1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
|
#---------------------------------------------------------------------
# Sample Qpopper 4.0 configuration file.
#
# This file lists all Qpopper configuration file options. To use,
# copy the desired setting to your own configuration file, remove
# the leading '#' and set the desired value.
#
#---------------------------------------------------------------------
# An integer value for the number of seconds to announce in
# the CAPA response for the server's minimum login delay.
#
# Default:
#
# set announce-login-delay =
# An integer value for the number of days to announce in
# the CAPA response for the server's maximum message
# retention period.
#
# Default:
#
# set announce-expire =
# The full path to the bulletins directory.
#
# Default: /var/spool/bulls
#
# set bulldir = "/var/spool/bulls"
# Set TRUE to permit sessions to continue even if the
# bulletins database can't be accessed. This permits
# users to get their mail, but they might not see some
# bulletins for a while, or at all.
#
# Only valid when compiled with '--enable-bulldb'.
#
# Default: false.
#
# set bulldb-nonfatal = false
# Sets the maximum number of attempts to lock the bulletins
# database. You normally do not need to adjust this. This value
# should only be changed if you know if your system has usleep(3C)
# or not. On systems with usleep(3C), this can be a large value
# (the default is 75). On systems without usleep(3C), this should
# remain small (the default is 10).
#
# Only valid when compiled with '--enable-bulldb'.
#
# Default: 75 (10 on systems without usleep(3c)).
#
# set bulldb-max-tries = 75
# Sets clear text handling options. Values are:
# o 'default' Clear text passwords are permitted for all users,
# except those in the APOP database
# o 'never' Clear text passwords are never permitted
# o 'always' Clear text passwords are always permitted
# o 'local' Clear text passwords are permitted on the local
# (127.*.*.*) loop back interface only
# o 'tls' Clear text passwords are permitted when TLS/SSL
# has been negotiated for the session
# o 'ssl' Same as tls
#
# The 'tls' and 'ssl' values are only valid if '--with-openssl' or
# '--with-sslplus' was used with ./configure.
#
# Default: default
#
# set clear-text-password = default
# Reads additional run-time options from the specified file.
#
# Caution. There are no restrictions on which options may
# appear in files specified with the '-f' command-line flag
# or the 'config-file' configuration file option in files
# chained from -f. Be certain that the file specified with
# '-f' or in any files it chains to are not writable by
# users.
#
# Default: none
#
# set config-file = /etc/mail/pop/qpopper.config
# Enables debug logging. Output is in syslog. If this option is used,
# it should be first, so that debug records are generated for subsequent
# options.
#
# Only valid if ./configure was run with '--enable-debugging'
#
# Default: false
#
# set debug = false
# Changes uppercase user names to lowercase. This permits users to
# configure their clients with user names in UPPER or MiXeD case.
# They can then login, assuming their actual user name is all
# lowercase.
#
# Default: false
#
# set downcase-user = false
# If '--with-drac' used with ./configure, this option specifies the DRAC
# host.
#
# Default: localhost
#
# set drac-host = localhost
# Enables Kerberos support.
#
# Only valid if ./configure run with '--enable-kerberos5'.
#
# Default: false
#
# set kerberos = false
# Specifies the Kerberos service to use (same as the compile time
# KERBEROS_SERVICE define). The default is rcmd, although the use of
# pop is popular.
#
# Only valid if ./configure run with '--enable-kerberos5'.
#
# Default: rcmd
#
# set kerberos-service = "rcmd"
# Checks if mail lock needs to be refreshed every this many messages.
#
# You normally do not need to adjust this. See "Performance" in the
# Qpopper Administrator's Guide for more information.
#
# Default:
#
# set mail-lock-check =
# Disables the reverse lookups on client IP addresses.
#
# Default: true
#
# set reverse-lookup = true
# Enables server mode by default. See the Qpopper Administrator's
# Guide for more information.
#
# Default: false
#
# set server-mode = false
# Enables statistics logging. After each session ends, a statistics
# record is written to the log. This record resembles the following
# example: 'stats randy 0 0 1 385 randy.example.org 192.168.2.4' and
# has the following meaning:
# Username: 'randy'
# Deleted messages: 0
# Deleted octets: 0
# Messages left on server: 1
# Octets left on server: 385
# Name of client machine: 'randy.example.org'
# IP address of client machine: '192.168.2.4'
#
# Default: false
#
# set statistics = false
# Sets the timeout for network reads. Qpopper terminates the
# connection with the client if no input is received in this
# many seconds. RFC 1939 states that this timeout must be
# 600 seconds (10 minutes). However, ideal settings in some
# cases are between 30 and 120 seconds. In other cases the 600
# value is best, and sometimes a value in between is better.
#
# Default: 120
#
# set timeout = 120
# Enables debug logging if '--enable-debugging' was used with
# ./configure. All debug and standard log records are written to
# the specified file. If this option is used, it should be first,
# so that debug records are generated for subsequent options.
#
# If used without '--enable-debugging', redirects all log messages
# to the specified file but does not enable debug logging.
#
# Default: none
#
# set tracefile =
# Reads additional run-time options from a file named
# '.qpopper-options' in the user's home directory, if present.
#
# This file is normally owned by the user.
#
# Default: false
#
# set user-options = false
# Reads additional run-time options from a file named
# 'username.qpopper-options' in the spool directory.
#
# This file should not be owned by nor writable by the user.
#
# Default: false
#
# set spool-options = false
# When updating the spool at the end of a session, this option
# instructs Qpopper to rename the temporary file to the spool instead
# of copying it. This reduces I/O at session end by a third, but is
# likely to break programs such as biff or the shell's mail check
# feature. Use this option only if such programs are not used. It is
# safest to only enable this option when users do not have shell
# access to the mail server.
#
# See "Performance" in the Qpopper Administrator's Guide for more
# information.
#
# Default: false
#
# set fast-update = false
# When set, domains are trimmed from user names before use. For
# example, if a user named 'maida' enters her login name in her POP
# client as 'maida@example.org', Qpopper treats this as just 'maida'.
#
# Default: false
#
# set trim-domain = false
# Specifies TLS/SSL support. The permitted values are:
# o 'default' TLS/SSL is not supported
# o 'none' Same as default
# o 'stls' Enables support for the STLS command. This
# permits TLS/SSL negotiations on the
# standard (or any) port, allowing the same
# port to be used by TLS/SSL and regular
# clients.
# o 'alternate-port' Enables alternate-port TLS/SSL. Some older
# clients require this. (The usual port for
# alternate-port TLS/SSL with pop is 995.)
#
# Only valid when '--with-openssl' or '--with-sslplus' used with
# ./configure
#
# Default: default
#
# set tls-support = default
# Specifies the permitted cipher suites. See the OpenSSL documentation
# for syntax. You normally do not need to set this.
#
# Only valid when '--with-openssl' used with ./configure
#
# Default:
#
# set tls-cipher-list =
# Restricts the version of TLS/SSL recognized in session negotiations.
# You normally do not need to set this. Supported values are:
# o 'default' (same as SSLv23)
# o 'SSLv2' Forces Qpopper only to understand SSLv2 client hello
# messages.
# o 'SSLv3' Forces Qpopper only to understand SSLv3 client hello
# messages. This especially means that it does not
# understand SSLv2 client hello messages, which are
# widely used for compatibility reasons.
# o 'TLSv1' Forces Qpopper only to understand TLSv1 client hello
# messages. This especially means that it does not
# understand SSLv2 client hello messages, which are
# widely used for compatibility reasons. It also does
# not understand SSLv3 client hello messages.
# o 'SSLv23' Allows Qpopper to understand SSLv2, SSLv3, and TLSv1
# client hello messages. This is the best choice when
# compatibility is a concern. This is the default
# value.
# o 'all' (same as SSLv23)
#
# Only valid when '--with-openssl' used with ./configure
#
# Default: default
#
# set tls-version = default
# Specifies the file containing the server's TLS/SSL certificate and
# encrypted private key.
#
# Only valid if '--with-sslplus' used with ./configure.
#
# Default: none
#
# set tls-identity-file =
# Specifies the passphrase to decrypt the server's private key (in the
# identify file).
#
# Only valid if '--with-sslplus' used with ./configure.
#
# Default: none
#
# set tls-passphrase =
# Specifies the file which contains the server's TLS/SSL certificate.
# This file may also contain the server's unencrypted private key.
#
# Only valid if '--with-openssl' used with ./configure
#
# Default: none
#
#
# set tls-server-cert-file = /etc/mail/certs/cert.pem
# Specifies a file which contains the server's TLS/SSL private key.
# Note: This private key must not be encrypted.
#
# If the private key is contained in the same file as the certificate
# (as specified with tls-server-cert-file), you do not need to set
# this option.
#
# Only valid if '--with-openssl' used with ./configure
#
# Default: none
#
# set tls-private-key-file =
# When set, Qpopper writes a log record at the end of a session
# containing the elapsed time for the session authentication,
# initialization. and cleanup.
#
# Default: false
#
# set timing = false
# When set, Qpopper checks for old .user.pop files in old locations
# when hash-spool or homedirmail is used. When reset, Qpopper skips
# this check, which speeds things up.
#
# Default: true
#
# set check-old-spool-loc = true
# When set, Qpopper checks for and creates if needed the hashed spool
# directories. When reset, Qpopper doesn't check for or create the
# hashed spool directories. Set to false if you precreate the
# directories.
#
# Default: true
#
# set check-hash-dir = true
# When set, Qpopper checks for expired passwords (if the platform
# permits). When reset, Qpopper omits this check.
#
# Default: true
#
# set check-password-expired = true
# Determines whether Qpopper updates the read/unread status of
# messages (a feature relied on by some mail clients). Also
# determines if Qpopper saves the message's unique identifier
# (UID) in the spool.
#
# When reset, it forces the UID for every message to be
# recalculated, using more CPU but potentially less I/O.
#
# See the "Performance" section of the Qpopper Administrator's Guide
# for more information.
#
# Default: true
#
# set update-status-headers = true
# Determines whether Qpopper enters update state when a session
# aborts. Resetting this option causes Qpopper to ignore any
# deletions if the session is aborted.
#
# Note that RFC 1939, section 6 prohibits the default behavior,
# but experience showed that otherwise users on noisy lines were
# often unable to delete their mail. Reset this option to inhibit
# the default behavior, and obey RFC 1939, but watch for users who
# download the same messages over and over, or whose spools fill up.
#
# Default: true
#
# set update-on-abort = true
# When set, Qpopper automatically and unconditionally deletes messages
# that have been downloaded using the RETR command (the normal command
# for accessing messages).
#
# Caution: This option could result in lost mail. Be sure to
# inform your users that the option is in effect before enabling.
#
# Default: false
#
# set auto-delete = false
# When set, Qpopper shows bulletins to users by groups (the group name
# is the second dot-separated element in each bulletin's name). See
# "Using Bulletins" in the Qpopper Administrator's Guide for more
# information. Use a group name of 'ALL' for all users.
#
# Default: false
#
# set group-bulletins = false
# When set to a 1 or 2, the subdirectory for the mail spools is
# determined from the user name by either (1) hashing the first four
# characters or (2) by using directories equal to the first letter and
# the second letter (if any). For example, if the spool directory is
# '/var/mail', the spool file for user 'maida' would be:
# '/var/mail/maida' hash-spool = 0
# '/var/mail/o/maida' hash-spool = 1
# '/var/mail/m/a/maida' hash-spool = 2
#
# See the "Performance" section of the Qpopper Administrator's Guide
# for more information.
#
# Default: 0
#
# set hash-spool = 0
# To have the user's home directory be the spool location, set this
# option to be the correct file name for the spool.
#
# Default: none
#
# set home-dir-mail = ".mail"
# When set, instructs Qpopper to generate message unique identifiers
# (UIDs) using old (pre-3.x) style encoding. This is useful only if
# you also set 'update-status-headers' to false, have existing users
# with old (pre-3.x) spool files, and you want to keep the UIDs the
# same.
#
# Default: false
#
# set old-style-uid = false
# When set, Qpopper checks for and hides status messages created by
# University of Washington software.
#
# Default: false
#
# set UW-kluge = false
# When set, Qpopper keeps (does not delete) the '.user.pop' file (the
# temporary drop file). Normally this file is deleted when the
# session ends. Some sites like to retain it to determine the last
# time a user has accessed his or her mail.
#
# Default: false
#
# set keep-temp-drop = false
# When set, causes server mode to be on for users who are members of
# the specified group. See the "Enabling Server Mode" and
# "Performance" sections of the Qpopper Administrator's Guide for more
# information.
#
# Default: none
#
# set group-server-mode =
# When set, causes server mode to be off for users who are members of
# the specified group. See the "Enabling Server Mode" and
# "Performance" sections of the Qpopper Administrator's Guide for more
# information.
#
# Default: none
#
# set group-no-server-mode =
# Specifies a file that permits only users listed in the file to have
# Qpopper access. The format is a list of user names, one per line.
#
# Default: none
#
# set auth-file =
# Specifies a file that denies access to users listed in the file.
# The format is a list of user names, one per line.
#
# Default: none
#
# set nonauth-file =
# Set this option if you don't want Qpopper to display its version in
# the POP protocol banner or CAPA IMPLEMENTATION response of
# unauthenticated users.
# Some sites believe this improves security since it avoids advertising
# that an old version (perhaps with known vulnerabilities) is being
# used. Others feel is makes the site more likely to be attacked,
# since it also avoids advertising when running a secure version.
#
# Default: false
#
# set shy = false
# Set this to the full path to sendmail or other such program used to
# submit new messages. Qpopper uses this to implement XTND XMIT.
#
# The default is determined at compile time.
#
#
# set mail-command = /usr/sbin/sendmail
# Set this to the full path to the mail spool directory.
#
# The default is determined at compile time.
#
# set spool-dir = /var/spool/mail
# If you do not want '.user.pop' (temporary drop files) to be in the
# spool directory, set this to the full path to the directory to be
# used for temp drop files. Note that use of /tmp is not recommended,
# because a system reboot will wipe out the files. This could cause
# lost mail.
#
# Default: spool directory
#
# set temp-dir =
# The name of the temporary drop files. You should not normally set
# this option.
#
# Default: ".%s.pop"
#
# set temp-name = ".%s.pop"
# If you do not want user cache files to be in the same directory as
# temporary drop files, set this to the full path to the directory for
# cache files. Note that use of /tmp is not recommended, because a
# system reboot wipes out the files.
#
# Default: temp-dir
#
# set cache-dir =
# The name of the cache files. You should not normally set this
# option.
#
# Default: ".%s.cache"
#
# set cache-name = ".%s.cache"
# Specifies the maximum number of old bulletins seen by new users.
#
# Default: 1
#
# set max-bulletins = 1
# When set, Qpopper uses a method of opening lock files that may work
# over NFS. This has not been thoroughly tested, however.
#
# Default: false
#
# set no-atomic-open = false
# Qpopper sends network output to client in small chunks (for example,
# line-by-line when sending a message). By default, Qpopper
# aggregates data to be sent to clients in large chunks. This may be
# faster or slower, depending on specifics of both the client and
# server hardware and networking stacks as wel as network elements in
# between (such as routers). Also, some networking stacks do their
# own aggregation.
#
# Under congested network conditions, larger packets increase the
# incidence of lost packets and thus client or server timeouts,
# leading to "POP timeout" or "EOF" errors.
#
# When TLS/SSL is in effect, smaller packets increase the overhead
# needed to send data, which may result in worse performance.
#
# You can adjust the Qpopper behavior by setting this option. The
# values are:
# o 'default' Always send large chunks
# o 'always' Same as 'default'
# o 'never' Never aggregate data into large chunks
# o 'tls' Only aggregate data into large chunks when TLS/SSL
# has been negotiated for the session
# o 'ssl' Same as 'tls'
#
# Default: default
#
# set chunky-writes = default
# Specifies the log facility that Qpopper uses.
#
# Note that this does not apply to popauth, nor to the daemon in
# standalone mode. These continue to use the compile-time default.
#
# Values are:
# o 'mail' Qpopper logs to LOG_MAIL facility.
# o 'local0' Qpopper logs to LOG_LOCAL0 facility.
# o 'local1' Qpopper logs to LOG_LOCAL1 facility.
# o 'local2' Qpopper logs to LOG_LOCAL2 facility.
# o 'local3' Qpopper logs to LOG_LOCAL3 facility.
# o 'local4' Qpopper logs to LOG_LOCAL4 facility.
# o 'local5' Qpopper logs to LOG_LOCAL5 facility.
# o 'local6' Qpopper logs to LOG_LOCAL6 facility.
# o 'local7' Qpopper logs to LOG_LOCAL7 facility.
#
# Default: determined at compile time, usually LOG_LOCAL0 or
# LOG_MAIL, depending on the operating system.
#
# set log-facility = local1
# When set, Qpopper logs successful authentications using the
# specified string. Within the string, an occurrence of '%0' is
# replaced with the Qpopper version, '%1' with the user name, '%2'
# with the user's host name, and '%3' with the user's IP address.
#
# Default: none, unless '--enable-log-login' used with ./configure,
# in which case "(v%0) POP login by user /"%1/" at (%2) %3" is used.
#
# set log-login = "(v%0) POP login by user /"%1/" at (%2) %3"
|