examples/imapd_conf/murder-frontend.conf

# Suggested Murder (Cyrus Aggregation) frontend imapd.conf
# See imapd.conf(5) for more information and more options

# Space-separated users who have admin rights for all services.
# This MUST include the Murder user (which need not be named "murder")
admins: cyrus murder

###################################################################
## Cyrus Aggregation - Murder - frontend configuration.
## This server will merely refer clients to the pertinent backend,
## or proxy requests for them, as dictated by local security regime.
## For more information:
## http://www.cyrusimap.org/imap/reference/admin/murder/murder-installation.html
###################################################################

# How this host identifies itself to other members of the murder.
servername: imap1.example.org

# Whitespace separated list of backend server names.  Used for finding
# server with the most available free space for proxying CREATE.
serverlist: mailbox

# Authentication credentials
mupdate_server: postman.example.org
mupdate_username: postman
mupdate_authname: postman
mupdate_password: <secret>

# The credentials below must match the account listed in lmtp_admins
# on the backend servers.
proxy_authname: mailproxy
proxy_password: <secret>

# If desired, force use of PLAIN for clients...
#force_sasl_client_mech: PLAIN

# ...and the same for other servers.
# Note that each _mechs line is prefixed by the "short" name of the
# host to which it applies (as listed above).
#postman_mechs: PLAIN
#mailbox_mechs: PLAIN

# Permit moving user mailboxes between backends.  If used, this must be
# set the same on all instances in the murder.
allowusermoves: true

# If desired, prevent the passing of IMAP referrals to clients.  This
# could be needed due to fire-walling.  For example, if local policy
# prohibits global access to the IMAP, Sieve, LMTP, etc. ports of the
# backend server, then uncomment these lines and the frontend will
# proxy all services on the client's behalf.
#proxyd_disable_mailbox_referrals: true
#sieve_allowreferrals: false


###################################################################
## File, socket and DB location settings.
###################################################################

# Configuration directory
configdirectory: /var/lib/cyrus

# Directories for proc and lock files
proc_path: /run/cyrus/proc
mboxname_lockpath: /run/cyrus/lock

# Locations for DB files
# The following DB are recreated upon initialization, so should live in
# ephemeral storage for best performance.
duplicate_db_path: /run/cyrus/deliver.db
ptscache_db_path:  /run/cyrus/ptscache.db
statuscache_db_path: /run/cyrus/statuscache.db
tls_sessions_db_path: /run/cyrus/tls_sessions.db

# Which partition to use for default mailboxes
defaultpartition: default
partition-default: /var/spool/cyrus/mail

# If sieveusehomedir is false (the default), this directory is searched
# for Sieve scripts.
sievedir: /var/spool/sieve

###################################################################
## Important: KEEP THESE IN SYNC WITH cyrus.conf
###################################################################

lmtpsocket: /run/cyrus/socket/lmtp
idlesocket: /run/cyrus/socket/idle
notifysocket: /run/cyrus/socket/notify

# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap
# etc.)
syslog_prefix: cyrus

###################################################################
## Server behaviour settings
###################################################################

# Space-separated list of HTTP modules that will be enabled in
# httpd(8).  This option has no effect on modules that are disabled at
# compile time due to missing dependencies (e.g. libical).
#
# Allowed values: caldav, carddav, domainkey, ischedule, rss
httpmodules: caldav carddav

# If enabled, the partitions will also be hashed, in addition to the
# hashing done on configuration directories. This is recommended if one
# partition has a very bushy mailbox tree.
hashimapspool: true

###################################################################
## User experience settings
###################################################################

# Minimum time between POP mail fetches in minutes
popminpoll: 1

###################################################################
## User Authentication settings
###################################################################

# Allow plaintext logins by default (SASL PLAIN)
allowplaintext: yes

###################################################################
## SASL library options (these are handled directly by the SASL
## libraries, refer to SASL documentation for an up-to-date list of
## these)
###################################################################

# The mechanism(s) used by the server to verify plaintext passwords.
# Possible values are "saslauthd", "auxprop", "pwcheck" and
# "alwaystrue".  They are tried in order, you can specify more than one,
# separated by spaces.
sasl_pwcheck_method: saslauthd

# If enabled, the SASL library will automatically create authentication
# secrets when given a plaintext password. Refer to SASL documentation
sasl_auto_transition: no

###################################################################
## SSL/TLS Options
###################################################################

# File containing the global certificate used for ALL services (imap,
# pop3, lmtp, sieve)
#tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem

# File containing the private key belonging to the global server
# certificate.
#tls_server_key: /etc/ssl/private/ssl-cert-snakeoil.key


# File containing one or more Certificate Authority (CA) certificates.
#tls_client_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem

# Path to directory with certificates of CAs.
tls_client_ca_dir: /etc/ssl/certs

# The length of time (in minutes) that a TLS session will be cached for
# later reuse.  The maximum value is 1440 (24 hours), the default.  A
# value of 0 will disable session caching.
tls_session_timeout: 1440