1## imapproxy.conf 2## 3## This is the global configuration file for SquirrelMail IMAP Proxy. 4## Lines beginning with a '#' sign are treated as comments and will be 5## ignored. Each line to be processed must be a space delimited 6## keyword/value pair. 7## 8 9# 10## server_hostname 11## 12## This setting controls which IMAP server we proxy our connections to. 13# 14server_hostname your.imap.server.com 15 16 17# 18## connect_retries 19## 20## This setting controls how many times we retry connecting to our server. 21## The delay between retries is configurable with 'connect_delay' 22# 23connect_retries 10 24connect_delay 5 25 26# 27## cache_size 28## 29## This setting determines how many in-core IMAP connection structures 30## will be allocated. As such, it determines not only how many cached 31## connections will be allowed, but really the total number of simultaneous 32## connections, cached and active. 33# 34cache_size 3072 35 36 37# 38## listen_port 39## 40## This setting specifies which port the proxy server will bind to and 41## accept incoming connections from. 42# 43listen_port 143 44 45 46# 47## listen_address 48## 49## This setting specifies which address the proxy server will bind to and 50## accept incoming connections to. If undefined, bind to all. 51## Must be a dotted decimal IP address. 52# 53#listen_address 127.0.0.1 54 55 56# 57## server_port 58## 59## This setting specifies the port that server_hostname is listening on. 60## This is the TCP port that we proxy inbound connections to. 61## 62## If you are using SSL with IMAP Proxy, note that unless the server is 63## highly non-standard, this should still be set to the server's normal, 64## unencrypted IMAP port and should NOT be set to port 993, since IMAP 65## Proxy uses STARTTLS to encrypt a "normal" IMAP connection. 66## 67## If the server is only available via (encrypted) port 993, please 68## consult the README.ssl file for help. 69# 70server_port 143 71 72# 73## cache_expiration_time 74## 75## This setting controls how many seconds an inactive connection will be 76## cached. 77# 78cache_expiration_time 300 79 80 81# 82## proc_username 83## 84## This setting controls which username the IMAP proxy process will run as. 85## It is not allowed to run as "root". 86# 87proc_username nobody 88 89# 90## proc_groupname 91## 92## This setting controls which groupname the IMAP proxy process will run as. 93# 94proc_groupname nobody 95 96 97# 98## stat_filename 99## 100## This is the path to the filename that the proxy server mmap()s to 101## write statistical data to. This is the file that pimpstat needs to 102## look at to be able to provide its useful stats. 103# 104stat_filename /var/run/pimpstats 105 106 107# 108## protocol_log_filename 109## 110## protocol logging may only be turned on for one user at a time. All 111## protocol logging data is written to the file specified by this path. 112# 113protocol_log_filename /var/log/imapproxy_protocol.log 114 115 116# 117## syslog_facility 118## 119## The logging facility to be used for all syslog calls. If nothing is 120## specified here, it will default to LOG_MAIL. Any of the possible 121## facilities listed in the syslog(3) manpage may be used here except 122## LOG_KERN. 123# 124syslog_facility LOG_MAIL 125 126 127# 128## syslog_prioritymask 129## 130## This configuration option is provided as a way to limit the verbosity 131## of squirrelmail-imap_proxy. If no value is specified, it will default 132## to no priority mask and you'll see all possible log messages. Any of 133## the possible priority values listed in the syslog(3) manpage may be 134## used here. By default, you will see all possible log messages. 135# 136#syslog_prioritymask LOG_WARNING 137 138 139# 140## send_tcp_keepalives 141## 142## This determines whether the SO_KEEPALIVE option will be set on all 143## sockets. 144# 145send_tcp_keepalives no 146 147 148# 149## enable_select_cache 150## 151## This configuration option allows you to turn select caching on or off. 152## When select caching is enabled, squirrelmail-imap_proxy will cache SELECT 153## responses from an IMAP server. 154# 155enable_select_cache no 156 157 158# 159## foreground_mode 160## 161## This will prevent squirrelmail-imap_proxy from detaching from its parent 162## process and controlling terminal on startup. 163# 164foreground_mode no 165 166 167# 168## force_tls 169## 170## Force squirrelmail-imap_proxy to use STARTTLS even if LOGIN is not 171## disabled (unsecured connections will not be used). 172# 173force_tls no 174 175 176# 177## chroot_directory 178## 179## This allows squirrelmail-imap_proxy to run in a chroot jail if desired. 180## If commented out, squirrelmail-imap_proxy will not run chroot()ed. If 181## a directory is specified here, squirrelmail-imap_proxy will chroot() to 182## that directory. 183# 184#chroot_directory /var/empty 185 186 187# 188## preauth_command 189## 190## Arbitrary command that can be sent to the server before 191## authenticating users. This can be useful to access non- 192## standard IMAP servers such as Yahoo!, which requires the 193## following command to be sent before authentication is allowed: 194## ID ("GUID" "1") 195## (See: http://en.wikipedia.org/wiki/Yahoo!_Mail#Free_IMAP_and_SMTPs_access ) 196## To use such a command, this setting should look like this: 197## preauth_command ID ("GUID" "1") 198## No matter what this command is, it is expected to return an 199## OK response 200# 201#preauth_command 202 203 204# 205## enable_admin_commands 206## 207## Used to enable or disable the internal squirrelmail-imap_proxy 208## administrative commands. 209# 210enable_admin_commands no 211 212 213# 214## TLS configuration options 215# 216#tls_ca_file /usr/share/ssl/certs/ca-bundle.crt 217#tls_ca_path /usr/share/ssl/certs/ 218#tls_cert_file /usr/share/ssl/certs/mycert.crt 219#tls_key_file /usr/share/ssl/certs/mycert.key 220#tls_verify_server no 221#tls_ciphers ALL:!aNULL:!eNULL 222 223 224# 225## Set any of these to "yes" if the corresponding TLS version is not 226## sufficiently secure for your needs 227# 228#tls_no_tlsv1 no 229#tls_no_tlsv1.1 no 230#tls_no_tlsv1.2 no 231 232 233# 234## Authenticate using SASL AUTHENTICATE PLAIN 235## 236## The following authentication username and password are used 237## along with the username from the client as the authorization 238## identity. In order to avoid having the service wide open (no 239## password needed from the client), the client is required to 240## send the auth_shared_secret in leiu of a user password. 241## 242## NOTE: This functionality *assumes* that the server supports 243## AUTHENTICATE PLAIN, and it does *not* verify this by 244## looking at the server's capabilities list. 245# 246#auth_sasl_plain_username 247#auth_sasl_plain_password 248#auth_shared_secret 249 250 251# 252## Use DNS RR 253# 254## Use DNS round robin to cycle through all returned RRs we 255## got when looking up the IMAP server with getaddrinfo(). 256## Default is no. 257## 258# 259#dns_rr yes 260 261 262# 263## Limit DNS requests to AF_INET or AF_INET6 264## 265## Set ipversion_only to 4 or 6 accordingly. 266## Default if unset is AF_UNSPEC for both A and AAAA. 267# 268#ipversion_only 6 269 270 271