Provided by: kopano-server_8.7.0-3build2_amd64 bug

NAME

       kopano-server.cfg - The Kopano configuration file

SYNOPSIS

       server.cfg

DESCRIPTION

       The server.cfg is a configuration file for the kopano-server process.  server.cfg contains
       instructions for the software to set up the database environment, logging system and user
       backend.

FILE FORMAT

       The file consists of one big section, but parameters can be grouped by functionality.

       The parameters are written in the form:

       name = value

       The file is line-based. Each newline-terminated line represents either a comment, nothing,
       a parameter or a directive. A line beginning with `#' is considered a comment, and will be
       ignored by Kopano. Parameter names are case sensitive. Lines beginning with `!' are
       directives.

       Directives are written in the form:

       !directive [argument(s)]

       The following directives exist:

       include
           Include and process argument

           Example: !include common.cfg

EXPLANATION OF THE SERVER SETTINGS PARAMETERS

   server_listen
       A space-separated list of address:port specifiers for where the server should listen for
       unencrypted connections. IPv6 addresses need to be enclosed in brackets (as in
       [2001:db8::1]:236), and the asterisk is the multi-protocol address wildcard.

   server_pipe_enabled
       Enable Unix pipe connections. Should not be disabled.

       Default: yes

   server_recv_timeout
       TCP and SSL receive timeout in seconds. This is the time that a TCP connection may be idle
       (between requests) before the TCP connection is closed from the server. Settings this high
       makes it less necessary for clients to re-connect, but increases the total number of
       concurrent open sockets in the server. You normally needn't change the default value.

       Default: 5

       TCP and SSL read timeout in seconds. The read timeout is the amount of time that the
       server will wait to read more data from a socket, after processing of the request has
       started. This needn't be changed in most cases.

       Default: 60

   server_send_timeout
       TCP and SSL send timeout in seconds. The send timeout is the amount of time that the
       server will wait to write data to a socket, analogous to server_read_timeout.

       Default: 60

   server_pipe_name
       Unix socket to listen on.

       Default: /var/run/kopano/server.sock

   server_pipe_priority
       Priority unix socket to listen on. This socket should only be used by prioritized services
       such as kopano-stats.

       Default: /var/run/kopano/prio.sock

   server_name
       Unique name for identifying the server in a multi-server environment.

       Default: Kopano

   server_hostname
       DNS name of the server. This is used for the Kerberos single sign-on environment. If empty
       (default), the FQDN or hostname will be used.

       Default:

   database_engine
       The database engine to use. Values can be:

       mysql  Use MySQL.

       Default: mysql

   allow_local_users
       Named Unix users which connect through the unix socket (server_pipe_name) which are added
       here, those users will become the internal SYSTEM user in Kopano, and have administrative
       rights. Normally, this is only 'root', so the unix root user can use the kopano-admin
       tool. You can add a generic user to be used by the kopano-dagent here. This user is most
       likely called 'vmail'. Note that the field is SPACE separated.

       Default: root

   system_email_address
       This is the e-mail address of the SYSTEM user. When people receive mail from the quota
       monitor, or receive fallback deliveries from the kopano-dagent, the From email address is
       this field. You might want to change this field so people can reply to this address.

       Default: postmaster@localhost

   run_as_user
       After correctly starting, the server process will become this user, dropping root
       privileges. Note that the log file needs to be writeable by this user, and the directory
       too to create new logfiles after logrotation. This can also be achieved by setting the
       correct group and permissions.

       Default value is empty, not changing the user after starting.

   run_as_group
       After correctly starting, the server process will become this group, dropping root
       privileges.

       Default value is empty, not changing the group after starting.

   pid_file
       Write the process ID number to this file. This is used by the init.d script to correctly
       stop/restart the service.

       Default: /var/run/kopano/server.pid

   running_path
       Change directory to this path when running in daemonize mode. When using the -F switch to
       run in the foreground the directory will not be changed.

       Default: /

   coredump_enabled
       When a crash occurs or an assertion fails, a coredump file can be generated by the system
       for use with a crash report. For details, see the kopano-coredump(5) manpage.

       Default: yes

   session_timeout
       The session timeout specifies how many seconds must elapse without any activity from a
       client before the server counts the session as dead. The client sends keepalive requests
       every 60 seconds, so the session timeout can never be below 60. In fact, if you specify a
       timeout below 300, 300 will be taken as the session timeout instead. This makes sure you
       can never timeout your session while the Kopano client is running.

       Setting the session timeout low will keep the session count and therefore the memory usage
       on the server low, but may also timeout sessions of client that have lost network
       connectivity temporarily. For example, some clients with powersaving modes will disable
       the ethernet card during the screensaver. When this happens, you must set the
       session_timeout to a value that is higher than the time that it takes for the network
       connection to come back. This could be anything ranging up to several hours.

       Default: 300

   session_ip_check
       Normally, a session is linked to an IP-address, so this check is enabled. You may want to
       disable this check when you have laptop's which can get multiple ip-adresses through wired
       and wireless networks. It is highly recommended to leave this check enabled, since the
       session id can be used by other machines, and thus introduces a large security risc. The
       session id is 64 bits.

       Default: yes

   hide_everyone
       If this option is set to 'yes', the internal group Everyone (which always contains all
       users) will be hidden from the Global Addressbook. Thus, users will not be able to send
       e-mail to this group anymore, and also will not be able to set access rights on folders
       for this group. Administrators will still be able to see and use the group.

       Default: no

   hide_system
       If this option is set to 'yes', the internal user SYSTEM will be hidden from the Global
       Addressbook. Thus, users will not be able to send e-mail to this user anymore.
       Administrators will still be able to see and use the user.

       Default: yes

   allocator_library
       This setting allows one to preload a special library (such as an allocator). On startup,
       the server will set the LD_PRELOAD environment variable for itself and then re-execute
       itself to get it loaded with high priority. If this option is empty, the default system
       allocator (from libc) will be used instead, which is probably a better choice when
       debugging with gdb, valgrind or ASAN/UBSAN. The environment variable KC_ALLOCATOR_DONE may
       also be set to a non-empty value to disable re-exec.

       Default: libtcmalloc_minimal.so.4

EXPLANATION OF THE LOGGING SETTINGS PARAMETERS

   log_method
       The method which should be used for logging. Valid values are:

       syslog Use the syslog service. Messages will be sent using the "mail" facility tag. See
              also journald.conf(5) or syslog.conf(5).

       file   Log to a file. The filename will be specified in log_file.

       auto   Autoselect mode: If log_file is set, that will be used.  Else, syslog will be used
              if it looks like it is available.  Else, stderr.

       Default: auto

   log_file
       When logging to a file, specify the filename in this parameter. Use - (minus sign) for
       stderr output.

       Default: -

   log_level
       The level of output for logging in the range from 0 to 6. "0" means no logging, "1" for
       critical messages only, "2" for error or worse, "3" for warning or worse, "4" for notice
       or worse, "5" for info or worse, "6" debug.

       Default: 3

       Extended logging per component is available for development and can be combined to log
       multiple components at the same time.

       ┌───────────┬────────────┐
       │Component  │   Value    │
       ├───────────┼────────────┤
       │   SQL     │ 0x00010000 │
       ├───────────┼────────────┤
       │USERPLUGIN │ 0x00020000 │
       ├───────────┼────────────┤
       │  CACHE    │ 0x00040000 │
       ├───────────┼────────────┤
       │USERCACHE  │ 0x00080000 │
       ├───────────┼────────────┤
       │   SOAP    │ 0x00100000 │
       ├───────────┼────────────┤
       │   ICS     │ 0x00200000 │
       └───────────┴────────────┘
   log_timestamp
       Specify whether to prefix each log line with a timestamp in 'file' logging mode.

       Default: 1

   log_buffer_size
       Buffer logging in what sized blocks. The special value 0 selects line buffering.

       Default: 0

EXPLANATION OF THE SECURITY LOGGING SETTINGS PARAMETERS

   audit_log_enabled
       Whether the security logging feature should be enabled.

       Default: no

   audit_log_method
       The method which should be used for logging. Valid values are:

       syslog Use the Linux system log. All messages will be written to the authpriv facility.
              See also syslog.conf(5).

       file   Log to a file. The filename will be specified in log_file.

       Default: syslog

   audit_log_file
       When logging to a file, specify the filename in this parameter. Use - (minus sign) for
       stderr output.

       Default: -

   audit_log_level
       The level of output for logging in the range from 0 to 1. 0 means no logging, 1 means full
       logging.

       Default: 1

   audit_log_timestamp
       Specify whether to prefix each log line with a timestamp in 'file' logging mode.

       Default: 1

EXPLANATION OF THE MYSQL SETTINGS PARAMETERS

   mysql_host
       The hostname of the MySQL server to use.

       Default: localhost

   mysql_port
       The port of the MySQL server to use.

       Default: 3306

   mysql_user
       The user under which we connect with MySQL.

       Default: root

   mysql_password
       The password to use for MySQL. Leave empty for no password.

       Default:

   mysql_socket
       The socket of the MySQL server to use. This option can be used to override the default
       mysql socket. To use the socket, the mysql_host value must be empty or 'localhost'

       Default:

   mysql_database
       The MySQL database to connect to.

       Default: kopano

   mysql_engine
       The MySQL engine to use. By default, this is InnoDB, which is the only officially
       supported database engine. Because Kopano Groupware Core relies on transactions, it is not
       advised to use a non-transactional engine such as MyISAM, Aria, etc.

       Default: InnoDB

   mysql_group_concat_max_len
       GROUP_CONCAT() is used to combine multiple rows into one string, used in Kopano in
       conjunction with distribution lists. Some versions of MySQL have a very low limit, and
       this option can be used to raise it. For example, MariaDB 10.0 has a default limit of
       1024, MariaDB 10.2 has a default of 1048576.

       Versions prior to KC 8.7 would always set this value; since 8.7, this option can only be
       used to raise it.

       Default: 21844

   attachment_storage
       The location where attachments are stored. This can be in the MySQL database, or as
       separate files. The drawback of 'database' is that the large data of attachment will push
       useful data from the MySQL cache. The drawback of separate files is that a mysqldump is
       not enough for a full disaster recovery.

       Possible values: database, files, files_v2 (experimental), and, if built with libs3/AWS
       support, s3.

       Default: files

   attachment_path
       When the attachment_storage option is 'files', this option sets the location of the
       attachments on disk. Note that the server runs as the 'run_as_user' user and
       'run_as_group' group, which will require write access to this directory.

       Default: /var/lib/kopano/attachments

   attachment_compression
       When the attachment_storage option is 'files', this option controls the compression level
       for the attachments. Higher compression levels will compress data better, but at the cost
       of CPU usage. Lower compression levels will require less CPU but will compress data less.
       Setting the compression level to 0 will effectively disable compression completely.

       Changing the compression level, or switching it on or off, will not affect any existing
       attachments, and will remain accessible as normal.

       Set to 0 to disable compression completely. The maximum compression level is 9

       Default: 6

   attachment_files_fsync
       When storing new attachments, this directive controls whether fsync(2) is to be called
       after the data has been placed into the file.

       Default: yes

EXPLANATION OF THE SSL SETTINGS PARAMETERS

   server_listen_tls
       A space-separated list of address:port specifiers for where the server should listen for
       TLS connections, similar to the server_listen directive. The default value is empty, which
       means no ports will be listened on for TLS. When this option is used, you must set the SSL
       key options correctly, otherwise the server not start.

   server_ssl_key_file
       The file containing the private key and certificate. Please read the SSL section in the
       kopano-server(8) manual on how to create this file.

       Default: /etc/kopano/ssl/server.pem

   server_ssl_key_pass
       Enter your password here when your key file contains a password to be readable.

       No default set.

   server_ssl_ca_file
       The CA file which was used to sign client SSL certificates. This CA will be trusted. This
       value must be set for clients to login with an SSL Key. Their public key must be present
       in the sslkeys_path directory.

       No default set.

   server_ssl_ca_path
       When you have multiple CA's to trust, you may use this option. Set this to a directory
       which contains all your trusted CA certificates. The name of the certificate needs to be
       the hash of the certificate. You can get the hash value of the certificate with the
       following command:
           openssl x509 -hash -noout -in cacert.pem

       Create a symbolic link to the certificate with the hashname like this:
           ln -s cacert.pem `openssl x509 -hash -noout -in cacert.pem`.0

       If you have several certificates which result in the same hash, use .1, .2, etc. in the
       end of the filename.

       No default set.

   sslkeys_path
       The path which contains public keys of clients which can login over SSL using their key.
       Please read the SSL section in the kopano-server(8) manual on how to create these files.

       Default: /etc/kopano/sslkeys

   server_ssl_protocols
       A space-separated list of disabled or enabled protocol names. Supported protocol names
       depend on the system's SSL library; depending on version, one or more of the following are
       available: TLSv1.3, TLSv1.2, TLSv1.1, SSLv3, SSLv2. To disable a protocol, prefix the name
       with an exclamation mark.

       Default: !SSLv2 !SSLv3 !TLSv1.0 !TLSv1.1

   server_ssl_ciphers
       A colon-separated list of disabled or enabled SSL/TLS ciphers. Supported cipher names
       depend on the system's SSL library, and are generally plentiful. To disable a cipher or
       cipher group, prefix the name with a minus or exclamation mark. Details and meaning of the
       syntax are described in ciphers(1).

       Default:
       DEFAULT:!LOW:!SSLv2:!SSLv3:!TLSv1.0:!TLSv1.1:!EXPORT:!DH:!PSK:!kRSA:!aDSS:!aNULL:+AES

   server_ssl_prefer_server_ciphers
       In SSLv3 and newer, the server side gets to make the ultimate cipher pick out of the set
       that both ends support. In doing so, it can either use the client preference list, or, if
       this directive is set to "yes", its own list (as determined by ssl_cipher).

       Default: yes

   server_ssl_curves
       ECDH curves to use for SSL

       Default: X25519:P-521:P-384:P-256

EXPLANATION OF THE THREADING PARAMETERS

   threads
       Number of server threads.

       Default: 8

   watchdog_frequency
       Watchdog frequency. The number of watchdog checks per second.

       Default: 1

   watchdog_max_age
       Watchdog max age. The maximum age in ms of a task before a new thread is started.

       Default: 500

   server_recv_timeout
       SOAP recv timeout value.

       Default: 5

   server_send_timeout
       SOAP send timeout value.

       Default: 60

EXPLANATION OF THE OTHER SETTINGS PARAMETERS

   softdelete_lifetime
       Softdelete clean cycle, in days. 0 means never. Items older than this setting will be
       removed from the database.

       Default: 0

   sync_lifetime
       Synchronization clean cycle, in days. 0 means never. Synchronizations older than this
       setting will be removed from the database.

       Default: 90

   enable_sso
       When you configured your system for single sign-on, you can enable this by setting the
       value to yes. The server can autodetect between NTLM, Kerberos and OpenID Connect. For
       NTLM authentication you will need the ntlm_auth program from Samba. Please see the server
       installation manual on howto enable your system for single sign-on.

       Default: no

   enable_gab
       Enables viewing of the Global Address Book (GAB) by users. Disabling the GAB will show an
       empty list in the GAB, which may be required for some installations. Resolving addresses
       is not affected by this option.

       Users with administrator rights are also not affected by this option and always have
       access to the GAB.

       Default: yes

   abtable_initially_empty
       If this directive is set to yes, the default content of (non-recursive) address book
       listings will be presented as empty, so that client programs will not load the entire
       address book until they have set or unset the table restriction.

   auth_method
       Authentication is normally done in the user plugin, selectable with auth_method=plugin. In
       case your plugin cannot provide the authentication, you may set this to "pam", and set the
       pam_service to authenticate through pam. Another choice is "kerberos". The user password
       will be verified using the Kerberos service. Note that is not a single-signon method,
       since the server requires the user password.

       Default: plugin

   restrict_admin_permissions
       Normally, admin users are granted all permissions on all stores in the server, or for
       stores in the tenant's company (in multi-tenant mode). Enabling this option restricts
       permissions to folder operations: Folder viewing, folder creation and importantly, folder
       permissions. This means that an administrator can grant himself full permissions on a
       folder. However, in combination with auditing, it provides an extra level of security
       protection against unwanted access.

       Note that some applications may require full access to all stores, which would be
       restricted by this option. Also, this option cannot be reset by sending a HUP signal, so a
       full server restart is required to change the setting.

       Default: no

   embedded_attachment_limit
       Defines the number of attachment-in-attachment-in-attachment levels allowed when saving
       and replicating a MAPI object. This limit can be made higher if needed, but will also
       require you to increase the stack_size in mysql to allow for correct exporting for
       replication.

       Default: no

   pam_service
       This is the PAM service name. PAM services can be found in /etc/pam.d/.  When choosing a
       PAM service which is configured to use a plugin - such as pam_unix - doing direct file I/O
       to e.g. /etc/shadow, kopano-server will need to be run with a suitable
       run_as_group/run_as_user values or otherwise have read permissions.  Default: passwd

   max_deferred_records
       The server has a list of deferred writes to the tproperties table, to improve overall I/O
       performance. The number of deferred writes is kept below this value; setting it high will
       allow writes to be more efficient by grouping more writes together, but may slow down
       reading, and setting it low will force writes to complete directly, but speed up reading
       of tables.

       Default: 0 (off)

   max_deferred_records_folder
       Same as the max_deferred_records variable, but per folder instead of total.

       Default: 20

   disabled_features
       In this list you can disable certain features for users. Normally all features are enabled
       for all users, making it possible through the user plugin to disable specific features for
       specific users. To set the default of a feature to disabled, add it here to the list,
       making it possible through the user plugin to enable a specific user for specific users.

       This list is space separated, and currently may contain the following features: imap,
       pop3.

       Default: imap pop3

EXPLANATION OF THE CACHE SETTINGS PARAMETERS

   cache_cell_size
       Size in bytes of the cell cache. This is the main cache used in Kopano. It caches all data
       that comes into view in tables (ie the view of your inbox, or any other folder). In an
       ideal situation, all cells would be cached, so that the database does not need to be
       queried for data when browsing through folders, but this would require around 1.5K per
       message item (e-mail, appointment task, etc) in the entire server. If you can afford it,
       set this value as high as possible, up to 50% of your total RAM capacity. Make sure this
       doesn't lead to swapping though. This value may contain a k, m or g multiplier.

       Default: 256M

   cache_object_size
       This caches objects and their respective hierarchy of folders. You can calculate the size
       with a simple equation:

       concurrent users * max items in a folder * 24

       This value may contain a k, m or g multiplier.

       Default: 5M

   cache_indexedobject_size
       This cache contains unique IDs of objects. This cache is used twice, also by the index2
       cache, which is the inverse of the index1 cache. This value may contain a k, m or g
       multiplier.

       Default: 16M

   cache_quota_size
       This cache contains quota values of users. This value may contain a k, m or g multiplier.

       Default: 1M

   cache_quota_lifetime
       This sets the lifetime for quota details inside the cache. If quota details weren't
       queried during this period it is removed from the cache making room for more often
       requested quota details. Set to 0 to never expire, or -1 to disable this cache.

       Default: 1 (1 minute)

   cache_acl_size
       This cache contains Access Control List values. Folders who are opened in other stores
       than your own are listed in the ACL table, and will be cached. This value may contain a k,
       m or g multiplier.

       Default: 1M

   cache_store_size
       This cache contains store id values. This value may contain a k, m or g multiplier.

       Default: 1M

   cache_user_size
       This cache contains user id values. This cache is used twice, also by the externid cache,
       which is the inverse of this cache. This value may contain a k, m or g multiplier.

       Default: 1M

   cache_userdetails_size
       This cache contains the details of users. This value may contain a k, m or g multiplier.

       Default: 3M

   cache_userdetails_lifetime
       This sets the lifetime for user details inside the cache. If user details weren't queried
       during this period it is removed from the cache making room for more often requested user
       details. Set to 0 to never expire, or -1 to disable this cache.

       Default: 0 (never expire)

   cache_server_size
       This cache contains server locations. This cache is only used in multiserver mode. This
       value may contain a k, m or g multiplier.

       Default: 1M

   cache_server_lifetime
       This sets the lifetime for server location details inside the cache. If server details
       weren't queried during this period it is removed from the cache making room for more often
       requested server details. Set to 0 to never expire, or -1 to disable this cache.

       Default: 30 (30 minutes)

EXPLANATION OF THE QUOTA SETTINGS PARAMETERS

   quota_warn
       Size in Mb of de default quota warning level. Use 0 to disable this quota level.

       Default: 0

   quota_soft
       Size in Mb of de default quota soft level. Use 0 to disable this quota level.

       Default: 0

   quota_hard
       Size in Mb of de default quota hard level. Use 0 to disable this quota level.

       Default: 0

   companyquota_warn
       Size in Mb of de default quota warning level for multitenant public stores. Use 0 to
       disable this quota level.

       Default: 0

EXPLANATION OF THE USER PLUGIN SETTINGS PARAMETERS

   user_plugin
       The source of the user base. Possible values are:

       db     Retrieve the users from the Kopano database. Use the kopano-admin tool to create
              users and groups. There are no additional settings for this plugin.

       ldap   Retrieve the users and groups information from an LDAP server. All additional LDAP
              settings are set in a separate config file, which will be defined by the
              user_plugin_config. See also kopano-ldap.cfg(5).

       unix   Retrieve the users and groups information from the Linux password files. User
              information will be read the /etc/passwd file. Passwords will be checked against
              /etc/shadow. Group information will read from /etc/group. Use the kopano-admin(8)
              tool to set Kopano specific attributes on a user.

              All additional Unix settings are set in a separate config file, which will be
              defined by the user_plugin_config. See also kopano-unix.cfg(5)

       Default: db

   createuser_script, deleteuser_script, creategroup_script, deletegroup_script,
       createcompany_script, deletecompany_script
       These scripts are called by the server when the external user source, like LDAP, is
       different from the users, groups and companies which are known to Kopano. The script uses
       a environment variable to see which user, group or tenant is affected. The following
       parameter is used for the script:

   createuser_script
       KOPANO_USER contains the new username. The script should at least call kopano-admin
       --create-store "${KOPANO_USER}" to correctly create the store for the new user.

       Default: /usr/lib/kopano/userscripts/createuser

   deleteuser_script
       KOPANO_STOREID contains the old id of the store of the removed user.

       Default: /usr/lib/kopano/userscripts/deleteuser

   creategroup_script
       KOPANO_GROUP contains the new groupname. No action is currently needed by the script.

       Default: /usr/lib/kopano/userscripts/creategroup

   deletegroup_script
       KOPANO_GROUPID contains the old id of the group. No action is currently needed by the
       script.

       Default: /usr/lib/kopano/userscripts/deletegroup

   createcompany_script
       KOPANO_COMPANY contains the new companyname. No action is currently needed by the script.

       Default: /usr/lib/kopano/userscripts/createcompany

   deletecompany_script
       KOPANO_COMPANYID contains the old id of the company. No action is currently needed by the
       script.

       Default: /usr/lib/kopano/userscripts/deletecompany

   user_safe_mode
       If enabled, the storage server will only log when create, delete and move actions are done
       on an user object. This might be useful when you are testing changes to your plugin
       configuration.

       Default: no

EXPLANATION OF S3 PARAMETERS

   attachment_s3_hostname
       The hostname of the entry point to the S3 cloud where the bucket is located.

       If you are using minio or another S3 compatible implementation that is using another port,
       you can specify the port with hostname:port.

   attachment_s3_region
       The region where the bucket is located

   attachment_s3_protocol
       The protocol that should be used to connect to S3, "http" or "https" (preferred).

   attachment_s3_uristyle
       The URL style of the bucket, "virtualhost" or "path".

   attachment_s3_accesskeyid
       The access key id of your S3 account.

   attachment_s3_secretaccesskey
       The secret access key of your S3 account.

   attachment_s3_bucketname
       The bucket name in which the files will be stored.

EXPLANATION OF OPENID CONNECT PARAMETERS

   kcoidc_issuer_identifier
       The OpenID Connect Issuer Identifier.

       When set, the server attempts OIDC discovery using the configured issuer identifier on
       startup. An Issuer Identifier is a case sensitive URL using the https scheme that contains
       scheme, host, and optionally, port number and path components. This no Issuer Identifier
       is set, OIDC support is disabled.

       No default set.

       Example: https://your-kopano-konnect.local

   kcoidc_insecure_skip_verify
       Skip OpenID Connect client security.

       When set to yes, TLS certificate validation is skipped for all requests related to OpenID
       Connect. This is insecure and should not be used in production setups.

       Default: no

   kcoidc_initialize_timeout
       Timeout in seconds when to give up OpenID Connect discovery.

       When the OIDC initialize timeout is reached, server continues startup without OIDC and all
       OIDC validation will fail until the discovery completes. When set to 0, the server startup
       does not wait for OIDC discovery at all.

       Default: 60

EXPLANATION OF MISCELLEANIOUS PARAMETERS

   enable_hosted_kopano
       Enable multi-tenancy environment.

       When set to true it is possible to create companies within the kopano instance and assign
       all users and groups to particular companies.

       When set to false, the normal single-tenancy environment is created.

       Default: false

   enable_distributed_kopano
       Enable multi-server environment.

       When set to true it is possible to place users and companies on specific servers.

       When set to false, the normal single-server environment is created.

       Default: false

   storename_format
       Display format of store name.

       Allowed variables:

       %u     Username

       %f     Fullname

       %c     Companyname

       Default: %f

   loginname_format
       Loginname format (for multi-tenancy installations). When the user does not login through a
       system-wide unique username (like the email address) a unique name has created by
       combining the username and the tenancyname. With the this configuration option you can set
       how the loginname should be build up.

       Allowed variables:

       %u     Username

       %c     Companyname

       Default: %u

   client_update_enabled
       Enable client updates.

       You can place the Kopano Outlook Client installer in the client_update_path directory, and
       enable this option. Windows clients which have the automatic updater program installed
       will be able to download the latest client from the storage server.

       Default: false

   client_update_path
       This is the path where you will place the Kopano Outlook Client MSI install program for
       Windows clients to download. You need the client_update_enabled option set to true for
       clients to actually download this file through the storage server.

       Default: /var/lib/kopano/client

   client_update_log_level
       Receive the log information from the client auto update service.

       Options: 0 disable, 1 sent only with errors, 2 always sent

       Default: 1

   client_update_log_path
       Log location for the client auto update files

       You need the client_update_log_level option set to non-zero value to receive log files
       from the client.

       Default: /var/log/kopano/autoupdate

   search_enabled
       Use the kopano-search indexing service for faster searching. Enabling this option requires
       the kopano-search(8) service to be running.

       Default: yes

   search_socket
       Path to the kopano-search(8) service, this option is only required if the server is going
       to make use of the indexing service.

       Default: file:///var/run/kopano/search.sock

   search_timeout
       Time (in seconds) to wait for a connection to the kopano-search(8) before terminating the
       indexed search request.

       Default: 10

   enable_enhanced_ics
       Allow enhanced ICS operations to speedup synchronization with cached profiles. Only
       disable this option for debugging purposes.

       Default: yes

   enable_sql_procedures
       SQL Procedures allow for some optimized queries when streaming with enhanced ICS. This is
       default disabled because you must set 'thread_stack = 256k' in your MySQL server config
       under the [mysqld] tag and restart your MySQL server.

       Default: no

   folder_max_items
       Limits the amount of items (messages or folders) in a single folder. This makes sure that
       the server will not attempt to load folders that are so large that it would require huge
       amounts of memory just to show the data. In practice, folders of over 1000000 items are
       usually created by runaway processes which are therefore useless anyway.

       Default: 1000000

   sync_gab_realtime
       When set to 'yes', kopano will synchronize the local user list whenever a list of users is
       requested (eg during kopano-admin -l or when opening the addressbook). When setting this
       value to 'no', synchronization will only occur during kopano-admin --sync. This is useful
       for setups which have large addressbooks (more than 1000 entries in the addressbook).

       This option is forced to 'yes' when using the 'db' plugin since synchronization is
       implicit in that case.

       Default: yes

   proxy_header
       In normal operation, a cluster of kopano-server nodes is served by sending redirections
       back to the clients requesting information. The redirection URL is built from the server's
       information in the LDAP database. However, in some cases it is useful to place the
       kopano-server instances behind a reverse HTTP proxy. In this case the redirected URL
       returned to the client cannot be the 'normal' hostname, but must be a URL that is handled
       by the proxy.

       However, internal ('behind' the proxy) redirections must *not* be redirected to the proxy
       since this is not necessary. The strategy is that kopano-server will redirect to the proxy
       URL if the connection that initiated the redirect passed through a proxy. The way that
       this is detected is by examining an HTTP header. If the header specified by this option is
       found, then redirections will be to the proxy. If it is not, then redirections will be to
       the internal host. If the special value '*' is specified for this option, then the proxy
       URL will always be used. Specifying an empty value disables proxy detection.

       Another effect of this option is that when a proxy connection is detected, kopano-server
       attempts to use the 'X-Forwarded-For' header to determine the originating IP address. This
       is used for logging and session binding (a session initiated on a certain IP address may
       not be accessed from another IP address).

       Default:

   shared_reminders
       Enable/disable reminders for shared stores.

       Default: yes

   statsclient_url
       A HTTP URL or filesystem-local socket specification for a kopano-statsd compatible web
       service that ingests service statistics such as memory usage or mail processing counters.

       Example: https://my.local.org/collector.php

       Default: unix:/var/run/kopano/statsd.sock

   statsclient_interval
       The time interval at which the statsd service is to be contacted, in seconds.  When
       "statsclient_url" points to a kopano-statsd instance, the value should be 60 (for now),
       because its rrdtool archives are set to expect data at this rate.

       Default: 0 (submission service is deactivated)

   statsclient_ssl_verify
       This setting can be used to control SSL certificate validation.

       Default: yes

RELOADING

       The following options are reloadable by sending the kopano-server process a HUP signal or
       reload the process by the initscript

       system_email_address, local_admin_users, allow_local_users, hide_system, hide_everyone,
       auth_method, pam_service, enable_sso, enable_gab, sync_gab_realtime

       session_timeout, server_recv_timeout, server_read_timeout, server_send_timeout,
       sync_lifetime

       log_level, audit_log_level

       threads, watchdog_max_age, watchdog_frequency, max_deferred_records,
       max_deferred_records_folder

       user_safe_mode, enable_enhanced_ics, client_update_log_level, client_update_path,
       client_update_log_path

       search_enabled, search_socket, search_timeout, disabled_features,
       mysql_group_concat_max_len, embedded_attachment_limit, proxy_header

       quota_warn, quota_soft, quota_hard, companyquota_warn

       createuser_script, deleteuser_script, creategroup_script, deletegroup_script,
       createcompany_script, deletecompany_script

FILES

       /etc/kopano/server.cfg
           The server configuration file.

       /etc/kopano/ldap.cfg
           The Kopano LDAP user plugin configuration file.

       /etc/kopano/unix.cfg
           The Kopano Unix user plugin configuration file.

AUTHOR

       Written by Kopano.

SEE ALSO

       kopano-server(8), kopano-ldap.cfg(5), kopano-unix.cfg(5)