1 /* 2 * Global POP daemon parameters. 3 */ 4 5 #ifndef _POP_PARAMS_H 6 #define _POP_PARAMS_H 7 8 /* 9 * Our name to use when talking to various interfaces. 10 */ 11 #define POP_SERVER "popa3d" 12 13 /* 14 * Are we going to be a standalone server or start via an inetd clone? 15 */ 16 #define POP_STANDALONE 0 17 18 #if POP_STANDALONE 19 20 /* 21 * Should the command line options be supported? 22 * If enabled, popa3d will default to inetd mode and will require a -D 23 * to actually enable the standalone mode. 24 */ 25 #define POP_OPTIONS 1 26 27 /* 28 * The address and port to listen on. 29 */ 30 #define DAEMON_ADDR "0.0.0.0" /* INADDR_ANY */ 31 #define DAEMON_PORT 110 32 33 /* 34 * Should libwrap be used? 35 * 36 * This may make things slower and also adds to code running as root, 37 * so it is recommended that you use a packet filter instead. This 38 * option is provided primarily as a way to meet conventions of certain 39 * systems where all services obey libwrap access controls. 40 */ 41 #define DAEMON_LIBWRAP 0 42 43 #if DAEMON_LIBWRAP 44 /* 45 * How do we talk to libwrap? 46 */ 47 #define DAEMON_LIBWRAP_IDENT POP_SERVER 48 #endif 49 50 /* 51 * Limit the number of POP sessions we can handle at a time to reduce 52 * the impact of connection flood DoS attacks. 53 * 54 * The defaults are rather large. It is recommended that you decrease 55 * MAX_SESSIONS and MAX_SESSIONS_PER_SOURCE to 100 and 10, respectively, 56 * if that would be sufficient for your users. 57 */ 58 #define MAX_SESSIONS 500 59 #define MAX_SESSIONS_PER_SOURCE 50 60 #define MAX_BACKLOG 5 61 #define MIN_DELAY 10 62 63 #endif 64 65 /* 66 * Do we want to support virtual domains? 67 */ 68 #define POP_VIRTUAL 0 69 70 #if POP_VIRTUAL 71 72 /* 73 * VIRTUAL_HOME_PATH is where the virtual domain root directories live. 74 */ 75 #define VIRTUAL_HOME_PATH "/vhome" 76 77 /* 78 * Subdirectories within each virtual domain root for the authentication 79 * information and mailboxes, respectively. These defaults correspond to 80 * full pathnames of the form "/vhome/IP/{auth,mail}/username". 81 */ 82 #define VIRTUAL_AUTH_PATH "auth" 83 #define VIRTUAL_SPOOL_PATH "mail" 84 85 /* 86 * Do we want to support virtual domains only? Normally, if the connected 87 * IP address doesn't correspond to a directory in VIRTUAL_HOME_PATH, the 88 * authentication will be done globally. 89 */ 90 #define VIRTUAL_ONLY 0 91 92 #else 93 94 /* 95 * We don't support virtual domains (!POP_VIRTUAL), so we're definitely 96 * not virtual-only. Don't edit this. 97 */ 98 #define VIRTUAL_ONLY 0 99 100 #endif 101 102 /* 103 * A pseudo-user to run as before authentication. The user and its UID 104 * must not be used for any other purpose. 105 */ 106 #define POP_USER "pop" 107 108 /* 109 * An empty directory to chroot to before authentication. The directory 110 * and its parent directories must not be writable by anyone but root. 111 */ 112 #define POP_CHROOT "/var/empty" 113 114 /* 115 * Sessions will be closed if idle for longer than POP_TIMEOUT seconds. 116 * RFC 1939 says that "such a timer MUST be of at least 10 minutes' 117 * duration", so I've made 10 minutes the default. In practice, you 118 * may want to reduce this to, say, 2 minutes. 119 */ 120 #define POP_TIMEOUT (10 * 60) 121 122 /* 123 * Do we want to support the obsolete LAST command, as defined in RFC 124 * 1460? It has been removed from the protocol in 1994 by RFC 1725, 125 * and isn't even mentioned in RFC 1939. Still, some software doesn't 126 * work without it. 127 */ 128 #define POP_SUPPORT_LAST 1 129 130 /* 131 * Introduce some sane limits on the mailbox size in order to prevent 132 * a single huge mailbox from stopping the entire POP service. 133 * 134 * The defaults are rather large (2 GB filled with messages as small as 135 * 1 KB each). It is recommended that you decrease MAX_MAILBOX_MESSAGES, 136 * MAX_MAILBOX_OPEN_BYTES, and MAX_MAILBOX_WORK_BYTES to, say, 100000, 137 * 100000000 (100 MB), and 150000000 (150 MB), respectively, if that 138 * would be sufficient for your users. 139 */ 140 #define MAX_MAILBOX_MESSAGES 2097152 141 #define MAX_MAILBOX_OPEN_BYTES 2147483647 142 #define MAX_MAILBOX_WORK_BYTES 2147483647 143 144 #if !VIRTUAL_ONLY 145 146 /* 147 * Choose the password authentication method your system uses: 148 * 149 * AUTH_PASSWD Use getpwnam(3) only, for *BSD or readable passwd; 150 * AUTH_SHADOW Use shadow passwords directly (not via PAM); 151 * AUTH_PAM Use PAM in the old-fashioned way; 152 * AUTH_PAM_USERPASS Talk to pam_userpass via Linux-PAM binary prompts 153 * USE_LIBPAM_USERPASS ...and use libpam_userpass. 154 * 155 * Note that there's no built-in password aging support. 156 */ 157 #define AUTH_PASSWD 1 158 #define AUTH_SHADOW 0 159 #define AUTH_PAM 0 160 #define AUTH_PAM_USERPASS 0 161 #define USE_LIBPAM_USERPASS 0 162 163 #if AUTH_PAM || AUTH_PAM_USERPASS 164 #define AUTH_PAM_SERVICE POP_SERVER 165 #endif 166 167 #endif 168 169 #if POP_VIRTUAL || AUTH_PASSWD || AUTH_SHADOW 170 171 /* 172 * A salt used to waste some CPU time on dummy crypt(3) calls and make 173 * it harder (but still far from impossible, on most systems) to check 174 * for valid usernames. Adjust it for your crypt(3). 175 */ 176 #define AUTH_DUMMY_SALT "xx" 177 178 #endif 179 180 /* 181 * Message to return to the client when authentication fails. You can 182 * #undef this for no message. 183 */ 184 #define AUTH_FAILED_MESSAGE "Authentication failed (bad password?)" 185 186 #if !VIRTUAL_ONLY 187 188 /* 189 * Your mail spool directory. Note: only local (non-NFS) mode 775 mail 190 * spools are currently supported. 191 * 192 * #undef this for qmail-style $HOME/Mailbox mailboxes. 193 */ 194 #define MAIL_SPOOL_PATH "/var/mail" 195 196 #ifndef MAIL_SPOOL_PATH 197 /* 198 * The mailbox file name relative to the user's home directory. 199 */ 200 #define HOME_MAILBOX_NAME "Mailbox" 201 #endif 202 203 #endif 204 205 /* 206 * Locking method your system uses for user mailboxes. It is important 207 * that you set this correctly. 208 * 209 * *BSDs use flock(2), others typically use fcntl(2). 210 */ 211 #define LOCK_FCNTL 1 212 #define LOCK_FLOCK 0 213 214 /* 215 * How do we talk to syslogd? These should be fine for most systems. 216 */ 217 #define SYSLOG_IDENT POP_SERVER 218 #define SYSLOG_OPTIONS LOG_PID 219 #define SYSLOG_FACILITY LOG_DAEMON 220 #define SYSLOG_PRI_LO LOG_INFO 221 #define SYSLOG_PRI_HI LOG_NOTICE 222 #define SYSLOG_PRI_ERROR LOG_CRIT 223 224 /* 225 * There's probably no reason to touch anything below this comment. 226 */ 227 228 /* 229 * According to RFC 1939: "Keywords and arguments are each separated by 230 * a single SPACE character. Keywords are three or four characters long. 231 * Each argument may be up to 40 characters long." We're only processing 232 * up to two arguments, so it is safe to truncate after this length. 233 */ 234 #define POP_BUFFER_SIZE 0x80 235 236 /* 237 * There's no reason to change this one either. Making this larger would 238 * waste memory, and smaller values could make the authentication fail. 239 */ 240 #define AUTH_BUFFER_SIZE (2 * POP_BUFFER_SIZE) 241 242 #if POP_VIRTUAL 243 244 /* 245 * Buffer size for reading entire per-user authentication files. 246 */ 247 #define VIRTUAL_AUTH_SIZE 0x100 248 249 #endif 250 251 /* 252 * File buffer sizes to use while parsing the mailbox and retrieving a 253 * message, respectively. Can be changed. 254 */ 255 #define FILE_BUFFER_SIZE 0x10000 256 #define RETR_BUFFER_SIZE 0x8000 257 258 /* 259 * The mailbox parsing code isn't allowed to truncate lines earlier than 260 * this length. Keep this at least as large as the longest header field 261 * name we need to check for, but not too large for performance reasons. 262 */ 263 #define LINE_BUFFER_SIZE 0x20 264 265 #endif 266