1 /*
2  * Global POP daemon parameters.
3  */
4 
5 #ifndef _POP_PARAMS_H
6 #define _POP_PARAMS_H
7 
8 /*
9  * Our name to use when talking to various interfaces.
10  */
11 #define POP_SERVER			"popa3d"
12 
13 /*
14  * Are we going to be a standalone server or start via an inetd clone?
15  */
16 #define POP_STANDALONE			0
17 
18 #if POP_STANDALONE
19 
20 /*
21  * Should the command line options be supported?
22  * If enabled, popa3d will default to inetd mode and will require a -D
23  * to actually enable the standalone mode.
24  */
25 #define POP_OPTIONS			1
26 
27 /*
28  * The address and port to listen on.
29  */
30 #define DAEMON_ADDR			"0.0.0.0"	/* INADDR_ANY */
31 #define DAEMON_PORT			110
32 
33 /*
34  * Should libwrap be used?
35  *
36  * This may make things slower and also adds to code running as root,
37  * so it is recommended that you use a packet filter instead.  This
38  * option is provided primarily as a way to meet conventions of certain
39  * systems where all services obey libwrap access controls.
40  */
41 #define DAEMON_LIBWRAP			0
42 
43 #if DAEMON_LIBWRAP
44 /*
45  * How do we talk to libwrap?
46  */
47 #define DAEMON_LIBWRAP_IDENT		POP_SERVER
48 #endif
49 
50 /*
51  * Limit the number of POP sessions we can handle at a time to reduce
52  * the impact of connection flood DoS attacks.
53  *
54  * The defaults are rather large.  It is recommended that you decrease
55  * MAX_SESSIONS and MAX_SESSIONS_PER_SOURCE to 100 and 10, respectively,
56  * if that would be sufficient for your users.
57  */
58 #define MAX_SESSIONS			500
59 #define MAX_SESSIONS_PER_SOURCE		50
60 #define MAX_BACKLOG			5
61 #define MIN_DELAY			10
62 
63 #endif
64 
65 /*
66  * Do we want to support virtual domains?
67  */
68 #define POP_VIRTUAL			0
69 
70 #if POP_VIRTUAL
71 
72 /*
73  * VIRTUAL_HOME_PATH is where the virtual domain root directories live.
74  */
75 #define VIRTUAL_HOME_PATH		"/vhome"
76 
77 /*
78  * Subdirectories within each virtual domain root for the authentication
79  * information and mailboxes, respectively.  These defaults correspond to
80  * full pathnames of the form "/vhome/IP/{auth,mail}/username".
81  */
82 #define VIRTUAL_AUTH_PATH		"auth"
83 #define VIRTUAL_SPOOL_PATH		"mail"
84 
85 /*
86  * Do we want to support virtual domains only?  Normally, if the connected
87  * IP address doesn't correspond to a directory in VIRTUAL_HOME_PATH, the
88  * authentication will be done globally.
89  */
90 #define VIRTUAL_ONLY			0
91 
92 #else
93 
94 /*
95  * We don't support virtual domains (!POP_VIRTUAL), so we're definitely
96  * not virtual-only.  Don't edit this.
97  */
98 #define VIRTUAL_ONLY			0
99 
100 #endif
101 
102 /*
103  * A pseudo-user to run as before authentication.  The user and its UID
104  * must not be used for any other purpose.
105  */
106 #define POP_USER			"pop"
107 
108 /*
109  * An empty directory to chroot to before authentication.  The directory
110  * and its parent directories must not be writable by anyone but root.
111  */
112 #define POP_CHROOT			"/var/empty"
113 
114 /*
115  * Sessions will be closed if idle for longer than POP_TIMEOUT seconds.
116  * RFC 1939 says that "such a timer MUST be of at least 10 minutes'
117  * duration", so I've made 10 minutes the default.  In practice, you
118  * may want to reduce this to, say, 2 minutes.
119  */
120 #define POP_TIMEOUT			(10 * 60)
121 
122 /*
123  * Do we want to support the obsolete LAST command, as defined in RFC
124  * 1460?  It has been removed from the protocol in 1994 by RFC 1725,
125  * and isn't even mentioned in RFC 1939.  Still, some software doesn't
126  * work without it.
127  */
128 #define POP_SUPPORT_LAST		1
129 
130 /*
131  * Introduce some sane limits on the mailbox size in order to prevent
132  * a single huge mailbox from stopping the entire POP service.
133  *
134  * The defaults are rather large (2 GB filled with messages as small as
135  * 1 KB each).  It is recommended that you decrease MAX_MAILBOX_MESSAGES,
136  * MAX_MAILBOX_OPEN_BYTES, and MAX_MAILBOX_WORK_BYTES to, say, 100000,
137  * 100000000 (100 MB), and 150000000 (150 MB), respectively, if that
138  * would be sufficient for your users.
139  */
140 #define MAX_MAILBOX_MESSAGES		2097152
141 #define MAX_MAILBOX_OPEN_BYTES		2147483647
142 #define MAX_MAILBOX_WORK_BYTES		2147483647
143 
144 #if !VIRTUAL_ONLY
145 
146 /*
147  * Choose the password authentication method your system uses:
148  *
149  * AUTH_PASSWD		Use getpwnam(3) only, for *BSD or readable passwd;
150  * AUTH_SHADOW		Use shadow passwords directly (not via PAM);
151  * AUTH_PAM		Use PAM in the old-fashioned way;
152  * AUTH_PAM_USERPASS	Talk to pam_userpass via Linux-PAM binary prompts
153  * USE_LIBPAM_USERPASS	...and use libpam_userpass.
154  *
155  * Note that there's no built-in password aging support.
156  */
157 #define AUTH_PASSWD			1
158 #define AUTH_SHADOW			0
159 #define AUTH_PAM			0
160 #define AUTH_PAM_USERPASS		0
161 #define USE_LIBPAM_USERPASS		0
162 
163 #if AUTH_PAM || AUTH_PAM_USERPASS
164 #define AUTH_PAM_SERVICE		POP_SERVER
165 #endif
166 
167 #endif
168 
169 #if POP_VIRTUAL || AUTH_PASSWD || AUTH_SHADOW
170 
171 /*
172  * A salt used to waste some CPU time on dummy crypt(3) calls and make
173  * it harder (but still far from impossible, on most systems) to check
174  * for valid usernames.  Adjust it for your crypt(3).
175  */
176 #define AUTH_DUMMY_SALT			"xx"
177 
178 #endif
179 
180 /*
181  * Message to return to the client when authentication fails.  You can
182  * #undef this for no message.
183  */
184 #define AUTH_FAILED_MESSAGE		"Authentication failed (bad password?)"
185 
186 #if !VIRTUAL_ONLY
187 
188 /*
189  * Your mail spool directory.  Note: only local (non-NFS) mode 775 mail
190  * spools are currently supported.
191  *
192  * #undef this for qmail-style $HOME/Mailbox mailboxes.
193  */
194 #define MAIL_SPOOL_PATH			"/var/mail"
195 
196 #ifndef MAIL_SPOOL_PATH
197 /*
198  * The mailbox file name relative to the user's home directory.
199  */
200 #define HOME_MAILBOX_NAME		"Mailbox"
201 #endif
202 
203 #endif
204 
205 /*
206  * Locking method your system uses for user mailboxes.  It is important
207  * that you set this correctly.
208  *
209  * *BSDs use flock(2), others typically use fcntl(2).
210  */
211 #define LOCK_FCNTL			1
212 #define LOCK_FLOCK			0
213 
214 /*
215  * How do we talk to syslogd?  These should be fine for most systems.
216  */
217 #define SYSLOG_IDENT			POP_SERVER
218 #define SYSLOG_OPTIONS			LOG_PID
219 #define SYSLOG_FACILITY			LOG_DAEMON
220 #define SYSLOG_PRI_LO			LOG_INFO
221 #define SYSLOG_PRI_HI			LOG_NOTICE
222 #define SYSLOG_PRI_ERROR		LOG_CRIT
223 
224 /*
225  * There's probably no reason to touch anything below this comment.
226  */
227 
228 /*
229  * According to RFC 1939: "Keywords and arguments are each separated by
230  * a single SPACE character.  Keywords are three or four characters long.
231  * Each argument may be up to 40 characters long."  We're only processing
232  * up to two arguments, so it is safe to truncate after this length.
233  */
234 #define POP_BUFFER_SIZE			0x80
235 
236 /*
237  * There's no reason to change this one either.  Making this larger would
238  * waste memory, and smaller values could make the authentication fail.
239  */
240 #define AUTH_BUFFER_SIZE		(2 * POP_BUFFER_SIZE)
241 
242 #if POP_VIRTUAL
243 
244 /*
245  * Buffer size for reading entire per-user authentication files.
246  */
247 #define VIRTUAL_AUTH_SIZE		0x100
248 
249 #endif
250 
251 /*
252  * File buffer sizes to use while parsing the mailbox and retrieving a
253  * message, respectively.  Can be changed.
254  */
255 #define FILE_BUFFER_SIZE		0x10000
256 #define RETR_BUFFER_SIZE		0x8000
257 
258 /*
259  * The mailbox parsing code isn't allowed to truncate lines earlier than
260  * this length.  Keep this at least as large as the longest header field
261  * name we need to check for, but not too large for performance reasons.
262  */
263 #define LINE_BUFFER_SIZE		0x20
264 
265 #endif
266