1.. auto-generated by config2rst 1.6rst 2 3 4.. cyrusman:: imapd.conf(5) 5 6.. _imap-reference-manpages-configs-imapd.conf: 7 8============== 9**imapd.conf** 10============== 11 12 13 14 15 16 17 18 19 20IMAP configuration file 21 22DESCRIPTION 23=========== 24 25 **/etc/imapd.conf** 26 is the configuration file for the Cyrus IMAP server. It defines 27 local parameters for IMAP. 28 29 Each line of the **/etc/imapd.conf** file has the form 30 *option*: *value* 31 32 where *option* is the name of the configuration option being set 33 and *value* is the value that the configuration option is being 34 set to. 35 36 Although there is no limit to the length of a line, a \`\`\\'' 37 (backslash) character may be used as the last character on a line to 38 force it to continue on the next one. No additional whitespace is 39 inserted before or after the \`\`\\''. Note that a line that is split 40 using \`\`\\'' character(s) is still considered a single line. 41 42 For example 43 *option*:\\ 44 45 *value*\ 1 *value*\ 2 \\ 46 47 *value*\ 3 48 49 is equivalent to 50 *option*: *value*\ 1 *value*\ 2 *value*\ 3 51 52 Blank lines and lines beginning with \`\`#'' are ignored. 53 54 For boolean and enumerated options, the values \`\`yes'', \`\`on'', \`\`t'', 55 \`\`true'' and \`\`\ 1'' turn the option on, the values \`\`no'', \`\`off'', 56 \`\`f'', \`\`false'' and \`\`\ 0'' turn the option off. 57 58 Duration options take the form of a number followed by a unit, for example 59 **\ 32m** (32 minutes). Units are **d** (days), **h** (hours), **m** 60 (minutes) and **s** (seconds). Multiple units can be combined and will 61 be summed together, for example **\ 1h30m** is equivalent to **\ 90m**. If 62 no unit is specified, an option-specific backward-compatible default unit 63 is assumed (documented on an option-by-option basis). These are simple time 64 units: 1d=24h, 1h=60m, 1m=60s (daylight savings, timezones, leap adjustments, 65 etc are not considered). 66 67FIELD DESCRIPTIONS 68================== 69 70 71 The sections below detail options that can be placed in the 72 **/etc/imapd.conf** file, and show each option's default value. 73 Some options have no default value, these are listed with 74 \`\`<no default>''. Some options default to the empty string, these 75 are listed with \`\`<none>''. 76 77 78 .. startblob addressbookprefix 79 80 ``addressbookprefix:`` #addressbooks 81 82 The prefix for the addressbook mailboxes hierarchies. The hierarchy 83 delimiter will be automatically appended. The public addressbook 84 hierarchy will be at the toplevel of the shared namespace. A 85 user's personal addressbook hierarchy will be a child of their Inbox. 86 87 .. endblob addressbookprefix 88 89 .. startblob admins 90 91 ``admins:`` <empty string> 92 93 The list of userids with administrative rights. Separate each userid 94 with a space. Sites using Kerberos authentication may use 95 separate "admin" instances. 96 97 Note that accounts used by users should not be administrators. 98 Administrative accounts should not receive mail. That is, if user 99 "jbRo" is a user reading mail, he should not also be in the admins line. 100 Some problems may occur otherwise, most notably the ability of 101 administrators to create top-level mailboxes visible to users, 102 but not writable by users. 103 104 .. endblob admins 105 106 .. startblob afspts_localrealms 107 108 ``afspts_localrealms:`` <none> 109 110 The list of realms which are to be treated as local, and thus stripped 111 during identifier canonicalization (for the AFSPTS ptloader module). 112 This is different from loginrealms in that it occurs later in the 113 authorization process (as the user id is canonified for PTS lookup) 114 115 .. endblob afspts_localrealms 116 117 .. startblob afspts_mycell 118 119 ``afspts_mycell:`` <none> 120 121 Cell to use for AFS PTS lookups. Defaults to the local cell. 122 123 124 .. endblob afspts_mycell 125 126 .. startblob allowallsubscribe 127 128 ``allowallsubscribe:`` 0 129 130 Allow subscription to nonexistent mailboxes. This option is 131 typically used on backend servers in a Murder so that users can 132 subscribe to mailboxes that don't reside on their "home" server. 133 This option can also be used as a workaround for IMAP clients which 134 don't play well with nonexistent or unselectable mailboxes (e.g., 135 Microsoft Outlook). 136 137 .. endblob allowallsubscribe 138 139 .. startblob allowanonymouslogin 140 141 ``allowanonymouslogin:`` 0 142 143 Permit logins by the user "anonymous" using any password. Also 144 allows use of the SASL ANONYMOUS mechanism. 145 146 .. endblob allowanonymouslogin 147 148 .. startblob allowapop 149 150 ``allowapop:`` 1 151 152 Allow use of the POP3 APOP authentication command. 153 154 Note that this command requires that SASL is compiled with APOP 155 support, that the plaintext passwords are available in a SASL auxprop 156 backend (e.g., sasldb), and that the system can provide enough entropy 157 (e.g., from /dev/urandom) to create a challenge in the banner. 158 159 .. endblob allowapop 160 161 .. startblob allowdeleted 162 163 ``allowdeleted:`` 0 164 165 Allow access to deleted and expunged data via vendor.cmu-\* access 166 167 168 .. endblob allowdeleted 169 170 .. startblob allownewnews 171 172 ``allownewnews:`` 0 173 174 Allow use of the NNTP NEWNEWS command. 175 176 Note that this is a very expensive command and should only be 177 enabled when absolutely necessary. 178 179 .. endblob allownewnews 180 181 .. startblob allowplaintext 182 183 ``allowplaintext:`` 0 184 185 If enabled, allows the use of cleartext passwords on the wire. 186 187 By default, the use of cleartext passwords requires a TLS/SSL 188 encryption layer to be negotiated prior to any cleartext 189 authentication mechanisms being advertised or allowed. To require a 190 TLS/SSL encryption layer to be negotiated prior to ANY 191 authentication, see the *tls_required* option. 192 193 .. endblob allowplaintext 194 195 .. startblob allowsetacl 196 197 ``allowsetacl:`` 1 198 199 Defaults to enabled. If disabled, disallows the use of the SETACL 200 command at all via IMAP. 201 202 .. endblob allowsetacl 203 204 .. startblob allowusermoves 205 206 ``allowusermoves:`` 0 207 208 Allow moving user accounts (with associated meta-data) via RENAME 209 or XFER. 210 211 Note that measures should be taken to make sure that the user being 212 moved is not logged in, and cannot login during the move. Failure 213 to do so may result in the user's meta-data (seen state, 214 subscriptions, etc) being corrupted or out of date. 215 216 .. endblob allowusermoves 217 218 .. startblob altnamespace 219 220 ``altnamespace:`` 1 221 222 Use the alternate IMAP namespace, where personal folders reside at the 223 same level in the hierarchy as INBOX. 224 225 This option ONLY applies where interaction takes place with the 226 client/user. Currently this is limited to the IMAP protocol (imapd) 227 and Sieve scripts (lmtpd). This option does NOT apply to admin tools 228 such as cyradm (admins ONLY), reconstruct, quota, etc., NOR does it 229 affect LMTP delivery of messages directly to mailboxes via 230 plus-addressing. The default changed in 3.0 from off to on. 231 232 .. endblob altnamespace 233 234 .. startblob altprefix 235 236 ``altprefix:`` Alt Folders 237 238 Alternative INBOX spellings that can't be accessed in altnamespace 239 otherwise go under here 240 241 .. endblob altprefix 242 243 .. startblob annotation_db 244 245 ``annotation_db:`` twoskip 246 247 The cyrusdb backend to use for mailbox annotations. 248 249 Allowed values: *skiplist*, *twoskip*, *zeroskip* 250 251 252 .. endblob annotation_db 253 254 .. startblob annotation_db_path 255 256 ``annotation_db_path:`` <none> 257 258 The absolute path to the annotations db file. If not specified, 259 will be configdirectory/annotations.db 260 261 .. endblob annotation_db_path 262 263 .. startblob anyoneuseracl 264 265 ``anyoneuseracl:`` 1 266 267 Should non-admin users be allowed to set ACLs for the 'anyone' 268 user on their mailboxes? In a large organization this can cause 269 support problems, but it's enabled by default. 270 271 .. endblob anyoneuseracl 272 273 .. startblob annotation_allow_undefined 274 275 ``annotation_allow_undefined:`` 0 276 277 Allow clients to store values for entries which are not 278 defined either by Cyrus or in the annotations_definitions 279 file. 280 281 .. endblob annotation_allow_undefined 282 283 .. startblob annotation_definitions 284 285 ``annotation_definitions:`` <none> 286 287 File containing external (third-party) annotation definitions. 288 289 Each line of the file specifies the properties of an annotation and 290 has the following form: 291 292 *name*, *scope*, *attrib-type*, *proxy-type*, 293 *attrib-names*, *acl* 294 295 *name* 296 is the hierarchical name as in :rfc:`5257` or :rfc:`5464` (in the latter case, 297 without the leading **/shared** or **/private**). For example, 298 /vendor/acme/blurdybloop. 299 300 *scope* 301 specifies whether the annotation is for the **server**, a 302 **mailbox**, or a **message**. 303 304 *attrib-type* 305 specifies the attribute data type, which is used only to check the 306 string value passed by clients when setting annotations. The 307 *attrib-type* is one of: 308 309 **string** 310 any value is accepted. 311 312 **content-type** 313 this obsolete data type, which was useful for early drafts of the standard, 314 is accepted but silently translated to **string**. 315 316 **boolean** 317 only the strings "true" or "false" are accepted. Checking is 318 case-insensitive but the value is forced to lowercase. 319 320 **int** 321 integers are accepted. 322 323 **uint** 324 non-negative integers are accepted. 325 326 327 *proxy-type* 328 specifies whether this attribute is for the **backend** or 329 **proxy** servers or both (**proxy_and_backend**) 330 331 *attrib-names* 332 is the space-separated list of available attributes for the 333 annotation. Possible attribute names are **value.shared**, 334 **value.priv**, and **value** (which permits both **value.priv** 335 and **value.shared**). The attribute names **size**, 336 **size.shared**, and **size.priv** are accepted but ignored; these 337 attributes are automatically provided by the server if the corresponding 338 **value** attribute is specified. Some obsolete attributes, which were 339 defined early drafts of the standard, are accepted and ignored with a 340 warning. 341 342 *extra-permissions* 343 is the extra ACL permission bits required for setting this annotation, in 344 standard IMAP ACL permission bit string format. Note that this is 345 in addition to the permission bits specified in :rfc:`5257` and :rfc:`5464`, 346 so leaving this field empty is harmless. Note also that there is no way 347 to specify that an annotation can only be set by an admin user; in 348 particular the **a** permission bit does not achieve this. 349 350 Blank lines and lines beginning with \`\`#'' are ignored. 351 352 353 .. endblob annotation_definitions 354 355 .. startblob annotation_callout 356 357 ``annotation_callout:`` <none> 358 359 The pathname of a callout to be used to automatically add annotations 360 or flags to a message when it is appended to a mailbox. The path can 361 be either an executable (including a script), or a UNIX domain 362 socket. 363 364 .. endblob annotation_callout 365 366 .. startblob annotation_callout_disable_append 367 368 ``annotation_callout_disable_append:`` 0 369 370 Disables annotations on append with xrunannotator 371 372 373 .. endblob annotation_callout_disable_append 374 375 .. startblob annotation_enable_legacy_commands 376 377 ``annotation_enable_legacy_commands:`` 0 378 379 Whether to enable the legacy GETANNOTATION/SETANNOTATION commands. 380 These commands are deprecated and will be removed in the future, 381 but might be useful in the meantime for supporting old clients that 382 do not implement the :rfc:`5464` IMAP METADATA extension. 383 384 .. endblob annotation_enable_legacy_commands 385 386 .. startblob aps_topic 387 388 ``aps_topic:`` <none> 389 390 Topic for Apple Push Service registration. 391 392 393 .. endblob aps_topic 394 395 .. startblob aps_topic_caldav 396 397 ``aps_topic_caldav:`` <none> 398 399 Topic for Apple Push Service registration for CalDAV. 400 401 402 .. endblob aps_topic_caldav 403 404 .. startblob aps_topic_carddav 405 406 ``aps_topic_carddav:`` <none> 407 408 Topic for Apple Push Service registration for CardDAV. 409 410 411 .. endblob aps_topic_carddav 412 413 .. startblob archive_enabled 414 415 ``archive_enabled:`` 0 416 417 Is archiving enabled for this server. You also need to have an 418 archivepartition for the mailbox. Archiving allows older email 419 to be stored on slower, cheaper disks - even within the same 420 mailbox, as distinct from partitions. 421 422 .. endblob archive_enabled 423 424 .. startblob archive_days 425 426 ``archive_days:`` <none> 427 428 Deprecated in favour of *archive_after*. 429 430 431 .. endblob archive_days 432 433 .. startblob archive_after 434 435 ``archive_after:`` 7d 436 437 The duration after which to move messages to the archive partition 438 if archiving is enabled. 439 440 For backward compatibility, if no unit is specified, days is 441 assumed. 442 443 .. endblob archive_after 444 445 .. startblob archive_maxsize 446 447 ``archive_maxsize:`` 1024 448 449 The size in kilobytes of the largest message that won't be archived 450 immediately. Default is 1Mb 451 452 .. endblob archive_maxsize 453 454 .. startblob archive_keepflagged 455 456 ``archive_keepflagged:`` 0 457 458 If set, messages with the \\Flagged system flag won't be archived, 459 provided they are smaller than **archive_maxsize**. 460 461 .. endblob archive_keepflagged 462 463 .. startblob archivepartition-name 464 465 ``archivepartition-name:`` <none> 466 467 The pathname of the archive partition *name*, corresponding to 468 spool partition **partition-name**. For any mailbox residing in 469 a directory on **partition-name**, the archived messages will be 470 stored in a corresponding directory on **archivepartition-name**. 471 Note that not every **partition-name** option is strictly required 472 to have a corresponding **archivepartition-name** option, but that 473 without one there's no benefit to enabling archiving. 474 475 .. endblob archivepartition-name 476 477 .. startblob auditlog 478 479 ``auditlog:`` 0 480 481 Should cyrus output log entries for every action taken on a message 482 file or mailboxes list entry? It's noisy so disabled by default, but 483 can be very useful for tracking down what happened if things look strange 484 485 .. endblob auditlog 486 487 .. startblob auth_mech 488 489 ``auth_mech:`` unix 490 491 The authorization mechanism to use. 492 493 Allowed values: *unix*, *pts*, *krb*, *krb5* 494 495 496 .. endblob auth_mech 497 498 .. startblob autocreateinboxfolders 499 500 ``autocreateinboxfolders:`` <none> 501 502 Deprecated in favor of *autocreate_inbox_folders*. 503 504 505 .. endblob autocreateinboxfolders 506 507 .. startblob autocreatequota 508 509 ``autocreatequota:`` 0 510 511 Deprecated in favor of *autocreate_quota*. 512 513 514 .. endblob autocreatequota 515 516 .. startblob autocreatequotamsg 517 518 ``autocreatequotamsg:`` -1 519 520 Deprecated in favor of *autocreate_quota_messages*. 521 522 523 .. endblob autocreatequotamsg 524 525 .. startblob autosievefolders 526 527 ``autosievefolders:`` <none> 528 529 Deprecated in favor of *autocreate_sieve_folders*. 530 531 532 .. endblob autosievefolders 533 534 .. startblob generate_compiled_sieve_script 535 536 ``generate_compiled_sieve_script:`` 0 537 538 Deprecated in favor of *autocreate_sieve_script_compile*. 539 540 541 .. endblob generate_compiled_sieve_script 542 543 .. startblob autocreate_sieve_compiled_script 544 545 ``autocreate_sieve_compiled_script:`` <none> 546 547 Deprecated in favor of *autocreate_sieve_script_compiled*. 548 549 550 .. endblob autocreate_sieve_compiled_script 551 552 .. startblob autosubscribeinboxfolders 553 554 ``autosubscribeinboxfolders:`` <none> 555 556 Deprecated in favor of *autocreate_subscribe_folders*. 557 558 559 .. endblob autosubscribeinboxfolders 560 561 .. startblob autosubscribesharedfolders 562 563 ``autosubscribesharedfolders:`` <none> 564 565 Deprecated in favor of *autocreate_subscribe_sharedfolders*. 566 567 568 .. endblob autosubscribesharedfolders 569 570 .. startblob autosubscribe_all_sharedfolders 571 572 ``autosubscribe_all_sharedfolders:`` 0 573 574 Deprecated in favor of *autocreate_subscribe_sharedfolders_all*. 575 576 577 .. endblob autosubscribe_all_sharedfolders 578 579 .. startblob autocreate_acl 580 581 ``autocreate_acl:`` <none> 582 583 If folders are to be created by *autocreate_inbox_folders*, this 584 setting can be used to apply additional ACLs to the autocreated 585 folders. The syntax is "autocreate_acl folder identifier rights", 586 where *folder* must match one of the *autocreate_inbox_folders* 587 folders, *identifier* must be a valid cyrus identifier, and 588 *rights* must be a valid cyrus rights string. Multiple 589 identifier|rights pairs can be assigned to a single folder by providing 590 this setting multiple times. 591 592 For example, "autocreate_acl Plus anyone p" would allow lmtp delivery 593 to a folder named "Plus". 594 595 596 .. endblob autocreate_acl 597 598 .. startblob autocreate_inbox_folders 599 600 ``autocreate_inbox_folders:`` <none> 601 602 If a user does not have an INBOX already, and the INBOX is to be 603 created, create the list of folders in this setting as well. 604 *autocreate_inbox_folders* is a list of INBOX's subfolders 605 separated by a "|", that are automatically created by the server 606 under the following two scenarios. Leading and trailing whitespace is 607 stripped, so "Junk | Trash" results in two folders: "Junk" and 608 "Trash". See also the *xlist-flag* option, for setting 609 special-use flags on autocreated folders. 610 611 INBOX folders are created under both the following conditions: 612 613 1. 614 The user logins via the IMAP or the POP3 protocol. 615 *autocreate_quota* option must have a value of zero or greater. 616 617 2. 618 A message arrives for the user through the *lmtpd(8)*. 619 *autocreate_post* option must be enabled. 620 621 622 623 .. endblob autocreate_inbox_folders 624 625 .. startblob autocreate_post 626 627 ``autocreate_post:`` 0 628 629 If enabled, when *lmtpd(8)* receives an incoming mail for an 630 INBOX that does not exist, then the INBOX is automatically created 631 by *lmtpd(8)* and delivery of the message continues. 632 633 .. endblob autocreate_post 634 635 .. startblob autocreate_quota 636 637 ``autocreate_quota:`` -1 638 639 If set to a value of zero or higher, users have their INBOX folders 640 created upon a successful login event or upon *lmtpd(8)* 641 message delivery if *autocreate_post* is enabled, provided their 642 INBOX did not yet already exist. 643 644 The user's quota is set to the value if it is greater than zero, 645 otherwise the user has unlimited quota. 646 647 Note that quota is specified in kilobytes. 648 649 .. endblob autocreate_quota 650 651 .. startblob autocreate_quota_messages 652 653 ``autocreate_quota_messages:`` -1 654 655 If set to a value of zero or higher, users who have their INBOX 656 folders created upon a successful login event (see 657 *autocreate_quota*), or upon *lmtpd(8)* message delivery if 658 *autocreate_post* is enabled, receive the message quota 659 configured in this option. 660 661 The default of -1 disables assigning message quota. 662 663 For consistency with *autocreate_quota*, a value of zero is treated 664 as unlimited message quota, rather than a message quota of zero. 665 666 .. endblob autocreate_quota_messages 667 668 .. startblob autocreate_sieve_folders 669 670 ``autocreate_sieve_folders:`` <none> 671 672 A "|" separated list of subfolders of INBOX that will be 673 automatically created, if requested by a sieve filter, through the 674 "fileinto" action. The default is to create no folders 675 automatically. 676 677 Leading and trailing whitespace is stripped from each folder, so a 678 setting of "Junk | Trash" will create two folders: "Junk" and 679 "Trash". 680 681 .. endblob autocreate_sieve_folders 682 683 .. startblob autocreate_sieve_script 684 685 ``autocreate_sieve_script:`` <none> 686 687 The full path of a file that contains a sieve script. This script 688 automatically becomes a user's initial default sieve filter script. 689 690 When this option is not defined, no default sieve filter is created. 691 The file must be readable by the Cyrus daemon. 692 693 .. endblob autocreate_sieve_script 694 695 .. startblob autocreate_sieve_script_compile 696 697 ``autocreate_sieve_script_compile:`` 0 698 699 If set to yes and no compiled sieve script file exists, the sieve script which is 700 compiled on the fly will be saved in the file name that autocreate_sieve_compiledscript 701 option points to. In order a compiled script to be generated, autocreate_sieve_script and 702 autocreate_sieve_compiledscript must have valid values 703 704 .. endblob autocreate_sieve_script_compile 705 706 .. startblob autocreate_sieve_script_compiled 707 708 ``autocreate_sieve_script_compiled:`` <none> 709 710 The full path of a file that contains a compiled in bytecode sieve script. This script 711 automatically becomes a user's initial default sieve filter script. If this option is 712 not specified, or the filename doesn't exist then the script defined by 713 autocreate_sieve_script is compiled on the fly and installed as the user's default 714 sieve script 715 716 .. endblob autocreate_sieve_script_compiled 717 718 .. startblob autocreate_subscribe_folders 719 720 ``autocreate_subscribe_folders:`` <none> 721 722 A list of folder names, separated by "|", that the users get automatically subscribed to, 723 when their INBOX is created. These folder names must have been included in the 724 autocreateinboxfolders option of the imapd.conf. 725 726 .. endblob autocreate_subscribe_folders 727 728 .. startblob autocreate_subscribe_sharedfolders 729 730 ``autocreate_subscribe_sharedfolders:`` <none> 731 732 A list of shared folders (bulletin boards), separated by "|", that the users get 733 automatically subscribed to, after their INBOX is created. The shared folder must 734 have been created and the user must have the required permissions to get subscribed 735 to it. Otherwise, subscribing to the shared folder fails. 736 737 .. endblob autocreate_subscribe_sharedfolders 738 739 .. startblob autocreate_subscribe_sharedfolders_all 740 741 ``autocreate_subscribe_sharedfolders_all:`` 0 742 743 If set to yes, the user is automatically subscribed to all shared folders, one has permission 744 to subscribe to. 745 746 .. endblob autocreate_subscribe_sharedfolders_all 747 748 .. startblob autocreate_users 749 750 ``autocreate_users:`` anyone 751 752 A space separated list of users and/or groups that are allowed their INBOX to be 753 automatically created. 754 755 .. endblob autocreate_users 756 757 .. startblob autoexpunge 758 759 ``autoexpunge:`` 0 760 761 If set to yes, then all \Deleted messages will be automatically expunged whenever 762 an index is closed, whether CLOSE, UNSELECT, SELECT or on disconnect 763 764 .. endblob autoexpunge 765 766 .. startblob backuppartition-name 767 768 ``backuppartition-name:`` <none> 769 770 The pathname of the backup partition *name*. At least one backup 771 partition pathname MUST be specified if backups are in use. Note that 772 there is no relationship between spool partitions and backup partitions. 773 774 .. endblob backuppartition-name 775 776 .. startblob backup_compact_minsize 777 778 ``backup_compact_minsize:`` 0 779 780 The minimum size in kilobytes of chunks in each backup. The compact tool 781 will try to combine adjacent chunks that are smaller than this. 782 783 Setting this value to zero or negative disables combining of chunks. 784 785 .. endblob backup_compact_minsize 786 787 .. startblob backup_compact_maxsize 788 789 ``backup_compact_maxsize:`` 0 790 791 The maximum size in kilobytes of chunks in each backup. The compact tool 792 will try to split chunks larger than this into smaller chunks. 793 794 Setting this value to zero or negative disables splitting of chunks. 795 796 .. endblob backup_compact_maxsize 797 798 .. startblob backup_compact_work_threshold 799 800 ``backup_compact_work_threshold:`` 1 801 802 The number of chunks that must obviously need compaction before the compact 803 tool will go ahead with the compaction. If set to less than one, the value 804 is treated as being one. 805 806 .. endblob backup_compact_work_threshold 807 808 .. startblob backup_staging_path 809 810 ``backup_staging_path:`` <none> 811 812 The absolute path of the backup staging area. If not specified, 813 will be temp_path/backup 814 815 .. endblob backup_staging_path 816 817 .. startblob backup_retention_days 818 819 ``backup_retention_days:`` <none> 820 821 Deprecated in favor of *backup_retention*. 822 823 824 .. endblob backup_retention_days 825 826 .. startblob backup_retention 827 828 ``backup_retention:`` 7d 829 830 How long to keep content in backup after it has been deleted 831 from the source. If set to a negative value or zero, deleted content 832 will be kept indefinitely. 833 834 For backward compatibility, if no unit is specified, days is 835 assumed. 836 837 .. endblob backup_retention 838 839 .. startblob backup_db 840 841 ``backup_db:`` twoskip 842 843 The cyrusdb backend to use for the backup locations database. 844 845 Allowed values: *skiplist*, *sql*, *twoskip*, *zeroskip* 846 847 848 .. endblob backup_db 849 850 .. startblob backup_db_path 851 852 ``backup_db_path:`` <none> 853 854 The absolute path to the backup db file. If not specified, 855 will be configdirectory/backups.db 856 857 .. endblob backup_db_path 858 859 .. startblob backup_keep_previous 860 861 ``backup_keep_previous:`` 0 862 863 Whether the **ctl_backups compact** and **ctl_backups reindex** 864 commands should preserve the original file. The original file will 865 be named with a timestamped suffix. This is mostly useful for 866 debugging. 867 868 Note that with this enabled, compacting a backup will actually 869 increase the disk used by it (because there will now be an extra 870 copy: the original version, and the compacted version). 871 872 .. endblob backup_keep_previous 873 874 .. startblob boundary_limit 875 876 ``boundary_limit:`` 1000 877 878 messages are parsed recursively and a deep enough MIME structure 879 can cause a stack overflow. Do not parse deeper than this many 880 layers of MIME structure. The default of 1000 is much higher 881 than any sane message should have. 882 883 .. endblob boundary_limit 884 885 .. startblob caldav_allowattach 886 887 ``caldav_allowattach:`` 1 888 889 Enable managed attachments support on the CalDAV server. 890 891 892 .. endblob caldav_allowattach 893 894 .. startblob caldav_allowcalendaradmin 895 896 ``caldav_allowcalendaradmin:`` 0 897 898 Enable per-user calendar administration web UI on the CalDAV server. 899 900 901 .. endblob caldav_allowcalendaradmin 902 903 .. startblob caldav_allowscheduling 904 905 ``caldav_allowscheduling:`` on 906 907 Enable calendar scheduling operations. If set to "apple", the 908 server will emulate Apple CalendarServer behavior as closely as 909 possible. 910 Allowed values: *off*, *on*, *apple* 911 912 913 .. endblob caldav_allowscheduling 914 915 .. startblob caldav_create_attach 916 917 ``caldav_create_attach:`` 1 918 919 Create the 'Attachments' collection if it doesn't already exist 920 921 922 .. endblob caldav_create_attach 923 924 .. startblob caldav_create_default 925 926 ``caldav_create_default:`` 1 927 928 Create the 'Default' calendar if it doesn't already exist 929 930 931 .. endblob caldav_create_default 932 933 .. startblob caldav_create_sched 934 935 ``caldav_create_sched:`` 1 936 937 Create the 'Inbox' and 'Outbox' calendars if they don't already exist 938 939 940 .. endblob caldav_create_sched 941 942 .. startblob caldav_historical_age 943 944 ``caldav_historical_age:`` 7d 945 946 How long after an occurrence of event or task has concluded 947 that it is considered 'historical'. Changes to historical 948 occurrences of events or tasks WILL NOT have invite or reply 949 messages sent for them. A negative value means that events 950 and tasks are NEVER considered historical. 951 952 For backward compatibility, if no unit is specified, days is 953 assumed. 954 955 .. endblob caldav_historical_age 956 957 .. startblob caldav_maxdatetime 958 959 ``caldav_maxdatetime:`` 20380119T031407Z 960 961 The latest date and time accepted by the server (ISO format). This 962 value is also used for expanding non-terminating recurrence rules. 963 964 Note that increasing this value will require the DAV databases for 965 calendars to be reconstructed with the **dav_reconstruct** 966 utility in order to see its effect on serer-side time-based 967 queries. 968 969 .. endblob caldav_maxdatetime 970 971 .. startblob caldav_mindatetime 972 973 ``caldav_mindatetime:`` 19011213T204552Z 974 975 The earliest date and time accepted by the server (ISO format). 976 977 978 .. endblob caldav_mindatetime 979 980 .. startblob caldav_realm 981 982 ``caldav_realm:`` <none> 983 984 The realm to present for HTTP authentication of CalDAV resources. 985 If not set (the default), the value of the "servername" option will 986 be used. 987 988 .. endblob caldav_realm 989 990 .. startblob calendarprefix 991 992 ``calendarprefix:`` #calendars 993 994 The prefix for the calendar mailboxes hierarchies. The hierarchy 995 delimiter will be automatically appended. The public calendar 996 hierarchy will be at the toplevel of the shared namespace. A 997 user's personal calendar hierarchy will be a child of their Inbox. 998 999 .. endblob calendarprefix 1000 1001 .. startblob calendar_user_address_set 1002 1003 ``calendar_user_address_set:`` <none> 1004 1005 Space-separated list of domains corresponding to calendar user 1006 addresses for which the server is responsible. If not set (the 1007 default), the value of the "servername" option will be used. 1008 1009 .. endblob calendar_user_address_set 1010 1011 .. startblob calendar_component_set 1012 1013 ``calendar_component_set:`` VEVENT VTODO VJOURNAL VFREEBUSY VAVAILABILITY VPOLL 1014 1015 Space-separated list of iCalendar component types that calendar 1016 object resources may contain in a calendar collection. 1017 This restriction is only set at calendar creation time and only 1018 if the CalDAV client hasn't specified a restriction in the creation 1019 request. 1020 Allowed values: *VEVENT*, *VTODO*, *VJOURNAL*, *VFREEBUSY*, *VAVAILABILITY*, *VPOLL* 1021 1022 1023 .. endblob calendar_component_set 1024 1025 .. startblob carddav_allowaddmember 1026 1027 ``carddav_allowaddmember:`` 0 1028 1029 Enable support for POST add-member on the CardDAV server. 1030 1031 1032 .. endblob carddav_allowaddmember 1033 1034 .. startblob carddav_allowaddressbookadmin 1035 1036 ``carddav_allowaddressbookadmin:`` 0 1037 1038 Enable per-user addressbook administration web UI on the CardDAV server. 1039 1040 1041 .. endblob carddav_allowaddressbookadmin 1042 1043 .. startblob carddav_realm 1044 1045 ``carddav_realm:`` <none> 1046 1047 The realm to present for HTTP authentication of CardDAV resources. 1048 If not set (the default), the value of the "servername" option will 1049 be used. 1050 1051 .. endblob carddav_realm 1052 1053 .. startblob carddav_repair_vcard 1054 1055 ``carddav_repair_vcard:`` 0 1056 1057 If enabled, VCARDs with invalid content are attempted to be repaired 1058 during creation. 1059 1060 .. endblob carddav_repair_vcard 1061 1062 .. startblob chatty 1063 1064 ``chatty:`` 0 1065 1066 If yes, syslog tags and commands for every IMAP command, mailboxes 1067 for every lmtp connection, every POP3 command, etc 1068 1069 .. endblob chatty 1070 1071 .. startblob client_bind 1072 1073 ``client_bind:`` 0 1074 1075 If enabled, a specific IP will be bound when performing a client 1076 connection. **client_bind_name** is used if it is set, otherwise 1077 **servername** is used. This is useful on multi-homed servers where 1078 Cyrus should not use other services' interfaces. 1079 1080 If not enabled (the default), no bind will be performed. Client 1081 connections will use an IP chosen by the operating system. 1082 1083 .. endblob client_bind 1084 1085 .. startblob client_bind_name 1086 1087 ``client_bind_name:`` <none> 1088 1089 IPv4, IPv6 address or hostname to bind for client connections when 1090 **client_bind** is enabled. If not set (the default), 1091 servername will be used. 1092 1093 .. endblob client_bind_name 1094 1095 .. startblob client_timeout 1096 1097 ``client_timeout:`` 10s 1098 1099 Time to wait before returning a timeout failure when performing a 1100 client connection (e.g. in a murder environment). 1101 1102 For backward compatibility, if no unit is specified, seconds is 1103 assumed. 1104 1105 .. endblob client_timeout 1106 1107 .. startblob commandmintimer 1108 1109 ``commandmintimer:`` <none> 1110 1111 Time in seconds. Any imap command that takes longer than this 1112 time is logged. 1113 1114 .. endblob commandmintimer 1115 1116 .. startblob configdirectory 1117 1118 ``configdirectory:`` <none> 1119 1120 The pathname of the IMAP configuration directory. This field is 1121 required. 1122 1123 .. endblob configdirectory 1124 1125 .. startblob createonpost 1126 1127 ``createonpost:`` 0 1128 1129 Deprecated in favor of *autocreate_post*. 1130 1131 1132 .. endblob createonpost 1133 1134 .. startblob conversations 1135 1136 ``conversations:`` 0 1137 1138 Enable the XCONVERSATIONS extensions. Extract conversation 1139 tracking information from incoming messages and track them 1140 in per-user databases. 1141 1142 .. endblob conversations 1143 1144 .. startblob conversations_counted_flags 1145 1146 ``conversations_counted_flags:`` <none> 1147 1148 space-separated list of flags for which per-conversation counts 1149 will be kept. Note that you need to reconstruct the conversations 1150 database with ctl_conversationsdb if you change this option on a 1151 running server, or the counts will be wrong. 1152 1153 .. endblob conversations_counted_flags 1154 1155 .. startblob conversations_db 1156 1157 ``conversations_db:`` skiplist 1158 1159 The cyrusdb backend to use for the per-user conversations database. 1160 1161 Allowed values: *skiplist*, *sql*, *twoskip*, *zeroskip* 1162 1163 1164 .. endblob conversations_db 1165 1166 .. startblob conversations_expire_days 1167 1168 ``conversations_expire_days:`` <none> 1169 1170 Deprecated in favor of *conversations_expire_after*. 1171 1172 1173 .. endblob conversations_expire_days 1174 1175 .. startblob conversations_expire_after 1176 1177 ``conversations_expire_after:`` 90d 1178 1179 How long the conversations database keeps the message tracking 1180 information needed for receiving new messages in existing 1181 conversations. 1182 1183 For backward compatibility, if no unit is specified, days is 1184 assumed. 1185 1186 .. endblob conversations_expire_after 1187 1188 .. startblob conversations_max_thread 1189 1190 ``conversations_max_thread:`` 100 1191 1192 maximum size for a single thread. Threads will split if they have this many 1193 \* messages in them and another message arrives 1194 1195 .. endblob conversations_max_thread 1196 1197 .. startblob crossdomains 1198 1199 ``crossdomains:`` 0 1200 1201 Enable cross domain sharing. This works best with alt namespace and 1202 unix hierarchy separators on, so you get Other Users/foo@example.com/... 1203 1204 .. endblob crossdomains 1205 1206 .. startblob crossdomains_onlyother 1207 1208 ``crossdomains_onlyother:`` 0 1209 1210 only show the domain for users in other domains than your own (for 1211 backwards compatibility if you're already sharing 1212 1213 .. endblob crossdomains_onlyother 1214 1215 .. startblob cyrus_group 1216 1217 ``cyrus_group:`` <none> 1218 1219 The name of the group Cyrus services will run as. If not configured, the 1220 primary group of cyrus_user will be used. Can be further overridden by 1221 setting the $CYRUS_GROUP environment variable. 1222 1223 .. endblob cyrus_group 1224 1225 .. startblob cyrus_user 1226 1227 ``cyrus_user:`` <none> 1228 1229 The username to use as the 'cyrus' user. If not configured, the compile 1230 time default will be used. Can be further overridden by setting the 1231 $CYRUS_USER environment variable. 1232 1233 .. endblob cyrus_user 1234 1235 .. startblob davdriveprefix 1236 1237 ``davdriveprefix:`` #drive 1238 1239 The prefix for the DAV storage mailboxes hierarchies. The hierarchy 1240 delimiter will be automatically appended. The public storage 1241 hierarchy will be at the toplevel of the shared namespace. A 1242 user's personal storage hierarchy will be a child of their Inbox. 1243 1244 .. endblob davdriveprefix 1245 1246 .. startblob davnotificationsprefix 1247 1248 ``davnotificationsprefix:`` #notifications 1249 1250 The prefix for the DAV notifications hierarchy. The hierarchy 1251 delimiter will be automatically appended. The public notifications 1252 hierarchy will be at the toplevel of the shared namespace. A 1253 user's personal notifications hierarchy will be a child of their Inbox. 1254 1255 .. endblob davnotificationsprefix 1256 1257 .. startblob dav_realm 1258 1259 ``dav_realm:`` <none> 1260 1261 The realm to present for HTTP authentication of generic DAV 1262 resources (principals). If not set (the default), the value of the 1263 "servername" option will be used. 1264 1265 .. endblob dav_realm 1266 1267 .. startblob dav_lock_timeout 1268 1269 ``dav_lock_timeout:`` 20s 1270 1271 The maximum time to wait for a write lock on the per-user DAV database 1272 before timeout. For HTTP requests, the HTTP status code 503 is returned 1273 if the lock can not be obtained within this time. 1274 1275 For backward compatibility, if no unit is specified, seconds is 1276 assumed. 1277 1278 .. endblob dav_lock_timeout 1279 1280 .. startblob debug_command 1281 1282 ``debug_command:`` <none> 1283 1284 Debug command to be used by processes started with -D option. The string 1285 is a C format string that gets 3 options: the first is the name of the 1286 executable (as specified in the cmd parameter in cyrus.conf). The second 1287 is the pid (integer) and the third is the service ID. 1288 Example: /usr/local/bin/gdb /usr/cyrus/bin/%s %d 1289 1290 .. endblob debug_command 1291 1292 .. startblob defaultacl 1293 1294 ``defaultacl:`` anyone lrs 1295 1296 The Access Control List (ACL) placed on a newly-created (non-user) 1297 mailbox that does not have a parent mailbox. 1298 1299 .. endblob defaultacl 1300 1301 .. startblob defaultdomain 1302 1303 ``defaultdomain:`` internal 1304 1305 The default domain for virtual domain support 1306 1307 1308 .. endblob defaultdomain 1309 1310 .. startblob defaultpartition 1311 1312 ``defaultpartition:`` <none> 1313 1314 The partition name used by default for new mailboxes. If not 1315 specified, the partition with the most free space will be used for 1316 new mailboxes. 1317 1318 Note that the partition specified by this option must also be 1319 specified as *partition-name*, where you substitute 'name' 1320 for the alphanumeric string you set *defaultpartition* to. 1321 1322 .. endblob defaultpartition 1323 1324 .. startblob defaultsearchtier 1325 1326 ``defaultsearchtier:`` <empty string> 1327 1328 Name of the default tier that messages will be indexed to. Search 1329 indexes can be organized in tiers to allow index storage in different 1330 directories and physical media. See the man page of squatter for 1331 details. The default search tier also requires the definition 1332 of an according *searchtierpartition-name* entry. 1333 1334 This option MUST be specified for xapian search. 1335 1336 .. endblob defaultsearchtier 1337 1338 .. startblob defaultserver 1339 1340 ``defaultserver:`` <none> 1341 1342 The backend server name used by default for new mailboxes. If not 1343 specified, the server with the most free space will be used for new 1344 mailboxes. 1345 1346 .. endblob defaultserver 1347 1348 .. startblob deletedprefix 1349 1350 ``deletedprefix:`` DELETED 1351 1352 With **delete_mode** set to *delayed*, the 1353 **deletedprefix** setting defines the prefix for the hierarchy of 1354 deleted mailboxes. 1355 1356 The hierarchy delimiter will be automatically appended. 1357 1358 1359 .. endblob deletedprefix 1360 1361 .. startblob delete_mode 1362 1363 ``delete_mode:`` delayed 1364 1365 The manner in which mailboxes are deleted. In the default 1366 *delayed* mode, mailboxes that are being deleted are renamed to 1367 a special mailbox hierarchy under the **deletedprefix**, to be 1368 removed later by **cyr_expire(8)**. 1369 1370 In *immediate* mode, the mailbox is removed from the filesystem 1371 immediately. 1372 1373 Allowed values: *immediate*, *delayed* 1374 1375 1376 .. endblob delete_mode 1377 1378 .. startblob delete_unsubscribe 1379 1380 ``delete_unsubscribe:`` 0 1381 1382 Whether to also unsubscribe from mailboxes when they are deleted. 1383 Note that this behaviour contravenes :rfc:`3501` section 6.3.9, but 1384 may be useful for avoiding user/client software confusion. 1385 The default is 'no'. 1386 1387 .. endblob delete_unsubscribe 1388 1389 .. startblob deleteright 1390 1391 ``deleteright:`` c 1392 1393 Deprecated - only used for backwards compatibility with existing 1394 installations. Lists the old :rfc:`2086` right which was used to 1395 grant the user the ability to delete a mailbox. If a user has this 1396 right, they will automatically be given the new 'x' right. 1397 1398 .. endblob deleteright 1399 1400 .. startblob disable_user_namespace 1401 1402 ``disable_user_namespace:`` 0 1403 1404 Preclude list command on user namespace. If set to 'yes', the 1405 LIST response will never include any other user's mailbox. Admin 1406 users will always see all mailboxes. The default is 'no' 1407 1408 .. endblob disable_user_namespace 1409 1410 .. startblob disable_shared_namespace 1411 1412 ``disable_shared_namespace:`` 0 1413 1414 Preclude list command on shared namespace. If set to 'yes', the 1415 LIST response will never include any non-user mailboxes. Admin 1416 users will always see all mailboxes. The default is 'no' 1417 1418 .. endblob disable_shared_namespace 1419 1420 .. startblob disconnect_on_vanished_mailbox 1421 1422 ``disconnect_on_vanished_mailbox:`` 0 1423 1424 If enabled, IMAP/POP3/NNTP clients will be disconnected by the 1425 server if the currently selected mailbox is (re)moved by another 1426 session. Otherwise, the missing mailbox is treated as empty while 1427 in use by the client. 1428 1429 .. endblob disconnect_on_vanished_mailbox 1430 1431 .. startblob ischedule_dkim_domain 1432 1433 ``ischedule_dkim_domain:`` <none> 1434 1435 The domain to be reported as doing iSchedule DKIM signing. 1436 1437 1438 .. endblob ischedule_dkim_domain 1439 1440 .. startblob ischedule_dkim_key_file 1441 1442 ``ischedule_dkim_key_file:`` <none> 1443 1444 File containing the private key for iSchedule DKIM signing. 1445 1446 1447 .. endblob ischedule_dkim_key_file 1448 1449 .. startblob ischedule_dkim_required 1450 1451 ``ischedule_dkim_required:`` 1 1452 1453 A DKIM signature is required on received iSchedule requests. 1454 1455 1456 .. endblob ischedule_dkim_required 1457 1458 .. startblob ischedule_dkim_selector 1459 1460 ``ischedule_dkim_selector:`` <none> 1461 1462 Name of the selector subdividing the domain namespace. This 1463 specifies the actual key used for iSchedule DKIM signing within the 1464 domain. 1465 1466 .. endblob ischedule_dkim_selector 1467 1468 .. startblob duplicate_db 1469 1470 ``duplicate_db:`` twoskip 1471 1472 The cyrusdb backend to use for the duplicate delivery suppression 1473 and sieve. 1474 Allowed values: *skiplist*, *sql*, *twoskip*, *zeroskip* 1475 1476 1477 .. endblob duplicate_db 1478 1479 .. startblob duplicate_db_path 1480 1481 ``duplicate_db_path:`` <none> 1482 1483 The absolute path to the duplicate db file. If not specified, 1484 will be configdirectory/deliver.db 1485 1486 .. endblob duplicate_db_path 1487 1488 .. startblob duplicatesuppression 1489 1490 ``duplicatesuppression:`` 1 1491 1492 If enabled, lmtpd will suppress delivery of a message to a mailbox if 1493 a message with the same message-id (or resent-message-id) is recorded 1494 as having already been delivered to the mailbox. Records the mailbox 1495 and message-id/resent-message-id of all successful deliveries. 1496 1497 .. endblob duplicatesuppression 1498 1499 .. startblob event_content_inclusion_mode 1500 1501 ``event_content_inclusion_mode:`` standard 1502 1503 The mode in which message content may be included with MessageAppend and 1504 MessageNew. "standard" mode is the default behavior in which message is 1505 included up to a size with the notification. In "message" mode, the message 1506 is included and may be truncated to a size. In "header" mode, it includes 1507 headers truncated to a size. In "body" mode, it includes body truncated 1508 to a size. In "headerbody" mode, it includes full headers and body truncated 1509 to a size 1510 Allowed values: *standard*, *message*, *header*, *body*, *headerbody* 1511 1512 1513 .. endblob event_content_inclusion_mode 1514 1515 .. startblob event_content_size 1516 1517 ``event_content_size:`` 0 1518 1519 Truncate the message content that may be included with MessageAppend and 1520 MessageNew. Set 0 to include the entire message itself 1521 1522 .. endblob event_content_size 1523 1524 .. startblob event_exclude_flags 1525 1526 ``event_exclude_flags:`` <none> 1527 1528 Don't send event notification for given IMAP flag(s) 1529 1530 1531 .. endblob event_exclude_flags 1532 1533 .. startblob event_exclude_specialuse 1534 1535 ``event_exclude_specialuse:`` \\Junk 1536 1537 Don't send event notification for folder with given special-use attributes. 1538 Set ALL for any folder 1539 1540 .. endblob event_exclude_specialuse 1541 1542 .. startblob event_extra_params 1543 1544 ``event_extra_params:`` timestamp 1545 1546 Space-separated list of extra parameters to add to any appropriated event. 1547 1548 Allowed values: *bodyStructure*, *clientAddress*, *diskUsed*, *flagNames*, *messageContent*, *messageSize*, *messages*, *modseq*, *service*, *timestamp*, *uidnext*, *vnd.cmu.midset*, *vnd.cmu.unseenMessages*, *vnd.cmu.envelope*, *vnd.cmu.sessionId*, *vnd.cmu.mailboxACL*, *vnd.cmu.mbtype*, *vnd.cmu.davFilename*, *vnd.cmu.davUid*, *vnd.fastmail.clientId*, *vnd.fastmail.sessionId*, *vnd.fastmail.convExists*, *vnd.fastmail.convUnseen*, *vnd.fastmail.cid*, *vnd.fastmail.counters*, *vnd.cmu.emailid*, *vnd.cmu.threadid* 1549 1550 1551 .. endblob event_extra_params 1552 1553 .. startblob event_groups 1554 1555 ``event_groups:`` message mailbox 1556 1557 Space-separated list of groups of related events to turn on notification 1558 1559 Allowed values: *message*, *quota*, *flags*, *access*, *mailbox*, *subscription*, *calendar*, *applepushservice* 1560 1561 1562 .. endblob event_groups 1563 1564 .. startblob event_notifier 1565 1566 ``event_notifier:`` <none> 1567 1568 Notifyd(8) method to use for "EVENT" notifications which are based on 1569 the :rfc:`5423`. If not set, "EVENT" notifications are disabled. 1570 1571 .. endblob event_notifier 1572 1573 .. startblob expunge_mode 1574 1575 ``expunge_mode:`` delayed 1576 1577 The mode in which messages (and their corresponding cache entries) 1578 are expunged. "semidelayed" mode is the old behavior in which the 1579 message files are purged at the time of the EXPUNGE, but index 1580 and cache records are retained to facilitate QRESYNC. 1581 In "delayed" mode, which is the default since Cyrus 2.5.0, 1582 the message files are also retained, allowing unexpunge to 1583 rescue them. In "immediate" mode, both the message files and the 1584 index records are removed as soon as possible. In all cases, 1585 nothing will be finally purged until all other processes have 1586 closed the mailbox to ensure they never see data disappear under 1587 them. In "semidelayed" or "delayed" mode, a later run of "cyr_expire" 1588 will clean out the retained records (and possibly message files). 1589 This reduces the amount of I/O that takes place at the time of 1590 EXPUNGE and should result in greater responsiveness for the client, 1591 especially when expunging a large number of messages. 1592 Allowed values: *immediate*, *semidelayed*, *delayed* 1593 1594 1595 .. endblob expunge_mode 1596 1597 .. startblob failedloginpause 1598 1599 ``failedloginpause:`` 3s 1600 1601 Time to pause after a failed login. 1602 1603 For backward compatibility, if no unit is specified, seconds is 1604 assumed. 1605 1606 .. endblob failedloginpause 1607 1608 .. startblob flushseenstate 1609 1610 ``flushseenstate:`` 1 1611 1612 Deprecated. No longer used 1613 1614 1615 .. endblob flushseenstate 1616 1617 .. startblob foolstupidclients 1618 1619 ``foolstupidclients:`` 0 1620 1621 If enabled, only list the personal namespace when a LIST "\*" is performed 1622 (it changes the request to a LIST "INBOX\*"). 1623 1624 .. endblob foolstupidclients 1625 1626 .. startblob force_sasl_client_mech 1627 1628 ``force_sasl_client_mech:`` <none> 1629 1630 Force preference of a given SASL mechanism for client side operations 1631 (e.g., murder environments). This is separate from (and overridden by) 1632 the ability to use the <host shortname>_mechs option to set preferred 1633 mechanisms for a specific host 1634 1635 .. endblob force_sasl_client_mech 1636 1637 .. startblob fulldirhash 1638 1639 ``fulldirhash:`` 0 1640 1641 If enabled, uses an improved directory hashing scheme which hashes 1642 on the entire username instead of using just the first letter as 1643 the hash. This changes hash algorithm used for quota and user 1644 directories and if *hashimapspool* is enabled, the entire mail 1645 spool. 1646 1647 Note that this option CANNOT be changed on a live system. The 1648 server must be quiesced and then the directories moved with the 1649 **rehash** utility. 1650 1651 .. endblob fulldirhash 1652 1653 .. startblob hashimapspool 1654 1655 ``hashimapspool:`` 0 1656 1657 If enabled, the partitions will also be hashed, in addition to the 1658 hashing done on configuration directories. This is recommended if 1659 one partition has a very bushy mailbox tree. 1660 1661 .. endblob hashimapspool 1662 1663 .. startblob debug 1664 1665 ``debug:`` 0 1666 1667 If enabled, allow syslog() to pass LOG_DEBUG messages. 1668 1669 1670 .. endblob debug 1671 1672 .. startblob hostname_mechs 1673 1674 ``hostname_mechs:`` <none> 1675 1676 Force a particular list of SASL mechanisms to be used when authenticating 1677 to the backend server hostname (where hostname is the short hostname of 1678 the server in question). If it is not specified it will query the server 1679 for available mechanisms and pick one to use. - Cyrus Murder 1680 1681 .. endblob hostname_mechs 1682 1683 .. startblob hostname_password 1684 1685 ``hostname_password:`` <none> 1686 1687 The password to use for authentication to the backend server hostname 1688 (where hostname is the short hostname of the server) - Cyrus Murder 1689 1690 .. endblob hostname_password 1691 1692 .. startblob httpallowcompress 1693 1694 ``httpallowcompress:`` 1 1695 1696 If enabled, the server will compress response payloads if the client 1697 indicates that it can accept them. Note that the compressed data 1698 will appear in telemetry logs, leaving only the response headers as 1699 human-readable. 1700 1701 .. endblob httpallowcompress 1702 1703 .. startblob httpallowcors 1704 1705 ``httpallowcors:`` <none> 1706 1707 A wildmat pattern specifying a list of origin URIs ( scheme "://" 1708 host [ ":" port ] ) that are allowed to make Cross-Origin Resource 1709 Sharing (CORS) requests on the server. By default, CORS requests 1710 are disabled. 1711 1712 Note that the scheme and host should both be lowercase, the port 1713 should be omitted if using the default for the scheme (80 for http, 1714 443 for https), and there should be no trailing '/' (e.g.: 1715 "http://www.example.com:8080", "https://example.org"). 1716 1717 .. endblob httpallowcors 1718 1719 .. startblob httpallowtrace 1720 1721 ``httpallowtrace:`` 0 1722 1723 Allow use of the TRACE method. 1724 1725 Note that sensitive data might be disclosed by the response. 1726 1727 .. endblob httpallowtrace 1728 1729 .. startblob httpallowedurls 1730 1731 ``httpallowedurls:`` <none> 1732 1733 Space-separated list of relative URLs (paths) rooted at 1734 "httpdocroot" (see below) to be served by httpd. If set, this 1735 option will limit served static content to only those paths specified 1736 (returning "404 Not Found" to any other client requested URLs). 1737 Otherwise, httpd will serve any content found in "httpdocroot". 1738 1739 Note that any path specified by "rss_feedlist_template" is an 1740 exception to this rule. 1741 1742 .. endblob httpallowedurls 1743 1744 .. startblob httpcontentmd5 1745 1746 ``httpcontentmd5:`` 0 1747 1748 If enabled, HTTP responses will include a Content-MD5 header for 1749 the purpose of providing an end-to-end message integrity check 1750 (MIC) of the payload body. Note that enabling this option will 1751 use additional CPU to generate the MD5 digest, which may be ignored 1752 by clients anyways. 1753 1754 .. endblob httpcontentmd5 1755 1756 .. startblob httpdocroot 1757 1758 ``httpdocroot:`` <none> 1759 1760 If set, http will serve the static content (html/text/jpeg/gif 1761 files, etc) rooted at this directory. Otherwise, httpd will not 1762 serve any static content. 1763 1764 .. endblob httpdocroot 1765 1766 .. startblob httpkeepalive 1767 1768 ``httpkeepalive:`` 20s 1769 1770 Set the length of the HTTP server's keepalive heartbeat. The 1771 default is 20 seconds. The minimum value is 0, which will disable 1772 the keepalive heartbeat. When enabled, if a request takes longer 1773 than *httpkeepalive* to process, the server will send the client 1774 provisional responses every *httpkeepalive* until the final 1775 response can be sent. 1776 1777 For backward compatibility, if no unit is specified, seconds is 1778 assumed. 1779 1780 .. endblob httpkeepalive 1781 1782 .. startblob httpmodules 1783 1784 ``httpmodules:`` <empty string> 1785 1786 Space-separated list of HTTP modules that will be enabled in 1787 httpd(8). This option has no effect on modules that are disabled 1788 at compile time due to missing dependencies (e.g. libical). 1789 1790 Note that "domainkey" depends on "ischedule" being enabled, and 1791 that both "freebusy" and "ischedule" depend on "caldav" being 1792 enabled. 1793 Allowed values: *admin*, *caldav*, *carddav*, *cgi*, *domainkey*, *freebusy*, *ischedule*, *jmap*, *prometheus*, *rss*, *tzdist*, *webdav* 1794 1795 1796 .. endblob httpmodules 1797 1798 .. startblob httpprettytelemetry 1799 1800 ``httpprettytelemetry:`` 0 1801 1802 If enabled, HTTP response payloads including server-generated 1803 markup languages (HTML, XML) will utilize line breaks and 1804 indentation to promote better human-readability in telemetry logs. 1805 Note that enabling this option will increase the amount of data 1806 sent across the wire. 1807 1808 .. endblob httpprettytelemetry 1809 1810 .. startblob httptimeout 1811 1812 ``httptimeout:`` 5m 1813 1814 Set the length of the HTTP server's inactivity autologout timer. 1815 The default is 5 minutes. The minimum value is 0, which will 1816 disable persistent connections. 1817 1818 For backwards compatibility, if no unit is specified, minutes 1819 is assumed. 1820 1821 .. endblob httptimeout 1822 1823 .. startblob idlesocket 1824 1825 ``idlesocket:`` {configdirectory}/socket/idle 1826 1827 Unix domain socket that idled listens on. 1828 1829 1830 .. endblob idlesocket 1831 1832 .. startblob ignorereference 1833 1834 ``ignorereference:`` 0 1835 1836 For backwards compatibility with Cyrus 1.5.10 and earlier -- ignore 1837 the reference argument in LIST or LSUB commands. 1838 1839 .. endblob ignorereference 1840 1841 .. startblob imapidlepoll 1842 1843 ``imapidlepoll:`` 60s 1844 1845 The interval for polling for mailbox changes and ALERTs while running 1846 the IDLE command. This option is used when idled is not enabled or 1847 cannot be contacted. The minimum value is 1 second. A value of 0 1848 will disable IDLE. 1849 1850 For backward compatibility, if no unit is specified, seconds is 1851 assumed. 1852 1853 .. endblob imapidlepoll 1854 1855 .. startblob imapidresponse 1856 1857 ``imapidresponse:`` 1 1858 1859 If enabled, the server responds to an ID command with a parameter 1860 list containing: version, vendor, support-url, os, os-version, 1861 command, arguments, environment. Otherwise the server returns NIL. 1862 1863 .. endblob imapidresponse 1864 1865 .. startblob imapmagicplus 1866 1867 ``imapmagicplus:`` 0 1868 1869 Only list a restricted set of mailboxes via IMAP by using 1870 userid+namespace syntax as the authentication/authorization id. 1871 Using userid+ (with an empty namespace) will list only subscribed 1872 mailboxes. 1873 1874 .. endblob imapmagicplus 1875 1876 .. startblob imipnotifier 1877 1878 ``imipnotifier:`` <none> 1879 1880 Notifyd(8) method to use for "IMIP" notifications which are based on 1881 the :rfc:`6047`. If not set, "IMIP" notifications are disabled. 1882 1883 .. endblob imipnotifier 1884 1885 .. startblob implicit_owner_rights 1886 1887 ``implicit_owner_rights:`` lkxan 1888 1889 The implicit Access Control List (ACL) for the owner of a mailbox. 1890 1891 1892 .. endblob implicit_owner_rights 1893 1894 .. startblob @include 1895 1896 ``@include:`` <none> 1897 1898 Directive which includes the specified file as part of the 1899 configuration. If the path to the file is not absolute, CYRUS_PATH 1900 is prepended. 1901 1902 .. endblob @include 1903 1904 .. startblob improved_mboxlist_sort 1905 1906 ``improved_mboxlist_sort:`` 0 1907 1908 If enabled, a special comparator will be used which will correctly 1909 sort mailbox names that contain characters such as ' ' and '-'. 1910 1911 Note that this option SHOULD NOT be changed on a live system. The 1912 mailboxes database should be dumped (ctl_mboxlist) before the 1913 option is changed, removed, and then undumped after changing the 1914 option. When not using flat files for the subscriptions databases 1915 the same has to be done (cyr_dbtool) for each subscription database 1916 See improved_mboxlist_sort.html. 1917 1918 .. endblob improved_mboxlist_sort 1919 1920 .. startblob jmap_emailsearch_db_path 1921 1922 ``jmap_emailsearch_db_path:`` <none> 1923 1924 The absolute path to the JMAP email search cache file. If not 1925 specified, JMAP Email/query and Email/queryChanges will not 1926 cache email search results. 1927 1928 .. endblob jmap_emailsearch_db_path 1929 1930 .. startblob jmap_preview_annot 1931 1932 ``jmap_preview_annot:`` <none> 1933 1934 The name of the per-message annotation, if any, to store message 1935 previews. 1936 1937 .. endblob jmap_preview_annot 1938 1939 .. startblob jmap_imagesize_annot 1940 1941 ``jmap_imagesize_annot:`` <none> 1942 1943 The name of the per-message annotation, if any, that stores a 1944 JSON object, mapping message part numbers of MIME image types 1945 to an array of their image dimensions. The array must have at 1946 least two entries, where the first entry denotes the width 1947 and the second entry the height of the image. Any additional 1948 values are ignored. 1949 1950 For example, if message part 1.2 contains an image of width 300 1951 and height 200, then the value of this annotation would be: 1952 1953 { "1.2" : [ 300, 200 ] } 1954 1955 1956 .. endblob jmap_imagesize_annot 1957 1958 .. startblob jmap_inlinedcids_annot 1959 1960 ``jmap_inlinedcids_annot:`` <none> 1961 1962 The name of the per-message annotation, if any, that stores a 1963 JSON object, mapping :rfc:`2392` Content-IDs referenced in HTML bodies 1964 to the respective HTML body part number. 1965 1966 For example, if message part 1.2 contains HTML and references an 1967 inlined image at "cid:foo", then the value of this annotation 1968 would be: 1969 1970 { "<foo>" : "1.2" } 1971 1972 Note that the Content-ID key must be URL-unescaped and enclosed in 1973 angular brackets, as defined in :rfc:`2392`. 1974 1975 .. endblob jmap_inlinedcids_annot 1976 1977 .. startblob jmap_preview_length 1978 1979 ``jmap_preview_length:`` 64 1980 1981 The maximum byte length of dynamically generated message previews. Previews 1982 stored in jmap_preview_annot take precedence. 1983 1984 .. endblob jmap_preview_length 1985 1986 .. startblob jmap_max_size_upload 1987 1988 ``jmap_max_size_upload:`` 1048576 1989 1990 The maximum size (in kilobytes) that the JMAP API accepts 1991 for blob uploads. Returned as the maxSizeUpload property 1992 value of the JMAP \"urn:ietf:params:jmap:core\" capabilities object. 1993 Default is 1Gb. 1994 1995 .. endblob jmap_max_size_upload 1996 1997 .. startblob jmap_max_concurrent_upload 1998 1999 ``jmap_max_concurrent_upload:`` 5 2000 2001 The value to return for the maxConcurrentUpload property of 2002 the JMAP \"urn:ietf:params:jmap:core\" capabilities object. The Cyrus JMAP 2003 implementation does not enforce this rate-limit. 2004 2005 .. endblob jmap_max_concurrent_upload 2006 2007 .. startblob jmap_max_size_request 2008 2009 ``jmap_max_size_request:`` 10240 2010 2011 The maximum size (in kilobytes) that the JMAP API accepts 2012 for requests at the API endpoint. Returned as the 2013 maxSizeRequest property value of the JMAP \"urn:ietf:params:jmap:core\" 2014 capabilities object. Default is 10Mb. 2015 2016 .. endblob jmap_max_size_request 2017 2018 .. startblob jmap_max_concurrent_requests 2019 2020 ``jmap_max_concurrent_requests:`` 5 2021 2022 The value to return for the maxConcurrentRequests property of 2023 the JMAP \"urn:ietf:params:jmap:core\" capabilities object. The Cyrus JMAP 2024 implementation does not enforce this rate-limit. 2025 2026 .. endblob jmap_max_concurrent_requests 2027 2028 .. startblob jmap_max_calls_in_request 2029 2030 ``jmap_max_calls_in_request:`` 50 2031 2032 The maximum number of calls per JMAP request object. 2033 Returned as the maxCallsInRequest property value of the 2034 JMAP \"urn:ietf:params:jmap:core\" capabilities object. 2035 2036 .. endblob jmap_max_calls_in_request 2037 2038 .. startblob jmap_max_delayed_send 2039 2040 ``jmap_max_delayed_send:`` 512d 2041 2042 The value to return for the maxDelayedSend property of 2043 the JMAP \"urn:ietf:params:jmap:emailsubmission\" capabilities object. 2044 The Cyrus JMAP implementation does not enforce this limit. 2045 2046 For backward compatibility, if no unit is specified, seconds is 2047 assumed. 2048 2049 .. endblob jmap_max_delayed_send 2050 2051 .. startblob jmap_max_objects_in_get 2052 2053 ``jmap_max_objects_in_get:`` 4096 2054 2055 The maximum number of ids that a JMAP client may request in 2056 a single \"/get\" type method call. The actual number 2057 of returned objects in the response may exceed this number 2058 if the JMAP object type supports unbounded \"/get\" calls. 2059 Returned as the maxObjectsInGet property value of the 2060 JMAP \"urn:ietf:params:jmap:core\" capabilities object. 2061 2062 .. endblob jmap_max_objects_in_get 2063 2064 .. startblob jmap_max_objects_in_set 2065 2066 ``jmap_max_objects_in_set:`` 4096 2067 2068 The maximum number of objects a JMAP client may send to create, 2069 update or destroy in a single /set type method call. 2070 Returned as the maxObjectsInSet property value of the 2071 JMAP \"urn:ietf:params:jmap:core\" capabilities object. 2072 2073 .. endblob jmap_max_objects_in_set 2074 2075 .. startblob jmap_mail_max_size_attachments_per_email 2076 2077 ``jmap_mail_max_size_attachments_per_email:`` 10240 2078 2079 The value (in kilobytes) to return for the maxSizeAttachmentsPerEmail 2080 property of the JMAP \"urn:ietf:params:jmap:mail\" capabilities object. The Cyrus 2081 JMAP implementation does not enforce this size limit. Default is 10 Mb. 2082 2083 .. endblob jmap_mail_max_size_attachments_per_email 2084 2085 .. startblob jmap_nonstandard_extensions 2086 2087 ``jmap_nonstandard_extensions:`` 0 2088 2089 If enabled, support non-standard JMAP extensions. If not enabled, 2090 only IETF standard JMAP functionality is supported. 2091 2092 .. endblob jmap_nonstandard_extensions 2093 2094 .. startblob jmap_set_has_attachment 2095 2096 ``jmap_set_has_attachment:`` 1 2097 2098 If enabled, the $hasAttachment flag is determined and set for new messages 2099 created with the JMAP Email/set or Email/import methods. This option should 2100 typically be enabled, but installations using Cyrus-external message 2101 annatotors to determine the $hasAttachment flag might want to disable it. 2102 2103 .. endblob jmap_set_has_attachment 2104 2105 .. startblob jmap_vacation 2106 2107 ``jmap_vacation:`` 1 2108 2109 If enabled, support the JMAP vacation extension 2110 2111 2112 .. endblob jmap_vacation 2113 2114 .. startblob jmapuploadfolder 2115 2116 ``jmapuploadfolder:`` #jmap 2117 2118 the name of the folder for JMAP uploads (#jmap) 2119 2120 2121 .. endblob jmapuploadfolder 2122 2123 .. startblob jmapsubmission_deleteonsend 2124 2125 ``jmapsubmission_deleteonsend:`` 1 2126 2127 If enabled (the default) then delete the EmailSubmission as soon as the email 2128 \* has been sent 2129 2130 .. endblob jmapsubmission_deleteonsend 2131 2132 .. startblob jmapsubmissionfolder 2133 2134 ``jmapsubmissionfolder:`` #jmapsubmission 2135 2136 the name of the folder for JMAP Submissions (#jmapsubmission) 2137 2138 2139 .. endblob jmapsubmissionfolder 2140 2141 .. startblob jmappushsubscriptionfolder 2142 2143 ``jmappushsubscriptionfolder:`` #jmappushsubscription 2144 2145 the name of the folder for JMAP Push Subscriptions (#jmappushsubscription) 2146 2147 2148 .. endblob jmappushsubscriptionfolder 2149 2150 .. startblob iolog 2151 2152 ``iolog:`` 0 2153 2154 Should cyrus output I/O log entries 2155 2156 2157 .. endblob iolog 2158 2159 .. startblob ldap_authz 2160 2161 ``ldap_authz:`` <none> 2162 2163 SASL authorization ID for the LDAP server 2164 2165 2166 .. endblob ldap_authz 2167 2168 .. startblob ldap_base 2169 2170 ``ldap_base:`` <empty string> 2171 2172 Contains the LDAP base dn for the LDAP ptloader module 2173 2174 2175 .. endblob ldap_base 2176 2177 .. startblob ldap_bind_dn 2178 2179 ``ldap_bind_dn:`` <none> 2180 2181 Bind DN for the connection to the LDAP server (simple bind). 2182 Do not use for anonymous simple binds 2183 2184 .. endblob ldap_bind_dn 2185 2186 .. startblob ldap_deref 2187 2188 ``ldap_deref:`` never 2189 2190 Specify how aliases dereferencing is handled during search. 2191 2192 Allowed values: *search*, *find*, *always*, *never* 2193 2194 2195 .. endblob ldap_deref 2196 2197 .. startblob ldap_domain_base_dn 2198 2199 ``ldap_domain_base_dn:`` <empty string> 2200 2201 Base DN to search for domain name spaces. 2202 2203 2204 .. endblob ldap_domain_base_dn 2205 2206 .. startblob ldap_domain_filter 2207 2208 ``ldap_domain_filter:`` (&(objectclass=domainrelatedobject)(associateddomain=%s)) 2209 2210 Filter to use searching for domains 2211 2212 2213 .. endblob ldap_domain_filter 2214 2215 .. startblob ldap_domain_name_attribute 2216 2217 ``ldap_domain_name_attribute:`` associateddomain 2218 2219 The attribute name for domains. 2220 2221 2222 .. endblob ldap_domain_name_attribute 2223 2224 .. startblob ldap_domain_scope 2225 2226 ``ldap_domain_scope:`` sub 2227 2228 Search scope 2229 2230 Allowed values: *sub*, *one*, *base* 2231 2232 2233 .. endblob ldap_domain_scope 2234 2235 .. startblob ldap_domain_result_attribute 2236 2237 ``ldap_domain_result_attribute:`` inetdomainbasedn 2238 2239 Result attribute 2240 2241 2242 .. endblob ldap_domain_result_attribute 2243 2244 .. startblob ldap_filter 2245 2246 ``ldap_filter:`` (uid=%u) 2247 2248 Specify a filter that searches user identifiers. The following tokens can be 2249 used in the filter string: 2250 2251 %% = % 2252 %u = user 2253 %U = user portion of %u (%U = test when %u = test@domain.tld) 2254 %d = domain portion of %u if available (%d = domain.tld when %u = 2255 test@domain.tld), otherwise same as %R 2256 %R = domain portion of %u starting with @ (%R = @domain.tld 2257 when %u = test@domain.tld) 2258 %D = user dn. (use when ldap_member_method: filter) 2259 %1-9 = domain tokens (%1 = tld, %2 = domain when %d = domain.tld) 2260 2261 ldap_filter is not used when ldap_sasl is enabled. 2262 2263 .. endblob ldap_filter 2264 2265 .. startblob ldap_group_base 2266 2267 ``ldap_group_base:`` <empty string> 2268 2269 LDAP base dn for ldap_group_filter. 2270 2271 2272 .. endblob ldap_group_base 2273 2274 .. startblob ldap_group_filter 2275 2276 ``ldap_group_filter:`` (cn=%u) 2277 2278 Specify a filter that searches for group identifiers. 2279 See ldap_filter for more options. 2280 2281 .. endblob ldap_group_filter 2282 2283 .. startblob ldap_group_scope 2284 2285 ``ldap_group_scope:`` sub 2286 2287 Specify search scope for ldap_group_filter. 2288 2289 Allowed values: *sub*, *one*, *base* 2290 2291 2292 .. endblob ldap_group_scope 2293 2294 .. startblob ldap_id 2295 2296 ``ldap_id:`` <none> 2297 2298 SASL authentication ID for the LDAP server 2299 2300 2301 .. endblob ldap_id 2302 2303 .. startblob ldap_mech 2304 2305 ``ldap_mech:`` <none> 2306 2307 SASL mechanism for LDAP authentication 2308 2309 2310 .. endblob ldap_mech 2311 2312 .. startblob ldap_user_attribute 2313 2314 ``ldap_user_attribute:`` <none> 2315 2316 Specify LDAP attribute to use as canonical user id 2317 2318 2319 .. endblob ldap_user_attribute 2320 2321 .. startblob ldap_member_attribute 2322 2323 ``ldap_member_attribute:`` <none> 2324 2325 See ldap_member_method. 2326 2327 2328 .. endblob ldap_member_attribute 2329 2330 .. startblob ldap_member_base 2331 2332 ``ldap_member_base:`` <empty string> 2333 2334 LDAP base dn for ldap_member_filter. 2335 2336 2337 .. endblob ldap_member_base 2338 2339 .. startblob ldap_member_filter 2340 2341 ``ldap_member_filter:`` (member=%D) 2342 2343 Specify a filter for "ldap_member_method: filter". 2344 See ldap_filter for more options. 2345 2346 .. endblob ldap_member_filter 2347 2348 .. startblob ldap_member_method 2349 2350 ``ldap_member_method:`` attribute 2351 2352 Specify a group method. The "attribute" method retrieves groups from 2353 a multi-valued attribute specified in ldap_member_attribute. 2354 2355 The "filter" method uses a filter, specified by ldap_member_filter, to find 2356 groups; ldap_member_attribute is a single-value attribute group name. 2357 Allowed values: *attribute*, *filter* 2358 2359 2360 .. endblob ldap_member_method 2361 2362 .. startblob ldap_member_scope 2363 2364 ``ldap_member_scope:`` sub 2365 2366 Specify search scope for ldap_member_filter. 2367 2368 Allowed values: *sub*, *one*, *base* 2369 2370 2371 .. endblob ldap_member_scope 2372 2373 .. startblob ldap_password 2374 2375 ``ldap_password:`` <none> 2376 2377 Password for the connection to the LDAP server (SASL and simple bind). 2378 Do not use for anonymous simple binds 2379 2380 .. endblob ldap_password 2381 2382 .. startblob ldap_realm 2383 2384 ``ldap_realm:`` <none> 2385 2386 SASL realm for LDAP authentication 2387 2388 2389 .. endblob ldap_realm 2390 2391 .. startblob ldap_referrals 2392 2393 ``ldap_referrals:`` 0 2394 2395 Specify whether or not the client should follow referrals. 2396 2397 2398 .. endblob ldap_referrals 2399 2400 .. startblob ldap_restart 2401 2402 ``ldap_restart:`` 1 2403 2404 Specify whether or not LDAP I/O operations are automatically restarted 2405 if they abort prematurely. 2406 2407 .. endblob ldap_restart 2408 2409 .. startblob ldap_sasl 2410 2411 ``ldap_sasl:`` 1 2412 2413 Use SASL for LDAP binds in the LDAP PTS module. 2414 2415 2416 .. endblob ldap_sasl 2417 2418 .. startblob ldap_sasl_authc 2419 2420 ``ldap_sasl_authc:`` <none> 2421 2422 Deprecated. Use ldap_id 2423 2424 2425 .. endblob ldap_sasl_authc 2426 2427 .. startblob ldap_sasl_authz 2428 2429 ``ldap_sasl_authz:`` <none> 2430 2431 Deprecated. Use ldap_authz 2432 2433 2434 .. endblob ldap_sasl_authz 2435 2436 .. startblob ldap_sasl_mech 2437 2438 ``ldap_sasl_mech:`` <none> 2439 2440 Deprecated. Use ldap_mech 2441 2442 2443 .. endblob ldap_sasl_mech 2444 2445 .. startblob ldap_sasl_password 2446 2447 ``ldap_sasl_password:`` <none> 2448 2449 Deprecated. User ldap_password 2450 2451 2452 .. endblob ldap_sasl_password 2453 2454 .. startblob ldap_sasl_realm 2455 2456 ``ldap_sasl_realm:`` <none> 2457 2458 Deprecated. Use ldap_realm 2459 2460 2461 .. endblob ldap_sasl_realm 2462 2463 .. startblob ldap_scope 2464 2465 ``ldap_scope:`` sub 2466 2467 Specify search scope. 2468 2469 Allowed values: *sub*, *one*, *base* 2470 2471 2472 .. endblob ldap_scope 2473 2474 .. startblob ldap_servers 2475 2476 ``ldap_servers:`` ldap://localhost/ 2477 2478 Deprecated. Use ldap_uri 2479 2480 2481 .. endblob ldap_servers 2482 2483 .. startblob ldap_size_limit 2484 2485 ``ldap_size_limit:`` 1 2486 2487 Specify a number of entries for a search request to return. 2488 2489 2490 .. endblob ldap_size_limit 2491 2492 .. startblob ldap_start_tls 2493 2494 ``ldap_start_tls:`` 0 2495 2496 Use transport layer security for ldap:// using STARTTLS. Do not use 2497 ldaps:// in 'ldap_uri' with this option enabled. 2498 2499 .. endblob ldap_start_tls 2500 2501 .. startblob ldap_time_limit 2502 2503 ``ldap_time_limit:`` 5s 2504 2505 How long to wait for a search request to complete. 2506 2507 For backward compatibility, if no unit is specified, seconds is 2508 assumed. 2509 2510 .. endblob ldap_time_limit 2511 2512 .. startblob ldap_timeout 2513 2514 ``ldap_timeout:`` 5s 2515 2516 How long a search can take before timing out. 2517 2518 For backward compatibility, if no unit is specified, seconds is 2519 assumed. 2520 2521 .. endblob ldap_timeout 2522 2523 .. startblob ldap_ca_dir 2524 2525 ``ldap_ca_dir:`` <none> 2526 2527 Path to a directory with CA (Certificate Authority) certificates. 2528 2529 2530 .. endblob ldap_ca_dir 2531 2532 .. startblob ldap_ca_file 2533 2534 ``ldap_ca_file:`` <none> 2535 2536 Path to a file containing CA (Certificate Authority) certificate(s). 2537 2538 2539 .. endblob ldap_ca_file 2540 2541 .. startblob ldap_ciphers 2542 2543 ``ldap_ciphers:`` <none> 2544 2545 List of SSL/TLS ciphers to allow. The format of the string is 2546 described in ciphers(1). 2547 2548 .. endblob ldap_ciphers 2549 2550 .. startblob ldap_client_cert 2551 2552 ``ldap_client_cert:`` <none> 2553 2554 File containing the client certificate. 2555 2556 2557 .. endblob ldap_client_cert 2558 2559 .. startblob ldap_client_key 2560 2561 ``ldap_client_key:`` <none> 2562 2563 File containing the private client key. 2564 2565 2566 .. endblob ldap_client_key 2567 2568 .. startblob ldap_verify_peer 2569 2570 ``ldap_verify_peer:`` 0 2571 2572 Require and verify server certificate. If this option is yes, 2573 you must specify ldap_ca_file or ldap_ca_dir. 2574 2575 .. endblob ldap_verify_peer 2576 2577 .. startblob ldap_tls_cacert_dir 2578 2579 ``ldap_tls_cacert_dir:`` <none> 2580 2581 Deprecated in favor of *ldap_ca_dir*. 2582 2583 2584 .. endblob ldap_tls_cacert_dir 2585 2586 .. startblob ldap_tls_cacert_file 2587 2588 ``ldap_tls_cacert_file:`` <none> 2589 2590 Deprecated in favor of *ldap_ca_file*. 2591 2592 2593 .. endblob ldap_tls_cacert_file 2594 2595 .. startblob ldap_tls_cert 2596 2597 ``ldap_tls_cert:`` <none> 2598 2599 Deprecated in favor of *ldap_client_cert*. 2600 2601 2602 .. endblob ldap_tls_cert 2603 2604 .. startblob ldap_tls_key 2605 2606 ``ldap_tls_key:`` <none> 2607 2608 Deprecated in favor of *ldap_client_key*. 2609 2610 2611 .. endblob ldap_tls_key 2612 2613 .. startblob ldap_tls_check_peer 2614 2615 ``ldap_tls_check_peer:`` 0 2616 2617 Deprecated in favor of *ldap_verify_peer*. 2618 2619 2620 .. endblob ldap_tls_check_peer 2621 2622 .. startblob ldap_tls_ciphers 2623 2624 ``ldap_tls_ciphers:`` <none> 2625 2626 Deprecated in favor of *ldap_ciphers*. 2627 2628 2629 .. endblob ldap_tls_ciphers 2630 2631 .. startblob ldap_uri 2632 2633 ``ldap_uri:`` <none> 2634 2635 Contains a list of the URLs of all the LDAP servers when using the 2636 LDAP PTS module. 2637 2638 .. endblob ldap_uri 2639 2640 .. startblob ldap_version 2641 2642 ``ldap_version:`` 3 2643 2644 Specify the LDAP protocol version. If ldap_start_tls and/or 2645 ldap_use_sasl are enabled, ldap_version will be automatically 2646 set to 3. 2647 2648 .. endblob ldap_version 2649 2650 .. startblob literalminus 2651 2652 ``literalminus:`` 0 2653 2654 if enabled, CAPABILITIES will reply with LITERAL- rather than 2655 LITERAL+ (:rfc:`7888`). Doesn't actually size-restrict uploads though 2656 2657 .. endblob literalminus 2658 2659 .. startblob lmtp_downcase_rcpt 2660 2661 ``lmtp_downcase_rcpt:`` 1 2662 2663 If enabled, lmtpd will convert the recipient addresses to lowercase 2664 (up to a '+' character, if present). 2665 2666 .. endblob lmtp_downcase_rcpt 2667 2668 .. startblob lmtp_exclude_specialuse 2669 2670 ``lmtp_exclude_specialuse:`` \\Snoozed 2671 2672 Don't allow delivery to folders with given special-use attributes. 2673 2674 Note that "snoozing" of emails can currently only be done via the 2675 JMAP protocol, so delivery directly to the \Snoozed mailbox is 2676 prohibited by default as it will not be moved back into INBOX 2677 automatically. 2678 2679 .. endblob lmtp_exclude_specialuse 2680 2681 .. startblob lmtp_fuzzy_mailbox_match 2682 2683 ``lmtp_fuzzy_mailbox_match:`` 0 2684 2685 If enabled, and the mailbox specified in the detail part of the 2686 recipient (everything after the '+') does not exist, lmtpd will try 2687 to find the closest match (ignoring case, ignoring whitespace, 2688 falling back to parent) to the specified mailbox name. 2689 2690 .. endblob lmtp_fuzzy_mailbox_match 2691 2692 .. startblob lmtp_over_quota_perm_failure 2693 2694 ``lmtp_over_quota_perm_failure:`` 0 2695 2696 If enabled, lmtpd returns a permanent failure code when a user's 2697 mailbox is over quota. By default, the failure is temporary, 2698 causing the MTA to queue the message and retry later. 2699 2700 .. endblob lmtp_over_quota_perm_failure 2701 2702 .. startblob lmtp_strict_quota 2703 2704 ``lmtp_strict_quota:`` 0 2705 2706 If enabled, lmtpd returns a failure code when the incoming message 2707 will cause the user's mailbox to exceed its quota. By default, the 2708 failure won't occur until the mailbox is already over quota. 2709 2710 .. endblob lmtp_strict_quota 2711 2712 .. startblob lmtp_strict_rfc2821 2713 2714 ``lmtp_strict_rfc2821:`` 1 2715 2716 By default, lmtpd will be strict (per :rfc:`2821`) with regards to which 2717 envelope addresses are allowed. If this option is set to false, 8bit 2718 characters in the local-part of envelope addresses are changed to 'X' 2719 instead. This is useful to avoid generating backscatter with 2720 certain MTAs like Postfix or Exim which accept such messages. 2721 2722 .. endblob lmtp_strict_rfc2821 2723 2724 .. startblob lmtpsocket 2725 2726 ``lmtpsocket:`` {configdirectory}/socket/lmtp 2727 2728 Unix domain socket that lmtpd listens on, used by deliver(8). This should 2729 match the path specified in cyrus.conf(5). 2730 2731 .. endblob lmtpsocket 2732 2733 .. startblob lmtptxn_timeout 2734 2735 ``lmtptxn_timeout:`` 5m 2736 2737 Timeout used during a lmtp transaction to a remote backend (e.g. in a 2738 murder environment). Can be used to prevent hung lmtpds on proxy hosts 2739 when a backend server becomes unresponsive during a lmtp transaction. 2740 The default is 5 minutes - change to zero for infinite. 2741 2742 For backward compatibility, if no unit is specified, seconds is 2743 assumed. 2744 2745 .. endblob lmtptxn_timeout 2746 2747 .. startblob lock_debugtime 2748 2749 ``lock_debugtime:`` <none> 2750 2751 A floating point number of seconds. If set, time how long we wait for 2752 any lock, and syslog the filename and time if it's longer than this 2753 value. The default of NULL means not to time locks. 2754 2755 .. endblob lock_debugtime 2756 2757 .. startblob loginrealms 2758 2759 ``loginrealms:`` <empty string> 2760 2761 The list of remote realms whose users may authenticate using cross-realm 2762 authentication identifiers. Separate each realm name by a space. (A 2763 cross-realm identity is considered any identity returned by SASL 2764 with an "@" in it.). 2765 2766 .. endblob loginrealms 2767 2768 .. startblob loginuseacl 2769 2770 ``loginuseacl:`` 0 2771 2772 If enabled, any authentication identity which has **a** rights on a 2773 user's INBOX may log in as that user. 2774 2775 .. endblob loginuseacl 2776 2777 .. startblob logtimestamps 2778 2779 ``logtimestamps:`` 0 2780 2781 Include notations in the protocol telemetry logs indicating the number of 2782 seconds since the last command or response. 2783 2784 .. endblob logtimestamps 2785 2786 .. startblob mailbox_default_options 2787 2788 ``mailbox_default_options:`` 0 2789 2790 Default "options" field for the mailbox on create. You'll want to know 2791 what you're doing before setting this, but it can apply some default 2792 annotations like duplicate suppression 2793 2794 .. endblob mailbox_default_options 2795 2796 .. startblob mailbox_initial_flags 2797 2798 ``mailbox_initial_flags:`` <none> 2799 2800 space-separated list of permanent flags which will be pre-set in every 2801 newly created mailbox. If you know you will require particular 2802 flag names then this avoids a possible race condition against a client 2803 that fills the entire 128 available slots. Default is NULL, which is 2804 no flags. Example: $Label1 $Label2 $Label3 NotSpam Spam 2805 2806 .. endblob mailbox_initial_flags 2807 2808 .. startblob mailnotifier 2809 2810 ``mailnotifier:`` <none> 2811 2812 Notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL" 2813 notifications are disabled. 2814 2815 .. endblob mailnotifier 2816 2817 .. startblob master_bind_errors_fatal 2818 2819 ``master_bind_errors_fatal:`` 0 2820 2821 If enabled, failure to bind a port during startup is treated as a fatal 2822 error, causing master to shut down immediately. The default is to keep 2823 running, with the affected service disabled until the next SIGHUP causes 2824 it to retry. 2825 2826 Note that this only applies during startup. New services that fail to 2827 come up in response to a reconfig+SIGHUP will just be logged and disabled 2828 like the default behaviour, without causing master to exit. 2829 2830 .. endblob master_bind_errors_fatal 2831 2832 .. startblob maxheaderlines 2833 2834 ``maxheaderlines:`` 1000 2835 2836 Maximum number of lines of header that will be processed into cache 2837 records. Default 1000. If set to zero, it is unlimited. 2838 If a message hits the limit, an error will be logged and the rest of 2839 the lines in the header will be skipped. This is to avoid malformed 2840 messages causing giant cache records 2841 2842 .. endblob maxheaderlines 2843 2844 .. startblob maxlogins_per_host 2845 2846 ``maxlogins_per_host:`` 0 2847 2848 Maximum number of logged in sessions allowed per host, 2849 zero means no limit 2850 2851 .. endblob maxlogins_per_host 2852 2853 .. startblob maxlogins_per_user 2854 2855 ``maxlogins_per_user:`` 0 2856 2857 Maximum number of logged in sessions allowed per user, 2858 zero means no limit 2859 2860 .. endblob maxlogins_per_user 2861 2862 .. startblob maxmessagesize 2863 2864 ``maxmessagesize:`` 0 2865 2866 Maximum incoming LMTP message size. If non-zero, lmtpd will reject 2867 messages larger than *maxmessagesize* bytes. If set to 0, this 2868 will allow messages of any size (the default). 2869 2870 .. endblob maxmessagesize 2871 2872 .. startblob maxquoted 2873 2874 ``maxquoted:`` 131072 2875 2876 Maximum size of a single quoted string for the parser. Default 128k 2877 2878 2879 .. endblob maxquoted 2880 2881 .. startblob maxword 2882 2883 ``maxword:`` 131072 2884 2885 Maximum size of a single word for the parser. Default 128k 2886 2887 2888 .. endblob maxword 2889 2890 .. startblob mboxkey_db 2891 2892 ``mboxkey_db:`` twoskip 2893 2894 The cyrusdb backend to use for mailbox keys. 2895 2896 Allowed values: *skiplist*, *twoskip*, *zeroskip* 2897 2898 2899 .. endblob mboxkey_db 2900 2901 .. startblob mboxlist_db 2902 2903 ``mboxlist_db:`` twoskip 2904 2905 The cyrusdb backend to use for the mailbox list. 2906 2907 Allowed values: *flat*, *skiplist*, *sql*, *twoskip*, *zeroskip* 2908 2909 2910 .. endblob mboxlist_db 2911 2912 .. startblob mboxlist_db_path 2913 2914 ``mboxlist_db_path:`` <none> 2915 2916 The absolute path to the mailboxes db file. If not specified 2917 will be configdirectory/mailboxes.db 2918 2919 .. endblob mboxlist_db_path 2920 2921 .. startblob mboxname_lockpath 2922 2923 ``mboxname_lockpath:`` <none> 2924 2925 Path to mailbox name lock files (default $conf/lock) 2926 2927 2928 .. endblob mboxname_lockpath 2929 2930 .. startblob metapartition_files 2931 2932 ``metapartition_files:`` <empty string> 2933 2934 Space-separated list of metadata files to be stored on a 2935 *metapartition* rather than in the mailbox directory on a spool 2936 partition. 2937 Allowed values: *header*, *index*, *cache*, *expunge*, *squat*, *annotations*, *lock*, *dav*, *archivecache* 2938 2939 2940 .. endblob metapartition_files 2941 2942 .. startblob metapartition-name 2943 2944 ``metapartition-name:`` <none> 2945 2946 The pathname of the metadata partition *name*, corresponding to 2947 spool partition **partition-name**. For any mailbox residing in 2948 a directory on **partition-name**, the metadata files listed in 2949 *metapartition_files* will be stored in a corresponding directory on 2950 **metapartition-name**. Note that not every 2951 **partition-name** option is required to have a corresponding 2952 **metapartition-name** option, so that you can selectively choose 2953 which spool partitions will have separate metadata partitions. 2954 2955 .. endblob metapartition-name 2956 2957 .. startblob mupdate_authname 2958 2959 ``mupdate_authname:`` <none> 2960 2961 The SASL username (Authentication Name) to use when authenticating to the 2962 mupdate server (if needed). 2963 2964 .. endblob mupdate_authname 2965 2966 .. startblob mupdate_config 2967 2968 ``mupdate_config:`` standard 2969 2970 The configuration of the mupdate servers in the Cyrus Murder. 2971 The "standard" config is one in which there are discreet frontend 2972 (proxy) and backend servers. The "unified" config is one in which 2973 a server can be both a frontend and backend. The "replicated" 2974 config is one in which multiple backend servers all share the same 2975 mailspool, but each have their own "replicated" copy of 2976 mailboxes.db. 2977 Allowed values: *standard*, *unified*, *replicated* 2978 2979 2980 .. endblob mupdate_config 2981 2982 .. startblob munge8bit 2983 2984 ``munge8bit:`` 1 2985 2986 If enabled, lmtpd munges messages with 8-bit characters in the 2987 headers. The 8-bit characters are changed to \`X'. If 2988 **reject8bit** is enabled, setting **munge8bit** has no effect. 2989 (A proper solution to non-ASCII characters in headers is offered by 2990 :rfc:`2047` and its predecessors.) 2991 2992 .. endblob munge8bit 2993 2994 .. startblob mupdate_connections_max 2995 2996 ``mupdate_connections_max:`` 128 2997 2998 The max number of connections that a mupdate process will allow, this 2999 is related to the number of file descriptors in the mupdate process. 3000 Beyond this number connections will be immediately issued a BYE response. 3001 3002 .. endblob mupdate_connections_max 3003 3004 .. startblob mupdate_password 3005 3006 ``mupdate_password:`` <none> 3007 3008 The SASL password (if needed) to use when authenticating to the 3009 mupdate server. 3010 3011 .. endblob mupdate_password 3012 3013 .. startblob mupdate_port 3014 3015 ``mupdate_port:`` 3905 3016 3017 The port of the mupdate server for the Cyrus Murder 3018 3019 3020 .. endblob mupdate_port 3021 3022 .. startblob mupdate_realm 3023 3024 ``mupdate_realm:`` <none> 3025 3026 The SASL realm (if needed) to use when authenticating to the mupdate 3027 server. 3028 3029 .. endblob mupdate_realm 3030 3031 .. startblob mupdate_retry_delay 3032 3033 ``mupdate_retry_delay:`` 20 3034 3035 The base time to wait between connection retries to the mupdate server. 3036 3037 3038 .. endblob mupdate_retry_delay 3039 3040 .. startblob mupdate_server 3041 3042 ``mupdate_server:`` <none> 3043 3044 The mupdate server for the Cyrus Murder 3045 3046 3047 .. endblob mupdate_server 3048 3049 .. startblob mupdate_username 3050 3051 ``mupdate_username:`` <empty string> 3052 3053 The SASL username (Authorization Name) to use when authenticating to 3054 the mupdate server 3055 3056 .. endblob mupdate_username 3057 3058 .. startblob mupdate_workers_max 3059 3060 ``mupdate_workers_max:`` 50 3061 3062 The maximum number of mupdate worker threads (overall) 3063 3064 3065 .. endblob mupdate_workers_max 3066 3067 .. startblob mupdate_workers_maxspare 3068 3069 ``mupdate_workers_maxspare:`` 10 3070 3071 The maximum number of idle mupdate worker threads 3072 3073 3074 .. endblob mupdate_workers_maxspare 3075 3076 .. startblob mupdate_workers_minspare 3077 3078 ``mupdate_workers_minspare:`` 2 3079 3080 The minimum number of idle mupdate worker threads 3081 3082 3083 .. endblob mupdate_workers_minspare 3084 3085 .. startblob mupdate_workers_start 3086 3087 ``mupdate_workers_start:`` 5 3088 3089 The number of mupdate worker threads to start 3090 3091 3092 .. endblob mupdate_workers_start 3093 3094 .. startblob netscapeurl 3095 3096 ``netscapeurl:`` <none> 3097 3098 If enabled at compile time, this specifies a URL to reply when 3099 Netscape asks the server where the mail administration HTTP server 3100 is. Administrators should set this to a local resource. 3101 3102 .. endblob netscapeurl 3103 3104 .. startblob newsaddheaders 3105 3106 ``newsaddheaders:`` to 3107 3108 Space-separated list of headers to be added to incoming usenet 3109 articles. Added *To:* headers will contain email 3110 delivery addresses corresponding to each newsgroup in the 3111 *Newsgroups:* header. Added *Reply-To:* headers will 3112 contain email delivery addresses corresponding to each newsgroup in 3113 the *Followup-To:* or *Newsgroups:* header. If the 3114 specified header(s) already exist in an article, the email 3115 delivery addresses will be appended to the original header body(s). 3116 3117 3118 This option applies if and only if the **newspostuser** option is 3119 set. 3120 Allowed values: *to*, *replyto* 3121 3122 3123 .. endblob newsaddheaders 3124 3125 .. startblob newsgroups 3126 3127 ``newsgroups:`` \* 3128 3129 A wildmat pattern specifying which mailbox hierarchies should be 3130 treated as newsgroups. Only mailboxes matching the wildmat will 3131 accept and/or serve articles via NNTP. If not set, a default 3132 wildmat of "\*" (ALL shared mailboxes) will be used. If the 3133 *newsprefix* option is also set, the default wildmat will be 3134 translated to "<newsprefix>.\*" 3135 3136 .. endblob newsgroups 3137 3138 .. startblob newsmaster 3139 3140 ``newsmaster:`` news 3141 3142 Userid that is used for checking access controls when executing 3143 Usenet control messages. For instance, to allow articles to be 3144 automatically deleted by cancel messages, give the "news" user 3145 the 'd' right on the desired mailboxes. To allow newsgroups to be 3146 automatically created, deleted and renamed by the corresponding 3147 control messages, give the "news" user the 'c' right on the desired 3148 mailbox hierarchies. 3149 3150 .. endblob newsmaster 3151 3152 .. startblob newspeer 3153 3154 ``newspeer:`` <none> 3155 3156 A list of whitespace-separated news server specifications to which 3157 articles should be fed. Each server specification is a string of 3158 the form [user[:pass]@]host[:port][/wildmat] where 'host' is the fully 3159 qualified hostname of the server, 'port' is the port on which the 3160 server is listening, 'user' and 'pass' are the authentication 3161 credentials and 'wildmat' is a pattern that specifies which groups 3162 should be fed. If no 'port' is specified, port 119 is used. If 3163 no 'wildmat' is specified, all groups are fed. If 'user' is specified 3164 (even if empty), then the NNTP POST command will be used to feed 3165 the article to the server, otherwise the IHAVE command will be 3166 used. 3167 3168 3169 A '@' may be used in place of '!' in the wildmat to prevent feeding 3170 articles cross-posted to the given group, otherwise cross-posted 3171 articles are fed if any part of the wildmat matches. For example, 3172 the string "peer.example.com:\*,!control.\*,@local.\*" would feed all 3173 groups except control messages and local groups to 3174 peer.example.com. In the case of cross-posting to local groups, 3175 these articles would not be fed. 3176 3177 .. endblob newspeer 3178 3179 .. startblob newspostuser 3180 3181 ``newspostuser:`` <none> 3182 3183 Userid used to deliver usenet articles to newsgroup folders 3184 (usually via lmtp2nntp). For example, if set to "post", email sent 3185 to "post+comp.mail.imap" would be delivered to the "comp.mail.imap" 3186 folder. 3187 3188 3189 When set, the Cyrus NNTP server will add the header(s) specified in 3190 the **newsaddheaders** option to each incoming usenet article. 3191 The added header(s) will contain email delivery addresses 3192 corresponding to each relevant newsgroup. If not set, no headers 3193 are added to usenet articles. 3194 3195 .. endblob newspostuser 3196 3197 .. startblob newsprefix 3198 3199 ``newsprefix:`` <none> 3200 3201 Prefix to be prepended to newsgroup names to make the corresponding 3202 IMAP mailbox names. 3203 3204 .. endblob newsprefix 3205 3206 .. startblob newsrc_db_path 3207 3208 ``newsrc_db_path:`` <none> 3209 3210 The absolute path to the newsrc db file. If not specified, 3211 will be configdirectory/fetchnews.db 3212 3213 .. endblob newsrc_db_path 3214 3215 .. startblob nntptimeout 3216 3217 ``nntptimeout:`` 3m 3218 3219 Set the length of the NNTP server's inactivity autologout timer. 3220 The minimum value is 3 minutes, also the default. 3221 3222 For backward compatibility, if no unit is specified, minutes is 3223 assumed. 3224 3225 .. endblob nntptimeout 3226 3227 .. startblob notesmailbox 3228 3229 ``notesmailbox:`` <none> 3230 3231 The top level mailbox in each user's account which is used to store 3232 \* Apple-style Notes. Default is blank (disabled) 3233 3234 .. endblob notesmailbox 3235 3236 .. startblob notifysocket 3237 3238 ``notifysocket:`` {configdirectory}/socket/notify 3239 3240 Unix domain socket that the mail notification daemon listens on. 3241 3242 3243 .. endblob notifysocket 3244 3245 .. startblob notify_external 3246 3247 ``notify_external:`` <none> 3248 3249 Path to the external program that notifyd(8) will call to send mail 3250 notifications. 3251 3252 The external program will be called with the following 3253 command line options: 3254 3255 .. option:: -c class 3256 3257 .. option:: -p priority 3258 3259 .. option:: -u user 3260 3261 .. option:: -m mailbox 3262 3263 And the notification message will be available on *stdin*. 3264 3265 3266 .. endblob notify_external 3267 3268 .. startblob partition-name 3269 3270 ``partition-name:`` <none> 3271 3272 The pathname of the partition *name*. At least one partition 3273 pathname MUST be specified. If the **defaultpartition** option is 3274 used, then its pathname MUST be specified. For example, if the 3275 value of the **defaultpartion** option is **part1**, then the 3276 **partition-part1** field is required. 3277 3278 .. endblob partition-name 3279 3280 .. startblob partition_select_mode 3281 3282 ``partition_select_mode:`` freespace-most 3283 3284 Partition selection mode. 3285 3286 *random* 3287 (pseudo-)random selection 3288 3289 *freespace-most* 3290 partition with the most free space (KiB) 3291 3292 *freespace-percent-most* 3293 partition with the most free space (%) 3294 3295 *freespace-percent-weighted* 3296 each partition is weighted according to its free space (%); the more free space 3297 the partition has, the more chances it has to be selected 3298 3299 *freespace-percent-weighted-delta* 3300 each partition is weighted according to its difference of free space (%) 3301 compared to the most used partition; the more the partition is lagging behind 3302 the most used partition, the more chances it has to be selected 3303 3304 Note that actually even the most used partition has a few chances to be 3305 selected, and those chances increase when other partitions get closer 3306 3307 Allowed values: *random*, *freespace-most*, *freespace-percent-most*, *freespace-percent-weighted*, *freespace-percent-weighted-delta* 3308 3309 3310 .. endblob partition_select_mode 3311 3312 .. startblob partition_select_exclude 3313 3314 ``partition_select_exclude:`` <none> 3315 3316 List of partitions to exclude from selection mode. 3317 3318 3319 .. endblob partition_select_exclude 3320 3321 .. startblob partition_select_usage_reinit 3322 3323 ``partition_select_usage_reinit:`` 0 3324 3325 For a given session, number of **operations** (e.g. partition selection) 3326 for which partitions usage data are cached. 3327 3328 .. endblob partition_select_usage_reinit 3329 3330 .. startblob partition_select_soft_usage_limit 3331 3332 ``partition_select_soft_usage_limit:`` 0 3333 3334 Limit of partition usage (%): if a partition is over that limit, it is 3335 automatically excluded from selection mode. 3336 3337 If all partitions are over that limit, this feature is not used anymore. 3338 3339 3340 .. endblob partition_select_soft_usage_limit 3341 3342 .. startblob plaintextloginpause 3343 3344 ``plaintextloginpause:`` <none> 3345 3346 Time to pause after a successful plaintext login. For systems that 3347 support strong authentication, this permits users to perceive a cost 3348 of using plaintext passwords. (This does not affect the use of PLAIN 3349 in SASL authentications.) 3350 3351 For backward compatibility, if no unit is specified, seconds is 3352 assumed. 3353 3354 .. endblob plaintextloginpause 3355 3356 .. startblob plaintextloginalert 3357 3358 ``plaintextloginalert:`` <none> 3359 3360 Message to send to client after a successful plaintext login. 3361 3362 3363 .. endblob plaintextloginalert 3364 3365 .. startblob popexpiretime 3366 3367 ``popexpiretime:`` -1 3368 3369 The duration advertised as being the minimum a message may be 3370 left on the POP server before it is deleted (via the CAPA command, 3371 defined in the POP3 Extension Mechanism, which some clients may 3372 support). This duration has a granularity of whole days, with partial 3373 days truncated (so e.g. "45m" is effectively "0d"). "NEVER", the 3374 default, may be specified with a negative number. 3375 3376 The Cyrus POP3 server never deletes mail, no matter what the value of 3377 this parameter is. However, if a site implements a less liberal policy, 3378 it needs to change this parameter accordingly. 3379 3380 For backward compatibility, if no unit is specified, days is 3381 assumed. 3382 3383 .. endblob popexpiretime 3384 3385 .. startblob popminpoll 3386 3387 ``popminpoll:`` <none> 3388 3389 Set the minimum amount of time the server forces users to wait 3390 between successive POP logins. 3391 3392 For backward compatibility, if no unit is specified, minutes is 3393 assumed. 3394 3395 .. endblob popminpoll 3396 3397 .. startblob popsubfolders 3398 3399 ``popsubfolders:`` 0 3400 3401 Allow access to subfolders of INBOX via POP3 by using 3402 userid+subfolder syntax as the authentication/authorization id. 3403 3404 .. endblob popsubfolders 3405 3406 .. startblob poppollpadding 3407 3408 ``poppollpadding:`` 1 3409 3410 Create a softer minimum poll restriction. Allows *poppollpadding* 3411 connections before the minpoll restriction is triggered. Additionally, 3412 one padding entry is recovered every *popminpoll* minutes. 3413 This allows for the occasional polling rate faster than popminpoll, 3414 (i.e., for clients that require a send/receive to send mail) but still 3415 enforces the rate long-term. Default is 1 (disabled). 3416 3417 3418 The easiest way to think of it is a queue of past connections, with one 3419 slot being filled for every connection, and one slot being cleared 3420 every *popminpoll* minutes. When the queue is full, the user 3421 will not be able to check mail again until a slot is cleared. If the 3422 user waits a sufficient amount of time, they will get back many or all 3423 of the slots. 3424 3425 .. endblob poppollpadding 3426 3427 .. startblob poptimeout 3428 3429 ``poptimeout:`` 10m 3430 3431 Set the length of the POP server's inactivity autologout timer. 3432 The minimum value is 10 minutes, the default. 3433 3434 For backward compatibility, if no unit is specified, minutes is 3435 assumed. 3436 3437 .. endblob poptimeout 3438 3439 .. startblob popuseacl 3440 3441 ``popuseacl:`` 0 3442 3443 Enforce IMAP ACLs in the pop server. Due to the nature of the POP3 3444 protocol, the only rights which are used by the pop server are 'r', 3445 't', and 's' for the owner of the mailbox. The 'r' right allows the 3446 user to open the mailbox and list/retrieve messages. The 't' right 3447 allows the user to delete messages. The 's' right allows messages 3448 retrieved by the user to have the \\Seen flag set (only if 3449 *popuseimapflags* is also enabled). 3450 3451 .. endblob popuseacl 3452 3453 .. startblob popuseimapflags 3454 3455 ``popuseimapflags:`` 0 3456 3457 If enabled, the pop server will set and obey IMAP flags. Messages 3458 having the \\Deleted flag are ignored as if they do not exist. 3459 Messages that are retrieved by the client will have the \\Seen flag 3460 set. All messages will have the \\Recent flag unset. 3461 3462 .. endblob popuseimapflags 3463 3464 .. startblob postmaster 3465 3466 ``postmaster:`` postmaster 3467 3468 Username that is used as the 'From' address in rejection MDNs produced 3469 by sieve. 3470 3471 .. endblob postmaster 3472 3473 .. startblob postuser 3474 3475 ``postuser:`` <empty string> 3476 3477 Userid used to deliver messages to shared folders. For example, if 3478 set to "bb", email sent to "bb+shared.blah" would be delivered to 3479 the "shared.blah" folder. By default, an email address of 3480 "+shared.blah" would be used. 3481 3482 .. endblob postuser 3483 3484 .. startblob proc_path 3485 3486 ``proc_path:`` <none> 3487 3488 Path to proc directory. Default is NULL - must be an absolute path 3489 if specified. If not specified, the path $configdirectory/proc/ will be 3490 used. 3491 3492 .. endblob proc_path 3493 3494 .. startblob prometheus_enabled 3495 3496 ``prometheus_enabled:`` 0 3497 3498 Whether tracking of service metrics for Prometheus is enabled. 3499 3500 3501 .. endblob prometheus_enabled 3502 3503 .. startblob prometheus_need_auth 3504 3505 ``prometheus_need_auth:`` admin 3506 3507 Authentication level required to fetch Prometheus metrics. 3508 3509 Allowed values: *none*, *user*, *admin* 3510 3511 3512 .. endblob prometheus_need_auth 3513 3514 .. startblob prometheus_update_freq 3515 3516 ``prometheus_update_freq:`` 10s 3517 3518 Frequency in at which promstatsd should re-collate its statistics 3519 report. The minimum value is 1 second, the default is 10 seconds. 3520 3521 For backward compatibility, if no unit is specified, seconds is 3522 assumed. 3523 3524 .. endblob prometheus_update_freq 3525 3526 .. startblob prometheus_stats_dir 3527 3528 ``prometheus_stats_dir:`` <none> 3529 3530 Directory to use for gathering prometheus statistics. If specified, 3531 must be an absolute path. If not specified, the default path 3532 $configdirectory/stats/ will be used. It may be advantageous to locate this 3533 directory on ephemeral storage. 3534 3535 .. endblob prometheus_stats_dir 3536 3537 .. startblob proxy_authname 3538 3539 ``proxy_authname:`` proxy 3540 3541 The authentication name to use when authenticating to a backend server 3542 in the Cyrus Murder. 3543 3544 .. endblob proxy_authname 3545 3546 .. startblob proxy_compress 3547 3548 ``proxy_compress:`` 0 3549 3550 Try to enable protocol-specific compression when performing a client 3551 connection to a backend server in the Cyrus Murder. 3552 3553 Note that this should only be necessary over slow network 3554 connections. Also note that currently only IMAP and MUPDATE support 3555 compression. 3556 3557 .. endblob proxy_compress 3558 3559 .. startblob proxy_password 3560 3561 ``proxy_password:`` <none> 3562 3563 The default password to use when authenticating to a backend server 3564 in the Cyrus Murder. May be overridden on a host-specific basis using 3565 the hostname_password option. 3566 3567 .. endblob proxy_password 3568 3569 .. startblob proxy_realm 3570 3571 ``proxy_realm:`` <none> 3572 3573 The authentication realm to use when authenticating to a backend server 3574 in the Cyrus Murder 3575 3576 .. endblob proxy_realm 3577 3578 .. startblob proxyd_allow_status_referral 3579 3580 ``proxyd_allow_status_referral:`` 0 3581 3582 Set to true to allow proxyd to issue referrals to clients that support it 3583 when answering the STATUS command. This is disabled by default since 3584 some clients issue many STATUS commands in a row, and do not cache the 3585 connections that these referrals would cause, thus resulting in a higher 3586 authentication load on the respective backend server. 3587 3588 .. endblob proxyd_allow_status_referral 3589 3590 .. startblob proxyd_disable_mailbox_referrals 3591 3592 ``proxyd_disable_mailbox_referrals:`` 0 3593 3594 Set to true to disable the use of mailbox-referrals on the 3595 proxy servers. 3596 3597 .. endblob proxyd_disable_mailbox_referrals 3598 3599 .. startblob proxyservers 3600 3601 ``proxyservers:`` <none> 3602 3603 A list of users and groups that are allowed to proxy for other 3604 users, separated by spaces. Any user listed in this will be 3605 allowed to login for any other user: use with caution. 3606 In a standard murder this option should ONLY be set on backends. 3607 DO NOT SET on frontends or things won't work properly. 3608 3609 .. endblob proxyservers 3610 3611 .. startblob pts_module 3612 3613 ``pts_module:`` afskrb 3614 3615 The PTS module to use. 3616 3617 Allowed values: *afskrb*, *ldap* 3618 3619 3620 .. endblob pts_module 3621 3622 .. startblob ptloader_sock 3623 3624 ``ptloader_sock:`` <none> 3625 3626 Unix domain socket that ptloader listens on. 3627 (defaults to configdirectory/ptclient/ptsock) 3628 3629 .. endblob ptloader_sock 3630 3631 .. startblob ptscache_db 3632 3633 ``ptscache_db:`` twoskip 3634 3635 The cyrusdb backend to use for the pts cache. 3636 3637 Allowed values: *skiplist*, *twoskip*, *zeroskip* 3638 3639 3640 .. endblob ptscache_db 3641 3642 .. startblob ptscache_db_path 3643 3644 ``ptscache_db_path:`` <none> 3645 3646 The absolute path to the ptscache db file. If not specified, 3647 will be configdirectory/ptscache.db 3648 3649 .. endblob ptscache_db_path 3650 3651 .. startblob ptscache_timeout 3652 3653 ``ptscache_timeout:`` 3h 3654 3655 The timeout for the PTS cache database when using the auth_krb_pts 3656 authorization method (default: 3 hours). 3657 3658 For backward compatibility, if no unit is specified, seconds is 3659 assumed. 3660 3661 .. endblob ptscache_timeout 3662 3663 .. startblob ptskrb5_convert524 3664 3665 ``ptskrb5_convert524:`` 1 3666 3667 When using the AFSKRB ptloader module with Kerberos 5 canonicalization, 3668 do the final 524 conversion to get a n AFS style name (using '.' instead 3669 of '/', and using short names 3670 3671 .. endblob ptskrb5_convert524 3672 3673 .. startblob ptskrb5_strip_default_realm 3674 3675 ``ptskrb5_strip_default_realm:`` 1 3676 3677 When using the AFSKRB ptloader module with Kerberos 5 canonicalization, 3678 strip the default realm from the userid (this does not affect the stripping 3679 of realms specified by the afspts_localrealms option) 3680 3681 .. endblob ptskrb5_strip_default_realm 3682 3683 .. startblob qosmarking 3684 3685 ``qosmarking:`` cs0 3686 3687 This specifies the Class Selector or Differentiated Services Code Point 3688 designation on IP headers (in the ToS field). 3689 Allowed values: *cs0*, *cs1*, *cs2*, *cs3*, *cs4*, *cs5*, *cs6*, *cs7*, *af11*, *af12*, *af13*, *af21*, *af22*, *af23*, *af31*, *af32*, *af33*, *af41*, *af42*, *af43*, *ef* 3690 3691 3692 .. endblob qosmarking 3693 3694 .. startblob quota_db 3695 3696 ``quota_db:`` quotalegacy 3697 3698 The cyrusdb backend to use for quotas. 3699 3700 Allowed values: *flat*, *skiplist*, *sql*, *quotalegacy*, *twoskip*, *zeroskip* 3701 3702 3703 .. endblob quota_db 3704 3705 .. startblob quota_db_path 3706 3707 ``quota_db_path:`` <none> 3708 3709 The absolute path for the quota database (if you choose a single-file 3710 quota DB type - or the base path if you choose quotalegacy). If 3711 not specified will be configdirectory/quotas.db or configdirectory/quota/ 3712 3713 .. endblob quota_db_path 3714 3715 .. startblob quotawarn 3716 3717 ``quotawarn:`` 90 3718 3719 The percent of quota utilization over which the server generates 3720 warnings. 3721 3722 .. endblob quotawarn 3723 3724 .. startblob quotawarnkb 3725 3726 ``quotawarnkb:`` 0 3727 3728 The maximum amount of free space (in kB) at which to give a quota 3729 warning (if this value is 0, or if the quota is smaller than this 3730 amount, then warnings are always given). 3731 3732 .. endblob quotawarnkb 3733 3734 .. startblob quotawarnmsg 3735 3736 ``quotawarnmsg:`` 0 3737 3738 The maximum amount of messages at which to give a quota warning 3739 (if this value is 0, or if the quota is smaller than this 3740 amount, then warnings are always given). 3741 3742 .. endblob quotawarnmsg 3743 3744 .. startblob reject8bit 3745 3746 ``reject8bit:`` 0 3747 3748 If enabled, lmtpd rejects messages with 8-bit characters in the 3749 headers. 3750 3751 .. endblob reject8bit 3752 3753 .. startblob restore_authname 3754 3755 ``restore_authname:`` <none> 3756 3757 The authentication used by the restore tool when authenticating 3758 to an IMAP/sync server. 3759 3760 .. endblob restore_authname 3761 3762 .. startblob restore_password 3763 3764 ``restore_password:`` <none> 3765 3766 The password used by the restore tool when authenticating to an 3767 IMAP/sync server. 3768 3769 .. endblob restore_password 3770 3771 .. startblob restore_realm 3772 3773 ``restore_realm:`` <none> 3774 3775 The authentication realm used by the restore tool when 3776 authenticating to an IMAP/sync server. 3777 3778 .. endblob restore_realm 3779 3780 .. startblob reverseacls 3781 3782 ``reverseacls:`` 0 3783 3784 At startup time, ctl_cyrusdb -r will check this value and it 3785 will either add or remove reverse ACL pointers from mailboxes.db 3786 3787 .. endblob reverseacls 3788 3789 .. startblob rfc2046_strict 3790 3791 ``rfc2046_strict:`` 0 3792 3793 If enabled, imapd will be strict (per :rfc:`2046`) when matching MIME 3794 boundary strings. This means that boundaries containing other 3795 boundaries as substrings will be treated as identical. Since 3796 enabling this option will break some messages created by Eudora 5.1 3797 (and earlier), it is recommended that it be left disabled unless 3798 there is good reason to do otherwise. 3799 3800 .. endblob rfc2046_strict 3801 3802 .. startblob rfc2047_utf8 3803 3804 ``rfc2047_utf8:`` 0 3805 3806 If enabled, imapd will parse any non-encoded character sequence in 3807 MIME header values as UTF8. This is useful for installations that 3808 either advertise the UTF8SMTP (:rfc:`5335`) extension or receive mails 3809 with improperly escaped UTF-8 byte sequences. It is recommended that 3810 this option is left disabled unless there is good reason to do 3811 otherwise. 3812 3813 .. endblob rfc2047_utf8 3814 3815 .. startblob rfc3028_strict 3816 3817 ``rfc3028_strict:`` 1 3818 3819 If enabled, Sieve will be strict (per :rfc:`3028`) with regards to 3820 which headers are allowed to be used in address and envelope tests. 3821 This means that only those headers which are defined to contain addresses 3822 will be allowed in address tests and only "to" and "from" will be 3823 allowed in envelope tests. When disabled, ANY grammatically correct header 3824 will be allowed. 3825 3826 .. endblob rfc3028_strict 3827 3828 .. startblob rss_feedlist_template 3829 3830 ``rss_feedlist_template:`` <none> 3831 3832 File containing HTML that will be used as a template for displaying 3833 the list of available RSS feeds. A single instance of the variable 3834 %RSS_FEEDLIST% should appear in the file, which will be replaced by 3835 a nested unordered list of feeds. The toplevel unordered list will 3836 be tagged with an id of "feed" (<ul id='feed'>) which can be used 3837 by stylesheet(s) in your template. The dynamically created list of 3838 feeds based on the HTML template will be accessible at the "/rss" 3839 URL on the server. 3840 3841 .. endblob rss_feedlist_template 3842 3843 .. startblob rss_feeds 3844 3845 ``rss_feeds:`` \* 3846 3847 A wildmat pattern specifying which mailbox hierarchies should be 3848 treated as RSS feeds. Only mailboxes matching the wildmat will 3849 have their messages available via RSS. If not set, a default 3850 wildmat of "\*" (ALL mailboxes) will be used. 3851 3852 .. endblob rss_feeds 3853 3854 .. startblob rss_maxage 3855 3856 ``rss_maxage:`` <none> 3857 3858 Maximum age of items to display in an RSS channel. If non-zero, 3859 httpd will only display items received within this time period. 3860 If set to 0, all available items will be displayed (the default). 3861 3862 For backward compatibility, if no unit is specified, days is 3863 assumed. 3864 3865 .. endblob rss_maxage 3866 3867 .. startblob rss_maxitems 3868 3869 ``rss_maxitems:`` 0 3870 3871 Maximum number of items to display in an RSS channel. If non-zero, 3872 httpd will display no more than the *rss_maxitems* most recent 3873 items. If set to 0, all available items will be displayed (the 3874 default). 3875 3876 .. endblob rss_maxitems 3877 3878 .. startblob rss_maxsynopsis 3879 3880 ``rss_maxsynopsis:`` 0 3881 3882 Maximum RSS item synopsis length. If non-zero, httpd will display 3883 no more than the first *rss_maxsynopsis* characters of an 3884 item's synopsis. If set to 0, the entire synopsis will be 3885 displayed (the default). 3886 3887 .. endblob rss_maxsynopsis 3888 3889 .. startblob rss_realm 3890 3891 ``rss_realm:`` <none> 3892 3893 The realm to present for HTTP authentication of RSS feeds. If not 3894 set (the default), the value of the "servername" option will be 3895 used. 3896 3897 .. endblob rss_realm 3898 3899 .. startblob sasl_auto_transition 3900 3901 ``sasl_auto_transition:`` 0 3902 3903 If enabled, the SASL library will automatically create authentication 3904 secrets when given a plaintext password. See the SASL documentation. 3905 3906 .. endblob sasl_auto_transition 3907 3908 .. startblob sasl_maximum_layer 3909 3910 ``sasl_maximum_layer:`` 256 3911 3912 Maximum SSF (security strength factor) that the server will allow a 3913 client to negotiate. 3914 3915 .. endblob sasl_maximum_layer 3916 3917 .. startblob sasl_minimum_layer 3918 3919 ``sasl_minimum_layer:`` 0 3920 3921 The minimum SSF that the server will allow a client to negotiate. 3922 A value of 1 requires integrity protection; any higher value 3923 requires some amount of encryption. 3924 3925 .. endblob sasl_minimum_layer 3926 3927 .. startblob sasl_option 3928 3929 ``sasl_option:`` 0 3930 3931 Any SASL option can be set by preceding it with **sasl_**. This 3932 file overrides the SASL configuration file. 3933 3934 .. endblob sasl_option 3935 3936 .. startblob sasl_pwcheck_method 3937 3938 ``sasl_pwcheck_method:`` <none> 3939 3940 The mechanism used by the server to verify plaintext passwords. 3941 Possible values include "auxprop", "saslauthd", and "pwcheck". 3942 3943 .. endblob sasl_pwcheck_method 3944 3945 .. startblob search_batchsize 3946 3947 ``search_batchsize:`` 20 3948 3949 The number of messages to be indexed in one batch (default 20). 3950 Note that long batches may delay user commands or mail delivery. 3951 3952 .. endblob search_batchsize 3953 3954 .. startblob search_attachment_extractor_url 3955 3956 ``search_attachment_extractor_url:`` <none> 3957 3958 3959 Reserved for future use. 3960 3961 3962 .. endblob search_attachment_extractor_url 3963 3964 .. startblob search_index_language 3965 3966 ``search_index_language:`` 0 3967 3968 3969 Reserved for future use. 3970 3971 3972 .. endblob search_index_language 3973 3974 .. startblob search_index_parts 3975 3976 ``search_index_parts:`` 0 3977 3978 3979 Deprecated. No longer used. 3980 3981 3982 .. endblob search_index_parts 3983 3984 .. startblob search_query_language 3985 3986 ``search_query_language:`` 0 3987 3988 3989 Reserved for future use. 3990 3991 3992 .. endblob search_query_language 3993 3994 .. startblob search_normalisation_max 3995 3996 ``search_normalisation_max:`` 1000 3997 3998 A resource bound for the combinatorial explosion of search expression 3999 tree complexity caused by normalising expressions with many OR nodes. 4000 These can use more CPU time to optimise than they save IO time in scanning 4001 folders. 4002 4003 .. endblob search_normalisation_max 4004 4005 .. startblob search_engine 4006 4007 ``search_engine:`` none 4008 4009 The indexing engine used to speed up searching. 4010 4011 Allowed values: *none*, *squat*, *xapian* 4012 4013 4014 .. endblob search_engine 4015 4016 .. startblob search_fuzzy_always 4017 4018 ``search_fuzzy_always:`` 0 4019 4020 Whether to enable :rfc:`6203` FUZZY search for all IMAP SEARCH. If turned 4021 on, search attributes will be searched using FUZZY search by default. 4022 If turned off, clients have to explicitly use the FUZZY search key to 4023 enable fuzzy search for regular SEARCH commands. 4024 4025 .. endblob search_fuzzy_always 4026 4027 .. startblob search_index_headers 4028 4029 ``search_index_headers:`` 1 4030 4031 Whether to index headers other than From, To, Cc, Bcc, and Subject. 4032 Experiment shows that some headers such as Received and DKIM-Signature 4033 can contribute up to 2/3rds of the index size but almost nothing to 4034 the utility of searching. Note that if header indexing is disabled, 4035 headers can still be searched, the searches will just be slower. 4036 4037 4038 .. endblob search_index_headers 4039 4040 .. startblob search_indexed_db 4041 4042 ``search_indexed_db:`` twoskip 4043 4044 The cyrusdb backend to use for the search latest indexed uid state. Xapian only. 4045 4046 Allowed values: *flat*, *skiplist*, *twoskip*, *zeroskip* 4047 4048 4049 .. endblob search_indexed_db 4050 4051 .. startblob search_maxtime 4052 4053 ``search_maxtime:`` <none> 4054 4055 The maximum number of seconds to run a search for before aborting. Default 4056 of no value means search "forever" until other timeouts. 4057 4058 .. endblob search_maxtime 4059 4060 .. startblob search_queryscan 4061 4062 ``search_queryscan:`` 5000 4063 4064 The minimum number of records require to do a direct scan of all G keys 4065 \* rather than indexed lookups. A value of 0 means always do indexed lookups. 4066 4067 4068 .. endblob search_queryscan 4069 4070 .. startblob search_skipdiacrit 4071 4072 ``search_skipdiacrit:`` 1 4073 4074 When searching, should diacriticals be stripped from the search 4075 terms. The default is "true", a search for "hav" will match 4076 "Håvard". This is not :rfc:`5051` compliant, but it backwards 4077 compatible, and may be preferred by some sites. 4078 4079 .. endblob search_skipdiacrit 4080 4081 .. startblob search_skiphtml 4082 4083 ``search_skiphtml:`` 0 4084 4085 If enabled, HTML parts of messages are skipped, i.e. not indexed and 4086 not searchable. Otherwise, they're indexed. 4087 4088 .. endblob search_skiphtml 4089 4090 .. startblob search_whitespace 4091 4092 ``search_whitespace:`` merge 4093 4094 When searching, how whitespace should be handled. Options are: 4095 "skip" (default in 2.3 and earlier series) - where a search for 4096 "equi" would match "the quick brown fox". "merge" - the default, 4097 where "he qu" would match "the quick brownfox", and "keep", 4098 where whitespace must match exactly. The default of "merge" is 4099 recommended for most cases - it's a good compromise which 4100 keeps words separate. 4101 Allowed values: *skip*, *merge*, *keep* 4102 4103 4104 .. endblob search_whitespace 4105 4106 .. startblob search_snippet_length 4107 4108 ``search_snippet_length:`` 255 4109 4110 The maximum byte length of a snippet generated by the XSNIPPETS 4111 command. Only supported by the Xapian search backend, which 4112 attempts to always fill search_snippet_length bytes in the 4113 generated snippet. 4114 4115 .. endblob search_snippet_length 4116 4117 .. startblob search_stopword_path 4118 4119 ``search_stopword_path:`` <none> 4120 4121 The absolute base path to the search stopword lists. If not specified, 4122 no stopwords will be taken into account during search indexing. Currently, 4123 the only supported and default stop word file is english.txt. 4124 4125 .. endblob search_stopword_path 4126 4127 .. startblob searchpartition-name 4128 4129 ``searchpartition-name:`` <none> 4130 4131 The pathname where to store the xapian search indexes of *searchtier* 4132 for mailboxes of partition *name*. This must be configured for the 4133 *defaultsearchtier* and any additional search tier (see squatter for 4134 details). 4135 4136 For example: if *defaultpartition* is defined as part1 and 4137 *defaultsearchtier* as tier1 then the configuration must contain 4138 an entry *tier1searchpartition-part1* that defines the path where to 4139 store this tier1's search index for the part1 partition. 4140 4141 This option MUST be specified for xapian search. 4142 4143 .. endblob searchpartition-name 4144 4145 .. startblob seenstate_db 4146 4147 ``seenstate_db:`` twoskip 4148 4149 The cyrusdb backend to use for the seen state. 4150 4151 Allowed values: *flat*, *skiplist*, *twoskip*, *zeroskip* 4152 4153 4154 .. endblob seenstate_db 4155 4156 .. startblob sendmail 4157 4158 ``sendmail:`` /usr/lib/sendmail 4159 4160 The pathname of the sendmail executable. Sieve invokes sendmail 4161 for sending rejections, redirects and vacation responses. 4162 4163 .. endblob sendmail 4164 4165 .. startblob sendmail_auth_id 4166 4167 ``sendmail_auth_id:`` CYRUS_SENDMAIL_AUTH_ID 4168 4169 The name of an environment variable to set when invoking sendmail. 4170 The value of this environment variable will contain the user id 4171 of the currently authenticated user. If no user is authenticated 4172 the environment variable is not set. 4173 4174 .. endblob sendmail_auth_id 4175 4176 .. startblob serverlist 4177 4178 ``serverlist:`` <none> 4179 4180 Whitespace separated list of backend server names. Used for 4181 finding server with the most available free space for proxying 4182 CREATE. 4183 4184 .. endblob serverlist 4185 4186 .. startblob serverlist_select_mode 4187 4188 ``serverlist_select_mode:`` freespace-most 4189 4190 Server selection mode. 4191 4192 *random* 4193 (pseudo-)random selection 4194 4195 *freespace-most* 4196 backend with the most (total) free space (KiB) 4197 4198 *freespace-percent-most* 4199 backend whose partition has the most free space (%) 4200 4201 *freespace-percent-weighted* 4202 same as for partition selection, comparing the free space (%) of the least used 4203 partition of each backend 4204 4205 *freespace-percent-weighted-delta* 4206 same as for partition selection, comparing the free space (%) of the least used 4207 partition of each backend. 4208 4209 4210 Allowed values: *random*, *freespace-most*, *freespace-percent-most*, *freespace-percent-weighted*, *freespace-percent-weighted-delta* 4211 4212 4213 .. endblob serverlist_select_mode 4214 4215 .. startblob serverlist_select_usage_reinit 4216 4217 ``serverlist_select_usage_reinit:`` 0 4218 4219 For a given session, number of **operations** (e.g. backend selection) 4220 for which backend usage data are cached. 4221 4222 .. endblob serverlist_select_usage_reinit 4223 4224 .. startblob serverlist_select_soft_usage_limit 4225 4226 ``serverlist_select_soft_usage_limit:`` 0 4227 4228 Limit of backend usage (%): if a backend is over that limit, it is 4229 automatically excluded from selection mode. 4230 4231 If all backends are over that limit, this feature is not used anymore. 4232 4233 4234 .. endblob serverlist_select_soft_usage_limit 4235 4236 .. startblob servername 4237 4238 ``servername:`` <none> 4239 4240 This is the hostname visible in the greeting messages of the POP, 4241 IMAP and LMTP daemons. If it is unset, then the result returned 4242 from gethostname(2) is used. This is also the value used by murder 4243 clusters to identify the host name. It should be resolvable by 4244 DNS to the correct host, and unique within an active cluster. If 4245 you are using low level replication (e.g. drbd) then it should be 4246 the same on each copy and the DNS name should also be moved to 4247 the new master on failover. 4248 4249 .. endblob servername 4250 4251 .. startblob serverinfo 4252 4253 ``serverinfo:`` on 4254 4255 The server information to display in the greeting and capability 4256 responses. Information is displayed as follows: 4257 4258 "off" = no server information in the greeting or capabilities 4259 4260 "min" = *servername* in the greeting; no server information in the capabilities 4261 4262 "on" = *servername* and product version in the greeting; 4263 product version in the capabilities 4264 4265 4266 Allowed values: *off*, *min*, *on* 4267 4268 4269 .. endblob serverinfo 4270 4271 .. startblob sharedprefix 4272 4273 ``sharedprefix:`` Shared Folders 4274 4275 If using the alternate IMAP namespace, the prefix for the shared 4276 namespace. The hierarchy delimiter will be automatically appended. 4277 4278 4279 .. endblob sharedprefix 4280 4281 .. startblob sieve_allowreferrals 4282 4283 ``sieve_allowreferrals:`` 1 4284 4285 If enabled, timsieved will issue referrals to clients when the 4286 user's scripts reside on a remote server (in a Murder). 4287 Otherwise, timsieved will proxy traffic to the remote server. 4288 4289 .. endblob sieve_allowreferrals 4290 4291 .. startblob sieve_duplicate_max_expiration 4292 4293 ``sieve_duplicate_max_expiration:`` 90d 4294 4295 Maximum expiration time for duplicate message tracking records. 4296 4297 For backward compatibility, if no unit is specified, seconds is 4298 assumed. 4299 4300 .. endblob sieve_duplicate_max_expiration 4301 4302 .. startblob sieve_extensions 4303 4304 ``sieve_extensions:`` fileinto reject vacation vacation-seconds imapflags notify include envelope environment body relational regex subaddress copy date index imap4flags mailbox mboxmetadata servermetadata variables editheader extlists duplicate ihave fcc special-use redirect-dsn redirect-deliverby mailboxid x-cyrus-log x-cyrus-jmapquery x-cyrus-snooze 4305 4306 Space-separated list of Sieve extensions allowed to be used in 4307 sieve scripts, enforced at submission by timsieved(8). Any 4308 previously installed script will be unaffected by this option and 4309 will continue to execute regardless of the extensions used. This 4310 option has no effect on options that are disabled at compile time 4311 (e.g., "regex"). 4312 Allowed values: *fileinto*, *reject*, *vacation*, *vacation-seconds*, *imapflags*, *notify*, *include*, *envelope*, *environment*, *body*, *relational*, *regex*, *subaddress*, *copy*, *date*, *index*, *imap4flags*, *mailbox*, *mboxmetadata*, *servermetadata*, *variables*, *editheader*, *extlists*, *duplicate*, *ihave*, *fcc*, *special-use*, *redirect-dsn*, *redirect-deliverby*, *mailboxid*, *x-cyrus-log*, *x-cyrus-jmapquery*, *x-cyrus-snooze* 4313 4314 4315 .. endblob sieve_extensions 4316 4317 .. startblob sieve_maxscriptsize 4318 4319 ``sieve_maxscriptsize:`` 32 4320 4321 Maximum size (in kilobytes) any sieve script can be, enforced at 4322 submission by timsieved(8). 4323 4324 .. endblob sieve_maxscriptsize 4325 4326 .. startblob sieve_maxscripts 4327 4328 ``sieve_maxscripts:`` 5 4329 4330 Maximum number of sieve scripts any user may have, enforced at 4331 submission by timsieved(8). 4332 4333 .. endblob sieve_maxscripts 4334 4335 .. startblob sieve_utf8fileinto 4336 4337 ``sieve_utf8fileinto:`` 0 4338 4339 If enabled, the sieve engine expects folder names for the 4340 *fileinto* action in scripts to use UTF8 encoding. Otherwise, 4341 modified UTF7 encoding should be used. 4342 4343 .. endblob sieve_utf8fileinto 4344 4345 .. startblob sieve_sasl_send_unsolicited_capability 4346 4347 ``sieve_sasl_send_unsolicited_capability:`` 0 4348 4349 If enabled, timsieved will emit a capability response after a successful 4350 SASL authentication, per draft-martin-managesieve-12.txt . 4351 4352 .. endblob sieve_sasl_send_unsolicited_capability 4353 4354 .. startblob sieve_use_lmtp_reject 4355 4356 ``sieve_use_lmtp_reject:`` 1 4357 4358 Enabled by default. If reject can be done via LMTP, then return a 550 4359 rather than generating the bounce message in Cyrus. 4360 4361 .. endblob sieve_use_lmtp_reject 4362 4363 .. startblob sieve_vacation_min_response 4364 4365 ``sieve_vacation_min_response:`` 3d 4366 4367 Minimum time interval between consecutive vacation responses, per 4368 draft-ietf-vacation-seconds.txt. The default is 3 days. 4369 4370 For backward compatibility, if no unit is specified, seconds is 4371 assumed. 4372 4373 .. endblob sieve_vacation_min_response 4374 4375 .. startblob sieve_vacation_max_response 4376 4377 ``sieve_vacation_max_response:`` 90d 4378 4379 Maximum time interval between consecutive vacation responses, per 4380 draft-ietf-vacation-seconds.txt. The default is 90 days. The 4381 minimum is 7 days. 4382 4383 For backward compatibility, if no unit is specified, seconds is 4384 assumed. 4385 4386 .. endblob sieve_vacation_max_response 4387 4388 .. startblob sievedir 4389 4390 ``sievedir:`` /usr/sieve 4391 4392 If sieveusehomedir is false, this directory is searched for Sieve 4393 scripts. 4394 4395 .. endblob sievedir 4396 4397 .. startblob sievenotifier 4398 4399 ``sievenotifier:`` <none> 4400 4401 Notifyd(8) method to use for "SIEVE" notifications. If not set, "SIEVE" 4402 notifications are disabled. 4403 4404 This method is only used when no method is specified in the script. 4405 4406 .. endblob sievenotifier 4407 4408 .. startblob sieveusehomedir 4409 4410 ``sieveusehomedir:`` 0 4411 4412 If enabled, lmtpd will look for Sieve scripts in user's home 4413 directories: ~user/.sieve. 4414 4415 .. endblob sieveusehomedir 4416 4417 .. startblob anysievefolder 4418 4419 ``anysievefolder:`` 0 4420 4421 It must be "yes" in order to permit the autocreation of any INBOX subfolder 4422 requested by a sieve filter, through the "fileinto" action. (default = no) 4423 4424 .. endblob anysievefolder 4425 4426 .. startblob singleinstancestore 4427 4428 ``singleinstancestore:`` 1 4429 4430 If enabled, imapd, lmtpd and nntpd attempt to only write one copy 4431 of a message per partition and create hard links, resulting in a 4432 potentially large disk savings. 4433 4434 .. endblob singleinstancestore 4435 4436 .. startblob skiplist_always_checkpoint 4437 4438 ``skiplist_always_checkpoint:`` 1 4439 4440 If enabled, this option forces the skiplist cyrusdb backend to 4441 always checkpoint when doing a recovery. This causes slightly 4442 more IO, but on the other hand leads to more efficient databases, 4443 and the entire file is already "hot". 4444 4445 .. endblob skiplist_always_checkpoint 4446 4447 .. startblob skiplist_unsafe 4448 4449 ``skiplist_unsafe:`` 0 4450 4451 If enabled, this option forces the skiplist cyrusdb backend to 4452 not sync writes to the disk. Enabling this option is NOT RECOMMENDED. 4453 4454 .. endblob skiplist_unsafe 4455 4456 .. startblob smtp_backend 4457 4458 ``smtp_backend:`` sendmail 4459 4460 The SMTP backend to use for sending email. 4461 4462 The \"host\" backend sends message submissions via 4463 a TCP socket to the SMTP host defined in the config 4464 option smtp_host. 4465 4466 The \"sendmail\" backend forks the Cyrus process into 4467 the executable defined in the config option sendmail. 4468 The executable must accept \"-bs\" as command line 4469 argument, read from stdin and must implement the minimum 4470 SMTP protocol as defined in section 4.5.1 of :rfc:`5321`. 4471 4472 If the SMTP EHLO command reports AUTH (:rfc:`4954`) as a 4473 supported extension, then the MAIL FROM command includes 4474 the AUTH parameter, with its value set to the name of any 4475 authenticated user which triggered the email. The AUTH 4476 parameter is omitted if the user is unknown to the calling 4477 process. 4478 4479 If the directory 4480 *configdirectory*/log/smtpclient.\ *smtp_backend* 4481 exists, then telemetry logs for outgoing SMTP sessions will 4482 be created in this directory. 4483 4484 Allowed values: *host*, *sendmail* 4485 4486 4487 .. endblob smtp_backend 4488 4489 .. startblob smtp_host 4490 4491 ``smtp_host:`` localhost:587 4492 4493 The SMTP host to use for sending mail (also see the 4494 smtp_backend option). The value of this option must 4495 the name or IP address of a TCP host, followed optionally 4496 by a colon and the port or service to use. The default 4497 port is 587. TLS may be activated by appending \"/tls\" 4498 to the value. Authentication is enabled if smtp_auth_authname 4499 is set. Authentication can be explicitly disabled by appending 4500 \"/noauth\" to the host address. 4501 4502 .. endblob smtp_host 4503 4504 .. startblob smtp_auth_authname 4505 4506 ``smtp_auth_authname:`` <none> 4507 4508 The authentication name to use when authenticating to the SMTP 4509 server defined in smtp_host. 4510 4511 .. endblob smtp_auth_authname 4512 4513 .. startblob smtp_auth_password 4514 4515 ``smtp_auth_password:`` <none> 4516 4517 The password to use when authenticating to the SMTP server defined 4518 in smtp_host. 4519 4520 .. endblob smtp_auth_password 4521 4522 .. startblob smtp_auth_realm 4523 4524 ``smtp_auth_realm:`` <none> 4525 4526 The authentication SASL realm to use when authenticating to a SMTP 4527 server. 4528 4529 .. endblob smtp_auth_realm 4530 4531 .. startblob soft_noauth 4532 4533 ``soft_noauth:`` 1 4534 4535 If enabled, lmtpd returns temporary failures if the client does not 4536 successfully authenticate. Otherwise lmtpd returns permanent failures 4537 (causing the mail to bounce immediately). 4538 4539 .. endblob soft_noauth 4540 4541 .. startblob sortcache_db 4542 4543 ``sortcache_db:`` twoskip 4544 4545 The cyrusdb backend to use for caching sort results (currently only 4546 used for xconvmultisort) 4547 Allowed values: *skiplist*, *twoskip*, *zeroskip* 4548 4549 4550 .. endblob sortcache_db 4551 4552 .. startblob specialuse_extra 4553 4554 ``specialuse_extra:`` <none> 4555 4556 Whitespace separated list of extra special-use attributes 4557 that can be set on a mailbox. :rfc:`6154` currently lists 4558 what special-use attributes can be set. This allows 4559 extending that list in the future or adding your own 4560 if needed. 4561 4562 .. endblob specialuse_extra 4563 4564 .. startblob specialuse_protect 4565 4566 ``specialuse_protect:`` \\Archive \\Drafts \\Important \\Junk \\Sent \\Trash 4567 4568 Whitespace separated list of special-use attributes 4569 to protect the mailboxes for. If set, don't allow 4570 mailboxes with these special use attributes to be deleted 4571 or renamed to have a different parent. Default is the built-in list 4572 4573 .. endblob specialuse_protect 4574 4575 .. startblob specialusealways 4576 4577 ``specialusealways:`` 1 4578 4579 If enabled, this option causes LIST and LSUB output to always include 4580 the XLIST "special-use" flags 4581 4582 .. endblob specialusealways 4583 4584 .. startblob sql_database 4585 4586 ``sql_database:`` <none> 4587 4588 Name of the database which contains the cyrusdb table(s). 4589 4590 4591 .. endblob sql_database 4592 4593 .. startblob sql_engine 4594 4595 ``sql_engine:`` <none> 4596 4597 Name of the SQL engine to use. 4598 4599 Allowed values: *mysql*, *pgsql*, *sqlite* 4600 4601 4602 .. endblob sql_engine 4603 4604 .. startblob sql_hostnames 4605 4606 ``sql_hostnames:`` <empty string> 4607 4608 Comma separated list of SQL servers (in host[:port] format). 4609 4610 4611 .. endblob sql_hostnames 4612 4613 .. startblob sql_passwd 4614 4615 ``sql_passwd:`` <none> 4616 4617 Password to use for authentication to the SQL server. 4618 4619 4620 .. endblob sql_passwd 4621 4622 .. startblob sql_user 4623 4624 ``sql_user:`` <none> 4625 4626 Username to use for authentication to the SQL server. 4627 4628 4629 .. endblob sql_user 4630 4631 .. startblob sql_usessl 4632 4633 ``sql_usessl:`` 0 4634 4635 If enabled, a secure connection will be made to the SQL server. 4636 4637 4638 .. endblob sql_usessl 4639 4640 .. startblob srs_alwaysrewrite 4641 4642 ``srs_alwaysrewrite:`` 0 4643 4644 If true, perform SRS rewriting for ALL forwarding, even when not required. 4645 4646 4647 .. endblob srs_alwaysrewrite 4648 4649 .. startblob srs_domain 4650 4651 ``srs_domain:`` <none> 4652 4653 The domain to use in rewritten addresses. This must point only to machines 4654 which know the encoding secret used by this system. When present, SRS is 4655 enabled. 4656 4657 .. endblob srs_domain 4658 4659 .. startblob srs_hashlength 4660 4661 ``srs_hashlength:`` 0 4662 4663 The hash length to generate in a rewritten address. 4664 4665 4666 .. endblob srs_hashlength 4667 4668 .. startblob srs_secrets 4669 4670 ``srs_secrets:`` <none> 4671 4672 A list of secrets with which to generate addresses. 4673 4674 4675 .. endblob srs_secrets 4676 4677 .. startblob srs_separator 4678 4679 ``srs_separator:`` <none> 4680 4681 The separator to appear immediately after SRS[01] in rewritten addresses. 4682 4683 4684 .. endblob srs_separator 4685 4686 .. startblob srvtab 4687 4688 ``srvtab:`` <empty string> 4689 4690 The pathname of *srvtab* file containing the server's private 4691 key. This option is passed to the SASL library and overrides its 4692 default setting. 4693 4694 .. endblob srvtab 4695 4696 .. startblob submitservers 4697 4698 ``submitservers:`` <none> 4699 4700 A list of users and groups that are allowed to resolve "urlauth=submit+" 4701 IMAP URLs, separated by spaces. Any user listed in this will be 4702 allowed to fetch the contents of any valid "urlauth=submit+" IMAP URL: 4703 use with caution. 4704 4705 .. endblob submitservers 4706 4707 .. startblob subscription_db 4708 4709 ``subscription_db:`` flat 4710 4711 The cyrusdb backend to use for the subscriptions list. 4712 4713 Allowed values: *flat*, *skiplist*, *twoskip*, *zeroskip* 4714 4715 4716 .. endblob subscription_db 4717 4718 .. startblob suppress_capabilities 4719 4720 ``suppress_capabilities:`` <none> 4721 4722 Suppress the named capabilities from any capability response. Use the 4723 exact case as it appears in the response, e.g. 4724 "suppress_capabilities: ESEARCH QRESYNC WITHIN XLIST LIST-EXTENDED" 4725 if you have a murder with 2.3.x backends and don't want clients being 4726 confused by new capabilities that some backends don't support. 4727 4728 .. endblob suppress_capabilities 4729 4730 .. startblob statuscache 4731 4732 ``statuscache:`` 0 4733 4734 Enable/disable the imap status cache. 4735 4736 4737 .. endblob statuscache 4738 4739 .. startblob statuscache_db 4740 4741 ``statuscache_db:`` twoskip 4742 4743 The cyrusdb backend to use for the imap status cache. 4744 4745 Allowed values: *skiplist*, *sql*, *twoskip*, *zeroskip* 4746 4747 4748 .. endblob statuscache_db 4749 4750 .. startblob statuscache_db_path 4751 4752 ``statuscache_db_path:`` <none> 4753 4754 The absolute path to the statuscache db file. If not specified, 4755 will be configdirectory/statuscache.db 4756 4757 .. endblob statuscache_db_path 4758 4759 .. startblob sync_authname 4760 4761 ``sync_authname:`` <none> 4762 4763 The authentication name to use when authenticating to a sync server. 4764 Prefix with a channel name to only apply for that channel 4765 4766 .. endblob sync_authname 4767 4768 .. startblob sync_batchsize 4769 4770 ``sync_batchsize:`` 8192 4771 4772 the number of messages to upload in a single mailbox replication. 4773 Default is 8192. If there are more than this many messages appended 4774 to the mailbox, generate a synthetic partial state and send that. 4775 4776 .. endblob sync_batchsize 4777 4778 .. startblob sync_host 4779 4780 ``sync_host:`` <none> 4781 4782 Name of the host (replica running sync_server(8)) to which 4783 replication actions will be sent by sync_client(8). 4784 Prefix with a channel name to only apply for that channel 4785 4786 .. endblob sync_host 4787 4788 .. startblob sync_log 4789 4790 ``sync_log:`` 0 4791 4792 Enable replication action logging by lmtpd(8), imapd(8), pop3d(8), 4793 and nntpd(8). The log {configdirectory}/sync/log is used by 4794 sync_client(8) for "rolling" replication. 4795 4796 .. endblob sync_log 4797 4798 .. startblob sync_log_chain 4799 4800 ``sync_log_chain:`` 0 4801 4802 Enable replication action logging by sync_server as well, allowing 4803 chaining of replicas. Use this on 'B' for A => B => C replication layout 4804 4805 .. endblob sync_log_chain 4806 4807 .. startblob sync_log_channels 4808 4809 ``sync_log_channels:`` <none> 4810 4811 If specified, log all events to multiple log files in directories 4812 specified by each "channel". Each channel can then be processed 4813 separately, such as by multiple sync_client(8)s in a mesh replication 4814 scheme, or by squatter(8) for rolling search index updates. 4815 4816 You can use "" (the two-character string U+22 U+22) to mean the 4817 default sync channel. 4818 4819 .. endblob sync_log_channels 4820 4821 .. startblob sync_log_unsuppressable_channels 4822 4823 ``sync_log_unsuppressable_channels:`` squatter 4824 4825 If specified, the named channels are exempt from the effect of setting 4826 sync_log_chain:off, i.e. they are always logged to by the sync_server 4827 process. This is only really useful to allow rolling search indexing 4828 on a replica. 4829 4830 .. endblob sync_log_unsuppressable_channels 4831 4832 .. startblob sync_password 4833 4834 ``sync_password:`` <none> 4835 4836 The default password to use when authenticating to a sync server. 4837 Prefix with a channel name to only apply for that channel 4838 4839 .. endblob sync_password 4840 4841 .. startblob sync_port 4842 4843 ``sync_port:`` <none> 4844 4845 Name of the service (or port number) of the replication service on 4846 replica host. Prefix with a channel name to only apply for that 4847 channel. If not specified, and if sync_try_imap is set to "yes" 4848 (the default), then the replication client will first try "imap" 4849 (port 143) to check if imapd supports replication. otherwise it 4850 will default to "csync" (usually port 2005). 4851 4852 .. endblob sync_port 4853 4854 .. startblob sync_realm 4855 4856 ``sync_realm:`` <none> 4857 4858 The authentication realm to use when authenticating to a sync server. 4859 Prefix with a channel name to only apply for that channel 4860 4861 .. endblob sync_realm 4862 4863 .. startblob sync_repeat_interval 4864 4865 ``sync_repeat_interval:`` 1s 4866 4867 Minimum interval between replication runs in rolling replication 4868 mode. If a replication run takes longer than this time, we repeat 4869 immediately. Prefix with a channel name to only apply for that 4870 channel. 4871 4872 For backward compatibility, if no unit is specified, seconds is 4873 assumed. 4874 4875 .. endblob sync_repeat_interval 4876 4877 .. startblob sync_shutdown_file 4878 4879 ``sync_shutdown_file:`` <none> 4880 4881 Simple latch used to tell sync_client(8) that it should shut down at the 4882 next opportunity. Safer than sending signals to running processes. 4883 Prefix with a channel name to only apply for that channel 4884 4885 .. endblob sync_shutdown_file 4886 4887 .. startblob sync_timeout 4888 4889 ``sync_timeout:`` 30m 4890 4891 How long to wait for a response before returning a timeout failure 4892 when talking to a replication peer (client or server). The minimum 4893 duration is 3 seconds, the default is 30 minutes. 4894 4895 For backward compatibility, if no unit is specified, seconds is 4896 assumed. 4897 4898 .. endblob sync_timeout 4899 4900 .. startblob sync_try_imap 4901 4902 ``sync_try_imap:`` 1 4903 4904 Whether sync_client should try to perform an IMAP connection 4905 before falling back to csync. If this is set to "no", 4906 sync_client will only use csync. Prefix with a channel name to 4907 apply only for that channel 4908 4909 .. endblob sync_try_imap 4910 4911 .. startblob syslog_prefix 4912 4913 ``syslog_prefix:`` <none> 4914 4915 String to be prepended to the process name in syslog entries. Can 4916 be further overridden by setting the $CYRUS_SYSLOG_PREFIX environment 4917 variable. 4918 4919 Using the $CYRUS_SYSLOG_PREFIX environment variable has the additional 4920 advantage that it can be set before the **imapd.conf** is read, so 4921 errors while reading the config file can be syslogged with the correct 4922 prefix. 4923 4924 .. endblob syslog_prefix 4925 4926 .. startblob syslog_facility 4927 4928 ``syslog_facility:`` <none> 4929 4930 Configure a syslog facility. The default is whatever is compiled 4931 in. Allowed values are: DAEMON, MAIL, NEWS, USER, and LOCAL0 4932 through to LOCAL7 4933 4934 .. endblob syslog_facility 4935 4936 .. startblob tcp_keepalive 4937 4938 ``tcp_keepalive:`` 0 4939 4940 Enable keepalive on TCP connections 4941 4942 4943 .. endblob tcp_keepalive 4944 4945 .. startblob tcp_keepalive_cnt 4946 4947 ``tcp_keepalive_cnt:`` 0 4948 4949 Number of TCP keepalive probes to send before declaring the 4950 connection dead (0 == system default) 4951 4952 .. endblob tcp_keepalive_cnt 4953 4954 .. startblob tcp_keepalive_idle 4955 4956 ``tcp_keepalive_idle:`` 0 4957 4958 How long a connection must be idle before keepalive probes are sent 4959 (0 == system default). 4960 4961 For backward compatibility, if no unit is specified, seconds is 4962 assumed. 4963 4964 .. endblob tcp_keepalive_idle 4965 4966 .. startblob tcp_keepalive_intvl 4967 4968 ``tcp_keepalive_intvl:`` 0 4969 4970 Time between keepalive probes (0 == system default). 4971 4972 For backward compatibility, if no unit is specified, seconds is 4973 assumed. 4974 4975 .. endblob tcp_keepalive_intvl 4976 4977 .. startblob temp_path 4978 4979 ``temp_path:`` /tmp 4980 4981 The pathname to store temporary files in 4982 4983 4984 .. endblob temp_path 4985 4986 .. startblob telemetry_bysessionid 4987 4988 ``telemetry_bysessionid:`` 0 4989 4990 If true, log by sessionid instead of PID for telemetry 4991 4992 4993 .. endblob telemetry_bysessionid 4994 4995 .. startblob timeout 4996 4997 ``timeout:`` 32m 4998 4999 The length of the IMAP server's inactivity autologout timer. 5000 The minimum value is 30 minutes. The default is 32 minutes, 5001 to allow a bit of leeway for clients that try to NOOP every 5002 30 minutes. 5003 5004 For backward compatibility, if no unit is specified, minutes 5005 is assumed. 5006 5007 .. endblob timeout 5008 5009 .. startblob imapidletimeout 5010 5011 ``imapidletimeout:`` <none> 5012 5013 Timeout for idling clients (:rfc:`2177`). If not set (the default), 5014 the value of "timeout" will be used instead. 5015 5016 For backward compatibility, if no unit is specified, minutes 5017 is assumed. 5018 5019 .. endblob imapidletimeout 5020 5021 .. startblob tls_ca_file 5022 5023 ``tls_ca_file:`` <none> 5024 5025 Deprecated in favor of *tls_client_ca_file*. 5026 5027 5028 .. endblob tls_ca_file 5029 5030 .. startblob tls_ca_path 5031 5032 ``tls_ca_path:`` <none> 5033 5034 Deprecated in favor of *tls_client_ca_dir*. 5035 5036 5037 .. endblob tls_ca_path 5038 5039 .. startblob tlscache_db 5040 5041 ``tlscache_db:`` twoskip 5042 5043 Deprecated in favor of *tls_sessions_db*. 5044 5045 5046 .. endblob tlscache_db 5047 5048 .. startblob tlscache_db_path 5049 5050 ``tlscache_db_path:`` <none> 5051 5052 Deprecated in favor of *tls_sessions_db_path*. 5053 5054 5055 .. endblob tlscache_db_path 5056 5057 .. startblob tls_cert_file 5058 5059 ``tls_cert_file:`` <none> 5060 5061 Deprecated in favor of *tls_server_cert*. 5062 5063 5064 .. endblob tls_cert_file 5065 5066 .. startblob tls_cipher_list 5067 5068 ``tls_cipher_list:`` DEFAULT 5069 5070 Deprecated in favor of *tls_ciphers*. 5071 5072 5073 .. endblob tls_cipher_list 5074 5075 .. startblob tls_ciphers 5076 5077 ``tls_ciphers:`` DEFAULT 5078 5079 The list of SSL/TLS ciphers to allow. The format of the string 5080 (and definition of "DEFAULT") is described in **ciphers(1)**. 5081 5082 See also Mozilla's server-side TLS recommendations: 5083 5084 https://wiki.mozilla.org/Security/Server_Side_TLS 5085 5086 .. endblob tls_ciphers 5087 5088 .. startblob tls_crl_file 5089 5090 ``tls_crl_file:`` <none> 5091 5092 Path to a file containing the Certificate Revocation List 5093 5094 5095 .. endblob tls_crl_file 5096 5097 .. startblob tls_client_ca_dir 5098 5099 ``tls_client_ca_dir:`` <none> 5100 5101 Path to a directory containing the CA certificates used to verify 5102 client SSL certificates used for authentication. 5103 5104 .. endblob tls_client_ca_dir 5105 5106 .. startblob tls_client_ca_file 5107 5108 ``tls_client_ca_file:`` <none> 5109 5110 Path to a file containing the CA certificate(s) used to verify 5111 client SSL certificates used for authentication. 5112 5113 .. endblob tls_client_ca_file 5114 5115 .. startblob tls_client_cert 5116 5117 ``tls_client_cert:`` <none> 5118 5119 File containing the certificate presented to a server for authentication 5120 during STARTTLS. A value of "disabled" will disable this server's use 5121 of certificate-based authentication. 5122 5123 .. endblob tls_client_cert 5124 5125 .. startblob tls_client_certs 5126 5127 ``tls_client_certs:`` optional 5128 5129 Disable ("off"), allow ("optional", default) or require ("require") the 5130 use of SSL certificates by clients to authenticate themselves. 5131 Allowed values: *off*, *optional*, *require* 5132 5133 5134 .. endblob tls_client_certs 5135 5136 .. startblob tls_client_key 5137 5138 ``tls_client_key:`` <none> 5139 5140 File containing the private key belonging to the tls_client_cert 5141 certificate. A value of "disabled" will disable this server's use 5142 of certificate-based authentication. 5143 5144 .. endblob tls_client_key 5145 5146 .. startblob tls_eccurve 5147 5148 ``tls_eccurve:`` prime256v1 5149 5150 The elliptic curve used for ECDHE. Default is NIST Suite B prime256. 5151 See 'openssl ecparam -list_curves' for possible values. 5152 5153 .. endblob tls_eccurve 5154 5155 .. startblob tls_key_file 5156 5157 ``tls_key_file:`` <none> 5158 5159 Deprecated in favor of *tls_server_key*. 5160 5161 5162 .. endblob tls_key_file 5163 5164 .. startblob tls_required 5165 5166 ``tls_required:`` 0 5167 5168 If enabled, require a TLS/SSL encryption layer to be negotiated 5169 prior to ANY authentication mechanisms being advertised or allowed. 5170 5171 .. endblob tls_required 5172 5173 .. startblob tls_prefer_server_ciphers 5174 5175 ``tls_prefer_server_ciphers:`` 0 5176 5177 Prefer the ciphers on the server side instead of client side. 5178 5179 5180 .. endblob tls_prefer_server_ciphers 5181 5182 .. startblob tls_server_ca_dir 5183 5184 ``tls_server_ca_dir:`` <none> 5185 5186 Path to a directory with CA certificates used to verify certificates 5187 offered by the server, when cyrus acts as client. This directory must 5188 have filenames with the hashed value of the certificates (see 5189 openssl(1)). 5190 5191 .. endblob tls_server_ca_dir 5192 5193 .. startblob tls_server_ca_file 5194 5195 ``tls_server_ca_file:`` <none> 5196 5197 Path to a file containing CA certificates used to verify certificates 5198 offered by the server, when cyrus acts as client. 5199 5200 .. endblob tls_server_ca_file 5201 5202 .. startblob tls_server_cert 5203 5204 ``tls_server_cert:`` <none> 5205 5206 File containing the certificate, including the full chain, presented to clients. 5207 Two certificates can be set, e.g RSA and EC, if the filenames are separated with 5208 comma without spaces. 5209 5210 .. endblob tls_server_cert 5211 5212 .. startblob tls_server_dhparam 5213 5214 ``tls_server_dhparam:`` <none> 5215 5216 File containing the DH parameters belonging to the certificate in 5217 tls_server_cert. 5218 5219 .. endblob tls_server_dhparam 5220 5221 .. startblob tls_server_key 5222 5223 ``tls_server_key:`` <none> 5224 5225 File containing the private key belonging to the certificate in 5226 tls_server_cert. If not set, tls_server_cert must contain both private and 5227 public key. Two files with keys can be set, if two certificates are used, in 5228 which case the files must be separated with comma without spaces 5229 5230 .. endblob tls_server_key 5231 5232 .. startblob tls_sessions_db 5233 5234 ``tls_sessions_db:`` twoskip 5235 5236 The cyrusdb backend to use for the TLS cache. 5237 5238 Allowed values: *skiplist*, *sql*, *twoskip*, *zeroskip* 5239 5240 5241 .. endblob tls_sessions_db 5242 5243 .. startblob tls_sessions_db_path 5244 5245 ``tls_sessions_db_path:`` <none> 5246 5247 The absolute path to the TLS sessions db file. If not specified, 5248 will be configdirectory/tls_sessions.db 5249 5250 .. endblob tls_sessions_db_path 5251 5252 .. startblob tls_session_timeout 5253 5254 ``tls_session_timeout:`` 24h 5255 5256 The length of time that a TLS session will be cached for later 5257 reuse. The maximum value is 24 hours, also the default. A 5258 value of 0 will disable session caching. 5259 5260 For backward compatibility, if no unit is specified, minutes is 5261 assumed. 5262 5263 .. endblob tls_session_timeout 5264 5265 .. startblob tls_versions 5266 5267 ``tls_versions:`` tls1_0 tls1_1 tls1_2 tls1_3 5268 5269 A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS starts 5270 with all protocols, and subtracts protocols not in this list. Newer 5271 versions of SSL/TLS will need to be added here to allow them to get 5272 disabled. 5273 5274 .. endblob tls_versions 5275 5276 .. startblob uidl_format 5277 5278 ``uidl_format:`` cyrus 5279 5280 Choose the format for UIDLs in pop3. Possible values are "uidonly", 5281 "cyrus", "dovecot" and "courier". "uidonly" forces the old default 5282 of UID, "cyrus" is UIDVALIDITY.UID. Dovecot is 8 digits of leading 5283 hex (lower case) each UID UIDVALIDITY. Courier is UIDVALIDITY-UID. 5284 Allowed values: *uidonly*, *cyrus*, *dovecot*, *courier* 5285 5286 5287 .. endblob uidl_format 5288 5289 .. startblob umask 5290 5291 ``umask:`` 077 5292 5293 The umask value used by various Cyrus IMAP programs. 5294 5295 5296 .. endblob umask 5297 5298 .. startblob userdeny_db 5299 5300 ``userdeny_db:`` flat 5301 5302 The cyrusdb backend to use for the user access list. 5303 5304 Allowed values: *flat*, *skiplist*, *sql*, *twoskip*, *zeroskip* 5305 5306 5307 .. endblob userdeny_db 5308 5309 .. startblob userdeny_db_path 5310 5311 ``userdeny_db_path:`` <none> 5312 5313 The absolute path to the userdeny db file. If not specified, 5314 will be configdirectory/user_deny.db 5315 5316 .. endblob userdeny_db_path 5317 5318 .. startblob username_tolower 5319 5320 ``username_tolower:`` 1 5321 5322 Convert usernames to all lowercase before login/authentication. This 5323 is useful with authentication backends which ignore case during 5324 username lookups (such as LDAP). 5325 5326 .. endblob username_tolower 5327 5328 .. startblob userprefix 5329 5330 ``userprefix:`` Other Users 5331 5332 If using the alternate IMAP namespace, the prefix for the other users 5333 namespace. The hierarchy delimiter will be automatically appended. 5334 5335 .. endblob userprefix 5336 5337 .. startblob unix_group_enable 5338 5339 ``unix_group_enable:`` 1 5340 5341 Should we look up groups when using auth_unix (disable this if you are 5342 not using groups in ACLs for your IMAP server, and you are using auth_unix 5343 with a backend (such as LDAP) that can make getgrent() calls very 5344 slow) 5345 5346 .. endblob unix_group_enable 5347 5348 .. startblob unixhierarchysep 5349 5350 ``unixhierarchysep:`` 1 5351 5352 Use the UNIX separator character '/' for delimiting levels of 5353 mailbox hierarchy. Turn off to use the netnews separator 5354 character '.'. Note that with the newnews separator, no dots may 5355 occur in mailbox names. The default switched in 3.0 from off to on. 5356 5357 .. endblob unixhierarchysep 5358 5359 .. startblob virtdomains 5360 5361 ``virtdomains:`` off 5362 5363 Configure virtual domain support. 5364 5365 off 5366 Cyrus does not know or care about domains. Only the local part of email 5367 addresses is ever considered. This is not recommended for any deployment, 5368 but is currently the default. 5369 5370 userid 5371 The user's domain is determined by splitting a fully qualified userid at the 5372 last '@' or '%' symbol. If the userid is unqualified, the *defaultdomain* 5373 will be used. This is the recommended configuration for all deployments. 5374 If you wish to provide calendaring services you must use this configuration. 5375 5376 on 5377 Fully qualified userids are respected, as per "userid". Unqualified userids 5378 will have their domain determined by doing a reverse lookup on the IP address 5379 of the incoming network interface, or if no record is found, the 5380 *defaultdomain* will be used. 5381 5382 5383 5384 Allowed values: *off*, *userid*, *on* 5385 5386 5387 .. endblob virtdomains 5388 5389 .. startblob virusscan_notification_subject 5390 5391 ``virusscan_notification_subject:`` Automatically deleted mail 5392 5393 The text used in the subject of email notifications created by 5394 **cyr_virusscan(8)** when deleting infected mail. 5395 5396 .. endblob virusscan_notification_subject 5397 5398 .. startblob virusscan_notification_template 5399 5400 ``virusscan_notification_template:`` <none> 5401 5402 The absolute path to a file containing a template to use to describe 5403 infected messages that have been deleted by **cyr_virusscan(8)**. 5404 See **cyr_virusscan(8)** for specification of the format of this file. 5405 If not specified, the builtin default template will be used. 5406 5407 .. endblob virusscan_notification_template 5408 5409 .. startblob xbackup_enabled 5410 5411 ``xbackup_enabled:`` 0 5412 5413 Enable support for the XBACKUP command in imapd. If enabled, admin 5414 users can use this command to provoke a replication of specified users 5415 to the named backup channel. 5416 5417 .. endblob xbackup_enabled 5418 5419 .. startblob xlist-flag 5420 5421 ``xlist-flag:`` <none> 5422 5423 Set the special-use flag *flag* on the specified folder when it 5424 is autocreated (see the *autocreate_inbox_folders* option). For 5425 example, if **xlist-junk: Spam** is set, and the folder **Spam** 5426 is autocreated, the special-use flag **\\Junk** will be set on it. 5427 5428 (This option is so named for backward compatibility with old config 5429 files.) 5430 5431 5432 .. endblob xlist-flag 5433 5434 .. startblob lmtp_catchall_mailbox 5435 5436 ``lmtp_catchall_mailbox:`` <none> 5437 5438 Mail sent to mailboxes which do not exist, will be delivered to 5439 this user. NOTE: This must be an existing local user name with an 5440 INBOX, NOT an email address! 5441 5442 .. endblob lmtp_catchall_mailbox 5443 5444 .. startblob zoneinfo_db 5445 5446 ``zoneinfo_db:`` twoskip 5447 5448 The cyrusdb backend to use for zoneinfo. This database is used by the 5449 "tzdist" *httpmodules*, and is managed by **ctl_zoneinfo(8)**. 5450 Allowed values: *flat*, *skiplist*, *twoskip*, *zeroskip* 5451 5452 5453 .. endblob zoneinfo_db 5454 5455 .. startblob zoneinfo_db_path 5456 5457 ``zoneinfo_db_path:`` <none> 5458 5459 The absolute path to the zoneinfo db file. If not specified, 5460 will be configdirectory/zoneinfo.db 5461 5462 .. endblob zoneinfo_db_path 5463 5464 .. startblob zoneinfo_dir 5465 5466 ``zoneinfo_dir:`` <none> 5467 5468 The absolute path to the zoneinfo directory, containing timezone 5469 definitions as generated by the vzic tool. If not specified, whatever 5470 definitions libical finds will be used. 5471 5472 If you are providing a Time Zone Data Distribution Service (i.e. you have 5473 "tzdist" listed in *httpmodules*), then this configuration option MUST 5474 be specified. 5475 5476 .. endblob zoneinfo_dir 5477 5478 .. startblob object_storage_enabled 5479 5480 ``object_storage_enabled:`` 0 5481 5482 Is Object storage enabled for this server. You also need to have 5483 archiving enabled and archivepartition for the mailbox. 5484 Only email files will be stored on object Storage archive partition will be 5485 used to store any other files 5486 5487 .. endblob object_storage_enabled 5488 5489 .. startblob object_storage_dummy_spool 5490 5491 ``object_storage_dummy_spool:`` <none> 5492 5493 Dummy object storage spool; this is for test only. 5494 Spool where user directory (container) will be created to store all emails 5495 in a flat structure 5496 5497 .. endblob object_storage_dummy_spool 5498 5499 .. startblob openio_namespace 5500 5501 ``openio_namespace:`` <none> 5502 5503 The OpenIO namespace used to store archived email messages. A namespace 5504 identifies the physical platform cyrus must contact. This directive is used 5505 by the OpenIO's SDK to locate its platform entry point. 5506 5507 .. endblob openio_namespace 5508 5509 .. startblob openio_account 5510 5511 ``openio_account:`` <none> 5512 5513 The OpenIO account used to account for stored emails. Accounts are unique 5514 in their namespace. They provides virtual partitions, with quotas and QoS 5515 features. 5516 5517 .. endblob openio_account 5518 5519 .. startblob openio_rawx_timeout 5520 5521 ``openio_rawx_timeout:`` 30s 5522 5523 The OpenIO timeout to query to the RAWX services (default 30 sec). 5524 5525 5526 .. endblob openio_rawx_timeout 5527 5528 .. startblob openio_proxy_timeout 5529 5530 ``openio_proxy_timeout:`` 5s 5531 5532 The OpenIO timeout to query to the PROXY services (default 5 sec). 5533 5534 5535 .. endblob openio_proxy_timeout 5536 5537 .. startblob openio_autocreate 5538 5539 ``openio_autocreate:`` 0 5540 5541 Allow the OpenIO SDK to autocreate containers. Mainly destined to be turned 5542 on development environments. In production, the container should have been 5543 provisioned with the mailboxes. 5544 5545 .. endblob openio_autocreate 5546 5547 .. startblob openio_verbosity 5548 5549 ``openio_verbosity:`` <none> 5550 5551 Sets the logging verbosity of the OpenIO's internal behavior. Admissible 5552 values are: "warning", "notice", "info", "debug", "trace", "quiet". 5553 The default verbosity is "warning". Set to "notice" for a few lines on a 5554 per-client basis. Set to "info" for a few lines on a per-request basis. Set 5555 to "debug" Set to "trace" to activate the underlying libcurl debug 5556 output. Enabling a verbosity higher to equal than "debug" requires 5557 the cyrus to be set in debug mode. The special "quiet" value disables all 5558 kinds of logging at the GLib level. 5559 5560 .. endblob openio_verbosity 5561 5562 .. startblob caringo_hostname 5563 5564 ``caringo_hostname:`` <none> 5565 5566 The Caringo hostname used to store archived email messages. A hostname 5567 identifies the physical platform cyrus must contact. This directive is used 5568 by the Caringo's SDK (CastorSDK: Caringo Simple Content Storage Protocol (SCSP) 5569 on HTTP 1.1 using a RESTful architecture 5570 5571 .. endblob caringo_hostname 5572 5573 .. startblob caringo_port 5574 5575 ``caringo_port:`` 80 5576 5577 The port of the caringo server (caringo_hostname); default is 80. 5578 5579 5580 .. endblob caringo_port 5581 5582 .. startblob fastmailsharing 5583 5584 ``fastmailsharing:`` 0 5585 5586 If enabled, use FastMail style sharing (oldschool full server paths) 5587 5588 5589 .. endblob fastmailsharing 5590 5591 5592SEE ALSO 5593======== 5594 5595 5596 **imapd(8)**, **pop3d(8)**, **nntpd(8)**, **lmtpd(8)**, 5597 **httpd(8)**, **timsieved(8)**, **idled(8)**, **notifyd(8)**, 5598 **deliver(8)**, **master(8)**, **ciphers(1)** 5599 5600