imapd.conf(5)


NAME

   imapd.conf - IMAP configuration file

DESCRIPTION

   /etc/imapd.conf  is  the  configuration file for the Cyrus IMAP server.
   It defines local parameters for IMAP.

   Each line of the /etc/imapd.conf file has the form

          option: value

   where option is the name of the  configuration  option  being  set  and
   value is the value that the configuration option is being set to.

   Although there is no limit to the length of a line, a ``\'' (backslash)
   character may be used as the last character on a line to  force  it  to
   continue  on the next one.  No additional whitespace is inserted before
   or after the ``\''.  Note  that  a  line  that  is  split  using  ``\''
   character(s) is still considered a single line.  For example

          option:\
           value1 value2 \
            value3

   is equivalent to

          option: value1 value2   value3

   Blank lines and lines beginning with ``#'' are ignored.

   For  boolean and enumerated options, the values ``yes'', ``on'', ``t'',
   ``true'' and ``1'' turn the option  on,  the  values  ``no'',  ``off'',
   ``f'', ``false'' and ``0'' turn the option off.

FIELD DESCRIPTIONS

   The   sections   below  detail  options  that  can  be  placed  in  the
   /etc/imapd.conf file, and  show  each  option's  default  value.   Some
   options  have no default value, these are listed with ``<no default>''.
   Some options default  to  the  empty  string,  these  are  listed  with
   ``<none>''.

   addressbookprefix: #addressbooks
        The   prefix  for  the  addressbook  mailboxes  hierarchies.   The
        hierarchy delimiter will be automatically  appended.   The  public
        addressbook  hierarchy  will  be  at  the  toplevel  of the shared
        namespace.  A user's personal calendar hierarchy will be  a  child
        of their Inbox.

   admins: <empty string>
        The  list  of  userids  with administrative rights.  Separate each
        userid with a space.  Sites using Kerberos authentication may  use
        separate "admin" instances.

        Note  that  accounts  used  by users should not be administrators.
        Administrative accounts should not receive mail.  That is, if user
        "jbRo" is a user reading mail, he should not also be in the admins
        line.  Some problems may occur otherwise, most notably the ability
        of  administrators to create top-level mailboxes visible to users,
        but not writable by users.

   afspts_localrealms: <none>
        The list of realms which are to be  treated  as  local,  and  thus
        stripped   during  identifier  canonicalization  (for  the  AFSPTS
        ptloader module).  This is different from loginrealms in  that  it
        occurs  later  in  the  authorization  process  (as the user id is
        canonified for PTS lookup)

   afspts_mycell: <none>
        Cell to use for AFS PTS lookups.  Defaults to the local cell.

   allowallsubscribe: 0
        Allow subscription  to  nonexistent  mailboxes.   This  option  is
        typically  used  on  backend servers in a Murder so that users can
        subscribe to mailboxes that don't reside on their  "home"  server.
        This  option  can  also  be  used as a workaround for IMAP clients
        which don't play well with nonexistent or  unselectable  mailboxes
        (e.g., Microsoft Outlook).

   allowanonymouslogin: 0
        Permit  logins  by  the user "anonymous" using any password.  Also
        allows use of the SASL ANONYMOUS mechanism.

   allowapop: 1
        Allow use of the POP3 APOP authentication command.

        Note that this command requires that SASL is  compiled  with  APOP
        support,  that  the  plaintext  passwords  are available in a SASL
        auxprop backend (e.g., sasldb), and that the  system  can  provide
        enough  entropy (e.g., from /dev/urandom) to create a challenge in
        the banner.

   allownewnews: 0
        Allow use of the NNTP NEWNEWS command.

        Note that this is a very expensive  command  and  should  only  be
        enabled when absolutely necessary.

   allowplaintext: 0
        If enabled, allows the use of cleartext passwords on the wire.

        By  default,  the  use  of  cleartext passwords requires a TLS/SSL
        encryption  layer  to  be  negotiated  prior  to   any   cleartext
        authentication mechanisms being advertised or allowed.  To require
        a  TLS/SSL  encryption  layer  to  be  negotiated  prior  to   ANY
        authentication, see the tls_required option.

   allowusermoves: 0
        Allow  moving user accounts (with associated meta-data) via RENAME
        or XFER.

        Note that measures should be taken to  make  sure  that  the  user
        being  moved  is  not logged in, and cannot login during the move.
        Failure to do so may result in the user's meta-data  (seen  state,
        subscriptions, etc) being corrupted or out of date.

   altnamespace: 0
        Use the alternate IMAP namespace, where personal folders reside at
        the same level in the hierarchy as INBOX.

        This option ONLY applies where interaction takes  place  with  the
        client/user.   Currently  this  is  limited  to  the IMAP protocol
        (imapd) and Sieve scripts (lmtpd).  This option does NOT apply  to
        admin  tools  such  as  cyradm  (admins ONLY), reconstruct, quota,
        etc., NOR does it affect LMTP delivery  of  messages  directly  to
        mailboxes via plus-addressing.

   annotation_db: twoskip
        The cyrusdb backend to use for mailbox annotations.

        Allowed values: berkeley, berkeley-hash, skiplist, twoskip

   annotation_db_path: <none>
        The  absolute  path to the annotations db file.  If not specified,
        will be confdir/annotations.db

   anyoneuseracl: 1
        Should non-admin users be allowed to set  ACLs  for  the  'anyone'
        user  on  their mailboxes?  In a large organization this can cause
        support problems, but it's enabled by default.

   annotation_allow_undefined: 0
        Allow clients to store values for entries which are not *  defined
        either by Cyrus or in the annotations_definitions * file.

   annotation_definitions: <none>
        File containing external (third-party) annotation definitions.

        Each  line  of  the file specifies the properties of an annotation
        and has the following form:

               name, scope, attrib-type, proxy-type, attrib-names, acl

        name is the hierarchical name as in RFC 5257 or RFC 5464  (in  the
             latter  case,  without the leading /shared or /private).  For
             example, /vendor/acme/blurdybloop.

        scope
             specifies  whether  the  annotation  is  for  the  server,  a
             mailbox, or a message.

        attrib-type
             specifies  the  attribute  data  type,  which is used only to
             check  the  string  value  passed  by  clients  when  setting
             annotations.  The attrib-type is one of:

             string
                  any value is accepted.

             content-type
                  this  obsolete  data  type,  which  was useful for early
                  drafts  of  the  standard,  is  accepted  but   silently
                  translated to string.

             boolean
                  only   the  strings  "true"  or  "false"  are  accepted.
                  Checking is case-insensitive but the value is forced  to
                  lowercase.

             int  integers are accepted.

             uint non-negative integers are accepted.

        proxy-type
             specifies  whether this attribute is for the backend or proxy
             servers or both (proxy_and_backend)

        attrib-names
             is the space-separated list of available attributes  for  the
             annotation.   Possible   attribute  names  are  value.shared,
             value.priv, and value  (which  permits  both  value.priv  and
             value.shared).   The  attribute  names size, size.shared, and
             size.priv are accepted  but  ignored;  these  attributes  are
             automatically  provided  by  the  server if the corresponding
             value attribute  is  specified.   Some  obsolete  attributes,
             which were defined early drafts of the standard, are accepted
             and ignored with a warning.

        extra-permissions
             is the extra ACL permission bits required  for  setting  this
             annotation,  in  standard  IMAP  ACL  permission  bit  string
             format.  Note that this is in addition to the permission bits
             specified  in  RFC  5257  and RFC 5464, so leaving this field
             empty is harmless.  Note also that there is no way to specify
             that  an  annotation  can  only  be  set by an admin user; in
             particular the a permission bit does not achieve this.

        Blank lines and lines beginning with ``#'' are ignored.

   annotation_callout: <none>
        The pathname  of  a  callout  to  be  used  to  automatically  add
        annotations  or  flags  to  a  message  when  it  is appended to a
        mailbox.  The path  can  be  either  an  executable  (including  a
        script), or a UNIX domain socket.

   auditlog: 0
        Should  cyrus  output  log  entries  for  every  action taken on a
        message file or mailboxes list entry?  It's noisy so  disabled  by
        default, but can be very useful for tracking down what happened if
        things look strange

   auth_mech: unix
        The authorization mechanism to use.

        Allowed values: unix, pts, krb, krb5

   autocreateinboxfolders: <none>
        Deprecated in favor of autocreate_inbox_folders.

   autocreatequota: 0
        Deprecated in favor of autocreate_quota.

   autocreatequotamsg: -1
        Deprecated in favor of autocreate_quota_messages.

   autosievefolders: <none>
        Deprecated in favor of autocreate_sieve_folders.

   generate_compiled_sieve_script: <none>
        Deprecated in favor of autocreate_sieve_script_compile.

   autocreate_sieve_compiled_script: <none>
        Deprecated in favor of autocreate_sieve_script_compiled.

   autosubscribeinboxfolders: <none>
        Deprecated in favor of autocreate_subscribe_folders.

   autosubscribesharedfolders: <none>
        Deprecated in favor of autocreate_subscribe_sharedfolders.

   autosubscribe_all_sharedfolders: 0
        Deprecated in favor of autocreate_subscribe_sharedfolders_all.

   autocreate_inbox_folders: <none>
        If a user does not have an INBOX already, and the INBOX is  to  be
        created, create the list of folders in this setting as well.

        INBOX folders are created under both the following conditions:

        1.     The  user  logins  via  the  IMAP  or  the  POP3  protocol.
               autocreate_quota option  must  have  a  value  of  zero  or
               greater.

        2.     A  message  arrives  for  the  user  through  the lmtpd(8).
               autocreate_post option must be enabled.

        autocreate_inbox_folders is a list of INBOX's subfolders separated
        by  a  "|", that are automatically created by the server under the
        previous  two  scenarios.  Leading  and  trailing  whitespace   is
        stripped,  so  "Junk  |  Trash" results in two folders: "Junk" and
        "Trash".

   autocreate_post: 0
        If enabled, when lmtpd(8) receives an incoming mail for  an  INBOX
        that  does  not  exist, then the INBOX is automatically created by
        lmtpd(8) and delivery of the message continues.

   autocreate_quota: -1
        If set to a value of  zero  or  higher,  users  have  their  INBOX
        folders  created  upon  a  successful login event or upon lmtpd(8)
        message delivery if autocreate_post  is  enabled,  provided  their
        INBOX did not yet already exist.

        The  user's  quota is set to the value if it is greater than zero,
        otherwise the user has unlimited quota.

        Note that quota is specified in kilobytes.

   autocreate_quota_messages: -1
        If set to a value of zero or higher, users who  have  their  INBOX
        folders    created    upon   a   successful   login   event   (see
        autocreate_quota),  or   upon   lmtpd(8)   message   delivery   if
        autocreate_post  is  enabled, receive the message quota configured
        in this option.

        The default of -1 disables assigning message quota.

        For consistency with autocreate_quota, a value of zero is  treated
        as unlimited message quota, rather than a message quota of zero.

   autocreate_sieve_folders: <none>
        A  "|"  separated  list  of  subfolders  of  INBOX  that  will  be
        automatically created, if requested by a sieve filter, through the
        "fileinto"   action.   The   default   is  to  create  no  folders
        automatically.

        Leading and trailing whitespace is stripped from each folder, so a
        setting  of  "Junk  |  Trash"  will create two folders: "Junk" and
        "Trash".

   autocreate_sieve_script: <none>
        The full path of a file that contains a sieve script. This  script
        automatically  becomes  a  user's  initial  default  sieve  filter
        script.

        When this option is  not  defined,  no  default  sieve  filter  is
        created.  The file must be readable by the Cyrus daemon.

   autocreate_sieve_script_compile: 0
        If  set to yes and no compiled sieve script file exists, the sieve
        script which is compiled on the fly will be saved in the file name
        that  autocreate_sieve_compiledscript option points to. In order a
        compiled  script  to  be  generated,  autocreate_sieve_script  and
        autocreate_sieve_compiledscript must have valid values

   autocreate_sieve_script_compiled: <none>
        The full path of a file that contains a compiled in bytecode sieve
        script. This script automatically becomes a user's initial default
        sieve  filter  script.   If  this  option is not specified, or the
        filename   doesn't   exist   then   the    script    defined    by
        autocreate_sieve_script  is  compiled  on the fly and installed as
        the user's default sieve script

   autocreate_subscribe_folders: <none>
        A list of folder names, separated  by  "|",  that  the  users  get
        automatically  subscribed  to,  when their INBOX is created. These
        folder names must have been included in the autocreateinboxfolders
        option of the imapd.conf.

   autocreate_subscribe_sharedfolders: <none>
        A list of shared folders (bulletin boards), separated by "|", that
        the users get automatically subscribed to, after  their  INBOX  is
        created.  The  shared  folder  must have been created and the user
        must have the  required  permissions  to  get  subscribed  to  it.
        Otherwise, subscribing to the shared folder fails.

   autocreate_subscribe_sharedfolders_all: 0
        If  set to yes, the user is automatically subscribed to all shared
        folders, one has permission to subscribe to.

   autocreate_users: anyone
        A space separated list of users and/or  groups  that  are  allowed
        their INBOX to be automatically created.

   berkeley_cachesize: 512
        Size  (in kilobytes) of the shared memory buffer pool (cache) used
        by the berkeley environment.  The minimum  allowed  value  is  20.
        The maximum allowed value is 4194303 (4GB).

   berkeley_locks_max: 50000
        Maximum  number  of  locks to be held or requested in the berkeley
        environment.

   berkeley_txns_max: 100
        Maximum number of transactions to be  supported  in  the  berkeley
        environment.

   boundary_limit: 1000
        messages  are  parsed recursively and a deep enough MIME structure
        can cause a stack overflow.  Do not parse deeper  than  this  many
        layers of MIME structure.  The default of 1000 is much higher than
        any sane message should have.

   caldav_allowscheduling: on
        Enable calendar scheduling operations.  If  set  to  "apple",  the
        server  will  emulate  Apple CalendarServer behavior as closely as
        possible.

        Allowed values: off, on, apple

   caldav_maxdatetime: 20380119T031407Z
        The latest date and time accepted  by  the  server  (ISO  format).
        This  value  is also used for expanding non-terminating recurrence
        rules.

        Note that increasing this value will require the DAV databases for
        calendars  to be reconstructed with the dav_reconstruct utility in
        order to see its effect on serer-side time-based queries.

   caldav_mindatetime: 19011213T204552Z
        The earliest date and time accepted by the server (ISO format).

   caldav_realm: <none>
        The realm to present for HTTP authentication of CalDAV  resources.
        If  not  set  (the  default), the value of the "servername" option
        will be used.

   calendarprefix: #calendars
        The prefix for the calendar mailboxes hierarchies.  The  hierarchy
        delimiter  will  be  automatically  appended.  The public calendar
        hierarchy will be at the toplevel  of  the  shared  namespace.   A
        user's personal calendar hierarchy will be a child of their Inbox.

   calendar_user_address_set: <none>
        Space-separated  list  of  domains  corresponding to calendar user
        addresses for which the server is responsible.  If  not  set  (the
        default), the value of the "servername" option will be used.

   carddav_realm: <none>
        The realm to present for HTTP authentication of CardDAV resources.
        If not set (the default), the value  of  the  "servername"  option
        will be used.

   chatty: 0
        If yes, syslog tags and commands for every IMAP command, mailboxes
        for every lmtp connection, every POP3 command, etc

   client_timeout: 10
        Number of seconds to wait before returning a timeout failure  when
        performing a client connection (e.g., in a murder environment)

   commandmintimer: <none>
        Time in seconds. Any imap command that takes longer than this time
        is logged.

   configdirectory: <none>
        The pathname of the IMAP configuration directory.  This  field  is
        required.

   createonpost: 0
        Deprecated in favor of autocreate_post.

   dav_realm: <none>
        The  realm  to  present  for  HTTP  authentication  of generic DAV
        resources (principals).  If not set (the default),  the  value  of
        the "servername" option will be used.

   debug_command: <none>
        Debug command to be used by processes started with -D option.  The
        string is a C format string that gets 3 options: the first is  the
        name  of  the  executable  (without  path).  The second is the pid
        (integer)  and  the   third   is   the   service   ID.    Example:
        /usr/local/bin/gdb /usr/cyrus/bin/%s %d

   defaultacl: anyone lrs
        The Access Control List (ACL) placed on a newly-created (non-user)
        mailbox that does not have a parent mailbox.

   defaultdomain: <none>
        The default domain for virtual  domain  support.  Note  that  this
        domain  is stripped from the email-address transmitted using LMTP,
        but  it  is  not  stripped  from  usernames  at  login-time.   For
        imapd/pop3d, "user" and "user@defaultdomain" specify two different
        users.  Please check install-virtdomains.html for details.

   defaultpartition: <none>
        The partition name used by default  for  new  mailboxes.   If  not
        specified, the partition with the most free space will be used for
        new mailboxes.

        Note that the partition specified by  this  option  must  also  be
        specified  as  partition-name, where you substitute 'name' for the
        alphanumeric string you set defaultpartition to.

   defaultserver: <none>
        The backend server name used by default for new mailboxes.  If not
        specified,  the  server  with the most free space will be used for
        new mailboxes.

   deletedprefix: DELETED
        If "delete_mode" set to be "delayed", the prefix for  the  deleted
        mailboxes    hierarchy.    The   hierarchy   delimiter   will   be
        automatically appended.

   delete_mode: delayed
        The manner in which mailboxes are deleted. "immediate" mode is the
        default  behavior  in which mailboxes are removed immediately.  In
        "delayed" mode,  mailboxes  are  renamed  to  a  special  hiearchy
        defined  by  the  "deletedprefix"  option  to  be removed later by
        cyr_expire.

        Allowed values: immediate, delayed

   deleteright: c
        Deprecated - only used for backwards compatibility  with  existing
        installations.   Lists  the  old  RFC 2086 right which was used to
        grant the user the ability to delete a mailbox.   If  a  user  has
        this right, they will automatically be given the new 'x' right.

   disable_user_namespace: 0
        Preclude  list  command  on  user namespace.  If set to 'yes', the
        LIST response will never include any other user's mailbox.   Admin
        users will always see all mailboxes.  The default is 'no'

   disable_shared_namespace: 0
        Preclude  list  command on shared namespace.  If set to 'yes', the
        LIST response will never include any  non-user  mailboxes.   Admin
        users will always see all mailboxes.  The default is 'no'

   disconnect_on_vanished_mailbox: 0
        If  enabled,  IMAP/POP3/NNTP  clients  will be disconnected by the
        server if the currently selected mailbox is (re)moved  by  another
        session.  Otherwise, the missing mailbox is treated as empty while
        in use by the client.

   ischedule_dkim_domain: <none>
        The domain to be reported as doing iSchedule DKIM signing.

   ischedule_dkim_key_file: <none>
        File containing the private key for iSchedule DKIM signing.

   ischedule_dkim_selector: <none>
        Name of the  selector  subdividing  the  domain  namespace.   This
        specifies  the  actual  key used for iSchedule DKIM signing within
        the domain.

   duplicate_db: twoskip
        The cyrusdb backend to use for the duplicate delivery  suppression
        and sieve.

        Allowed    values:   berkeley,   berkeley-nosync,   berkeley-hash,
        berkeley-hash-nosync, skiplist, sql, twoskip

   duplicate_db_path: <none>
        The absolute path to the duplicate db  file.   If  not  specified,
        will be confdir/deliver.db

   duplicatesuppression: 1
        If enabled, lmtpd will suppress delivery of a message to a mailbox
        if a message with the same message-id  (or  resent-message-id)  is
        recorded as having already been delivered to the mailbox.  Records
        the mailbox and  message-id/resent-message-id  of  all  successful
        deliveries.

   event_content_inclusion_mode: standard
        The   mode   in   which  message  content  may  be  included  with
        MessageAppend and  MessageNew.  "standard"  mode  is  the  default
        behavior  in  which  message  is  included  up  to a size with the
        notification. In "message" mode, the message is included  and  may
        be  truncated  to  a  size.  In "header" mode, it includes headers
        truncated to a size. In "body" mode, it includes body truncated to
        a  size.  In  "headerbody" mode, it includes full headers and body
        truncated to a size

        Allowed values: standard, message, header, body, headerbody

   event_content_size: 0
        Truncate  the  message  content  that   may   be   included   with
        MessageAppend  and MessageNew. Set 0 to include the entire message
        itself

   event_exclude_flags: <none>
        Don't send event notification for given IMAP flag(s)

   event_exclude_specialuse: Junk
        Don't send event notification for folder  with  given  special-use
        attributes.  Set ALL for any folder

   event_extra_params: timestamp
        Space-separated   list   of   extra   parameters  to  add  to  any
        appropriated event.

        Allowed values: bodyStructure, clientAddress, diskUsed, flagNames,
        messageContent, messageSize, messages, modseq, service, timestamp,
        uidnext, vnd.cmu.midset, vnd.cmu.unseenMessages, vnd.cmu.envelope,
        vnd.cmu.sessionId,       vnd.cmu.mbtype,      vnd.cmu.davFilename,
        vnd.cmu.davUid

   event_groups: message mailbox
        Space-separated list of  groups  of  related  events  to  turn  on
        notification

        Allowed   values:   message,   quota,   flags,   access,  mailbox,
        subscription

   event_notifier: <none>
        Notifyd(8) method to use for "EVENT" notifications which are based
        on the RFC 5423.  If not set, "EVENT" notifications are disabled.

   expunge_mode: delayed
        The mode in which messages (and their corresponding cache entries)
        are expunged.  "default" mode is the default behavior in which the
        message files are purged at the time of the EXPUNGE, but index and
        cache records are retained to facilitate  QRESYNC.   In  "delayed"
        mode,  the  message files are also retained, allowing unexpunge to
        rescue them.  In "immediate" mode, both the message files and  the
        index  records  are  removed  as  soon as possible.  In all cases,
        nothing will be finally purged  until  all  other  processes  have
        closed  the  mailbox to ensure they never see data disappear under
        them.  In "default" or "delayed" mode, a later run of "cyr_expire"
        will  clean out the retained records (and possibly message files).
        This reduces the amount of I/O that takes place  at  the  time  of
        EXPUNGE  and  should  result  in  greater  responsiveness  for the
        client, especially when expunging a large number of messages.

        Allowed values: default, immediate, delayed

   failedloginpause: 3
        Number of seconds to pause after a failed login.

   flushseenstate: 1
        Deprecated. No longer used

   foolstupidclients: 0
        If enabled, only list the personal namespace when a  LIST  "*"  is
        performed (it changes the request to a LIST "INBOX*").

   force_sasl_client_mech: <none>
        Force  preference  of  a  given  SASL  mechanism  for  client side
        operations (e.g., murder environments).   This  is  separate  from
        (and  overridden by) the ability to use the <host shortname>_mechs
        option to set preferred mechanisms for a specific host

   fulldirhash: 0
        If enabled, uses an improved directory hashing scheme which hashes
        on  the  entire username instead of using just the first letter as
        the hash.  This changes hash algorithm used  for  quota  and  user
        directories  and  if  hashimapspool  is  enabled,  the entire mail
        spool.

        Note that this option CANNOT be changed on  a  live  system.   The
        server  must  be  quiesced and then the directories moved with the
        rehash utility.

   hashimapspool: 0
        If enabled, the partitions will also be hashed, in addition to the
        hashing done on configuration directories.  This is recommended if
        one partition has a very bushy mailbox tree.

   debug: 0
        If enabled, allow syslog() to pass LOG_DEBUG messages.

   hostname_mechs: <none>
        Force a particular  list  of  SASL  mechanisms  to  be  used  when
        authenticating  to  the backend server hostname (where hostname is
        the short hostname of the  server  in  question).  If  it  is  not
        specified  it  will  query the server for available mechanisms and
        pick one to use. - Cyrus Murder

   hostname_password: <none>
        The password to use  for  authentication  to  the  backend  server
        hostname  (where  hostname  is the short hostname of the server) -
        Cyrus Murder

   httpallowcompress: 1
        If enabled, the server will  compress  response  payloads  if  the
        client   indicates  that  it  can  accept  them.   Note  that  the
        compressed data will appear in telemetry logs,  leaving  only  the
        response headers as human-readable.

   httpallowcors: <none>
        A  wildmat pattern specifying a list of origin URIs ( scheme "://"
        host [ ":" port ] ) that are allowed to make Cross-Origin Resource
        Sharing  (CORS) requests on the server.  By default, CORS requests
        are disabled.

        Note that the scheme and host should both be lowercase,  the  port
        should  be  omitted  if  using  the default for the scheme (80 for
        http, 443 for https), and there should be no trailing  '/'  (e.g.:
        "http://www.example.com:8080", "https://example.org").

   httpallowtrace: 0
        Allow use of the TRACE method.

        Note that sensitive data might be disclosed by the response.

   httpallowedurls: <none>
        Space-separated   list   of   relative   URLs  (paths)  rooted  at
        "httpdocroot" (see below) to be served by  httpd.   If  set,  this
        option  will  limit  served  static  content  to  only those paths
        specified (returning "404 Not Found" to any other client requested
        URLs).    Otherwise,   httpd  will  serve  any  content  found  in
        "httpdocroot".

        Note that any path  specified  by  "rss_feedlist_template"  is  an
        exception to this rule.

   httpcontentmd5: 0
        If  enabled,  HTTP responses will include a Content-MD5 header for
        the purpose of providing an  end-to-end  message  integrity  check
        (MIC)  of  the  payload body.  Note that enabling this option will
        use additional CPU to  generate  the  MD5  digest,  which  may  be
        ignored by clients anyways.

   httpdocroot: <none>
        If  set,  http  will  serve the static content (html/text/jpeg/gif
        files, etc) rooted at this directory.  Otherwise, httpd  will  not
        serve any static content.

   httpkeepalive: 20
        Set  the  length  of  the  HTTP  server's  keepalive  heartbeat in
        seconds.  The default is 20.  The minimum value is 0,  which  will
        disable the keepalive heartbeat.  When enabled, if a request takes
        longer than httpkeepalive seconds to process, the server will send
        the client provisional responses every httpkeepalive seconds until
        the final response can be sent

   httpmodules: <empty string>
        Space-separated list of HTTP  modules  that  will  be  enabled  in
        httpd(8).   This option has no effect on modules that are disabled
        at compile time due to missing dependencies (e.g. libical).

        Allowed  values:  caldav,  carddav,  domainkey,  ischedule,   rss,
        timezone

   httpprettytelemetry: 0
        If  enabled,  HTTP  response  payloads  including server-generated
        markup  languages  (HTML,  XML)  will  utilize  line  breaks   and
        indentation to promote better human-readability in telemetry logs.
        Note that enabling this option will increase the  amount  of  data
        sent across the wire.

   httptimeout: 5
        Set  the  length of the HTTP server's inactivity autologout timer,
        in minutes.  The default is 5.  The minimum value is 0, which will
        disable persistent connections.

   idlesocket: {configdirectory}/socket/idle
        Unix domain socket that idled listens on.

   ignorereference: 0
        For  backwards  compatibility  with  Cyrus  1.5.10  and earlier --
        ignore the reference argument in LIST or LSUB commands.

   imapidlepoll: 60
        The interval (in seconds) for  polling  for  mailbox  changes  and
        ALERTs  while  running the IDLE command.  This option is used when
        idled is not enabled or cannot be contacted.  The minimum value is
        1.  A value of 0 will disable IDLE.

   imapidresponse: 1
        If  enabled, the server responds to an ID command with a parameter
        list containing: version,  vendor,  support-url,  os,  os-version,
        command,  arguments,  environment.   Otherwise  the server returns
        NIL.

   imapmagicplus: 0
        Only list  a  restricted  set  of  mailboxes  via  IMAP  by  using
        userid+namespace  syntax  as  the authentication/authorization id.
        Using userid+ (with an empty namespace) will list only  subscribed
        mailboxes.

   implicit_owner_rights: lkxa
        The implicit Access Control List (ACL) for the owner of a mailbox.

   @include: <none>
        Directive  which  includes  the  specified  file  as  part  of the
        configuration.   If  the  path  to  the  file  is  not   absolute,
        CYRUS_PATH is prepended.

   improved_mboxlist_sort: 0
        If enabled, a special comparator will be used which will correctly
        sort mailbox names that contain characters such as ' ' and '-'.

        Note that this option SHOULD NOT be changed on a live system.  The
        mailboxes  database  should  be  dumped  (ctl_mboxlist) before the
        option is changed, removed, and then undumped after  changing  the
        option.  When not using flat files for the subscriptions databases
        the same  has  to  be  done  (cyr_dbtool)  for  each  subscription
        database See improved_mboxlist_sort.html.

   internaldate_heuristic: standard
        Mechanism      to     determine     email     internaldates     on
        delivery/reconstruct.  "standard" uses time()  when  delivering  a
        message,  mtime on reconstruct.  "receivedheader" looks at the top
        most Received header or time/mtime otherwise

        Allowed values: standard, receivedheader

   iolog: 0
        Should cyrus output I/O log entries

   ldap_authz: <none>
        SASL authorization ID for the LDAP server

   ldap_base: <empty string>
        Contains the LDAP base dn for the LDAP ptloader module

   ldap_bind_dn: <none>
        Bind DN for the connection to the LDAP server (simple  bind).   Do
        not use for anonymous simple binds

   ldap_deref: never
        Specify how aliases dereferencing is handled during search.

        Allowed values: search, find, always, never

   ldap_domain_base_dn: <empty string>
        Base DN to search for domain name spaces.

   ldap_domain_filter:
   (&(objectclass=domainrelatedobject)(associateddomain=%s))
        Filter to use searching for domains

   ldap_domain_name_attribute: associateddomain
        The attribute name for domains.

   ldap_domain_scope: sub
        Search scope

        Allowed values: sub, one, base

   ldap_domain_result_attribute: inetdomainbasedn
        Result attribute

   ldap_filter: (uid=%u)
        Specify a filter that searches user  identifiers.   The  following
        tokens can be used in the filter string:

        %%    = % %u   = user %U   = user portion of %u (%U = test when %u
        = test@domain.tld) %d   = domain portion of %u if available (%d  =
        domain.tld  when  %u  = %test@domain.tld), otherwise same as %r %D
        = user dn.  (use when ldap_member_method: filter)  %1-9  =  domain
        tokens (%1 = tld, %2 = domain when %d = domain.tld)

        ldap_filter is not used when ldap_sasl is enabled.

   ldap_group_base: <empty string>
        LDAP base dn for ldap_group_filter.

   ldap_group_filter: (cn=%u)
        Specify  a  filter  that  searches  for  group  identifiers.   See
        ldap_filter for more options.

   ldap_group_scope: sub
        Specify search scope for ldap_group_filter.

        Allowed values: sub, one, base

   ldap_id: <none>
        SASL authentication ID for the LDAP server

   ldap_mech: <none>
        SASL mechanism for LDAP authentication

   ldap_user_attribute: <none>
        Specify LDAP attribute to use as canonical user id

   ldap_member_attribute: <none>
        See ldap_member_method.

   ldap_member_base: <empty string>
        LDAP base dn for ldap_member_filter.

   ldap_member_filter: (member=%D)
        Specify  a   filter   for   "ldap_member_method:   filter".    See
        ldap_filter for more options.

   ldap_member_method: attribute
        Specify  a  group method.  The "attribute" method retrieves groups
        from a multi-valued attribute specified in ldap_member_attribute.

        The   "filter"   method    uses    a    filter,    specified    by
        ldap_member_filter,  to  find  groups;  ldap_member_attribute is a
        single-value attribute group name.

        Allowed values: attribute, filter

   ldap_member_scope: sub
        Specify search scope for ldap_member_filter.

        Allowed values: sub, one, base

   ldap_password: <none>
        Password for the connection to the LDAP server  (SASL  and  simple
        bind).  Do not use for anonymous simple binds

   ldap_realm: <none>
        SASL realm for LDAP authentication

   ldap_referrals: 0
        Specify whether or not the client should follow referrals.

   ldap_restart: 1
        Specify  whether  or  not  LDAP  I/O  operations are automatically
        restarted if they abort prematurely.

   ldap_sasl: 1
        Use SASL for LDAP binds in the LDAP PTS module.

   ldap_sasl_authc: <none>
        Deprecated.  Use ldap_id

   ldap_sasl_authz: <none>
        Deprecated.  Use ldap_authz

   ldap_sasl_mech: <none>
        Deprecated.  Use ldap_mech

   ldap_sasl_password: <none>
        Deprecated.  User ldap_password

   ldap_sasl_realm: <none>
        Deprecated.  Use ldap_realm

   ldap_scope: sub
        Specify search scope.

        Allowed values: sub, one, base

   ldap_servers: ldap://localhost/
        Deprecated.  Use ldap_uri

   ldap_size_limit: 1
        Specify a number of entries for a search request to return.

   ldap_start_tls: 0
        Use transport layer security for ldap:// using  STARTTLS.  Do  not
        use ldaps:// in 'ldap_uri' with this option enabled.

   ldap_time_limit: 5
        Specify a number of seconds for a search request to complete.

   ldap_timeout: 5
        Specify a number of seconds a search can take before timing out.

   ldap_ca_dir: <none>
        Path to a directory with CA (Certificate Authority) certificates.

   ldap_ca_file: <none>
        Patch   to   a   file   containing   CA   (Certificate  Authority)
        certificate(s).

   ldap_client_cert: <none>
        File containing the client certificate.

   ldap_verify_peer: 0
        Require and verify server certificate.  If this option is yes, you
        must specify ldap_ca_file or ldap_ca_dir.

   ldap_ciphers: <none>
        List  of  SSL/TLS  ciphers  to allow.  The format of the string is
        described in ciphers(1).

   ldap_client_key: <none>
        File containing the private client key.

   ldap_tls_cacert_dir: <none>
        Deprecated in favor of ldap_ca_dir.

   ldap_tls_cacert_file: <none>
        Deprecated in favor of ldap_ca_file.

   ldap_tls_cert: <none>
        Deprecated in favor of ldap_client_cert.

   ldap_tls_key: <none>
        Deprecated in favor of ldap_client_key.

   ldap_tls_check_peer: <none>
        Deprecated in favor of ldap_verify_peer.

   ldap_tls_ciphers: <none>
        Deprecated in favor of ldap_ciphers.

   ldap_uri: <none>
        Contains a list of the URLs of all the LDAP servers when using the
        LDAP PTS module.

   ldap_version: 3
        Specify  the  LDAP  protocol  version.   If  ldap_start_tls and/or
        ldap_use_sasl are enabled, ldap_version will be automatically  set
        to 3.

   lmtp_downcase_rcpt: 1
        If   enabled,  lmtpd  will  convert  the  recipient  addresses  to
        lowercase (up to a '+' character, if present).

   lmtp_fuzzy_mailbox_match: 0
        If enabled, and the mailbox specified in the detail  part  of  the
        recipient  (everything  after  the '+') does not exist, lmtpd will
        try to find the closest match (ignoring case, ignoring whitespace,
        falling back to parent) to the specified mailbox name.

   lmtp_over_quota_perm_failure: 0
        If  enabled,  lmtpd returns a permanent failure code when a user's
        mailbox is over quota.  By  default,  the  failure  is  temporary,
        causing the MTA to queue the message and retry later.

   lmtp_strict_quota: 0
        If enabled, lmtpd returns a failure code when the incoming message
        will cause the user's mailbox to exceed its  quota.   By  default,
        the failure won't occur until the mailbox is already over quota.

   lmtp_strict_rfc2821: 1
        By  default,  lmtpd  will be strict (per RFC 2821) with regards to
        which envelope addresses are allowed.  If this option  is  set  to
        false, 8bit characters in the local-part of envelope addresses are
        changed to 'X'  instead.   This  is  useful  to  avoid  generating
        backscatter  with  certain  MTAs like Postfix or Exim which accept
        such messages.

   lmtpsocket: {configdirectory}/socket/lmtp
        Unix domain socket that lmtpd listens on, used by deliver(8). This
        should match the path specified in cyrus.conf(5).

   lmtptxn_timeout: 300
        Timeout  (in  seconds)  used during a lmtp transaction to a remote
        backend (e.g. in a murder environment).  Can be  used  to  prevent
        hung   lmtpds  on  proxy  hosts  when  a  backend  server  becomes
        unresponsive during a lmtp transaction.   The  default  is  300  -
        change to zero for infinite.

   loginrealms: <empty string>
        The  list  of  remote  realms  whose  users may authenticate using
        cross-realm authentication identifiers.  Separate each realm  name
        by  a  space.   (A cross-realm identity is considered any identity
        returned by SASL with an "@" in it.) Note that to support multiple
        virtual  domains  on  the same interface/IP, you need to list them
        all as loginreals.  If  you  don't  list  them  here,  your  users
        probably won't be able to log in.

   loginuseacl: 0
        If  enabled,  any  authentication identity which has a rights on a
        user's INBOX may log in as that user.

   logtimestamps: 0
        Include notations in the protocol telemetry  logs  indicating  the
        number of seconds since the last command or response.

   mailbox_default_options: 0
        Default "options" field for the mailbox on create.  You'll want to
        know what you're doing before setting this, but it can apply  some
        default annotations like duplicate supression

   mailbox_initial_flags: <none>
        space-separated  list  of permanent flags which will be pre-set in
        every newly  created  mailbox.   If  you  know  you  will  require
        particular  flag  names then this avoids a possible race condition
        against a client  that  fills  the  entire  128  available  slots.
        Default  is  NULL,  which  is  no flags.  Example: $Label1 $Label2
        $Label3 NotSpam Spam

   mailnotifier: <none>
        Notifyd(8) method to use for "MAIL" notifications.   If  not  set,
        "MAIL" notifications are disabled.

   maxheaderlines: 1000
        Maximum  number  of  lines  of  header that will be processed into
        cache records.  Default 1000.  If set to zero,  it  is  unlimited.
        If  a message hits the limit, an error will be logged and the rest
        of the lines in the header will be  skipped.   This  is  to  avoid
        malformed messages causing giant cache records

   maxlogins_per_host: 0
        Maximum  number of logged in sessions allowed per host, zero means
        no limit

   maxlogins_per_user: 0
        Maximum number of logged in sessions allowed per user, zero  means
        no limit

   maxmessagesize: 0
        Maximum  incoming  LMTP  message  size.   If  non-zero, lmtpd will
        reject messages larger than maxmessagesize bytes.  If  set  to  0,
        this will allow messages of any size (the default).

   maxquoted: 131072
        Maximum  size  of  a single quoted string for the parser.  Default
        128k

   maxword: 131072
        Maximum size of a single word for the parser.  Default 128k

   mboxkey_db: twoskip
        The cyrusdb backend to use for mailbox keys.

        Allowed values: berkeley, skiplist, twoskip

   mboxlist_db: twoskip
        The cyrusdb backend to use for the mailbox list.

        Allowed values:  flat,  berkeley,  berkeley-hash,  skiplist,  sql,
        twoskip

   mboxlist_db_path: <none>
        The absolute path to the mailboxes db file.  If not specified will
        be confdir/mailboxes.db

   mboxname_lockpath: <none>
        Path to mailbox name lock files (default $conf/lock)

   metapartition_files: <empty string>
        Space-separated  list  of  metadata  files  to  be  stored  on   a
        metapartition  rather  than  in  the  mailbox directory on a spool
        partition.

        Allowed values: header, index, cache, expunge, squat, annotations,
        lock, dav

   metapartition-name: <none>
        The  pathname  of  the  metadata  partition name, corresponding to
        spool partition partition-name.  For any  mailbox  residing  in  a
        directory   on   partition-name,  the  metadata  files  listed  in
        metapartition_files will be stored in a corresponding directory on
        metapartition-name.   Note that not every partition-name option is
        required to have a  corresponding  metapartition-name  option,  so
        that  you  can selectively choose which spool partitions will have
        separate metadata partitions.

   mupdate_authname: <none>
        The SASL username (Authentication Name) to use when authenticating
        to the mupdate server (if needed).

   mupdate_config: standard
        The configuration of the mupdate servers in the Cyrus Murder.  The
        "standard" config is one in  which  there  are  discreet  frontend
        (proxy) and backend servers.  The "unified" config is one in which
        a server can be both a frontend  and  backend.   The  "replicated"
        config is one in which multiple backend servers all share the same
        mailspool,  but  each  have  their  own   "replicated"   copy   of
        mailboxes.db.

        Allowed values: standard, unified, replicated

   munge8bit: 1
        If  enabled,  lmtpd  munges  messages with 8-bit characters in the
        headers.  The 8-bit characters are changed to `X'.  If  reject8bit
        is  enabled,  setting munge8bit has no effect.  (A proper solution
        to non-ASCII characters in headers is offered by RFC 2047 and  its
        predecessors.)

   mupdate_connections_max: 128
        The  max  number of connections that a mupdate process will allow,
        this is related to the number of file descriptors in  the  mupdate
        process.   Beyond  this  number  connections  will  be immediately
        issued a BYE response.

   mupdate_password: <none>
        The SASL password (if needed) to use when  authenticating  to  the
        mupdate server.

   mupdate_port: 3905
        The port of the mupdate server for the Cyrus Murder

   mupdate_realm: <none>
        The  SASL  realm  (if  needed)  to  use when authenticating to the
        mupdate server.

   mupdate_retry_delay: 20
        The base time to wait between connection retries  to  the  mupdate
        server.

   mupdate_server: <none>
        The mupdate server for the Cyrus Murder

   mupdate_username: <empty string>
        The  SASL username (Authorization Name) to use when authenticating
        to the mupdate server

   mupdate_workers_max: 50
        The maximum number of mupdate worker threads (overall)

   mupdate_workers_maxspare: 10
        The maximum number of idle mupdate worker threads

   mupdate_workers_minspare: 2
        The minimum number of idle mupdate worker threads

   mupdate_workers_start: 5
        The number of mupdate worker threads to start

   netscapeurl: <none>
        If enabled at compile time, this specifies a  URL  to  reply  when
        Netscape asks the server where the mail administration HTTP server
        is.  Administrators should set this to a local resource.

   newsaddheaders: to
        Space-separated list of headers to be  added  to  incoming  usenet
        articles.  Added To: headers will contain email delivery addresses
        corresponding to each newsgroup in the Newsgroups: header.   Added
        Reply-To:   headers   will   contain   email   delivery  addresses
        corresponding to each newsgroup in the Followup-To: or Newsgroups:
        header.   If  the specified header(s) already exist in an article,
        the email delivery addresses will  be  appended  to  the  original
        header body(s).

        This option applies if and only if the newspostuser option is set.

        Allowed values: to, replyto

   newsgroups: *
        A  wildmat  pattern specifying which mailbox hierarchies should be
        treated as newsgroups.  Only mailboxes matching the  wildmat  will
        accept  and/or  serve  articles  via  NNTP.  If not set, a default
        wildmat of "*" (ALL  shared  mailboxes)  will  be  used.   If  the
        newsprefix  option  is  also  set,  the  default  wildmat  will be
        translated to "<newsprefix>.*"

   newsmaster: news
        Userid that is used for checking access  controls  when  executing
        Usenet  control  messages.   For instance, to allow articles to be
        automatically deleted by cancel messages, give the "news" user the
        'd'  right  on  the  desired mailboxes.  To allow newsgroups to be
        automatically created, deleted and renamed  by  the  corresponding
        control  messages,  give  the  "news"  user  the  'c' right on the
        desired mailbox hierarchies.

   newspeer: <none>
        A list of whitespace-separated news server specifications to which
        articles  should be fed.  Each server specification is a string of
        the form [user[:pass]@]host[:port][/wildmat] where 'host'  is  the
        fully  qualified  hostname  of  the  server, 'port' is the port on
        which  the  server  is  listening,  'user'  and  'pass'  are   the
        authentication   credentials  and  'wildmat'  is  a  pattern  that
        specifies which groups should be fed.  If no 'port' is  specified,
        port  119  is  used.  If no 'wildmat' is specified, all groups are
        fed.  If 'user' is specified (even if empty), then the  NNTP  POST
        command  will be used to feed the article to the server, otherwise
        the IHAVE command will be used.

        A '@' may be used in place  of  '!'  in  the  wildmat  to  prevent
        feeding articles cross-posted to the given group, otherwise cross-
        posted articles are fed if any part of the wildmat  matches.   For
        example, the string "peer.example.com:*,!control.*,@local.*" would
        feed all groups  except  control  messages  and  local  groups  to
        peer.example.com.   In  the case of cross-posting to local groups,
        these articles would not be fed.

   newspostuser: <none>
        Userid used  to  deliver  usenet  articles  to  newsgroup  folders
        (usually  via  lmtp2nntp).   For  example, if set to "post", email
        sent  to  "post+comp.mail.imap"  would   be   delivered   to   the
        "comp.mail.imap" folder.

        When  set,  the Cyrus NNTP server will add the header(s) specified
        in the newsaddheaders option to each incoming usenet article.  The
        added    header(s)   will   contain   email   delivery   addresses
        corresponding to each relevent newsgroup.  If not set, no  headers
        are added to usenet articles.

   newsprefix: <none>
        Prefix   to   be   prepended   to  newsgroup  names  to  make  the
        corresponding IMAP mailbox names.

   newsrc_db_path: <none>
        The absolute path to the newsrc db file.  If not  specified,  will
        be confdir/fetchnews.db

   nntptimeout: 3
        Set  the  length of the NNTP server's inactivity autologout timer,
        in minutes.  The minimum value is 3, the default.

   notifysocket: {configdirectory}/socket/notify
        Unix domain socket that the mail notification daemon listens on.

   notify_external: <none>
        Path to the external program that notifyd(8)  will  call  to  send
        mail notifications.

        The  external  program  will  be called with the following command
        line options:

        -c class

        -p priority

        -u user

        -m mailbox

        And the notification message will be available on stdin.

   partition-name: <none>
        The pathname of  the  partition  name.   At  least  one  partition
        pathname  MUST  be  specified.   If the defaultpartition option is
        used, then its pathname MUST be specified.  For  example,  if  the
        value of the defaultpartion option is default, then the partition-
        default field is required.

   partition_select_mode: freespace-most
        Partition selection mode.

        random
             (pseudo-)random selection

        freespace-most
             partition with the most free space (KiB)

        freespace-percent-most
             partition with the most free space (%)

        freespace-percent-weighted
             each partition is weighted according to its free  space  (%);
             the  more  free  space the partition has, the more chances it
             has to be selected

        freespace-percent-weighted-delta
             each partition is weighted according  to  its  difference  of
             free  space (%) compared to the most used partition; the more
             the partition is lagging behind the most used partition,  the
             more chances it has to be selected

        Note  that actually even the most used partition has a few chances
        to be selected, and those chances increase when  other  partitions
        get closer

        Allowed  values:  random,  freespace-most, freespace-percent-most,
        freespace-percent-weighted, freespace-percent-weighted-delta

   partition_select_exclude: <none>
        List of partitions to exclude from selection mode.

   partition_select_usage_reinit: 0
        For  a  given  session,  number  of  operations  (e.g.   partition
        selection) for which partitions usage data are cached.

   partition_select_soft_usage_limit: 0
        Limit  of  partition usage (%): if a partition is over that limit,
        it is automatically excluded from selection mode.

        If all partitions are over that limit, this feature  is  not  used
        anymore.

   plaintextloginpause: 0
        Number  of  seconds  to  pause after a successful plaintext login.
        For systems that support strong authentication, this permits users
        to  perceive  a cost of using plaintext passwords.  (This does not
        affect the use of PLAIN in SASL authentications.)

   plaintextloginalert: <none>
        Message to send to client after a successful plaintext login.

   popexpiretime: -1
        The number of days advertised as being the minimum a  message  may
        be  left  on  the  POP  server  before it is deleted (via the CAPA
        command, defined in  the  POP3  Extension  Mechanism,  which  some
        clients may support).  "NEVER", the default, may be specified with
        a negative number.  The Cyrus POP3 server never deletes  mail,  no
        matter  what  the  value of this parameter is.  However, if a site
        implements  a  less  liberal  policy,  it  needs  to  change  this
        parameter accordingly.

   popminpoll: 0
        Set  the  minimum  amount  of time the server forces users to wait
        between successive POP logins, in minutes.

   popsubfolders: 0
        Allow  access  to  subfolders  of  INBOX   via   POP3   by   using
        userid+subfolder syntax as the authentication/authorization id.

   poppollpadding: 1
        Create  a  softer minimum poll restriction.  Allows poppollpadding
        connections  before  the   minpoll   restriction   is   triggered.
        Additionally,  one  padding  entry  is  recovered every popminpoll
        minutes.  This allows for the occasional polling rate faster  than
        popminpoll, (i.e., for clients that require a send/receive to send
        mail) but  still  enforces  the  rate  long-term.   Default  is  1
        (disabled).

        The  easiest  way  to  think of it is a queue of past connections,
        with one slot being filled for  every  connection,  and  one  slot
        being  cleared  every  popminpoll minutes. When the queue is full,
        the user will not be able to check mail  again  until  a  slot  is
        cleared.  If the user waits a sufficient amount of time, they will
        get back many or all of the slots.

   poptimeout: 10
        Set the length of the POP server's inactivity autologout timer, in
        minutes.  The minimum value is 10, the default.

   popuseacl: 0
        Enforce  IMAP  ACLs  in  the pop server.  Due to the nature of the
        POP3 protocol, the only rights which are used by  the  pop  server
        are 'r', user to open the mailbox and list/retrieve messages.  The
        't' right allows the user  to  delete  messages.   The  's'  right
        allows  messages  retrieved by the user to have the \Seen flag set
        (only if popuseimapflags is also enabled).

   popuseimapflags: 0
        If enabled, the pop server will set and obey IMAP flags.  Messages
        having  the  \Deleted  flag  are  ignored as if they do not exist.
        Messages that are retrieved by the client will have the \Seen flag
        set.  All messages will have the \Recent flag unset.

   postmaster: postmaster
        Username  that  is  used  as  the 'From' address in rejection MDNs
        produced by sieve.

   postuser: <empty string>
        Userid used to deliver messages to shared folders.   For  example,
        if  set to "bb", email sent to "bb+shared.blah" would be delivered
        to the "shared.blah" folder.  By  default,  an  email  address  of
        "+shared.blah" would be used.

   proc_path: <none>
        Path  to  proc  directory.   Default is NULL - must be an absolute
        path if specified.  If not specified, the path $confdir/proc/ will
        be used.

   proxy_authname: proxy
        The  authentication  name  to use when authenticating to a backend
        server in the Cyrus Murder.

   proxy_compress: 0
        Try to enable  protocol-specific  compression  when  performing  a
        client connection to a backend server in the Cyrus Murder.

        Note  that  this  should  only  be  necessary  over  slow  network
        connections.  Also note  that  currently  only  IMAP  and  MUPDATE
        support compression.

   proxy_password: <none>
        The  default  password  to  use  when  authenticating to a backend
        server in the Cyrus Murder.  May be overridden on a  host-specific
        basis using the hostname_password option.

   proxy_realm: <none>
        The  authentication  realm to use when authenticating to a backend
        server in the Cyrus Murder

   proxyd_allow_status_referral: 0
        Set to true to allow proxyd to issue  referrals  to  clients  that
        support it when answering the STATUS command.  This is disabled by
        default since some clients issue many STATUS commands  in  a  row,
        and do not cache the connections that these referrals would cause,
        thus resulting in a higher authentication load on  the  respective
        backend server.

   proxyd_disable_mailbox_referrals: 0
        Set  to  true to disable the use of mailbox-referrals on the proxy
        servers.

   proxyservers: <none>
        A list of users and groups that are allowed  to  proxy  for  other
        users,  separated  by  spaces.   Any  user  listed in this will be
        allowed to login for any other  user:  use  with  caution.   In  a
        standard  murder  this  option should ONLY be set on backends.  DO
        NOT SET on frontends or things won't work properly.

   pts_module: afskrb
        The PTS module to use.

        Allowed values: afskrb, ldap

   ptloader_sock: <none>
        Unix  domain  socket  that  ptloader  listens  on.   (defaults  to
        configdir/ptclient/ptsock)

   ptscache_db: twoskip
        The cyrusdb backend to use for the pts cache.

        Allowed values: berkeley, berkeley-hash, skiplist, twoskip

   ptscache_db_path: <none>
        The absolute path to the ptscache db file.  If not specified, will
        be confdir/ptscache.db

   ptscache_timeout: 10800
        The timeout (in seconds) for the PTS cache database when using the
        auth_krb_pts authorization method (default: 3 hours).

   ptskrb5_convert524: 1
        When   using   the   AFSKRB   ptloader   module  with  Kerberos  5
        canonicalization, do the final 524 conversion to get a n AFS style
        name (using '.' instead of '/', and using short names

   ptskrb5_strip_default_realm: 1
        When   using   the   AFSKRB   ptloader   module  with  Kerberos  5
        canonicalization, strip the default realm from  the  userid  (this
        does   not  affect  the  stripping  of  realms  specified  by  the
        afspts_localrealms option)

   qosmarking: cs0
        This specifies the Class Selector or Differentiated Services  Code
        Point designation on IP headers (in the ToS field).

        Allowed  values:  cs0,  cs1,  cs2,  cs3, cs4, cs5, cs6, cs7, af11,
        af12, af13, af21, af22, af23, af31, af32, af33, af41, af42,  af43,
        ef

   quota_db: quotalegacy
        The cyrusdb backend to use for quotas.

        Allowed  values:  flat,  berkeley,  berkeley-hash,  skiplist, sql,
        quotalegacy, twoskip

   quota_db_path: <none>
        The absolute path for the quota database (if you choose a  single-
        file  quota DB type - or the base path if you choose quotalegacy).
        If not specified will be confdir/quota.db or confdir/quota/

   quotawarn: 90
        The percent of quota utilization over which the  server  generates
        warnings.

   quotawarnkb: 0
        The  maximum amount of free space (in kB) at which to give a quota
        warning (if this value is 0, or if the quota is smaller than  this
        amount, then warnings are always given).

   quotawarnmsg: 0
        The  maximum  amount  of messages at which to give a quota warning
        (if this value is 0, or if the quota is smaller than this  amount,
        then warnings are always given).

   reject8bit: 0
        If  enabled,  lmtpd  rejects messages with 8-bit characters in the
        headers.

   rfc2046_strict: 0
        If enabled, imapd will be strict (per RFC 2046) when matching MIME
        boundary  strings.   This  means  that boundaries containing other
        boundaries as substrings will  be  treated  as  identical.   Since
        enabling  this  option  will break some messages created by Eudora
        5.1 (and earlier), it is recommended  that  it  be  left  disabled
        unless there is good reason to do otherwise.

   rfc3028_strict: 1
        If  enabled,  Sieve  will be strict (per RFC 3028) with regards to
        which headers are allowed to  be  used  in  address  and  envelope
        tests.   This  means  that only those headers which are defined to
        contain addresses will be allowed in address tests and  only  "to"
        and  "from" will be allowed in envelope tests.  When disabled, ANY
        grammatically correct header will be allowed.

   rss_feedlist_template: <none>
        File  containing  HTML  that  will  be  used  as  a  template  for
        displaying  the list of available RSS feeds.  A single instance of
        the variable %RSS_FEEDLIST% should appear in the file, which  will
        be  replaced  by  a  nested unordered list of feeds.  The toplevel
        unordered  list  will  be  tagged  with  an  id  of  "feed"   (<ul
        id='feed'>)  which  can be used by stylesheet(s) in your template.
        The dynamically created list of feeds based on the  HTML  template
        will be accessible at the "/rss" URL on the server.

   rss_feeds: *
        A  wildmat  pattern specifying which mailbox hierarchies should be
        treated as RSS feeds.  Only mailboxes matching  the  wildmat  will
        have  their  messages  available  via  RSS.  If not set, a default
        wildmat of "*" (ALL mailboxes) will be used.

   rss_maxage: 0
        Maximum age (in days) of items to display in an RSS  channel.   If
        non-zero,  httpd  will only display items received within the last
        rss_maxage days.  If  set  to  0,  all  available  items  will  be
        displayed (the default).

   rss_maxitems: 0
        Maximum  number  of  items  to display in an RSS channel.  If non-
        zero, httpd will display no more than the rss_maxitems most recent
        items.   If  set  to 0, all available items will be displayed (the
        default).

   rss_maxsynopsis: 0
        Maximum RSS item synopsis length.  If non-zero, httpd will display
        no  more  than  the  first rss_maxsynopsis characters of an item's
        synopsis.  If set to 0, the entire synopsis will be displayed (the
        default).

   rss_realm: <none>
        The realm to present for HTTP authentication of RSS feeds.  If not
        set (the default), the value of the "servername"  option  will  be
        used.

   sasl_auto_transition: 0
        If   enabled,   the   SASL   library   will  automatically  create
        authentication secrets when given a plaintext password.   See  the
        SASL documentation.

   sasl_maximum_layer: 256
        Maximum  SSF (security strength factor) that the server will allow
        a client to negotiate.

   sasl_minimum_layer: 0
        The minimum SSF that the server will allow a client to  negotiate.
        A  value  of  1  requires  integrity  protection; any higher value
        requires some amount of encryption.

   sasl_option: 0
        Any SASL option can be set by preceding  it  with  "sasl_".   This
        file overrides the SASL configuration file.

   sasl_pwcheck_method: <none>
        The  mechanism  used  by the server to verify plaintext passwords.
        Possible values include "auxprop", "saslauthd", and "pwcheck".

   search_skipdiacrit: 1
        When searching, should diacriticals be stripped  from  the  search
        terms.   The  default  is  "true",  a  search for "hav" will match
        "Hvard".   This  is  not  RFC5051  complient,  but  it  backwards
        compatible, and may be preferred by some sites.

   search_whitespace: merge
        When  searching,  how  whitespace should be handled.  Options are:
        "skip" (default in 2.3 and earlier series) - where  a  search  for
        "equi"  would match "the quick brown fox".  "merge" - the default,
        where "he  qu" would match "the  quick    brownfox",  and  "keep",
        where  whitespace  must  match exactly.  The default of "merge" is
        recommended for most cases - it's a good  compromise  which  keeps
        words separate.

        Allowed values: skip, merge, keep

   seenstate_db: twoskip
        The cyrusdb backend to use for the seen state.

        Allowed values: flat, berkeley, berkeley-hash, skiplist, twoskip

   sendmail: /usr/lib/sendmail
        The  pathname  of the sendmail executable.  Sieve invokes sendmail
        for sending rejections, redirects and vacation responses.

   serverlist: <none>
        Whitespace separated list  of  backend  server  names.   Used  for
        finding  server  with  the  most available free space for proxying
        CREATE.

   serverlist_select_mode: freespace-most
        Server selection mode.

        random
             (pseudo-)random selection

        freespace-most
             backend with the most (total) free space (KiB)

        freespace-percent-most
             backend whose partition has the most free space (%)

        freespace-percent-weighted
             same as for partition selection, comparing the free space (%)
             of the least used partition of each backend

        freespace-percent-weighted-delta
             same as for partition selection, comparing the free space (%)
             of the least used partition of each backend

             Allowed values:  random,  freespace-most,  freespace-percent-
             most, freespace-percent-weighted, freespace-percent-weighted-
             delta

   serverlist_select_usage_reinit: 0
        For a given session, number of operations (e.g. backend selection)
        for which backend usage data are cached.

   serverlist_select_soft_usage_limit: 0
        Limit of backend usage (%): if a backend is over that limit, it is
        automatically excluded from selection mode.

        If all backends are over that limit,  this  feature  is  not  used
        anymore.

   servername: <none>
        This  is the hostname visible in the greeting messages of the POP,
        IMAP and LMTP daemons. If it is unset, then  the  result  returned
        from  gethostname(2)  is  used.   This  is  also the value used by
        murder  clusters  to  identify  the  host  name.   It  should   be
        resolvable by DNS to the correct host, and unique within an active
        cluster.  If you are using low level replication (e.g. drbd)  then
        it should be the same on each copy and the DNS name should also be
        moved to the new master on failover.

   serverinfo: on
        The server information to display in the greeting  and  capability
        responses. Information is displayed as follows:

               "off"   =   no   server  information  in  the  greeting  or
               capabilities
               "min" = servername in the greeting; no  server  information
               in the capabilities
               "on"  =  servername  and  product  version in the greeting;
               product version in the capabilities

               Allowed values: off, min, on

   sharedprefix: Shared Folders
        If using the alternate IMAP namespace, the prefix for  the  shared
        namespace.    The   hierarchy   delimiter  will  be  automatically
        appended.

   sieve_allowreferrals: 1
        If enabled, timsieved will issue referrals  to  clients  when  the
        user's   scripts   reside  on  a  remote  server  (in  a  Murder).
        Otherwise, timsieved will proxy traffic to the remote server.

   sieve_extensions: fileinto reject vacation  vacation-seconds  imapflags
   notify envelope relational regex subaddress copy date index imap4flags
        Space-separated  list  of  Sieve  extensions allowed to be used in
        sieve  scripts,  enforced  at  submission  by  timsieved(8).   Any
        previously  installed script will be unaffected by this option and
        will continue to execute regardless of the extensions used.   This
        option  has no effect on options that are disabled at compile time
        (e.g., "regex").

        Allowed  values:  fileinto,  reject,  vacation,  vacation-seconds,
        imapflags,  notify,  include,  envelope,  body, relational, regex,
        subaddress, copy, date, index, imap4flags

   sieve_maxscriptsize: 32
        Maximum size (in kilobytes) any sieve script can be,  enforced  at
        submission by timsieved(8).

   sieve_maxscripts: 5
        Maximum  number  of  sieve  scripts any user may have, enforced at
        submission by timsieved(8).

   sieve_utf8fileinto: 0
        If enabled, the sieve engine expects folder names for the fileinto
        action  in scripts to use UTF8 encoding.  Otherwise, modified UTF7
        encoding should be used.

   sieve_sasl_send_unsolicited_capability: 0
        If enabled, timsieved will emit  a  capability  response  after  a
        successful      SASL     authentication,     per     draft-martin-
        managesieve-12.txt .

   sieve_vacation_min_response: 259200 /* 3 days */
        Minimum time interval (in seconds)  between  consecutive  vacation
        responses, per draft-ietf-vacation-seconds.txt .

   sieve_vacation_max_response: 7776000 /* 90 days */
        Maximum  time  interval  (in seconds) between consecutive vacation
        responses, per draft-ietf-vacation-seconds.txt .

   sievedir: /usr/sieve
        If sieveusehomedir is false, this directory is searched for  Sieve
        scripts.

   sievenotifier: <none>
        Notifyd(8)  method  to use for "SIEVE" notifications.  If not set,
        "SIEVE" notifications are disabled.

        This method is only used  when  no  method  is  specified  in  the
        script.

   sieveusehomedir: 0
        If  enabled,  lmtpd  will  look  for  Sieve scripts in user's home
        directories: ~user/.sieve.

   anysievefolder: 0
        It must be "yes" in order to permit the autocreation of any  INBOX
        subfolder  requested  by  a  sieve  filter, through the "fileinto"
        action. (default = no)

   singleinstancestore: 1
        If enabled, imapd, lmtpd and nntpd attempt to only write one  copy
        of  a  message per partition and create hard links, resulting in a
        potentially large disk savings.

   skiplist_always_checkpoint: 1
        If enabled, this option forces the  skiplist  cyrusdb  backend  to
        always  checkpoint  when  doing  a recovery.  This causes slightly
        more IO, but on the other hand leads to more efficient  databases,
        and the entire file is already "hot".

   skiplist_unsafe: 0
        If enabled, this option forces the skiplist cyrusdb backend to not
        sync writes to the disk.  Enabling this option is NOT RECOMMENDED.

   soft_noauth: 1
        If enabled, lmtpd returns temporary failures if  the  client  does
        not  successfully authenticate.  Otherwise lmtpd returns permanent
        failures (causing the mail to bounce immediately).

   specialuse_extra: <none>
        Whitespace separated list of extra special-use attributes that can
        be  set  on  a  mailbox. RFC 6154 currently lists what special-use
        attributes can be set. This allows  extending  that  list  in  the
        future or adding your own if needed.

   specialusealways: 0
        If  enabled,  this  option  causes  LIST and LSUB output to always
        include the XLIST "special-use" flags

   sql_database: <none>
        Name of the database which contains the cyrusdb table(s).

   sql_engine: <none>
        Name of the SQL engine to use.

        Allowed values: mysql, pgsql, sqlite

   sql_hostnames: <empty string>
        Comma separated list of SQL servers (in host[:port] format).

   sql_passwd: <none>
        Password to use for authentication to the SQL server.

   sql_user: <none>
        Username to use for authentication to the SQL server.

   sql_usessl: 0
        If enabled, a secure connection will be made to the SQL server.

   srvtab: <empty string>
        The pathname of srvtab file containing the server's  private  key.
        This  option  is  passed  to  the  SASL  library and overrides its
        default setting.

   submitservers: <none>
        A  list  of  users  and  groups  that  are  allowed   to   resolve
        "urlauth=submit+" IMAP URLs, separated by spaces.  Any user listed
        in this will be  allowed  to  fetch  the  contents  of  any  valid
        "urlauth=submit+" IMAP URL: use with caution.

   subscription_db: flat
        The cyrusdb backend to use for the subscriptions list.

        Allowed values: flat, berkeley, berkeley-hash, skiplist, twoskip

   suppress_capabilities: <none>
        Suppress the named capabilities from any capability response.  Use
        the  exact  case   as   it   appears   in   the   response,   e.g.
        "suppress_capabilities:   ESEARCH   QRESYNC   WITHIN  XLIST  LIST-
        EXTENDED" if you have a murder with 2.3.x backends and don't  want
        clients  being  confused  by  new  capabilities that some backends
        don't support.

   statuscache: 0
        Enable/disable the imap status cache.

   statuscache_db: twoskip
        The cyrusdb backend to use for the imap status cache.

        Allowed   values:   berkeley,   berkeley-nosync,    berkeley-hash,
        berkeley-hash-nosync, skiplist, sql, twoskip

   statuscache_db_path: <none>
        The  absolute  path to the statuscache db file.  If not specified,
        will be confdir/statuscache.db

   sync_authname: <none>
        The authentication name to  use  when  authenticating  to  a  sync
        server.  Prefix with a channel name to only apply for that channel

   sync_host: <none>
        Name  of  the  host  (replica  running  sync_server(8))  to  which
        replication actions will be sent by sync_client(8).  Prefix with a
        channel name to only apply for that channel

   sync_log: 0
        Enable replication action logging by lmtpd(8), imapd(8), pop3d(8),
        and nntpd(8).   The  log  {configdirectory}/sync/log  is  used  by
        sync_client(8) for "rolling" replication.

   sync_log_chain: 0
        Enable replication action logging by sync_server as well, allowing
        chaining of replicas.  Use this on 'B' for A => B => C replication
        layout

   sync_log_channels: <none>
        If  specified, log all events to multiple log files in directories
        specified by each "channel".  To run these log files, you need  to
        pass  the  -n option to sync_client -r with the channel name.  Use
        this  for  a  mesh  style  replication  layout  -  every   machine
        replicating  to  every  other  machine.  You  can use "" (the two-
        character string U+22 U+22) to mean the default sync channel.

   sync_log_unsuppressable_channels: squatter
        If specified, the named channels are exempt  from  the  effect  of
        setting  sync_log_chain:off, i.e. they are always logged to by the
        sync_server process.  This is only really useful to allow  rolling
        search indexing on a replica.

   sync_password: <none>
        The  default password to use when authenticating to a sync server.
        Prefix with a channel name to only apply for that channel

   sync_port: csync
        Name of the service (or port number) of the replication service on
        replica  host.   The default is "csync" which is usally port 2005,
        but any service name or numeric port  can  be  specified.   Prefix
        with a channel name to only apply for that channel

   sync_realm: <none>
        The  authentication  realm  to  use  when authenticating to a sync
        server.  Prefix with a channel name to only apply for that channel

   sync_repeat_interval: 1
        Minimum interval (in seconds) between replication runs in  rolling
        replication  mode.  If  a  replication  run takes longer than this
        time, we repeat immediately.  Prefix with a channel name  to  only
        apply for that channel

   sync_shutdown_file: <none>
        Simple  latch used to tell sync_client(8) that it should shut down
        at the next opportunity. Safer than  sending  signals  to  running
        processes.   Prefix  with  a  channel  name to only apply for that
        channel

   sync_timeout: 1800
        Number of seconds to  wait  for  a  response  before  returning  a
        timeout  failure  when  talking  to  a replication peer (client or
        server).

   syslog_prefix: <none>
        String to be prepended to the process name in syslog entries.

   syslog_facility: <none>
        Configure a syslog facility.  The default is whatever is  compiled
        in.   Allowed  values  are:  DAEMON,  MAIL, NEWS, USER, and LOCAL0
        through to LOCAL7

   tcp_keepalive: 0
        Enable keepalive on TCP connections

   tcp_keepalive_cnt: 0
        Number of TCP  keepalive  probes  to  send  before  declaring  the
        connection dead (0 == system default)

   tcp_keepalive_idle: 0
        Number  of  seconds  a  connection  must  be idle before keepalive
        probes are sent (0 == system default)

   tcp_keepalive_intvl: 0
        Number of seconds between keepalive probes (0 == system default)

   temp_path: /tmp
        The pathname to store temporary files in

   timeout: 30
        The length of the IMAP server's inactivity  autologout  timer,  in
        minutes.  The minimum value is 30, the default.

   tls_ca_file: DEFAULT
        Deprecated in favor of tls_client_ca_file.

   tls_ca_path: DEFAULT
        Deprecated in favor of tls_client_ca_dir.

   tlscache_db: DEFAULT
        Deprecated in favor of tls_sessions_db.

   tlscache_db_path: DEFAULT
        Deprecated in favor of tls_sessions_db_path.

   tls_cert_file: DEFAULT
        Deprecated in favor of tls_server_cert.

   tls_cipher_list: DEFAULT
        Deprecated in favor of tls_ciphers.

   tls_ciphers: DEFAULT
        The list of SSL/TLS ciphers to allow.  The format of the string is
        described in ciphers(1).

   tls_client_ca_dir: <none>
        Path to a directory containing the CA certificates used to  verify
        client SSL certificates used for authentication.

   tls_client_ca_file: <none>
        Path  to  a  file  containing the CA certificate(s) used to verify
        client SSL certificates used for authentication.

   tls_client_cert: <none>
        File  containing  the  certificate  presented  to  a  server   for
        authentication during STARTTLS. A value of "disabled" will disable
        this server's use of certificate-based authentication.

   tls_client_certs: optional
        Disable  ("off"),   allow   ("optional",   default)   or   require
        ("require") the use of SSL certificates by clients to authenticate
        themselves.

        Allowed values: off, optional, require

   tls_client_key: <none>
        File containing the private key belonging to  the  tls_client_cert
        certificate.  A value of "disabled" will disable this server's use
        of certificate-based authentication.

   tls_eccurve: prime256v1
        The elliptic curve  used  for  ECDHE.  Default  is  NIST  Suite  B
        prime256.  See 'openssl ecparam -list_curves' for possible values.

   tls_key_file: DEFAULT
        Deprecated in favor of tls_server_key.

   tls_required: 0
        If  enabled,  require  a TLS/SSL encryption layer to be negotiated
        prior  to  ANY  authentication  mechanisms  being  advertised   or
        allowed.

   tls_prefer_server_ciphers: 0
        Prefer the ciphers on the server side instead of client side.

   tls_server_ca_dir: <none>
        Path   to   a  directory  with  CA  certificates  used  to  verify
        certificates offered when this server connects to  other  servers.
        This  directory  must  have filenames with the hashed value of the
        certificates (see openssl(1)).

   tls_server_ca_file: <none>
        Path  to  a  file  containing  CA  certificates  used  to   verify
        certificates offered when this server connects to other servers.

   tls_server_cert: <none>
        File containing the certificate presented to clients.

   tls_server_key: <none>
        File  containing  the  private key belonging to the certificate in
        tls_server_cert.

   tls_sessions_db: twoskip
        The cyrusdb backend to use for the TLS cache.

        Allowed   values:   berkeley,   berkeley-nosync,    berkeley-hash,
        berkeley-hash-nosync, skiplist, sql, twoskip

   tls_sessions_db_path: <none>
        The  absolute  path to the TLS sessions db file. If not specified,
        will be confdir/tls_sessions.db

   tls_session_timeout: 1440
        The length of time (in minutes) that a TLS session will be  cached
        for  later  reuse.   The  maximum  value  is  1440 (24 hours), the
        default.  A value of 0 will disable session caching.

   tls_versions: tls1_0 tls1_1 tls1_2
        A list of SSL/TLS versions to  not  disable.  Cyrus  IMAP  SSL/TLS
        starts  with  all  protocols, and substracts protocols not in this
        list. Newer versions of SSL/TLS will need  to  be  added  here  to
        allow them to get disabled.

   umask: 077
        The umask value used by various Cyrus IMAP programs.

   userdeny_db: flat
        The cyrusdb backend to use for the user access list.

        Allowed  values:  flat,  berkeley,  berkeley-hash,  skiplist, sql,
        twoskip

   userdeny_db_path: <none>
        The absolute path to the userdeny db file.  If not specified, will
        be confdir/user_deny.db

   username_tolower: 1
        Convert  usernames  to  all lowercase before login/authentication.
        This is useful with  authentication  backends  which  ignore  case
        during username lookups (such as LDAP).

   userprefix: Other Users
        If  using  the  alternate IMAP namespace, the prefix for the other
        users namespace.  The hierarchy delimiter  will  be  automatically
        appended.

   unix_group_enable: 1
        Should we look up groups when using auth_unix (disable this if you
        are not using groups in ACLs for your IMAP  server,  and  you  are
        using  auth_unix  with  a  backend  (such  as  LDAP) that can make
        getgrent() calls very slow)

   unixhierarchysep: 0
        Use the UNIX separator character  '/'  for  delimiting  levels  of
        mailbox   hierarchy.   Turn  off  to  use  the  netnews  separator
        character '.'. Note that with the newnews separator, no  dots  may
        occur in mailbox names.

   virtdomains: off
        Enable virtual domain support.  If enabled, the user's domain will
        be determined by splitting a fully qualified userid  at  the  last
        '@'  or  '%'  symbol.   If  the  userid  is  unqualified,  and the
        virtdomains option is  set  to  "on",  then  the  domain  will  be
        determined  by  doing  a  reverse  lookup on the IP address of the
        incoming network interface, otherwise the user is assumed to be in
        the default domain (if set).

        Allowed values: off, userid, on

   lmtp_catchall_mailbox: <none>
        Mail  sent  to  mailboxes which do not exist, will be delivered to
        this user.  NOTE: This must be an existing local user name with an
        INBOX, NOT an email address!

   zoneinfo_db: twoskip
        The cyrusdb backend to use for zoneinfo.

        Allowed values: flat, berkeley, berkeley-hash, skiplist, twoskip

   zoneinfo_db_path: <none>
        The absolute path to the zoneinfo db file.  If not specified, will
        be confdir/zoneinfo.db

   normalizeuid: 0
        Lowercase uid  and  strip  leading  and  trailing  blanks.  It  is
        recommended  to set this to yes, especially if OpenLDAP is used as
        authentication source.

SEE ALSO

   imapd(8),  pop3d(8),  nntpd(8),   lmtpd(8),   httpd(8),   timsieved(8),
   idled(8), notifyd(8), deliver(8), master(8), ciphers(1)





Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.