1 /* $OpenBSD: params.h,v 1.8 2003/05/12 19:28:22 camield Exp $ */ 2 3 /* 4 * Global POP daemon parameters. 5 */ 6 7 #ifndef _POP_PARAMS_H 8 #define _POP_PARAMS_H 9 10 /* 11 * Our name to use when talking to various interfaces. 12 */ 13 #define POP_SERVER "popa3d" 14 15 /* 16 * Are we going to be a standalone server or start via an inetd clone? 17 */ 18 #define POP_STANDALONE 1 19 20 #if POP_STANDALONE 21 22 /* 23 * Should the command line options be supported? 24 * If enabled, popa3d will default to inetd mode and will require a -D 25 * to actually enable the standalone mode. 26 */ 27 #define POP_OPTIONS 1 28 29 /* 30 * The address and port to listen on. 31 */ 32 #define DAEMON_ADDR "0.0.0.0" /* INADDR_ANY */ 33 #define DAEMON_PORT 110 34 35 /* 36 * Should libwrap be used? 37 * 38 * This may make things slower and also adds to code running as root, 39 * so it is recommended that you use a packet filter instead. This 40 * option is provided primarily as a way to meet conventions of certain 41 * systems where all services obey libwrap access controls. 42 */ 43 #ifdef LIBWRAP 44 #define DAEMON_LIBWRAP 1 45 #else 46 #define DAEMON_LIBWRAP 0 47 #endif 48 49 #if DAEMON_LIBWRAP 50 /* 51 * How do we talk to libwrap? 52 */ 53 #define DAEMON_LIBWRAP_IDENT POP_SERVER 54 #endif 55 56 /* 57 * Limit the number of POP sessions we can handle at a time to reduce 58 * the impact of connection flood DoS attacks. 59 */ 60 #define MAX_SESSIONS 100 61 #define MAX_SESSIONS_PER_SOURCE 10 62 #define MAX_BACKLOG 5 63 #define MIN_DELAY 10 64 65 #endif 66 67 /* 68 * Do we want to support virtual domains? 69 */ 70 #define POP_VIRTUAL 0 71 72 #if POP_VIRTUAL 73 74 /* 75 * VIRTUAL_HOME_PATH is where the virtual domain root directories live. 76 */ 77 #define VIRTUAL_HOME_PATH "/vhome" 78 79 /* 80 * Subdirectories within each virtual domain root for the authentication 81 * information and mailboxes, respectively. These defaults correspond to 82 * full pathnames of the form "/vhome/IP/{auth,mail}/username". 83 */ 84 #define VIRTUAL_AUTH_PATH "auth" 85 #define VIRTUAL_SPOOL_PATH "mail" 86 87 /* 88 * Do we want to support virtual domains only? Normally, if the connected 89 * IP address doesn't correspond to a directory in VIRTUAL_HOME_PATH, the 90 * authentication will be done globally. 91 */ 92 #define VIRTUAL_ONLY 0 93 94 #else 95 96 /* 97 * We don't support virtual domains (!POP_VIRTUAL), so we're definitely 98 * not virtual-only. Don't edit this. 99 */ 100 #define VIRTUAL_ONLY 0 101 102 #endif 103 104 /* 105 * A pseudo-user to run as before authentication. The user and its UID 106 * must not be used for any other purpose. 107 */ 108 #define POP_USER POP_SERVER 109 110 /* 111 * An empty directory to chroot to before authentication. The directory 112 * and its parent directories must not be writable by anyone but root. 113 */ 114 #define POP_CHROOT "/var/empty" 115 116 /* 117 * Sessions will be closed if idle for longer than POP_TIMEOUT seconds. 118 * RFC 1939 says that "such a timer MUST be of at least 10 minutes' 119 * duration", so I've made 10 minutes the default. In practice, you 120 * may want to reduce this to, say, 2 minutes. 121 */ 122 #define POP_TIMEOUT (10 * 60) 123 124 /* 125 * Do we want to support the obsolete LAST command, as defined in RFC 126 * 1460? It has been removed from the protocol in 1994 by RFC 1725, 127 * and isn't even mentioned in RFC 1939. Still, some software doesn't 128 * work without it. 129 */ 130 #define POP_SUPPORT_LAST 1 131 132 /* 133 * Introduce some sane limits on the mailbox size in order to prevent 134 * a single huge mailbox from stopping the entire POP service. 135 */ 136 #define MAX_MAILBOX_MESSAGES 200000 137 #define MAX_MAILBOX_OPEN_BYTES 200000000 138 #define MAX_MAILBOX_WORK_BYTES 250000000 139 140 #if !VIRTUAL_ONLY 141 142 /* 143 * Choose the password authentication method your system uses: 144 * 145 * AUTH_PASSWD Use getpwnam(3) only, for *BSD or readable passwd; 146 * 147 * Note that there's no built-in password aging support. 148 */ 149 #define AUTH_PASSWD 1 150 151 #endif 152 153 #if POP_VIRTUAL || AUTH_PASSWD 154 155 /* 156 * A salt used to waste some CPU time on dummy crypt(3) calls and make 157 * it harder (but still far from impossible, on most systems) to check 158 * for valid usernames. Adjust it for your crypt(3). 159 */ 160 /* echo -n "dummyblowfishsalt" | encrypt -b 6 */ 161 #define AUTH_DUMMY_SALT "$2a$06$bycSsJMBAEDy1E6zzaL5u.vd4GlIrmCWyDgB33OD36h6mrRympUwS" 162 163 #endif 164 165 /* 166 * Message to return to the client when authentication fails. You can 167 * #undef this for no message. 168 */ 169 #define AUTH_FAILED_MESSAGE "Authentication failed (bad password?)" 170 171 #if !VIRTUAL_ONLY 172 173 /* 174 * Your mail spool directory. Note: only local (non-NFS) mode 775 mail 175 * spools are currently supported. 176 * 177 * #undef this for qmail-style $HOME/Mailbox mailboxes. 178 */ 179 #define MAIL_SPOOL_PATH "/var/mail" 180 181 #ifndef MAIL_SPOOL_PATH 182 /* 183 * The mailbox file name relative to the user's home directory. 184 */ 185 #define HOME_MAILBOX_NAME "Mailbox" 186 #endif 187 188 #endif 189 190 /* 191 * Locking method your system uses for user mailboxes. It is important 192 * that you set this correctly. 193 * 194 * *BSDs use flock(2), others typically use fcntl(2). 195 */ 196 #define LOCK_FCNTL 0 197 #define LOCK_FLOCK 1 198 199 /* 200 * How do we talk to syslogd? These should be fine for most systems. 201 */ 202 #define SYSLOG_IDENT POP_SERVER 203 #define SYSLOG_OPTIONS LOG_PID 204 #define SYSLOG_FACILITY LOG_DAEMON 205 #define SYSLOG_PRI_LO LOG_INFO 206 #define SYSLOG_PRI_HI LOG_NOTICE 207 #define SYSLOG_PRI_ERROR LOG_CRIT 208 209 /* 210 * There's probably no reason to touch anything below this comment. 211 */ 212 213 /* 214 * According to RFC 1939: "Keywords and arguments are each separated by 215 * a single SPACE character. Keywords are three or four characters long. 216 * Each argument may be up to 40 characters long." We're only processing 217 * up to two arguments, so it is safe to truncate after this length. 218 */ 219 #define POP_BUFFER_SIZE 0x80 220 221 /* 222 * There's no reason to change this one either. Making this larger would 223 * waste memory, and smaller values could make the authentication fail. 224 */ 225 #define AUTH_BUFFER_SIZE (2 * POP_BUFFER_SIZE) 226 227 #if POP_VIRTUAL 228 229 /* 230 * Buffer size for reading entire per-user authentication files. 231 */ 232 #define VIRTUAL_AUTH_SIZE 0x100 233 234 #endif 235 236 /* 237 * File buffer sizes to use while parsing the mailbox and retrieving a 238 * message, respectively. Can be changed. 239 */ 240 #define FILE_BUFFER_SIZE 0x10000 241 #define RETR_BUFFER_SIZE 0x8000 242 243 /* 244 * The mailbox parsing code isn't allowed to truncate lines earlier than 245 * this length. Keep this at least as large as the longest header field 246 * name we need to check for, but not too large for performance reasons. 247 */ 248 #define LINE_BUFFER_SIZE 0x20 249 250 #endif 251