-##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$
+##VERSION: $Id: 22aa61750562f69db443f93518080cd1b5d923ea-20170113192021$
#
# imapd-ssl created from imapd-ssl.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
-# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for
+# Copyright 2000 - 2016 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file sets various options for the Courier-IMAP server
#
# OpenSSL:
#
-# SSL3 - SSLv3
-# SSL23 - all protocols (including TLS 1.x protocols)
# TLSv1 - TLS1
# TLSv1.1 - TLS1.1
# TLSv1.2 - TLS1.2
#
-# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
+# TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
# higher protocols.
#
# The default value is TLSv1+
#
# It takes the same values for OpenSSL as TLS_PROTOCOL
-##NAME: TLS_CIPHER_LIST:0
-#
-# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
-# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
-# undefined
-#
-# OpenSSL:
-#
-# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-#
-#
+TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL"
##NAME: TLS_MIN_DH_BITS:0
#
# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
# instead of TLS_DHCERTFILE if this is a garden-variety certificate
#
-# VIRTUAL HOSTS (servers only):
+# VIRTUAL HOSTS ON THE SAME IP ADDRESS.
+#
+# Install each certificate $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to
+# /etc/certificate.pem, then you'll need to install the actual certificate
+# files as /etc/certificate.pem.www.example.com,
+# /etc/certificate.pem.www.domain.com and so on. Then, create a link from
+# $TLS_CERTFILE to whichever certificate you consider to be the main one,
+# for example:
+# /etc/certificate.pem => /etc/certificate.pem.www.example.com
+#
+# IP-BASED VIRTUAL HOSTS:
#
-# Due to technical limitations in the original SSL/TLS protocol, a dedicated
-# IP address is required for each virtual host certificate. If you have
-# multiple certificates, install each certificate file as
+# There may be a need to support older SSL/TLS client that don't support
+# virtual hosts on the same IP address, and require a dedicated IP address
+# for each SSL/TLS host. If so, install each certificate file as
# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address
# for the certificate's domain name. So, if TLS_CERTFILE is set to
# /etc/certificate.pem, then you'll need to install the actual certificate
# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3
# and so on, for each IP address.
#
-# GnuTLS only (servers only):
-#
-# GnuTLS implements a new TLS extension that eliminates the need to have a
-# dedicated IP address for each SSL/TLS domain name. Install each certificate
-# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem,
-# then you'll need to install the actual certificate files as
-# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com
-# and so on.
-#
-# Note that this TLS extension also requires a corresponding support in the
-# client. Older SSL/TLS clients may not support this feature.
-#
-# This is an experimental feature.
+# In all cases, $TLS_CERTFILE needs to be linked to one of the existing
+# certificate files.
TLS_CERTFILE=/etc/courier-imap/imapd.pem
# that open multiple SSL sessions to the server. TLS_CACHEFILE will be
# automatically created, TLS_CACHESIZE bytes long, and used as a cache
# buffer.
-#
-# This is an experimental feature and should be disabled if it causes
-# problems with SSL clients. Disable SSL caching by commenting out the
-# following settings:
TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
TLS_CACHESIZE=524288
-##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$
+##VERSION: $Id: dd1ec1a65ba3ed030069698824a4b3eabc58b455-20170113192021$
#
# pop3d-ssl created from pop3d-ssl.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
-# Copyright 2000-2013 Double Precision, Inc. See COPYING for
+# Copyright 2000-2016 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file sets various options for the Courier-IMAP server
#
# OpenSSL:
#
-# SSL3 - SSLv3
-# SSL23 - all protocols (including TLS 1.x protocols)
# TLSv11 - TLS1
# TLSv1.1 - TLS1.1
# TLSv1.2 - TLS1.2
#
-# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
+# TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
# higher protocols.
#
# The default value is TLSv1+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+#
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STLS
+# extension, as opposed to POP3 over SSL on port 995.
+#
+# It takes the same values for OpenSSL as TLS_PROTOCOL
+
+TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL"
+
##NAME: TLS_CIPHER_LIST:0
#
# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# See GnuTLS documentation, gnutls_priority_init(3) for additional
# documentation.
+##NAME: TLS_STARTTLS_PROTOCOL:0
+#
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
+#
+# It takes the same values for OpenSSL as TLS_PROTOCOL
+
+TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL"
+
##NAME: TLS_MIN_DH_BITS:0
#
# TLS_MIN_DH_BITS=n
# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
# instead of TLS_DHCERTFILE if this is a garden-variety certificate
#
-# VIRTUAL HOSTS (servers only):
+# VIRTUAL HOSTS ON THE SAME IP ADDRESS.
+#
+# Install each certificate $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to
+# /etc/certificate.pem, then you'll need to install the actual certificate
+# files as /etc/certificate.pem.www.example.com,
+# /etc/certificate.pem.www.domain.com and so on. Then, create a link from
+# $TLS_CERTFILE to whichever certificate you consider to be the main one,
+# for example:
+# /etc/certificate.pem => /etc/certificate.pem.www.example.com
+#
+# IP-BASED VIRTUAL HOSTS:
#
-# Due to technical limitations in the original SSL/TLS protocol, a dedicated
-# IP address is required for each virtual host certificate. If you have
-# multiple certificates, install each certificate file as
+# There may be a need to support older SSL/TLS client that don't support
+# virtual hosts on the same IP address, and require a dedicated IP address
+# for each SSL/TLS host. If so, install each certificate file as
# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address
# for the certificate's domain name. So, if TLS_CERTFILE is set to
# /etc/certificate.pem, then you'll need to install the actual certificate
# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3
# and so on, for each IP address.
#
-# GnuTLS only (servers only):
-#
-# GnuTLS implements a new TLS extension that eliminates the need to have a
-# dedicated IP address for each SSL/TLS domain name. Install each certificate
-# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem,
-# then you'll need to install the actual certificate files as
-# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com
-# and so on.
-#
-# Note that this TLS extension also requires a corresponding support in the
-# client. Older SSL/TLS clients may not support this feature.
-#
-# This is an experimental feature.
+# In all cases, $TLS_CERTFILE needs to be linked to one of the existing
+# certificate files.
TLS_CERTFILE=/etc/courier-imap/pop3d.pem
#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Id$
depend() {
need net courier-authlib
use famd
}
-source /etc/courier-imap/imapd
+. /etc/courier-imap/imapd
checkconfig() {
- if [[ ! -e /etc/courier-imap/imapd ]] ; then
+ if [ ! -e /etc/courier-imap/imapd ] ; then
eerror "You need an /etc/courier-imap/imapd file to run courier-imapd"
return 1
fi
- source /etc/courier-imap/imapd || {
+ . /etc/courier-imap/imapd || {
eerror "There are syntax errors in /etc/courier-imap/imapd"
eerror "Please correct them before trying to start courier-imapd"
return 2
#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Id$
depend() {
need net courier-authlib
use famd
}
-source /etc/courier-imap/imapd-ssl
+. /etc/courier-imap/imapd-ssl
checkconfig() {
- if [[ ! -e /etc/courier-imap/imapd-ssl ]] ; then
+ if [ ! -e /etc/courier-imap/imapd-ssl ] ; then
eerror "You need an /etc/courier-imap/imapd-ssl file to run courier-imapd-ssl"
return 1
fi
- source /etc/courier-imap/imapd-ssl || {
+ . /etc/courier-imap/imapd-ssl || {
eerror "There are syntax errors in /etc/courier-imap/imapd-ssl"
eerror "Please correct them before trying to start courier-imapd-ssl"
return 3
}
- if [[ ! -e "${TLS_CERTFILE}" ]] ; then
+ if [ ! -e "${TLS_CERTFILE}" ] ; then
eerror "You need to create a SSL certificate to use IMAP over SSL"
eerror "Edit /etc/courier-imap/imapd.cnf, then run: mkimapdcert"
return 2
#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Id$
depend() {
need net courier-authlib
use famd
}
-source /etc/courier-imap/pop3d
+. /etc/courier-imap/pop3d
checkconfig() {
- if [[ ! -e /etc/courier-imap/pop3d ]] ; then
+ if [ ! -e /etc/courier-imap/pop3d ] ; then
eerror "You need an /etc/courier-imap/pop3d file to run courier-pop3d"
return 1
fi
- source /etc/courier-imap/pop3d || {
+ . /etc/courier-imap/pop3d || {
eerror "There are syntax errors in /etc/courier-imap/pop3d"
eerror "Please correct them before trying to start courier-pop3d"
return 2
#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Id$
depend() {
need net courier-authlib
use famd
}
-source /etc/courier-imap/pop3d-ssl
+. /etc/courier-imap/pop3d-ssl
checkconfig() {
- if [[ ! -e /etc/courier-imap/pop3d-ssl ]] ; then
+ if [ ! -e /etc/courier-imap/pop3d-ssl ] ; then
eerror "You need an /etc/courier-imap/pop3d-ssl file to run courier-pop3d-ssl"
return 1
fi
- source /etc/courier-imap/pop3d-ssl || {
+ . /etc/courier-imap/pop3d-ssl || {
eerror "There are syntax errors in /etc/courier-imap/pop3d-ssl"
eerror "Please correct them before trying to start courier-pop3d-ssl"
return 3
}
- if [[ ! -e "${TLS_CERTFILE}" ]] ; then
+ if [ ! -e "${TLS_CERTFILE}" ] ; then
eerror "You need to create a SSL certificate to use POP3 over SSL"
eerror "Edit /etc/courier-imap/pop3d.cnf, then run: mkpop3dcert"
return 2
projects / config / bruni / etc.git / commitdiff