kolab-cyrus-imapd/debian/imapd.conf

# Debian Cyrus imapd.conf
# $Id: imapd.conf 95 2005-04-08 00:10:54Z sven $
# See imapd.conf(5) for more information and more options

# Configuration directory
configdirectory: /var/lib/cyrus

# Which partition to use for default mailboxes
defaultpartition: default
partition-default: /var/spool/cyrus/mail

# News setup
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news

# Alternate namespace
# If enabled, activate the alternate namespace as documented in
# /usr/share/doc/cyrus22-doc/html/altnamespace.html, where an user's
# subfolders are in the same level as the INBOX
# See also userprefix and sharedprefix on imapd.conf(5)
altnamespace: no

# UNIX Hierarchy Convention
# Set to yes, and cyrus will accept dots in names, and use the forward
# slash "/" to delimit levels of the hierarchy. This is done by converting
# internally all dots to "^", and all "/" to dots. So the "rabbit.holes"
# mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes"
unixhierarchysep: yes

# Rejecting illegal characters in headers
# Headers of RFC2882 messages must not have characters with the 8th bit
# set. However, too many badly-written MUAs generate this, including most
# spamware. Enable this to reject such messages.
#reject8bit: yes

# Munging illegal characters in headers
# Headers of RFC2882 messages must not have characters with the 8th bit
# set. However, too many badly-written MUAs generate this, including most
# spamware. If you kept reject8bit disabled, you can choose to leave the
# crappage untouched by disabling this (if you don't care that IMAP SEARCH
# won't work right anymore.
#munge8bit: no

# Forcing recipient user to lowercase
# Cyrus 2.2 is case-sensitive.  If all your mail users are in lowercase, it is
# probably a very good idea to set lmtp_downcase_rcpt to true.  The default is
# to assume the user knows what he is doing, and not downcase anything.
lmtp_downcase_rcpt: yes

# Uncomment the following and add the space-separated users who 
# have admin rights for all services.
admins: cyrus manager

# Space-separated list of users that have lmtp "admin" status (i.e. that
# can deliver email through TCP/IP lmtp) in addition to those in the
# admins: entry above
#lmtp_admins: postman

# Space-separated list of users that have mupdate "admin" status, in
# addition to those in the admins: entry above. Note that mupdate slaves and 
# backends in a Murder cluster need to autenticate against the mupdate master
# as admin users.
#mupdate_admins: mupdateman

# Space-separated list of users that have imapd "admin" status, in
# addition to those in the admins: entry above
#imap_admins: cyrus

# Space-separated list of users that have sieve "admin" status, in
# addition to those in the admins: entry above
#sieve_admins: cyrus

# List of users and groups that are allowed to proxy for other users,
# seperated by spaces.  Any user listed in this will be allowed to login
# for any other user.  Like "admins:" above, you can have imap_proxyservers
# and sieve_proxyservers.
#proxyservers: cyrus

# No anonymous logins
allowanonymouslogin: no

# Minimum time between POP mail fetches in minutes
popminpoll: 1

# If nonzero, normal users may create their own IMAP accounts by creating
# the mailbox INBOX.  The user's quota is set to the value if it is positive,
# otherwise the user has unlimited quota.
autocreatequota: 0

# umask used by Cyrus programs
umask: 077

# Sendmail binary location
# DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3. 
# For now, to work around the bug, set this to a wrapper that calls 
# /usr/sbin/sendmail -dropcr instead if you use Exim 3.
#sendmail: /usr/sbin/sendmail

# If enabled, cyrdeliver will look for Sieve scripts in user's home
# directories: ~user/.sieve.
sieveusehomedir: false

# If sieveusehomedir is false, this directory is searched for Sieve scripts.
sievedir: /var/spool/sieve

# notifyd(8) method to use for "MAIL" notifications.  If not set, "MAIL"
# notifications are disabled.  Valid methods are: null, log, zephyr
#mailnotifier: zephyr

# notifyd(8) method to use for "SIEVE" notifications.  If not set, "SIEVE"
# notifications are disabled.  This method is only used when no method is
# specified in the script.  Valid methods are null, log, zephyr, mailto
#sievenotifier: zephyr

# DRAC (pop-before-smtp, imap-before-smtp) support
# Set dracinterval to the time in minutes to call DRAC while a user is
# connected to the imap/pop services. Set to 0 to disable DRAC (default)
# Set drachost to the host where the rpc drac service is running
#dracinterval: 0
#drachost: localhost

# If enabled, the partitions will also be hashed, in addition to the hashing
# done on configuration directories. This is recommended if one partition has a
# very bushy mailbox tree.
hashimapspool: true

# Allow plaintext logins by default (SASL PLAIN)
allowplaintext: yes

# Force PLAIN/LOGIN authentication only
# (you need to uncomment this if you are not using an auxprop-based SASL
# mechanism.  saslauthd users, that means you!). And pay attention to
# sasl_minimum_layer and allowapop below, too.
sasl_mech_list: PLAIN

# Allow use of the POP3 APOP authentication command.
# Note that this command requires that the plaintext passwords are 
# available in a SASL auxprop backend (eg. sasldb), and that the system
# can provide enough entropy (eg. from /dev/urandom) to create a challenge
# in the banner.
#allowapop: no

# The minimum SSF that the server will allow a client to negotiate. A
# value of 1 requires integrity protection; any higher value requires some
# amount of encryption.
#sasl_minimum_layer: 0

# The maximum SSF that the server will allow a client to negotiate. A
# value of 1 requires integrity protection; any higher value requires some
# amount of encryption.
#sasl_maximum_layer: 256

# List of remote realms whose users may log in using cross-realm
# authentications. Seperate each realm name by a space. A cross-realm
# identity is considered any identity returned by SASL with an "@" in it.
# NOTE: To support multiple virtual domains on the same interface/IP,
# you need to list them all as loginreals. If you don't list them here,
# (most of) your users probably won't be able to log in.
#loginrealms: example.com

# Enable virtual domain support.  If enabled, the user's domain will
# be determined by splitting a fully qualified userid at the last '@'
# or '%' symbol.  If the userid is unqualified, and the virtdomains
# option is set to "on", then the domain will be determined by doing
# a reverse lookup on the IP address of the incoming network
# interface, otherwise the user is assumed to be in the default
# domain (if set).
# Kolab uses ldap for virtual domains
virtdomains: ldap

# The default domain for virtual domain support
# If the domain of a user can't be taken from its login and it can't
# be determined by doing a reverse lookup on the interface IP, this
# domain is used.
#defaultdomain: 

#
# SASL library options (these are handled directly by the SASL libraries,
# refer to SASL documentation for an up-to-date list of these)
#

# The mechanism(s) used by the server to verify plaintext passwords. Possible
# values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue".  They
# are tried in order, you can specify more than one, separated by spaces.
#
# Do note that, since sasl will be run as user cyrus, you may have a lot of
# trouble to set this up right.
sasl_pwcheck_method: saslauthd

# What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop
# by default, all plugins are tried (which is probably NOT what you want).
#sasl_auxprop_plugin: sasldb

# If enabled, the SASL library will automatically create authentication secrets
# when given a plaintext password. Refer to SASL documentation 
sasl_auto_transition: no

#
# SSL/TLS Options
#

# File containing the global certificate used for ALL services (imap, pop3,
# lmtp, sieve)
#tls_cert_file: /etc/ssl/certs/cyrus-global.pem

# File containing the private key belonging to the global server certificate.
#tls_key_file: /etc/ssl/private/cyrus-global.key

# File containing the certificate used for imap. If not specified, the global
# certificate is used.  A value of "disabled" will disable SSL/TLS for imap.
#tls_imap_cert_file: /etc/ssl/certs/cyrus-imap.pem

# File containing the private key belonging to the imap-specific server
# certificate.  If not specified, the global private key is used.  A value of
# "disabled" will disable SSL/TLS for imap.
#tls_imap_key_file: /etc/ssl/private/cyrus-imap.key

# File containing the certificate used for pop3. If not specified, the global
# certificate is used.  A value of "disabled" will disable SSL/TLS for pop3.
#tls_pop3_cert_file: /etc/ssl/certs/cyrus-pop3.pem

# File containing the private key belonging to the pop3-specific server
# certificate.  If not specified, the global private key is used.  A value of
# "disabled" will disable SSL/TLS for pop3.
#tls_pop3_key_file: /etc/ssl/private/cyrus-pop3.key

# File containing the certificate used for lmtp. If not specified, the global
# certificate is used.  A value of "disabled" will disable SSL/TLS for lmtp.
#tls_lmtp_cert_file: /etc/ssl/certs/cyrus-lmtp.pem

# File containing the private key belonging to the lmtp-specific server
# certificate.  If not specified, the global private key is used.  A value of
# "disabled" will disable SSL/TLS for lmtp.
#tls_lmtp_key_file: /etc/ssl/private/cyrus-lmtp.key

# File containing the certificate used for sieve. If not specified, the global
# certificate is used.  A value of "disabled" will disable SSL/TLS for sieve.
#tls_sieve_cert_file: /etc/ssl/certs/cyrus-sieve.pem

# File containing the private key belonging to the sieve-specific server
# certificate.  If not specified, the global private key is used.  A value of
# "disabled" will disable SSL/TLS for sieve.
#tls_sieve_key_file: /etc/ssl/private/cyrus-sieve.key

# File containing one or more Certificate Authority (CA) certificates.
#tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem

# Path to directory with certificates of CAs.
tls_ca_path: /etc/ssl/certs

# The length of time (in minutes) that a TLS session will be cached for later
# reuse.  The maximum value is 1440 (24 hours), the default.  A value of 0 will
# disable session caching.
tls_session_timeout: 1440

# The list of SSL/TLS ciphers to allow.  The format of the string is described
# in ciphers(1). THIS DISABLES THE WEAK 'FOR EXPORT' CRAP!
tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH

# Require a client certificate for ALL services (imap, pop3, lmtp, sieve).
#tls_require_cert: false

# Require a client certificate for imap ONLY.
#tls_imap_require_cert: false

# Require a client certificate for pop3 ONLY.
#tls_pop3_require_cert: false

# Require a client certificate for lmtp ONLY.
#tls_lmtp_require_cert: false

# Require a client certificate for sieve ONLY.
#tls_sieve_require_cert: false

#
# Cyrus Murder cluster configuration
#
# Set the following options to the values needed for this server to
# autenticate against the mupdate master server:
# mupdate_server
# mupdate_port
# mupdate_username
# mupdate_authname
# mupdate_realm
# mupdate_password
# mupdate_retry_delay

##
## KEEP THESE IN SYNC WITH cyrus.conf
##
# Unix domain socket that lmtpd listens on.
lmtpsocket: /var/run/cyrus/socket/lmtp

# Unix domain socket that idled listens on.
idlesocket: /var/run/cyrus/socket/idle

# Unix domain socket that the new mail notification daemon listens on.
notifysocket: /var/run/cyrus/socket/notify

# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.)
syslog_prefix: cyrus

##
## LDAP
##
ptloader_sock: /var/run/cyrus/socket/ptsock

ldap_sasl:0
ldap_uri: ldap://localhost:389
ldap_base: dc=example,dc=com
ldap_bind_dn: cn=manager,cn=internal,dc=example,dc=com
ldap_password: PASSWORD
ldap_filter: (&(cn=%U)(objectClass=kolabInetOrgPerson))
ldap_member_base: dc=example,dc=com
ldap_member_filter: (member=%D)
ldap_member_method: filter
ldap_member_attribute: mail
ldap_group_base: dc=example,dc=com
ldap_group_filter: cn=%U

##
## DEBUGGING
##
# Debugging hook. See /usr/share/doc/cyrus22-common/README.Debian.debug
# Keep the hook disabled when it is not in use
#
# gdb Back-traces
#debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 &
#
# system-call traces
#debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 &
#
# library traces
#debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 &
1	white-guest	110	# Debian Cyrus imapd.conf
2			# $Id: imapd.conf 95 2005-04-08 00:10:54Z sven $
3			# See imapd.conf(5) for more information and more options
4
5			# Configuration directory
6			configdirectory: /var/lib/cyrus
7
8			# Which partition to use for default mailboxes
9	white-guest	147	defaultpartition: default
10	white-guest	110	partition-default: /var/spool/cyrus/mail
11
12			# News setup
13	white-guest	147	partition-news: /var/spool/cyrus/news
14			newsspool: /var/spool/news
15	white-guest	110
16			# Alternate namespace
17			# If enabled, activate the alternate namespace as documented in
18			# /usr/share/doc/cyrus22-doc/html/altnamespace.html, where an user's
19			# subfolders are in the same level as the INBOX
20			# See also userprefix and sharedprefix on imapd.conf(5)
21	white-guest	147	altnamespace: no
22	white-guest	110
23			# UNIX Hierarchy Convention
24			# Set to yes, and cyrus will accept dots in names, and use the forward
25			# slash "/" to delimit levels of the hierarchy. This is done by converting
26			# internally all dots to "^", and all "/" to dots. So the "rabbit.holes"
27			# mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes"
28	white-guest	150	unixhierarchysep: yes
29	white-guest	110
30			# Rejecting illegal characters in headers
31			# Headers of RFC2882 messages must not have characters with the 8th bit
32			# set. However, too many badly-written MUAs generate this, including most
33			# spamware. Enable this to reject such messages.
34	white-guest	147	#reject8bit: yes
35	white-guest	110
36			# Munging illegal characters in headers
37			# Headers of RFC2882 messages must not have characters with the 8th bit
38			# set. However, too many badly-written MUAs generate this, including most
39			# spamware. If you kept reject8bit disabled, you can choose to leave the
40			# crappage untouched by disabling this (if you don't care that IMAP SEARCH
41			# won't work right anymore.
42			#munge8bit: no
43
44			# Forcing recipient user to lowercase
45			# Cyrus 2.2 is case-sensitive. If all your mail users are in lowercase, it is
46			# probably a very good idea to set lmtp_downcase_rcpt to true. The default is
47			# to assume the user knows what he is doing, and not downcase anything.
48	white-guest	182	lmtp_downcase_rcpt: yes
49	white-guest	110
50			# Uncomment the following and add the space-separated users who
51			# have admin rights for all services.
52	white-guest	149	admins: cyrus manager
53	white-guest	110
54			# Space-separated list of users that have lmtp "admin" status (i.e. that
55			# can deliver email through TCP/IP lmtp) in addition to those in the
56			# admins: entry above
57			#lmtp_admins: postman
58
59			# Space-separated list of users that have mupdate "admin" status, in
60			# addition to those in the admins: entry above. Note that mupdate slaves and
61			# backends in a Murder cluster need to autenticate against the mupdate master
62			# as admin users.
63			#mupdate_admins: mupdateman
64
65			# Space-separated list of users that have imapd "admin" status, in
66			# addition to those in the admins: entry above
67			#imap_admins: cyrus
68
69			# Space-separated list of users that have sieve "admin" status, in
70			# addition to those in the admins: entry above
71			#sieve_admins: cyrus
72
73			# List of users and groups that are allowed to proxy for other users,
74			# seperated by spaces. Any user listed in this will be allowed to login
75			# for any other user. Like "admins:" above, you can have imap_proxyservers
76			# and sieve_proxyservers.
77			#proxyservers: cyrus
78
79			# No anonymous logins
80			allowanonymouslogin: no
81
82			# Minimum time between POP mail fetches in minutes
83	white-guest	147	popminpoll: 1
84	white-guest	110
85			# If nonzero, normal users may create their own IMAP accounts by creating
86			# the mailbox INBOX. The user's quota is set to the value if it is positive,
87			# otherwise the user has unlimited quota.
88	white-guest	147	autocreatequota: 0
89	white-guest	110
90			# umask used by Cyrus programs
91	white-guest	147	umask: 077
92	white-guest	110
93			# Sendmail binary location
94			# DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3.
95			# For now, to work around the bug, set this to a wrapper that calls
96			# /usr/sbin/sendmail -dropcr instead if you use Exim 3.
97			#sendmail: /usr/sbin/sendmail
98
99			# If enabled, cyrdeliver will look for Sieve scripts in user's home
100			# directories: ~user/.sieve.
101	white-guest	147	sieveusehomedir: false
102	white-guest	110
103			# If sieveusehomedir is false, this directory is searched for Sieve scripts.
104	white-guest	147	sievedir: /var/spool/sieve
105	white-guest	110
106			# notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL"
107			# notifications are disabled. Valid methods are: null, log, zephyr
108			#mailnotifier: zephyr
109
110			# notifyd(8) method to use for "SIEVE" notifications. If not set, "SIEVE"
111			# notifications are disabled. This method is only used when no method is
112			# specified in the script. Valid methods are null, log, zephyr, mailto
113			#sievenotifier: zephyr
114
115			# DRAC (pop-before-smtp, imap-before-smtp) support
116			# Set dracinterval to the time in minutes to call DRAC while a user is
117			# connected to the imap/pop services. Set to 0 to disable DRAC (default)
118			# Set drachost to the host where the rpc drac service is running
119			#dracinterval: 0
120			#drachost: localhost
121
122			# If enabled, the partitions will also be hashed, in addition to the hashing
123			# done on configuration directories. This is recommended if one partition has a
124			# very bushy mailbox tree.
125	white-guest	147	hashimapspool: true
126	white-guest	110
127			# Allow plaintext logins by default (SASL PLAIN)
128			allowplaintext: yes
129
130			# Force PLAIN/LOGIN authentication only
131			# (you need to uncomment this if you are not using an auxprop-based SASL
132			# mechanism. saslauthd users, that means you!). And pay attention to
133			# sasl_minimum_layer and allowapop below, too.
134	noel	154	sasl_mech_list: PLAIN
135	white-guest	110
136			# Allow use of the POP3 APOP authentication command.
137			# Note that this command requires that the plaintext passwords are
138			# available in a SASL auxprop backend (eg. sasldb), and that the system
139			# can provide enough entropy (eg. from /dev/urandom) to create a challenge
140			# in the banner.
141			#allowapop: no
142
143			# The minimum SSF that the server will allow a client to negotiate. A
144			# value of 1 requires integrity protection; any higher value requires some
145			# amount of encryption.
146			#sasl_minimum_layer: 0
147
148			# The maximum SSF that the server will allow a client to negotiate. A
149			# value of 1 requires integrity protection; any higher value requires some
150			# amount of encryption.
151			#sasl_maximum_layer: 256
152
153			# List of remote realms whose users may log in using cross-realm
154			# authentications. Seperate each realm name by a space. A cross-realm
155			# identity is considered any identity returned by SASL with an "@" in it.
156			# NOTE: To support multiple virtual domains on the same interface/IP,
157			# you need to list them all as loginreals. If you don't list them here,
158			# (most of) your users probably won't be able to log in.
159	noel	201	#loginrealms: example.com
160	white-guest	110
161			# Enable virtual domain support. If enabled, the user's domain will
162			# be determined by splitting a fully qualified userid at the last '@'
163			# or '%' symbol. If the userid is unqualified, and the virtdomains
164			# option is set to "on", then the domain will be determined by doing
165			# a reverse lookup on the IP address of the incoming network
166			# interface, otherwise the user is assumed to be in the default
167			# domain (if set).
168	white-guest	182	# Kolab uses ldap for virtual domains
169			virtdomains: ldap
170	white-guest	110
171			# The default domain for virtual domain support
172			# If the domain of a user can't be taken from its login and it can't
173			# be determined by doing a reverse lookup on the interface IP, this
174			# domain is used.
175			#defaultdomain:
176
177			#
178			# SASL library options (these are handled directly by the SASL libraries,
179			# refer to SASL documentation for an up-to-date list of these)
180			#
181
182			# The mechanism(s) used by the server to verify plaintext passwords. Possible
183			# values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue". They
184			# are tried in order, you can specify more than one, separated by spaces.
185			#
186			# Do note that, since sasl will be run as user cyrus, you may have a lot of
187			# trouble to set this up right.
188	white-guest	149	sasl_pwcheck_method: saslauthd
189	white-guest	110
190			# What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop
191			# by default, all plugins are tried (which is probably NOT what you want).
192			#sasl_auxprop_plugin: sasldb
193
194			# If enabled, the SASL library will automatically create authentication secrets
195			# when given a plaintext password. Refer to SASL documentation
196	white-guest	147	sasl_auto_transition: no
197	white-guest	110
198			#
199			# SSL/TLS Options
200			#
201
202			# File containing the global certificate used for ALL services (imap, pop3,
203			# lmtp, sieve)
204			#tls_cert_file: /etc/ssl/certs/cyrus-global.pem
205
206			# File containing the private key belonging to the global server certificate.
207			#tls_key_file: /etc/ssl/private/cyrus-global.key
208
209			# File containing the certificate used for imap. If not specified, the global
210			# certificate is used. A value of "disabled" will disable SSL/TLS for imap.
211			#tls_imap_cert_file: /etc/ssl/certs/cyrus-imap.pem
212
213			# File containing the private key belonging to the imap-specific server
214			# certificate. If not specified, the global private key is used. A value of
215			# "disabled" will disable SSL/TLS for imap.
216			#tls_imap_key_file: /etc/ssl/private/cyrus-imap.key
217
218			# File containing the certificate used for pop3. If not specified, the global
219			# certificate is used. A value of "disabled" will disable SSL/TLS for pop3.
220			#tls_pop3_cert_file: /etc/ssl/certs/cyrus-pop3.pem
221
222			# File containing the private key belonging to the pop3-specific server
223			# certificate. If not specified, the global private key is used. A value of
224			# "disabled" will disable SSL/TLS for pop3.
225			#tls_pop3_key_file: /etc/ssl/private/cyrus-pop3.key
226
227			# File containing the certificate used for lmtp. If not specified, the global
228			# certificate is used. A value of "disabled" will disable SSL/TLS for lmtp.
229			#tls_lmtp_cert_file: /etc/ssl/certs/cyrus-lmtp.pem
230
231			# File containing the private key belonging to the lmtp-specific server
232			# certificate. If not specified, the global private key is used. A value of
233			# "disabled" will disable SSL/TLS for lmtp.
234			#tls_lmtp_key_file: /etc/ssl/private/cyrus-lmtp.key
235
236			# File containing the certificate used for sieve. If not specified, the global
237			# certificate is used. A value of "disabled" will disable SSL/TLS for sieve.
238			#tls_sieve_cert_file: /etc/ssl/certs/cyrus-sieve.pem
239
240			# File containing the private key belonging to the sieve-specific server
241			# certificate. If not specified, the global private key is used. A value of
242			# "disabled" will disable SSL/TLS for sieve.
243			#tls_sieve_key_file: /etc/ssl/private/cyrus-sieve.key
244
245			# File containing one or more Certificate Authority (CA) certificates.
246			#tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem
247
248			# Path to directory with certificates of CAs.
249	white-guest	147	tls_ca_path: /etc/ssl/certs
250	white-guest	110
251			# The length of time (in minutes) that a TLS session will be cached for later
252			# reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will
253			# disable session caching.
254	white-guest	147	tls_session_timeout: 1440
255	white-guest	110
256			# The list of SSL/TLS ciphers to allow. The format of the string is described
257			# in ciphers(1). THIS DISABLES THE WEAK 'FOR EXPORT' CRAP!
258	white-guest	147	tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
259	white-guest	110
260			# Require a client certificate for ALL services (imap, pop3, lmtp, sieve).
261			#tls_require_cert: false
262
263			# Require a client certificate for imap ONLY.
264			#tls_imap_require_cert: false
265
266			# Require a client certificate for pop3 ONLY.
267			#tls_pop3_require_cert: false
268
269			# Require a client certificate for lmtp ONLY.
270			#tls_lmtp_require_cert: false
271
272			# Require a client certificate for sieve ONLY.
273			#tls_sieve_require_cert: false
274
275			#
276			# Cyrus Murder cluster configuration
277			#
278			# Set the following options to the values needed for this server to
279			# autenticate against the mupdate master server:
280			# mupdate_server
281			# mupdate_port
282			# mupdate_username
283			# mupdate_authname
284			# mupdate_realm
285			# mupdate_password
286			# mupdate_retry_delay
287
288	white-guest	10	##
289	white-guest	110	## KEEP THESE IN SYNC WITH cyrus.conf
290	white-guest	10	##
291	white-guest	110	# Unix domain socket that lmtpd listens on.
292			lmtpsocket: /var/run/cyrus/socket/lmtp
293	white-guest	10
294	white-guest	110	# Unix domain socket that idled listens on.
295	white-guest	147	idlesocket: /var/run/cyrus/socket/idle
296	white-guest	10
297	white-guest	110	# Unix domain socket that the new mail notification daemon listens on.
298	white-guest	147	notifysocket: /var/run/cyrus/socket/notify
299	white-guest	110
300			# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.)
301	white-guest	147	syslog_prefix: cyrus
302	white-guest	110
303			##
304	noel	354	## LDAP
305			##
306			ptloader_sock: /var/run/cyrus/socket/ptsock
307
308			ldap_sasl:0
309			ldap_uri: ldap://localhost:389
310			ldap_base: dc=example,dc=com
311			ldap_bind_dn: cn=manager,cn=internal,dc=example,dc=com
312			ldap_password: PASSWORD
313			ldap_filter: (&(cn=%U)(objectClass=kolabInetOrgPerson))
314			ldap_member_base: dc=example,dc=com
315			ldap_member_filter: (member=%D)
316			ldap_member_method: filter
317			ldap_member_attribute: mail
318			ldap_group_base: dc=example,dc=com
319			ldap_group_filter: cn=%U
320
321			##
322	white-guest	110	## DEBUGGING
323			##
324			# Debugging hook. See /usr/share/doc/cyrus22-common/README.Debian.debug
325			# Keep the hook disabled when it is not in use
326			#
327			# gdb Back-traces
328			#debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 &
329			#
330			# system-call traces
331			#debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 &
332			#
333			# library traces
334			#debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 &