1 /* $OpenBSD: params.h,v 1.8 2003/05/12 19:28:22 camield Exp $ */
2 
3 /*
4  * Global POP daemon parameters.
5  */
6 
7 #ifndef _POP_PARAMS_H
8 #define _POP_PARAMS_H
9 
10 /*
11  * Our name to use when talking to various interfaces.
12  */
13 #define POP_SERVER			"popa3d"
14 
15 /*
16  * Are we going to be a standalone server or start via an inetd clone?
17  */
18 #define POP_STANDALONE			1
19 
20 #if POP_STANDALONE
21 
22 /*
23  * Should the command line options be supported?
24  * If enabled, popa3d will default to inetd mode and will require a -D
25  * to actually enable the standalone mode.
26  */
27 #define POP_OPTIONS			1
28 
29 /*
30  * The address and port to listen on.
31  */
32 #define DAEMON_ADDR			"0.0.0.0"	/* INADDR_ANY */
33 #define DAEMON_PORT			110
34 
35 /*
36  * Should libwrap be used?
37  *
38  * This may make things slower and also adds to code running as root,
39  * so it is recommended that you use a packet filter instead. This
40  * option is provided primarily as a way to meet conventions of certain
41  * systems where all services obey libwrap access controls.
42  */
43 #ifdef LIBWRAP
44 #define DAEMON_LIBWRAP			1
45 #else
46 #define DAEMON_LIBWRAP			0
47 #endif
48 
49 #if DAEMON_LIBWRAP
50 /*
51  * How do we talk to libwrap?
52  */
53 #define DAEMON_LIBWRAP_IDENT		POP_SERVER
54 #endif
55 
56 /*
57  * Limit the number of POP sessions we can handle at a time to reduce
58  * the impact of connection flood DoS attacks.
59  */
60 #define MAX_SESSIONS			100
61 #define MAX_SESSIONS_PER_SOURCE		10
62 #define MAX_BACKLOG			5
63 #define MIN_DELAY			10
64 
65 #endif
66 
67 /*
68  * Do we want to support virtual domains?
69  */
70 #define POP_VIRTUAL			0
71 
72 #if POP_VIRTUAL
73 
74 /*
75  * VIRTUAL_HOME_PATH is where the virtual domain root directories live.
76  */
77 #define VIRTUAL_HOME_PATH		"/vhome"
78 
79 /*
80  * Subdirectories within each virtual domain root for the authentication
81  * information and mailboxes, respectively. These defaults correspond to
82  * full pathnames of the form "/vhome/IP/{auth,mail}/username".
83  */
84 #define VIRTUAL_AUTH_PATH		"auth"
85 #define VIRTUAL_SPOOL_PATH		"mail"
86 
87 /*
88  * Do we want to support virtual domains only? Normally, if the connected
89  * IP address doesn't correspond to a directory in VIRTUAL_HOME_PATH, the
90  * authentication will be done globally.
91  */
92 #define VIRTUAL_ONLY			0
93 
94 #else
95 
96 /*
97  * We don't support virtual domains (!POP_VIRTUAL), so we're definitely
98  * not virtual-only. Don't edit this.
99  */
100 #define VIRTUAL_ONLY			0
101 
102 #endif
103 
104 /*
105  * A pseudo-user to run as before authentication. The user and its UID
106  * must not be used for any other purpose.
107  */
108 #define POP_USER			POP_SERVER
109 
110 /*
111  * An empty directory to chroot to before authentication. The directory
112  * and its parent directories must not be writable by anyone but root.
113  */
114 #define POP_CHROOT			"/var/empty"
115 
116 /*
117  * Sessions will be closed if idle for longer than POP_TIMEOUT seconds.
118  * RFC 1939 says that "such a timer MUST be of at least 10 minutes'
119  * duration", so I've made 10 minutes the default. In practice, you
120  * may want to reduce this to, say, 2 minutes.
121  */
122 #define POP_TIMEOUT			(10 * 60)
123 
124 /*
125  * Do we want to support the obsolete LAST command, as defined in RFC
126  * 1460? It has been removed from the protocol in 1994 by RFC 1725,
127  * and isn't even mentioned in RFC 1939. Still, some software doesn't
128  * work without it.
129  */
130 #define POP_SUPPORT_LAST		1
131 
132 /*
133  * Introduce some sane limits on the mailbox size in order to prevent
134  * a single huge mailbox from stopping the entire POP service.
135  */
136 #define MAX_MAILBOX_MESSAGES		200000
137 #define MAX_MAILBOX_OPEN_BYTES		200000000
138 #define MAX_MAILBOX_WORK_BYTES		250000000
139 
140 #if !VIRTUAL_ONLY
141 
142 /*
143  * Choose the password authentication method your system uses:
144  *
145  * AUTH_PASSWD		Use getpwnam(3) only, for *BSD or readable passwd;
146  *
147  * Note that there's no built-in password aging support.
148  */
149 #define AUTH_PASSWD			1
150 
151 #endif
152 
153 #if POP_VIRTUAL || AUTH_PASSWD
154 
155 /*
156  * A salt used to waste some CPU time on dummy crypt(3) calls and make
157  * it harder (but still far from impossible, on most systems) to check
158  * for valid usernames. Adjust it for your crypt(3).
159  */
160 /*  echo -n "dummyblowfishsalt" | encrypt -b 6 */
161 #define AUTH_DUMMY_SALT		"$2a$06$bycSsJMBAEDy1E6zzaL5u.vd4GlIrmCWyDgB33OD36h6mrRympUwS"
162 
163 #endif
164 
165 /*
166  * Message to return to the client when authentication fails. You can
167  * #undef this for no message.
168  */
169 #define AUTH_FAILED_MESSAGE		"Authentication failed (bad password?)"
170 
171 #if !VIRTUAL_ONLY
172 
173 /*
174  * Your mail spool directory. Note: only local (non-NFS) mode 775 mail
175  * spools are currently supported.
176  *
177  * #undef this for qmail-style $HOME/Mailbox mailboxes.
178  */
179 #define MAIL_SPOOL_PATH			"/var/mail"
180 
181 #ifndef MAIL_SPOOL_PATH
182 /*
183  * The mailbox file name relative to the user's home directory.
184  */
185 #define HOME_MAILBOX_NAME		"Mailbox"
186 #endif
187 
188 #endif
189 
190 /*
191  * Locking method your system uses for user mailboxes. It is important
192  * that you set this correctly.
193  *
194  * *BSDs use flock(2), others typically use fcntl(2).
195  */
196 #define LOCK_FCNTL			0
197 #define LOCK_FLOCK			1
198 
199 /*
200  * How do we talk to syslogd? These should be fine for most systems.
201  */
202 #define SYSLOG_IDENT			POP_SERVER
203 #define SYSLOG_OPTIONS			LOG_PID
204 #define SYSLOG_FACILITY			LOG_DAEMON
205 #define SYSLOG_PRI_LO			LOG_INFO
206 #define SYSLOG_PRI_HI			LOG_NOTICE
207 #define SYSLOG_PRI_ERROR		LOG_CRIT
208 
209 /*
210  * There's probably no reason to touch anything below this comment.
211  */
212 
213 /*
214  * According to RFC 1939: "Keywords and arguments are each separated by
215  * a single SPACE character. Keywords are three or four characters long.
216  * Each argument may be up to 40 characters long." We're only processing
217  * up to two arguments, so it is safe to truncate after this length.
218  */
219 #define POP_BUFFER_SIZE			0x80
220 
221 /*
222  * There's no reason to change this one either. Making this larger would
223  * waste memory, and smaller values could make the authentication fail.
224  */
225 #define AUTH_BUFFER_SIZE		(2 * POP_BUFFER_SIZE)
226 
227 #if POP_VIRTUAL
228 
229 /*
230  * Buffer size for reading entire per-user authentication files.
231  */
232 #define VIRTUAL_AUTH_SIZE		0x100
233 
234 #endif
235 
236 /*
237  * File buffer sizes to use while parsing the mailbox and retrieving a
238  * message, respectively. Can be changed.
239  */
240 #define FILE_BUFFER_SIZE		0x10000
241 #define RETR_BUFFER_SIZE		0x8000
242 
243 /*
244  * The mailbox parsing code isn't allowed to truncate lines earlier than
245  * this length. Keep this at least as large as the longest header field
246  * name we need to check for, but not too large for performance reasons.
247  */
248 #define LINE_BUFFER_SIZE		0x20
249 
250 #endif
251