annotation_definitions and other options in imapd.conf

Adam Tauno Williams awilliam at
Wed Dec 3 07:53:56 EST 2014

Quoting Patrick Goetz <pgoetz at>:
> This is from the imapd.conf man page:
>    annotation_definitions: <none>
>      File containing external (third-party) annotation definitions.
> - Does anyone have any idea what this means or what this is used for?

Defining custom annotation strings?  The server does not let you stuff  
anything the client wants into the annotation database, it has to be a  
an approved string.

> Also, there are any number of options in imapd.conf that don't make any
> sense to me.  For example,
>    auth_mech:
> - Isn't this handled by SASL?

Partially, yes.  Don't forget that identity management is AAA - three  
As, not one.  Authorization, Authentication, Accounting.

>    autocreatequota:
>      If  nonzero,  normal  users  may create their own IMAP accounts by
>      creating the mailbox INBOX.  The user's quota is set to the  value
>      if it is positive, otherwise the user has unlimited quota.
> - How can you create an INBOX if you don't already have an IMAP account?

There is no such thing as an "IMAP account" (again AAA not A).  You  
authenticate to the IMAP server, and then you create a mailbox.  Or  
the administrator has provisioned one of the auto-create patches.

>    defaultacl: anyone lrs
>      The Access Control List (ACL) placed on a newly-created
>      (non-user) mailbox that does not have a parent mailbox.
> - That sounds interesting; how does one go about creating a non-user
> mailbox?

??? A shared mailbox.  See "sharedprefix".   I suggest you need to  
spend a bit more time with Cyrus and general IMAP documentation.

>    implicit_owner_rights: lkxa:
>      The implicit Access Control List (ACL) for the owner of a mailbox.
> - Why wouldn't the default include t?  It seems weird that owners can
> deleted mailboxes but not messages by default.

I've never had occasion to set such a directive.  But some people have  
bizarre configurations or need to support broken e-mail clients.

>    ldap_* options
>   - Again, I thought all authentication is handled by SASL?

Again, it is AAA not A.

> In the debian version of /etc/cyrus.con, this comment appears:
>    # this is only necessary if idlemethod is set to "idled" in imapd.conf
>    #idled      cmd="idled"
> - idlemethod is not a listed option in `man imapd.conf`

Is this a current version of Cyrus?  I suspect this is a bit of Debian  

More information about the Info-cyrus mailing list