# Maximum number of POP3 servers started
#
MAXDAEMONS=40

# Maximum number of connections to accept from the same IP address
#
MAXPERIP=4

# Where mail is stored (relative to $HOME)
#
MAILDIR="Maildir"

# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
# variable:
#
#POP3AUTH="LOGIN"

# To also advertise SASL PLAIN if SSL is enabled, uncomment the
# POP3AUTH_TLS environment variable:
#
#POP3AUTH_TLS="LOGIN PLAIN"

# IP address to listen on.  0 means all IP addresses.
#
ADDRESS=0

# Other couriertcpd(1) options.  The following defaults should be fine.
#
#TCPDOPTS="-nodnslookup -noidentlookup"

POP3DSSLSTART=yes

# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# SSL2 - SSLv2
# SSL3 - SSLv3
# TLS1 - TLS1
#
TLS_PROTOCOL=SSL3

# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
#TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"

# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
# you must generate a DH pair that will be used.  In most situations the
# DH pair is to be treated as confidential, and the file specified by
# TLS_DHCERTFILE must not be world-readable.
#
#TLS_DHCERTFILE=

# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/var/lib/openssl/certs/pop3d.pem

# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
# certificates are signed by a specific certificate authority, set
# TLS_OURCACERT to the name of the file containing the certificate authority
# root key, and set TLS_PEERCERTDIR to the name of the directory containing
# the allowed certificates.
#
#TLS_PEERCERTDIR=
#TLS_OURCACERT=

# TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
# this setting are:
#
# NONE - do not verify anything
#
# PEER - verify the peer certificate, if one's presented
#
# REQUIREPEER - require a peer certificate, fail if one's not presented
#
# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
# will usually set TLS_VERIFYPEER to REQUIREPEER.
#
TLS_VERIFYPEER=NONE

# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
# TLS_VERIFYPEER=NONE.  TLS_ALLOWSELFSIGNEDCERT ignores server certificates
# that are not signed by a recognized certificate authority.  This allows
# clients to simply verify that a server certificate is available.
#
#TLS_ALLOWSELFSIGNEDCERT=1

