I've setup courier-pop and courier-imap, used authldap for
Authentication and when I try to login with
telnet localhost 110
user schabelm
pass <secret>
I get -ERR Login failed
In my logfile I get sometimes
Connection, ip=[::ffff:127.0.0.1]
chdir: No such file or directory
and most times
Connection, ip=[::ffff:127.0.0.1]
LOGIN FAILED, ip=[::ffff:127.0.0.1]
The Maildirs are stored in /var/mail/<user>/Maildir, /var/spool/mail is
a symlink to /var/mail.
In LDAP I store the following [skipped]:
uid: schabelm
homeDirectory: /home/schabelm
loginShell: /bin/bash
mailMessageStore: schabelm/Maildir
mailbox: schabelm/Maildir
mailQuota: 8388608
userPassword: {crypt}<encryptedpassword>
Any hints?
Here are my config-files for courier:
##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc. See COPYING for
# distribution information.
#
# authdaemonrc created from authdaemonrc.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# This file configures authdaemond, the resident authentication daemon.
#
# Comments in this file are ignored. Although this file is intended to
# be sourced as a shell script, authdaemond parses it manually, so
# the acceptable syntax is a bit limited. Multiline variable contents,
# with the \ continuation character, are not allowed. Everything must
# fit on one line. Do not use any additional whitespace for indentation,
# or anything else.
##NAME: authmodulelist:0
#
# The authentication modules that are linked into authdaemond. The
# default list is installed. You may selectively disable modules simply
# by removing them from the following list. The available modules you
# can use are: authcustom authcram authuserdb authldap authmysql authpam
authmodulelist="authldap authpam"
##NAME: authmodulelistorig:1
#
# This setting is used by Courier's webadmin module, and should be left
# alone
authmodulelistorig="authcustom authcram authuserdb authldap authmysql authpam"
##NAME: daemons:0
#
# The number of daemon processes that are started. authdaemon is typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them running.
# PLEASE NOTE: Some platforms may experience a problem if there's more than
# one daemon. Specifically, SystemV derived platforms that use TLI with
# socket emulation. I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases. Symptoms
# include sporadic authentication failures. If you start getting
# authentication failures, increase daemons. However, the default of 5
# SHOULD be sufficient. Bumping up daemon count is only a short-term
# solution. The permanent solution is to add more resources: RAM, faster
# disks, faster CPUs...
daemons=5
##NAME: version:0
#
# When you have multiple versions of authdaemond.* installed, authdaemond
# just picks the first one it finds. Set "version" to override that.
# For example: version=authdaemond.plain
version=""
##NAME: authdaemonvar:0
#
# authdaemonvar is here, but is not used directly by authdaemond. It's
# used by various configuration and build scripts, so don't touch it!
authdaemonvar=/var/run/courier/authdaemon
##VERSION: $Id: authldaprc,v 1.15 2002/06/11 18:39:01 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc. See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authldaprc created from authldaprc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions. This file
# might contain the LDAP admin password!
#
# This configuration file specifies LDAP authentication parameters
#
# The format of this file must be as follows:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value. No trailing spaces.
#
# Here are the fields:
##NAME: LOCATION:0
#
# Location of your LDAP server:
LDAP_SERVER localhost
LDAP_PORT 389
##NAME: LDAP_BASEDN:0
#
# Look for authentication here:
LDAP_BASEDN ou=People,dc=tgm,dc=ac,dc=at
##NAME: LDAP_BINDDN:0
#
# You may or may not need to specify the following. Because you've got
# a password here, authldaprc should not be world-readable!!!
#LDAP_BINDDN cn=administrator, o=example, c=com
#LDAP_BINDPW toto
##NAME: LDAP_TIMEOUT:0
#
# Timeout for LDAP search
LDAP_TIMEOUT 5
##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords. If LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and password.
# If rebind succeeds, this is considered to be an authenticated request. This
# does not support CRAM-MD5 authentication, which requires userPassword.
#
# WARNING - as of the time this note is written, there are memory leaks in
# OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug
# tracker. Avoid using this option until these leaks are plugged.
#
LDAP_AUTHBIND 1
##NAME: LDAP_MAIL:0
#
# Here's the field on which we query
#LDAP_MAIL mail
LDAP_MAIL uid
##NAME: LDAP_FILTER:0
#
# This LDAP filter will be ANDed with the query for the field defined above
# in LDAP_MAIL. So if you are querying for mail, and you have LDAP_FILTER
# defined to be "(objectClass=CourierMailAccount)" the query that is performed
# will be "(&(objectClass=CourierMailAccount)(mail=<someAccount>))"
#
# LDAP_FILTER (objectClass=CourierMailAccount)
##NAME: LDAP_DOMAIN:0
#
# The following default domain will be appended, if not explicitly specified.
#
# LDAP_DOMAIN example.com
##NAME: LDAP_GLOB_IDS:0
#
# The following two variables can be used to set everybody's uid and gid.
# This is convenient if your LDAP specifies a bunch of virtual mail accounts
# The values can be usernames or userids:
#
# LDAP_GLOB_UID vmail
# LDAP_GLOB_GID vmail
##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it
LDAP_HOMEDIR homeDirectory
##NAME: LDAP_MAILROOT:0
#
# If homeDirectory is not an absolute path, define the root of the
# relative paths in LDAP_MAILROOT
#
LDAP_MAILROOT /var/mail
##NAME: LDAP_MAILDIR:0
#
# The MAILDIR attribute is OPTIONAL, and specifies the location of the
# mail directory. If not specified, ./Maildir will be used
LDAP_MAILDIR mailDir
##NAME: LDAP_MAILDIRQUOTA:0
#
# The following variable, if defined, specifies the field containing the
# maildir quota, see README.maildirquota for more information
#
# LDAP_MAILDIRQUOTA maildirQuota
##NAME: LDAP_FULLNAME:0
#
# FULLNAME is optional, specifies the user's full name
LDAP_FULLNAME cn
##NAME: LDAP_PW:0
#
# CLEARPW is the clear text password. CRYPT is the crypted password.
# ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and
# libhmac.a is available, CRAM authentication will be possible!
#LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword
##NAME: LDAP_IDS:0
#
# Uncomment the following, and modify as appropriate, if your LDAP database
# stores individual userids and groupids. Otherwise, you must uncomment
# LDAP_GLOB_UID and LDAP_GLOB_GID above. LDAP_GLOB_UID and LDAP_GLOB_GID
# specify a uid/gid for everyone. Otherwise, LDAP_UID and LDAP_GID must
# be defined as attributes for everyone.
#
LDAP_UID uidNumber
LDAP_GID gidNumber
##NAME: LDAP_DEREF:0
#
# Determines how aliases are handled during a search. This option is available
# only with OpenLDAP 2.0
#
# LDAP_DEREF can be one of the following values:
# never, searching, finding, always. If not specified, aliases are
# never dereferenced.
LDAP_DEREF never
##NAME: LDAP_TLS:0
#
# Set LDAP_TLS to 1 to enable LDAP over SSL/TLS. Experimental setting.
# Requires OpenLDAP 2.0
#
LDAP_TLS 0
##NAME: LDAP_EMAILMAP:0
#
# The following optional settings, if enabled, result in an extra LDAP
# lookup to first locate a handle for an E-mail address, then a second lookup
# on that handle to get the actual authentication record. You'll need
# to uncomment these settings to enable an email handle lookup.
#
# The E-mail address must be of the form user@realm, and this is plugged
# into the following search string. "@user@" and "@realm@" are placeholders
# for the user and the realm portions of the login ID.
#
# LDAP_EMAILMAP (&(userid=@user@)(realm=@realm@))
##NAME: LDAP_EMAILMAP_BASEDN:0
#
# Specify the basedn for the email lookup. The default is LDAP_BASEDN.
#
# LDAP_EMAILMAP_BASEDN o=emailmap, c=com
##NAME: LDAP_EMAILMAP_ATTRIBUTE:0
#
# The attribute which holds the handle. The contents of this attribute
# are then plugged into the regular authentication lookup, and you must set
# LDAP_EMAILMAP_MAIL to the name of this attribute in the authentication
# records (which may be the same as LDAP_MAIL).
# You MUST also leave LDAP_DOMAIN undefined. This enables authenticating
# by handles only.
#
# Here's an example:
#
# dn: userid=john, realm=example.com, o=emailmap, c=com # LDAP_EMAILMAP_BASEDN
# userid: john # LDAP_EMAILMAP search
# realm: example.com # LDAP_EMAILMAP search
# handle: cc223344 # LDAP_EMAILMAP_ATTRIBUTE
#
#
# dn: controlHandle=cc223344, o=example, c=com # LDAP_BASEDN
# controlHandle: cc223344 # LDAP_EMAILMAP_MAIL set to "controlHandle"
# uid: ...
# gid: ...
# [ etc... ]
#
# LDAP_EMAILMAP_ATTRIBUTE handle
##NAME: LDAP_EMAILMAP_MAIL:0
#
# After reading LDAP_EMAIL_ATTRIBUTE, the second query will go against
# LDAP_BASEDN, but will key against LDAP_EMAILMAP_MAIL instead of LDAP_MAIL.
#
# LDAP_EMAILMAP_MAIL mail
authdaemon
##VERSION: $Id: imapd.dist.in,v 1.14 2002/06/12 13:55:10 mrsam Exp $
#
# imapd created from imapd.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# Copyright 1998 - 2002 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file sets various options for the Courier-IMAP server
# when used with the couriertcpd server.
# A lot of the stuff here is documented in the manual page for couriertcpd.
#
# NOTE - do not use \ to split long variable contents on multiple lines.
# This will break the default imapd.rc script, which parses this file.
#
##NAME: ADDRESS:0
#
# Address to listen on, can be set to a single IP address.
#
# ADDRESS=127.0.0.1
ADDRESS=0
##NAME: PORT:1
#
# Port numbers that connections are accepted on. The default is 143,
# the standard IMAP port.
#
# Multiple port numbers can be separated by commas. When multiple port
# numbers are used it is possible to select a specific IP address for a
# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
# The previous ADDRESS setting is a default for ports that do not have
# a specified IP address.
PORT=143
##NAME: AUTHSERVICE:0
#
# It's possible to authenticate using a different 'service' parameter
# depending on the connection's port. This only works with authentication
# modules that use the 'service' parameter, such as PAM. Example:
#
# AUTHSERVICE143=imap
# AUTHSERVICE993=imaps
##NAME: MAXDAEMONS:0
#
# Maximum number of IMAP servers started
#
MAXDAEMONS=100
##NAME: MAXPERIP:0
#
# Maximum number of connections to accept from the same IP address
MAXPERIP=8
##NAME: PIDFILE:0
#
# File where couriertcpd will save its process ID
#
PIDFILE=/var/run/courier/imapd.pid
##NAME: TCPDOPTS:0
#
# Miscellaneous couriertcpd options that shouldn't be changed.
#
TCPDOPTS="-nodnslookup -noidentlookup"
##NAME: AUTHMODULES:0
#
# Authentication modules. Here's the default list:
#
# authdaemon
#
# The default is set during the initial configuration.
#
AUTHMODULES="authdaemon"
##NAME: AUTHMODULES_ORIG:0
#
# For use by webadmin
AUTHMODULES_ORIG="authdaemon"
##NAME: IMAP_CAPABILITY:0
#
# IMAP_CAPABILITY specifies what most of the response should be to the
# CAPABILITY command.
#
# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
# authentication (see INSTALL), set IMAP_CAPABILITY as follows:
#
# IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1"
#
# Otherwise, leave it set to the default value. The IDLE keyword can also
# be added, in experimental mode.
#
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES
SORT QUOTA"
##NAME: IMAP_CAPABILITY_ORIG:0
#
# For use by webadmin
IMAP_CAPABILITY_ORIG="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
##NAME: IMAP_IDLE_TIMEOUT:0
#
# If you want to try out the IDLE extension, this setting controls how often
# the server polls for changes to the folder, in IDLE mode (in seconds).
IMAP_IDLE_TIMEOUT=60
##NAME: IMAP_CAPABILITY_TLS:0
#
# The following setting will advertise SASL PLAIN authentication after
# STARTTLS is established. If you want to allow SASL PLAIN authentication
# with or without TLS then just comment this out, and add AUTH=PLAIN to
# IMAP_CAPABILITY
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
##NAME: IMAP_TLS_ORIG:0
#
# For use by webadmin
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
##NAME: IMAP_DISABLETHREADSORT:0
#
# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
# server side sorting and threading.
#
# Those capabilities will still be advertised, but the server will reject
# them. Set this option if you want to disable all the extra load from
# server-side threading and sorting. Not advertising those capabilities
# will simply result in the clients reading the entire folder, and sorting
# it on the client side. That will still put some load on the server.
# advertising these capabilities, but rejecting the commands, will stop this
# silliness.
#
IMAP_DISABLETHREADSORT=0
##NAME: IMAP_CHECK_ALL_FOLDERS:0
#
# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
# mail in every folder. Not all IMAP clients use the IMAP's new mail
# indicator, but some do. Normally new mail is checked only in INBOX,
# because it is a comparatively time consuming operation, and it would be
# a complete waste of time unless mail filters are used to deliver
# mail directly to folders.
#
# When IMAP clients are used which support new mail indication, and when
# mail filters are used to sort incoming mail into folders, setting
# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
# mail in folders. Note that this will result in slightly more load on the
# server.
#
IMAP_CHECK_ALL_FOLDERS=0
##NAME: IMAP_OBSOLETE_CLIENT:0
#
# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
# what \\HasNoChildren really means.
IMAP_OBSOLETE_CLIENT=0
##NAME: IMAP_ULIMITD:0
#
# IMAP_ULIMITD sets the maximum size of the data segment of the server
# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
# command. The argument to ulimit -d sets the upper limit on the size
# of the data segment of the server process, in kilobytes. The default
# value of 65536 sets a very generous limit of 64 megabytes, which should
# be more than plenty for anyone.
#
# This feature is used as an additional safety check that should stop
# any potential denial-of-service attacks that exploit any kind of
# a memory leak to exhaust all the available memory on the server.
# It is theoretically possible that obscenely huge folders will also
# result in the server running out of memory when doing server-side
# sorting (by my calculations you have to have at least 100,000 messages
# in a single folder, for that to happen).
IMAP_ULIMITD=65536
##NAME: IMAP_USELOCKS:0
#
# Set IMAP_USELOCKS to 1 if you experience weird problems when using IMAP
# clients that open multiple connections to the server. I would hope that
# most IMAP clients are sane enough not to issue commands to multiple IMAP
# channels which conflict with each other.
#
IMAP_USELOCKS=0
##NAME: IMAP_EMPTYTRASH:0
#
# The following setting is optional, and causes messages from the given
# folder to be automatically deleted after the given number of days.
# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default
# setting, below, purges 7 day old messages from the Trash folder.
# Another useful setting would be:
#
# IMAP_EMPTYTRASH=Trash:7,Sent:30
#
# This would also delete messages from the Sent folder (presumably copies
# of sent mail) after 30 days. This is a global setting that is applied to
# every mail account, and is probably useful in a controlled, corporate
# environment.
#
# You might want to disable this setting in certain situations - it results
# in a stat() of every file in each folder, at login and logout.
#
IMAP_EMPTYTRASH=Trash:7
##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0
#
# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
# effectively allows an undo of message deletion by fishing the deleted
# mail from trash. Trash can be manually expunged as usually, and mail
# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
#
# NOTE: shared folders are still expunged as usual. Shared folders are
# not affected.
#
IMAP_MOVE_EXPUNGE_TO_TRASH=1
##NAME: OUTBOX:0
#
# The next set of options deal with the "Outbox" enhancement.
# Uncomment the following setting to create a special folder, named
# INBOX.Outbox
#
# OUTBOX=.Outbox
##NAME: SENDMAIL:0
#
# If OUTBOX is defined, mail can be sent via the IMAP connection by copying
# a message to the INBOX.Outbox folder. For all practical matters,
# INBOX.Outbox looks and behaves just like any other IMAP folder. If this
# folder doesn't exist it must be created by the IMAP mail client, just
# like any other IMAP folder. The kicker: any message copied or moved to
# this folder is will be E-mailed by the Courier-IMAP server, by running
# the SENDMAIL program. Therefore, messages copied or moved to this
# folder must be well-formed RFC-2822 messages, with the recipient list
# specified in the To:, Cc:, and Bcc: headers. Courier-IMAP relies on
# SENDMAIL to read the recipient list from these headers (and delete the Bcc:
# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the
# message piped on standard input. $SENDER will be the return address
# of the message, which is set by the authentication module.
#
# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.
#
SENDMAIL=/usr/sbin/sendmail
##NAME: HEADERFROM:0
#
# For administrative and oversight purposes, the return address, $SENDER
# will also be saved in the X-IMAP-Sender mail header. This header gets
# added to the sent E-mail (but it doesn't get saved in the copy of the
# message that's saved in the folder)
#
# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive
# the magic OUTBOX treatment. Therefore advance LARTing is in order for
# _all_ of your lusers, until every one of them is aware of this. Otherwise if
# OUTBOX is left at its default setting - a folder name that might be used
# accidentally - some people may be in for a rude surprise. You can redefine
# the name of the magic folder by changing OUTBOX, above. You should do that
# and pick a less-obvious name. Perhaps brand it with your organizational
# name ( OUTBOX=.WidgetsAndSonsOutbox )
HEADERFROM=X-IMAP-Sender
##NAME: IMAPDSTART:0
#
# IMAPDSTART is not used directly. Rather, this is a convenient flag to
# be read by your system startup script in /etc/rc.d, like this:
#
# . /usr/libexec/imapd.config
#
# case x$IMAPDSTART in
# x[yY]*)
# /usr/libexec/imapd.rc start
# ;;
# esac
#
# The default setting is going to be NO, so you'll have to manually flip
# it to yes.
IMAPDSTART=YES
##VERSION: $Id: ldapaddressbook.dist,v 1.1 2000/12/10 18:02:12 mrsam Exp $
#
# ldapaddressbook created from ldapaddressbook.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# This is a list of some public LDAP address books. This is a global
# list -- all clients will have this list by default.
#
##NAME: ldapaddressbook:0
Bigfoot ldap.bigfoot.com 389 c=US
Infospace ldap.infospace.com 389 c=US
Netscape Netcenter memberdir.netscape.com 389
ou=member_directory,o=netcenter.com ou=people,o=netcenter.com
WhoWhere ldap.whowhere.com 389 c=US
##VERSION: $Id: ldapaliasrc.dist,v 1.3 2001/07/07 21:09:24 mrsam Exp $
#
# ldapaliasrc created from ldapaliasrc.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# Copyright 2000 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file configures the courierldapaliasd process.
#
# courierldapaliasd, essentially, is an implementation of aliasing against
# an LDAP directory. See the makealiases(8) manual page for the description
# of aliasing. Aliasing, essentially, is rerouting mail addressed to one
# address to another address. Mail headers are not touched, only the
# the recipient address is rewritten. Here's how it works.
# Courier receives a recipient address of [EMAIL PROTECTED], and issues an
# LDAP search for "[EMAIL PROTECTED]". If the LDAP search returns a
# record, the "maildrop" attribute specifies the address to use instead of
# [EMAIL PROTECTED] For example:
#
# dn: [EMAIL PROTECTED], dc=example.com
# mail: [EMAIL PROTECTED]
# maildrop: [EMAIL PROTECTED]
#
# Multiple maildrop attributes are allowed, and the message gets sent to
# each maildrop, essentially implementing a mailing list.
#
# The format of this file must be as follows:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value. No trailing spaces.
#
# Here are the fields:
#
##NAME: LDAP_ALIAS:0
#
# Whether or not use courierldapaliasd at all. Courier is shipped by default
# with courierldapaliasd turned off, and you enable it by setting LDAP_ALIAS
# to 1
LDAP_ALIAS 0
##NAME: LDAP_LOCATION:0
#
# Location of your LDAP server:
LDAP_SERVER localhost
LDAP_PORT 389
##NAME: LDAP_NUMPROCS:0
#
# Number of courierldapaliasd processes to start (there's always an extra
# cleanup process)
LDAP_NUMPROCS 5
##NAME: LDAP_BASEDN:0
#
# LDAP_BASEDN is the base where LDAP search starts from:
LDAP_BASEDN organizationalUnit=maildrops, dc=example.com
##NAME: LDAP_BINDINFO:1
#
# You MAY need to specify the login and password for LDAP. Because you've got
# a password here, authldaprc should not be world-readable!!!
#
LDAP_BINDDN cn=administrator, dc=example.com
LDAP_BINDPW penguin
##NAME: LDAP_TIMEOUT:0
#
# Timeout for the LDAP search.
LDAP_TIMEOUT 5
##NAME: LDAP_MAIL:0
#
# If you want to search on some other attribute, other than "mail", change the
# following:
LDAP_MAIL mail
##NAME: LDAP_MAILDROP:0
#
# If you want to read maildrops from some other attribute, other than
# "maildrop", change the following:
LDAP_MAILDROP maildrop
##NAME: LDAP_SOURCE:1
#
# If you want to create source-specific aliases, define LDAP_SOURCE like this:
#
# Then, for mail received via esmtp, the query would be something like
# (&(mail=[mail])(mailsource=esmtp)). This allows something like this:
#
# LDAP_SOURCE mailsource
#
# dn: mail=staff, dc=example.com
# mail: staff
# mailsource: local
# maildrop: tom
# maildrop: john
# maildrop: steve
#
# So that the address <staff> can only be used locally, a private mailing
# list. If no records are found, the search is repeated as follows:
# (&(mail=[mail])(!(source=*))), which will search records without any
# source attribute.
LDAP_SOURCE
##NAME: LDAP_VIRTUALMAP:1
#
# courierldapaliasd can also map virtual domain to local accounts, like
# makealiases. In makealiases, "@domain.com: luser" results in mail addressed
# to [EMAIL PROTECTED] to be delivered to luser-foobar@localhost. This only
# works for localhost. To enable virtual domain mapping, uncomment the
# following two settings, LDAP_VDOMAIN and LDAP_VUSER:
#
# Then, you'll have something like this:
#
# dn: vdomain=domain.com, dc=example.com
# virtualdomain: vdomain.com
# virtualdomainuser: luser
#
# You can also specify source-based virtual domains, by the way.
#
# LDAP_VDOMAIN virtualdomain
# LDAP_VUSER virtualdomainuser
LDAP_VDOMAIN
LDAP_VUSER
##VERSION: $Id: pop3d.dist.in,v 1.4 2001/07/04 19:32:37 uid26639 Exp $
#
# pop3d created from pop3d.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# Copyright 1998 - 2001 Double Precision, Inc. See COPYING for
# distribution information.
#
# Courier POP3 daemon configuration
#
##NAME: install_prefix:0
#
# This is read by /usr/sbin/pop3d
#
# The following settings shouldn't be changed.
prefix=/usr
exec_prefix=/usr
sbindir="/usr/sbin"
##NAME: PIDFILE:0
#
PIDFILE=/var/run/courier/pop3d.pid
##NAME: MAXDAEMONS:0
#
# Maximum number of POP3 servers started
#
MAXDAEMONS=40
##NAME: MAXPERIP:4
#
# Maximum number of connections to accept from the same IP address
MAXPERIP=4
##NAME: AUTHMODULES:0
#
#########################################################################
##
## Authentication modules which attempt to validate userid/password
## combinations. See authpam(8) for more information. The default set
## is installed at configuration time. You may have to edit the following
## to remove unnecessary authentication modules. In particular, if
## authpam is included in the list below, you will have to remove authpwd
## and authshadow, since their functionality is included in the authpam
## module.
##
#########################################################################
AUTHMODULES="authdaemon"
##NAME: AUTHMODULES_ORIG:0
#
# This setting is for use with webadmin
AUTHMODULES_ORIG="authdaemon"
##NAME: POP3AUTH:1
#
# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
# variable:
#
# POP3AUTH="LOGIN"
#
# If you have configured the CRAM-MD5 or CRAM-SHA1, set POP3AUTH to something
# like this:
#
# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
POP3AUTH="LOGIN"
##NAME: POP3AUTH_ORIG:0
#
# For use by webadmin
POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1"
##NAME: POP3AUTH_TLS:1
#
# To also advertise SASL PLAIN if SSL is enabled, uncomment the
# POP3AUTH_TLS environment variable:
#
# POP3AUTH_TLS="LOGIN PLAIN"
POP3AUTH_TLS=""
##NAME: POP3AUTH_TLS_ORIG:0
#
# For use by webadmin
POP3AUTH_TLS_ORIG="LOGIN PLAIN"
##NAME: PORT:1
#
# Port to listen on for connections. The default is port 110.
#
# Multiple port numbers can be separated by commas. When multiple port
# numbers are used it is possibly to select a specific IP address for a
# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
# The ADDRESS setting is a default for ports that do not have a specified
# IP address.
PORT=110
##NAME: ADDRESS:0
#
# IP address to listen on. 0 means all IP addresses.
ADDRESS=0
##NAME: TCPDOPTS:0
#
# Other couriertcpd(1) options. The following defaults should be fine.
#
TCPDOPTS="-nodnslookup -noidentlookup"
##NAME: POP3DSTART:0
#
# POP3DSTART is not referenced anywhere in the standard Courier programs
# or scripts. Rather, this is a convenient flag to be read by your system
# startup script in /etc/rc.d, like this:
#
# prefix=/usr
# exec_prefix=/usr
# . ${sysconfdir}/pop3d
# case x$POP3DSTART in
# x[yY]*)
# /usr/sbin/pop3d start
# ;;
# esac
#
# The default setting is going to be NO, until Courier is shipped by default
# with enough platforms so that people get annoyed with having to flip it to
# YES every time.
POP3DSTART=YES
