OpenBSD-4.6/usr.sbin/popa3d/params.h
/* $OpenBSD: params.h,v 1.8 2003/05/12 19:28:22 camield Exp $ */
/*
* Global POP daemon parameters.
*/
#ifndef _POP_PARAMS_H
#define _POP_PARAMS_H
/*
* Our name to use when talking to various interfaces.
*/
#define POP_SERVER "popa3d"
/*
* Are we going to be a standalone server or start via an inetd clone?
*/
#define POP_STANDALONE 1
#if POP_STANDALONE
/*
* Should the command line options be supported?
* If enabled, popa3d will default to inetd mode and will require a -D
* to actually enable the standalone mode.
*/
#define POP_OPTIONS 1
/*
* The address and port to listen on.
*/
#define DAEMON_ADDR "0.0.0.0" /* INADDR_ANY */
#define DAEMON_PORT 110
/*
* Should libwrap be used?
*
* This may make things slower and also adds to code running as root,
* so it is recommended that you use a packet filter instead. This
* option is provided primarily as a way to meet conventions of certain
* systems where all services obey libwrap access controls.
*/
#ifdef LIBWRAP
#define DAEMON_LIBWRAP 1
#else
#define DAEMON_LIBWRAP 0
#endif
#if DAEMON_LIBWRAP
/*
* How do we talk to libwrap?
*/
#define DAEMON_LIBWRAP_IDENT POP_SERVER
#endif
/*
* Limit the number of POP sessions we can handle at a time to reduce
* the impact of connection flood DoS attacks.
*/
#define MAX_SESSIONS 100
#define MAX_SESSIONS_PER_SOURCE 10
#define MAX_BACKLOG 5
#define MIN_DELAY 10
#endif
/*
* Do we want to support virtual domains?
*/
#define POP_VIRTUAL 0
#if POP_VIRTUAL
/*
* VIRTUAL_HOME_PATH is where the virtual domain root directories live.
*/
#define VIRTUAL_HOME_PATH "/vhome"
/*
* Subdirectories within each virtual domain root for the authentication
* information and mailboxes, respectively. These defaults correspond to
* full pathnames of the form "/vhome/IP/{auth,mail}/username".
*/
#define VIRTUAL_AUTH_PATH "auth"
#define VIRTUAL_SPOOL_PATH "mail"
/*
* Do we want to support virtual domains only? Normally, if the connected
* IP address doesn't correspond to a directory in VIRTUAL_HOME_PATH, the
* authentication will be done globally.
*/
#define VIRTUAL_ONLY 0
#else
/*
* We don't support virtual domains (!POP_VIRTUAL), so we're definitely
* not virtual-only. Don't edit this.
*/
#define VIRTUAL_ONLY 0
#endif
/*
* A pseudo-user to run as before authentication. The user and its UID
* must not be used for any other purpose.
*/
#define POP_USER POP_SERVER
/*
* An empty directory to chroot to before authentication. The directory
* and its parent directories must not be writable by anyone but root.
*/
#define POP_CHROOT "/var/empty"
/*
* Sessions will be closed if idle for longer than POP_TIMEOUT seconds.
* RFC 1939 says that "such a timer MUST be of at least 10 minutes'
* duration", so I've made 10 minutes the default. In practice, you
* may want to reduce this to, say, 2 minutes.
*/
#define POP_TIMEOUT (10 * 60)
/*
* Do we want to support the obsolete LAST command, as defined in RFC
* 1460? It has been removed from the protocol in 1994 by RFC 1725,
* and isn't even mentioned in RFC 1939. Still, some software doesn't
* work without it.
*/
#define POP_SUPPORT_LAST 1
/*
* Introduce some sane limits on the mailbox size in order to prevent
* a single huge mailbox from stopping the entire POP service.
*/
#define MAX_MAILBOX_MESSAGES 200000
#define MAX_MAILBOX_OPEN_BYTES 200000000
#define MAX_MAILBOX_WORK_BYTES 250000000
#if !VIRTUAL_ONLY
/*
* Choose the password authentication method your system uses:
*
* AUTH_PASSWD Use getpwnam(3) only, for *BSD or readable passwd;
*
* Note that there's no built-in password aging support.
*/
#define AUTH_PASSWD 1
#endif
#if POP_VIRTUAL || AUTH_PASSWD
/*
* A salt used to waste some CPU time on dummy crypt(3) calls and make
* it harder (but still far from impossible, on most systems) to check
* for valid usernames. Adjust it for your crypt(3).
*/
/* echo -n "dummyblowfishsalt" | encrypt -b 6 */
#define AUTH_DUMMY_SALT "$2a$06$bycSsJMBAEDy1E6zzaL5u.vd4GlIrmCWyDgB33OD36h6mrRympUwS"
#endif
/*
* Message to return to the client when authentication fails. You can
* #undef this for no message.
*/
#define AUTH_FAILED_MESSAGE "Authentication failed (bad password?)"
#if !VIRTUAL_ONLY
/*
* Your mail spool directory. Note: only local (non-NFS) mode 775 mail
* spools are currently supported.
*
* #undef this for qmail-style $HOME/Mailbox mailboxes.
*/
#define MAIL_SPOOL_PATH "/var/mail"
#ifndef MAIL_SPOOL_PATH
/*
* The mailbox file name relative to the user's home directory.
*/
#define HOME_MAILBOX_NAME "Mailbox"
#endif
#endif
/*
* Locking method your system uses for user mailboxes. It is important
* that you set this correctly.
*
* *BSDs use flock(2), others typically use fcntl(2).
*/
#define LOCK_FCNTL 0
#define LOCK_FLOCK 1
/*
* How do we talk to syslogd? These should be fine for most systems.
*/
#define SYSLOG_IDENT POP_SERVER
#define SYSLOG_OPTIONS LOG_PID
#define SYSLOG_FACILITY LOG_DAEMON
#define SYSLOG_PRI_LO LOG_INFO
#define SYSLOG_PRI_HI LOG_NOTICE
#define SYSLOG_PRI_ERROR LOG_CRIT
/*
* There's probably no reason to touch anything below this comment.
*/
/*
* According to RFC 1939: "Keywords and arguments are each separated by
* a single SPACE character. Keywords are three or four characters long.
* Each argument may be up to 40 characters long." We're only processing
* up to two arguments, so it is safe to truncate after this length.
*/
#define POP_BUFFER_SIZE 0x80
/*
* There's no reason to change this one either. Making this larger would
* waste memory, and smaller values could make the authentication fail.
*/
#define AUTH_BUFFER_SIZE (2 * POP_BUFFER_SIZE)
#if POP_VIRTUAL
/*
* Buffer size for reading entire per-user authentication files.
*/
#define VIRTUAL_AUTH_SIZE 0x100
#endif
/*
* File buffer sizes to use while parsing the mailbox and retrieving a
* message, respectively. Can be changed.
*/
#define FILE_BUFFER_SIZE 0x10000
#define RETR_BUFFER_SIZE 0x8000
/*
* The mailbox parsing code isn't allowed to truncate lines earlier than
* this length. Keep this at least as large as the longest header field
* name we need to check for, but not too large for performance reasons.
*/
#define LINE_BUFFER_SIZE 0x20
#endif