imapext-2007
diff docs/imaprc.txt @ 0:ada5e610ab86
imap-2007e
| author | yuuji@gentei.org |
|---|---|
| date | Mon, 14 Sep 2009 15:17:45 +0900 |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/docs/imaprc.txt Mon Sep 14 15:17:45 2009 +0900 1.3 @@ -0,0 +1,613 @@ 1.4 +/* ======================================================================== 1.5 + * Copyright 1988-2006 University of Washington 1.6 + * 1.7 + * Licensed under the Apache License, Version 2.0 (the "License"); 1.8 + * you may not use this file except in compliance with the License. 1.9 + * You may obtain a copy of the License at 1.10 + * 1.11 + * http://www.apache.org/licenses/LICENSE-2.0 1.12 + * 1.13 + * 1.14 + * ======================================================================== 1.15 + */ 1.16 + 1.17 + .imaprc secrets revealed! 1.18 + Mark Crispin, June 17, 2002 1.19 + 1.20 +The following information describes the format of the /etc/c-client.cf 1.21 +and ~/.imaprc file. The Columbia MM ~/.mminit file is also read by 1.22 +c-client; however, the only command that ~/.mminit has in common is 1.23 +set keywords. 1.24 + 1.25 +********************************************************************** 1.26 +* DANGER! BEWARE! TAKE CARE! * 1.27 +********************************************************************** 1.28 +* * 1.29 +* These files, and this documentation, are for internal UW usage * 1.30 +* only. This capability is for UW experimental tinkering, and most * 1.31 +* emphatically *not* for sorcerer's apprentices at other sites who * 1.32 +* feel that if a config file capability exists, they must write a * 1.33 +* config file whether or not there is any need for one. * 1.34 +* * 1.35 +* This information is subject to change without notice. Commands * 1.36 +* may be added, removed, or altered. The behavior of comamnds may * 1.37 +* change. Do not use any of this information without consulting me * 1.38 +* first. c-client's defaults have been carefully chosen to be right * 1.39 +* for general-purpose and most special-purpose configurations. If * 1.40 +* you tinker with these defaults, all hell may break loose. * 1.41 +* * 1.42 +* This is not an idle threat. There have been several instances of * 1.43 +* people who ignored these warnings and have gotten burned. * 1.44 +* * 1.45 +* Don't even trust this file to work. Many of the things which can * 1.46 +* be changed by this file can also be changed by the application, * 1.47 +* and it is totally unpredictable which will take precedence. It * 1.48 +* all depends upon how the application is coded. Not only that, you * 1.49 +* may cause the application to crash. * 1.50 +* * 1.51 +* In other words, keep your cotton-pickin' hands off my defaults. * 1.52 +* If it crashes and erases your mail, I don't want to hear about it. * 1.53 +* Consider 'em ``mandatory defaults''. Got a nice ring, eh? :-) If * 1.54 +* you must tinker with defaults, play with the .pinerc and pine.conf * 1.55 +* files in Pine. It's got options galore, all supported for you to * 1.56 +* have fun. They're also documented; so well documented, it takes * 1.57 +* two strong men to carry around all the documentation. ;-) ;-) * 1.58 +* * 1.59 +* Joking aside, you really shouldn't be fooling around with this * 1.60 +* capability. It's dangerous, and you can shoot yourself in the * 1.61 +* foot easily. If you need custom changes, you are better off with * 1.62 +* local source code modifications. Seriously. * 1.63 +* * 1.64 +* One last warning: don't believe anything that you read in this * 1.65 +* document. Every effort has been made to ensure that this document * 1.66 +* is incomplete and inaccurate, and I take no responsibility for any * 1.67 +* glimmers of correct information that may, by some fluke, be here. * 1.68 +* * 1.69 +********************************************************************** 1.70 + 1.71 +The files are read in order: /etc/c-client.cf, ~/.mminit, ~/.imaprc, 1.72 +and an entry in a later file overrides the setting of an earlier file 1.73 +except as noted below. This ordering and overriding behavior may 1.74 +change without notice. 1.75 + 1.76 +Almost all of these facilities can also be set via the mail_parameters() 1.77 +call in the program. Whether the file overrides mail_parameters(), or 1.78 +mail_parameters() overrides the file, is indeterminate. It will vary 1.79 +from program to program, and it may be one way in one version and the 1.80 +other way in the next version. It's completely unpredictable, and so 1.81 +anything you do with these files has to be in complete knowledge of what 1.82 +the version of each program you're running is going to do. This is 1.83 +because the files do something for testing, but the real capability for 1.84 +configurability is put in the program instead. Are you getting the 1.85 +feeling that you shouldn't be messing with these files yet? 1.86 + 1.87 +The very first line of the file MUST start with the exact string "I 1.88 +accept the risk". This ensures that you have checked the file for 1.89 +correctness against this version of the IMAP toolkit. This enable 1.90 +string may change without notice in future versions, and the new 1.91 +string may or may not be accurately described in an updated version of 1.92 +this file. So any time you install software that uses the IMAP 1.93 +toolkit, you need to check the new version against these files (if you 1.94 +have insisted upon creating them in spite of all warnings). If two 1.95 +pieces of software use different versions of the IMAP toolkit with 1.96 +incompatible requirements, one of them won't work. Re-read the 1.97 +warning above about why you should not use these files. 1.98 + 1.99 +Subsequent lines are read from the file one at a time. Case does not 1.100 +matter. Unrecognized commands are ignored. 1.101 + 1.102 +1) set new-folder-format 1.103 + sets what format new mailboxes are created in. This also controls 1.104 + default delivery via tmail and dmail. 1.105 + 1.106 + a) set new-folder-format same-as-inbox 1.107 + Folder is created using the same mailbox format as INBOX. If 1.108 + INBOX is empty, it defaults to system standard. 1.109 + 1.110 + b) set new-folder-format system-standard 1.111 + This is the default. Folder is created using the wired-in system 1.112 + standard format, which on most UNIX systems is ordinary UNIX 1.113 + /bin/mail format. On SCO systems, this is MMDF. 1.114 + 1.115 + c) set new-folder-format <driver name> 1.116 + Folder is created using the given driver name, e.g. mbx, unix, 1.117 + mmdf, etc. 1.118 + 1.119 + There is no protection against setting this to a silly value (e.g. 1.120 + news, nntp, dummy) and doing so is a great way to screw things up. 1.121 + Setting this to mh does not do what you think it does. Setting this 1.122 + to tenex or mtx isn't particularly useful. 1.123 + 1.124 +2) set empty-folder-format 1.125 + sets what format data is written into an empty mailbox file using 1.126 + mail_copy() or mail_append(). This also controls default delivery 1.127 + via tmail. 1.128 + 1.129 + a) set empty-folder-format same-as-inbox 1.130 + Data is written using the same mailbox format as INBOX. If 1.131 + INBOX is empty, it defaults to system standard. 1.132 + 1.133 + b) set empty-folder-format system-standard 1.134 + This is the default. Data is written using the wired-in system 1.135 + standard format, which on most UNIX systems is ordinary UNIX 1.136 + /bin/mail format. On SCO systems, this is MMDF. 1.137 + 1.138 + c) set-empty-folder-format <driver name> 1.139 + Data is written using the given driver name, e.g. tenex, unix, 1.140 + mmdf, etc. 1.141 + 1.142 + There is no protection against setting this to a silly value (e.g. 1.143 + news, nntp, dummy) and doing so is a great way to screw things up. 1.144 + Setting this to mh, mbx, or mx does not work. 1.145 + 1.146 +3) set keywords <word1>, <word2>, ... <wordn> 1.147 + Sets the list of keyword flags (supported by tenex and mtx) to the 1.148 + given list. Up to 30 flags may be given. Since these names 1.149 + correspond to numeric bits, the order of the keywords can not be 1.150 + changed, nor can keywords be removed or inserted (you can append 1.151 + new keywords, up to the limit of 30). 1.152 + 1.153 + Set keywords is a deprecated command. It may not appear in 1.154 + future versions, or it may appear in a changed form. It exists 1.155 + only for compatibility with MM, and should only appear in ~/.mminit 1.156 + and not in the other files. It is likely to disappear entirely in 1.157 + IMAP4. 1.158 + 1.159 + There is no protection against setting these to silly values, and 1.160 + doing so is a great way to cause a crash. 1.161 + 1.162 +4) set from-widget header-only 1.163 + Sets smart insertion of the > character in front of lines that 1.164 + begin with ``From ''. Only such lines that are also in UNIX mbox 1.165 + header file format will have a > character inserted. The default 1.166 + is to insert the > character in front of all lines which begin with 1.167 + ``From '', for the benefit of legacy tools that get confused 1.168 + otherwise. 1.169 + 1.170 +5) set black-box-directory <directory name> 1.171 + Sets the directory in which the user's data can be found. A user's 1.172 + folders can be found in a subdirectory of the black box directory 1.173 + named with the user's username. For example, if the blackbox 1.174 + directory is /usr/spool/folders/, user jones' data can be found 1.175 + in /usr/spool/folders/jones/. The user's black-box directory is 1.176 + the location of folders, .mminit, .imaprc, .newsrc, and all other 1.177 + files used by c-client; internally, it sets c-client's idea of the 1.178 + user's ``home directory'', overriding /etc/passwd. 1.179 + 1.180 + This command may not appear in ~/.mminit or ~/.imaprc 1.181 + 1.182 + In black-box mode, it is not permitted to access any folders 1.183 + outside of the user's personal blackbox directory. The breakouts 1.184 + ``/'', ``~'', and ``..'' are not permitted. 1.185 + 1.186 + In order to make this work without crashing, you must set another 1.187 + option which is not listed in this document. 1.188 + 1.189 + There is no protection against setting this to a silly value, and 1.190 + doing so is a great way to cause a crash. 1.191 + 1.192 +6) set local-host <host name> 1.193 + Sets c-client's idea of the local host name. 1.194 + 1.195 + There is no protection against setting this to a silly value, and 1.196 + doing so is a great way to cause a crash. 1.197 + 1.198 +7) set news-active-file <file name> 1.199 + Sets the location of the news active file, if it is not in the 1.200 + standard place. 1.201 + 1.202 + It is recommended to use a courtesy symbolic link instead. 1.203 + 1.204 + There is no protection against setting this to a silly value, and 1.205 + doing so is a great way to cause a crash. 1.206 + 1.207 +8) set news-spool-directory <directory name> 1.208 + Sets the location of the news spool, if it is not in the standard 1.209 + place. 1.210 + 1.211 + It is recommended to use a courtesy symbolic link instead. 1.212 + 1.213 + There is no protection against setting this to a silly value, and 1.214 + doing so is a great way to cause a crash. 1.215 + 1.216 +9) set news-state-file <file name> 1.217 + Sets the location of the news state file (normally $(USER)/.newsrc). 1.218 + 1.219 + This is not very useful in /etc/c-client.cf because it is a file name. 1.220 + Setting this in /etc/c-client.cf would set all users to the same file 1.221 + as their newsrc, which is probably not what you want. 1.222 + 1.223 + There is no protection against setting this to a silly value, and 1.224 + doing so is a great way to cause a crash. 1.225 + 1.226 +10) set system-inbox <file name> 1.227 + Sets the location of the "system inbox", if it is not in the standard 1.228 + place. This is the default location of INBOX, or the mail drop point 1.229 + from which mail is snarfed (e.g. in tenex, mtx, mbox, mh formats). 1.230 + 1.231 + This is not very useful in /etc/c-client.cf because it is a file name. 1.232 + Setting this in /etc/c-client.cf would set all users to the same file 1.233 + as their system inbox, which is probably not what you want. 1.234 + 1.235 + There is no protection against setting this to a silly value, and 1.236 + doing so is a great way to cause a crash. 1.237 + 1.238 +11) set tcp-open-timeout <number> 1.239 + Sets the number of seconds that the TCP routines will block on opening 1.240 + a TCP connection before timing out. If a timeout occurs, the connection 1.241 + attempt is aborted. 1.242 + 1.243 + The default is zero, meaning use the operating system default (75 1.244 + seconds on most UNIX systems). 1.245 + 1.246 + There is no protection against setting this to an excessively small 1.247 + value, such as 1, and doing so is a great way to cause users extreme 1.248 + grief. 1.249 + 1.250 +12) set tcp-read-timeout <number> 1.251 + Sets the number of seconds that the TCP routines will block on reading 1.252 + data before calling the timeout routine. If no timeout routine is set 1.253 + by the program, the connection will be aborted on a timeout. 1.254 + 1.255 + The default is zero, meaning infinite. 1.256 + 1.257 + There is no protection against setting this to an excessively small 1.258 + value, such as 1, and doing so is a great way to cause users extreme 1.259 + grief. 1.260 + 1.261 +13) set tcp-write-timeout <number> 1.262 + Sets the number of seconds that the TCP routines will block on sending 1.263 + data before calling the timeout routine. If no timeout routine is set 1.264 + by the program, the connection will be aborted on a timeout. 1.265 + 1.266 + The default is zero, meaning infinite. 1.267 + 1.268 + There is no protection against setting this to an excessively small 1.269 + value, such as 1, and doing so is a great way to cause users extreme 1.270 + grief. 1.271 + 1.272 +14) set rsh-timeout <number> 1.273 + Sets the number of seconds that the rsh routines will block on opening 1.274 + an rimapd connection before timing out. If a timeout occurs, the 1.275 + rsh connection attempt is aborted. A zero timeout will disable rsh. 1.276 + 1.277 + The default is 15 seconds. 1.278 + 1.279 + There is no protection against setting this to an excessively small 1.280 + value, such as 1, and doing so is a great way to cause users extreme 1.281 + grief. 1.282 + 1.283 +15) set maximum-login-trials <number> 1.284 + Sets the number of iterations of asking the user, via mm_login(), for 1.285 + a user name and password, before cancelling the attempt. 1.286 + 1.287 + The default is 3. 1.288 + 1.289 + There is no protection against setting this to zero, and doing so is 1.290 + a great way to cause users extreme grief. 1.291 + 1.292 +16) set lookahead <number> 1.293 + Sets the number of envelopes that are looked ahead in IMAP, in 1.294 + mail_fetchstructure(). This is based on the guess that in such 1.295 + operations as drawing browser lines, if you get data for message n 1.296 + you are likely to want it for message n+1, n+2,... in short order. 1.297 + Lookahead preloads the c-client cache and saves unnecessary RTTs. 1.298 + 1.299 + The default is 20, a good number for a browser on a 24x80 screen, and 1.300 + small enough to usually have no significant real-time difference from 1.301 + a single message fetch. 1.302 + 1.303 + Setting it to 0 turns off lookahead. 1.304 + 1.305 + There is no protection against setting this ridiculously high and 1.306 + incurring performance penalties as a result. 1.307 + 1.308 +17) set prefetch <number> 1.309 + Sets the number of envelops which are automatically fetched for the 1.310 + messages which match in a search. This is based on the guess that 1.311 + in a browser that is "zoomed" on the results of a search, you are 1.312 + likely to want the envelope data for each of those messages in 1.313 + short order. Prefetching reloads the c-client cache, saves 1.314 + unnecessary RTTs, and avoids loading undesired envelopes due to 1.315 + lookahead (see above). 1.316 + 1.317 + The default is 20. 1.318 + 1.319 + Setting it to 0 turns off prefetch. 1.320 + 1.321 + There is no protection against setting this ridiculously high and 1.322 + incurring performance penalties as a result. 1.323 + 1.324 +18) set close-on-error <number> 1.325 + If non-zero, IMAP connections are closed if an EXAMINE or SELECT 1.326 + command fails. Otherwise, they are left half-open, and can be used 1.327 + again to select some other mailbox. The mailbox name in the stream 1.328 + is set to {serverhost}<no_mailbox> 1.329 + 1.330 + The default is zero (do not close on error). 1.331 + 1.332 +19) set imap-port <number> 1.333 + Set the TCP/IP contact port to use for IMAP. This overrides the 1.334 + wired-in setting and the setting from /etc/services, and can in 1.335 + turn be overridden by an explicit user specification in the mailbox 1.336 + name, e.g. {serverhost:143}foo 1.337 + 1.338 + The default is zero (use setting from /etc/services or the wired-in 1.339 + setting (143). 1.340 + 1.341 + There is no protection against setting this to a silly value, and 1.342 + doing so is a great way to cause users extreme grief. 1.343 + 1.344 +20) set pop3-port <number> 1.345 + Set the TCP/IP contact port to use for POP3. This overrides the 1.346 + wired-in setting and the setting from /etc/services, and can in 1.347 + turn be overridden by an explicit user specification in the mailbox 1.348 + name, e.g. {serverhost:110/pop3} 1.349 + 1.350 + The default is zero (use setting from /etc/services or the wired-in 1.351 + setting (110). 1.352 + 1.353 + There is no protection against setting this to a silly value, and 1.354 + doing so is a great way to cause users extreme grief. 1.355 + 1.356 +21) set uid-lookahead <number> 1.357 + Sets the number of UIDs that are looked ahead in IMAP in mail_uid(). 1.358 + Lookahead preloads the c-client cache and saves unnecessary RTTs. 1.359 + 1.360 + The default is 1000, small enough to usually have no significant 1.361 + real-time difference from a single message UID fetch. 1.362 + 1.363 + Setting it to 0 turns off lookahead. 1.364 + 1.365 + There is no protection against setting this ridiculously high and 1.366 + incurring performance penalties as a result. 1.367 + 1.368 +22) set mailbox-protection <number> 1.369 + Set the default protection for newly-created mailbox files. 1.370 + 1.371 + The default is 384. 1.372 + 1.373 + There is no protection against setting this to a silly value, and 1.374 + doing so is a great way to screw things up massively. 1.375 + 1.376 +23) set directory-protection <number> 1.377 + Set the default protection for newly-created directories. 1.378 + 1.379 + The default is 448. 1.380 + 1.381 + There is no protection against setting this to a silly value, and 1.382 + doing so is a great way to screw things up massively. 1.383 + 1.384 +24) set lock-protection <number> 1.385 + Set the default protection for lock files 1.386 + 1.387 + The default is 438, which is necessary if locks are to be respected 1.388 + by processes running as other UIDs. 1.389 + 1.390 + There is no protection against setting this to a silly value, and 1.391 + contrary to what you may think just about any value other than 438 1.392 + turns out to be a silly value. 1.393 + 1.394 +25) set disable-fcntl-locking <number> 1.395 + This only applies to SVR4 systems. 1.396 + 1.397 + If non-zero, fnctl() locking is not attempted. In the past, this 1.398 + was used to avoid locking NFS files. If NFS is involved, the evil 1.399 + lockd/statd daemons get invoked. These daemons supposedly work over 1.400 + NFS, but really don't. 1.401 + 1.402 + You probably don't really want to do this, though, because now the 1.403 + flock() emulator (which calls fcntl()) now checks to see if the file 1.404 + is accessed via NFS and no-ops the lock. This is compatible with 1.405 + BSD. 1.406 + 1.407 + Disabling fcntl() locking loses a great deal of locking protection 1.408 + on local files as well as NFS files (which now never have locking 1.409 + protection). 1.410 + 1.411 + The default is zero (fcntl() locking is enabled). 1.412 + 1.413 +26) set lock-EACCES-error <number> 1.414 + If non-zero, a warning message is given if an attempt to create a 1.415 + lock file fails. Otherwise, EACCES is treated as a "silent failure", 1.416 + and it proceeds without trying to use the lock file. This is for 1.417 + the benefit of users on systems with paranoid /usr/spool/mail 1.418 + protections which don't let users create /usr/spool/mail/$(USER).lock 1.419 + files; these unfortunate users would be harassed with a flood of 1.420 + error messages otherwise. The problem is that on SVR4, if EACCES 1.421 + remains disabled and fcntl() locking is also disabled, then there is 1.422 + no locking at all which is doubleplus-ungood. 1.423 + 1.424 + If the site is paranoid on /usr/spool/mail protections AND if there 1.425 + is no fcntl() locking (SVR4) or usable flock() locking (e.g. NFS), 1.426 + then there is no way to win. Find a different system to use. 1.427 + 1.428 + The default is non-zero (report EACCESS as an error). 1.429 + 1.430 +27) set list-maximum-level <number> 1.431 + Sets the maximum depth of recursion that a * wildcard list will go 1.432 + down the directory tree. 0 means that no recursion is permitted, 1.433 + and * becomes like %. 1.434 + 1.435 + The default is 20. 1.436 + 1.437 + There is no protection against setting this to a ridiculously high 1.438 + value. Since LIST will follow symbolic links, it can effectively 1.439 + recurse infinitely, until the name strings get large enough that 1.440 + some name limit is exceeded. 1.441 + 1.442 +28) set anonymous-home-directory <directory name> 1.443 + Sets the location of the anonymous home directory, if it is not in 1.444 + the standard place. 1.445 + 1.446 + It is recommended to use a courtesy symbolic link instead. 1.447 + 1.448 + There is no protection against setting this to a silly value, and 1.449 + doing so is a great way to cause a crash. 1.450 + 1.451 +29) set chroot-server <number> 1.452 + This option is for closed server systems only. If defined, a chroot() 1.453 + call to the user's home directory is done as part of the login 1.454 + process. This has the effect of preventing access to any files 1.455 + outside of the user's home directory (including shared mailboxes). 1.456 + 1.457 + Shared mailboxes with other users can't possibly work with this 1.458 + option, because there is no way to export lock information to other 1.459 + users. 1.460 + 1.461 + This should be done ONLY on systems which do not permit users to 1.462 + have shell access 1.463 + 1.464 + This option should NEVER(!!) be set if users are allowed shell access. 1.465 + Doing so actually makes the system *less* secure, since the user could 1.466 + create an etc subdirectory which would be treated as real /etc by such 1.467 + programs as /bin/su. 1.468 + 1.469 + The default is zero (don't do chroot). 1.470 + 1.471 + This option is strongly *NOT* recommended. 1.472 + 1.473 +30) set disable-automatic-shared-namespaces <number> 1.474 + Never look up the "ftp", "imappublic", and "imapshared" users as 1.475 + posssible home directories for the #ftp, #public, and #shared 1.476 + namespaces. On some systems (reportedly including AIX 4.3.3) 1.477 + getpwnam() of an unknown user name is horrendously slow. 1.478 + 1.479 + Note that this does not remove the #ftp, #public, and #shared 1.480 + namespaces, and they can still be set up by other means. 1.481 + 1.482 + The default is zero (shared namespaces are automatic). 1.483 + 1.484 +31) set advertise-the-world <number> 1.485 + Include the UNIX root as a shared namespace. This is generally a bad 1.486 + idea, since certain IMAP clients (names withheld to protect the guilty) 1.487 + will take this as license to download the entire filesystem tree. 1.488 + 1.489 + The default is zero (don't advertise the world). 1.490 + 1.491 +32) set mail-subdirectory <subdirectory name> 1.492 + Change the default connected directory from the user's home directory 1.493 + to the named subdirectory of the user's home directory. For example, 1.494 + setting MAILSUBDIR="mail" will cause the POP2 and IMAP servers to 1.495 + connect to the user's ~/mail subdirectory. This is equivalent to 1.496 + the env_unix.c edit described in Example 2 of the CONFIG file. 1.497 + 1.498 + Note that if the subdirectory does not exist, the result is undefined. 1.499 + It is probably an extremely bad idea to set this unless you can 1.500 + guarantee that the subdirectory exists for all users. If you can not 1.501 + guarantee this, then you should leave the default as the user's home 1.502 + directory and allow them to configure a personal default in their IMAP 1.503 + client. 1.504 + 1.505 + The default is not to use any subdirectory. 1.506 + 1.507 +33) set allow-user-config <number> 1.508 + Allow users to use ~/.imaprc and ~/.mminit files. 1.509 + 1.510 + The default is zero (don't allow user config files). 1.511 + 1.512 +34) set allow-reverse-dns <number> 1.513 + By default, the servers (ipop[23]d and imapd) will do gethostbyaddr() 1.514 + on the local and remote sockets so that imapd can identify itself 1.515 + properly (this is important when the same CPU hosts multiple virtual 1.516 + hosts on different IP addresss) and also includes the client's name 1.517 + when it writes to the syslog. There are also client gethostbyaddr() 1.518 + calls, used primarily by authentication mechanisms. 1.519 + 1.520 + Setting this option to zero disables all gethostbyaddr() calls. The 1.521 + returned "host name" string for the socket is just the bracketed 1.522 + [12.34.56.78] form, as if the reverse DNS lookup failed. 1.523 + 1.524 + WARNING: Some authentication mechanisms, e.g. Kerberos V, depend upon 1.525 + the host names being right, and if you set this option, it won't work. 1.526 + 1.527 + You should only do this if you are encountering server performance 1.528 + problems due to a misconfigured DNS, e.g. long startup delays or 1.529 + client timeouts. 1.530 + 1.531 + The default is non-zero (allow reverse DNS). 1.532 + 1.533 +35) set disable-plaintext <number> 1.534 + Disable plaintext password authentication (LOGIN command, AUTH=LOGIN, 1.535 + and AUTH=PLAIN). 1.536 + 1.537 + The default is zero (allow plaintext authentication). 1.538 + 1.539 +36) set trust-dns <number> 1.540 + By default, host names are canonicalized via gethostbyname() for 1.541 + everything except for SSL certificate validation. 1.542 + 1.543 + This can represent a security bug due to DNS spoofing, but is more 1.544 + likely to deliver results that users expect. It also may be necessary 1.545 + for SASL authentication to work right (e.g. generating a correct name 1.546 + for a Kerberos service principal) if the name entered by the user is a 1.547 + CNAME or not a fully-qualified domain name. 1.548 + 1.549 + If trust-dns is set to zero, no host name canonicalization is done. 1.550 + The user's actual entered name is used for SASL authentication and 1.551 + will appear in the mailbox name of the open stream. 1.552 + 1.553 + The default is non-zero (do DNS canonicalization). 1.554 + 1.555 +37) set sasl-uses-ptr-name <number> 1.556 + By default, if trust-dns is set, the host names used in authentication 1.557 + (e.g. to generate a Kerberos service principal) are canonicalized via 1.558 + gethostbyaddr() instead of by gethostbyname(). If gethostbyaddr() 1.559 + fails the gethostbyname() canonicalization is used. 1.560 + 1.561 + This represents an additional security bug due to DNS spoofing, over and 1.562 + above trust-dns. It also adds an additional DNS query to starting a 1.563 + session. 1.564 + 1.565 + It is necessary for sites which implement a server cluster with multiple 1.566 + A records for a cluster name (instead of a CNAME) but each cluster 1.567 + member has a unique PTR record which it expects for a Kerberos service 1.568 + principal. 1.569 + 1.570 + If sasl-uses-ptr-name is set to zero and trust-dns is set non-zero, the 1.571 + gethostbyname() canonicalized name is used for SASL authentication. 1.572 + 1.573 + The setting of sasl-uses-ptr-name is irrelevant if trust-dns is set to 1.574 + zero. 1.575 + 1.576 + The default is non-zero (use name from PTR record for SASL). 1.577 + 1.578 +38) set network-filesystem-stat-bug <number> 1.579 + By default, traditional UNIX mailbox files are only closed and reopened 1.580 + at checkpoint and expunge time. This ensures that, prior to rewriting 1.581 + the file, that any cached stat() data from a network filesystem is 1.582 + updated with current data. 1.583 + 1.584 + Very old versions of NFS, and reputedly also AFS, can get into a state 1.585 + in which the cached stat() data stays out-of-date, even across a 1.586 + close and reopen of the file. 1.587 + 1.588 + If network-filesystem-stat-bug is set non-zero, then the mailbox file 1.589 + is closed and reopened at ping time as a workaround for this bug in 1.590 + these network filesystems. This means that in imapd, the mailbox 1.591 + file is closed and reopened for every IMAP command. This is obviously 1.592 + something that should be avoided unless absolutely necessary. 1.593 + 1.594 + NFS and AFS are terrible ways to distribute mail. You use use IMAP 1.595 + servers with a local disk instead. 1.596 + 1.597 + The default is zero (only close/reopen at checkpoint and expunge time). 1.598 + 1.599 + Setting this option is a great way to ruin your system's performance. 1.600 + 1.601 +39) set restrict-mailbox-access <option> <option> ... <option> 1.602 + This option is for closed server systems only. It is less extreme 1.603 + than chroot-server, and allows selective restriction of what mailbox 1.604 + named users can use. The existing options are: 1.605 + root access not permitted to names starting with "/" 1.606 + otherusers access not permitted to other users' names; this should 1.607 + normally be used in conjunction with "root", otherwise 1.608 + another user's names can be accessed via a root name. 1.609 + all all of the above 1.610 + Setting any combination of options also disables access to superior 1.611 + directories via "..". 1.612 + 1.613 + This should be done ONLY on systems which do not permit users to 1.614 + have shell access 1.615 + 1.616 + The default is no restrictions.