Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
IMAPD.CONF(5)			  Cyrus	IMAP			 IMAPD.CONF(5)

NAME
       imapd.conf - Cyrus IMAP documentation

       IMAP configuration file

DESCRIPTION
	  /etc/imapd.conf is the configuration file for	the Cyrus IMAP server.
	  It defines local parameters for IMAP.

	  Each line of the /etc/imapd.conf file	has the	form
		 option: value

	  where	option is the name of the configuration	option being  set  and
	  value	is the value that the configuration option is being set	to.

	  Although  there  is no limit to the length of	a line,	a ``\''	(back-
	  slash) character may be used as the last  character  on  a  line  to
	  force	 it  to	continue on the	next one.  No additional whitespace is
	  inserted before or after the ``\''.  Note that a line	that is	 split
	  using	``\'' character(s) is still considered a single	line.

	  For example
		 option:\
		     value1 value2 \
			value3

	  is equivalent	to
		 option: value1	value2	 value3

	  Blank	lines and lines	beginning with ``#'' are ignored.

	  For  boolean	and  enumerated	 options,  the values ``yes'', ``on'',
	  ``t'', ``true'' and ``1'' turn the option  on,  the  values  ``no'',
	  ``off'', ``f'', ``false'' and	``0'' turn the option off.

	  Duration  options  take the form of a	number followed	by a unit, for
	  example 32m (32 minutes).  Units are d (days), h  (hours),  m	 (min-
	  utes)	 and  s	(seconds).  Multiple units can be combined and will be
	  summed together, for example 1h30m is	equivalent to 90m.  If no unit
	  is specified,	an option-specific backward-compatible default unit is
	  assumed (documented on an option-by-option basis).  These are	simple
	  time	units:	1d=24h,	 1h=60m,  1m=60s (daylight savings, timezones,
	  leap adjustments, etc	are not	considered).

FIELD DESCRIPTIONS
	  The sections	below  detail  options	that  can  be  placed  in  the
	  /etc/imapd.conf  file,  and  show each option's default value.  Some
	  options have no default value,  these	 are  listed  with  ``<no  de-
	  fault>''.   Some  options  default  to  the  empty string, these are
	  listed with ``<none>''.

	  addressbookprefix: #addressbooks
	      The prefix for the addressbook mailboxes hierarchies.  The hier-
	      archy  delimiter will be automatically appended.	The public ad-
	      dressbook	hierarchy will be at the toplevel of the shared	 name-
	      space.   A user's	personal addressbook hierarchy will be a child
	      of their Inbox.

	  admins: <empty string>
	      The list of userids with administrative rights.	Separate  each
	      userid  with  a  space.  Sites using Kerberos authentication may
	      use separate "admin" instances.

	      Note that	accounts used by users should not  be  administrators.
	      Administrative  accounts	should	not receive mail.  That	is, if
	      user "jbRo" is a user reading mail, he should not	also be	in the
	      admins  line.   Some  problems may occur otherwise, most notably
	      the ability of administrators to create top-level	mailboxes vis-
	      ible to users, but not writable by users.

	  afspts_localrealms: <none>
	      The  list	 of  realms which are to be treated as local, and thus
	      stripped during identifier canonicalization (for the AFSPTS  pt-
	      loader  module).	 This is different from	loginrealms in that it
	      occurs later in the authorization	process	(as  the  user	id  is
	      canonified for PTS lookup)

	  afspts_mycell: <none>
	      Cell to use for AFS PTS lookups.	Defaults to the	local cell.

	  allowallsubscribe: 0
	      Allow  subscription  to  nonexistent  mailboxes.	This option is
	      typically	used on	backend	servers	in a Murder so that users  can
	      subscribe	to mailboxes that don't	reside on their	"home" server.
	      This option can also be used as a	workaround  for	 IMAP  clients
	      which don't play well with nonexistent or	unselectable mailboxes
	      (e.g., Microsoft Outlook).

	  allowanonymouslogin: 0
	      Permit logins by the user	"anonymous" using any password.	  Also
	      allows use of the	SASL ANONYMOUS mechanism.

	  allowapop: 1
	      Allow use	of the POP3 APOP authentication	command.

	      Note  that this command requires that SASL is compiled with APOP
	      support, that the	plaintext passwords are	available  in  a  SASL
	      auxprop  backend (e.g., sasldb), and that	the system can provide
	      enough entropy (e.g., from /dev/urandom) to create  a  challenge
	      in the banner.

	  allowdeleted:	0
	      Allow  access  to	deleted	and expunged data via vendor.cmu-* ac-
	      cess

	  allownewnews:	0
	      Allow use	of the NNTP NEWNEWS command.

	      Note that	this is	a very expensive command and  should  only  be
	      enabled when absolutely necessary.

	  allowplaintext: 0
	      If enabled, allows the use of cleartext passwords	on the wire.

	      By  default,  the	 use of	cleartext passwords requires a TLS/SSL
	      encryption layer to be negotiated	prior to any cleartext authen-
	      tication	mechanisms  being advertised or	allowed.  To require a
	      TLS/SSL encryption layer to be negotiated	prior to ANY authenti-
	      cation, see the tls_required option.

	  allowsetacl: 1
	      Defaults	to enabled.  If	disabled, disallows the	use of the SE-
	      TACL command at all via IMAP.

	  allowusermoves: 0
	      Allow moving user	accounts (with associated meta-data)  via  RE-
	      NAME or XFER.

	      Note  that  measures  should be taken to make sure that the user
	      being moved is not logged	in, and	cannot login during the	 move.
	      Failure to do so may result in the user's	meta-data (seen	state,
	      subscriptions, etc) being	corrupted or out of date.

	  altnamespace:	1
	      Use the alternate	IMAP namespace,	where personal folders	reside
	      at the same level	in the hierarchy as INBOX.

	      This  option ONLY	applies	where interaction takes	place with the
	      client/user.  Currently this is limited  to  the	IMAP  protocol
	      (imapd)  and  Sieve scripts (lmtpd).  This option	does NOT apply
	      to admin tools such as cyradm (admins ONLY), reconstruct,	quota,
	      etc.,  NOR  does it affect LMTP delivery of messages directly to
	      mailboxes	via plus-addressing.  The default changed in 3.0  from
	      off to on.

	  altprefix: Alt Folders
	      Alternative  INBOX spellings that	can't be accessed in altnames-
	      pace otherwise go	under here

	  annotation_db: twoskip
	      The cyrusdb backend to use for mailbox annotations.

	      Allowed values: skiplist,	twoskip, zeroskip

	  annotation_db_path: <none>
	      The absolute path	to the annotations db file.  If	not specified,
	      will be configdirectory/annotations.db

	  anyoneuseracl: 1
	      Should  non-admin	 users be allowed to set ACLs for the 'anyone'
	      user on their mailboxes?	In a large organization	this can cause
	      support problems,	but it's enabled by default.

	  annotation_allow_undefined: 0
	      Allow  clients to	store values for entries which are not defined
	      either by	Cyrus or in the	annotations_definitions	file.

	  annotation_definitions: <none>
	      File containing external (third-party) annotation	definitions.

	      Each line	of the file specifies the properties of	an  annotation
	      and has the following form:
		 name, scope, attrib-type, proxy-type, attrib-names, acl

	      name   is	 the  hierarchical name	as in RFC 5257 or RFC 5464 (in
		     the latter	case, without the  leading  /shared  or	 /pri-
		     vate).  For example, /vendor/acme/blurdybloop.

	      scope  specifies	whether	 the  annotation  is for the server, a
		     mailbox, or a message.

	      attrib-type
			specifies the attribute	data type, which is used  only
			to  check the string value passed by clients when set-
			ting annotations.  The attrib-type is one of:

		     string any	value is accepted.

		     content-type
			    this obsolete data	type,  which  was  useful  for
			    early  drafts  of  the  standard,  is accepted but
			    silently translated	to string.

		     boolean
			    only the strings "true" or "false"	are  accepted.
			    Checking  is  case-insensitive  but	 the  value is
			    forced to lowercase.

		     int    integers are accepted.

		     uint   non-negative integers are accepted.

	      proxy-type
		     specifies whether this attribute is for  the  backend  or
		     proxy servers or both (proxy_and_backend)

	      attrib-names
		     is	 the  space-separated list of available	attributes for
		     the   annotation.	 Possible    attribute	  names	   are
		     value.shared,  value.priv,	 and value (which permits both
		     value.priv	and value.shared).  The	attribute names	 size,
		     size.shared,  and	size.priv  are	accepted  but ignored;
		     these attributes are automatically	provided by the	server
		     if	 the corresponding value attribute is specified.  Some
		     obsolete attributes, which	were defined early  drafts  of
		     the standard, are accepted	and ignored with a warning.

	      extra-permissions
		     is	 the  extra  ACL  permission bits required for setting
		     this annotation, in  standard  IMAP  ACL  permission  bit
		     string format.  Note that this is in addition to the per-
		     mission bits specified in RFC 5257	and RFC	5464, so leav-
		     ing  this	field empty is harmless.  Note also that there
		     is	no way to specify that an annotation can only  be  set
		     by	an admin user; in particular the a permission bit does
		     not achieve this.

		     Blank lines and lines beginning with ``#''	are ignored.

	  annotation_callout: <none>
	      The pathname of a	callout	to be used to automatically add	 anno-
	      tations  or flags	to a message when it is	appended to a mailbox.
	      The path can be either an	executable (including a	script), or  a
	      UNIX domain socket.

	  annotation_callout_disable_append: 0
	      Disables annotations on append with xrunannotator

	  annotation_enable_legacy_commands: 0
	      Whether  to  enable  the legacy GETANNOTATION/SETANNOTATION com-
	      mands.  These commands are deprecated and	will be	removed	in the
	      future,  but  might be useful in the meantime for	supporting old
	      clients that do not implement the	RFC 5464 IMAP METADATA	exten-
	      sion.

	  aps_topic: <none>
	      Topic for	Apple Push Service registration.

	  aps_topic_caldav: <none>
	      Topic for	Apple Push Service registration	for CalDAV.

	  aps_topic_carddav: <none>
	      Topic for	Apple Push Service registration	for CardDAV.

	  archive_enabled: 0
	      Is  archiving enabled for	this server.  You also need to have an
	      archivepartition for the mailbox.	 Archiving allows older	 email
	      to  be  stored  on  slower, cheaper disks	- even within the same
	      mailbox, as distinct from	partitions.

	  archive_days:	<none>
	      Deprecated in favour of archive_after.

	  archive_after: 7d
	      The duration after which to move messages	to the archive	parti-
	      tion if archiving	is enabled.

	      For backward compatibility, if no	unit is	specified, days	is as-
	      sumed.

	  archive_maxsize: 1024
	      The size in kilobytes of	the  largest  message  that  won't  be
	      archived immediately.  Default is	1Mb

	  archive_keepflagged: 0
	      If  set,	messages  with	the  \Flagged  system  flag  won't  be
	      archived,	provided they are smaller than archive_maxsize.

	  archivepartition-name: <none>
	      The pathname of the archive  partition  name,  corresponding  to
	      spool  partition	partition-name.	 For any mailbox residing in a
	      directory	on  partition-name,  the  archived  messages  will  be
	      stored  in  a  corresponding directory on	archivepartition-name.
	      Note that	not every partition-name option	is  strictly  required
	      to  have	a corresponding	archivepartition-name option, but that
	      without one there's no benefit to	enabling archiving.

	  auditlog: 0
	      Should cyrus output log entries for every	action taken on	a mes-
	      sage  file  or  mailboxes	list entry?  It's noisy	so disabled by
	      default, but can be very useful for tracking down	what  happened
	      if things	look strange

	  auth_mech: unix
	      The authorization	mechanism to use.

	      Allowed values: unix, pts, krb, krb5

	  autocreateinboxfolders: <none>
	      Deprecated in favor of autocreate_inbox_folders.

	  autocreatequota: 0
	      Deprecated in favor of autocreate_quota.

	  autocreatequotamsg: -1
	      Deprecated in favor of autocreate_quota_messages.

	  autosievefolders: <none>
	      Deprecated in favor of autocreate_sieve_folders.

	  generate_compiled_sieve_script: 0
	      Deprecated in favor of autocreate_sieve_script_compile.

	  autocreate_sieve_compiled_script: <none>
	      Deprecated in favor of autocreate_sieve_script_compiled.

	  autosubscribeinboxfolders: <none>
	      Deprecated in favor of autocreate_subscribe_folders.

	  autosubscribesharedfolders: <none>
	      Deprecated in favor of autocreate_subscribe_sharedfolders.

	  autosubscribe_all_sharedfolders: 0
	      Deprecated in favor of autocreate_subscribe_sharedfolders_all.

	  autocreate_acl: <none>
	      If  folders  are to be created by	autocreate_inbox_folders, this
	      setting can be used to apply additional ACLs to the  autocreated
	      folders.	  The  syntax  is  "autocreate_acl  folder  identifier
	      rights", where folder  must  match  one  of  the	autocreate_in-
	      box_folders  folders,  identifier	 must be a valid cyrus identi-
	      fier, and	rights must be a valid cyrus rights string.   Multiple
	      identifier|rights	 pairs	can  be	assigned to a single folder by
	      providing	this setting multiple times.

	      For example, "autocreate_acl Plus	anyone p" would	allow lmtp de-
	      livery to	a folder named "Plus".

	  autocreate_inbox_folders: <none>
	      If a user	does not have an INBOX already,	and the	INBOX is to be
	      created, create the list of folders in  this  setting  as	 well.
	      autocreate_inbox_folders	is  a list of INBOX's subfolders sepa-
	      rated by a "|", that are automatically created by	the server un-
	      der the following	two scenarios. Leading and trailing whitespace
	      is stripped, so "Junk | Trash" results in	 two  folders:	"Junk"
	      and  "Trash".   See also the xlist-flag option, for setting spe-
	      cial-use flags on	autocreated folders.

	      INBOX folders are	created	under both the following conditions:

	      1. The user logins via the IMAP or the POP3 protocol.   autocre-
		 ate_quota option must have a value of zero or greater.

	      2. A  message  arrives  for  the user through the	lmtpd(8).  au-
		 tocreate_post option must be enabled.

	  autocreate_post: 0
	      If enabled, when lmtpd(8)	receives an incoming mail for an INBOX
	      that  does not exist, then the INBOX is automatically created by
	      lmtpd(8) and delivery of the message continues.

	  autocreate_quota: -1
	      If set to	a value	of zero	or  higher,  users  have  their	 INBOX
	      folders  created	upon a successful login	event or upon lmtpd(8)
	      message delivery if autocreate_post is enabled,  provided	 their
	      INBOX did	not yet	already	exist.

	      The user's quota is set to the value if it is greater than zero,
	      otherwise	the user has unlimited quota.

	      Note that	quota is specified in kilobytes.

	  autocreate_quota_messages: -1
	      If set to	a value	of zero	or higher, users who have their	 INBOX
	      folders  created	upon  a	 successful  login event (see autocre-
	      ate_quota), or upon lmtpd(8) message delivery if autocreate_post
	      is enabled, receive the message quota configured in this option.

	      The default of -1	disables assigning message quota.

	      For  consistency	with  autocreate_quota,	 a  value  of  zero is
	      treated as unlimited message quota, rather than a	message	 quota
	      of zero.

	  autocreate_sieve_folders: <none>
	      A	 "|"  separated	list of	subfolders of INBOX that will be auto-
	      matically	created, if requested by a sieve filter,  through  the
	      "fileinto" action. The default is	to create no folders automati-
	      cally.

	      Leading and trailing whitespace is stripped from each folder, so
	      a	 setting of "Junk | Trash" will	create two folders: "Junk" and
	      "Trash".

	  autocreate_sieve_script: <none>
	      The full path of a file  that  contains  a  sieve	 script.  This
	      script automatically becomes a user's initial default sieve fil-
	      ter script.

	      When this	option is not defined, no default sieve	filter is cre-
	      ated.  The file must be readable by the Cyrus daemon.

	  autocreate_sieve_script_compile: 0
	      If  set  to  yes	and  no	compiled sieve script file exists, the
	      sieve script which is compiled on	the fly	will be	saved  in  the
	      file name	that autocreate_sieve_compiledscript option points to.
	      In  order	 a  compiled  script   to   be	 generated,   autocre-
	      ate_sieve_script	and  autocreate_sieve_compiledscript must have
	      valid values

	  autocreate_sieve_script_compiled: <none>
	      The full path of a file that contains  a	compiled  in  bytecode
	      sieve script. This script	automatically becomes a	user's initial
	      default sieve filter script.  If this option is  not  specified,
	      or  the  filename	 doesn't  exist	then the script	defined	by au-
	      tocreate_sieve_script is compiled	on the fly  and	 installed  as
	      the user's default sieve script

	  autocreate_subscribe_folders:	<none>
	      A	list of	folder names, separated	by "|",	that the users get au-
	      tomatically subscribed to, when their INBOX  is  created.	 These
	      folder names must	have been included in the autocreateinboxfold-
	      ers option of the	imapd.conf.

	  autocreate_subscribe_sharedfolders: <none>
	      A	list of	shared folders (bulletin boards),  separated  by  "|",
	      that  the	users get automatically	subscribed to, after their IN-
	      BOX is created. The shared folder	must have been created and the
	      user must	have the required permissions to get subscribed	to it.
	      Otherwise, subscribing to	the shared folder fails.

	  autocreate_subscribe_sharedfolders_all: 0
	      If set to	yes, the  user	is  automatically  subscribed  to  all
	      shared folders, one has permission to subscribe to.

	  autocreate_users: anyone
	      A	 space	separated list of users	and/or groups that are allowed
	      their INBOX to be	automatically created.

	  autoexpunge: 0
	      If set to	yes, then all Deleted messages will  be	 automatically
	      expunged	whenever  an index is closed, whether CLOSE, UNSELECT,
	      SELECT or	on disconnect

	  backuppartition-name:	<none>
	      The pathname of the backup partition name.  At least one	backup
	      partition	 pathname  MUST	 be  specified	if backups are in use.
	      Note that	there is no relationship between spool partitions  and
	      backup partitions.

	  backup_compact_minsize: 0
	      The  minimum  size  in  kilobytes	of chunks in each backup.  The
	      compact tool will	 try  to  combine  adjacent  chunks  that  are
	      smaller than this.

	      Setting  this  value  to	zero or	negative disables combining of
	      chunks.

	  backup_compact_maxsize: 0
	      The maximum size in kilobytes of chunks  in  each	 backup.   The
	      compact  tool  will  try	to  split chunks larger	than this into
	      smaller chunks.

	      Setting this value to zero or  negative  disables	 splitting  of
	      chunks.

	  backup_compact_work_threshold: 1
	      The  number of chunks that must obviously	need compaction	before
	      the compact tool will go ahead with the compaction.  If  set  to
	      less than	one, the value is treated as being one.

	  backup_staging_path: <none>
	      The absolute path	of the backup staging area.  If	not specified,
	      will be temp_path/backup

	  backup_retention_days: <none>
	      Deprecated in favor of backup_retention.

	  backup_retention: 7d
	      How long to keep content in backup after	it  has	 been  deleted
	      from  the	 source.   If set to a negative	value or zero, deleted
	      content will be kept indefinitely.

	      For backward compatibility, if no	unit is	specified, days	is as-
	      sumed.

	  backup_db: twoskip
	      The cyrusdb backend to use for the backup	locations database.

	      Allowed values: skiplist,	sql, twoskip, zeroskip

	  backup_db_path: <none>
	      The absolute path	to the backup db file.	If not specified, will
	      be configdirectory/backups.db

	  backup_keep_previous:	0
	      Whether the ctl_backups compact and ctl_backups reindex commands
	      should  preserve	the  original file.  The original file will be
	      named with a timestamped suffix.	This is	mostly useful for  de-
	      bugging.

	      Note  that  with this enabled, compacting	a backup will actually
	      increase the disk	used by	it (because there will now be an extra
	      copy: the	original version, and the compacted version).

	  boundary_limit: 1000
	      messages are parsed recursively and a deep enough	MIME structure
	      can cause	a stack	overflow.  Do not parse	deeper than this  many
	      layers  of  MIME	structure.  The	default	of 1000	is much	higher
	      than any sane message should have.

	  caldav_allowattach: 1
	      Enable managed attachments support on the	CalDAV server.

	  caldav_allowcalendaradmin: 0
	      Enable per-user calendar administration web  UI  on  the	CalDAV
	      server.

	  caldav_allowscheduling: on
	      Enable  calendar	scheduling  operations.	If set to "apple", the
	      server will emulate Apple	CalendarServer behavior	as closely  as
	      possible.	 Allowed values: off, on, apple

	  caldav_create_attach:	1
	      Create the 'Attachments' collection if it	doesn't	already	exist

	  caldav_create_default: 1
	      Create the 'Default' calendar if it doesn't already exist

	  caldav_create_sched: 1
	      Create  the 'Inbox' and 'Outbox' calendars if they don't already
	      exist

	  caldav_historical_age: 7d
	      How long after an	occurrence of event or task has	concluded that
	      it  is  considered  'historical'.	  Changes to historical	occur-
	      rences of	events or tasks	WILL NOT have invite or	reply messages
	      sent for them.  A	negative value means that events and tasks are
	      NEVER considered historical.

	      For backward compatibility, if no	unit is	specified, days	is as-
	      sumed.

	  caldav_maxdatetime: 20380119T031407Z
	      The  latest  date	 and time accepted by the server (ISO format).
	      This value is also used for expanding non-terminating recurrence
	      rules.

	      Note  that  increasing this value	will require the DAV databases
	      for calendars to be reconstructed	with the dav_reconstruct util-
	      ity in order to see its effect on	serer-side time-based queries.

	  caldav_mindatetime: 19011213T204552Z
	      The earliest date	and time accepted by the server	(ISO format).

	  caldav_realm:	<none>
	      The  realm  to  present  for  HTTP  authentication of CalDAV re-
	      sources.	If not set (the	default), the value  of	 the  "server-
	      name" option will	be used.

	  calendarprefix: #calendars
	      The  prefix for the calendar mailboxes hierarchies.  The hierar-
	      chy delimiter will be automatically appended.  The public	calen-
	      dar  hierarchy  will be at the toplevel of the shared namespace.
	      A	user's personal	calendar hierarchy will	be a  child  of	 their
	      Inbox.

	  calendar_default_displayname:	personal
	      The displayname to be used when creating a user's	'Default' cal-
	      endar.

	  calendar_user_address_set: <none>
	      Space-separated list of domains corresponding to	calendar  user
	      addresses	 for which the server is responsible.  If not set (the
	      default),	the value of the "servername" option will be used.

	  calendar_component_set: VEVENT VTODO VJOURNAL	VFREEBUSY  VAVAILABIL-
	  ITY VPOLL
	      Space-separated  list of iCalendar component types that calendar
	      object resources may contain in a	calendar collection.  This re-
	      striction	 is only set at	calendar creation time and only	if the
	      CalDAV client hasn't specified a restriction in the creation re-
	      quest.   Allowed	values:	 VEVENT,  VTODO,  VJOURNAL, VFREEBUSY,
	      VAVAILABILITY, VPOLL

	  carddav_allowaddmember: 0
	      Enable support for POST add-member on the	CardDAV	server.

	  carddav_allowaddressbookadmin: 0
	      Enable per-user addressbook administration web UI	on the CardDAV
	      server.

	  carddav_realm: <none>
	      The  realm  to  present  for  HTTP authentication	of CardDAV re-
	      sources.	If not set (the	default), the value  of	 the  "server-
	      name" option will	be used.

	  carddav_repair_vcard:	0
	      If  enabled, VCARDs with invalid content are attempted to	be re-
	      paired during creation.

	  chatty: 0
	      If yes, syslog tags and commands for every IMAP  command,	 mail-
	      boxes for	every lmtp connection, every POP3 command, etc

	  client_bind: 0
	      If enabled, a specific IP	will be	bound when performing a	client
	      connection.  client_bind_name is used if it  is  set,  otherwise
	      servername is used.  This	is useful on multi-homed servers where
	      Cyrus should not use other services' interfaces.

	      If not enabled (the default), no bind will be performed.	Client
	      connections will use an IP chosen	by the operating system.

	  client_bind_name: <none>
	      IPv4,  IPv6  address  or hostname	to bind	for client connections
	      when client_bind is enabled.  If not set (the default),  server-
	      name will	be used.

	  client_timeout: 10s
	      Time  to wait before returning a timeout failure when performing
	      a	client connection (e.g.	in a murder environment).

	      For backward compatibility, if no	unit is	specified, seconds  is
	      assumed.

	  commandmintimer: <none>
	      Time  in	seconds.  Any imap command that	takes longer than this
	      time is logged.

	  configdirectory: <none>
	      The pathname of the IMAP configuration directory.	 This field is
	      required.

	  createonpost:	0
	      Deprecated in favor of autocreate_post.

	  conversations: 0
	      Enable  the  XCONVERSATIONS  extensions.	 Extract  conversation
	      tracking information from	incoming messages and  track  them  in
	      per-user databases.

	  conversations_counted_flags: <none>
	      space-separated  list of flags for which per-conversation	counts
	      will be kept.  Note that you need	to reconstruct	the  conversa-
	      tions  database  with ctl_conversationsdb	if you change this op-
	      tion on a	running	server,	or the counts will be wrong.

	  conversations_db: skiplist
	      The cyrusdb backend to use for the per-user conversations	 data-
	      base.

	      Allowed values: skiplist,	sql, twoskip, zeroskip

	  conversations_expire_days: <none>
	      Deprecated in favor of conversations_expire_after.

	  conversations_expire_after: 90d
	      How  long	 the conversations database keeps the message tracking
	      information needed for receiving new messages in	existing  con-
	      versations.

	      For backward compatibility, if no	unit is	specified, days	is as-
	      sumed.

	  conversations_keep_existing: 1
	      during conversations cleanup, don't clean	up if there are	 still
	      existing emails with one of the mentioned	CIDs

	  conversations_max_thread: 100
	      maximum  size  for  a single thread.  Threads will split if they
	      have this	many messages in them and another message arrives

	  conversations_max_guidrecords: 5000
	      maximum records with the same guid.  This	is just	a sanity check
	      to stop the same email being added and removed over and over, so
	      the default is 5000

	  conversations_max_guidexists:	100
	      maximum records with the same guid.  This	maps to	 "labels",  so
	      with  the	 default  of  100,  you	can only have 100 labels on an
	      email in JMAP

	  conversations_max_guidinfolder: 10
	      maximum records with the same guid in the	same folder. You can't
	      do  this via JMAP, but could via IMAP.  The default of 10	should
	      be heaps normally!

	  crossdomains:	0
	      Enable cross domain sharing.  This works best with alt namespace
	      and   unix   hierarchy   separators   on,	  so   you  get	 Other
	      Users/foo@example.com/...

	  crossdomains_onlyother: 0
	      only show	the domain for users in	other domains  than  your  own
	      (for backwards compatibility if you're already sharing

	  cyrus_group: <none>
	      The  name	 of the	group Cyrus services will run as.  If not con-
	      figured, the primary group of cyrus_user will be	used.  Can  be
	      further overridden by setting the	$CYRUS_GROUP environment vari-
	      able.

	  cyrus_user: <none>
	      The username to use as the 'cyrus' user.	If not configured, the
	      compile  time default will be used. Can be further overridden by
	      setting the $CYRUS_USER environment variable.

	  davdriveprefix: #drive
	      The prefix for the DAV storage mailboxes hierarchies.  The hier-
	      archy  delimiter	will  be  automatically	 appended.  The	public
	      storage hierarchy	will be	at the toplevel	of  the	 shared	 name-
	      space.   A  user's personal storage hierarchy will be a child of
	      their Inbox.

	  davnotificationsprefix: #notifications
	      The prefix for the DAV notifications hierarchy.	The  hierarchy
	      delimiter	 will be automatically appended.  The public notifica-
	      tions hierarchy will be at the toplevel of the shared namespace.
	      A	 user's	 personal  notifications  hierarchy will be a child of
	      their Inbox.

	  dav_realm: <none>
	      The realm	to present for HTTP authentication of generic DAV  re-
	      sources  (principals).   If  not set (the	default), the value of
	      the "servername" option will be used.

	  dav_lock_timeout: 20s
	      The maximum time to wait for a write lock	on  the	 per-user  DAV
	      database before timeout. For HTTP	requests, the HTTP status code
	      503 is returned if the lock can  not  be	obtained  within  this
	      time.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  debug_command: <none>
	      Debug command to be used by processes started  with  -D  option.
	      The  string  is a	C format string	that gets 3 options: the first
	      is the name of the executable (as	specified in the cmd parameter
	      in cyrus.conf). The second is the	pid (integer) and the third is
	      the service ID.  Example:	 /usr/local/bin/gdb  /usr/cyrus/bin/%s
	      %d

	  defaultacl: anyone lrs
	      The   Access  Control  List  (ACL)  placed  on  a	 newly-created
	      (non-user) mailbox that does not have a parent mailbox.

	  defaultdomain: internal
	      The default domain for virtual domain support

	  defaultpartition: <none>
	      The partition name used by default for new  mailboxes.   If  not
	      specified,  the  partition with the most free space will be used
	      for new mailboxes.

	      Note that	the partition specified	by this	option	must  also  be
	      specified	as partition-name, where you substitute	'name' for the
	      alphanumeric string you set defaultpartition to.

	  defaultsearchtier: <empty string>
	      Name of the default tier	that  messages	will  be  indexed  to.
	      Search  indexes can be organized in tiers	to allow index storage
	      in different directories and physical media. See the man page of
	      squatter	for details. The default search	tier also requires the
	      definition of an according searchtierpartition-name entry.

	      This option MUST be specified for	xapian search.

	  defaultserver: <none>
	      The backend server name used by default for new  mailboxes.   If
	      not  specified, the server with the most free space will be used
	      for new mailboxes.

	  deletedprefix: DELETED
	      With delete_mode set to delayed, the deletedprefix  setting  de-
	      fines the	prefix for the hierarchy of deleted mailboxes.

	      The hierarchy delimiter will be automatically appended.

	  delete_mode: delayed
	      The  manner  in  which mailboxes are deleted. In the default de-
	      layed mode, mailboxes that are being deleted are	renamed	 to  a
	      special mailbox hierarchy	under the deletedprefix, to be removed
	      later by cyr_expire(8).

	      In immediate mode, the mailbox is	removed	 from  the  filesystem
	      immediately.

	      Allowed values: immediate, delayed

	  delete_unsubscribe: 0
	      Whether  to  also	 unsubscribe  from  mailboxes  when  they  are
	      deleted.	Note that this behaviour contravenes RFC 3501  section
	      6.3.9,  but may be useful	for avoiding user/client software con-
	      fusion.  The default is 'no'.

	  deleteright: c
	      Deprecated - only	used for backwards compatibility with existing
	      installations.   Lists  the old RFC 2086 right which was used to
	      grant the	user the ability to delete a mailbox.  If a  user  has
	      this right, they will automatically be given the new 'x' right.

	  disable_user_namespace: 0
	      Preclude	list  command on user namespace.  If set to 'yes', the
	      LIST response will never include any other user's	mailbox.   Ad-
	      min users	will always see	all mailboxes.	The default is 'no'

	  disable_shared_namespace: 0
	      Preclude list command on shared namespace.  If set to 'yes', the
	      LIST response will never include any non-user mailboxes.	 Admin
	      users will always	see all	mailboxes.  The	default	is 'no'

	  disconnect_on_vanished_mailbox: 0
	      If  enabled,  IMAP/POP3/NNTP clients will	be disconnected	by the
	      server if	the currently selected mailbox is (re)moved by another
	      session.	 Otherwise,  the  missing  mailbox is treated as empty
	      while in use by the client.

	  ischedule_dkim_domain: <none>
	      The domain to be reported	as doing iSchedule DKIM	signing.

	  ischedule_dkim_key_file: <none>
	      File containing the private key for iSchedule DKIM signing.

	  ischedule_dkim_required: 1
	      A	DKIM signature is required on received iSchedule requests.

	  ischedule_dkim_selector: <none>
	      Name of the selector subdividing	the  domain  namespace.	  This
	      specifies	 the actual key	used for iSchedule DKIM	signing	within
	      the domain.

	  duplicate_db:	twoskip
	      The cyrusdb backend to use for the duplicate  delivery  suppres-
	      sion  and	 sieve.	  Allowed  values: skiplist, sql, twoskip, ze-
	      roskip

	  duplicate_db_path: <none>
	      The absolute path	to the duplicate db file.  If  not  specified,
	      will be configdirectory/deliver.db

	  duplicatesuppression:	1
	      If enabled, lmtpd	will suppress delivery of a message to a mail-
	      box if a message with the	same message-id	(or resent-message-id)
	      is  recorded  as	having	already	been delivered to the mailbox.
	      Records the mailbox and message-id/resent-message-id of all suc-
	      cessful deliveries.

	  event_content_inclusion_mode:	standard
	      The  mode	 in  which  message  content may be included with Mes-
	      sageAppend and MessageNew. "standard" mode is the	default	behav-
	      ior in which message is included up to a size with the notifica-
	      tion. In "message" mode, the message  is	included  and  may  be
	      truncated	to a size. In "header" mode, it	includes headers trun-
	      cated to a size. In "body" mode, it includes body	truncated to a
	      size.  In	 "headerbody"  mode, it	includes full headers and body
	      truncated	to a size Allowed values: standard,  message,  header,
	      body, headerbody

	  event_content_size: 0
	      Truncate	the  message  content  that  may be included with Mes-
	      sageAppend and MessageNew. Set 0 to include the  entire  message
	      itself

	  event_exclude_flags: <none>
	      Don't send event notification for	given IMAP flag(s)

	  event_exclude_specialuse: \Junk
	      Don't  send event	notification for folder	with given special-use
	      attributes.  Set ALL for any folder

	  event_extra_params: timestamp
	      Space-separated list of extra parameters to add to any appropri-
	      ated event.

	      Allowed	 values:   bodyStructure,   clientAddress,   diskUsed,
	      flagNames, messageContent, messageSize, messages,	 modseq,  ser-
	      vice,  timestamp,	 uidnext,  vnd.cmu.midset,  vnd.cmu.unseenMes-
	      sages, vnd.cmu.envelope, vnd.cmu.sessionId,  vnd.cmu.mailboxACL,
	      vnd.cmu.mbtype,  vnd.cmu.davFilename,  vnd.cmu.davUid, vnd.fast-
	      mail.clientId, vnd.fastmail.sessionId,  vnd.fastmail.convExists,
	      vnd.fastmail.convUnseen,	 vnd.fastmail.cid,  vnd.fastmail.coun-
	      ters, vnd.cmu.emailid, vnd.cmu.threadid

	  event_groups:	message	mailbox
	      Space-separated list of groups of	related	events to turn on  no-
	      tification

	      Allowed  values:	message,  quota,  flags, access, mailbox, sub-
	      scription, calendar, applepushservice

	  event_notifier: <none>
	      Notifyd(8) method	to use for  "EVENT"  notifications  which  are
	      based  on	 the  RFC 5423.	 If not	set, "EVENT" notifications are
	      disabled.

	  expunge_mode:	delayed
	      The mode in which	messages (and their  corresponding  cache  en-
	      tries)  are expunged.  "semidelayed" mode	is the old behavior in
	      which the	message	files are purged at the	time of	 the  EXPUNGE,
	      but  index and cache records are retained	to facilitate QRESYNC.
	      In "delayed" mode, which is the default since Cyrus  2.5.0,  the
	      message  files  are  also	retained, allowing unexpunge to	rescue
	      them.  In	"immediate" mode, both the message files and the index
	      records  are removed as soon as possible.	 In all	cases, nothing
	      will be finally purged until all other processes have closed the
	      mailbox  to ensure they never see	data disappear under them.  In
	      "semidelayed" or "delayed" mode, a  later	 run  of  "cyr_expire"
	      will  clean  out	the  retained  records	(and  possibly message
	      files).  This reduces the	amount of I/O that takes place at  the
	      time  of EXPUNGE and should result in greater responsiveness for
	      the client, especially when expunging a  large  number  of  mes-
	      sages.  Allowed values: immediate, semidelayed, delayed

	  failedloginpause: 3s
	      Time to pause after a failed login.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  flushseenstate: 1
	      Deprecated. No longer used

	  foolstupidclients: 0
	      If enabled, only list the	personal namespace when	a LIST "*"  is
	      performed	(it changes the	request	to a LIST "INBOX*").

	  force_sasl_client_mech: <none>
	      Force preference of a given SASL mechanism for client side oper-
	      ations (e.g., murder environments).  This	is separate from  (and
	      overridden by) the ability to use	the <host shortname>_mechs op-
	      tion to set preferred mechanisms for a specific host

	  fulldirhash: 0
	      If enabled, uses an  improved  directory	hashing	 scheme	 which
	      hashes  on  the  entire username instead of using	just the first
	      letter as	the hash.  This	changes	hash algorithm used for	 quota
	      and user directories and if hashimapspool	is enabled, the	entire
	      mail spool.

	      Note that	this option CANNOT be changed on a live	 system.   The
	      server  must be quiesced and then	the directories	moved with the
	      rehash utility.

	  hashimapspool: 0
	      If enabled, the partitions will also be hashed, in  addition  to
	      the  hashing  done on configuration directories.	This is	recom-
	      mended if	one partition has a very bushy mailbox tree.

	  debug: 0
	      If enabled, allow	syslog() to pass LOG_DEBUG messages.

	  hostname_mechs: <none>
	      Force a particular list of SASL mechanisms to be used  when  au-
	      thenticating  to	the backend server hostname (where hostname is
	      the short	hostname of the	server in  question).  If  it  is  not
	      specified	 it will query the server for available	mechanisms and
	      pick one to use. - Cyrus Murder

	  hostname_password: <none>
	      The password to use for authentication  to  the  backend	server
	      hostname	(where hostname	is the short hostname of the server) -
	      Cyrus Murder

	  httpallowcompress: 1
	      If enabled, the server will compress response  payloads  if  the
	      client  indicates	 that  it can accept them.  Note that the com-
	      pressed data will	appear in telemetry logs, leaving only the re-
	      sponse headers as	human-readable.

	  httpallowcors: <none>
	      A	 wildmat  pattern  specifying  a  list of origin URIs (	scheme
	      "://" host [ ":" port ] )	that are allowed to make  Cross-Origin
	      Resource	Sharing	 (CORS)	 requests  on the server.  By default,
	      CORS requests are	disabled.

	      Note that	the scheme and host should both	be lowercase, the port
	      should  be  omitted  if using the	default	for the	scheme (80 for
	      http, 443	for https), and	there should be	no trailing '/'	(e.g.:
	      "http://www.example.com:8080", "https://example.org").

	  httpallowtrace: 0
	      Allow use	of the TRACE method.

	      Note that	sensitive data might be	disclosed by the response.

	  httpallowedurls: <none>
	      Space-separated  list  of	relative URLs (paths) rooted at	"http-
	      docroot" (see below) to be served	by httpd.  If set, this	option
	      will  limit  served static content to only those paths specified
	      (returning "404 Not Found" to any	other client requested	URLs).
	      Otherwise, httpd will serve any content found in "httpdocroot".

	      Note  that  any  path specified by "rss_feedlist_template" is an
	      exception	to this	rule.

	  httpcontentmd5: 0
	      If enabled, HTTP responses will include a	Content-MD5 header for
	      the  purpose  of providing an end-to-end message integrity check
	      (MIC) of the payload body.  Note that enabling this option  will
	      use  additional CPU to generate the MD5 digest, which may	be ig-
	      nored by clients anyways.

	  httpdocroot: <none>
	      If set, http will	serve the static  content  (html/text/jpeg/gif
	      files, etc) rooted at this directory.  Otherwise,	httpd will not
	      serve any	static content.

	  httpkeepalive: 20s
	      Set the length of	the HTTP server's  keepalive  heartbeat.   The
	      default  is 20 seconds.  The minimum value is 0, which will dis-
	      able the keepalive heartbeat.  When enabled, if a	request	 takes
	      longer  than  httpkeepalive to process, the server will send the
	      client provisional responses every httpkeepalive until the final
	      response can be sent.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  httplogheaders: <none>
	      Space-separated list of HTTP header fields that will be included
	      in the requests logged by	httpd(8).

	  httpmodules: <empty string>
	      Space-separated  list  of	 HTTP  modules that will be enabled in
	      httpd(8).	 This option has no effect on modules  that  are  dis-
	      abled  at	 compile  time due to missing dependencies (e.g. libi-
	      cal).

	      Note that	"domainkey" depends on "ischedule" being enabled,  and
	      that  both  "freebusy"  and "ischedule" depend on	"caldav" being
	      enabled.	Allowed	 values:  admin,  caldav,  carddav,  cgi,  do-
	      mainkey,	freebusy,  ischedule,  jmap,  prometheus, rss, tzdist,
	      webdav

	  httpprettytelemetry: 0
	      If enabled, HTTP response	 payloads  including  server-generated
	      markup languages (HTML, XML) will	utilize	line breaks and	inden-
	      tation to	promote	better human-readability  in  telemetry	 logs.
	      Note  that enabling this option will increase the	amount of data
	      sent across the wire.

	  httptimeout: 5m
	      Set the length of	the HTTP server's inactivity autologout	timer.
	      The  default  is	5 minutes.  The	minimum	value is 0, which will
	      disable persistent connections.

	      For backwards compatibility, if no unit is specified, minutes is
	      assumed.

	  idlesocket: {configdirectory}/socket/idle
	      Unix domain socket that idled listens on.

	  ignorereference: 0
	      For backwards compatibility with Cyrus 1.5.10 and	earlier	-- ig-
	      nore the reference argument in LIST or LSUB commands.

	  imapidlepoll:	60s
	      The interval for polling for mailbox changes  and	 ALERTs	 while
	      running the IDLE command.	 This option is	used when idled	is not
	      enabled or cannot	be contacted.  The minimum value is 1  second.
	      A	value of 0 will	disable	IDLE.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  imapidresponse: 1
	      If enabled, the server responds to an ID command with a  parame-
	      ter  list	 containing: version, vendor, support-url, os, os-ver-
	      sion, command, arguments,	environment.  Otherwise	the server re-
	      turns NIL.

	  imapmagicplus: 0
	      Only  list  a  restricted	 set  of  mailboxes  via IMAP by using
	      userid+namespace syntax as the authentication/authorization  id.
	      Using  userid+  (with  an	 empty	namespace) will	list only sub-
	      scribed mailboxes.

	  imipnotifier:	<none>
	      Notifyd(8) method	to use	for  "IMIP"  notifications  which  are
	      based  on	 the  RFC  6047.  If not set, "IMIP" notifications are
	      disabled.

	  implicit_owner_rights: lkxan
	      The implicit Access Control List (ACL) for the owner of a	 mail-
	      box.

	  @include: <none>
	      Directive	 which includes	the specified file as part of the con-
	      figuration.  If the path to the file is not absolute, CYRUS_PATH
	      is prepended.

	  improved_mboxlist_sort: 0
	      If  enabled,  a  special comparator will be used which will cor-
	      rectly sort mailbox names	that contain characters	such  as  '  '
	      and '-'.

	      Note  that  this	option SHOULD NOT be changed on	a live system.
	      The mailboxes database should be	dumped	(ctl_mboxlist)	before
	      the option is changed, removed, and then undumped	after changing
	      the option.  When	not using flat	files  for  the	 subscriptions
	      databases	 the  same  has	 to be done (cyr_dbtool) for each sub-
	      scription	database See improved_mboxlist_sort.html.

	  jmap_emailsearch_db_path: <none>
	      The absolute path	to the JMAP email search cache file.   If  not
	      specified,  JMAP	Email/query  and  Email/queryChanges  will not
	      cache email search results.

	  jmap_preview_annot: <none>
	      The name of the per-message annotation, if any, to store message
	      previews.

	  jmap_imagesize_annot:	<none>
	      The  name	 of  the per-message annotation, if any, that stores a
	      JSON object, mapping message part	numbers	of MIME	image types to
	      an array of their	image dimensions. The array must have at least
	      two entries, where the first entry denotes  the  width  and  the
	      second  entry the	height of the image. Any additional values are
	      ignored.

	      For example, if message part 1.2 contains	an image of width  300
	      and height 200, then the value of	this annotation	would be:

	      {	"1.2" :	[ 300, 200 ] }

	  jmap_inlinedcids_annot: <none>
	      The  name	 of  the per-message annotation, if any, that stores a
	      JSON object, mapping RFC 2392  Content-IDs  referenced  in  HTML
	      bodies to	the respective HTML body part number.

	      For example, if message part 1.2 contains	HTML and references an
	      inlined image at "cid:foo", then the value  of  this  annotation
	      would be:

	      {	"<foo>"	: "1.2"	}

	      Note  that the Content-ID	key must be URL-unescaped and enclosed
	      in angular brackets, as defined in RFC 2392.

	  jmap_preview_length: 64
	      The maximum byte length of dynamically  generated	 message  pre-
	      views. Previews stored in	jmap_preview_annot take	precedence.

	  jmap_max_size_upload:	1048576
	      The  maximum  size  (in kilobytes) that the JMAP API accepts for
	      blob uploads. Returned as	the maxSizeUpload  property  value  of
	      the  JMAP	 "urn:ietf:params:jmap:core" capabilities object.  De-
	      fault is 1Gb.

	  jmap_max_size_blob_set: 4096
	      The maximum size (in kilobytes) that the JMAP  API  accepts  for
	      Blob/set.	 Returned  as the maxSizeBlobSet property value	of the
	      JMAP "https://cyrusimap.org/ns/jmap/blob"	 capabilities  object.
	      Default is 4Mb.

	  jmap_max_concurrent_upload: 5
	      The  value to return for the maxConcurrentUpload property	of the
	      JMAP "urn:ietf:params:jmap:core" capabilities object. The	 Cyrus
	      JMAP implementation does not enforce this	rate-limit.

	  jmap_max_size_request: 10240
	      The  maximum  size  (in kilobytes) that the JMAP API accepts for
	      requests at the API endpoint.  Returned  as  the	maxSizeRequest
	      property value of	the JMAP "urn:ietf:params:jmap:core" capabili-
	      ties object. Default is 10Mb.

	  jmap_max_concurrent_requests:	5
	      The value	to return for the  maxConcurrentRequests  property  of
	      the  JMAP	 "urn:ietf:params:jmap:core"  capabilities object. The
	      Cyrus JMAP implementation	does not enforce this rate-limit.

	  jmap_max_calls_in_request: 50
	      The maximum number of calls per JMAP request  object.   Returned
	      as   the	 maxCallsInRequest  property  value  of	 the  JMAP  "-
	      urn:ietf:params:jmap:core" capabilities object.

	  jmap_max_delayed_send: 512d
	      The value	to return for the maxDelayedSend property of the  JMAP
	      "urn:ietf:params:jmap:emailsubmission" capabilities object.  The
	      Cyrus JMAP implementation	does not enforce this limit.

	      For backward compatibility, if no	unit is	specified, seconds  is
	      assumed.

	  jmap_max_objects_in_get: 4096
	      The  maximum  number  of ids that	a JMAP client may request in a
	      single "/get" type method	call. The actual  number  of  returned
	      objects  in  the response	may exceed this	number if the JMAP ob-
	      ject type	supports unbounded  "/get"  calls.   Returned  as  the
	      maxObjectsInGet	  property    value    of    the    JMAP    "-
	      urn:ietf:params:jmap:core" capabilities object.

	  jmap_max_objects_in_set: 4096
	      The maximum number of objects a JMAP client may send to  create,
	      update  or  destroy in a single /set type	method call.  Returned
	      as  the  maxObjectsInSet	property  value	  of   the   JMAP   "-
	      urn:ietf:params:jmap:core" capabilities object.

	  jmap_mail_max_size_attachments_per_email: 10240
	      The  value  (in  kilobytes)  to  return  for  the	maxSizeAttach-
	      mentsPerEmail property of	the  JMAP  "urn:ietf:params:jmap:mail"
	      capabilities  object. The	Cyrus JMAP implementation does not en-
	      force this size limit. Default is	10 Mb.

	  jmap_nonstandard_extensions: 0
	      If enabled, support non-standard JMAP extensions.	  If  not  en-
	      abled, only IETF standard	JMAP functionality is supported.

	  jmap_set_has_attachment: 1
	      If  enabled,  the	 $hasAttachment	flag is	determined and set for
	      new messages created with	the  JMAP  Email/set  or  Email/import
	      methods.	This option should typically be	enabled, but installa-
	      tions using Cyrus-external message annatotors to	determine  the
	      $hasAttachment flag might	want to	disable	it.

	  jmap_vacation: 1
	      If enabled, support the JMAP vacation extension

	  jmapuploadfolder: #jmap
	      the name of the folder for JMAP uploads (#jmap)

	  jmapsubmission_deleteonsend: 1
	      If enabled (the default) then delete the EmailSubmission as soon
	      as the email * has been sent

	  jmapsubmissionfolder:	#jmapsubmission
	      the name of the folder for JMAP Submissions (#jmapsubmission)

	  jmappushsubscriptionfolder: #jmappushsubscription
	      the name of the folder for JMAP Push  Subscriptions  (#jmappush-
	      subscription)

	  iolog: 0
	      Should cyrus output I/O log entries

	  ldap_authz: <none>
	      SASL authorization ID for	the LDAP server

	  ldap_base: <empty string>
	      Contains the LDAP	base dn	for the	LDAP ptloader module

	  ldap_bind_dn:	<none>
	      Bind DN for the connection to the	LDAP server (simple bind).  Do
	      not use for anonymous simple binds

	  ldap_deref: never
	      Specify how aliases dereferencing	is handled during search.

	      Allowed values: search, find, always, never

	  ldap_domain_base_dn: <empty string>
	      Base DN to search	for domain name	spaces.

	  ldap_domain_filter:  (&(objectclass=domainrelatedobject)(associated-
	  domain=%s))
	      Filter to	use searching for domains

	  ldap_domain_name_attribute: associateddomain
	      The attribute name for domains.

	  ldap_domain_scope: sub
	      Search scope

	      Allowed values: sub, one,	base

	  ldap_domain_result_attribute:	inetdomainbasedn
	      Result attribute

	  ldap_filter: (uid=%u)
	      Specify  a filter	that searches user identifiers.	 The following
	      tokens can be used in the	filter string:

	      %%   = % %u   = user %U	= user portion of %u (%U =  test  when
	      %u  =  test@domain.tld) %d   = domain portion of %u if available
	      (%d = domain.tld when %u = test@domain.tld), otherwise  same  as
	      %R %R   =	domain portion of %u starting with @ (%R = @domain.tld
	      when %u =	test@domain.tld) %D   =	user dn.  (use when  ldap_mem-
	      ber_method:  filter) %1-9	= domain tokens	(%1 = tld, %2 =	domain
	      when %d =	domain.tld)

	      ldap_filter is not used when ldap_sasl is	enabled.

	  ldap_group_base: <empty string>
	      LDAP base	dn for ldap_group_filter.

	  ldap_group_filter: (cn=%u)
	      Specify a	filter	that  searches	for  group  identifiers.   See
	      ldap_filter for more options.

	  ldap_group_scope: sub
	      Specify search scope for ldap_group_filter.

	      Allowed values: sub, one,	base

	  ldap_id: <none>
	      SASL authentication ID for the LDAP server

	  ldap_mech: <none>
	      SASL mechanism for LDAP authentication

	  ldap_user_attribute: <none>
	      Specify LDAP attribute to	use as canonical user id

	  ldap_member_attribute: <none>
	      See ldap_member_method.

	  ldap_member_base: <empty string>
	      LDAP base	dn for ldap_member_filter.

	  ldap_member_filter: (member=%D)
	      Specify	a   filter   for  "ldap_member_method:	filter".   See
	      ldap_filter for more options.

	  ldap_member_method: attribute
	      Specify a	group method.  The "attribute" method retrieves	groups
	      from  a  multi-valued  attribute specified in ldap_member_attri-
	      bute.

	      The "filter" method uses a filter, specified by ldap_member_fil-
	      ter, to find groups; ldap_member_attribute is a single-value at-
	      tribute group name.  Allowed values: attribute, filter

	  ldap_member_scope: sub
	      Specify search scope for ldap_member_filter.

	      Allowed values: sub, one,	base

	  ldap_password: <none>
	      Password for the connection to the LDAP server (SASL and	simple
	      bind).  Do not use for anonymous simple binds

	  ldap_realm: <none>
	      SASL realm for LDAP authentication

	  ldap_referrals: 0
	      Specify whether or not the client	should follow referrals.

	  ldap_restart:	1
	      Specify  whether	or  not	 LDAP I/O operations are automatically
	      restarted	if they	abort prematurely.

	  ldap_sasl: 1
	      Use SASL for LDAP	binds in the LDAP PTS module.

	  ldap_sasl_authc: <none>
	      Deprecated.  Use ldap_id

	  ldap_sasl_authz: <none>
	      Deprecated.  Use ldap_authz

	  ldap_sasl_mech: <none>
	      Deprecated.  Use ldap_mech

	  ldap_sasl_password: <none>
	      Deprecated.  User	ldap_password

	  ldap_sasl_realm: <none>
	      Deprecated.  Use ldap_realm

	  ldap_scope: sub
	      Specify search scope.

	      Allowed values: sub, one,	base

	  ldap_servers:	ldap://localhost/
	      Deprecated.  Use ldap_uri

	  ldap_size_limit: 1
	      Specify a	number of entries for a	search request to return.

	  ldap_start_tls: 0
	      Use transport layer security for ldap:// using STARTTLS. Do  not
	      use ldaps:// in 'ldap_uri' with this option enabled.

	  ldap_time_limit: 5s
	      How long to wait for a search request to complete.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  ldap_timeout:	5s
	      How long a search	can take before	timing out.

	      For backward compatibility, if no	unit is	specified, seconds  is
	      assumed.

	  ldap_ca_dir: <none>
	      Path  to	a  directory  with CA (Certificate Authority) certifi-
	      cates.

	  ldap_ca_file:	<none>
	      Path to a	file containing	CA  (Certificate  Authority)  certifi-
	      cate(s).

	  ldap_ciphers:	<none>
	      List  of	SSL/TLS	ciphers	to allow.  The format of the string is
	      described	in ciphers(1).

	  ldap_client_cert: <none>
	      File containing the client certificate.

	  ldap_client_key: <none>
	      File containing the private client key.

	  ldap_verify_peer: 0
	      Require and verify server	certificate.  If this option  is  yes,
	      you must specify ldap_ca_file or ldap_ca_dir.

	  ldap_tls_cacert_dir: <none>
	      Deprecated in favor of ldap_ca_dir.

	  ldap_tls_cacert_file:	<none>
	      Deprecated in favor of ldap_ca_file.

	  ldap_tls_cert: <none>
	      Deprecated in favor of ldap_client_cert.

	  ldap_tls_key:	<none>
	      Deprecated in favor of ldap_client_key.

	  ldap_tls_check_peer: 0
	      Deprecated in favor of ldap_verify_peer.

	  ldap_tls_ciphers: <none>
	      Deprecated in favor of ldap_ciphers.

	  ldap_uri: <none>
	      Contains	a  list	of the URLs of all the LDAP servers when using
	      the LDAP PTS module.

	  ldap_version:	3
	      Specify the LDAP protocol	 version.   If	ldap_start_tls	and/or
	      ldap_use_sasl  are  enabled,  ldap_version will be automatically
	      set to 3.

	  literalminus:	0
	      if enabled, CAPABILITIES will reply with	LITERAL-  rather  than
	      LITERAL+	(RFC  7888).   Doesn't	actually size-restrict uploads
	      though

	  lmtp_downcase_rcpt: 1
	      If enabled, lmtpd	will convert the recipient addresses to	lower-
	      case (up to a '+'	character, if present).

	  lmtp_exclude_specialuse: \Snoozed
	      Don't  allow  delivery  to  folders  with	 given special-use at-
	      tributes.

	      Note that	"snoozing" of emails can currently only	 be  done  via
	      the  JMAP	 protocol, so delivery directly	to the Snoozed mailbox
	      is prohibited by default as it will not be moved back into INBOX
	      automatically.

	  lmtp_fuzzy_mailbox_match: 0
	      If  enabled, and the mailbox specified in	the detail part	of the
	      recipient	(everything after the '+') does	not exist, lmtpd  will
	      try  to  find  the closest match (ignoring case, ignoring	white-
	      space, falling back to parent) to	the specified mailbox name.

	  lmtp_over_quota_perm_failure:	0
	      If enabled, lmtpd	returns	a permanent failure code when a	user's
	      mailbox  is  over	 quota.	 By default, the failure is temporary,
	      causing the MTA to queue the message and retry later.

	  lmtp_preparse: 0
	      If enabled, lmtpd	will map in the	email  and  parse  the	xapian
	      data  for	jmapsearch.  The advantage is that the parsing is done
	      without holding any locks.  The disadvantage is that the parsing
	      is done even if it winds up not being needed.

	  lmtp_strict_quota: 0
	      If  enabled, lmtpd returns a failure code	when the incoming mes-
	      sage will	cause the user's mailbox to exceed its quota.  By  de-
	      fault, the failure won't occur until the mailbox is already over
	      quota.

	  lmtp_strict_rfc2821: 1
	      By default, lmtpd	will be	strict (per RFC	2821) with regards  to
	      which  envelope addresses	are allowed.  If this option is	set to
	      false, 8bit characters in	the local-part of  envelope  addresses
	      are  changed to 'X' instead.  This is useful to avoid generating
	      backscatter with certain MTAs like Postfix or Exim which	accept
	      such messages.

	  lmtpsocket: {configdirectory}/socket/lmtp
	      Unix  domain  socket  that lmtpd listens on, used	by deliver(8).
	      This should match	the path specified in cyrus.conf(5).

	  lmtptxn_timeout: 5m
	      Timeout used during a lmtp transaction to	a remote backend (e.g.
	      in a murder environment).	 Can be	used to	prevent	hung lmtpds on
	      proxy hosts when a backend server	becomes	unresponsive during  a
	      lmtp transaction.	 The default is	5 minutes - change to zero for
	      infinite.

	      For backward compatibility, if no	unit is	specified, seconds  is
	      assumed.

	  lock_debugtime: <none>
	      A	 floating  point  number of seconds.  If set, time how long we
	      wait for any lock, and syslog the	 filename  and	time  if  it's
	      longer  than  this value.	 The default of	NULL means not to time
	      locks.

	  loginrealms: <empty string>
	      The list of remote realms	whose  users  may  authenticate	 using
	      cross-realm  authentication  identifiers.	  Separate  each realm
	      name by a	space.	(A  cross-realm	 identity  is  considered  any
	      identity returned	by SASL	with an	"@" in it.).

	  loginuseacl: 0
	      If  enabled, any authentication identity which has a rights on a
	      user's INBOX may log in as that user.

	  logtimestamps: 0
	      Include notations	in the protocol	telemetry logs indicating  the
	      number of	seconds	since the last command or response.

	  mailbox_default_options: 0
	      Default  "options" field for the mailbox on create.  You'll want
	      to know what you're doing	before setting this, but it can	 apply
	      some default annotations like duplicate suppression

	  mailbox_initial_flags: <none>
	      space-separated list of permanent	flags which will be pre-set in
	      every newly created mailbox.  If you know	you will require  par-
	      ticular  flag  names  then this avoids a possible	race condition
	      against a	client that fills the entire 128 available slots.  De-
	      fault is NULL, which is no flags.	 Example: $Label1 $Label2 $La-
	      bel3 NotSpam Spam

	  mailbox_maxmessages_addressbook: 0
	      Limit the	number of messages that	may exist in a single  mailbox
	      of  "addressbook"	 type. Default (0) means no limit.  This limit
	      applies after quotas are checked,	so if you have both quota lim-
	      its and this set,	then you will be denied	if you are either over
	      quota or over this per-mailbox count.

	  mailbox_maxmessages_calendar:	0
	      Limit the	number of messages that	may exist in a single  mailbox
	      of  "calendar" type. Default (0) means no	limit.	This limit ap-
	      plies after quotas are checked, so if you	have both quota	limits
	      and  this	 set,  then  you will be denied	if you are either over
	      quota or over this per-mailbox count.

	  mailbox_maxmessages_email: 0
	      Limit the	number of messages that	may exist in a single  mailbox
	      of  "email"  (normal)  type.  Default  (0) means no limit.  This
	      limit applies after quotas are checked,  so  if  you  have  both
	      quota  limits  and  this set, then you will be denied if you are
	      either over quota	or over	this per-mailbox count.

	  mailnotifier:	<none>
	      Notifyd(8) method	to use for "MAIL" notifications.  If not  set,
	      "MAIL" notifications are disabled.

	  master_bind_errors_fatal: 0
	      If  enabled, failure to bind a port during startup is treated as
	      a	fatal error, causing master to shut down immediately.  The de-
	      fault is to keep running,	with the affected service disabled un-
	      til the next SIGHUP causes it to retry.

	      Note that	this only applies during startup.  New	services  that
	      fail  to	come  up in response to	a reconfig+SIGHUP will just be
	      logged and disabled like the default behaviour, without  causing
	      master to	exit.

	  maxheaderlines: 1000
	      Maximum  number  of  lines of header that	will be	processed into
	      cache records.  Default 1000.  If	set to zero, it	is  unlimited.
	      If  a  message  hits  the	limit, an error	will be	logged and the
	      rest of the lines	in the header will be  skipped.	  This	is  to
	      avoid malformed messages causing giant cache records

	  maxlogins_per_host: 0
	      Maximum  number  of  logged  in  sessions	allowed	per host, zero
	      means no limit

	  maxlogins_per_user: 0
	      Maximum number of	logged in  sessions  allowed  per  user,  zero
	      means no limit

	  maxmessagesize: 0
	      Maximum incoming LMTP message size.  If non-zero,	lmtpd will re-
	      ject messages larger than	maxmessagesize bytes.  If  set	to  0,
	      this will	allow messages of any size (the	default).

	  maxquoted: 131072
	      Maximum  size of a single	quoted string for the parser.  Default
	      128k

	  maxword: 131072
	      Maximum size of a	single word for	the parser.  Default 128k

	  mboxkey_db: twoskip
	      The cyrusdb backend to use for mailbox keys.

	      Allowed values: skiplist,	twoskip, zeroskip

	  mboxlist_db: twoskip
	      The cyrusdb backend to use for the mailbox list.

	      Allowed values: flat, skiplist, sql, twoskip, zeroskip

	  mboxlist_db_path: <none>
	      The absolute path	to the mailboxes db file.   If	not  specified
	      will be configdirectory/mailboxes.db

	  mboxname_lockpath: <none>
	      Path to mailbox name lock	files (default $conf/lock)

	  metapartition_files: <empty string>
	      Space-separated  list  of	metadata files to be stored on a meta-
	      partition	rather than in the mailbox directory on	a spool	parti-
	      tion.  Allowed values: header, index, cache, expunge, squat, an-
	      notations, lock, dav, archivecache

	  metapartition-name: <none>
	      The pathname of the metadata partition  name,  corresponding  to
	      spool  partition	partition-name.	 For any mailbox residing in a
	      directory	on partition-name, the metadata	files listed in	 meta-
	      partition_files  will  be	stored in a corresponding directory on
	      metapartition-name.   Note that not every	partition-name	option
	      is  required  to have a corresponding metapartition-name option,
	      so that you can selectively choose which spool  partitions  will
	      have separate metadata partitions.

	  mupdate_authname: <none>
	      The SASL username	(Authentication	Name) to use when authenticat-
	      ing to the mupdate server	(if needed).

	  mupdate_config: standard
	      The configuration	of the mupdate servers in  the	Cyrus  Murder.
	      The  "standard" config is	one in which there are discreet	front-
	      end (proxy) and backend servers.	The "unified" config is	one in
	      which  a server can be both a frontend and backend.  The "repli-
	      cated" config is one in which multiple backend servers all share
	      the same mailspool, but each have	their own "replicated" copy of
	      mailboxes.db.  Allowed values: standard, unified,	replicated

	  munge8bit: 1
	      If enabled, lmtpd	munges messages	with 8-bit characters  in  the
	      headers.	 The  8-bit  characters	 are  changed  to `X'.	If re-
	      ject8bit is enabled, setting munge8bit has no effect.  (A	proper
	      solution	to  non-ASCII  characters in headers is	offered	by RFC
	      2047 and its predecessors.)

	  mupdate_connections_max: 128
	      The max number of	connections that a mupdate process will	allow,
	      this is related to the number of file descriptors	in the mupdate
	      process.	Beyond this number connections will be immediately is-
	      sued a BYE response.

	  mupdate_password: <none>
	      The  SASL	password (if needed) to	use when authenticating	to the
	      mupdate server.

	  mupdate_port:	3905
	      The port of the mupdate server for the Cyrus Murder

	  mupdate_realm: <none>
	      The SASL realm (if needed) to use	 when  authenticating  to  the
	      mupdate server.

	  mupdate_retry_delay: 20
	      The  base	time to	wait between connection	retries	to the mupdate
	      server.

	  mupdate_server: <none>
	      The mupdate server for the Cyrus Murder

	  mupdate_username: <empty string>
	      The SASL username	(Authorization Name) to	use when  authenticat-
	      ing to the mupdate server

	  mupdate_workers_max: 50
	      The maximum number of mupdate worker threads (overall)

	  mupdate_workers_maxspare: 10
	      The maximum number of idle mupdate worker	threads

	  mupdate_workers_minspare: 2
	      The minimum number of idle mupdate worker	threads

	  mupdate_workers_start: 5
	      The number of mupdate worker threads to start

	  netscapeurl: <none>
	      If  enabled  at compile time, this specifies a URL to reply when
	      Netscape asks the	server	where  the  mail  administration  HTTP
	      server is.  Administrators should	set this to a local resource.

	  newsaddheaders: to
	      Space-separated  list  of	headers	to be added to incoming	usenet
	      articles.	 Added To: headers will	 contain  email	 delivery  ad-
	      dresses  corresponding  to  each	newsgroup  in  the Newsgroups:
	      header.  Added Reply-To: headers will contain email delivery ad-
	      dresses  corresponding  to each newsgroup	in the Followup-To: or
	      Newsgroups: header.  If the specified header(s) already exist in
	      an article, the email delivery addresses will be appended	to the
	      original header body(s).

	      This option applies if and only if the  newspostuser  option  is
	      set.  Allowed values: to,	replyto

	  newsgroups: *
	      A	wildmat	pattern	specifying which mailbox hierarchies should be
	      treated as newsgroups.  Only mailboxes matching the wildmat will
	      accept  and/or  serve  articles via NNTP.	 If not	set, a default
	      wildmat of "*" (ALL shared mailboxes)  will  be  used.   If  the
	      newsprefix  option  is  also  set,  the  default wildmat will be
	      translated to "<newsprefix>.*"

	  newsmaster: news
	      Userid that is used for checking access controls when  executing
	      Usenet  control messages.	 For instance, to allow	articles to be
	      automatically deleted by cancel messages,	give the  "news"  user
	      the  'd' right on	the desired mailboxes.	To allow newsgroups to
	      be automatically created,	deleted	and renamed by the correspond-
	      ing  control messages, give the "news" user the 'c' right	on the
	      desired mailbox hierarchies.

	  newspeer: <none>
	      A	list of	whitespace-separated  news  server  specifications  to
	      which  articles  should  be fed.	Each server specification is a
	      string of	 the  form  [user[:pass]@]host[:port][/wildmat]	 where
	      'host'  is the fully qualified hostname of the server, 'port' is
	      the port on which	the server is listening, 'user'	and 'pass' are
	      the  authentication  credentials and 'wildmat' is	a pattern that
	      specifies	which groups should be fed.  If	no  'port'  is	speci-
	      fied,  port  119	is  used.   If	no 'wildmat' is	specified, all
	      groups are fed.  If 'user' is specified (even  if	 empty),  then
	      the  NNTP	 POST  command will be used to feed the	article	to the
	      server, otherwise	the IHAVE command will be used.

	      A	'@' may	be used	in place of '!'	 in  the  wildmat  to  prevent
	      feeding  articles	 cross-posted  to  the	given group, otherwise
	      cross-posted articles  are  fed  if  any	part  of  the  wildmat
	      matches.	 For  example,	the  string  "peer.example.com:*,!con-
	      trol.*,@local.*" would feed all groups except  control  messages
	      and   local   groups   to	 peer.example.com.   In	 the  case  of
	      cross-posting to local groups, these articles would not be fed.

	  newspostuser:	<none>
	      Userid used to deliver  usenet  articles	to  newsgroup  folders
	      (usually	via  lmtp2nntp).  For example, if set to "post", email
	      sent  to	"post+comp.mail.imap"  would  be  delivered   to   the
	      "comp.mail.imap" folder.

	      When set,	the Cyrus NNTP server will add the header(s) specified
	      in the newsaddheaders option to each  incoming  usenet  article.
	      The added	header(s) will contain email delivery addresses	corre-
	      sponding to each relevant	newsgroup.  If not set,	no headers are
	      added to usenet articles.

	  newsprefix: <none>
	      Prefix  to  be  prepended	 to newsgroup names to make the	corre-
	      sponding IMAP mailbox names.

	  newsrc_db_path: <none>
	      The absolute path	to the newsrc db file.	If not specified, will
	      be configdirectory/fetchnews.db

	  nntptimeout: 3m
	      Set the length of	the NNTP server's inactivity autologout	timer.
	      The minimum value	is 3 minutes, also the default.

	      For backward compatibility, if no	unit is	specified, minutes  is
	      assumed.

	  notesmailbox:	<none>
	      The  top	level  mailbox in each user's account which is used to
	      store * Apple-style Notes.  Default is blank (disabled)

	  notifysocket:	{configdirectory}/socket/notify
	      Unix domain socket that the mail notification daemon listens on.

	  notify_external: <none>
	      Path to the external program that	notifyd(8) will	call  to  send
	      mail notifications.

	      The  external  program will be called with the following command
	      line options:

		 -c class

		 -p priority

		 -u user

		 -m mailbox

		 And the notification message will be available	on stdin.

	  partition-name: <none>
	      The pathname of the partition  name.   At	 least	one  partition
	      pathname	MUST  be specified.  If	the defaultpartition option is
	      used, then its pathname MUST be specified.  For example, if  the
	      value  of	 the  defaultpartion  option is	part1, then the	parti-
	      tion-part1 field is required.

	  partition_select_mode: freespace-most
	      Partition	selection mode.

	      random (pseudo-)random selection

	      freespace-most
		     partition with the	most free space	(KiB)

	      freespace-percent-most
		     partition with the	most free space	(%)

	      freespace-percent-weighted
		     each partition is weighted	according to  its  free	 space
		     (%);  the	more  free  space  the partition has, the more
		     chances it	has to be selected

	      freespace-percent-weighted-delta
		     each partition is weighted	according to its difference of
		     free  space  (%) compared to the most used	partition; the
		     more the partition	is lagging behind the most used	parti-
		     tion, the more chances it has to be selected

		     Note that actually	even the most used partition has a few
		     chances to	be selected, and those chances	increase  when
		     other partitions get closer

		     Allowed  values:  random,	freespace-most,	freespace-per-
		     cent-most,	  freespace-percent-weighted,	freespace-per-
		     cent-weighted-delta

	  partition_select_exclude: <none>
	      List of partitions to exclude from selection mode.

	  partition_select_usage_reinit: 0
	      For a given session, number of operations	(e.g. partition	selec-
	      tion) for	which partitions usage data are	cached.

	  partition_select_soft_usage_limit: 0
	      Limit of partition usage (%): if a partition is over that	limit,
	      it is automatically excluded from	selection mode.

	      If  all partitions are over that limit, this feature is not used
	      anymore.

	  plaintextloginpause: <none>
	      Time to pause after a successful plaintext login.	  For  systems
	      that  support  strong authentication, this permits users to per-
	      ceive a cost of using plaintext passwords.  (This	does  not  af-
	      fect the use of PLAIN in SASL authentications.)

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  plaintextloginalert: <none>
	      Message to send to client	after a	successful plaintext login.

	  popexpiretime: -1
	      The duration advertised as being the minimum a  message  may  be
	      left  on	the POP	server before it is deleted (via the CAPA com-
	      mand, defined  in	 the  POP3  Extension  Mechanism,  which  some
	      clients  may support).  This duration has	a granularity of whole
	      days, with partial days truncated	(so e.g. "45m" is  effectively
	      "0d").   "NEVER",	 the default, may be specified with a negative
	      number.

	      The Cyrus	POP3 server never deletes mail,	 no  matter  what  the
	      value  of	 this  parameter  is.  However,	if a site implements a
	      less liberal policy, it needs to change this  parameter  accord-
	      ingly.

	      For backward compatibility, if no	unit is	specified, days	is as-
	      sumed.

	  popminpoll: <none>
	      Set the minimum amount of	time the server	forces users  to  wait
	      between successive POP logins.

	      For  backward compatibility, if no unit is specified, minutes is
	      assumed.

	  popsubfolders: 0
	      Allow  access  to	 subfolders  of	 INBOX	via  POP3   by	 using
	      userid+subfolder syntax as the authentication/authorization id.

	  poppollpadding: 1
	      Create a softer minimum poll restriction.	 Allows	poppollpadding
	      connections before the minpoll restriction is triggered.	 Addi-
	      tionally,	 one  padding entry is recovered every popminpoll min-
	      utes.  This allows for the occasional polling rate  faster  than
	      popminpoll,  (i.e.,  for	clients	that require a send/receive to
	      send mail) but still enforces the	rate long-term.	 Default is  1
	      (disabled).

	      The  easiest  way	to think of it is a queue of past connections,
	      with one slot being filled for every connection,	and  one  slot
	      being  cleared every popminpoll minutes. When the	queue is full,
	      the user will not	be able	to check mail again until  a  slot  is
	      cleared.	 If  the  user waits a sufficient amount of time, they
	      will get back many or all	of the slots.

	  poptimeout: 10m
	      Set the length of	the POP	server's inactivity autologout	timer.
	      The minimum value	is 10 minutes, the default.

	      For  backward compatibility, if no unit is specified, minutes is
	      assumed.

	  popuseacl: 0
	      Enforce IMAP ACLs	in the pop server.  Due	to the nature  of  the
	      POP3  protocol, the only rights which are	used by	the pop	server
	      are 'r', 't', and	's' for	the owner of  the  mailbox.   The  'r'
	      right allows the user to open the	mailbox	and list/retrieve mes-
	      sages.  The 't' right allows the user to delete  messages.   The
	      's'  right  allows  messages  retrieved  by the user to have the
	      \Seen flag set (only if popuseimapflags is also enabled).

	  popuseimapflags: 0
	      If enabled, the pop server will set and obey IMAP	 flags.	  Mes-
	      sages having the \Deleted	flag are ignored as if they do not ex-
	      ist.  Messages that are retrieved	by the client  will  have  the
	      \Seen flag set.  All messages will have the \Recent flag unset.

	  postmaster: postmaster
	      Username	that  is  used as the 'From' address in	rejection MDNs
	      produced by sieve.

	  postuser: <empty string>
	      Userid used to deliver messages to shared	folders.  For example,
	      if  set  to "bb",	email sent to "bb+shared.blah" would be	deliv-
	      ered to the "shared.blah"	folder.	 By default, an	email  address
	      of "+shared.blah"	would be used.

	  proc_path: <none>
	      Path  to	proc directory.	 Default is NULL - must	be an absolute
	      path if specified.  If not  specified,  the  path	 $configdirec-
	      tory/proc/ will be used.

	  prometheus_enabled: 0
	      Whether tracking of service metrics for Prometheus is enabled.

	  prometheus_need_auth:	admin
	      Authentication level required to fetch Prometheus	metrics.

	      Allowed values: none, user, admin

	  prometheus_update_freq: 10s
	      Frequency	 in  at	which promstatsd should	re-collate its statis-
	      tics report.  The	minimum	value is 1 second, the default	is  10
	      seconds.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  prometheus_stats_dir:	<none>
	      Directory	to use for gathering prometheus	statistics.  If	speci-
	      fied,  must  be an absolute path.	 If not	specified, the default
	      path $configdirectory/stats/ will	be used.  It may  be  advanta-
	      geous to locate this directory on	ephemeral storage.

	  proxy_authname: proxy
	      The  authentication name to use when authenticating to a backend
	      server in	the Cyrus Murder.

	  proxy_compress: 0
	      Try to enable protocol-specific compression  when	 performing  a
	      client connection	to a backend server in the Cyrus Murder.

	      Note  that  this should only be necessary	over slow network con-
	      nections.	 Also note that	currently only IMAP and	 MUPDATE  sup-
	      port compression.

	  proxy_password: <none>
	      The  default  password  to  use when authenticating to a backend
	      server in	the Cyrus Murder.  May be overridden  on  a  host-spe-
	      cific basis using	the hostname_password option.

	  proxy_realm: <none>
	      The authentication realm to use when authenticating to a backend
	      server in	the Cyrus Murder

	  proxyd_allow_status_referral:	0
	      Set to true to allow proxyd to issue referrals to	 clients  that
	      support  it when answering the STATUS command.  This is disabled
	      by default since some clients issue many STATUS  commands	 in  a
	      row, and do not cache the	connections that these referrals would
	      cause, thus resulting in a higher	authentication load on the re-
	      spective backend server.

	  proxyd_disable_mailbox_referrals: 0
	      Set to true to disable the use of	mailbox-referrals on the proxy
	      servers.

	  proxyservers:	<none>
	      A	list of	users and groups that are allowed to proxy  for	 other
	      users, separated by spaces.  Any user listed in this will	be al-
	      lowed to login for any other user: use with caution.  In a stan-
	      dard  murder this	option should ONLY be set on backends.	DO NOT
	      SET on frontends or things won't work properly.

	  pts_module: afskrb
	      The PTS module to	use.

	      Allowed values: afskrb, ldap

	  ptloader_sock: <none>
	      Unix domain socket that ptloader listens on.  (defaults to  con-
	      figdirectory/ptclient/ptsock)

	  ptscache_db: twoskip
	      The cyrusdb backend to use for the pts cache.

	      Allowed values: skiplist,	twoskip, zeroskip

	  ptscache_db_path: <none>
	      The  absolute  path  to the ptscache db file.  If	not specified,
	      will be configdirectory/ptscache.db

	  ptscache_timeout: 3h
	      The  timeout  for	 the  PTS  cache  database  when   using   the
	      auth_krb_pts authorization method	(default: 3 hours).

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  ptskrb5_convert524: 1
	      When using the AFSKRB ptloader module with Kerberos 5 canonical-
	      ization,	do  the	final 524 conversion to	get a n	AFS style name
	      (using '.' instead of '/', and using short names

	  ptskrb5_strip_default_realm: 1
	      When using the AFSKRB ptloader module with Kerberos 5 canonical-
	      ization,	strip the default realm	from the userid	(this does not
	      affect the stripping of realms specified	by  the	 afspts_local-
	      realms option)

	  qosmarking: cs0
	      This  specifies  the  Class  Selector or Differentiated Services
	      Code Point designation on	IP headers (in the  ToS	 field).   Al-
	      lowed  values:  cs0,  cs1,  cs2,	cs3, cs4, cs5, cs6, cs7, af11,
	      af12, af13, af21,	af22, af23,  af31,  af32,  af33,  af41,	 af42,
	      af43, ef

	  quota_db: quotalegacy
	      The cyrusdb backend to use for quotas.

	      Allowed  values:	flat, skiplist,	sql, quotalegacy, twoskip, ze-
	      roskip

	  quota_db_path: <none>
	      The absolute path	for the	quota database (if you choose  a  sin-
	      gle-file quota DB	type - or the base path	if you choose quotale-
	      gacy).  If not specified will  be	 configdirectory/quotas.db  or
	      configdirectory/quota/

	  quota_use_conversations: 0
	      If  conversations	it enabled and quotaroot is a user folder, use
	      the conversations	quota counts, which count multiple  copies  of
	      exactly the same message (by GUID) as only one

	  quotawarn: 90
	      The percent of quota utilization over which the server generates
	      warnings.

	  quotawarnkb: 0
	      The maximum amount of free space (in kB)	at  which  to  give  a
	      quota  warning  (if  this	value is 0, or if the quota is smaller
	      than this	amount,	then warnings are always given).

	  quotawarnmsg:	0
	      The maximum amount of messages at	which to give a	quota  warning
	      (if  this	 value	is  0,	or  if	the quota is smaller than this
	      amount, then warnings are	always given).

	  readonly: 0
	      If enabled, all IMAP, POP	and JMAP connections are read-only,  *
	      no writes	allowed

	  reject8bit: 0
	      If  enabled, lmtpd rejects messages with 8-bit characters	in the
	      headers.

	  restore_authname: <none>
	      The authentication used by the restore tool when	authenticating
	      to an IMAP/sync server.

	  restore_password: <none>
	      The  password used by the	restore	tool when authenticating to an
	      IMAP/sync	server.

	  restore_realm: <none>
	      The authentication realm used by the restore tool	when authenti-
	      cating to	an IMAP/sync server.

	  reverseacls: 0
	      At  startup  time,  ctl_cyrusdb  -r will check this value	and it
	      will either add or remove	reverse	ACL pointers from mailboxes.db

	  reverseuniqueids: 1
	      At startup time, ctl_cyrusdb -r will check  this	value  and  it
	      will  either  add	or remove reverse UNIQUEID pointers from mail-
	      boxes.db

	  rfc2046_strict: 0
	      If enabled, imapd	will be	strict (per RFC	 2046)	when  matching
	      MIME  boundary  strings.	 This means that boundaries containing
	      other boundaries as substrings will  be  treated	as  identical.
	      Since  enabling  this option will	break some messages created by
	      Eudora 5.1 (and earlier),	it is recommended that it be left dis-
	      abled unless there is good reason	to do otherwise.

	  rfc2047_utf8:	0
	      If  enabled, imapd will parse any	non-encoded character sequence
	      in MIME header values as UTF8. This is useful for	 installations
	      that  either  advertise the UTF8SMTP (RFC	5335) extension	or re-
	      ceive mails with improperly escaped UTF-8	byte sequences.	It  is
	      recommended  that	 this  option is left disabled unless there is
	      good reason to do	otherwise.

	  rfc3028_strict: 1
	      If enabled, Sieve	will be	strict (per RFC	3028) with regards  to
	      which  headers  are  allowed  to be used in address and envelope
	      tests.  This means that only those headers which are defined  to
	      contain addresses	will be	allowed	in address tests and only "to"
	      and "from" will be allowed in envelope  tests.   When  disabled,
	      ANY grammatically	correct	header will be allowed.

	  rss_feedlist_template: <none>
	      File  containing	HTML  that will	be used	as a template for dis-
	      playing the list of available RSS	feeds.	A single  instance  of
	      the  variable  %RSS_FEEDLIST%  should  appear in the file, which
	      will be replaced by a  nested  unordered	list  of  feeds.   The
	      toplevel unordered list will be tagged with an id	of "feed" (<ul
	      id='feed'>) which	can be used by stylesheet(s) in	your template.
	      The dynamically created list of feeds based on the HTML template
	      will be accessible at the	"/rss" URL on the server.

	  rss_feeds: *
	      A	wildmat	pattern	specifying which mailbox hierarchies should be
	      treated  as RSS feeds.  Only mailboxes matching the wildmat will
	      have their messages available via	RSS.  If not  set,  a  default
	      wildmat of "*" (ALL mailboxes) will be used.

	  rss_maxage: <none>
	      Maximum age of items to display in an RSS	channel.  If non-zero,
	      httpd will only display items received within this time  period.
	      If  set  to  0,  all  available items will be displayed (the de-
	      fault).

	      For backward compatibility, if no	unit is	specified, days	is as-
	      sumed.

	  rss_maxitems:	0
	      Maximum  number  of  items  to  display  in  an RSS channel.  If
	      non-zero,	httpd will display no more than	the rss_maxitems  most
	      recent  items.   If  set	to 0, all available items will be dis-
	      played (the default).

	  rss_maxsynopsis: 0
	      Maximum RSS item synopsis	length.	 If non-zero, httpd will  dis-
	      play  no	more  than  the	first rss_maxsynopsis characters of an
	      item's synopsis.	If set to 0, the entire	synopsis will be  dis-
	      played (the default).

	  rss_realm: <none>
	      The  realm  to present for HTTP authentication of	RSS feeds.  If
	      not set (the default), the value of the "servername" option will
	      be used.

	  sasl_auto_transition:	0
	      If enabled, the SASL library will	automatically create authenti-
	      cation secrets when given	a plaintext password.	See  the  SASL
	      documentation.

	  sasl_maximum_layer: 256
	      Maximum  SSF (security strength factor) that the server will al-
	      low a client to negotiate.

	  sasl_minimum_layer: 0
	      The minimum SSF that the server will allow a client  to  negoti-
	      ate.   A	value  of  1 requires integrity	protection; any	higher
	      value requires some amount of encryption.

	  sasl_option: 0
	      Any SASL option can be set by preceding  it  with	 sasl_.	  This
	      file overrides the SASL configuration file.

	  sasl_pwcheck_method: <none>
	      The  mechanism used by the server	to verify plaintext passwords.
	      Possible values include "auxprop", "saslauthd", and "pwcheck".

	  search_batchsize: 20
	      The number of messages to	be indexed in one batch	(default  20).
	      Note that	long batches may delay user commands or	mail delivery.

	  search_attachment_extractor_url: <none>
	      A	 HTTP  or  HTTPS URL to	extract	search text from rich text at-
	      tachments	and other media	during search indexing.	The server  at
	      this URL must implement the following protocol:

	      1. For each attachment of	an email, Cyrus	sends a	GET request to
	      the URL <extractor-url>/<cyrus-id>, where	<extractor-url>	is the
	      configured  URL  and  <cyrus-id>	is a Cyrus-chosen path segment
	      that uniquely identifies this attachment.

	      2. If the	extractor already has a	cached plain text  extract  of
	      the  attachment identified by <cyrus-id> then it may return HTTP
	      status code 200 (OK) and the plain  text	extract	 with  a  Con-
	      tent-Type	 "text/plain"  header.	Otherwise  it must return HTTP
	      status 404 (Not Found).

	      3. If Cyrus receives the HTTP status code	404 (Not Found),  then
	      it  sends	 a  PUT	request	to the same URL	as previously. The PUT
	      request body contains the	decoded, binary	body  of  the  attach-
	      ment.  The Content-Type request header has the same value	as de-
	      clared in	the MIME part headers, including any type parameters.

	      4. The extractor must return the plain text extract with	either
	      HTTP  status  200	 (OK)  or  201	(Created)  and	a Content-Type
	      "text/plain" header.  If no text can be extracted, then the  ex-
	      tractor  may return any return code in the range 4xx, or 200 and
	      an empty response	body.

	      Any other	HTTP status code is treated as an error.  For  perfor-
	      mance  reasons, the Cyrus	indexer	attempts to keep-alive the TCP
	      connection to the	extractor.  Xapian only.

	  search_index_language: 0
	      If enabled, then messages	bodies are stemmed  by	detected  lan-
	      guage in addition	to the default English stemmer.	 Xapian	only.

	  search_index_parts: 0
	      Deprecated. No longer used.

	  search_index_skip_domains: <none>
	      A	 space	separated  list	 of domains - if set, any users	in the
	      listed domains will be skipped when indexing.

	  search_index_skip_users: <none>
	      A	space separated	list of	usernames - if set, any	users  in  the
	      list will	be skipped when	indexing.

	  search_query_language: 0
	      Deprecated. No longer used.

	  search_normalisation_max: 1000
	      A	 resource  bound for the combinatorial explosion of search ex-
	      pression tree complexity caused by normalising expressions  with
	      many  OR	nodes.	 These	can use	more CPU time to optimise than
	      they save	IO time	in scanning folders.

	  search_engine: none
	      The indexing engine used to speed	up searching.

	      Allowed values: none, squat, xapian

	  search_fuzzy_always: 0
	      Whether to enable	RFC 6203 FUZZY search for all IMAP SEARCH.  If
	      turned on, search	attributes will	be searched using FUZZY	search
	      by default.  If turned off, clients have to explicitly  use  the
	      FUZZY  search key	to enable fuzzy	search for regular SEARCH com-
	      mands.

	  search_index_headers:	1
	      Whether to index headers other than From,	To, Cc,	Bcc, and  Sub-
	      ject.   Experiment  shows	that some headers such as Received and
	      DKIM-Signature can contribute up to 2/3rds of the	index size but
	      almost nothing to	the utility of searching.  Note	that if	header
	      indexing	is  disabled,  headers	can  still  be	searched,  the
	      searches will just be slower.

	  search_indexed_db: twoskip
	      The  cyrusdb  backend  to	 use for the search latest indexed uid
	      state.  Xapian only.

	      Allowed values: flat, skiplist, twoskip, zeroskip

	  search_maxtime: <none>
	      The maximum number of seconds to run a search for	before	abort-
	      ing.   Default  of  no  value means search "forever" until other
	      timeouts.

	  search_queryscan: 5000
	      The minimum number of records require to do a direct scan	of all
	      G	keys * rather than indexed lookups.  A value of	0 means	always
	      do indexed lookups.

	  search_skipdiacrit: 1
	      When searching, should diacriticals be stripped from the	search
	      terms.   The  default  is	 "true", a search for "hav" will match
	      "HAYvard".  This is not RFC 5051	compliant,  but	 it  backwards
	      compatible, and may be preferred by some sites.

	  search_skiphtml: 0
	      If enabled, HTML parts of	messages are skipped, i.e. not indexed
	      and not searchable.  Otherwise, they're indexed.

	  search_whitespace: merge
	      When searching, how whitespace should be handled.	 Options  are:
	      "skip"  (default in 2.3 and earlier series) - where a search for
	      "equi" would match "the quick brown fox".	  "merge"  -  the  de-
	      fault,  where  "he   qu" would match "the	quick	brownfox", and
	      "keep", where whitespace must match  exactly.   The  default  of
	      "merge"  is  recommended for most	cases -	it's a good compromise
	      which keeps words	separate.  Allowed values: skip, merge,	keep

	  search_snippet_length: 255
	      The maximum byte length of a snippet generated by	the  XSNIPPETS
	      command.	Only supported by the Xapian search backend, which at-
	      tempts to	always fill search_snippet_length bytes	in the	gener-
	      ated snippet.

	  search_stopword_path:	<none>
	      The  absolute  base  path	 to  the search	stopword lists.	If not
	      specified, no stopwords will be taken into account during	search
	      indexing.	 Currently,  the  only supported and default stop word
	      file is english.txt.

	  searchpartition-name:	<none>
	      The pathname  where  to  store  the  xapian  search  indexes  of
	      searchtier for mailboxes of partition name. This must be config-
	      ured for the defaultsearchtier and any  additional  search  tier
	      (see squatter for	details).

	      For  example:  if	 defaultpartition  is defined as part1 and de-
	      faultsearchtier as tier1 then the	configuration must contain  an
	      entry  tier1searchpartition-part1	that defines the path where to
	      store this tier1's search	index for the part1 partition.

	      This option MUST be specified for	xapian search.

	  seenstate_db:	twoskip
	      The cyrusdb backend to use for the seen state.

	      Allowed values: flat, skiplist, twoskip, zeroskip

	  sendmail: /usr/lib/sendmail
	      The pathname of the sendmail executable.	Sieve invokes sendmail
	      for sending rejections, redirects	and vacation responses.

	  sendmail_auth_id: CYRUS_SENDMAIL_AUTH_ID
	      The  name	 of an environment variable to set when	invoking send-
	      mail.  The value of this environment variable will  contain  the
	      user  id	of the currently authenticated user. If	no user	is au-
	      thenticated the environment variable is not set.

	  serverlist: <none>
	      Whitespace separated list	of backend  server  names.   Used  for
	      finding  server  with the	most available free space for proxying
	      CREATE.

	  serverlist_select_mode: freespace-most
	      Server selection mode.

	      random (pseudo-)random selection

	      freespace-most
		     backend with the most (total) free	space (KiB)

	      freespace-percent-most
		     backend whose partition has the most free space (%)

	      freespace-percent-weighted
		     same as for partition selection, comparing	the free space
		     (%) of the	least used partition of	each backend

	      freespace-percent-weighted-delta
		     same as for partition selection, comparing	the free space
		     (%) of the	least used partition of	each backend.

		     Allowed values:  random,  freespace-most,	freespace-per-
		     cent-most,	  freespace-percent-weighted,	freespace-per-
		     cent-weighted-delta

	  serverlist_select_usage_reinit: 0
	      For a given session, number of operations	(e.g.  backend	selec-
	      tion) for	which backend usage data are cached.

	  serverlist_select_soft_usage_limit: 0
	      Limit  of	backend	usage (%): if a	backend	is over	that limit, it
	      is automatically excluded	from selection mode.

	      If all backends are over that limit, this	feature	 is  not  used
	      anymore.

	  servername: <none>
	      This  is	the  hostname  visible in the greeting messages	of the
	      POP, IMAP	and LMTP daemons. If it	is unset, then the result  re-
	      turned from gethostname(2) is used.  This	is also	the value used
	      by murder	clusters to identify the host name.  It	should be  re-
	      solvable by DNS to the correct host, and unique within an	active
	      cluster.	If you are using low  level  replication  (e.g.	 drbd)
	      then  it should be the same on each copy and the DNS name	should
	      also be moved to the new master on failover.

	  serverinfo: on
	      The server information to	display	in the greeting	and capability
	      responses. Information is	displayed as follows:
		 "off" = no server information in the greeting or capabilities

		 "min"	= servername in	the greeting; no server	information in
		 the capabilities

		 "on" =	servername and product version in the greeting;	 prod-
		 uct version in	the capabilities

		 Allowed values: off, min, on

	  sharedprefix:	Shared Folders
	      If using the alternate IMAP namespace, the prefix	for the	shared
	      namespace.  The hierarchy	delimiter will	be  automatically  ap-
	      pended.

	  sieve_allowreferrals:	1
	      If  enabled,  timsieved will issue referrals to clients when the
	      user's scripts reside on a remote	server (in a Murder).	Other-
	      wise, timsieved will proxy traffic to the	remote server.

	  sieve_duplicate_max_expiration: 90d
	      Maximum expiration time for duplicate message tracking records.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  sieve_extensions: fileinto reject vacation  vacation-seconds	notify
	  include  envelope  environment body relational regex subaddress copy
	  date index imap4flags	mailbox	mboxmetadata servermetadata  variables
	  editheader extlists duplicate	ihave fcc special-use redirect-dsn re-
	  direct-deliverby mailboxid vnd.cyrus.log vnd.cyrus.jmapquery snooze
	      Space-separated list of Sieve extensions allowed to be  used  in
	      sieve scripts, enforced at submission by timsieved(8).  Any pre-
	      viously installed	script will be unaffected by this  option  and
	      will  continue  to  execute  regardless  of the extensions used.
	      This option has no effect	on options that	are disabled  at  com-
	      pile  time  (e.g.,  "regex").  Allowed values: fileinto, reject,
	      vacation,	vacation-seconds, notify, include, envelope,  environ-
	      ment,  body,  relational,	 regex,	subaddress, copy, date,	index,
	      imap4flags=imapflags,  mailbox,  mboxmetadata,   servermetadata,
	      variables,  editheader,  extlists,  duplicate,  ihave, fcc, spe-
	      cial-use,	   redirect-dsn,    redirect-deliverby,	    mailboxid,
	      vnd.cyrus.log=x-cyrus-log,     vnd.cyrus.jmapquery=x-cyrus-jmap-
	      query, snooze=vnd.cyrus.snooze=x-cyrus-snooze

	  sieve_maxscriptsize: 32
	      Maximum size (in kilobytes) any sieve script can be, enforced at
	      submission by timsieved(8).

	  sieve_maxscripts: 5
	      Maximum  number  of sieve	scripts	any user may have, enforced at
	      submission by timsieved(8).

	  sieve_utf8fileinto: 0
	      If enabled, the  sieve  engine  expects  folder  names  for  the
	      fileinto	action	in  scripts  to	use UTF8 encoding.  Otherwise,
	      modified UTF7 encoding should be used.

	  sieve_sasl_send_unsolicited_capability: 0
	      If enabled, timsieved will emit a	capability  response  after  a
	      successful   SASL	  authentication,   per	  draft-martin-manage-
	      sieve-12.txt .

	  sieve_use_lmtp_reject: 1
	      Enabled by default.  If reject can be done via LMTP, then	return
	      a	550 rather than	generating the bounce message in Cyrus.

	  sieve_vacation_min_response: 3d
	      Minimum  time  interval  between consecutive vacation responses,
	      per draft-ietf-vacation-seconds.txt.  The	default	is 3 days.

	      For backward compatibility, if no	unit is	specified, seconds  is
	      assumed.

	  sieve_vacation_max_response: 90d
	      Maximum  time  interval  between consecutive vacation responses,
	      per draft-ietf-vacation-seconds.txt.  The	default	 is  90	 days.
	      The minimum is 7 days.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  sievedir: /usr/sieve
	      If sieveusehomedir is false,  this  directory  is	 searched  for
	      Sieve scripts.

	  sievenotifier: <none>
	      Notifyd(8) method	to use for "SIEVE" notifications.  If not set,
	      "SIEVE" notifications are	disabled.

	      This method is only used when no	method	is  specified  in  the
	      script.

	  sieveusehomedir: 0
	      If enabled, lmtpd	will look for Sieve scripts in user's home di-
	      rectories: ~user/.sieve.

	  anysievefolder: 0
	      It must be "yes" in order	to permit the autocreation of any  IN-
	      BOX   subfolder	requested  by  a  sieve	 filter,  through  the
	      "fileinto" action. (default = no)

	  singleinstancestore: 1
	      If enabled, imapd, lmtpd and nntpd attempt  to  only  write  one
	      copy of a	message	per partition and create hard links, resulting
	      in a potentially large disk savings.

	  skiplist_always_checkpoint: 1
	      If enabled, this option forces the skiplist cyrusdb  backend  to
	      always  checkpoint  when doing a recovery.  This causes slightly
	      more IO, but on the other	hand leads  to	more  efficient	 data-
	      bases, and the entire file is already "hot".

	  skiplist_unsafe: 0
	      If  enabled,  this option	forces the skiplist cyrusdb backend to
	      not sync writes to the disk.  Enabling this option is NOT	RECOM-
	      MENDED.

	  smtp_backend:	sendmail
	      The SMTP backend to use for sending email.

	      The "host" backend sends message submissions via a TCP socket to
	      the SMTP host defined in the config option smtp_host.

	      The "sendmail" backend forks the Cyrus  process  into  the  exe-
	      cutable  defined	in the config option sendmail.	The executable
	      must accept "-bs"	as command line	argument, read from stdin  and
	      must  implement  the minimum SMTP	protocol as defined in section
	      4.5.1 of RFC 5321.

	      If the SMTP EHLO command reports AUTH (RFC 4954) as a  supported
	      extension,  then the MAIL	FROM command includes the AUTH parame-
	      ter, with	its value set to the name of  any  authenticated  user
	      which  triggered the email. The AUTH parameter is	omitted	if the
	      user is unknown to the calling process.

	      If the directory configdirectory/log/smtpclient.smtp_backend ex-
	      ists,  then  telemetry  logs  for	outgoing SMTP sessions will be
	      created in this directory.

	      Allowed values: host, sendmail

	  smtp_host: localhost:587
	      The SMTP host to use for sending mail (also see the smtp_backend
	      option). The value of this option	must the name or IP address of
	      a	TCP host, followed optionally by a colon and the port or  ser-
	      vice  to	use.  The default port is 587. TLS may be activated by
	      appending	"/tls" to the  value.  Authentication  is  enabled  if
	      smtp_auth_authname is set. Authentication	can be explicitly dis-
	      abled by appending "/noauth" to the host address.

	  smtp_auth_authname: <none>
	      The authentication name to use when authenticating to  the  SMTP
	      server defined in	smtp_host.

	  smtp_auth_password: <none>
	      The  password  to	use when authenticating	to the SMTP server de-
	      fined in smtp_host.

	  smtp_auth_realm: <none>
	      The authentication SASL realm to use when	 authenticating	 to  a
	      SMTP server.

	  soft_noauth: 1
	      If  enabled, lmtpd returns temporary failures if the client does
	      not successfully authenticate.  Otherwise	lmtpd  returns	perma-
	      nent failures (causing the mail to bounce	immediately).

	  sortcache_db:	twoskip
	      The  cyrusdb  backend to use for caching sort results (currently
	      only used	for xconvmultisort) Allowed values: skiplist, twoskip,
	      zeroskip

	  specialuse_extra: <none>
	      Whitespace  separated  list of extra special-use attributes that
	      can be set on a mailbox. RFC  6154  currently  lists  what  spe-
	      cial-use	attributes can be set. This allows extending that list
	      in the future or adding your own if needed.

	  specialuse_protect: \Archive \Drafts \Important \Junk	\Sent \Trash
	      Whitespace separated list	of special-use attributes  to  protect
	      the  mailboxes  for.   If	 set, don't allow mailboxes with these
	      special use attributes to	be deleted or renamed to have  a  dif-
	      ferent parent. Default is	the built-in list

	  specialusealways: 1
	      If  enabled,  this  option causes	LIST and LSUB output to	always
	      include the XLIST	"special-use" flags

	  sql_database:	<none>
	      Name of the database which contains the cyrusdb table(s).

	  sql_engine: <none>
	      Name of the SQL engine to	use.

	      Allowed values: mysql, pgsql, sqlite

	  sql_hostnames: <empty	string>
	      Comma separated list of SQL servers (in host[:port] format).

	  sql_passwd: <none>
	      Password to use for authentication to the	SQL server.

	  sql_user: <none>
	      Username to use for authentication to the	SQL server.

	  sql_usessl: 0
	      If enabled, a secure connection will be made to the SQL server.

	  srs_alwaysrewrite: 0
	      If true, perform SRS rewriting for ALL forwarding, even when not
	      required.

	  srs_domain: <none>
	      The  domain  to use in rewritten addresses. This must point only
	      to machines which	know the encoding secret used by this  system.
	      When present, SRS	is enabled.

	  srs_hashlength: 0
	      The hash length to generate in a rewritten address.

	  srs_secrets: <none>
	      A	list of	secrets	with which to generate addresses.

	  srs_separator: <none>
	      The  separator  to appear	immediately after SRS[01] in rewritten
	      addresses.

	  srvtab: <empty string>
	      The pathname of srvtab file containing the server's private key.
	      This  option is passed to	the SASL library and overrides its de-
	      fault setting.

	  submitservers: <none>
	      A	 list  of  users  and  groups  that  are  allowed  to  resolve
	      "urlauth=submit+"	 IMAP  URLs,  separated	 by  spaces.  Any user
	      listed in	this will be allowed to	 fetch	the  contents  of  any
	      valid "urlauth=submit+" IMAP URL:	use with caution.

	  subscription_db: flat
	      The cyrusdb backend to use for the subscriptions list.

	      Allowed values: flat, skiplist, twoskip, zeroskip

	  suppress_capabilities: <none>
	      Suppress	the  named  capabilities from any capability response.
	      Use the exact case as it appears in the  response,  e.g.	 "sup-
	      press_capabilities:  ESEARCH QRESYNC WITHIN XLIST	LIST-EXTENDED"
	      if you have a murder with	2.3.x backends and don't want  clients
	      being confused by	new capabilities that some backends don't sup-
	      port.

	  statuscache: 0
	      Enable/disable the imap status cache.

	  statuscache_db: twoskip
	      The cyrusdb backend to use for the imap status cache.

	      Allowed values: skiplist,	sql, twoskip, zeroskip

	  statuscache_db_path: <none>
	      The absolute path	to the statuscache db file.  If	not specified,
	      will be configdirectory/statuscache.db

	  sync_authname: <none>
	      The  authentication  name	 to  use when authenticating to	a sync
	      server.  Prefix with a channel name to only apply	for that chan-
	      nel

	  sync_batchsize: 8192
	      the  number  of  messages	to upload in a single mailbox replica-
	      tion.  Default is	8192.  If there	are more than this  many  mes-
	      sages  appended  to  the	mailbox,  generate a synthetic partial
	      state and	send that.

	  sync_cache_db: twoskip
	      The cyrusdb backend to use for the replication cache.

	      Allowed values: skiplist,	sql, twoskip, zeroskip

	  sync_cache_db_path: <none>
	      The path for the replication cache.  Prefix with a channel  name
	      to apply for that	channel.  NOTE,	it's quite important to	have a
	      different	one per	backend!

	  sync_host: <none>
	      Name of the  host	 (replica  running  sync_server(8))  to	 which
	      replication actions will be sent by sync_client(8).  Prefix with
	      a	channel	name to	only apply for that channel

	  sync_log: 0
	      Enable  replication  action  logging  by	 lmtpd(8),   imapd(8),
	      pop3d(8),	 and  nntpd(8).	 The log {configdirectory}/sync/log is
	      used by sync_client(8) for "rolling" replication.

	  sync_log_chain: 0
	      Enable replication action	logging	by sync_server as well,	allow-
	      ing  chaining  of	 replicas.   Use  this	on 'B' for A =>	B => C
	      replication layout

	  sync_log_channels: <none>
	      If specified, log	all events to multiple log files  in  directo-
	      ries specified by	each "channel".	 Each channel can then be pro-
	      cessed separately, such as by multiple sync_client(8)s in	a mesh
	      replication  scheme,  or by squatter(8) for rolling search index
	      updates.

	      You can use "" (the two-character	string U+22 U+22) to mean  the
	      default sync channel.

	  sync_log_unsuppressable_channels: squatter
	      If  specified,  the named	channels are exempt from the effect of
	      setting sync_log_chain:off, i.e. they are	always	logged	to  by
	      the  sync_server	process.   This	is only	really useful to allow
	      rolling search indexing on a replica.

	  sync_password: <none>
	      The default password  to	use  when  authenticating  to  a  sync
	      server.  Prefix with a channel name to only apply	for that chan-
	      nel

	  sync_port: <none>
	      Name of the service (or port number) of the replication  service
	      on  replica  host.  Prefix with a	channel	name to	only apply for
	      that channel.  If	not specified, and if sync_try_imap is set  to
	      "yes"  (the default), then the replication client	will first try
	      "imap" (port 143)	to check if imapd supports replication.	  oth-
	      erwise it	will default to	"csync"	(usually port 2005).

	  sync_realm: <none>
	      The  authentication  realm  to use when authenticating to	a sync
	      server.  Prefix with a channel name to only apply	for that chan-
	      nel

	  sync_repeat_interval:	1s
	      Minimum interval between replication runs	in rolling replication
	      mode. If a replication run takes longer than this	time,  we  re-
	      peat  immediately.  Prefix with a	channel	name to	only apply for
	      that channel.

	      For backward compatibility, if no	unit is	specified, seconds  is
	      assumed.

	  sync_rightnow_channel: <none>
	      if  set,	run  sync_client to this channel immediately.  As with
	      channels,	set this value to '""' to sync the default channel!

	  sync_shutdown_file: <none>
	      Simple latch used	to tell	sync_client(8)	that  it  should  shut
	      down at the next opportunity. Safer than sending signals to run-
	      ning processes.  Prefix with a channel name to  only  apply  for
	      that channel

	  sync_timeout:	30m
	      How long to wait for a response before returning a timeout fail-
	      ure when talking to a replication	peer (client or	server).   The
	      minimum duration is 3 seconds, the default is 30 minutes.

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  sync_try_imap: 1
	      Whether sync_client should try to	perform	an IMAP	connection be-
	      fore falling back	to csync.  If this is set to "no", sync_client
	      will only	use csync.  Prefix with	a channel name to  apply  only
	      for that channel

	  syslog_prefix: <none>
	      String  to  be  prepended	to the process name in syslog entries.
	      Can be further overridden	by  setting  the  $CYRUS_SYSLOG_PREFIX
	      environment variable.

	      Using  the $CYRUS_SYSLOG_PREFIX environment variable has the ad-
	      ditional advantage that it can be	set before the	imapd.conf  is
	      read,  so	 errors	while reading the config file can be syslogged
	      with the correct prefix.

	  syslog_facility: <none>
	      Configure	a syslog facility.  The	default	is  whatever  is  com-
	      piled in.	 Allowed values	are: DAEMON, MAIL, NEWS, USER, and LO-
	      CAL0 through to LOCAL7

	  tcp_keepalive: 0
	      Enable keepalive on TCP connections

	  tcp_keepalive_cnt: 0
	      Number of	TCP keepalive probes to	send before declaring the con-
	      nection dead (0 == system	default)

	  tcp_keepalive_idle: 0
	      How  long	 a connection must be idle before keepalive probes are
	      sent (0 == system	default).

	      For backward compatibility, if no	unit is	specified, seconds  is
	      assumed.

	  tcp_keepalive_intvl: 0
	      Time between keepalive probes (0 == system default).

	      For  backward compatibility, if no unit is specified, seconds is
	      assumed.

	  temp_path: /tmp
	      The pathname to store temporary files in.	It is  recommended  to
	      use an in-memory filesystem such as tmpfs	for this path.

	  telemetry_bysessionid: 0
	      If true, log by sessionid	instead	of PID for telemetry

	  timeout: 32m
	      The  length  of  the  IMAP server's inactivity autologout	timer.
	      The minimum value	is 30 minutes.	The default is 32 minutes,  to
	      allow a bit of leeway for	clients	that try to NOOP every 30 min-
	      utes.

	      For backward compatibility, if no	unit is	specified, minutes  is
	      assumed.

	  imapidletimeout: <none>
	      Timeout  for  idling  clients  (RFC  2177).  If not set (the de-
	      fault), the value	of "timeout" will be used instead.

	      For backward compatibility, if no	unit is	specified, minutes  is
	      assumed.

	  tls_ca_file: <none>
	      Deprecated in favor of tls_client_ca_file.

	  tls_ca_path: <none>
	      Deprecated in favor of tls_client_ca_dir.

	  tlscache_db: twoskip
	      Deprecated in favor of tls_sessions_db.

	  tlscache_db_path: <none>
	      Deprecated in favor of tls_sessions_db_path.

	  tls_cert_file: <none>
	      Deprecated in favor of tls_server_cert.

	  tls_cipher_list: DEFAULT
	      Deprecated in favor of tls_ciphers.

	  tls_ciphers: DEFAULT
	      The  list	of SSL/TLS ciphers to allow.  The format of the	string
	      (and definition of "DEFAULT") is described in ciphers(1).

	      See also Mozilla's server-side TLS recommendations:

	      https://wiki.mozilla.org/Security/Server_Side_TLS

	  tls_crl_file:	<none>
	      Path to a	file containing	the Certificate	Revocation List

	  tls_client_ca_dir: <none>
	      Path to a	directory containing the CA certificates used to  ver-
	      ify client SSL certificates used for authentication.

	  tls_client_ca_file: <none>
	      Path  to	a file containing the CA certificate(s)	used to	verify
	      client SSL certificates used for authentication.

	  tls_client_cert: <none>
	      File containing the certificate presented	to a  server  for  au-
	      thentication during STARTTLS. A value of "disabled" will disable
	      this server's use	of certificate-based authentication.

	  tls_client_certs: optional
	      Disable ("off"), allow ("optional", default)  or	require	 ("re-
	      quire")  the  use	of SSL certificates by clients to authenticate
	      themselves.  Allowed values: off,	optional, require

	  tls_client_key: <none>
	      File containing the private key belonging	to the tls_client_cert
	      certificate.  A  value  of "disabled" will disable this server's
	      use of certificate-based authentication.

	  tls_eccurve: prime256v1
	      The elliptic curve used for  ECDHE.  Default  is	NIST  Suite  B
	      prime256.	  See 'openssl ecparam -list_curves' for possible val-
	      ues.

	  tls_key_file:	<none>
	      Deprecated in favor of tls_server_key.

	  tls_required:	0
	      If enabled, require a TLS/SSL encryption layer to	be  negotiated
	      prior  to	 ANY authentication mechanisms being advertised	or al-
	      lowed.

	  tls_prefer_server_ciphers: 0
	      Prefer the ciphers on the	server side instead of client side.

	  tls_server_ca_dir: <none>
	      Path to a	directory with CA certificates used to verify certifi-
	      cates offered by the server, when	cyrus acts as client. This di-
	      rectory must have	filenames with the hashed value	 of  the  cer-
	      tificates	(see openssl(1)).

	  tls_server_ca_file: <none>
	      Path  to	a  file	containing CA certificates used	to verify cer-
	      tificates	offered	by the server, when cyrus acts as client.

	  tls_server_cert: <none>
	      File containing the certificate, including the full chain,  pre-
	      sented to	clients.  Two certificates can be set, e.g RSA and EC,
	      if the filenames are separated with comma	without	spaces.

	  tls_server_dhparam: <none>
	      File containing the DH parameters	belonging to  the  certificate
	      in tls_server_cert.

	  tls_server_key: <none>
	      File  containing the private key belonging to the	certificate in
	      tls_server_cert.	If not set, tls_server_cert must contain  both
	      private  and public key.	Two files with keys can	be set,	if two
	      certificates are used, in	which case the files must be separated
	      with comma without spaces

	  tls_sessions_db: twoskip
	      The cyrusdb backend to use for the TLS cache.

	      Allowed values: skiplist,	sql, twoskip, zeroskip

	  tls_sessions_db_path:	<none>
	      The absolute path	to the TLS sessions db file. If	not specified,
	      will be configdirectory/tls_sessions.db

	  tls_session_timeout: 24h
	      The length of time that a	TLS session will be cached  for	 later
	      reuse.   The  maximum  value  is	24 hours, also the default.  A
	      value of 0 will disable session caching.

	      For backward compatibility, if no	unit is	specified, minutes  is
	      assumed.

	  tls_versions:	tls1_0 tls1_1 tls1_2 tls1_3
	      A	 list  of  SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS
	      starts with all protocols, and subtracts protocols not  in  this
	      list.  Newer  versions  of SSL/TLS will need to be added here to
	      allow them to get	disabled.

	  uidl_format: cyrus
	      Choose the format	 for  UIDLs  in	 pop3.	 Possible  values  are
	      "uidonly",  "cyrus",  "dovecot" and "courier".  "uidonly"	forces
	      the old default of UID, "cyrus" is UIDVALIDITY.UID.  Dovecot  is
	      8	 digits	 of  leading  hex  (lower  case) each UID UIDVALIDITY.
	      Courier is UIDVALIDITY-UID.   Allowed  values:  uidonly,	cyrus,
	      dovecot, courier

	  umask: 077
	      The umask	value used by various Cyrus IMAP programs.

	  userdeny_db: flat
	      The cyrusdb backend to use for the user access list.

	      Allowed values: flat, skiplist, sql, twoskip, zeroskip

	  userdeny_db_path: <none>
	      The  absolute  path  to the userdeny db file.  If	not specified,
	      will be configdirectory/user_deny.db

	  username_tolower: 1
	      Convert usernames	to all lowercase before	 login/authentication.
	      This  is	useful	with authentication backends which ignore case
	      during username lookups (such as LDAP).

	  userprefix: Other Users
	      If using the alternate IMAP namespace, the prefix	for the	 other
	      users  namespace.	 The hierarchy delimiter will be automatically
	      appended.

	  unix_group_enable: 1
	      Should we	look up	groups when using auth_unix (disable  this  if
	      you  are	not using groups in ACLs for your IMAP server, and you
	      are using	auth_unix with a backend (such as LDAP)	that can  make
	      getgrent() calls very slow)

	  unixhierarchysep: 1
	      Use  the	UNIX  separator	character '/' for delimiting levels of
	      mailbox hierarchy.  Turn off to use the netnews separator	 char-
	      acter '.'. Note that with	the newnews separator, no dots may oc-
	      cur in mailbox names.  The default switched in 3.0 from  off  to
	      on.

	  virtdomains: off
	      Configure	virtual	domain support.

	      off    Cyrus does	not know or care about domains.	Only the local
		     part of email addresses is	ever considered.  This is  not
		     recommended  for any deployment, but is currently the de-
		     fault.

	      userid The user's	domain is  determined  by  splitting  a	 fully
		     qualified	userid	at the last '@'	or '%' symbol.	If the
		     userid is unqualified, the	defaultdomain  will  be	 used.
		     This  is  the  recommended	 configuration for all deploy-
		     ments.  If	you wish to provide calendaring	 services  you
		     must use this configuration.

	      on     Fully  qualified  userids are respected, as per "userid".
		     Unqualified userids will have their domain	determined  by
		     doing  a reverse lookup on	the IP address of the incoming
		     network interface,	or if no record	is found, the default-
		     domain will be used.

		     Allowed values: off, userid, on

	  virusscan_notification_subject: Automatically	deleted	mail
	      The  text	 used in the subject of	email notifications created by
	      cyr_virusscan(8) when deleting infected mail.

	  virusscan_notification_template: <none>
	      The absolute path	to a file containing a template	to use to  de-
	      scribe  infected	messages that have been	deleted	by cyr_viruss-
	      can(8).  See cyr_virusscan(8) for	specification of the format of
	      this  file.  If not specified, the builtin default template will
	      be used.

	  xbackup_enabled: 0
	      Enable support for the XBACKUP command in	 imapd.	  If  enabled,
	      admin  users  can	 use  this command to provoke a	replication of
	      specified	users to the named backup channel.

	  xlist-flag: <none>
	      Set the special-use flag flag on the specified folder when it is
	      autocreated  (see	the autocreate_inbox_folders option).  For ex-
	      ample, if	xlist-junk: Spam is set, and the folder	 Spam  is  au-
	      tocreated, the special-use flag \Junk will be set	on it.

	      (This  option  is	 so  named for backward	compatibility with old
	      config files.)

	  lmtp_catchall_mailbox: <none>
	      Mail sent	to mailboxes which do not exist, will be delivered  to
	      this  user.  NOTE: This must be an existing local	user name with
	      an INBOX,	NOT an email address!

	  zoneinfo_db: twoskip
	      The cyrusdb backend to use for zoneinfo.	This database is  used
	      by  the "tzdist" httpmodules, and	is managed by ctl_zoneinfo(8).
	      Allowed values: flat, skiplist, twoskip, zeroskip

	  zoneinfo_db_path: <none>
	      The absolute path	to the zoneinfo	db file.   If  not  specified,
	      will be configdirectory/zoneinfo.db

	  zoneinfo_dir:	<none>
	      The absolute path	to the zoneinfo	directory, containing timezone
	      definitions as generated by the vzic tool.   If  not  specified,
	      whatever definitions libical finds will be used.

	      If you are providing a Time Zone Data Distribution Service (i.e.
	      you have "tzdist"	listed in httpmodules),	then  this  configura-
	      tion option MUST be specified.

	  object_storage_enabled: 0
	      Is  Object  storage  enabled  for	this server.  You also need to
	      have archiving enabled and  archivepartition  for	 the  mailbox.
	      Only email files will be stored on object	Storage	archive	parti-
	      tion will	be used	to store any other files

	  object_storage_dummy_spool: <none>
	      Dummy object storage spool; this is for test only.  Spool	 where
	      user  directory  (container) will	be created to store all	emails
	      in a flat	structure

	  openio_namespace: <none>
	      The OpenIO namespace used	to store archived  email  messages.  A
	      namespace	 identifies  the physical platform cyrus must contact.
	      This directive is	used by	the OpenIO's SDK to locate  its	 plat-
	      form entry point.

	  openio_account: <none>
	      The  OpenIO  account used	to account for stored emails. Accounts
	      are unique in their namespace. They provides virtual partitions,
	      with quotas and QoS features.

	  openio_rawx_timeout: 30s
	      The  OpenIO  timeout  to	query to the RAWX services (default 30
	      sec).

	  openio_proxy_timeout:	5s
	      The OpenIO timeout to query to the  PROXY	 services  (default  5
	      sec).

	  openio_autocreate: 0
	      Allow  the  OpenIO SDK to	autocreate containers. Mainly destined
	      to be turned on development  environments.  In  production,  the
	      container	should have been provisioned with the mailboxes.

	  openio_verbosity: <none>
	      Sets  the	 logging  verbosity of the OpenIO's internal behavior.
	      Admissible values	are:  "warning",  "notice",  "info",  "debug",
	      "trace",	"quiet".   The	default	verbosity is "warning".	Set to
	      "notice" for a few lines on a per-client basis.  Set  to	"info"
	      for  a  few  lines on a per-request basis. Set to	"debug"	Set to
	      "trace" to activate the underlying  libcurl  debug  output.  En-
	      abling  a	 verbosity  higher  to equal than "debug" requires the
	      cyrus to be set in debug mode. The special  "quiet"  value  dis-
	      ables all	kinds of logging at the	GLib level.

	  caringo_hostname: <none>
	      The  Caringo  hostname  used to store archived email messages. A
	      hostname identifies the physical platform	 cyrus	must  contact.
	      This  directive is used by the Caringo's SDK (CastorSDK: Caringo
	      Simple Content Storage Protocol (SCSP) on	HTTP 1.1 using a REST-
	      ful architecture

	  caringo_port:	80
	      The  port	 of  the caringo server	(caringo_hostname); default is
	      80.

	  fastmailsharing: 0
	      If enabled, use FastMail style sharing  (oldschool  full	server
	      paths)

SEE ALSO
	  imapd(8),  pop3d(8),	nntpd(8),  lmtpd(8),  httpd(8),	 timsieved(8),
	  idled(8), notifyd(8),	deliver(8), master(8), ciphers(1)

AUTHOR
       The Cyrus Team

COPYRIGHT
       1993-2018, The Cyrus Team

3.4.1				 May 10, 2021			 IMAPD.CONF(5)

NAME | DESCRIPTION | FIELD DESCRIPTIONS | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=imapd.conf&sektion=5&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help