# $NetBSD: imapd.conf,v 1.1.1.1 2004/01/18 12:42:12 recht Exp $
#
# Cyrus IMAP server configuration file.  Refer to imapd.conf(5) for
# more options.

configdirectory: /var/imap
partition-default: /export/mail/spool
#sieveusehomedir: true
# Or, from the pkgsrc example conf file:
sieveusehomedir: false
sievedir: /export/mail/sieve
hashimapspool: false
expunge_mode: delayed
allowplaintext: false
# Consider plaintextloginalert: Some message
# Help with kempt transition? sasl_auto_transition

admins: cyrus cyradm

# Use the saslauthd daemon to verify plaintext passwords.  Please ensure that
# the saslauthd daemon is running before trying to authenticate.
#
# This is what this file had as given:
#sasl_pwcheck_method: saslauthd
sasl_keytab: /var/imap/krb5.keytab
sasl_pwcheck_method: auxprop
#servername: imap.kempt.net
# Note: The sasl_keytab bit doesn't work with Solaris's krb5 implementation.
# (No gsskrb5_register_acceptor_identity or krb5_gss_register_acceptor_identity)
# Instead, I set the environment variable KRB5_KTNAME in the SMF manifest.

# The server certificate and key files must be specified for the
# server to repond to IMAPS or POP3S requests.  See imapd.conf(5) for
# a complete listing of tls_* options.
#
tls_cert_file: /var/imap/imap-cert.pem
tls_key_file: /var/imap/imap-key.pem
tls_ca_path: /etc/openssl/ca-certs
#tls_ca_file: /etc/openssl/cacerts.pem
tls_ca_file: /etc/openssl/cacert.pem
# Separate cert and key for pop.kempt.net:
tls_pop3_cert_file: /var/imap/pop-cert.pem
tls_pop3_key_file: /var/imap/pop-key.pem

# Other tuning
#
# Since getgrent() can be slow here (because we use Hesiod), and we're not
# using Unix groups in ACLs, it's best to turn this off:
unix_group_enable: false
# Our sendmail is in /usr/lib. This will be important if we ever start using
# Sieve, which can send email in some instances (redirect, vacation).
sendmail: /usr/lib/sendmail