# Addresses to listen on, can be set to a single IP address.
# 0 means all IP addresses.
#
# ADDRESS/ADDRESS_SSL can be used to default a specific IP
# address for every listed port number.

ADDRESS=0
ADDRESS_SSL=0

# Multiple port numbers can be separated by commas.  When multiple port
# numbers are used it is possibly to select a specific IP address for
# given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1

PORTS=143
PORTS_SSL=993

# Maximum number of IMAP servers started
#
MAXDAEMONS=40

# Maximum number of connections to accept from the same IP address
#
MAXPERIP=4

# Where mail is stored (relative to $HOME)
#
MAILDIR="Maildir"

# Miscellaneous couriertcpd options that shouldn't be changed.
#
#TCPDOPTS="-nodnslookup -noidentlookup"

# IMAP_CAPABILITY specifies what most of the response should be to the
# CAPABILITY command.
#
# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
# authentication (see INSTALL), set IMAP_CAPABILITY as follows:
#
# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1"
#
# Otherwise, leave it set to the default value.  The IDLE keyword can also
# be added, in experimental mode.
#
# NOTE: CRAM-SHA1 is considered experimental at this time.
#
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"

# The following setting will advertise SASL PLAIN authentication after
# STARTTLS is established.  If you want to allow SASL PLAIN authentication
# with or without TLS then just comment this out, and add AUTH=PLAIN to
# IMAP_CAPABILITY
#
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

# If you want to try out the IDLE extension, this setting controls how often
# the server polls for changes to the folder, in IDLE mode (in seconds).
#
IMAP_IDLE_TIMEOUT=60

# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
# server side sorting and threading.
#
# Those capabilities will still be advertised, but the server will reject
# them.  Set this option if you want to disable all the extra load from
# server-side threading and sorting.  Not advertising those capabilities
# will simply result in the clients reading the entire folder, and sorting
# it on the client side.  That will still put some load on the server.
# advertising these capabilities, but rejecting the commands, will stop this
# silliness.
#
IMAP_DISABLETHREADSORT=0

# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
# mail in every folder.  Not all IMAP clients use an IMAP's server new mail
# indicator, but some do, and normally new mail is checked only in INBOX,
# because it is a comparatively time consuming operation, and it would be
# a complete waste of time unless mail filters are used to deliver new
# mail directly to folders.
#
# When IMAP clients are used which support new mail indication, and when
# mail filters are used to sort incoming mail into folders, setting
# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
# mail in folders.  Note that this will result in slightly more load on the
# server.
#
IMAP_CHECK_ALL_FOLDERS=0

# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
# what \\HasNoChildren really means.
#
IMAP_OBSOLETE_CLIENT=0

# IMAP_ULIMITD sets the maximum size of the data segment of the server
# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
# command.  The argument to ulimit -d sets the upper limit on the size
# of the data segment of the server process, in kilobytes.  The default
# value of 65536 sets a very generous limit of 64 megabytes, which should
# be more than plenty for anyone.
#
# This feature is used as an additional safety check that should stop
# any potential denial-of-service attacks that exploit any kind of
# a memory leak to exhaust all the available memory on the server.
# It is theoretically possible that obscenely huge folders will also
# result in the server running out of memory when doing server-side
# sorting (by my calculations you have to have at least 100,000 messages
# in a single folder, for that to happen).
#
IMAP_ULIMITD=65536

# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
# clients that open multiple connections to the server.  I would hope that
# most IMAP clients are sane enough not to issue commands to multiple IMAP
# channels which conflict with each other.
#
IMAP_USELOCKS=0

# The following setting is optional, and causes messages from the given
# folder to be automatically deleted after the given number of days.
# IMAP_EMPTYTRASH is a comma-separated list of folder:days.  The default
# setting, below, purges 7 day old messages from the Trash folder.
# Another useful setting would be:
#
# IMAP_EMPTYTRASH=Trash:7,Sent:30
#
# This would also delete messages from the Sent folder (presumably copies
# of sent mail) after 30 days.  This is a global setting that is applied to
# every mail account, and is probably useful in a controlled, corporate
# environment.
#
# You might want to disable this setting in certain situations - it results
# in a stat() of every file in each folder, at login and logout.
#
IMAP_EMPTYTRASH=Trash:7

# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This
# effectively allows an undo of message deletion by fishing the deleted
# mail from trash.  Trash can be manually expunged as usually, and mail
# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
#
# NOTE: shared folders are still expunged as usual.  Shared folders are
# not affected.
#
IMAP_MOVE_EXPUNGE_TO_TRASH=0

# Whether or not to start IMAP over SSL on simap port:
#
IMAPDSSLSTART=NO

# Whether or not to implement IMAP STARTTLS extension instead:
#
IMAP_STARTTLS=YES

# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
# is issued).
#
IMAP_TLS_REQUIRED=0

# The following variables configure IMAP over SSL.  If OpenSSL is available
# during configuration, the couriertls helper gets compiled, and upon
# installation a dummy TLS_CERTFILE gets generated.  courieresmtpd will
# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
# and COURIERTLS exist.
#
COURIERTLS=/usr/bin/couriertls

# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# SSL2 - SSLv2
# SSL3 - SSLv3
# TLS1 - TLS1
#
TLS_PROTOCOL=SSL3

# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
# extension, as opposed to IMAP over SSL on port 993.
#
TLS_STARTTLS_PROTOCOL=TLS1

# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"

# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
# you must generate a DH pair that will be used.  In most situations the
# DH pair is to be treated as confidential, and the file specified by
# TLS_DHCERTFILE must not be world-readable.
#
#TLS_DHCERTFILE=

# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/var/lib/openssl/certs/imapd.pem

# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
# pathname can be a file or a directory. If a file, the file should
# contain a list of trusted certificates, in PEM format. If a
# directory, the directory should contain the trusted certificates,
# in PEM format, one per file and hashed using OpenSSL's c_rehash
# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
# to PEER or REQUIREPEER).
#
# TLS_TRUSTCERTS=

# TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
# this setting are:
#
# NONE - do not verify anything
#
# PEER - verify the peer certificate, if one's presented
#
# REQUIREPEER - require a peer certificate, fail if one's not presented
#
# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
# will usually set TLS_VERIFYPEER to REQUIREPEER.
#
TLS_VERIFYPEER=NONE

# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
# TLS_VERIFYPEER=NONE.  TLS_ALLOWSELFSIGNEDCERT ignores server certificates
# that are not signed by a recognized certificate authority.  This allows
# clients to simply verify that a server certificate is available.
#
#TLS_ALLOWSELFSIGNEDCERT=1

