Provided by: kolab-cyrus-common_2.2.13p1-0.3build1_amd64 bug

NAME

       imapd.conf - IMAP configuration file

DESCRIPTION

       /etc/imapd.conf  is  the  configuration  file for the Cyrus IMAP server.  It defines local
       parameters for IMAP.

       Each line of the /etc/imapd.conf file has the form

              option: value

       where option is the name of the configuration option being set and value is the value that
       the configuration option is being set to.

       Blank lines and lines beginning with ``#'' are ignored.

       For  boolean and enumerated options, the values ``yes'', ``on'', ``t'', ``true'' and ``1''
       turn the option on, the values ``no'', ``off'', ``f'', ``false'' and ``0'' turn the option
       off.

FIELD DESCRIPTIONS

       The sections below detail options that can be placed in the /etc/imapd.conf file, and show
       each option's default value.  Some options have no default value, these  are  listed  with
       ``<no  default>''.   Some  options  default  to  the  empty  string, these are listed with
       ``<none>''.  It  is  also  possible  to   override   options   by   specifying   them   as
       <service_id>_<optionname>. One example is ``lmtp_admins'', which overrides ``admins'' just
       for the lmtp service. The <service_id> is the one you  specified  in  the  /etc/cyrus.conf
       file.

       admins: <empty string>
            The  list  of userids with administrative rights.  Separate each userid with a space.
            Sites using Kerberos authentication may use separate "admin" instances.

       Note that accounts used by users should not be  administrators.   Administrative  accounts
       should  not  receive  mail.  That is, if user "jbRo" is a user reading mail, he should not
       also be in the admins line.  Some problems may occur otherwise, most notably  the  ability
       of  administrators  to  create  top-level  mailboxes visible to users, but not writable by
       users.

       afspts_localrealms: <none>
            The list of realms which are to  be  treated  as  local,  and  thus  stripped  during
            identifier  canoicalization (for the AFSPTS ptloader module).  This is different from
            loginrealms in that it occurs later in the authorization process (as the user  id  is
            canonified for PTS lookup)

       afspts_mycell: <none>
            Cell to use for AFS PTS lookups.  Defaults to the local cell.

       allowallsubscribe: 0
            Allow  subscription  to  nonexistent  mailboxes.   This  option  is typically used on
            backend servers in a Murder so that users  can  subscribe  to  mailboxes  that  don't
            reside on their "home" server.  This option can also be used as a workaround for IMAP
            clients which don't  play  well  with  nonexistent  or  unselectable  mailboxes  (eg.
            Microsoft Outlook).

       allowanonymouslogin: 0
            Permit  logins  by  the  user "anonymous" using any password.  Also allows use of the
            SASL ANONYMOUS mechanism.

       allowapop: 1
            Allow use of the POP3 APOP authentication command.

       Note that this command requires  that  SASL  is  compiled  with  APOP  support,  that  the
       plaintext  passwords  are  available  in a SASL auxprop backend (eg. sasldb), and that the
       system can provide enough entropy (eg. from /dev/urandom) to create  a  challenge  in  the
       banner.

       allownewnews: 0
            Allow use of the NNTP NEWNEWS command.

       Note  that  this  is  a  very expensive command and should only be enabled when absolutely
       necessary.

       allowplaintext: 1
            Allow the use of cleartext passwords on the wire.

       To  disallow  the  use  of  plaintext  passwords   for   authentication,   you   can   set
       ``allowplaintext:  no''  in  imapd.conf.  This  will still allow PLAIN under TLS, but IMAP
       LOGIN commands will now fail.

       If you only  list  plaintext  authentication  mechanisms  in  ``sasl_mech_list''  and  set
       ``allowplaintext:  no'',  only  users  on  encrypted sessions (TLS or SSL) will be able to
       authenticate. On the other hand, if  you  list  no  plaintext  authentication  options  in
       ``sasl_mech_list'', ``allowplaintext: yes'' would have no effect.

       allowusermoves: 0
            Allow moving user accounts (with associated meta-data) via RENAME or XFER.

       Note  that  measures  should be taken to make sure that the user being moved is not logged
       in, and can not login during the move.  Failure to do so may result in  the  user's  meta-
       data (seen state, subscriptions, etc) being corrupted or out of date.

       altnamespace: 0
            Use  the alternate IMAP namespace, where personal folders reside at the same level in
            the hierarchy as INBOX.

       This option ONLY applies where interaction takes place with  the  client/user.   Currently
       this  is limited to the IMAP protocol (imapd) and Sieve scripts (lmtpd).  This option does
       NOT apply to admin tools such as cyradm (admins ONLY), reconstruct, quota, etc., NOR  does
       it affect LMTP delivery of messages directly to mailboxes via plus-addressing.

       annotation_db: skiplist
            The cyrusdb backend to use for mailbox annotations.

            Allowed values: berkeley, berkeley-hash, skiplist

       auth_mech: unix
            The authorization mechanism to use.

            Allowed values: unix, pts, krb, krb5

       autocreatequota: 0
            If  nonzero,  normal users may create their own IMAP accounts by creating the mailbox
            INBOX.  The user's quota is set to the value if it is positive,  otherwise  the  user
            has unlimited quota.

       berkeley_cachesize: 512
            Size  (in  kilobytes)  of  the shared memory buffer pool (cache) used by the berkeley
            environment.  The minimum allowed value is 20.  The maximum allowed value is  4194303
            (4GB).

       berkeley_locks_max: 50000
            Maximum number of locks to be held or requested in the berkeley environment.

       berkeley_txns_max: 100
            Maximum number of transactions to be supported in the berkeley environment.

       client_timeout: 10
            Number of seconds to wait before returning a timeout failure when performing a client
            connection (e.g. in a murder enviornment)

       configdirectory: <none>
            The pathname of the IMAP configuration directory.  This field is required.

       debug_command: <none>
            Debug command to be used by processes started with -D option.   The  string  is  a  C
            format  string  that gets 3 options: the first is the name of the executable (without
            path).  The second is the pid (integer) and the third is the  service  ID.   Example:
            /usr/local/bin/gdb /usr/cyrus/bin/%s %d

       defaultacl: anyone lrs
            The  Access Control List (ACL) placed on a newly-created (non-user) mailbox that does
            not have a parent mailbox.

       defaultdomain: <none>
            The default domain for virtual domain support. Note that this domain is stripped from
            the  email-address  transmitted  using LMTP, but it is not stripped from usernames at
            login-time. For imapd/pop3d, "user" and "user@defaultdomain"  specify  two  different
            users.  Please check install-virtdomains.html for details.

       defaultpartition: default
            The partition name used by default for new mailboxes.

       deleteright: c
            The right that a user needs to delete a mailbox.

       duplicate_db: berkeley-nosync
            The cyrusdb backend to use for the duplicate delivery suppression and sieve.

            Allowed   values:  berkeley,  berkeley-nosync,  berkeley-hash,  berkeley-hash-nosync,
            skiplist

       duplicatesuppression: 1
            If enabled, lmtpd will suppress delivery of a message to a mailbox if a message  with
            the  same  message-id  (or  resent-message-id)  is  recorded  as  having already been
            delivered to the mailbox.  Records the mailbox  and  message-id/resent-message-id  of
            all successful deliveries.

       foolstupidclients: 0
            If  enabled,  only  list  the  personal  namespace when a LIST "*" is performed.  (it
            changes the request to a LIST "INBOX*"

       force_sasl_client_mech: <none>
            Force preference of a given SASL mechanism for client side  operations  (e.g.  murder
            enviornments).   This  is  separate  from  (and overridden by) the ability to use the
            <host shortname>_mechs option to set prefered mechanisms for a specific host

       fulldirhash: 0
            If enabled, uses an  improved  directory  hashing  scheme  which  hashes  the  entire
            username  instead  of  using just the first letter.  This changes hash algorithm used
            for quota and user directories and if  hashimapspool  is  enabled,  the  entire  mail
            spool.

       Note  that  this  option can NOT be changed on a live system.  The server must be quiesced
       and then the directories moved with the rehash utility.

       hashimapspool: 0
            If enabled, the partitions will also be hashed, in addition to the  hashing  done  on
            configuration  directories.   This  is  recommended if one partition has a very bushy
            mailbox tree.

       hostname_mechs: <none>
            Force a particuar list of SASL mechanisms to  be  used  when  authenticating  to  the
            backend  server  hostname  (where  hostname  is  the  short hostname of the server in
            question). If it is not specified it will query the server for  available  mechanisms
            and pick one to use. - Cyrus Murder

       hostname_password: <none>
            The password to use for authentication to the backend server hostname (where hostname
            is the short hostname of the server) - Cyrus Murder

       idlemethod: %IDLE%
            The idle backend to use for IDLE command.

            Allowed values: no, poll, idled

       idlesocket: {configdirectory}/socket/idle
            Unix domain socket that idled listens on.

       ignorereference: 0
            For backwards compatibility with Cyrus 1.5.10 and earlier  --  ignore  the  reference
            argument in LIST or LSUB commands.

       imapidlepoll: 60
            The  interval (in seconds) for polling the mailbox for changes while running the IDLE
            command.  This option is used when idled can not be contacted or when polling is used
            exclusively.  The minimum value is 1.  A value of 0 will disable polling (and disable
            IDLE if polling is the only method available).

       imapidresponse: 1
            If enabled, the server responds to an ID command with a  parameter  list  containing:
            version,  vendor,  support-url,  os,  os-version,  command,  arguments,  environment.
            Otherwise the server returns NIL.

       imapmagicplus: 0
            Only list a restricted set of mailboxes via IMAP by using userid+namespace syntax  as
            the  authentication/authorization  id.   Using userid+ (with an empty namespace) will
            list only subscribed mailboxes.

       implicit_owner_rights: lca
            The implicit Access Control List (ACL) for the owner of a mailbox.

       @include: <none>
            Directive which includes the specified file as part of  the  configuration.   If  the
            path to the file is not absolute, CYRUS_PATH is prepended.

       ldap_authz: <none>
            SASL authorization ID for the LDAP server

       ldap_base: <empty string>
            Contains the LDAP base dn for the LDAP ptloader module

       ldap_bind_dn: <none>
            Bind  DN  for  the  connection  to  the  LDAP  server  (simple bind).  Do not use for
            anonymous simple binds

       ldap_deref: never
            Specify how aliases dereferencing is handled during search.

            Allowed values: search, find, always, never

       ldap_filter: (uid=%u)
            Specify a filter that searches user identifiers.  The following tokens can be used in
            the filter string:

            %%    = % %u   = user %U   = user portion of %u (%U = test when %u = test@domain.tld)
            %d    =  domain  portion  of  %u  if  available  (%d   =   domain.tld   when   %u   =
            %test@domain.tld),   otherwise   same   as   %r   %D     =   user   dn.    (use  when
            ldap_member_method: filter) %1-9 = domain tokens (%1 = tld, %2 =  domain  when  %d  =
            domain.tld)

            ldap_filter is not used when ldap_sasl is enabled.

       ldap_group_base: <empty string>
            LDAP base dn for ldap_group_filter.

       ldap_group_filter: (cn=%u)
            Specify  a  filter  that  searches  for  group identifiers.  See ldap_filter for more
            options.

       ldap_group_scope: sub
            Specify search scope for ldap_group_filter.

            Allowed values: sub, one, base

       ldap_id: <none>
            SASL authentication ID for the LDAP server

       ldap_mech: <none>
            SASL mechanism for LDAP authentication

       ldap_member_attribute: <none>
            See ldap_member_method.

       ldap_member_base: <empty string>
            LDAP base dn for ldap_member_filter.

       ldap_member_filter: (member=%D)
            Specify a filter for "ldap_member_method: filter".  See ldap_filter for more options.

       ldap_member_method: attribute
            Specify a group method.  The "attribute" method retrieves groups from a  multi-valued
            attribute specified in ldap_member_attribute.

            The  "filter"  method uses a filter, specified by ldap_member_filter, to find groups;
            ldap_member_attribute is a single-value attribute group name.

            Allowed values: attribute, filter

       ldap_member_scope: sub
            Specify search scope for ldap_member_filter.

            Allowed values: sub, one, base

       ldap_password: <none>
            Password for the connection to the LDAP server (SASL and simple bind).   Do  not  use
            for anonymous simple binds

       ldap_realm: <none>
            SASL realm for LDAP authentication

       ldap_referrals: 0
            Specify whether or not the client should follow referrals.

       ldap_restart: 1
            Specify  whether or not LDAP I/O operations are automatically restarted if they abort
            prematurely.

       ldap_sasl: 1
            Use SASL for LDAP binds in the LDAP PTS module.

       ldap_sasl_authc: <none>
            Depricated.  Use ldap_id

       ldap_sasl_authz: <none>
            Depricated.  Use ldap_authz

       ldap_sasl_mech: <none>
            Depricated.  Use ldap_mech

       ldap_sasl_password: <none>
            Depricated.  User ldap_password

       ldap_sasl_realm: <none>
            Depricated.  Use ldap_realm

       ldap_scope: sub
            Specify search scope.

            Allowed values: sub, one, base

       ldap_servers: ldap://localhost/
            Depricated.  Use ldap_uri

       ldap_size_limit: 1
            Specify a number of entries for a search request to return.

       ldap_start_tls: 0
            Use StartTLS extended operation.  Do not use ldaps:  ldap_uri  when  this  option  is
            enabled.

       ldap_time_limit: 5
            Specify a number of seconds for a search request to complete.

       ldap_timeout: 5
            Specify a number of seconds a search can take before timing out.

       ldap_tls_cacert_dir: <none>
            Path to directory with CA (Certificate Authority) certificates.

       ldap_tls_cacert_file: <none>
            File containing CA (Certificate Authority) certificate(s).

       ldap_tls_cert: <none>
            File containing the client certificate.

       ldap_tls_check_peer: 0
            Require  and  verify  server  certificate.   If  this option is yes, you must specify
            ldap_tls_cacert_file or ldap_tls_cacert_dir.

       ldap_tls_ciphers: <none>
            List of SSL/TLS ciphers  to  allow.   The  format  of  the  string  is  described  in
            ciphers(1).

       ldap_tls_key: <none>
            File containing the private client key.

       ldap_uri: <none>
            Contains a list of the URLs of all the LDAP servers when using the LDAP PTS module.

       ldap_version: 3
            Specify  the  LDAP  protocol  version.   If  ldap_start_tls  and/or ldap_use_sasl are
            enabled, ldap_version will be automatiacally set to 3.

       lmtp_downcase_rcpt: 0
            If enabled, lmtpd will convert the recipient  address  to  lowercase  (up  to  a  '+'
            character, if present).

       lmtp_over_quota_perm_failure: 0
            If  enabled,  lmtpd  returns  a  permanent failure code when a user's mailbox is over
            quota.  By default, the failure is temporary, causing the MTA to  queue  the  message
            and retry later.

       lmtpsocket: {configdirectory}/socket/lmtp
            Unix  domain  socket that lmtpd listens on, used by deliver(8). This should match the
            path specified in cyrus.conf(5).

       loginrealms: <empty string>
            The  list  of  remote  realms  whose  users  may   authenticate   using   cross-realm
            authentication  identifiers.   Seperate  each  realm name by a space.  (A cross-realm
            identity is considered any identity returned by SASL with an "@" in it.) Note that to
            support  multiple virtual domains on the same interface/IP, you need to list them all
            as loginreals.  If you don't list them here, your users probably won't be able to log
            in.

       loginuseacl: 0
            If  enabled, any authentication identity which has a rights on a user's INBOX may log
            in as that user.

       logtimestamps: 0
            Include notations in the protocol telemetry logs indicating  the  number  of  seconds
            since the last command or response.

       mailnotifier: <none>
            Notifyd(8)  method to use for "MAIL" notifications.  If not set, "MAIL" notifications
            are disabled.

       maxmessagesize: 0
            Maximum incoming LMTP message size.  If non-zero, lmtpd will reject  messages  larger
            than  maxmessagesize  bytes.   If set to 0, this will allow messages of any size (the
            default).

       mboxlist_db: skiplist
            The cyrusdb backend to use for the mailbox list.

            Allowed values: flat, berkeley, berkeley-hash, skiplist

       munge8bit: 1
            If enabled, lmtpd changes 8-bit characters to `X'. Also see  reject8bit.   (A  proper
            soultion  to  non-ASCII  characters  in  headers  is  offered  by  RFC  2047  and its
            predecessors.)

       mupdate_connections_max: 128
            The max number of connections that a mupdate process will allow, this is  related  to
            the  number  of  file  descriptors  in  the  mupdate  process.   Beyond  this  number
            connections will be immedately issued a BYE response.

       mupdate_authname: <none>
            The SASL username (Authentication Name) to use when  authenticating  to  the  mupdate
            server (if needed).

       mupdate_password: <none>
            The SASL password (if needed) to use when authenticating to the mupdate server.

       mupdate_port: 3905
            The port of the mupdate server for the Cyrus Murder

       mupdate_realm: <none>
            The SASL realm (if needed) to use when authenticating to the mupdate server.

       mupdate_retry_delay: 20
            The base time to wait between connection retries to the mupdate server.

       mupdate_server: <none>
            The mupdate server for the Cyrus Murder

       mupdate_workers_start: 5
            The number of mupdate worker threads to start

       mupdate_workers_minspare: 2
            The minimum number of idle mupdate worker threads

       mupdate_workers_maxspare: 10
            The maximum number of idle mupdate worker threads

       mupdate_workers_max: 50
            The maximum number of mupdate worker threads (overall)

       mupdate_username: <empty string>
            The  SASL  username  (Authorization  Name)  to use when authenticating to the mupdate
            server

       netscapeurl: http://asg.web.cmu.edu/cyrus/imapd/netscape-admin.html
            If enabled at compile time, this specifies a URL to  reply  when  Netscape  asks  the
            server  where  the  mail administration HTTP server is.  The default is a site at CMU
            with a hopefully informative message; administrators  should  set  this  to  a  local
            resource with some information of greater use.

       newsmaster: news
            Userid  that  is  used  for  checking  access  controls when executing Usenet control
            messages.  For instance, to allow articles to  be  automatically  deleted  by  cancel
            messages,  give  the  "news"  user  the 'd' right on the desired mailboxes.  To allow
            newsgroups to be automatically created, deleted  and  renamed  by  the  corresponding
            control  messages,  give  the  "news"  user  the  'c'  right  on  the desired mailbox
            hierarchies.

       newspeer: <none>
            A list of whitespace-separated news server specifications to which articles should be
            fed.      Each     server     specification    is    a    string    of    the    form
            [user[:pass]@]host[:port][/wildmat] where 'host' is the fully qualified  hostname  of
            the  server,  'port'  is the port on which the server is listening, 'user' and 'pass'
            are the authentication credentials and 'wildmat' is a pattern  that  specifies  which
            groups  should be fed.  If no 'port' is specified, port 119 is used.  If no 'wildmat'
            is specified, all groups are fed.  If 'user' is specified (even if empty),  then  the
            NNTP POST command will be used to feed the article to the server, otherwise the IHAVE
            command will be used.

            A '@' may be used in place of '!' in the wildmat to prevent feeding  articles  cross-
            posted to the given group, otherwise cross-posted articles are fed if any part of the
            wildmat matches.  For example,  the  string  "peer.example.com:*,!control.*,@local.*"
            would  feed  all groups except control messages and local groups to peer.example.com.
            In the case of cross-posting to local groups, these articles would not be fed.

       newspostuser: <none>
            Userid used to deliver usenet articles to newsgroup folders (usually via  lmtp2nntp).
            For example, if set to "post", email sent to "post+comp.mail.imap" would be delivered
            to the "comp.mail.imap" folder.

            When set, the Cyrus NNTP server will  add  a  To:  header  to  each  incoming  usenet
            article.  This To: header will contain email delivery addresses corresponding to each
            newsgroup in the Newsgroups: header.  By default, a To: header is not added to usenet
            articles.

       newsprefix: <none>
            Prefix  to  be  prepended  to  newsgroup names to make the corresponding IMAP mailbox
            names.

       notifysocket: {configdirectory}/socket/notify
            Unix domain socket that the mail notification daemon listens on.

       partition-name: <none>
            The pathname of the partition name.  At least one field, for the partition  named  in
            the  defaultpartition  option,  is  required.   For  example,  if  the  value  of the
            defaultpartion option is default, then the partition-default field is required.

       plaintextloginpause: 0
            Number of seconds to pause after a successful  plaintext  login.   For  systems  that
            support  strong  authentication,  this  permits  users  to  perceive  a cost of using
            plaintext  passwords.   (This  does  not  affect   the   use   of   PLAIN   in   SASL
            authentications.)

       plaintextloginalert: <none>
            Message to send to client after a successful plaintext login.

       popexpiretime: -1
            The  number  of days advertised as being the minimum a message may be left on the POP
            server before it is deleted (via the CAPA command,  defined  in  the  POP3  Extension
            Mechanism,  which  some clients may support).  "NEVER", the default, may be specified
            with a negative number.  The Cyrus POP3 server never deletes mail, no matter what the
            value  of this parameter is.  However, if a site implements a less liberal policy, it
            needs to change this parameter accordingly.

       popminpoll: 0
            Set the minimum amount of time the server forces users to wait between successive POP
            logins, in minutes.

       poppollpadding: 1
            Create  a  softer minimum poll restriction.  Allows poppollpadding connections before
            the minpoll restriction is triggered.  Additionally, one padding entry  is  recovered
            every  popminpoll  minutes.   This allows for the occasional polling rate faster than
            popminpoll, (i.e. for clients that require a send/recieve to  send  mail)  but  still
            enforces the rate long-term.  Default is 1 (disabled).

            The  easiest  way  to think of it is a queue of past connections, with one slot being
            filled for every connection, and one slot being  cleared  every  popminpoll  minutes.
            When the queue is full, the user will not be able to check mail again until a slot is
            cleared.  If the user waits a sufficent amount of time, they will get  back  many  or
            all of the slots.

       poptimeout: 10
            Set  the  length  of  the  POP server's inactivity autologout timer, in minutes.  The
            minimum value is 10, the default.

       popuseacl: 0
            Enforce IMAP ACLs in the pop server.  Due to the nature of  the  POP3  protocol,  the
            only  rights  which  are  used by the pop server are 'r' and 'd' for the owner of the
            mailbox.  The 'r' right allows  the  user  to  open  the  mailbox  and  list/retrieve
            messages.  The 'd' right allows the user to delete messages.

       postmaster: postmaster
            Username that is used as the 'From' address in rejection MDNs produced by sieve.

       postuser: <empty string>
            Userid  used  to  deliver  messages  to shared folders.  For example, if set to "bb",
            email sent to "bb+shared.blah" would be delivered to the  "shared.blah"  folder.   By
            default, an email address of "+shared.blah" would be used.

       proxy_authname: proxy
            The  authentication  name to use when authenticating to a backend server in the Cyrus
            Murder.

       proxy_password: <none>
            The default password to use when authenticating to a  backend  server  in  the  Cyrus
            Murder.   May  be  overridden  on  a  host-specific basis using the hostname_password
            option.

       proxy_realm: <none>
            The authentication realm to use when authenticating to a backend server in the  Cyrus
            Murder

       proxyd_allow_status_referral: 0
            Set  to  true  to  allow  proxyd  to  issue referrals to clients that support it when
            answering the STATUS command.  This is disabled by default since some  clients  issue
            many  STATUS commands in a row, and do not cache the connections that these referrals
            would cause, thus resulting in a higher authentication load on the respective backend
            server.

       proxyd_disable_mailbox_referrals: 0
            Set to true to disable the use of mailbox-referrals on the proxy servers.

       proxyservers: <none>
            A  list  of  users and groups that are allowed to proxy for other users, seperated by
            spaces.  Any user listed in this will be allowed to login for  any  other  user:  use
            with caution.

       pts_module: afskrb
            The PTS module to use.

            Allowed values: afskrb, ldap

       ptloader_sock: <none>
            Unix domain socket that ptloader listens on.  (defaults to configdir/ptclient/ptsock)

       ptscache_db: berkeley
            The cyrusdb backend to use for the pts cache.

            Allowed values: berkeley, berkeley-hash, skiplist

       ptscache_timeout: 10800
            The  timeout  (in  seconds)  for  the  PTS cache database when using the auth_krb_pts
            authorization method (default: 3 hours).

       ptskrb5_convert524: 1
            When using the AFSKRB ptloader module with Kerberos 5 canonicalization, do the  final
            524  conversion  to get a n AFS style name (using '.' instead of '/', and using short
            names

       ptskrb5_strip_default_realm: 1
            When using the AFSKRB ptloader module with Kerberos  5  canonicalization,  strip  the
            default realm from the userid (this does not affect the stripping of realms specified
            by the afspts_localrealms option)

       quota_db: quotalegacy
            The cyrusdb backend to use for quotas.

            Allowed values: flat, berkeley, berkeley-hash, skiplist, quotalegacy

       quotawarn: 90
            The percent of quota utilization over which the server generates warnings.

       quotawarnkb: 0
            The maximum amount of free space (in kB) in which to give a quota  warning  (if  this
            value  is  0,  or  if the quota is smaller than this amount, than warnings are always
            given).

       reject8bit: 0
            If enabled, lmtpd rejects messages with 8-bit characters in  the  headers.  Also  see
            munge8bit,  which  is only applied if reject8bit is not activated. (A proper soultion
            to non-ASCII characters in headers is offered by RFC 2047 and its predecessors.)

       rfc2046_strict: 0
            If enabled, imapd will be strict (per RFC 2046) when matching MIME boundary  strings.
            This  means that boundaries containing other boundaries as substrings will be treated
            as identical.  Since enabling this option will break some messages created by  Eudora
            5.1  (and  earlier),  it is recommended that it be left disabled unless there is good
            reason to do otherwise.

       rfc3028_strict: 1
            If enabled, Sieve will be strict (per RFC 3028) with regards  to  which  headers  are
            allowed to be used in address and envelope tests.  This means that only those headers
            which are defined to contain addresses will be allowed in address tests and only "to"
            and  "from"  will  be  allowed  in  envelope tests.  When disabled, ANY grammatically
            correct header will be allowed.

       sasl_auto_transition: 0
            If enabled, the SASL library will automatically create  authentication  secrets  when
            given a plaintext password.  See the SASL documentation.

       sasl_maximum_layer: 256
            Maximum  SSF  (security  strength  factor)  that  the  server  will allow a client to
            negotiate. This corresponds to the max_ssf  option  of  libsasl.   Please  check  the
            libsasl documentation for available values.

       sasl_minimum_layer: 0
            The  minimum  SSF  that  the  server  will allow a client to negotiate.  A value of 1
            requires integrity protection (i.e. checksums); any higher value requires some amount
            of  encryption.  This  corresponds  to  the  min_ssf  option of libsasl. Please check
            libsasl documentation for available values.

       sasl_option: 0
            Any SASL option can be set by preceeding it with "sasl_".  This  file  overrides  the
            SASL configuration file.

       sasl_pwcheck_method: <none>
            The  mechanism  used  by  the  server to verify plaintext passwords.  Possible values
            include "auxprop", "saslauthd", and "pwcheck".

       seenstate_db: skiplist
            The cyrusdb backend to use for the seen state.

            Allowed values: flat, berkeley, berkeley-hash, skiplist

       sendmail: /usr/lib/sendmail
            The pathname  of  the  sendmail  executable.   Sieve  invokes  sendmail  for  sending
            rejections, redirects and vacation responses.

       servername: <none>
            This  is  the  hostname  visible  in  the greeting messages of the POP, IMAP and LMTP
            daemons. If it is unset, then the result returned from gethostname(2) is used.

       sharedprefix: Shared Folders
            If using the alternate IMAP namespace, the prefix  for  the  shared  namespace.   The
            hierarchy delimiter will be automatically appended.

       sieve_maxscriptsize: 32
            Maximum  size  (in  kilobytes)  any  sieve  script  can be, enforced at submission by
            timsieved(8).

       sieve_maxscripts: 5
            Maximum number of sieve  scripts  any  user  may  have,  enforced  at  submission  by
            timsieved(8).

       sievedir: /usr/sieve
            If sieveusehomedir is false, this directory is searched for Sieve scripts.

       sievenotifier: <none>
            Notifyd(8)   method   to   use  for  "SIEVE"  notifications.   If  not  set,  "SIEVE"
            notifications are disabled.

       This method is only used when no method is specified in the script.

       sieveusehomedir: 0
            If  enabled,  lmtpd  will  look  for  Sieve  scripts  in  user's  home   directories:
            ~user/.sieve.

       singleinstancestore: 1
            If  enabled,  imapd,  lmtpd and nntpd attempt to only write one copy of a message per
            partition and create hard links, resulting in a potentially large disk savings.

       skiplist_unsafe: 0
            If enabled, this option forces the skiplist cyrusdb backend to not sync writes to the
            disk.  Enabling this option is NOT RECOMMENDED.

       soft_noauth: 1
            If  enabled,  lmtpd  returns  temporary  failures if the client does not successfully
            authenticate.  Otherwise lmtpd returns permanant failures (causing the mail to bounce
            immediately).

       srvtab: <empty string>
            The  pathname  of  srvtab  file  containing the server's private key.  This option is
            passed to the SASL library and overrides its default setting.

       subscription_db: flat
            The cyrusdb backend to use for the subscriptions list.

            Allowed values: flat, berkeley, berkeley-hash, skiplist

       syslog_prefix: <none>
            String to be prepended to the process name in syslog entries.

       temp_path: /tmp
            The pathname to store temporary files in

       timeout: 30
            The length of the IMAP server's inactivity autologout timer, in minutes.  The minimum
            value is 30, the default.

       tls_ca_file: <none>
            File containing one or more Certificate Authority (CA) certificates.

       tls_ca_path: <none>
            Path  to directory with certificates of CAs.  This directory must have filenames with
            the hashed value of the certificate (see openssl(XXX)).

       tlscache_db: berkeley-nosync
            The cyrusdb backend to use for the TLS cache.

            Allowed  values:  berkeley,  berkeley-nosync,  berkeley-hash,   berkeley-hash-nosync,
            skiplist

       tls_cert_file: <none>
            File  containing the certificate presented for server authentication during STARTTLS.
            A value of "disabled" will disable SSL/TLS.

       tls_cipher_list: DEFAULT
            The list of SSL/TLS ciphers to allow.  The format  of  the  string  is  described  in
            ciphers(1).

       tls_key_file: <none>
            File  containing  the  private  key  belonging to the server certificate.  A value of
            "disabled" will disable SSL/TLS.

       tls_require_cert: 0
            Require a client certificate for ALL services (imap, pop3, lmtp, sieve).

       tls_session_timeout: 1440
            The length of time (in minutes) that a TLS session will be cached  for  later  reuse.
            The maximum value is 1440 (24 hours), the default.  A value of 0 will disable session
            caching.

       umask: 077
            The umask value used by various Cyrus IMAP programs.

       username_tolower: 1
            Convert usernames to all lowercase before login/authenticate.  This  is  useful  with
            authentication backends which ignore case during username lookups (such as LDAP).

       userprefix: Other Users
            If using the alternate IMAP namespace, the prefix for the other users namespace.  The
            hierarchy delimiter will be automatically appended.

       unix_group_enable: 1
            Should we look up groups when using auth_unix (disable this  if  you  are  not  using
            groups in ACLs for your IMAP server, and you are using auth_unix with a backend (such
            as LDAP) that can make getgrent() calls very slow)

       unixhierarchysep: 0
            Use the UNIX separator character '/' for delimiting levels of mailbox hierarchy.  The
            default is to use the netnews separator character '.'.

       virtdomains: off
            Enable  virtual  domain support.  If enabled, the user's domain will be determined by
            splitting a fully qualified userid at the last '@' or '%' symbol.  If the  userid  is
            unqualified,  and  the  virtdomains  option  is  set to "on", then the domain will be
            determined by doing a reverse lookup on  the  IP  address  of  the  incoming  network
            interface, otherwise the user is assumed to be in the default domain (if set).

            Allowed values: off, userid, ldap, on

SEE ALSO

       imapd(8),  pop3d(8),  nntpd(8),  lmtpd(8), timsieved(8), idled(8), notifyd(8), deliver(8),
       master(8), ciphers(1)

       Allowed values: off, userid, ldap, on