1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
# Suggested minimal imapd.conf
# See imapd.conf(5) for more information and more options
# Space-separated users who have admin rights for all services.
# NB: THIS MUST BE CONFIGURED
admins: cyrus
###################################################################
## File, socket and DB location settings.
###################################################################
# Configuration directory
configdirectory: /var/lib/imap
# Directories for proc and lock files
proc_path: /run/cyrus/proc
mboxname_lockpath: /run/cyrus/lock
# Locations for DB files
# The following DB are recreated upon initialization, so should live in
# ephemeral storage for best performance.
duplicate_db_path: /run/cyrus/db/deliver.db
ptscache_db_path: /run/cyrus/db/ptscache.db
statuscache_db_path: /run/cyrus/db/statuscache.db
tls_sessions_db_path: /run/cyrus/db/tls_sessions.db
# Which partition to use for default mailboxes
defaultpartition: default
partition-default: /var/spool/imap
# If sieveusehomedir is false (the default), this directory is searched
# for Sieve scripts.
sievedir: /var/lib/imap/sieve
###################################################################
## Important: KEEP THESE IN SYNC WITH cyrus.conf
###################################################################
lmtpsocket: /run/cyrus/socket/lmtp
idlesocket: /run/cyrus/socket/idle
notifysocket: /run/cyrus/socket/notify
# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap
# etc.)
syslog_prefix: cyrus
###################################################################
## Server behaviour settings
###################################################################
# Space-separated list of HTTP modules that will be enabled in
# httpd(8). This option has no effect on modules that are disabled at
# compile time due to missing dependencies (e.g. libical).
# Fedora default: enable all modules besides admin
httpmodules: caldav carddav domainkey freebusy ischedule jmap rss tzdist webdav
# If enabled, the partitions will also be hashed, in addition to the
# hashing done on configuration directories. This is recommended if one
# partition has a very bushy mailbox tree.
hashimapspool: true
# Disable virtual domains by default
virtdomains: off
###################################################################
## User experience settings
###################################################################
# Minimum time between POP mail fetches in minutes
popminpoll: 1
# Conversation support is required for jmap
conversations: 1
conversations_db: twoskip
# This will default to on in 3.1, and improves compatibility with some Apple
# devices. Upstream https://github.com/cyrusimap/cyrus-imapd/issues/1556
specialusealways: 1
###################################################################
## User Authentication settings
###################################################################
# Allow plaintext logins by default (SASL PLAIN)
allowplaintext: yes
###################################################################
## SASL library options (these are handled directly by the SASL
## libraries, refer to SASL documentation for an up-to-date list of
## these)
###################################################################
# The mechanism(s) used by the server to verify plaintext passwords.
# Possible values are "saslauthd", "auxprop", "pwcheck" and
# "alwaystrue". They are tried in order, you can specify more than one,
# separated by spaces.
# * saslauthd works when started with the shadow mech
# * auxprop should work when:
# * setting default_domain: example.org
# * creating a password with 'echo "doe" | saslpasswd2 -p -u example.org doe' (chown cyrus:root /etc/sasldb2)
# * either login with doe@example.org, ensure the current hostname is example.org.
# * We currently use the saslauthd option so we can login using just doe
sasl_pwcheck_method: saslauthd
# If enabled, the SASL library will automatically create authentication
# secrets when given a plaintext password. Refer to SASL documentation
sasl_auto_transition: no
###################################################################
## SSL/TLS Options
###################################################################
# These three files will automatically be generated by the systemd unit when
# the service starts for the first time.
tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd-key.pem
tls_client_ca_file: /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem
# File containing the global certificate used for ALL services (imap,
# pop3, lmtp, sieve)
#tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
# File containing the private key belonging to the global server
# certificate.
#tls_server_key: /etc/ssl/private/ssl-cert-snakeoil.key
# File containing one or more Certificate Authority (CA) certificates.
#tls_client_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem
# Path to directory with certificates of CAs.
tls_client_ca_dir: /etc/ssl/certs
# The length of time (in minutes) that a TLS session will be cached for
# later reuse. The maximum value is 1440 (24 hours), the default. A
# value of 0 will disable session caching.
tls_session_timeout: 1440
altnamespace: 0
unixhierarchysep: 0
|
