imap - Gromox IMAP server
Name Authentication Synopsis Options Configuration directives (gromox.cfg) Configuration directives (imap.cfg) Files See alsoName
imap — Gromox IMAP server
Authentication
The IMAP server supports impersonation. The username given to the IMAP login normally specifies both the mailbox and the user performing the access. To use a different identity for authentication, prefix the mailbox name by the user identity and separate it with an exclamation mark, e.g. "[email protected][email protected]". Accessing a store in such manner is only possible when the authenticating user has store ownership over the mailbox.
Synopsis
imap [−c config]
Options
−c config
Read configuration directives from the given file. If this option is not specified, /etc/gromox/imap.cfg will be read if it exists.
−−version
Output version information and exit.
|
−? |
Display option summary. |
All time-based command-line options and configuration file directives are subject to the syntax described in gromox(7), section "Duration specifications".
Configuration directives (gromox.cfg)
The following
directives are recognized when reading from
/etc/gromox/gromox.cfg, or when the −c option
is used to specify a custom file:
daemons_fd_limit
In gromox-imap, this is treated as an alias for imap_fd_limit.
imap_fd_limit
Request that the file
descriptor table be at least this large. The magic value 0
indicates that the system default hard limit (rlim_max, cf.
setrlimit(2)) should be used.
Default: 0
imap_accept_haproxy
This directive sets the
expectation for incoming connections to carry
haproxy’s "PROXY" protocol extension version
2 (2), or no such header (0). When a (reverse) proxy is
placed in front of gromox−imap, the address that
gximap normally sees is the proxy address (e.g. ::1). A
proxy can use this protocol extension to convey the actual
client address, and gximap can pick this up for its own
reporting, which in turn is useful for e.g. fail2ban setups.
Default: 0
Configuration directives (imap.cfg)
The following
directives are recognized when reading from
/etc/gromox/imap.cfg, or when the −c option is
used to specify a custom file:
block_interval_auths
The amount of time a user is
blocked from connecting to the service after too many failed
logins.
Default: 1 minute
config_file_path
Colon-separated list of
directories in which further configuration files, especially
those used by plugin instances, will be searched.
Default: /etc/gromox/imap:/etc/gromox
context_average_mem
Default: 128K
context_average_mitem
The expected average upper
bound of number of mails for a folder. Together with
context_num, this directive controls the size of the memory
pool for listings.
Default: 64K
context_num
Maximum number of concurrently
active sessions.
Default: 200
data_file_path
Colon-separated list of
directories in which static data files will be searched.
Default: /usr/share/gromox/imap
default_lang
Default: en
enable_rfc2971_commands
RFC 2971 specifies the
"ID" command with which a client can inquire the
program name and version of the server. This is disabled by
default, as it can facilitate potential attackers’
information gathering.
Default: no
host_id
A unique identifier for this
system. It is used in the IMAP protocol greeting lines
(positive as well as negative). It is furthermore used as a
unique identifier among the set of all midb(8gx) clients to
construct filenames for the MIDB database/EML cache. The
identifier should only use characters allowed for hostnames.
Default: (system hostname)
imap_auth_times
The number of login tries a
user is allowed before the account is blocked.
Default: 10
imap_autologout_time
If an authenticated IMAP
connection is idle for the given period, the connection is
terminated. RFC 2060 §5.4 recommends 30 minutes
minimum. (Connections that have not authenticated are
subject to the regular imap_conn_timeout.)
Default: 30 minutes
imap_certificate_passwd
The password to unlock TLS
certificates.
Default: (unset)
imap_certificate_path
A colon-separated list of TLS
certificate files. The complete certificate chain should be
present (as there is no other config directive to pull CA
certs in, and implicit loading from system directories is
not guaranteed by Gromox).
Default: (unset)
imap_cmd_debug
Log every incoming IMAP command
and the return code of the operation in a minimal fashion to
stderr. Level 1 emits commands that have failed execution,
level 2 emits all commands. (The response text is not
sent to the log, because of size. Deep analysis can be done
with socat/telnet/tcpdump; shallow analysis for end-users is
possible with the protocol-compliant error-reporting MUA
"Alpine" <https://alpineapp.email/>.)
Default: 0
imap_conn_timeout
If an IMAP connection stalls
(writing responses to client) for the given period, the
connection is terminated. If unauthenticated IMAP
connections do not have any activity (requests from clients)
for the given period, the connection is terminated.
Default: 3 minutes
imap_force_tls
This flag controls whether
clients must utilize TLS, either by way of implicit TLS (cf.
imap_listen_tls_port), or through the STARTTLS
command.
Default: false
imap_listen_addr
AF_INET6 socket address to bind
the IMAP service to.
Default: ::
imap_listen_port
The TCP port to expose the IMAP
protocol service on. (The IP address is fixed to the
wildcard address.)
Default: 143
imap_listen_tls_port
The TCP port to expose
implicit-TLS IMAP protocol service (IMAPS) on. (The IP
address is fixed to the wildcard address.)
Default: (unset)
imap_log_file
Target for log messages here.
Special values: "-" (stderr/syslog
depending on parent PID) or "syslog" are
recognized.
Default: - (auto)
imap_log_level
Maximum verbosity of logging.
1=crit, 2=error, 3=warn, 4=notice, 5=info, 6=debug.
Default: 4 (notice)
imap_private_key_path
A colon-separated list of TLS
certificate private key files.
Default: (unset)
imap_rfc9051
Enable RFC 9051 (IMAP 4.2)
related logic and protocol elements.
Default: yes
imap_support_tls
This flag controls the offering
of TLS modes. This affects both the implicit TLS port as
well as the advertisement of the STARTTLS extension and
availability of the STARTTLS command (RFC 2595) to clients.
Default: false
imap_thread_charge_num
Connection load factor
(oversubscription ratio) for a processing thread.
Default: 40
imap_thread_init_num
The initial and also minimum
number of client processing threads to keep around. This is
similar to php-fpm’s start_servers/min_spare_servere.
(The maximum number of threads, i.e. what would be
max_spare_servers, is determined by: context_num divided by
imap_thread_charge_num)
Default: 5
running_identity
An unprivileged user account to
switch the process to after startup.
Default: gromox
tls_min_proto
The lowest TLS version to
offer. Possible values are: tls1.0, tls1.1,
tls1.2, and, if supported by the system,
tls1.3.
Default: tls1.2
Files
|
• |
data_file_path/folder_lang.txt: Translations for IMAP folder names. | ||
|
• |
data_file_path/imap_code.txt: Mapping from internal IMAP error codes to textual descriptions. | ||
|
• |
/usr/lib/gromox/libgxs_*.so: service plugins |
See also
gromox(7), midb_agent(4gx)