1## imapproxy.conf
2##
3## This is the global configuration file for SquirrelMail IMAP Proxy.
4## Lines beginning with a '#' sign are treated as comments and will be
5## ignored.  Each line to be processed must be a space delimited
6## keyword/value pair.
7##
8
9#
10## server_hostname
11##
12## This setting controls which IMAP server we proxy our connections to.
13#
14server_hostname your.imap.server.com
15
16
17#
18## connect_retries
19##
20## This setting controls how many times we retry connecting to our server.
21## The delay between retries is configurable with 'connect_delay'
22#
23connect_retries 10
24connect_delay 5
25
26#
27## cache_size
28##
29## This setting determines how many in-core IMAP connection structures
30## will be allocated.  As such, it determines not only how many cached
31## connections will be allowed, but really the total number of simultaneous
32## connections, cached and active.
33#
34cache_size 3072
35
36
37#
38## listen_port
39##
40## This setting specifies which port the proxy server will bind to and
41## accept incoming connections from.
42#
43listen_port 143
44
45
46#
47## listen_address
48##
49## This setting specifies which address the proxy server will bind to and
50## accept incoming connections to.  If undefined, bind to all.
51## Must be a dotted decimal IP address.
52#
53#listen_address 127.0.0.1
54
55
56#
57## server_port
58##
59## This setting specifies the port that server_hostname is listening on.
60## This is the TCP port that we proxy inbound connections to.
61##
62## If you are using SSL with IMAP Proxy, note that unless the server is
63## highly non-standard, this should still be set to the server's normal,
64## unencrypted IMAP port and should NOT be set to port 993, since IMAP
65## Proxy uses STARTTLS to encrypt a "normal" IMAP connection.
66##
67## If the server is only available via (encrypted) port 993, please
68## consult the README.ssl file for help.
69#
70server_port 143
71
72#
73## cache_expiration_time
74##
75## This setting controls how many seconds an inactive connection will be
76## cached.
77#
78cache_expiration_time 300
79
80
81#
82## proc_username
83##
84## This setting controls which username the IMAP proxy process will run as.
85## It is not allowed to run as "root".
86#
87proc_username nobody
88
89#
90## proc_groupname
91##
92## This setting controls which groupname the IMAP proxy process will run as.
93#
94proc_groupname nobody
95
96
97#
98## stat_filename
99##
100## This is the path to the filename that the proxy server mmap()s to
101## write statistical data to.  This is the file that pimpstat needs to
102## look at to be able to provide its useful stats.
103#
104stat_filename /var/run/pimpstats
105
106
107#
108## protocol_log_filename
109##
110## protocol logging may only be turned on for one user at a time.  All
111## protocol logging data is written to the file specified by this path.
112#
113protocol_log_filename /var/log/imapproxy_protocol.log
114
115
116#
117## syslog_facility
118##
119## The logging facility to be used for all syslog calls.  If nothing is
120## specified here, it will default to LOG_MAIL.  Any of the possible
121## facilities listed in the syslog(3) manpage may be used here except
122## LOG_KERN.
123#
124syslog_facility LOG_MAIL
125
126
127#
128## syslog_prioritymask
129##
130## This configuration option is provided as a way to limit the verbosity
131## of squirrelmail-imap_proxy.  If no value is specified, it will default
132## to no priority mask and you'll see all possible log messages.  Any of
133## the possible priority values listed in the syslog(3) manpage may be
134## used here.  By default, you will see all possible log messages.
135#
136#syslog_prioritymask LOG_WARNING
137
138
139#
140## send_tcp_keepalives
141##
142## This determines whether the SO_KEEPALIVE option will be set on all
143## sockets.
144#
145send_tcp_keepalives no
146
147
148#
149## enable_select_cache
150##
151## This configuration option allows you to turn select caching on or off.
152## When select caching is enabled, squirrelmail-imap_proxy will cache SELECT
153## responses from an IMAP server.
154#
155enable_select_cache no
156
157
158#
159## foreground_mode
160##
161## This will prevent squirrelmail-imap_proxy from detaching from its parent
162## process and controlling terminal on startup.
163#
164foreground_mode no
165
166
167#
168## force_tls
169##
170## Force squirrelmail-imap_proxy to use STARTTLS even if LOGIN is not
171## disabled (unsecured connections will not be used).
172#
173force_tls no
174
175
176#
177## chroot_directory
178##
179## This allows squirrelmail-imap_proxy to run in a chroot jail if desired.
180## If commented out, squirrelmail-imap_proxy will not run chroot()ed.  If
181## a directory is specified here, squirrelmail-imap_proxy will chroot() to
182## that directory.
183#
184#chroot_directory /var/empty
185
186
187#
188## preauth_command
189##
190## Arbitrary command that can be sent to the server before
191## authenticating users.  This can be useful to access non-
192## standard IMAP servers such as Yahoo!, which requires the
193## following command to be sent before authentication is allowed:
194##    ID ("GUID" "1")
195## (See: http://en.wikipedia.org/wiki/Yahoo!_Mail#Free_IMAP_and_SMTPs_access )
196## To use such a command, this setting should look like this:
197##    preauth_command ID ("GUID" "1")
198## No matter what this command is, it is expected to return an
199## OK response
200#
201#preauth_command
202
203
204#
205## enable_admin_commands
206##
207## Used to enable or disable the internal squirrelmail-imap_proxy
208## administrative commands.
209#
210enable_admin_commands no
211
212
213#
214## TLS configuration options
215#
216#tls_ca_file /usr/share/ssl/certs/ca-bundle.crt
217#tls_ca_path /usr/share/ssl/certs/
218#tls_cert_file /usr/share/ssl/certs/mycert.crt
219#tls_key_file /usr/share/ssl/certs/mycert.key
220#tls_verify_server no
221#tls_ciphers ALL:!aNULL:!eNULL
222
223
224#
225## Set any of these to "yes" if the corresponding TLS version is not
226## sufficiently secure for your needs
227#
228#tls_no_tlsv1 no
229#tls_no_tlsv1.1 no
230#tls_no_tlsv1.2 no
231
232
233#
234## Authenticate using SASL AUTHENTICATE PLAIN
235##
236## The following authentication username and password are used
237## along with the username from the client as the authorization
238## identity.  In order to avoid having the service wide open (no
239## password needed from the client), the client is required to
240## send the auth_shared_secret in leiu of a user password.
241##
242## NOTE: This functionality *assumes* that the server supports
243##       AUTHENTICATE PLAIN, and it does *not* verify this by
244##       looking at the server's capabilities list.
245#
246#auth_sasl_plain_username
247#auth_sasl_plain_password
248#auth_shared_secret
249
250
251#
252## Use DNS RR
253#
254## Use DNS round robin to cycle through all returned RRs we
255## got when looking up the IMAP server with getaddrinfo().
256## Default is no.
257##
258#
259#dns_rr yes
260
261
262#
263## Limit DNS requests to AF_INET or AF_INET6
264##
265## Set ipversion_only to 4 or 6 accordingly.
266## Default if unset is AF_UNSPEC for both A and AAAA.
267#
268#ipversion_only 6
269
270
271