 2387# allows the user to delete messages. The 's' right allows messages 2388# retrieved by the user to have the \Seen flag set (only if 2389# popuseimapflags is also enabled). 2390#popuseacl: 0 2391 2392# Popuseimapflags 2393# --------------- 2394# If enabled, the pop server will set and obey IMAP flags. Messages 2395# having the \Deleted flag are ignored as if they do not exist. 2396# Messages that are retrieved by the client will have the \Seen flag 2397# set. All messages will have the \Recent flag unset. 2398#popuseimapflags: 0 2399 2400# Postmaster 2401# ---------- 2402# Username that is used as the 'From' address in rejection MDNs produced 2403# by sieve. 2404#postmaster: postmaster 2405 2406# Postspec 2407# -------- 2408# Postuser 2409# -------- 2410#Userid used to deliver messages to shared folders. For example, if 2411#set to "bb", email sent to "bb+shared.blah" would be delivered to 2412#the "shared.blah" folder. By default, an email address of 2413#"+shared.blah" would be used. 2414#postspec: <none> 2415#postuser: <empty string> 2416 2417# Proc_path 2418# --------- 2419# Path to proc directory. Default is NULL - must be an absolute path 2420# if specified. If not specified, the path $configdirectory/proc/ will be 2421# used. 2422#proc_path: <none> 2423 2424# Prometheus_enabled 2425# ------------------ 2426# Whether tracking of service metrics for Prometheus is enabled. 2427#prometheus_enabled: 0 2428 2429# Prometheus_need_auth 2430# -------------------- 2431# Authentication level required to fetch Prometheus metrics. 2432# Allowed values: none, user, admin 2433#prometheus_need_auth: admin 2434 2435# Prometheus_update_freq 2436# ---------------------- 2437# Frequency in at which promstatsd should re-collate its statistics 2438# report. The minimum value is 1 second, the default is 10 seconds. 2439# # 2440# For backward compatibility, if no unit is specified, seconds is 2441# assumed. 2442#prometheus_update_freq: 10s 2443 2444# Prometheus_stats_dir 2445# -------------------- 2446# Directory to use for gathering prometheus statistics. If specified, 2447# must be an absolute path. If not specified, the default path 2448# $configdirectory/stats/ will be used. It may be advantageous to locate this 2449# directory on ephemeral storage. 2450#prometheus_stats_dir: <none> 2451 2452# Proxy_authname 2453# -------------- 2454# The authentication name to use when authenticating to a backend server 2455# in the Cyrus Murder. 2456#proxy_authname: proxy 2457 2458# Proxy_compress 2459# -------------- 2460# Try to enable protocol-specific compression when performing a client 2461# connection to a backend server in the Cyrus Murder. 2462# # 2463# Note that this should only be necessary over slow network 2464# connections. Also note that currently only IMAP and MUPDATE support 2465# compression. 2466#proxy_compress: 0 2467 2468# Proxy_password 2469# -------------- 2470# The default password to use when authenticating to a backend server 2471# in the Cyrus Murder. May be overridden on a host-specific basis using 2472# the hostname_password option. 2473#proxy_password: <none> 2474 2475# Proxy_realm 2476# ----------- 2477# The authentication realm to use when authenticating to a backend server 2478# in the Cyrus Murder 2479#proxy_realm: <none> 2480 2481# Proxyd_allow_status_referral 2482# ---------------------------- 2483# Set to true to allow proxyd to issue referrals to clients that support it 2484# when answering the STATUS command. This is disabled by default since 2485# some clients issue many STATUS commands in a row, and do not cache the 2486# connections that these referrals would cause, thus resulting in a higher 2487# authentication load on the respective backend server. 2488#proxyd_allow_status_referral: 0 2489 2490# Proxyd_disable_mailbox_referrals 2491# -------------------------------- 2492# Set to true to disable the use of mailbox-referrals on the 2493# proxy servers. 2494#proxyd_disable_mailbox_referrals: 0 2495 2496# Proxyservers 2497# ------------ 2498# A list of users and groups that are allowed to proxy for other 2499# users, separated by spaces. Any user listed in this will be 2500# allowed to login for any other user: use with caution. 2501# In a standard murder this option should ONLY be set on backends. 2502# DO NOT SET on frontends or things won't work properly. 2503#proxyservers: <none> 2504 2505# Pts_module 2506# ---------- 2507# The PTS module to use. 2508# Allowed values: afskrb, ldap 2509#pts_module: afskrb 2510 2511# Ptloader_sock 2512# ------------- 2513# Unix domain socket that ptloader listens on. 2514# (defaults to configdirectory/ptclient/ptsock) 2515#ptloader_sock: <none> 2516 2517# Ptscache_db 2518# ----------- 2519# The cyrusdb backend to use for the pts cache. 2520# Allowed values: skiplist, twoskip, zeroskip 2521#ptscache_db: twoskip 2522 2523# Ptscache_db_path 2524# ---------------- 2525# The absolute path to the ptscache db file. If not specified, 2526# will be configdirectory/ptscache.db 2527#ptscache_db_path: <none> 2528 2529# Ptscache_timeout 2530# ---------------- 2531# The timeout for the PTS cache database when using the auth_krb_pts 2532# authorization method (default: 3 hours). 2533# # 2534# For backward compatibility, if no unit is specified, seconds is 2535# assumed. 2536#ptscache_timeout: 3h 2537 2538# Ptskrb5_convert524 2539# ------------------ 2540# When using the AFSKRB ptloader module with Kerberos 5 canonicalization, 2541# do the final 524 conversion to get a n AFS style name (using '.' instead 2542# of '/', and using short names 2543#ptskrb5_convert524: 1 2544 2545# Ptskrb5_strip_default_realm 2546# --------------------------- 2547# When using the AFSKRB ptloader module with Kerberos 5 canonicalization, 2548# strip the default realm from the userid (this does not affect the stripping 2549# of realms specified by the afspts_localrealms option) 2550#ptskrb5_strip_default_realm: 1 2551 2552# Qosmarking 2553# ---------- 2554# This specifies the Class Selector or Differentiated Services Code Point 2555# designation on IP headers (in the ToS field). 2556# Allowed values: cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef 2557#qosmarking: cs0 2558 2559# Quota_db 2560# -------- 2561# The cyrusdb backend to use for quotas. 2562# Allowed values: flat, skiplist, sql, quotalegacy, twoskip, zeroskip 2563#quota_db: quotalegacy 2564 2565# Quota_db_path 2566# ------------- 2567# The absolute path for the quota database (if you choose a single-file 2568# quota DB type - or the base path if you choose quotalegacy). If 2569# not specified will be configdirectory/quotas.db or configdirectory/quota/ 2570#quota_db_path: <none> 2571 2572# Quotawarn 2573# --------- 2574# The percent of quota utilization over which the server generates 2575# warnings. 2576#quotawarn: 90 2577 2578# Quotawarnkb 2579# ----------- 2580# The maximum amount of free space (in kB) at which to give a quota 2581# warning (if this value is 0, or if the quota is smaller than this 2582# amount, then warnings are always given). 2583#quotawarnkb: 0 2584 2585# Quotawarnmsg 2586# ------------ 2587# The maximum amount of messages at which to give a quota warning 2588# (if this value is 0, or if the quota is smaller than this 2589# amount, then warnings are always given). 2590#quotawarnmsg: 0 2591 2592# Reject8bit 2593# ---------- 2594# If enabled, lmtpd rejects messages with 8-bit characters in the 2595# headers. 2596#reject8bit: 0 2597 2598# Restore_authname 2599# ---------------- 2600# The authentication used by the restore tool when authenticating 2601# to an IMAP/sync server. 2602#restore_authname: <none> 2603 2604# Restore_password 2605# ---------------- 2606# The password used by the restore tool when authenticating to an 2607# IMAP/sync server. 2608#restore_password: <none> 2609 2610# Restore_realm 2611# ------------- 2612# The authentication realm used by the restore tool when 2613# authenticating to an IMAP/sync server. 2614#restore_realm: <none> 2615 2616# Reverseacls 2617# ----------- 2618# At startup time, ctl_cyrusdb -r will check this value and it 2619# will either add or remove reverse ACL pointers from mailboxes.db 2620#reverseacls: 0 2621 2622# Rfc2046_strict 2623# -------------- 2624# If enabled, imapd will be strict (per RFC 2046) when matching MIME 2625# boundary strings. This means that boundaries containing other 2626# boundaries as substrings will be treated as identical. Since 2627# enabling this option will break some messages created by Eudora 5.1 2628# (and earlier), it is recommended that it be left disabled unless 2629# there is good reason to do otherwise. 2630#rfc2046_strict: 0 2631 2632# Rfc2047_utf8 2633# ------------ 2634# If enabled, imapd will parse any non-encoded character sequence in 2635# MIME header values as UTF8. This is useful for installations that 2636# either advertise the UTF8SMTP (RFC 5335) extension or receive mails 2637# with improperly escaped UTF-8 byte sequences. It is recommended that 2638# this option is left disabled unless there is good reason to do 2639# otherwise. 2640#rfc2047_utf8: 0 2641 2642# Rfc3028_strict 2643# -------------- 2644# If enabled, Sieve will be strict (per RFC 3028) with regards to 2645# which headers are allowed to be used in address and envelope tests. 2646# This means that only those headers which are defined to contain addresses 2647# will be allowed in address tests and only "to" and "from" will be 2648# allowed in envelope tests. When disabled, ANY grammatically correct header 2649# will be allowed. 2650#rfc3028_strict: 1 2651 2652# Rss_feedlist_template 2653# --------------------- 2654# File containing HTML that will be used as a template for displaying 2655# the list of available RSS feeds. A single instance of the variable 2656# %RSS_FEEDLIST% should appear in the file, which will be replaced by 2657# a nested unordered list of feeds. The toplevel unordered list will 2658# be tagged with an id of "feed" (<ul id='feed'>) which can be used 2659# by stylesheet(s) in your template. The dynamically created list of 2660# feeds based on the HTML template will be accessible at the "/rss" 2661# URL on the server. 2662#rss_feedlist_template: <none> 2663 2664# Rss_feeds 2665# --------- 2666# A wildmat pattern specifying which mailbox hierarchies should be 2667# treated as RSS feeds. Only mailboxes matching the wildmat will 2668# have their messages available via RSS. If not set, a default 2669# wildmat of "*" (ALL mailboxes) will be used. 2670#rss_feeds: * 2671 2672# Rss_maxage 2673# ---------- 2674# Maximum age of items to display in an RSS channel. If non-zero, 2675# httpd will only display items received within this time period. 2676# If set to 0, all available items will be displayed (the default). 2677# # 2678# For backward compatibility, if no unit is specified, days is 2679# assumed. 2680#rss_maxage: <none> 2681 2682# Rss_maxitems 2683# ------------ 2684# Maximum number of items to display in an RSS channel. If non-zero, 2685# httpd will display no more than the rss_maxitems most recent 2686# items. If set to 0, all available items will be displayed (the 2687# default). 2688#rss_maxitems: 0 2689 2690# Rss_maxsynopsis 2691# --------------- 2692# Maximum RSS item synopsis length. If non-zero, httpd will display 2693# no more than the first rss_maxsynopsis characters of an 2694# item's synopsis. If set to 0, the entire synopsis will be 2695# displayed (the default). 2696#rss_maxsynopsis: 0 2697 2698# Rss_realm 2699# --------- 2700# The realm to present for HTTP authentication of RSS feeds. If not 2701# set (the default), the value of the "servername" option will be 2702# used. 2703#rss_realm: <none> 2704 2705# Sasl_auto_transition 2706# -------------------- 2707# If enabled, the SASL library will automatically create authentication 2708# secrets when given a plaintext password. See the SASL documentation. 2709#sasl_auto_transition: 0 2710 2711# Sasl_maximum_layer 2712# ------------------ 2713# Maximum SSF (security strength factor) that the server will allow a 2714# client to negotiate. 2715#sasl_maximum_layer: 256 2716 2717# Sasl_minimum_layer 2718# ------------------ 2719# The minimum SSF that the server will allow a client to negotiate. 2720# A value of 1 requires integrity protection; any higher value 2721# requires some amount of encryption. 2722#sasl_minimum_layer: 0 2723 2724# Sasl_option 2725# ----------- 2726# Any SASL option can be set by preceding it with sasl_. This 2727# file overrides the SASL configuration file. 2728#sasl_option: 0 2729 2730# Sasl_pwcheck_method 2731# ------------------- 2732# The mechanism used by the server to verify plaintext passwords. 2733# Possible values include "auxprop", "saslauthd", and "pwcheck". 2734#sasl_pwcheck_method: <none> 2735 2736# Search_batchsize 2737# ---------------- 2738# The number of messages to be indexed in one batch (default 20). 2739# Note that long batches may delay user commands or mail delivery. 2740#search_batchsize: 20 2741 2742# Search_attachment_extractor_url 2743# ------------------------------- 2744 2745# Reserved for future use. 2746 2747#search_attachment_extractor_url: <none> 2748 2749# Search_index_language 2750# --------------------- 2751 2752# Reserved for future use. 2753 2754#search_index_language: 0 2755 2756# Search_index_parts 2757# ------------------ 2758 2759# Deprecated. No longer used. 2760 2761#search_index_parts: 0 2762 2763# Search_query_language 2764# --------------------- 2765 2766# Reserved for future use. 2767 2768#search_query_language: 0 2769 2770# Search_normalisation_max 2771# ------------------------ 2772# A resource bound for the combinatorial explosion of search expression 2773# tree complexity caused by normalising expressions with many OR nodes. 2774# These can use more CPU time to optimise than they save IO time in scanning 2775# folders. 2776#search_normalisation_max: 1000 2777 2778# Search_engine 2779# ------------- 2780# The indexing engine used to speed up searching. 2781# Allowed values: none, squat, xapian 2782#search_engine: none 2783 2784# Search_fuzzy_always 2785# ------------------- 2786# Whether to enable RFC 6203 FUZZY search for all IMAP SEARCH. If turned 2787# on, search attributes will be searched using FUZZY search by default. 2788# If turned off, clients have to explicitly use the FUZZY search key to 2789# enable fuzzy search for regular SEARCH commands. 2790#search_fuzzy_always: 0 2791 2792# Search_index_headers 2793# -------------------- 2794# Whether to index headers other than From, To, Cc, Bcc, and Subject. 2795# Experiment shows that some headers such as Received and DKIM-Signature 2796# can contribute up to 2/3rds of the index size but almost nothing to 2797# the utility of searching. Note that if header indexing is disabled, 2798# headers can still be searched, the searches will just be slower. 2799 2800#search_index_headers: 1 2801 2802# Search_indexed_db 2803# ----------------- 2804# The cyrusdb backend to use for the search latest indexed uid state. Xapian only. 2805# Allowed values: flat, skiplist, twoskip, zeroskip 2806#search_indexed_db: twoskip 2807 2808# Search_maxtime 2809# -------------- 2810# The maximum number of seconds to run a search for before aborting. Default 2811# of no value means search "forever" until other timeouts. 2812#search_maxtime: <none> 2813 2814# Search_queryscan 2815# ---------------- 2816# The minimum number of records require to do a direct scan of all G keys 2817# * rather than indexed lookups. A value of 0 means always do indexed lookups. 2818 2819#search_queryscan: 5000 2820 2821# Search_skipdiacrit 2822# ------------------ 2823# When searching, should diacriticals be stripped from the search 2824# terms. The default is "true", a search for "hav" will match 2825# "Håvard". This is not RFC5051 compliant, but it backwards 2826# compatible, and may be preferred by some sites. 2827#search_skipdiacrit: 1 2828 2829# Search_skiphtml 2830# --------------- 2831# If enabled, HTML parts of messages are skipped, i.e. not indexed and 2832# not searchable. Otherwise, they're indexed. 2833#search_skiphtml: 0 2834 2835# Search_whitespace 2836# ----------------- 2837# When searching, how whitespace should be handled. Options are: 2838# "skip" (default in 2.3 and earlier series) - where a search for 2839# "equi" would match "the quick brown fox". "merge" - the default, 2840# where "he qu" would match "the quick brownfox", and "keep", 2841# where whitespace must match exactly. The default of "merge" is 2842# recommended for most cases - it's a good compromise which 2843# keeps words separate. 2844# Allowed values: skip, merge, keep 2845#search_whitespace: merge 2846 2847# Search_snippet_length 2848# --------------------- 2849# The maximum byte length of a snippet generated by the XSNIPPETS 2850# command. Only supported by the Xapian search backend, which 2851# attempts to always fill search_snippet_length bytes in the 2852# generated snippet. 2853#search_snippet_length: 255 2854 2855# Search_stopword_path 2856# -------------------- 2857# The absolute base path to the search stopword lists. If not specified, 2858# no stopwords will be taken into account during search indexing. Currently, 2859# the only supported and default stop word file is english.txt. 2860#search_stopword_path: <none> 2861 2862# Searchpartition-name 2863# -------------------- 2864# The pathname where to store the xapian search indexes of searchtier 2865# for mailboxes of partition name. This must be configured for the 2866# defaultsearchtier and any additional search tier (see squatter for 2867# details). 2868# # 2869# For example: if defaultpartition is defined as part1 and 2870# defaultsearchtier as tier1 then the configuration must contain 2871# an entry tier1searchpartition-part1 that defines the path where to 2872# store this tier1's search index for the part1 partition. 2873# # 2874# This option MUST be specified for xapian search. 2875#searchpartition-name: <none> 2876 2877# Seenstate_db 2878# ------------ 2879# The cyrusdb backend to use for the seen state. 2880# Allowed values: flat, skiplist, twoskip, zeroskip 2881#seenstate_db: twoskip 2882 2883# Sendmail 2884# -------- 2885# The pathname of the sendmail executable. Sieve invokes sendmail 2886# for sending rejections, redirects and vacation responses. 2887#sendmail: /usr/lib/sendmail 2888 2889# Sendmail_auth_id 2890# ---------------- 2891# The name of an environment variable to set when invoking sendmail. 2892# The value of this environment variable will contain the user id 2893# of the currently authenticated user. If no user is authenticated 2894# the environment variable is not set. 2895#sendmail_auth_id: CYRUS_SENDMAIL_AUTH_ID 2896 2897# Serverlist 2898# ---------- 2899# Whitespace separated list of backend server names. Used for 2900# finding server with the most available free space for proxying 2901# CREATE. 2902#serverlist: <none> 2903 2904# Serverlist_select_mode 2905# ---------------------- 2906# Server selection mode. 2907# # 2908# random 2909# (pseudo-)random selection 2910# freespace-most 2911# backend with the most (total) free space (KiB) 2912# freespace-percent-most 2913# backend whose partition has the most free space (%) 2914# freespace-percent-weighted 2915# same as for partition selection, comparing the free space (%) of the least used 2916# partition of each backend 2917# freespace-percent-weighted-delta 2918# same as for partition selection, comparing the free space (%) of the least used 2919# partition of each backend. 2920# # 2921 2922# Allowed values: random, freespace-most, freespace-percent-most, freespace-percent-weighted, freespace-percent-weighted-delta 2923#serverlist_select_mode: freespace-most 2924 2925# Serverlist_select_usage_reinit 2926# ------------------------------ 2927# For a given session, number of operations (e.g. backend selection) 2928# for which backend usage data are cached. 2929#serverlist_select_usage_reinit: 0 2930 2931# Serverlist_select_soft_usage_limit 2932# ---------------------------------- 2933# Limit of backend usage (%): if a backend is over that limit, it is 2934# automatically excluded from selection mode. 2935# # 2936# If all backends are over that limit, this feature is not used anymore. 2937 2938#serverlist_select_soft_usage_limit: 0 2939 2940# Servername 2941# ---------- 2942# This is the hostname visible in the greeting messages of the POP, 2943# IMAP and LMTP daemons. If it is unset, then the result returned 2944# from gethostname(2) is used. This is also the value used by murder 2945# clusters to identify the host name. It should be resolvable by 2946# DNS to the correct host, and unique within an active cluster. If 2947# you are using low level replication (e.g. drbd) then it should be 2948# the same on each copy and the DNS name should also be moved to 2949# the new master on failover. 2950#servername: <none> 2951 2952# Serverinfo 2953# ---------- 2954# The server information to display in the greeting and capability 2955# responses. Information is displayed as follows: 2956 2957# "off" = no server information in the greeting or capabilities 2958# "min" = servername in the greeting; no server information in the capabilities 2959# "on" = servername and product version in the greeting; 2960# product version in the capabilities 2961# # 2962 2963# Allowed values: off, min, on 2964#serverinfo: on 2965 2966# Sharedprefix 2967# ------------ 2968# If using the alternate IMAP namespace, the prefix for the shared 2969# namespace. The hierarchy delimiter will be automatically appended. 2970 2971#sharedprefix: Shared Folders 2972 2973# Sieve_allowreferrals 2974# -------------------- 2975# If enabled, timsieved will issue referrals to clients when the 2976# user's scripts reside on a remote server (in a Murder). 2977# Otherwise, timsieved will proxy traffic to the remote server. 2978#sieve_allowreferrals: 1 2979 2980# Sieve_duplicate_max_expiration 2981# ------------------------------ 2982# Maximum expiration time for duplicate message tracking records. 2983# # 2984# For backward compatibility, if no unit is specified, seconds is 2985# assumed. 2986#sieve_duplicate_max_expiration: 90d 2987 2988# Sieve_extensions 2989# ---------------- 2990# Space-separated list of Sieve extensions allowed to be used in 2991# sieve scripts, enforced at submission by timsieved(8). Any 2992# previously installed script will be unaffected by this option and 2993# will continue to execute regardless of the extensions used. This 2994# option has no effect on options that are disabled at compile time 2995# (e.g., "regex"). 2996# Allowed values: fileinto, reject, vacation, vacation-seconds, imapflags, notify, include, envelope, environment, body, relational, regex, subaddress, copy, date, index, imap4flags, mailbox, mboxmetadata, servermetadata, variables, editheader, extlists, duplicate, ihave, fcc, special-use, redirect-dsn, redirect-deliverby, mailboxid, x-cyrus-log, x-cyrus-jmapquery, x-cyrus-snooze 2997#sieve_extensions: fileinto reject vacation vacation-seconds imapflags notify include envelope environment body relational regex subaddress copy date index imap4flags mailbox mboxmetadata servermetadata variables editheader extlists duplicate ihave fcc special-use redirect-dsn redirect-deliverby mailboxid x-cyrus-log x-cyrus-jmapquery x-cyrus-snooze 2998 2999# Sieve_maxscriptsize 3000# ------------------- 3001# Maximum size (in kilobytes) any sieve script can be, enforced at 3002# submission by timsieved(8). 3003#sieve_maxscriptsize: 32 3004 3005# Sieve_maxscripts 3006# ---------------- 3007# Maximum number of sieve scripts any user may have, enforced at 3008# submission by timsieved(8). 3009#sieve_maxscripts: 5 3010 3011# Sieve_utf8fileinto 3012# ------------------ 3013# If enabled, the sieve engine expects folder names for the 3014# fileinto action in scripts to use UTF8 encoding. Otherwise, 3015# modified UTF7 encoding should be used. 3016#sieve_utf8fileinto: 0 3017 3018# Sieve_sasl_send_unsolicited_capability 3019# -------------------------------------- 3020# If enabled, timsieved will emit a capability response after a successful 3021# SASL authentication, per draft-martin-managesieve-12.txt . 3022#sieve_sasl_send_unsolicited_capability: 0 3023 3024# Sieve_use_lmtp_reject 3025# --------------------- 3026# Enabled by default. If reject can be done via LMTP, then return a 550 3027# rather than generating the bounce message in Cyrus. 3028#sieve_use_lmtp_reject: 1 3029 3030# Sieve_vacation_min_response 3031# --------------------------- 3032# Minimum time interval between consecutive vacation responses, per 3033# draft-ietf-vacation-seconds.txt. The default is 3 days. 3034# # 3035# For backward compatibility, if no unit is specified, seconds is 3036# assumed. 3037#sieve_vacation_min_response: 3d 3038 3039# Sieve_vacation_max_response 3040# --------------------------- 3041# Maximum time interval between consecutive vacation responses, per 3042# draft-ietf-vacation-seconds.txt. The default is 90 days. The 3043# minimum is 7 days. 3044# # 3045# For backward compatibility, if no unit is specified, seconds is 3046# assumed. 3047#sieve_vacation_max_response: 90d 3048 3049# Sievedir 3050# -------- 3051# If sieveusehomedir is false, this directory is searched for Sieve 3052# scripts. 3053#sievedir: /usr/sieve 3054 3055# Sievenotifier 3056# ------------- 3057# Notifyd(8) method to use for "SIEVE" notifications. If not set, "SIEVE" 3058# notifications are disabled. 3059# # 3060# This method is only used when no method is specified in the script. 3061#sievenotifier: <none> 3062 3063# Sieveusehomedir 3064# --------------- 3065# If enabled, lmtpd will look for Sieve scripts in user's home 3066# directories: ~user/.sieve. 3067#sieveusehomedir: 0 3068 3069# Anysievefolder 3070# -------------- 3071# It must be "yes" in order to permit the autocreation of any INBOX subfolder 3072# requested by a sieve filter, through the "fileinto" action. (default = no) 3073#anysievefolder: 0 3074 3075# Singleinstancestore 3076# ------------------- 3077# If enabled, imapd, lmtpd and nntpd attempt to only write one copy 3078# of a message per partition and create hard links, resulting in a 3079# potentially large disk savings. 3080#singleinstancestore: 1 3081 3082# Skiplist_always_checkpoint 3083# -------------------------- 3084# If enabled, this option forces the skiplist cyrusdb backend to 3085# always checkpoint when doing a recovery. This causes slightly 3086# more IO, but on the other hand leads to more efficient databases, 3087# and the entire file is already "hot". 3088#skiplist_always_checkpoint: 1 3089 3090# Skiplist_unsafe 3091# --------------- 3092# If enabled, this option forces the skiplist cyrusdb backend to 3093# not sync writes to the disk. Enabling this option is NOT RECOMMENDED. 3094#skiplist_unsafe: 0 3095 3096# Smtp_backend 3097# ------------ 3098# The SMTP backend to use for sending email. 3099 3100# The \"host\" backend sends message submissions via 3101# a TCP socket to the SMTP host defined in the config 3102# option smtp_host. 3103 3104# The \"sendmail\" backend forks the Cyrus process into 3105# the executable defined in the config option sendmail. 3106# The executable must accept \"-bs\" as command line 3107# argument, read from stdin and must implement the minimum 3108# SMTP protocol as defined in section 4.5.1 of RFC 5321. 3109 3110# If the SMTP EHLO command reports AUTH (RFC 4954) as a 3111# supported extension, then the MAIL FROM command includes 3112# the AUTH parameter, with its value set to the name of any 3113# authenticated user which triggered the email. The AUTH 3114# parameter is omitted if the user is unknown to the calling 3115# process. 3116 3117# If the directory 3118# configdirectory/log/smtpclient.\ smtp_backend 3119# exists, then telemetry logs for outgoing SMTP sessions will 3120# be created in this directory. 3121 3122# Allowed values: host, sendmail 3123#smtp_backend: sendmail 3124 3125# Smtp_host 3126# --------- 3127# The SMTP host to use for sending mail (also see the 3128# smtp_backend option). The value of this option must 3129# the name or IP address of a TCP host, followed optionally 3130# by a colon and the port or service to use. The default 3131# port is 587. TLS may be activated by appending \"/tls\" 3132# to the value. Authentication is enabled if smtp_auth_authname 3133# is set. Authentication can be explicitly disabled by appending 3134# \"/noauth\" to the host address. 3135#smtp_host: localhost:587 3136 3137# Smtp_auth_authname 3138# ------------------ 3139# The authentication name to use when authenticating to the SMTP 3140# server defined in smtp_host. 3141#smtp_auth_authname: <none> 3142 3143# Smtp_auth_password 3144# ------------------ 3145# The password to use when authenticating to the SMTP server defined 3146# in smtp_host. 3147#smtp_auth_password: <none> 3148 3149# Smtp_auth_realm 3150# --------------- 3151# The authentication SASL realm to use when authenticating to a SMTP 3152# server. 3153#smtp_auth_realm: <none> 3154 3155# Soft_noauth 3156# ----------- 3157# If enabled, lmtpd returns temporary failures if the client does not 3158# successfully authenticate. Otherwise lmtpd returns permanent failures 3159# (causing the mail to bounce immediately). 3160#soft_noauth: 1 3161 3162# Sortcache_db 3163# ------------ 3164# The cyrusdb backend to use for caching sort results (currently only 3165# used for xconvmultisort) 3166# Allowed values: skiplist, twoskip, zeroskip 3167#sortcache_db: twoskip 3168 3169# Specialuse_extra 3170# ---------------- 3171# Whitespace separated list of extra special-use attributes 3172# that can be set on a mailbox. RFC 6154 currently lists 3173# what special-use attributes can be set. This allows 3174# extending that list in the future or adding your own 3175# if needed. 3176#specialuse_extra: <none> 3177 3178# Specialuse_protect 3179# ------------------ 3180# Whitespace separated list of special-use attributes 3181# to protect the mailboxes for. If set, don't allow 3182# mailboxes with these special use attributes to be deleted 3183# or renamed to have a different parent. Default is the built-in list 3184#specialuse_protect: \\Archive \\Drafts \\Important \\Junk \\Sent \\Trash 3185 3186# Specialusealways 3187# ---------------- 3188# If enabled, this option causes LIST and LSUB output to always include 3189# the XLIST "special-use" flags 3190#specialusealways: 1 3191 3192# Sql_database 3193# ------------ 3194# Name of the database which contains the cyrusdb table(s). 3195#sql_database: <none> 3196 3197# Sql_engine 3198# ---------- 3199# Name of the SQL engine to use. 3200# Allowed values: mysql, pgsql, sqlite 3201#sql_engine: <none> 3202 3203# Sql_hostnames 3204# ------------- 3205# Comma separated list of SQL servers (in host[:port] format). 3206#sql_hostnames: <empty string> 3207 3208# Sql_passwd 3209# ---------- 3210# Password to use for authentication to the SQL server. 3211#sql_passwd: <none> 3212 3213# Sql_user 3214# -------- 3215# Username to use for authentication to the SQL server. 3216#sql_user: <none> 3217 3218# Sql_usessl 3219# ---------- 3220# If enabled, a secure connection will be made to the SQL server. 3221#sql_usessl: 0 3222 3223# Srs_alwaysrewrite 3224# ----------------- 3225# If true, perform SRS rewriting for ALL forwarding, even when not required. 3226#srs_alwaysrewrite: 0 3227 3228# Srs_domain 3229# ---------- 3230# The domain to use in rewritten addresses. This must point only to machines 3231# which know the encoding secret used by this system. When present, SRS is 3232# enabled. 3233#srs_domain: <none> 3234 3235# Srs_hashlength 3236# -------------- 3237# The hash length to generate in a rewritten address. 3238#srs_hashlength: 0 3239 3240# Srs_secrets 3241# ----------- 3242# A list of secrets with which to generate addresses. 3243#srs_secrets: <none> 3244 3245# Srs_separator 3246# ------------- 3247# The separator to appear immediately after SRS[01] in rewritten addresses. 3248#srs_separator: <none> 3249 3250# Srvtab 3251# ------ 3252# The pathname of srvtab file containing the server's private 3253# key. This option is passed to the SASL library and overrides its 3254# default setting. 3255#srvtab: <empty string> 3256 3257# Submitservers 3258# ------------- 3259# A list of users and groups that are allowed to resolve "urlauth=submit+" 3260# IMAP URLs, separated by spaces. Any user listed in this will be 3261# allowed to fetch the contents of any valid "urlauth=submit+" IMAP URL: 3262# use with caution. 3263#submitservers: <none> 3264 3265# Subscription_db 3266# --------------- 3267# The cyrusdb backend to use for the subscriptions list. 3268# Allowed values: flat, skiplist, twoskip, zeroskip 3269#subscription_db: flat 3270 3271# Suppress_capabilities 3272# --------------------- 3273# Suppress the named capabilities from any capability response. Use the 3274# exact case as it appears in the response, e.g. 3275# "suppress_capabilities: ESEARCH QRESYNC WITHIN XLIST LIST-EXTENDED" 3276# if you have a murder with 2.3.x backends and don't want clients being 3277# confused by new capabilities that some backends don't support. 3278#suppress_capabilities: <none> 3279 3280# Statuscache 3281# ----------- 3282# Enable/disable the imap status cache. 3283#statuscache: 0 3284 3285# Statuscache_db 3286# -------------- 3287# The cyrusdb backend to use for the imap status cache. 3288# Allowed values: skiplist, sql, twoskip, zeroskip 3289#statuscache_db: twoskip 3290 3291# Statuscache_db_path 3292# ------------------- 3293# The absolute path to the statuscache db file. If not specified, 3294# will be configdirectory/statuscache.db 3295#statuscache_db_path: <none> 3296 3297# Sync_authname 3298# ------------- 3299# The authentication name to use when authenticating to a sync server. 3300# Prefix with a channel name to only apply for that channel 3301#sync_authname: <none> 3302 3303# Sync_batchsize 3304# -------------- 3305# the number of messages to upload in a single mailbox replication. 3306# Default is 8192. If there are more than this many messages appended 3307# to the mailbox, generate a synthetic partial state and send that. 3308#sync_batchsize: 8192 3309 3310# Sync_host 3311# --------- 3312# Name of the host (replica running sync_server(8)) to which 3313# replication actions will be sent by sync_client(8). 3314# Prefix with a channel name to only apply for that channel 3315#sync_host: <none> 3316 3317# Sync_log 3318# -------- 3319# Enable replication action logging by lmtpd(8), imapd(8), pop3d(8), 3320# and nntpd(8). The log {configdirectory}/sync/log is used by 3321# sync_client(8) for "rolling" replication. 3322#sync_log: 0 3323 3324# Sync_log_chain 3325# -------------- 3326# Enable replication action logging by sync_server as well, allowing 3327# chaining of replicas. Use this on 'B' for A => B => C replication layout 3328#sync_log_chain: 0 3329 3330# Sync_log_channels 3331# ----------------- 3332# If specified, log all events to multiple log files in directories 3333# specified by each "channel". Each channel can then be processed 3334# separately, such as by multiple sync_client(8)s in a mesh replication 3335# scheme, or by squatter(8) for rolling search index updates. 3336# # 3337# You can use "" (the two-character string U+22 U+22) to mean the 3338# default sync channel. 3339#sync_log_channels: <none> 3340 3341# Sync_log_unsuppressable_channels 3342# -------------------------------- 3343# If specified, the named channels are exempt from the effect of setting 3344# sync_log_chain:off, i.e. they are always logged to by the sync_server 3345# process. This is only really useful to allow rolling search indexing 3346# on a replica. 3347#sync_log_unsuppressable_channels: squatter 3348 3349# Sync_password 3350# ------------- 3351# The default password to use when authenticating to a sync server. 3352# Prefix with a channel name to only apply for that channel 3353#sync_password: <none> 3354 3355# Sync_port 3356# --------- 3357# Name of the service (or port number) of the replication service on 3358# replica host. Prefix with a channel name to only apply for that 3359# channel. If not specified, and if sync_try_imap is set to "yes" 3360# (the default), then the replication client will first try "imap" 3361# (port 143) to check if imapd supports replication. otherwise it 3362# will default to "csync" (usually port 2005). 3363#sync_port: <none> 3364 3365# Sync_realm 3366# ---------- 3367# The authentication realm to use when authenticating to a sync server. 3368# Prefix with a channel name to only apply for that channel 3369#sync_realm: <none> 3370 3371# Sync_repeat_interval 3372# -------------------- 3373# Minimum interval between replication runs in rolling replication 3374# mode. If a replication run takes longer than this time, we repeat 3375# immediately. Prefix with a channel name to only apply for that 3376# channel. 3377# # 3378# For backward compatibility, if no unit is specified, seconds is 3379# assumed. 3380#sync_repeat_interval: 1s 3381 3382# Sync_shutdown_file 3383# ------------------ 3384# Simple latch used to tell sync_client(8) that it should shut down at the 3385# next opportunity. Safer than sending signals to running processes. 3386# Prefix with a channel name to only apply for that channel 3387#sync_shutdown_file: <none> 3388 3389# Sync_timeout 3390# ------------ 3391# How long to wait for a response before returning a timeout failure 3392# when talking to a replication peer (client or server). The minimum 3393# duration is 3 seconds, the default is 30 minutes. 3394# # 3395# For backward compatibility, if no unit is specified, seconds is 3396# assumed. 3397#sync_timeout: 30m 3398 3399# Sync_try_imap 3400# ------------- 3401# Whether sync_client should try to perform an IMAP connection 3402# before falling back to csync. If this is set to "no", 3403# sync_client will only use csync. Prefix with a channel name to 3404# apply only for that channel 3405#sync_try_imap: 1 3406 3407# Syslog_prefix 3408# ------------- 3409# String to be prepended to the process name in syslog entries. Can 3410# be further overridden by setting the $CYRUS_SYSLOG_PREFIX environment 3411# variable. 3412# # 3413# Using the $CYRUS_SYSLOG_PREFIX environment variable has the additional 3414# advantage that it can be set before the imapd.conf is read, so 3415# errors while reading the config file can be syslogged with the correct 3416# prefix. 3417#syslog_prefix: <none> 3418 3419# Syslog_facility 3420# --------------- 3421# Configure a syslog facility. The default is whatever is compiled 3422# in. Allowed values are: DAEMON, MAIL, NEWS, USER, and LOCAL0 3423# through to LOCAL7 3424#syslog_facility: <none> 3425 3426# Tcp_keepalive 3427# ------------- 3428# Enable keepalive on TCP connections 3429#tcp_keepalive: 0 3430 3431# Tcp_keepalive_cnt 3432# ----------------- 3433# Number of TCP keepalive probes to send before declaring the 3434# connection dead (0 == system default) 3435#tcp_keepalive_cnt: 0 3436 3437# Tcp_keepalive_idle 3438# ------------------ 3439# How long a connection must be idle before keepalive probes are sent 3440# (0 == system default). 3441# # 3442# For backward compatibility, if no unit is specified, seconds is 3443# assumed. 3444#tcp_keepalive_idle: 0 3445 3446# Tcp_keepalive_intvl 3447# ------------------- 3448# Time between keepalive probes (0 == system default). 3449# # 3450# For backward compatibility, if no unit is specified, seconds is 3451# assumed. 3452#tcp_keepalive_intvl: 0 3453 3454# Temp_path 3455# --------- 3456# The pathname to store temporary files in 3457#temp_path: /tmp 3458 3459# Telemetry_bysessionid 3460# --------------------- 3461# If true, log by sessionid instead of PID for telemetry 3462#telemetry_bysessionid: 0 3463 3464# Timeout 3465# ------- 3466# The length of the IMAP server's inactivity autologout timer. 3467# The minimum value is 30 minutes. The default is 32 minutes, 3468# to allow a bit of leeway for clients that try to NOOP every 3469# 30 minutes. 3470# # 3471# For backward compatibility, if no unit is specified, minutes 3472# is assumed. 3473#timeout: 32m 3474 3475# Imapidletimeout 3476# --------------- 3477# Timeout for idling clients (RFC 2177). If not set (the default), 3478# the value of "timeout" will be used instead. 3479# # 3480# For backward compatibility, if no unit is specified, minutes 3481# is assumed. 3482#imapidletimeout: <none> 3483 3484# Tls_ca_file 3485# ----------- 3486# Deprecated in favor of tls_client_ca_file. 3487#tls_ca_file: <none> 3488 3489# Tls_ca_path 3490# ----------- 3491# Deprecated in favor of tls_client_ca_dir. 3492#tls_ca_path: <none> 3493 3494# Tlscache_db 3495# ----------- 3496# Deprecated in favor of tls_sessions_db. 3497#tlscache_db: twoskip 3498 3499# Tlscache_db_path 3500# ---------------- 3501# Deprecated in favor of tls_sessions_db_path. 3502#tlscache_db_path: <none> 3503 3504# Tls_cert_file 3505# ------------- 3506# Deprecated in favor of tls_server_cert. 3507#tls_cert_file: <none> 3508 3509# Tls_cipher_list 3510# --------------- 3511# Deprecated in favor of tls_ciphers. 3512#tls_cipher_list: DEFAULT 3513 3514# Tls_ciphers 3515# ----------- 3516# The list of SSL/TLS ciphers to allow. The format of the string 3517# (and definition of "DEFAULT") is described in ciphers(1). 3518# # 3519# See also Mozilla's server-side TLS recommendations: 3520# # 3521# https://wiki.mozilla.org/Security/Server_Side_TLS 3522#tls_ciphers: DEFAULT 3523 3524# Tls_crl_file 3525# ------------ 3526# Path to a file containing the Certificate Revocation List 3527#tls_crl_file: <none> 3528 3529# Tls_client_ca_dir 3530# ----------------- 3531# Path to a directory containing the CA certificates used to verify 3532# client SSL certificates used for authentication. 3533#tls_client_ca_dir: <none> 3534 3535# Tls_client_ca_file 3536# ------------------ 3537# Path to a file containing the CA certificate(s) used to verify 3538# client SSL certificates used for authentication. 3539#tls_client_ca_file: <none> 3540 3541# Tls_client_cert 3542# --------------- 3543# File containing the certificate presented to a server for authentication 3544# during STARTTLS. A value of "disabled" will disable this server's use 3545# of certificate-based authentication. 3546#tls_client_cert: <none> 3547 3548# Tls_client_certs 3549# ---------------- 3550# Disable ("off"), allow ("optional", default) or require ("require") the 3551# use of SSL certificates by clients to authenticate themselves. 3552# Allowed values: off, optional, require 3553#tls_client_certs: optional 3554 3555# Tls_client_key 3556# -------------- 3557# File containing the private key belonging to the tls_client_cert 3558# certificate. A value of "disabled" will disable this server's use 3559# of certificate-based authentication. 3560#tls_client_key: <none> 3561 3562# Tls_eccurve 3563# ----------- 3564# The elliptic curve used for ECDHE. Default is NIST Suite B prime256. 3565# See 'openssl ecparam -list_curves' for possible values. 3566#tls_eccurve: prime256v1 3567 3568# Tls_key_file 3569# ------------ 3570# Deprecated in favor of tls_server_key. 3571#tls_key_file: <none> 3572 3573# Tls_required 3574# ------------ 3575# If enabled, require a TLS/SSL encryption layer to be negotiated 3576# prior to ANY authentication mechanisms being advertised or allowed. 3577#tls_required: 0 3578 3579# Tls_prefer_server_ciphers 3580# ------------------------- 3581# Prefer the ciphers on the server side instead of client side. 3582#tls_prefer_server_ciphers: 0 3583 3584# Tls_server_ca_dir 3585# ----------------- 3586# Path to a directory with CA certificates used to verify certificates 3587# offered by the server, when cyrus acts as client. This directory must 3588# have filenames with the hashed value of the certificates (see 3589# openssl(1)). 3590#tls_server_ca_dir: <none> 3591 3592# Tls_server_ca_file 3593# ------------------ 3594# Path to a file containing CA certificates used to verify certificates 3595# offered by the server, when cyrus acts as client. 3596#tls_server_ca_file: <none> 3597 3598# Tls_server_cert 3599# --------------- 3600# File containing the certificate, including the full chain, presented to clients. 3601# Two certificates can be set, e.g RSA and EC, if the filenames are separated with 3602# comma without spaces. 3603#tls_server_cert: <none> 3604 3605# Tls_server_dhparam 3606# ------------------ 3607# File containing the DH parameters belonging to the certificate in 3608# tls_server_cert. 3609#tls_server_dhparam: <none> 3610 3611# Tls_server_key 3612# -------------- 3613# File containing the private key belonging to the certificate in 3614# tls_server_cert. If not set, tls_server_cert must contain both private and 3615# public key. Two files with keys can be set, if two certificates are used, in 3616# which case the files must be separated with comma without spaces 3617#tls_server_key: <none> 3618 3619# Tls_sessions_db 3620# --------------- 3621# The cyrusdb backend to use for the TLS cache. 3622# Allowed values: skiplist, sql, twoskip, zeroskip 3623#tls_sessions_db: twoskip 3624 3625# Tls_sessions_db_path 3626# -------------------- 3627# The absolute path to the TLS sessions db file. If not specified, 3628# will be configdirectory/tls_sessions.db 3629#tls_sessions_db_path: <none> 3630 3631# Tls_session_timeout 3632# ------------------- 3633# The length of time that a TLS session will be cached for later 3634# reuse. The maximum value is 24 hours, also the default. A 3635# value of 0 will disable session caching. 3636# # 3637# For backward compatibility, if no unit is specified, minutes is 3638# assumed. 3639#tls_session_timeout: 24h 3640 3641# Tls_versions 3642# ------------ 3643# A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS starts 3644# with all protocols, and subtracts protocols not in this list. Newer 3645# versions of SSL/TLS will need to be added here to allow them to get 3646# disabled. 3647#tls_versions: tls1_0 tls1_1 tls1_2 tls1_3 3648 3649# Uidl_format 3650# ----------- 3651# Choose the format for UIDLs in pop3. Possible values are "uidonly", 3652# "cyrus", "dovecot" and "courier". "uidonly" forces the old default 3653# of UID, "cyrus" is UIDVALIDITY.UID. Dovecot is 8 digits of leading 3654# hex (lower case) each UID UIDVALIDITY. Courier is UIDVALIDITY-UID. 3655# Allowed values: uidonly, cyrus, dovecot, courier 3656#uidl_format: cyrus 3657 3658# Umask 3659# ----- 3660# The umask value used by various Cyrus IMAP programs. 3661#umask: 077 3662 3663# Userdeny_db 3664# ----------- 3665# The cyrusdb backend to use for the user access list. 3666# Allowed values: flat, skiplist, sql, twoskip, zeroskip 3667#userdeny_db: flat 3668 3669# Userdeny_db_path 3670# ---------------- 3671# The absolute path to the userdeny db file. If not specified, 3672# will be configdirectory/user_deny.db 3673#userdeny_db_path: <none> 3674 3675# Username_tolower 3676# ---------------- 3677# Convert usernames to all lowercase before login/authentication. This 3678# is useful with authentication backends which ignore case during 3679# username lookups (such as LDAP). 3680#username_tolower: 1 3681 3682# Userprefix 3683# ---------- 3684# If using the alternate IMAP namespace, the prefix for the other users 3685# namespace. The hierarchy delimiter will be automatically appended. 3686#userprefix: Other Users 3687 3688# Unix_group_enable 3689# ----------------- 3690# Should we look up groups when using auth_unix (disable this if you are 3691# not using groups in ACLs for your IMAP server, and you are using auth_unix 3692# with a backend (such as LDAP) that can make getgrent() calls very 3693# slow) 3694#unix_group_enable: 1 3695 3696# Unixhierarchysep 3697# ---------------- 3698# Use the UNIX separator character '/' for delimiting levels of 3699# mailbox hierarchy. Turn off to use the netnews separator 3700# character '.'. Note that with the newnews separator, no dots may 3701# occur in mailbox names. The default switched in 3.0 from off to on. 3702#unixhierarchysep: 1 3703 3704# Virtdomains 3705# ----------- 3706# Configure virtual domain support. 3707# # 3708# off 3709# Cyrus does not know or care about domains. Only the local part of email 3710# addresses is ever considered. This is not recommended for any deployment, 3711# but is currently the default. 3712# userid 3713# The user's domain is determined by splitting a fully qualified userid at the 3714# last '@' or '%' symbol. If the userid is unqualified, the defaultdomain 3715# will be used. This is the recommended configuration for all deployments. 3716# If you wish to provide calendaring services you must use this configuration. 3717# on 3718# Fully qualified userids are respected, as per "userid". Unqualified userids 3719# will have their domain determined by doing a reverse lookup on the IP address 3720# of the incoming network interface, or if no record is found, the 3721# defaultdomain will be used. 3722 3723# # 3724 3725# Allowed values: off, userid, on 3726#virtdomains: off 3727 3728# Virusscan_notification_subject 3729# ------------------------------ 3730# The text used in the subject of email notifications created by 3731# cyr_virusscan(8) when deleting infected mail. 3732#virusscan_notification_subject: Automatically deleted mail 3733 3734# Virusscan_notification_template 3735# ------------------------------- 3736# The absolute path to a file containing a template to use to describe 3737# infected messages that have been deleted by cyr_virusscan(8). 3738# See cyr_virusscan(8) for specification of the format of this file. 3739# If not specified, the builtin default template will be used. 3740#virusscan_notification_template: <none> 3741 3742# Xbackup_enabled 3743# --------------- 3744# Enable support for the XBACKUP command in imapd. If enabled, admin 3745# users can use this command to provoke a replication of specified users 3746# to the named backup channel. 3747#xbackup_enabled: 0 3748 3749# Xlist-flag 3750# ---------- 3751# Set the special-use flag flag on the specified folder when it 3752# is autocreated (see the autocreate_inbox_folders option). For 3753# example, if xlist-junk: Spam is set, and the folder Spam 3754# is autocreated, the special-use flag \Junk will be set on it. 3755# # 3756# (This option is so named for backward compatibility with old config 3757# files.) 3758 3759#xlist-flag: <none> 3760 3761# Lmtp_catchall_mailbox 3762# --------------------- 3763# Mail sent to mailboxes which do not exist, will be delivered to 3764# this user. NOTE: This must be an existing local user name with an 3765# INBOX, NOT an email address! 3766#lmtp_catchall_mailbox: <none> 3767 3768# Zoneinfo_db 3769# ----------- 3770# The cyrusdb backend to use for zoneinfo. This database is used by the 3771# "tzdist" httpmodules, and is managed by ctl_zoneinfo(8). 3772# Allowed values: flat, skiplist, twoskip, zeroskip 3773#zoneinfo_db: twoskip 3774 3775# Zoneinfo_db_path 3776# ---------------- 3777# The absolute path to the zoneinfo db file. If not specified, 3778# will be configdirectory/zoneinfo.db 3779#zoneinfo_db_path: <none> 3780 3781# Zoneinfo_dir 3782# ------------ 3783# The absolute path to the zoneinfo directory, containing timezone 3784# definitions as generated by the vzic tool. If not specified, whatever 3785# definitions libical finds will be used. 3786# # 3787# If you are providing a Time Zone Data Distribution Service (i.e. you have 3788# "tzdist" listed in httpmodules), then this configuration option MUST 3789# be specified. 3790#zoneinfo_dir: <none> 3791 3792# Object_storage_enabled 3793# ---------------------- 3794# Is Object storage enabled for this server. You also need to have 3795# archiving enabled and archivepartition for the mailbox. 3796# Only email files will be stored on object Storage archive partition will be 3797# used to store any other files 3798#object_storage_enabled: 0 3799 3800# Object_storage_dummy_spool 3801# -------------------------- 3802# Dummy object storage spool; this is for test only. 3803# Spool where user directory (container) will be created to store all emails 3804# in a flat structure 3805#object_storage_dummy_spool: <none> 3806 3807# Openio_namespace 3808# ---------------- 3809# The OpenIO namespace used to store archived email messages. A namespace 3810# identifies the physical platform cyrus must contact. This directive is used 3811# by the OpenIO's SDK to locate its platform entry point. 3812#openio_namespace: <none> 3813 3814# Openio_account 3815# -------------- 3816# The OpenIO account used to account for stored emails. Accounts are unique 3817# in their namespace. They provides virtual partitions, with quotas and QoS 3818# features. 3819#openio_account: <none> 3820 3821# Openio_rawx_timeout 3822# ------------------- 3823# The OpenIO timeout to query to the RAWX services (default 30 sec). 3824#openio_rawx_timeout: 30s 3825 3826# Openio_proxy_timeout 3827# -------------------- 3828# The OpenIO timeout to query to the PROXY services (default 5 sec). 3829#openio_proxy_timeout: 5s 3830 3831# Openio_autocreate 3832# ----------------- 3833# Allow the OpenIO SDK to autocreate containers. Mainly destined to be turned 3834# on development environments. In production, the container should have been 3835# provisioned with the mailboxes. 3836#openio_autocreate: 0 3837 3838# Openio_verbosity 3839# ---------------- 3840# Sets the logging verbosity of the OpenIO's internal behavior. Admissible 3841# values are: "warning", "notice", "info", "debug", "trace", "quiet". 3842# The default verbosity is "warning". Set to "notice" for a few lines on a 3843# per-client basis. Set to "info" for a few lines on a per-request basis. Set 3844# to "debug" Set to "trace" to activate the underlying libcurl debug 3845# output. Enabling a verbosity higher to equal than "debug" requires 3846# the cyrus to be set in debug mode. The special "quiet" value disables all 3847# kinds of logging at the GLib level. 3848#openio_verbosity: <none> 3849 3850# Caringo_hostname 3851# ---------------- 3852# The Caringo hostname used to store archived email messages. A hostname 3853# identifies the physical platform cyrus must contact. This directive is used 3854# by the Caringo's SDK (CastorSDK: Caringo Simple Content Storage Protocol (SCSP) 3855# on HTTP 1.1 using a RESTful architecture 3856#caringo_hostname: <none> 3857 3858# Caringo_port 3859# ------------ 3860# The port of the caringo server (caringo_hostname); default is 80. 3861#caringo_port: 80 3862 3863# Fastmailsharing 3864# --------------- 3865# If enabled, use FastMail style sharing (oldschool full server paths) 3866#fastmailsharing: 0 3867 3868 3869# 3870#SEE ALSO 3871#======== 3872 3873## 3874# imapd(8), pop3d(8), nntpd(8), lmtpd(8), 3875# httpd(8), timsieved(8), idled(8), notifyd(8), 3876# deliver(8), master(8), ciphers(1) 3877 3878 3879