annotation_definitions and other options in imapd.conf

Sven Schwedas sven.schwedas at
Wed Dec 3 08:10:20 EST 2014

On 2014-12-03 13:38, Patrick Goetz wrote:
> This is from the imapd.conf man page:
>    annotation_definitions: <none>
>      File containing external (third-party) annotation definitions.
> - Does anyone have any idea what this means or what this is used for?

IMAP annotations are described here:

Given it needs client support to be useful at all, probably a case of
"don't touch it if you don't already know what it means, or were
explicitly instructed to".

> Also, there are any number of options in imapd.conf that don't make any 
> sense to me.  For example,
>    auth_mech:
> - Isn't this handled by SASL?

Apparently this can be used to bypass sasl and directly use
LDAP/Kerberos for authentication.

>    autocreatequota:
>      If  nonzero,  normal  users  may create their own IMAP accounts by
>      creating the mailbox INBOX.  The user's quota is set to the  value
>      if it is positive, otherwise the user has unlimited quota.
> - How can you create an INBOX if you don't already have an IMAP account?

If you use SASL to plug in external user sources, you can have an "IMAP
account" without already having an inbox. This allows users to create
one themselves, otherwise an admin needs to create them for the users
(which should be the normal case, to ensure mails are properly received
before the user's first login…).

>    defaultacl: anyone lrs
>      The Access Control List (ACL) placed on a newly-created
>      (non-user) mailbox that does not have a parent mailbox.
> - That sounds interesting; how does one go about creating a non-user 
> mailbox?

Via Cyrus' perl module or cyradm, e.g.

>    implicit_owner_rights: lkxa:
>      The implicit Access Control List (ACL) for the owner of a mailbox.
> - Why wouldn't the default include t?  It seems weird that owners can 
> deleted mailboxes but not messages by default.

The owner can't even see mails by default! Those are all
_administrative_ rights, content access has to be enabled manually (so
an administrative account can create user mailboxes without accidentally
getting access to their mails, I suppose).

>    ldap_* options
>   - Again, I thought all authentication is handled by SASL?

Should be. The (mostly undocumented) PTLoader thingie allows plugging in
alternative methods (see above).

> In the debian version of /etc/cyrus.con, this comment appears:
>    # this is only necessary if idlemethod is set to "idled" in imapd.conf
>    #idled      cmd="idled"
> - idlemethod is not a listed option in `man imapd.conf`

It's Debian specific, cf. /usr/share/doc/cyrus-common/README.Debian.gz

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at | +43 (0)680 301 7167

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : 

More information about the Info-cyrus mailing list