ininitial froxlor commit;

'reverted' old-style update-process;
removed billing-classes, -functions and -templates;
some sql-fixes;

templates/misc/configfiles/gentoo/courier/etc_courier-imap_imapd

@@ -0,0 +1,376 @@
+##VERSION: $Id: imapd.dist.in,v 1.32 2004/11/25 04:57:04 mrsam Exp $
+#
+# imapd created from imapd.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 1998 - 2004 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  This configuration file sets various options for the Courier-IMAP server
+#  when used with the couriertcpd server.
+#  A lot of the stuff here is documented in the manual page for couriertcpd.
+#
+#  NOTE - do not use \ to split long variable contents on multiple lines.
+#  This will break the default imapd.rc script, which parses this file.
+#
+##NAME: ADDRESS:0
+#
+#  Address to listen on, can be set to a single IP address.
+#
+# ADDRESS=127.0.0.1
+
+ADDRESS=0
+
+##NAME: PORT:1
+#
+#  Port numbers that connections are accepted on.  The default is 143,
+#  the standard IMAP port.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possible to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+#  The previous ADDRESS setting is a default for ports that do not have
+#  a specified IP address.
+
+PORT=143
+
+##NAME: AUTHSERVICE:0
+#
+#  It's possible to authenticate using a different 'service' parameter
+#  depending on the connection's port.  This only works with authentication
+#  modules that use the 'service' parameter, such as PAM.  Example:
+#
+#  AUTHSERVICE143=imap
+#  AUTHSERVICE993=imaps
+
+##NAME: MAXDAEMONS:0
+#
+#  Maximum number of IMAP servers started
+#
+
+MAXDAEMONS=50
+
+##NAME: MAXPERIP:0
+#
+#  Maximum number of connections to accept from the same IP address
+
+MAXPERIP=10
+
+##NAME: PIDFILE:0
+#
+#  File where couriertcpd will save its process ID
+#
+
+PIDFILE=/var/run/imapd.pid
+
+##NAME: TCPDOPTS:0
+#
+# Miscellaneous couriertcpd options that shouldn't be changed.
+#
+
+TCPDOPTS="-nodnslookup -noidentlookup"
+
+##NAME: IMAP_CAPABILITY:1
+#
+# IMAP_CAPABILITY specifies what most of the response should be to the
+# CAPABILITY command.
+#
+# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
+# authentication (see INSTALL), set IMAP_CAPABILITY as follows:
+#
+# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
+#
+
+IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
+
+##NAME: KEYWORDS_CAPABILITY:0
+#
+# IMAP_KEYWORDS=1 enables custom IMAP keywords.  Set this option to 0 to
+# disable custom keywords.
+
+IMAP_KEYWORDS=1
+
+##NAME: SMAP1_CAPABILITY:0
+#
+# EXPERIMENTAL
+#
+# To enable the experimental "Simple Mail Access Protocol" extensions,
+# uncomment the following setting.
+#
+# SMAP_CAPABILITY=SMAP1
+
+##NAME: IMAP_CAPABILITY_ORIG:1
+#
+# For use by webadmin
+
+IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
+
+##NAME: IMAP_PROXY:0
+#
+# Enable proxying.  See README.proxy
+
+IMAP_PROXY=0
+
+##NAME: IMAP_PROXY_FOREIGN:0
+#
+# Proxying to non-Courier servers.  Re-sends the CAPABILITY command after
+# logging in to the remote server.  May not work with all IMAP clients.
+
+IMAP_PROXY_FOREIGN=0
+
+##NAME: IMAP_IDLE_TIMEOUT:0
+#
+# This setting controls how often
+# the server polls for changes to the folder, in IDLE mode (in seconds).
+
+IMAP_IDLE_TIMEOUT=60
+
+##NAME: IMAP_CAPABILITY_TLS:0
+#
+# The following setting will advertise SASL PLAIN authentication after
+# STARTTLS is established.  If you want to allow SASL PLAIN authentication
+# with or without TLS then just comment this out, and add AUTH=PLAIN to
+# IMAP_CAPABILITY
+
+IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
+
+##NAME: IMAP_TLS_ORIG:0
+#
+# For use by webadmin
+
+IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
+
+##NAME: IMAP_DISABLETHREADSORT:0
+#
+# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
+# server side sorting and threading.
+#
+# Those capabilities will still be advertised, but the server will reject
+# them.  Set this option if you want to disable all the extra load from
+# server-side threading and sorting.  Not advertising those capabilities
+# will simply result in the clients reading the entire folder, and sorting
+# it on the client side.  That will still put some load on the server.
+# advertising these capabilities, but rejecting the commands, will stop this
+# silliness.
+#
+
+IMAP_DISABLETHREADSORT=0
+
+##NAME: IMAP_CHECK_ALL_FOLDERS:0
+#
+# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
+# mail in every folder.  Not all IMAP clients use the IMAP's new mail
+# indicator, but some do.  Normally new mail is checked only in INBOX,
+# because it is a comparatively time consuming operation, and it would be
+# a complete waste of time unless mail filters are used to deliver
+# mail directly to folders.
+#
+# When IMAP clients are used which support new mail indication, and when
+# mail filters are used to sort incoming mail into folders, setting
+# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
+# mail in folders.  Note that this will result in slightly more load on the
+# server.
+#
+
+IMAP_CHECK_ALL_FOLDERS=0
+
+##NAME: IMAP_OBSOLETE_CLIENT:0
+#
+# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
+# what \\HasNoChildren really means.
+
+IMAP_OBSOLETE_CLIENT=0
+
+##NAME: IMAP_UMASK:0
+#
+# IMAP_UMASK sets the umask of the server process.  The value of IMAP_UMASK is
+# simply passed to the "umask" command.  The default value is 022.
+#
+# This feature is mostly useful for shared folders, where the file permissions
+# of the messages may be important.
+
+IMAP_UMASK=027
+
+##NAME: IMAP_ULIMITD:0
+#
+# IMAP_ULIMITD sets the maximum size of the data segment of the server
+# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
+# command (or ulimit -v).  The argument to ulimi sets the upper limit on the
+# size of the data segment of the server process, in kilobytes.  The default
+# value of 65536 sets a very generous limit of 64 megabytes, which should
+# be more than plenty for anyone.
+#
+# This feature is used as an additional safety check that should stop
+# any potential denial-of-service attacks that exploit any kind of
+# a memory leak to exhaust all the available memory on the server.
+# It is theoretically possible that obscenely huge folders will also
+# result in the server running out of memory when doing server-side
+# sorting (by my calculations you have to have at least 100,000 messages
+# in a single folder, for that to happen).
+
+IMAP_ULIMITD=65536
+
+##NAME: IMAP_USELOCKS:0
+#
+# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent
+# multiple access to the same folder.  This incurs slight additional
+# overhead.  Concurrent multiple access will still work without this setting,
+# however occasionally a minor race condition may result in an IMAP client
+# downloading the same message twice, or a keyword update will fail.
+#
+# IMAP_USELOCKS=1 is strongly recommended when shared folders are used.
+
+IMAP_USELOCKS=1
+
+##NAME: IMAP_SHAREDINDEXFILE:0
+#
+# The index of all accessible folders.  Do not change this setting unless
+# you know what you're doing.  See README.sharedfolders for additional
+# information.
+
+IMAP_SHAREDINDEXFILE=/etc/courier-imap/shared/index
+
+##NAME: IMAP_ENHANCEDIDLE:0
+#
+# If Courier was compiled with the File Alteration Monitor, setting
+# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple
+# clients may open the same folder concurrently, and receive updates to
+# folder contents in realtime.  See the imapd(8) man page for additional
+# information.
+#
+# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included
+# in the IMAP_CAPABILITY list.
+#
+
+IMAP_ENHANCEDIDLE=0
+
+##NAME: IMAP_TRASHFOLDERNAME:0
+#
+# The name of the magic trash Folder.  For MSOE compatibility,
+# you can set IMAP_TRASHFOLDERNAME="Deleted Items".
+#
+# IMPORTANT:  If you change this, you must also change IMAP_EMPTYTRASH
+
+IMAP_TRASHFOLDERNAME=Trash
+
+##NAME: IMAP_EMPTYTRASH:0
+#
+# The following setting is optional, and causes messages from the given
+# folder to be automatically deleted after the given number of days.
+# IMAP_EMPTYTRASH is a comma-separated list of folder:days.  The default
+# setting, below, purges 7 day old messages from the Trash folder.
+# Another useful setting would be:
+#
+# IMAP_EMPTYTRASH=Trash:7,Sent:30
+#
+# This would also delete messages from the Sent folder (presumably copies
+# of sent mail) after 30 days.  This is a global setting that is applied to
+# every mail account, and is probably useful in a controlled, corporate
+# environment.
+#
+# Important: the purging is controlled by CTIME, not MTIME (the file time
+# as shown by ls).  It is perfectly ordinary to see stuff in Trash that's
+# a year old.  That's the file modification time, MTIME, that's displayed.
+# This is generally when the message was originally delivered to this
+# mailbox.  Purging is controlled by a different timestamp, CTIME, which is
+# changed when the file is moved to the Trash folder (and at other times too).
+#
+# You might want to disable this setting in certain situations - it results
+# in a stat() of every file in each folder, at login and logout.
+#
+
+IMAP_EMPTYTRASH=Trash:7
+
+##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0
+#
+# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This
+# effectively allows an undo of message deletion by fishing the deleted
+# mail from trash.  Trash can be manually expunged as usually, and mail
+# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
+#
+# NOTE: shared folders are still expunged as usual.  Shared folders are
+# not affected.
+#
+
+IMAP_MOVE_EXPUNGE_TO_TRASH=0
+
+
+##NAME: OUTBOX:0
+#
+# The next set of options deal with the "Outbox" enhancement.
+# Uncomment the following setting to create a special folder, named
+# INBOX.Outbox
+#
+# OUTBOX=.Outbox
+
+##NAME: SENDMAIL:0
+#
+# If OUTBOX is defined, mail can be sent via the IMAP connection by copying
+# a message to the INBOX.Outbox folder.  For all practical matters,
+# INBOX.Outbox looks and behaves just like any other IMAP folder.  If this
+# folder doesn't exist it must be created by the IMAP mail client, just
+# like any other IMAP folder.  The kicker: any message copied or moved to
+# this folder is will be E-mailed by the Courier-IMAP server, by running
+# the SENDMAIL program.  Therefore, messages copied or moved to this
+# folder must be well-formed RFC-2822 messages, with the recipient list
+# specified in the To:, Cc:, and Bcc: headers.  Courier-IMAP relies on
+# SENDMAIL to read the recipient list from these headers (and delete the Bcc:
+# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the
+# message piped on standard input.  $SENDER will be the return address
+# of the message, which is set by the authentication module.
+#
+# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.
+#
+
+SENDMAIL=/usr/sbin/sendmail
+
+##NAME: HEADERFROM:0
+#
+# For administrative and oversight purposes, the return address, $SENDER
+# will also be saved in the X-IMAP-Sender mail header.  This header gets
+# added to the sent E-mail (but it doesn't get saved in the copy of the
+# message that's saved in the folder)
+#
+# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive
+# the magic OUTBOX treatment.  Therefore advance LARTing is in order for
+# _all_ of your lusers, until every one of them is aware of this.  Otherwise if
+# OUTBOX is left at its default setting - a folder name that might be used
+# accidentally - some people may be in for a rude surprise.  You can redefine
+# the name of the magic folder by changing OUTBOX, above.  You should do that
+# and pick a less-obvious name.  Perhaps brand it with your organizational
+# name ( OUTBOX=.WidgetsAndSonsOutbox )
+
+HEADERFROM=X-IMAP-Sender
+
+##NAME: IMAPDSTART:0
+#
+# IMAPDSTART is not used directly.  Rather, this is a convenient flag to
+# be read by your system startup script in /etc/rc.d, like this:
+#
+#  . /etc/courier-imap/imapd
+#
+#  case x$IMAPDSTART in
+#  x[yY]*)
+#        /usr/lib/courier-imap/imapd.rc start
+#        ;;
+#  esac
+#
+# The default setting is going to be NO, so you'll have to manually flip
+# it to yes.
+
+IMAPDSTART=YES
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+#Hardwire a value for ${MAILDIR}
+MAILDIR=.maildir
+MAILDIRPATH=.maildir
+#Put any program for ${PRERUN} here
+PRERUN=

templates/misc/configfiles/gentoo/courier/etc_courier-imap_imapd-ssl

@@ -0,0 +1,199 @@
+##VERSION: $Id: imapd-ssl.dist.in,v 1.11 2004/10/21 00:45:35 mrsam Exp $
+#
+# imapd-ssl created from imapd-ssl.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 2000 - 2004 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  This configuration file sets various options for the Courier-IMAP server
+#  when used to handle SSL IMAP connections.
+#
+#  SSL and non-SSL connections are handled by a dedicated instance of the
+#  couriertcpd daemon.  If you are accepting both SSL and non-SSL IMAP
+#  connections, you will start two instances of couriertcpd, one on the
+#  IMAP port 143, and another one on the IMAP-SSL port 993.
+#
+#  Download OpenSSL from http://www.openssl.org/
+#
+##NAME: SSLPORT:1
+#
+#  Options in the imapd-ssl configuration file AUGMENT the options in the
+#  imapd configuration file.  First the imapd configuration file is read,
+#  then the imapd-ssl configuration file, so we do not have to redefine
+#  anything.
+#
+#  However, some things do have to be redefined.  The port number is
+#  specified by SSLPORT, instead of PORT.  The default port is port 993.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possibly to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+#  The SSLADDRESS setting is a default for ports that do not have
+#  a specified IP address.
+
+SSLPORT=993
+
+##NAME: SSLADDRESS:0
+#
+#  Address to listen on, can be set to a single IP address.
+#
+# SSLADDRESS=127.0.0.1
+
+SSLADDRESS=0
+
+##NAME: SSLPIDFILE:0
+#
+# That's the SSL IMAP port we'll listen on.
+# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP.
+
+SSLPIDFILE=/var/run/imapd-ssl.pid
+
+##NAME: IMAPDSSLSTART:0
+#
+# Different pid files, so that both instances of couriertcpd can coexist
+# happily.
+#
+# You can also redefine IMAP_CAPABILITY, although I can't
+# think of why you'd want to do that.
+#
+#
+# Ok, the following settings are new to imapd-ssl:
+#
+#  Whether or not to start IMAP over SSL on simap port:
+
+IMAPDSSLSTART=YES
+
+##NAME: IMAPDSTARTTLS:0
+#
+#  Whether or not to implement IMAP STARTTLS extension instead:
+
+IMAPDSTARTTLS=YES
+
+##NAME: IMAP_TLS_REQUIRED:1
+#
+# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
+# is issued).
+
+IMAP_TLS_REQUIRED=0
+
+#########################################################################
+#
+# The following variables configure IMAP over SSL.  If OpenSSL is available
+# during configuration, the couriertls helper gets compiled, and upon
+# installation a dummy TLS_CERTFILE gets generated.  courieresmtpd will
+# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
+# and COURIERTLS exist.
+#
+# WARNING: Peer certificate verification has NOT yet been tested.  Proceed
+# at your own risk.  Only the basic SSL/TLS functionality is known to be
+# working. Keep this in mind as you play with the following variables.
+#
+##NAME: COURIERTLS:0
+#
+
+COURIERTLS=/usr/sbin/couriertls
+
+##NAME: TLS_PROTOCOL:0
+# 
+# TLS_PROTOCOL sets the protocol version.  The possible versions are:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# TLS1 - TLS1
+
+TLS_PROTOCOL=SSL3
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+# 
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
+#
+
+TLS_STARTTLS_PROTOCOL=TLS1
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+
+##NAME: TLS_TIMEOUT:0
+# TLS_TIMEOUT is currently not implemented, and reserved for future use.
+# This is supposed to be an inactivity timeout, but its not yet implemented.
+#
+
+##NAME: TLS_DHCERTFILE:0
+#
+# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used.  In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+# TLS_DHCERTFILE=
+
+##NAME: TLS_CERTFILE:0
+#
+# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable.
+#
+TLS_CERTFILE=/etc/ssl/server/<SERVERNAME>.pem
+
+##NAME: TLS_TRUSTCERTS:0
+#
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+#
+# TLS_TRUSTCERTS=
+
+##NAME: TLS_VERIFYPEER:0
+#
+# TLS_VERIFYPEER - how to verify client certificates.  The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the client certificate, if one's presented
+#
+# REQUIREPEER - require a client certificate, fail if one's not presented
+#
+#
+TLS_VERIFYPEER=NONE
+
+##NAME: TLS_CACHE:0
+#
+# A TLS/SSL session cache may slightly improve response for IMAP clients
+# that open multiple SSL sessions to the server.  TLS_CACHEFILE will be
+# automatically created, TLS_CACHESIZE bytes long, and used as a cache
+# buffer.
+#
+# This is an experimental feature and should be disabled if it causes
+# problems with SSL clients.  Disable SSL caching by commenting out the
+# following settings:
+
+TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
+TLS_CACHESIZE=524288
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+#Hardwire a value for ${MAILDIR}
+MAILDIRPATH=.maildir

templates/misc/configfiles/gentoo/courier/etc_courier-imap_pop3d

@@ -0,0 +1,127 @@
+##VERSION: $Id: pop3d.dist.in,v 1.11 2004/10/30 15:39:38 mrsam Exp $
+#
+# pop3d created from pop3d.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 1998 - 2004 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  Courier POP3 daemon configuration
+#
+##NAME: PIDFILE:0
+#
+
+PIDFILE=/var/run/pop3d.pid
+
+##NAME: MAXDAEMONS:0
+#
+#  Maximum number of POP3 servers started
+#
+
+MAXDAEMONS=50
+
+##NAME: MAXPERIP:4
+#
+#  Maximum number of connections to accept from the same IP address
+
+MAXPERIP=5
+
+##NAME: POP3AUTH:1
+#
+# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
+# variable:
+#
+# POP3AUTH="LOGIN"
+#
+# If you have configured the CRAM-MD5 or CRAM-SHA1, set POP3AUTH to something
+# like this:
+#
+# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
+
+POP3AUTH=""
+
+##NAME: POP3AUTH_ORIG:0
+#
+# For use by webadmin
+
+POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1"
+
+##NAME: POP3AUTH_TLS:1
+#
+# To also advertise SASL PLAIN if SSL is enabled, uncomment the
+# POP3AUTH_TLS environment variable:
+#
+# POP3AUTH_TLS="LOGIN PLAIN"
+
+POP3AUTH_TLS=""
+
+##NAME: POP3AUTH_TLS_ORIG:0
+#
+# For use by webadmin
+
+POP3AUTH_TLS_ORIG="LOGIN PLAIN"
+
+##NAME: POP3_PROXY:0
+#
+# Enable proxying.  See README.proxy
+
+POP3_PROXY=0
+
+##NAME: PORT:1
+#
+# Port to listen on for connections.  The default is port 110.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possibly to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+#  The ADDRESS setting is a default for ports that do not have a specified
+#  IP address.
+
+PORT=110
+
+##NAME: ADDRESS:0
+#
+# IP address to listen on.  0 means all IP addresses.
+
+ADDRESS=0
+
+##NAME: TCPDOPTS:0
+#
+# Other couriertcpd(1) options.  The following defaults should be fine.
+#
+
+TCPDOPTS="-nodnslookup -noidentlookup"
+
+##NAME: POP3DSTART:0
+#
+# POP3DSTART is not referenced anywhere in the standard Courier programs
+# or scripts.  Rather, this is a convenient flag to be read by your system
+# startup script in /etc/rc.d, like this:
+#
+#  . /etc/courier-imap/pop3d
+#  case x$POP3DSTART in
+#  x[yY]*)
+#        /usr/lib/courier-imap/pop3d.rc start
+#        ;;
+#  esac
+#
+# The default setting is going to be NO, until Courier is shipped by default
+# with enough platforms so that people get annoyed with having to flip it to
+# YES every time.
+
+POP3DSTART=YES
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+#Hardwire a value for ${MAILDIR}
+MAILDIR=.maildir
+MAILDIRPATH=.maildir
+#Put any program for ${PRERUN} here
+PRERUN=

templates/misc/configfiles/gentoo/courier/etc_courier-imap_pop3d-ssl

@@ -0,0 +1,186 @@
+##VERSION: $Id: pop3d-ssl.dist.in,v 1.12 2004/10/21 00:45:35 mrsam Exp $
+#
+# pop3d-ssl created from pop3d-ssl.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 2000-2004 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  This configuration file sets various options for the Courier-IMAP server
+#  when used to handle SSL POP3 connections.
+#
+#  SSL and non-SSL connections are handled by a dedicated instance of the
+#  couriertcpd daemon.  If you are accepting both SSL and non-SSL POP3
+#  connections, you will start two instances of couriertcpd, one on the
+#  POP3 port 110, and another one on the POP3-SSL port 995.
+#
+#  Download OpenSSL from http://www.openssl.org/
+#
+##NAME: SSLPORT:0
+#
+#  Options in the pop3d-ssl configuration file AUGMENT the options in the
+#  pop3d configuration file.  First the pop3d configuration file is read,
+#  then the pop3d-ssl configuration file, so we do not have to redefine
+#  anything.
+#
+#  However, some things do have to be redefined.  The port number is
+#  specified by SSLPORT, instead of PORT.  The default port is port 995.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possibly to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+#  The SSLADDRESS setting is a default for ports that do not have
+#  a specified IP address.
+
+SSLPORT=995
+
+##NAME: SSLADDRESS:0
+#
+#  Address to listen on, can be set to a single IP address.
+#
+# SSLADDRESS=127.0.0.1
+
+SSLADDRESS=0
+
+##NAME: SSLPIDFILE:0
+#
+#
+#
+
+SSLPIDFILE=/var/run/pop3d-ssl.pid
+
+##NAME: POP3DSSLSTART:0
+#
+#  Whether or not to start POP3 over SSL on spop3 port:
+
+POP3DSSLSTART=YES
+
+##NAME: POP3_STARTTLS:0
+#
+# Whether or not to implement the POP3 STLS extension:
+
+POP3_STARTTLS=YES
+
+##NAME: POP3_TLS_REQUIRED:1
+#
+# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS
+# is issued).
+
+POP3_TLS_REQUIRED=0
+
+##NAME: COURIERTLS:0
+#
+# The following variables configure POP3 over SSL.  If OpenSSL is available
+# during configuration, the couriertls helper gets compiled, and upon
+# installation a dummy TLS_CERTFILE gets generated.  courieresmtpd will
+# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
+# and COURIERTLS exist.
+#
+# WARNING: Peer certificate verification has NOT yet been tested.  Proceed
+# at your own risk.  Only the basic SSL/TLS functionality is known to be
+# working. Keep this in mind as you play with the following variables.
+
+COURIERTLS=/usr/sbin/couriertls
+
+##NAME: TLS_PROTOCOL:0
+# 
+# TLS_PROTOCOL sets the protocol version.  The possible versions are:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# TLS1 - TLS1
+
+TLS_PROTOCOL=SSL3
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+# 
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS
+# extension, as opposed to POP3 over SSL on port 995.
+#
+
+TLS_STARTTLS_PROTOCOL=TLS1
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+
+##NAME: TLS_TIMEOUT:0
+# TLS_TIMEOUT is currently not implemented, and reserved for future use.
+# This is supposed to be an inactivity timeout, but its not yet implemented.
+#
+
+##NAME: TLS_DHCERTFILE:0
+#
+# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used.  In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+# TLS_DHCERTFILE=
+
+##NAME: TLS_CERTFILE:0
+#
+# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable.
+#
+TLS_CERTFILE=/etc/ssl/server/<SERVERNAME>.pem
+
+##NAME: TLS_TRUSTCERTS:0
+#
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+#
+# TLS_TRUSTCERTS=
+
+##NAME: TLS_VERIFYPEER:0
+#
+# TLS_VERIFYPEER - how to verify client certificates.  The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the client certificate, if one's presented
+#
+# REQUIREPEER - require a client certificate, fail if one's not presented
+#
+#
+TLS_VERIFYPEER=NONE
+
+##NAME: TLS_CACHE:0
+#
+# A TLS/SSL session cache may slightly improve response for long-running
+# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE
+# bytes long, and used as a cache buffer.
+#
+# This is an experimental feature and should be disabled if it causes
+# problems with SSL clients.  Disable SSL caching by commenting out the
+# following settings:
+
+TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
+TLS_CACHESIZE=524288
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+#Hardwire a value for ${MAILDIR}
+MAILDIRPATH=.maildir

templates/misc/configfiles/gentoo/courier/etc_courier_authlib_authdaemonrc

@@ -0,0 +1,93 @@
+##VERSION: $Id: authdaemonrc.in,v 1.12 2005/07/05 12:25:08 mrsam Exp $
+#
+# Copyright 2000-2005 Double Precision, Inc.  See COPYING for
+# distribution information.
+#
+# authdaemonrc created from authdaemonrc.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# This file configures authdaemond, the resident authentication daemon.
+#
+# Comments in this file are ignored.  Although this file is intended to
+# be sourced as a shell script, authdaemond parses it manually, so
+# the acceptable syntax is a bit limited.  Multiline variable contents,
+# with the \ continuation character, are not allowed.  Everything must
+# fit on one line.  Do not use any additional whitespace for indentation,
+# or anything else.
+
+##NAME: authmodulelist:2
+#
+# The authentication modules that are linked into authdaemond.  The
+# default list is installed.  You may selectively disable modules simply
+# by removing them from the following list.  The available modules you
+# can use are: authuserdb authpam authshadow authmysql authcustom authpipe
+
+authmodulelist="authmysql"
+
+##NAME: authmodulelistorig:3
+#
+# This setting is used by Courier's webadmin module, and should be left
+# alone
+
+authmodulelistorig="authuserdb authpam authshadow authmysql authcustom authpipe"
+
+##NAME: daemons:0
+#
+# The number of daemon processes that are started.  authdaemon is typically
+# installed where authentication modules are relatively expensive: such
+# as authldap, or authmysql, so it's better to have a number of them running.
+# PLEASE NOTE:  Some platforms may experience a problem if there's more than
+# one daemon.  Specifically, SystemV derived platforms that use TLI with
+# socket emulation.  I'm suspicious of TLI's ability to handle multiple
+# processes accepting connections on the same filesystem domain socket.
+#
+# You may need to increase daemons if as your system load increases.  Symptoms
+# include sporadic authentication failures.  If you start getting
+# authentication failures, increase daemons.  However, the default of 5
+# SHOULD be sufficient.  Bumping up daemon count is only a short-term
+# solution.  The permanent solution is to add more resources: RAM, faster
+# disks, faster CPUs...
+
+daemons=5
+
+##NAME: authdaemonvar:2
+#
+# authdaemonvar is here, but is not used directly by authdaemond.  It's
+# used by various configuration and build scripts, so don't touch it!
+
+authdaemonvar=/var/lib/courier/authdaemon
+
+##NAME: DEBUG_LOGIN:0
+#
+# Dump additional diagnostics to syslog
+#
+# DEBUG_LOGIN=0   - turn off debugging
+# DEBUG_LOGIN=1   - turn on debugging
+# DEBUG_LOGIN=2   - turn on debugging + log passwords too
+#
+# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
+#
+# Note that most information is sent to syslog at level 'debug', so
+# you may need to modify your /etc/syslog.conf to be able to see it.
+
+DEBUG_LOGIN=0
+
+##NAME: DEFAULTOPTIONS:0
+#
+# A comma-separated list of option=value pairs. Each option is applied
+# to an account if the account does not have its own specific value for
+# that option. So for example, you can set
+#   DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
+# and then enable webmail and/or imap on individual accounts by setting
+# disablewebmail=0 and/or disableimap=0 on the account.
+
+DEFAULTOPTIONS=""
+
+##NAME: LOGGEROPTS:0
+#
+# courierlogger(1) options, e.g. to set syslog facility
+#
+
+LOGGEROPTS=""

templates/misc/configfiles/gentoo/courier/etc_courier_authlib_authmysqlrc

@@ -0,0 +1,13 @@
+MYSQL_SERVER <SQL_HOST>
+MYSQL_USERNAME <SQL_UNPRIVILEGED_USER>
+MYSQL_PASSWORD <SQL_UNPRIVILEGED_PASSWORD>
+MYSQL_PORT 0
+MYSQL_DATABASE <SQL_DB>
+MYSQL_USER_TABLE mail_users
+MYSQL_CRYPT_PWFIELD password_enc
+MYSQL_UID_FIELD <VIRTUAL_UID_MAPS>
+MYSQL_GID_FIELD <VIRTUAL_GID_MAPS>
+MYSQL_LOGIN_FIELD username
+MYSQL_HOME_FIELD "<VIRTUAL_MAILBOX_BASE>"
+MYSQL_MAILDIR_FIELD maildir
+MYSQL_QUOTA_FIELD (quota*1024*1024)