| 4 |
- |
1 |
##############################################################
|
|
|
2 |
# SERVER SETTINGS
|
|
|
3 |
|
|
|
4 |
# IP Address to bind to (0.0.0.0 for ANY)
|
|
|
5 |
# Set to 127.0.0.1 if connections should only come from localhost
|
|
|
6 |
# and through the webserver proxy
|
|
|
7 |
server_bind = 0.0.0.0
|
|
|
8 |
|
|
|
9 |
# Accept normal TCP connections (not recommended to disable)
|
|
|
10 |
server_tcp_enabled = yes
|
|
|
11 |
|
|
|
12 |
# Port to bind to
|
|
|
13 |
server_tcp_port = 236
|
|
|
14 |
|
|
|
15 |
# Accept unix pipe connections (not recommended to disable)
|
|
|
16 |
server_pipe_enabled = yes
|
|
|
17 |
|
|
|
18 |
# Unix socket location
|
|
|
19 |
server_pipe_name = /var/run/zarafa
|
|
|
20 |
|
|
|
21 |
# Priority unix socket location
|
|
|
22 |
server_pipe_priority = /var/run/zarafa-prio
|
|
|
23 |
|
|
|
24 |
# Name for identifying the server in a multi-server environment
|
|
|
25 |
server_name = Zarafa
|
|
|
26 |
|
|
|
27 |
# Override the hostname of this server, used by Kerberos SSO if enabled
|
|
|
28 |
server_hostname =
|
|
|
29 |
|
|
|
30 |
# Database engine (mysql)
|
|
|
31 |
database_engine = mysql
|
|
|
32 |
|
|
|
33 |
# Allow connections from normal users through the unix socket
|
|
|
34 |
allow_local_users = yes
|
|
|
35 |
|
|
|
36 |
# local admin users who can connect to any store (use this for the zarafa-dagent)
|
|
|
37 |
# field is SPACE separated
|
| 43 |
- |
38 |
# eg: local_admin_users = root vmail
|
| 4 |
- |
39 |
local_admin_users = root zarafa
|
|
|
40 |
|
| 5 |
- |
41 |
# The user has full rights on a folder by default, uncomment the following line to disable this.
|
|
|
42 |
# owner_auto_full_access = false
|
|
|
43 |
owner_auto_full_access = true
|
|
|
44 |
|
| 4 |
- |
45 |
# e-mail address of the Zarafa System user
|
|
|
46 |
system_email_address = postmaster@localhost
|
|
|
47 |
|
|
|
48 |
# drop privileges and run the process as this user
|
|
|
49 |
run_as_user = zarafa
|
|
|
50 |
|
|
|
51 |
# drop privileges and run the process as this group
|
|
|
52 |
run_as_group = zarafa
|
|
|
53 |
|
|
|
54 |
# create a pid file for stopping the service via the init.d scripts
|
|
|
55 |
pid_file = /var/run/zarafa-server.pid
|
|
|
56 |
|
|
|
57 |
# run server in this path (when not using the -F switch)
|
|
|
58 |
running_path = /
|
|
|
59 |
|
|
|
60 |
# create memory coredumps upon crash in the running_path directory
|
|
|
61 |
coredump_enabled = yes
|
|
|
62 |
|
|
|
63 |
# session timeout for clients. Values lower than 300 will be upped to 300
|
|
|
64 |
# automatically. If the server hears nothing from a client in session_timeout
|
|
|
65 |
# seconds, then the session is killed.
|
|
|
66 |
session_timeout = 300
|
|
|
67 |
|
|
|
68 |
# Socket to connect to license server
|
|
|
69 |
license_socket = /var/run/zarafa-licensed
|
|
|
70 |
|
|
|
71 |
# Time (in seconds) to wait for a connection to the license server before
|
|
|
72 |
# terminating the request.
|
|
|
73 |
license_timeout = 10
|
|
|
74 |
|
| 43 |
- |
75 |
# for temporary files
|
|
|
76 |
# consider mounting a `tmpfs' underneath this path (wherever you
|
|
|
77 |
# point it to)
|
|
|
78 |
tmp_path = /tmp
|
|
|
79 |
|
| 4 |
- |
80 |
##############################################################
|
|
|
81 |
# LOG SETTINGS
|
|
|
82 |
|
|
|
83 |
# Logging method (syslog, file), syslog facility is 'mail'
|
|
|
84 |
log_method = file
|
|
|
85 |
|
|
|
86 |
# Logfile (for log_method = file, '-' for stderr)
|
|
|
87 |
log_file = /var/log/zarafa/server.log
|
|
|
88 |
|
|
|
89 |
# Loglevel (0=no logging, 5=full logging)
|
|
|
90 |
log_level = 2
|
|
|
91 |
|
|
|
92 |
# Log timestamp - prefix each log line with timestamp in 'file' logging mode
|
|
|
93 |
log_timestamp = 1
|
|
|
94 |
|
| 43 |
- |
95 |
# Buffer logging in what sized blocks.
|
|
|
96 |
# Bigger buffers is better for the performance but it gives lag
|
|
|
97 |
# when running e.g. multitail or 'tail -f' on the log-file. If
|
|
|
98 |
# you want to directly see what is happing, set this to e.g. 1.
|
|
|
99 |
# So when debugging: make it a small value, else set it to
|
|
|
100 |
# 4096 or more.
|
|
|
101 |
log_buffer_size = 4096
|
|
|
102 |
|
| 4 |
- |
103 |
##############################################################
|
|
|
104 |
# AUDIT LOG SETTINGS
|
|
|
105 |
|
|
|
106 |
# Audit logging is by default not enabled
|
|
|
107 |
audit_log_enabled = no
|
|
|
108 |
|
|
|
109 |
# Audit logging method (syslog, file), syslog facility is 'authpriv'
|
|
|
110 |
audit_log_method = file
|
|
|
111 |
|
|
|
112 |
# Audit logfile (for log_method = file, '-' for stderr)
|
|
|
113 |
audit_log_file = /var/log/zarafa/server.log
|
|
|
114 |
|
|
|
115 |
# Audit loglevel (0=no logging, 1=full logging)
|
|
|
116 |
audit_log_level = 1
|
|
|
117 |
|
|
|
118 |
# Audit log timestamp - prefix each log line with timestamp in 'file' logging mode
|
|
|
119 |
audit_log_timestamp = 1
|
|
|
120 |
|
|
|
121 |
##############################################################
|
|
|
122 |
# MYSQL SETTINGS (for database_engine = mysql)
|
|
|
123 |
|
|
|
124 |
# MySQL hostname to connect to for database access
|
|
|
125 |
mysql_host = localhost
|
|
|
126 |
|
|
|
127 |
# MySQL port to connect with (usually 3306)
|
|
|
128 |
mysql_port = 3306
|
|
|
129 |
|
|
|
130 |
# The user under which we connect with MySQL
|
|
|
131 |
mysql_user = root
|
|
|
132 |
|
|
|
133 |
# The password for the user (leave empty for no password)
|
|
|
134 |
mysql_password = uwe2592
|
|
|
135 |
|
|
|
136 |
# Override the default MySQL socket to access mysql locally
|
|
|
137 |
# Works only if the mysql_host value is empty or 'localhost'
|
|
|
138 |
mysql_socket =
|
|
|
139 |
|
|
|
140 |
# Database to connect to
|
|
|
141 |
mysql_database = zarafa
|
|
|
142 |
|
|
|
143 |
# Where to place attachments. Value can be 'database' or 'files'
|
|
|
144 |
attachment_storage = files
|
|
|
145 |
|
| 43 |
- |
146 |
# Enable fsync as method to make sure attachments are stored on disk where
|
|
|
147 |
# supported and will not be buffered by OS and/or filesystem. Please note
|
|
|
148 |
# this setting will lower attachment write performance depending on your
|
|
|
149 |
# environment but enhances data safety with disaster recovery.
|
|
|
150 |
# Only affects 'files' attachment storage backend.
|
|
|
151 |
attachment_files_fsync = yes
|
|
|
152 |
|
| 4 |
- |
153 |
# When attachment_storage is 'files', use this path to store the files
|
|
|
154 |
attachment_path = /var/lib/zarafa
|
|
|
155 |
|
|
|
156 |
# Compression level for attachments when attachment_storage is 'files'.
|
|
|
157 |
# Set compression level for attachments disabled=0, max=9
|
|
|
158 |
attachment_compression = 6
|
|
|
159 |
|
|
|
160 |
##############################################################
|
|
|
161 |
# SSL SETTINGS
|
|
|
162 |
|
|
|
163 |
# enable SSL support in server
|
|
|
164 |
server_ssl_enabled = no
|
|
|
165 |
|
|
|
166 |
# Listen for SSL connections on this port
|
|
|
167 |
server_ssl_port = 237
|
|
|
168 |
|
|
|
169 |
# Required Server certificate, contains the certificate and the private key parts
|
|
|
170 |
server_ssl_key_file = /etc/zarafa/ssl/server.pem
|
|
|
171 |
|
|
|
172 |
# Password of Server certificate
|
|
|
173 |
server_ssl_key_pass = replace-with-server-cert-password
|
|
|
174 |
|
|
|
175 |
# Required Certificate Authority of server
|
|
|
176 |
server_ssl_ca_file = /etc/zarafa/ssl/cacert.pem
|
|
|
177 |
|
|
|
178 |
# Path with CA certificates, e.g. /etc/ssl/certs
|
|
|
179 |
server_ssl_ca_path =
|
|
|
180 |
|
| 23 |
- |
181 |
# SSL protocols to use, set to '!SSLv2' for 'server_ssl_enable_v2 = no'
|
|
|
182 |
server_ssl_protocols = !SSLv2
|
| 4 |
- |
183 |
|
| 23 |
- |
184 |
# SSL ciphers to use, set to 'ALL' for backward compatibility
|
|
|
185 |
server_ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
|
|
|
186 |
|
|
|
187 |
# Prefer the server's order of SSL ciphers over client's
|
|
|
188 |
server_ssl_prefer_server_ciphers = no
|
|
|
189 |
|
| 4 |
- |
190 |
# Path of SSL Public keys of clients
|
|
|
191 |
sslkeys_path = /etc/zarafa/sslkeys
|
|
|
192 |
|
|
|
193 |
##############################################################
|
|
|
194 |
# THREAD SETTINGS
|
|
|
195 |
|
|
|
196 |
# Number of server threads
|
|
|
197 |
# default: 8
|
|
|
198 |
threads = 8
|
|
|
199 |
|
|
|
200 |
# Watchdog frequency. The number of watchdog checks per second.
|
|
|
201 |
# default: 1
|
|
|
202 |
watchdog_frequency = 1
|
|
|
203 |
|
|
|
204 |
# Watchdog max age. The maximum age in ms of a task before a
|
|
|
205 |
# new thread is started.
|
|
|
206 |
# default: 500
|
|
|
207 |
watchdog_max_age = 500
|
|
|
208 |
|
|
|
209 |
# Maximum SOAP keep_alive value
|
|
|
210 |
# default: 100
|
|
|
211 |
server_max_keep_alive_requests = 100
|
|
|
212 |
|
|
|
213 |
# SOAP recv timeout value (time between requests)
|
|
|
214 |
# default: 5
|
|
|
215 |
server_recv_timeout = 5
|
|
|
216 |
|
|
|
217 |
# SOAP read timeout value (time during requests)
|
|
|
218 |
# default: 60
|
|
|
219 |
server_read_timeout = 60
|
|
|
220 |
|
|
|
221 |
# SOAP send timeout value
|
|
|
222 |
# default: 60
|
|
|
223 |
server_send_timeout = 60
|
|
|
224 |
|
|
|
225 |
##############################################################
|
|
|
226 |
# OTHER SETTINGS
|
|
|
227 |
|
|
|
228 |
# Softdelete clean cycle (in days) 0=never running
|
|
|
229 |
softdelete_lifetime = 30
|
|
|
230 |
|
|
|
231 |
# Sync lifetime, removes all changes remembered for a client after x days of inactivity
|
|
|
232 |
sync_lifetime = 90
|
|
|
233 |
|
|
|
234 |
# Set to 'yes' if all changes (for synchronization) to messages should be logged to the database
|
|
|
235 |
sync_log_all_changes = yes
|
|
|
236 |
|
|
|
237 |
# Set to 'yes' if you have Kerberos or NTLM correctly configured for single sign-on
|
|
|
238 |
enable_sso = no
|
|
|
239 |
|
|
|
240 |
# Set to 'yes' if you want to show the GAB to your users
|
|
|
241 |
enable_gab = yes
|
|
|
242 |
|
|
|
243 |
# Authentication can be through plugin (default, recommended), pam or kerberos
|
|
|
244 |
auth_method = plugin
|
|
|
245 |
|
|
|
246 |
# If auth_method is set to pam, you should provide the pam service name
|
|
|
247 |
pam_service = passwd
|
|
|
248 |
|
|
|
249 |
|
|
|
250 |
#############################################################
|
|
|
251 |
# CACHE SETTINGS
|
|
|
252 |
#
|
|
|
253 |
# To see the live cache usage, use 'zarafa-stats --system'.
|
|
|
254 |
|
|
|
255 |
# Size in bytes of the 'cell' cache (should be set as high as you can afford to set it)
|
|
|
256 |
cache_cell_size = 256M
|
|
|
257 |
|
|
|
258 |
# Size in bytes of the 'object' cache
|
|
|
259 |
cache_object_size = 5M
|
|
|
260 |
|
|
|
261 |
# Size in bytes of the 'indexed object' cache
|
|
|
262 |
cache_indexedobject_size = 16M
|
|
|
263 |
|
|
|
264 |
# Size in bytes of the userquota details
|
|
|
265 |
cache_quota_size = 1M
|
|
|
266 |
|
|
|
267 |
# Lifetime for userquota details
|
|
|
268 |
cache_quota_lifetime = 1
|
|
|
269 |
|
|
|
270 |
# Size in bytes of the acl cache
|
|
|
271 |
cache_acl_size = 1M
|
|
|
272 |
|
|
|
273 |
# Size in bytes of the store id/guid cache
|
|
|
274 |
cache_store_size = 1M
|
|
|
275 |
|
|
|
276 |
# Size in bytes of the 'user id' cache (this is allocated twice)
|
|
|
277 |
cache_user_size = 1M
|
|
|
278 |
|
|
|
279 |
# Size in bytes of the 'user details' cache
|
| 43 |
- |
280 |
cache_userdetails_size = 25M
|
| 4 |
- |
281 |
|
|
|
282 |
# Lifetime for user details
|
|
|
283 |
cache_userdetails_lifetime = 0
|
|
|
284 |
|
|
|
285 |
# Size in bytes of the server details (multiserver setups only)
|
|
|
286 |
cache_server_size = 1M
|
|
|
287 |
|
|
|
288 |
# Lifetime for server details (multiserver setups only)
|
|
|
289 |
cache_server_lifetime = 30
|
|
|
290 |
|
|
|
291 |
|
|
|
292 |
##############################################################
|
|
|
293 |
# QUOTA SETTINGS
|
|
|
294 |
|
|
|
295 |
# The default Warning Quota Level. Set to 0 to disable this level.
|
|
|
296 |
# The user will receive an email when this level is reached. Value is in Mb. Default value is 0.
|
|
|
297 |
quota_warn = 0
|
|
|
298 |
|
|
|
299 |
# The default Soft Quota Level. Set to 0 to disable this level.
|
|
|
300 |
# The user will still receive mail, but sending new mail is prohibited, until objects are removed from the store.
|
|
|
301 |
# VALUE is in Mb. Default value is 0.
|
|
|
302 |
quota_soft = 0
|
|
|
303 |
|
|
|
304 |
# The default Hard Quota Level. Set to 0 to disable this level.
|
|
|
305 |
# The user can not receive and send mail, until objects are removed from the store.
|
|
|
306 |
# Value is in Mb. Default value is 0.
|
|
|
307 |
quota_hard = 0
|
|
|
308 |
|
|
|
309 |
# The default Warning Quota Level for multitenant public stores. Set to 0 to disable this level.
|
|
|
310 |
# The tenant administrator will receive an email when this level is reached. Value is in Mb. Default value is 0.
|
|
|
311 |
companyquota_warn = 0
|
|
|
312 |
|
|
|
313 |
|
|
|
314 |
##############################################################
|
|
|
315 |
# USER PLUGIN SETTINGS
|
|
|
316 |
|
|
|
317 |
# Name of the plugin that handles users
|
|
|
318 |
# Required, default = db
|
|
|
319 |
# Values: ldap, unix, db, ldapms (available in enterprise license)
|
|
|
320 |
user_plugin = db
|
|
|
321 |
|
|
|
322 |
# configuration file of the user plugin, examples can be found in /usr/share/doc/zarafa/example-config
|
|
|
323 |
user_plugin_config = /etc/zarafa/ldap.cfg
|
|
|
324 |
|
|
|
325 |
# location of the zarafa plugins
|
|
|
326 |
# if you have a 64bit distribution, this probably should be changed to /usr/lib64/zarafa
|
|
|
327 |
plugin_path = /usr/lib64/zarafa
|
|
|
328 |
|
|
|
329 |
# scripts which create stores for users from an external source
|
|
|
330 |
# used for ldap and unix plugins only
|
|
|
331 |
createuser_script = /etc/zarafa/userscripts/createuser
|
|
|
332 |
deleteuser_script = /etc/zarafa/userscripts/deleteuser
|
|
|
333 |
creategroup_script = /etc/zarafa/userscripts/creategroup
|
|
|
334 |
deletegroup_script = /etc/zarafa/userscripts/deletegroup
|
|
|
335 |
createcompany_script = /etc/zarafa/userscripts/createcompany
|
|
|
336 |
deletecompany_script = /etc/zarafa/userscripts/deletecompany
|
|
|
337 |
|
|
|
338 |
# Set this option to 'yes' to skip the creation and deletion of new users
|
|
|
339 |
# The action will be logged, so you can see if your changes to the plugin
|
|
|
340 |
# configuration are correct.
|
|
|
341 |
user_safe_mode = no
|
|
|
342 |
|
|
|
343 |
##############################################################
|
|
|
344 |
# MISC SETTINGS
|
|
|
345 |
|
|
|
346 |
# Thread size in KB, default is 512
|
|
|
347 |
# WARNING: Do not set too small, your server WILL crash
|
|
|
348 |
thread_stacksize = 512
|
|
|
349 |
|
|
|
350 |
# Enable multi-tenancy environment
|
|
|
351 |
# When set to true it is possible to create tenants within the
|
|
|
352 |
# zarafa instance and assign all users and groups to particular
|
|
|
353 |
# tenants.
|
|
|
354 |
# When set to false, the normal single-tenancy environment is created.
|
|
|
355 |
enable_hosted_zarafa = false
|
|
|
356 |
|
|
|
357 |
# Enable multi-server environment
|
|
|
358 |
# When set to true it is possible to place users and tenants on
|
|
|
359 |
# specific servers.
|
|
|
360 |
# When set to false, the normal single-server environment is created.
|
|
|
361 |
enable_distributed_zarafa = false
|
|
|
362 |
|
|
|
363 |
# Display format of store name
|
|
|
364 |
# Allowed variables:
|
|
|
365 |
# %u Username
|
|
|
366 |
# %f Fullname
|
|
|
367 |
# %c Teantname
|
|
|
368 |
# default: %f
|
|
|
369 |
storename_format = %f
|
|
|
370 |
|
|
|
371 |
# Loginname format (for Multi-tenancy installations)
|
|
|
372 |
# When the user does not login through a system-wide unique
|
|
|
373 |
# username (like the email address) a unique name is created
|
|
|
374 |
# by combining the username and the tenantname.
|
|
|
375 |
# With this configuration option you can set how the
|
|
|
376 |
# loginname should be built up.
|
|
|
377 |
#
|
|
|
378 |
# Note: Do not use the = character in the format.
|
|
|
379 |
#
|
|
|
380 |
# Allowed variables:
|
|
|
381 |
# %u Username
|
|
|
382 |
# %c Teantname
|
|
|
383 |
#
|
|
|
384 |
# default: %u
|
|
|
385 |
loginname_format = %u
|
|
|
386 |
|
|
|
387 |
# Set to yes for Windows clients to be able to download the latest
|
|
|
388 |
# Zarafa Outlook client from the Zarafa server
|
|
|
389 |
client_update_enabled = false
|
|
|
390 |
|
|
|
391 |
# Place the correct Zarafa Outlook Client in this directory for
|
|
|
392 |
# Windows clients to download through the Zarafa server
|
|
|
393 |
client_update_path = /var/lib/zarafa/client
|
|
|
394 |
|
|
|
395 |
# Recieve update information from the client (0 = disabled, 1 = only on error, 2 = log always)
|
|
|
396 |
client_update_log_level = 1
|
|
|
397 |
|
|
|
398 |
# Log location for the client auto update files
|
|
|
399 |
client_update_log_path = /var/log/zarafa/autoupdate
|
|
|
400 |
|
|
|
401 |
# Everyone is a special internal group, which contains every user and group
|
|
|
402 |
# You may want to disable this group from the Global Addressbook by setting
|
|
|
403 |
# this option to 'yes'. Administrators will still be able to see the group.
|
|
|
404 |
hide_everyone = no
|
|
|
405 |
|
|
|
406 |
# System is a special internal user, which has super-admin privileges
|
|
|
407 |
# You may want to disable this user from the Global Addressbook by setting
|
|
|
408 |
# this option to 'yes'. Administrators will still be able to see the user.
|
|
|
409 |
hide_system = yes
|
|
|
410 |
|
|
|
411 |
# Use Indexing service for faster searching.
|
|
|
412 |
# Enabling this option requires the zarafa-search service to
|
|
|
413 |
# be running.
|
|
|
414 |
search_enabled = yes
|
|
|
415 |
|
|
|
416 |
# Path to the zarafa-search service, this option is only required
|
|
|
417 |
# if the server is going to make use of the indexing service.
|
|
|
418 |
search_socket = file:///var/run/zarafa-search
|
|
|
419 |
|
|
|
420 |
# Time (in seconds) to wait for a connection to the zarafa-search service
|
|
|
421 |
# before terminating the indexed search request.
|
|
|
422 |
search_timeout = 10
|
|
|
423 |
|
|
|
424 |
# Allow enhanced ICS operations to speedup synchronization with cached profiles.
|
|
|
425 |
# default: yes
|
|
|
426 |
enable_enhanced_ics = yes
|
|
|
427 |
|
|
|
428 |
# SQL Procedures allow for some optimized queries when streaming with enhanced ICS.
|
|
|
429 |
# This is default disabled because you must set 'thread_stack = 256k' in your
|
|
|
430 |
# MySQL server config under the [mysqld] tag and restart your MySQL server.
|
|
|
431 |
enable_sql_procedures = no
|
|
|
432 |
|
|
|
433 |
# Synchronize GAB users on every open of the GAB (otherwise, only on
|
|
|
434 |
# zarafa-admin --sync)
|
|
|
435 |
sync_gab_realtime = yes
|
|
|
436 |
|
|
|
437 |
# Disable features for users. Default all features are disabled. This
|
|
|
438 |
# list is space separated. Currently valid values: imap
|
|
|
439 |
disabled_features = pop3
|
|
|
440 |
|
|
|
441 |
# Maximum number of deferred records in total
|
|
|
442 |
max_deferred_records = 0
|
|
|
443 |
|
|
|
444 |
# Maximum number of deferred records per folder
|
|
|
445 |
max_deferred_records_folder = 20
|
|
|
446 |
|
|
|
447 |
# Restrict the permissions that admins receive to folder permissions only. Please
|
|
|
448 |
# read the server.cfg manpage before enabling this option so you really understand
|
|
|
449 |
# the implications
|
|
|
450 |
restrict_admin_permissions = no
|
|
|
451 |
|
|
|
452 |
# The maximum level of attachment recursion; Defines the number of
|
|
|
453 |
# attachment-in-attachment in-attachment levels are allowed when saving and
|
|
|
454 |
# replicating objects in the database. If you really want a higher level of
|
|
|
455 |
# recursion than about 20, you probably have to increase MySQL's stack_size
|
|
|
456 |
# to allow replication to work properly.
|
|
|
457 |
embedded_attachment_limit = 20
|
|
|
458 |
|
|
|
459 |
# Header to detect whether a connection has been received through a proxy. The
|
|
|
460 |
# value of the header is not inspected. If the header exists then the connection
|
|
|
461 |
# is taken to be received via a proxy. An empty value disables proxy detection
|
|
|
462 |
# and the value of '*' is used to indicate that all connections are proxied
|
|
|
463 |
proxy_header =
|