diff --git a/docker/imap/rootfs/etc/imapd.conf b/docker/imap/rootfs/etc/imapd.conf index 30b2ce4a..6dc36953 100644 --- a/docker/imap/rootfs/etc/imapd.conf +++ b/docker/imap/rootfs/etc/imapd.conf @@ -1,121 +1,121 @@ servername: SERVERNAME configdirectory: /var/lib/imap defaultpartition: default metapartition_files: annotations cache expunge header index partition-default: /var/spool/imap/ metapartition-default: /var/spool/imap/ sievedir: /var/lib/imap/sieve # WITHOUT_TAGS annotation_definitions: /etc/imapd.annotations.conf # WITH_TAGS annotation_allow_undefined: 1 # ROLE_BACKEND autocreate_quota: 5242880 # ROLE_BACKEND autocreate_inbox_folders: Drafts | Trash | Sent # ROLE_BACKEND autocreate_subscribe_folders: Drafts | Trash | Sent # Set specialuse flags # ROLE_BACKEND list-drafts: Drafts # ROLE_BACKEND list-sent: Sent # ROLE_BACKEND list-trash: Trash # WITH_TLS tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem # WITH_TLS tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem # WITH_TLS tls_server_ca_file: TLS_SERVER_CA_FILE # WITH_TLS # WITH_TLS tls_client_certs: off # Per intermediate set of recommended ciphers: https://wiki.mozilla.org/Security/Server_Side_TLS # It's a subset of: openssl ciphers -v 'TLSv1_2+HIGH:!aNULL:@STRENGTH' # WITH_TLS tls_ciphers: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 # WITH_TLS tls_prefer_server_ciphers: 1 # WITH_TLS sieve_tls_versions: tls1_0 tls1_1 tls1_2 tls1_3 # WITH_TLS tls_versions: tls1_2 tls1_3 idlesocket: /var/lib/imap/socket/idle disable_shared_namespace: 0 disable_user_namespace: 0 duplicate_db_path: /run/cyrus/db/deliver.db mboxname_lockpath: /run/cyrus/lock proc_path: /run/cyrus/proc # Apparently does not work ##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db statuscache_db_path: /run/cyrus/db/statuscache.db temp_path: /tmp tls_sessions_db_path: /run/cyrus/db/tls_sessions.db sendmail: /usr/sbin/sendmail admins: IMAP_ADMIN_LOGIN sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN sasl_saslauthd_path: /run/saslauthd/mux allowplaintext: yes lmtp_over_quota_perm_failure: 1 maxlogins_per_user: MAXLOGINS_PER_USER # Disable mailbox referrals for all clients, as the referrals will point # addresses the client cannot reach. proxyd_disable_mailbox_referrals: 0 # ROLE_BACKEND httpmodules: caldav carddav domainkey freebusy ischedule rss webdav prometheus # ROLE_FRONTEND httpmodules: prometheus caldav_allowcalendaradmin: 1 unixhierarchysep: 1 virtdomains: userid sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date allowallsubscribe: 0 anyoneuseracl: 0 allowusermoves: 1 altnamespace: 1 disconnect_on_vanished_mailbox: 1 hashimapspool: 1 anysievefolder: 1 fulldirhash: 0 sieve_maxscripts: 150 sieve_maxscriptsize: 128 sieveusehomedir: 0 sieve_allowreferrals: 0 sieve_utf8fileinto: 1 lmtp_downcase_rcpt: 1 lmtp_fuzzy_mailbox_match: 1 username_tolower: 1 deletedprefix: DELETED delete_mode: delayed expunge_mode: delayed postuser: shared tcp_keepalive: 1 prometheus_enabled: 1 -# This can take >10s for large instances, so don't run it too frequently (option renamed to prometheus_servcice_update_freq in recent versions) +# This can take >10s for large instances, so don't run it too frequently (option renamed to prometheus_service_update_freq in recent versions) prometheus_update_freq: 120s prometheus_need_auth: none syslog_prefix: cyrus-imapd # ROLE_BACKEND calendar_default_displayname: Calendar # ROLE_BACKEND addressbook_default_displayname: Addressbook debug: 0 -chatty: 1 +chatty: 0 # proxy authentication for these users # ROLE_BACKEND proxyservers: IMAP_ADMIN_LOGIN # WITH_MUPDATE mupdate_server: MUPDATE_SERVER # WITH_MUPDATE mupdate_port: 3905 # WITH_MUPDATE mupdate_authname: IMAP_ADMIN_LOGIN # WITH_MUPDATE mupdate_username: IMAP_ADMIN_LOGIN # WITH_MUPDATE mupdate_password: IMAP_ADMIN_PASSWORD # # ROLE_FRONTEND # proxy authentication against backends # ROLE_FRONTEND proxy_authname: IMAP_ADMIN_LOGIN # ROLE_FRONTEND proxy_password: IMAP_ADMIN_PASSWORD # # TODO we currently lack a WITH_SYNC_SOURCE config (probably just authname/password?) # WITH_SYNC_TARGET sync_host: SYNC_HOST # WITH_SYNC_TARGET sync_authname: IMAP_ADMIN_LOGIN # WITH_SYNC_TARGET sync_password: IMAP_ADMIN_PASSWORD # WITH_SYNC_TARGET sync_log: 1 # WITH_SYNC_TARGET sync_repeat_interval: 10s # WITH_SYNC_TARGET sync_timeout: 300s # WITH_SYNC_TARGET sync_shutdown_file: /var/tmp/imap/sync_shutdown # WITH_SYNC_TARGET sync_reconnect_maxwait: 120s