##VERSION: $Id: esmtpd.dist.in,v 1.21 2005/02/21 04:05:53 mrsam Exp $
#
#
# esmtpd created from esmtpd.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
#  Copyright 1998 - 2004 Double Precision, Inc.  See COPYING for
#  distribution information.
#
#  This configuration file sets various options for Courier's esmtpd server.
#  It is started by couriertcpd, Courier's TCP server.
#  A lot of the stuff here is documented in the manual page for couriertcpd.

##NAME: PATH:0
#
#  Specify the default PATH that everything inherits.

PATH=/usr/bin:/bin:/usr/bin:/usr/local/bin

##NAME: SHELL:0
#
#  The default shell

SHELL=/bin/sh

##NAME: ULIMIT:0
#
#  Sets the maximum size of courieresmtpd's data segment
#

ULIMIT=4096

##NAME: BOFHCHECKDNS:0
#
#  Comment out the following line in order to accept mail with a bad
#  return address.

BOFHCHECKDNS=1

##NAME: BOFHNOEXPN:1
#
#  Set BOFHNOEXP to 1 to disable EXPN

BOFHNOEXPN=1

##NAME: BOFHNOVRFY:1
#
#  Set BOFHNOVERIFY to disable VRFY

BOFHNOVRFY=1

##NAME: NOADDMSGID:0
#
#  The following environment variables keep Courier from adding
#  default Date: and Message-ID: header to messages which do not have them.
#  If you would like to add default headers only for mail from certain
#  IP address ranges, you can override them in couriertcpd access file,
#  see couriertcpd(8).

NOADDMSGID=1

##NAME: NOADDDATE:0
#

NOADDDATE=1

##NAME: ESMTP_LOG_DIALOG:0
#
#  If set, log the esmtp dialog.

ESMTP_LOG_DIALOG=0

##NAME: AUTH_REQUIRED:0
#
# Set AUTH_REQUIRED to 1 in order to force the client to use ESMTP
# authentication.  You can override AUTH_REQUIRED on a per-IP address basis
# using smtpaccess.  See makesmtpaccess(8).

AUTH_REQUIRED=0

#########################################################################
#
##NAME: COURIERTLS:0
#
# The following variables configure ESMTP STARTTLS.  If OpenSSL is available
# during configuration, the couriertls helper gets compiled, and upon
# installation a dummy TLS_CERTFILE gets generated.  courieresmtpd will
# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
# and COURIERTLS exist.
#
# WARNING: Peer certificate verification has NOT yet been tested.  Proceed
# at your own risk.  Only the basic SSL/TLS functionality is known to be
# working. Keep this in mind as you play with the following variables.

COURIERTLS=/usr/bin/couriertls

##NAME: ESMTP_TLS_REQUIRED:0
#
# Set ESMTP_TLS_REQUIRED to 1 if you REQUIRE SSL/TLS to be used for receiving
# mail.  Setting it here will require it for every connection.  You can also
# set ESMTP_TLS_REQUIRED in the smtpaccess file, see makesmtpaccess(8) for
# more information
#
# ESMTP_TLS_REQUIRED=1

##NAME: TLS_PROTOCOL:0
#
# 
# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# SSL2 - SSLv2
# SSL3 - SSLv3
# TLS1 - TLS1

TLS_PROTOCOL=SSL3

##NAME: TLS_CIPHER_LIST:0
#
# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"

# TLS_TIMEOUT is currently not implemented, and reserved for future use.
# This is supposed to be an inactivity timeout, but its not yet implemented.

##NAME: TLS_DHCERTFILE:0
#
# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
# you must generate a DH pair that will be used.  In most situations the
# DH pair is to be treated as confidential, and the file specified by
# TLS_DHCERTFILE must not be world-readable.
#
# TLS_DHCERTFILE=

##NAME: TLS_CERTFILE:0
#
# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/etc/courier/esmtpd.pem

##NAME: TLS_CERTINFO:0
#
# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
# certificates are signed by specific certificate authorities, set
# TLS_OURCACERT to the name of the file containing the certificate root keys,
# or set TLS_PEERCERTDIR to the name of the directory containing
# the certificate root keys.
#
# For convenience's sake, Courier installs a default set of root certificates
# (which has been swiped from Mozilla's CVS tree :-) ).  Before enabling
# certificate verification, you should examine all the certificates in the
# following directory.  ANY certificate signed by ANY root cert in
# TLS_PEERCERTDIR will be accepted
#
# TLS_PEERCERTDIR=/usr/lib/courier/rootcerts
# TLS_OURCACERT=

##NAME: TLS_VERIFYPEER:0
#
# TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
# this setting are:
#
# NONE - do not verify anything
#
# PEER - verify the peer certificate, if one's presented
#
# REQUIREPEER - require a peer certificate, fail if one's not presented
#
# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
# will usually set TLS_VERIFYPEER to REQUIREPEER.
#
TLS_VERIFYPEER=NONE


##NAME: MAILUSERGROUP:0
#
#  Mail user and group

MAILUSER=daemon
MAILGROUP=daemon

##NAME: ADDRESS:0
#
#  Address to listen on, can be set to a single IP address.
#
#  ADDRESS=127.0.0.1

##NAME: PORT:1
#
#  PORT specified the port number to listen on.  The standard "smtp" port
#  is port 25.
#
#  Multiple port numbers can be separated by commas.  When multiple port
#  numbers are used it is possibly to select a specific IP address for a
#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
#  The ADDRESS setting, if given, is a default for ports that do not have
#  a specified IP address.

PORT=smtp

##NAME: BLACKLISTS:1
#
#  Blacklists we query.
#
#  The BLOCK environment variable is automatically enforced by submit.
#  Nobody really does anything about BLOCK2, this is mainly for use by
#  plug-in mail filters.  If you want Courier to unilaterally block
#  mail from IP addresses listed on the RBL and RSS, and you have a separate
#  filter that keys off BLOCK2, uncomment the following.  If you want
#  to unilaterally block everything on the RBL and RSS, just replaced BLOCK2
#  with BLOCK.  DUL can be added too...
#
# BLACKLISTS='-block=blackholes.mail-abuse.org,BLOCK -block=relays.mail-abuse.org,BLOCK2'

BLACKLISTS=""

##NAME: ACCESSFILE:1
#
#  Access file: $ACCESSFILE - plain text file/dir, $ACCESSFILE.dat - compiled
#  database.
#

ACCESSFILE=${sysconfdir}/smtpaccess

##NAME: MAXDAEMONS:0
#
#  Maximum number of daemons started
#

MAXDAEMONS=40

##NAME: MAXPERC:0
#
#  Maximum number of connections accepted from the same C address block
#

MAXPERC=5

##NAME: MAXPERID:0
#
#
#  Maximum number of connections accepted from the same IP address

MAXPERIP=5

##NAME: PIDFILE:0
#
#  File where couriertcpd will save its process ID
#

PIDFILE=/var/run/courier/esmtpd.pid

##NAME: TCPDOPTS:3
#
# TCPDOPTS can contain other couriertcpd options, such as
# -nodnslookup and -noidentlookup.
#

TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger"

##NAME: ESMTPAUTH:4
#
# To enable authenticated SMTP relaying, uncomment the ESMTPAUTH setting,
# below, and set it to ESMTP authentication mechanisms we support.  Currently
# LOGIN and CRAM-MD5 are available:
#
# ESMTPAUTH="LOGIN CRAM-MD5"
#
# You can also try PLAIN, CRAM-SHA1, and CRAM-SHA256.  See INSTALL for more
# information.
#

ESMTPAUTH=""

##NAME: ESMTPAUTH_WEBADMIN:5
#
# ESMTPAUTH_WEBADMIN is used by the webadmin module
#
# Don't touch this setting.

ESMTPAUTH_WEBADMIN="LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"

##NAME: ESMTPAUTHINFOTLS:3
#
# To enable SASL PLAIN authentication when using TLS, uncomment the following.
# To enable SASL PLAIN with or without TLS, just add PLAIN to ESMTPAUTH,
# above:
#
# ESMTPAUTH_TLS="PLAIN LOGIN CRAM-MD5"
#
# ESMTPAUTH_TLS_WEBADMIN is used by the webadmin module

ESMTPAUTH_TLS=""

##NAME: ESMTPAUTH_TLS_WEBADMIN:5

ESMTPAUTH_TLS_WEBADMIN="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"

##NAME: ESMTPDSTART:0
#
# ESMTPDSTART is not referenced anywhere in the standard Courier programs
# or scripts.  Rather, this is a convenient flag to be read by your system
# startup script in /etc/rc.d, like this:
#
#  prefix=/usr
#  exec_prefix=/usr
#  . ${sysconfdir}/esmtpd
#  case x$ESMTPDSTART in
#  x[yY]*)
#        /usr/sbin/esmtpd start
#        ;;
#  esac
#
# The default setting is going to be NO, until Courier is shipped by default
# with enough platforms so that people get annoyed with having to flip it to
# YES every time.

ESMTPDSTART=YES
