Provided by: kopano-gateway_8.5.5-0ubuntu1_amd64 
NAME
kopano-gateway.cfg - The Kopano gateway configuration file
SYNOPSIS
gateway.cfg
DESCRIPTION
The gateway.cfg is a configuration file for the Kopano Gateway. gateway.cfg contains
instructions for the software to set up the logging system and to enable or disable the
POP3, POP3S, IMAP or IMAPS part of the service.
FILE FORMAT
The file consists of one big section, but parameters can be grouped by functionality.
The parameters are written in the form:
name = value
The file is line-based. Each newline-terminated line represents either a comment, nothing,
a parameter or a directive. A line beginning with `#' is considered a comment, and will be
ignored by Kopano. Parameter names are case sensitive. Lines beginning with `!' are
directives.
Directives are written in the form:
!directive [argument(s)]
The following directives exist:
include
Include and process argument
Example: !include common.cfg
EXPLANATION OF EACH PARAMETER
server_bind
IP address to bind to. Leave empty to bind to all addresses.
Default: (empty)
server_hostname
Hostname of the server to print to a client in the logon greeting. Leave empty to use DNS
to find the hostname.
Default:
server_hostname_greeting
Whether to show the hostname in the logon greeting to clients. This config option is
reloadable using the HUP signal.
Default: no
pop3_enable
Enable POP3 service with value yes. All other values disable the service.
Default: yes
pop3_port
The POP3 service will listen on this port for incoming connections.
Default: 110
pop3s_enable
Enable POP3S service with value yes. All other values disable the service.
Default: yes
pop3s_port
The POP3S service will listen on this port for incoming connections.
Default: 995
imap_enable
Enable IMAP service with value yes. All other values disable the service.
Default: yes
imap_port
The IMAP service will listen on this port for incoming connections.
Default: 143
imaps_enable
Enable IMAPS service with value yes. All other values disable the service.
Default: yes
imaps_port
The IMAPS service will listen on this port for incoming connections.
Default: 993
server_socket
The http address of the storage server.
Default: http://localhost:236/
It is not advised to specify the UNIX socket here, but the http address instead. In
default configuration the gateway will then be trusted by the storage server (as set in
its local_admin_users configuration setting). Unless is run as an untrusted user, by
specifying the run_as_user, the gateway always authenticates users even if they provide no
or wrong credentials!
run_as_user
After correctly starting, the gateway process will become this user, dropping root
privileges. Note that the log file needs to be writeable by this user, and the directory
too to create new logfiles after logrotation. This can also be achieved by setting the
correct group and permissions.
Default value is empty, not changing the user after starting.
run_as_group
After correctly starting, the gateway process will become this group, dropping root
privileges.
Default value is empty, not changing the group after starting.
pid_file
Write the process ID number to this file. This is used by the init.d script to correctly
stop/restart the service.
Default: /var/run/kopano/gateway.pid
running_path
Change directory to this path when running in daemonize mode. When using the -F switch to
run in the foreground the directory will not be changed.
Default: /
coredump_enabled
When a crash occurs or an assertion fails, a coredump file can be generated. This file
should be sent along with the crash report. It is turned on by default in Kopano, but your
system may have it disabled. For details, see the kopano-coredump(5) manpage.
process_model
You can change the process model between fork and thread. The forked model uses somewhat
more resources, but if a crash is triggered, this will only affect one user. In the
threaded model, a crash means all users are affected, and will not be able to use the
service.
Default: thread
bypass_auth
This parameter can be used to skip password verification when connecting over the UNIX
socket. Connecting through the UNIX socket can have a big performance gain, compared to
the TCP socket of kopano-server. As kopano-gateway is usually running as the user kopano
(which is a local_admin_user in kopano-server) this would normally mean that kopano-
gateway would only verify usernames and no password (because its running as an
administrator). When set to no (default value) forces verification of passwords, even when
running as an administrator. For migrations you will want to set yes.
Default: no
imap_only_mailfolders
Enable the IMAP and IMAPS service to only show the mailfolders. This is the default
behaviour. When this option is set to 'no', you will also be able to select you calendar
and contacts and such. These views will not contain all information, since these items
cannot be converted to a rfc-822 mail item.
Default: yes
imap_public_folders
Enable the IMAP and IMAPS service to also show the public store with subfolders. This is
the default behaviour. When this option is set to 'no', IMAP clients will only see the
users' folder.
Default: yes
imap_capability_idle
Allow IMAP clients to issue the IDLE command. When an IMAP client is idle, it may receive
notifications from the server about changes of the selected folder. This may increase load
on the server when many users are using the IMAP service.
Default: yes
imap_max_messagesize
Limit the maximum message size (in bytes) which can be created by an IMAP client. The
maximum of this value is 4GB although this is not recommended. If the value is too high it
will cause a segmentation fault. This value may contain a k, m or g multiplier.
Default: 128M
imap_expunge_on_delete
Normally when you delete an e-mail in an IMAP client, it will only be marked as deleted,
and not removed from the folder. The client should send the EXPUNGE command to actually
remove the item from the folder (where Kopano will place it in the soft-delete system).
When this option is set to yes, the kopano-gateway will issue the expunge command itself
directly after a 'mark as delete' command was received.
Default: no
imap_max_fail_commands
Maximum of failed commands before forcibly closing connection of client. This makes sure
that a client which does repeatedly fails on a specific connection (like opening folders
over and over again which do not exist) does not affect the overall performance of the
gateway process. With the default value set to 10, normal operation will work for most
productionenvironments. With IMAP migrations, this value should be set higher as many
traditional IMAP migration tools try to fetch folders which do not necessarily exist
before, so in a migration scenario this value should be set higher, at minimum to the
number of folders to be migrated from the largest mailbox.
Default: 10
imap_ignore_command_idle
Some MUAs are sending commands via idle causing the connection to reach
imap_max_fail_commands and leaves the client in a broken state. The clients include Apple
Mail. If you experience problems or uses Apple Mail set this option to yes.
Default: no
disable_plaintext_auth
Disable all plaintext POP3 and IMAP authentications unless SSL/TLS is used (except for
connections originating from localhost, to allow saslauthd with rimap). Obviously, this
requires at least ssl_private_key_file and ssl_certificate_file to take effect.
Default: no
ssl_private_key_file
The gateway will use this file as private key for SSL TLS. This file can be created with:
openssl genrsa -out /etc/kopano/gateway/privkey.pem 2048.
Default: /etc/kopano/gateway/privkey.pem
ssl_certificate_file
The gateway will use this file as certificate for SSL TLS. A self-signed certificate can
be created with: openssl req -new -x509 -key /etc/kopano/gateway/privkey.pem -out
/etc/kopano/gateway/cert.pem -days 1095.
Default: /etc/kopano/gateway/cert.pem
ssl_verify_client
Enable client certificate verification with value yes. All other values disable the
verification.
Default: no
ssl_verify_file
The file to verify the clients certificates with.
Default: value not set.
ssl_verify_path
The path with the files to verify the clients certificates with.
Default: value not set.
ssl_protocols
Disabled or enabled protocol names. Supported protocol names are SSLv3 and TLSv1. If
Kopano was linked against OpenSSL 1.0.1 or later there is additional support for the new
protocols TLSv1.1 and TLSv1.2. To exclude both SSLv3 and TLSv1, set server_ssl_protocols
to !SSLv3 !TLSv1.
Default: SSLv2 being disabled
ssl_ciphers
SSL ciphers to use, set to ALL for backward compatibility.
Default: ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_prefer_server_ciphers
Prefer the server's order of SSL ciphers over client's.
Default: no
log_method
The method which should be used for logging. Valid values are:
syslog Use the Linux system log. All messages will be written to the mail facility. See
also syslog.conf(5).
file Log to a file. The filename will be specified in log_file.
Default: file
log_file
When logging to a file, specify the filename in this parameter. Use - (minus sign) for
stderr output.
Default: /var/log/kopano/gateway.log
log_level
The level of output for logging in the range from 0 to 5. 0=no logging, 5=full logging.
Default: 2
log_timestamp
Specify whether to prefix each log line with a timestamp in 'file' logging mode.
Default: 1
log_buffer_size
Buffer logging in what sized blocks. The special value 0 selects line buffering.
Default: 0
RELOADING
The following options are reloadable by sending the kopano-gateway process a HUP signal:
log_level
FILES
/etc/kopano/gateway.cfg
The Kopano gateway configuration file.
AUTHOR
Written by Kopano.
SEE ALSO
kopano-gateway(8)