Provided by: kopano-gateway_8.7.0-7.1ubuntu11_amd64 bug


       kopano-gateway.cfg - The Kopano gateway configuration file




       The gateway.cfg is a configuration file for the Kopano Gateway.  gateway.cfg contains
       instructions for the software to set up the logging system and to enable or disable the
       POP3, POP3S, IMAP or IMAPS part of the service.


       The file consists of one big section, but parameters can be grouped by functionality.

       The parameters are written in the form:

       name = value

       The file is line-based. Each newline-terminated line represents either a comment, nothing,
       a parameter or a directive. A line beginning with `#' is considered a comment, and will be
       ignored by Kopano. Parameter names are case sensitive. Lines beginning with `!' are

       Directives are written in the form:

       !directive [argument(s)]

       The following directives exist:

           Include and process argument

           Example: !include common.cfg


       Hostname of the server to print to a client in the logon greeting. Leave empty to use DNS
       to find the hostname.


       Whether to show the hostname in the logon greeting to clients. This config option is
       reloadable using the HUP signal.

       Default: no

       A space-separated list of address:port specifiers for where the server should listen for
       unencrypted and STARTTLS-ed IMAP connections. IPv6 addresses need to be enclosed in
       brackets (as in [2001:db8::1]:236), and the asterisk is the multi-protocol address

       Default: *:143

       A space-separated list of address:port spcifiers for implicit-SSL IMAP connections,
       similar to imap_listen. Normally placed on port 993.

       Default: (empty)

       A space-separated list of address:port specifiers for where the server should listen for
       unencrypted and STARTTLS-ed POP3 connections. IPv6 addresses need to be enclosed in
       brackets (as in [2001:db8::1]:236), and the asterisk is the multi-protocol address

       Default: *:110

       A space-separated list of address:port spcifiers for implicit-SSL POP3 connections,
       similar to pop3_listen. Normally placed on port 995.

       Default: (empty)

       The http address of the storage server.

       Default: http://localhost:236/

       It is not advised to specify the UNIX socket here, but the http address instead. In
       default configuration the gateway will then be trusted by the storage server (as set in
       its local_admin_users configuration setting). Unless is run as an untrusted user, by
       specifying the run_as_user, the gateway always authenticates users even if they provide no
       or wrong credentials!

       After correctly starting, the gateway process will become this user, dropping root
       privileges. Note that the log file needs to be writeable by this user, and the directory
       too to create new logfiles after logrotation. This can also be achieved by setting the
       correct group and permissions.

       Default value is empty, not changing the user after starting.

       After correctly starting, the gateway process will become this group, dropping root

       Default value is empty, not changing the group after starting.

       Write the process ID number to this file. This is used by the init.d script to correctly
       stop/restart the service.

       Default: /var/run/kopano/

       Change directory to this path when running in daemonize mode. When using the -F switch to
       run in the foreground the directory will not be changed.

       Default: /

       When a crash occurs or an assertion fails, a coredump file can be generated by the system
       for use with a crash report. For details, see the kopano-coredump(5) manpage.

       Default: systemdefault

       You can change the process model between fork and thread. The forked model uses somewhat
       more resources, but if a crash is triggered, this will only affect one user. In the
       threaded model, a crash means all users are affected, and will not be able to use the

       Default: thread

       This parameter can be used to skip password verification when connecting over the UNIX
       socket. Connecting through the UNIX socket can have a big performance gain, compared to
       the TCP socket of kopano-server. As kopano-gateway is usually running as the user kopano
       (which is a local_admin_user in kopano-server) this would normally mean that kopano-
       gateway would only verify usernames and no password (because its running as an
       administrator). When set to no (default value) forces verification of passwords, even when
       running as an administrator. For migrations you will want to set yes.

       Default: no

       Enable the IMAP and IMAPS service to only show the mailfolders. This is the default
       behaviour. When this option is set to 'no', you will also be able to select you calendar
       and contacts and such. These views will not contain all information, since these items
       cannot be converted to a rfc-822 mail item.

       Default: yes

       Enable the IMAP and IMAPS service to also show the public store with subfolders. This is
       the default behaviour. When this option is set to 'no', IMAP clients will only see the
       users' folder.

       Default: yes

       Allow IMAP clients to issue the IDLE command. When an IMAP client is idle, it may receive
       notifications from the server about changes of the selected folder. This may increase load
       on the server when many users are using the IMAP service.

       Default: yes

       Limit the maximum message size (in bytes) which can be created by an IMAP client. The
       maximum of this value is 4GB although this is not recommended. If the value is too high it
       will cause a segmentation fault. This value may contain a k, m or g multiplier.

       Default: 128M

       Normally when you delete an e-mail in an IMAP client, it will only be marked as deleted,
       and not removed from the folder. The client should send the EXPUNGE command to actually
       remove the item from the folder (where Kopano will place it in the soft-delete system).
       When this option is set to yes, the kopano-gateway will issue the expunge command itself
       directly after a 'mark as delete' command was received.

       Default: no

       Maximum of failed commands before forcibly closing connection of client. This makes sure
       that a client which does repeatedly fails on a specific connection (like opening folders
       over and over again which do not exist) does not affect the overall performance of the
       gateway process. With the default value set to 10, normal operation will work for most
       productionenvironments. With IMAP migrations, this value should be set higher as many
       traditional IMAP migration tools try to fetch folders which do not necessarily exist
       before, so in a migration scenario this value should be set higher, at minimum to the
       number of folders to be migrated from the largest mailbox.

       Default: 10

       Some MUAs are sending commands via idle causing the connection to reach
       imap_max_fail_commands and leaves the client in a broken state. The clients include Apple
       Mail. If you experience problems or uses Apple Mail set this option to yes.

       Default: no

       Disable all plaintext POP3 and IMAP authentications unless SSL/TLS is used (except for
       connections originating from localhost, to allow saslauthd with rimap). Obviously, this
       requires at least ssl_private_key_file and ssl_certificate_file to take effect.

       Default: no

       The gateway will use this file as private key for SSL TLS. This file can be created with:
       openssl genrsa -out /etc/kopano/gateway/privkey.pem 2048.

       Default: /etc/kopano/gateway/privkey.pem

       The gateway will use this file as certificate for SSL TLS. A self-signed certificate can
       be created with: openssl req -new -x509 -key /etc/kopano/gateway/privkey.pem -out
       /etc/kopano/gateway/cert.pem -days 1095.

       Default: /etc/kopano/gateway/cert.pem

       Enable client certificate verification with value yes. All other values disable the

       Default: no

       The file to verify the clients certificates with.

       Default: value not set.

       The path with the files to verify the clients certificates with.

       Default: value not set.

       A space-separated list of disabled or enabled protocol names.  Supported protocol names
       depend on the system's SSL library; depending on version, one or more of the following are
       available: TLSv1.3, TLSv1.2, TLSv1.1, SSLv3, SSLv2. To disable a protocol, prefix the name
       with an exclamation mark.

       Default: !SSLv2 !SSLv3 !TLSv1 !TLSv1.1

       A colon-separated list of disabled or enabled SSL/TLS ciphers. Supported cipher names
       depend on the system's SSL library, and are generally plentiful. To disable a cipher or
       cipher group, prefix the name with a minus or exclamation mark. Details and meaning of the
       syntax are described in ciphers(1).


       In SSLv3 and newer, the server side gets to make the ultimate cipher pick out of the set
       that both ends support. In doing so, it can either use the client preference list, or, if
       this directive is set to "yes", its own list (as determined by ssl_cipher).

       Default: yes

       ECDH curves to use for SSL

       Default: X25519:P-521:P-384:P-256

       The method which should be used for logging. Valid values are:

       syslog Use the syslog service. Messages will be sent using the "mail" facility tag. See
              also journald.conf(5) or syslog.conf(5).

       file   Log to a file. The filename will be specified in log_file.

       auto   Autoselect mode: If log_file is set, that will be used.  Else, syslog will be used
              if it looks like it is available.  Else, stderr.

       Default: auto

       When logging to a file, specify the filename in this parameter. Use - (minus sign) for
       stderr output.

       Default: -

       The level of output for logging in the range from 0 to 6. "0" means no logging, "1" for
       critical messages only, "2" for error or worse, "3" for warning or worse, "4" for notice
       or worse, "5" for info or worse, "6" debug.

       Default: 3

       Specify whether to prefix each log line with a timestamp in 'file' logging mode.

       Default: 1

       Buffer logging in what sized blocks. The special value 0 selects line buffering.

       Default: 0


       The following options are reloadable by sending the kopano-gateway process a HUP signal:



           The Kopano gateway configuration file.


       Written by Kopano.