summaryrefslogtreecommitdiff
path: root/usr.sbin/popa3d/params.h
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2001-08-19 13:05:58 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2001-08-19 13:05:58 +0000
commita6a38350f779ddf3a6febf67dda7714fe368e492 (patch)
treeb8ffbc248c20776618b1d6aa93ec16abb19e78d1 /usr.sbin/popa3d/params.h
parent580e400b41d341c2ad1bfe153d5ca6553351703a (diff)
libexec is the wrong place for popa3d, since it can be started WITHOUT inetd
Diffstat (limited to 'usr.sbin/popa3d/params.h')
-rw-r--r--usr.sbin/popa3d/params.h197
1 files changed, 197 insertions, 0 deletions
diff --git a/usr.sbin/popa3d/params.h b/usr.sbin/popa3d/params.h
new file mode 100644
index 00000000000..03145b92f55
--- /dev/null
+++ b/usr.sbin/popa3d/params.h
@@ -0,0 +1,197 @@
+/* $OpenBSD: params.h,v 1.1 2001/08/19 13:05:57 deraadt Exp $ */
+
+/*
+ * Global POP daemon parameters.
+ */
+
+#ifndef _POP_PARAMS_H
+#define _POP_PARAMS_H
+
+/*
+ * Are we going to be a standalone server or start via an inetd clone?
+ */
+#define POP_STANDALONE 1
+
+#if POP_STANDALONE
+
+/*
+ * The address and port to listen on.
+ */
+#define DAEMON_ADDR "0.0.0.0" /* INADDR_ANY */
+#define DAEMON_PORT 110
+
+/*
+ * Limit the number of POP sessions we can handle at a time to reduce
+ * the impact of connection flood DoS attacks.
+ */
+#define MAX_SESSIONS 100
+#define MAX_SESSIONS_PER_SOURCE 10
+#define MAX_BACKLOG 5
+#define MIN_DELAY 10
+
+#endif
+
+/*
+ * Do we want to support virtual domains?
+ */
+#define POP_VIRTUAL 0
+
+#if POP_VIRTUAL
+
+/*
+ * VIRTUAL_HOME_PATH is where the virtual domain root directories live.
+ */
+#define VIRTUAL_HOME_PATH "/vhome"
+
+/*
+ * Subdirectories within each virtual domain root for the authentication
+ * information and mailboxes, respectively. These defaults correspond to
+ * full pathnames of the form "/vhome/IP/{auth,mail}/username".
+ */
+#define VIRTUAL_AUTH_PATH "auth"
+#define VIRTUAL_SPOOL_PATH "mail"
+
+/*
+ * Do we want to support virtual domains only? Normally, if the connected
+ * IP address doesn't correspond to a directory in VIRTUAL_HOME_PATH, the
+ * authentication will be done globally.
+ */
+#define VIRTUAL_ONLY 0
+
+#else
+
+/*
+ * We don't support virtual domains (!POP_VIRTUAL), so we're definitely
+ * not virtual-only. Don't edit this.
+ */
+#define VIRTUAL_ONLY 0
+
+#endif
+
+/*
+ * An unprivileged dummy user to run as before authentication. The user
+ * and its UID must not be used for any other purpose.
+ */
+#define POP_USER "popa3d"
+
+/*
+ * Sessions will be closed if idle for longer than POP_TIMEOUT seconds.
+ * RFC 1939 says that "such a timer MUST be of at least 10 minutes'
+ * duration", so I've made 10 minutes the default. In practice, you
+ * may want to reduce this to, say, 2 minutes.
+ */
+#define POP_TIMEOUT (10 * 60)
+
+/*
+ * Do we want to support the obsolete LAST command, as defined in RFC
+ * 1460? It has been removed from the protocol in 1994 by RFC 1725,
+ * and isn't even mentioned in RFC 1939. Still, some software doesn't
+ * work without it.
+ */
+#define POP_SUPPORT_LAST 1
+
+/*
+ * Introduce some sane limits on the mailbox size in order to prevent
+ * a single huge mailbox from stopping the entire POP service.
+ */
+#define MAX_MAILBOX_MESSAGES 100000
+#define MAX_MAILBOX_BYTES 100000000
+
+#if !VIRTUAL_ONLY
+
+/*
+ * Choose the password authentication method your system uses:
+ *
+ * AUTH_PASSWD Use getpwnam(3) only, for *BSD or readable passwd;
+ *
+ * Note that there's no built-in password aging support.
+ */
+#define AUTH_PASSWD 1
+
+#endif
+
+#if POP_VIRTUAL || AUTH_PASSWD
+
+/*
+ * A salt used to waste some CPU time on dummy crypt(3) calls and make
+ * it harder (but still far from impossible, on most systems) to check
+ * for valid usernames. Adjust it for your crypt(3).
+ */
+/* echo -n "dummyblowfishsalt" | encrypt -b 7 */
+#define AUTH_DUMMY_SALT "$2a$07$deZMiFIouL0vgRsEG.AJY.Jx2Z8wJj3g5qs11UQWrBj8MERIu/rXi"
+
+#endif
+
+/*
+ * Message to return to the client when authentication fails. You can
+ * #undef this for no message.
+ */
+#define AUTH_FAILED_MESSAGE "Authentication failed (bad password?)"
+
+#if !VIRTUAL_ONLY
+
+/*
+ * Your mail spool directory. Note: only local (non-NFS) mode 775 mail
+ * spools are currently supported.
+ */
+#define MAIL_SPOOL_PATH "/var/mail"
+
+#endif
+
+/*
+ * Locking method your system uses for user mailboxes. It is important
+ * that you set this correctly.
+ */
+#define LOCK_FCNTL 1
+#define LOCK_FLOCK 0
+
+/*
+ * How do we talk to syslogd? These should be fine for most systems.
+ */
+#define SYSLOG_IDENT "popa3d"
+#define SYSLOG_OPTIONS LOG_PID
+#define SYSLOG_FACILITY LOG_DAEMON
+#define SYSLOG_PRIORITY LOG_NOTICE
+
+/*
+ * There's probably no reason to touch anything below this comment.
+ */
+
+/*
+ * According to RFC 1939: "Keywords and arguments are each separated by
+ * a single SPACE character. Keywords are three or four characters long.
+ * Each argument may be up to 40 characters long." We're only processing
+ * up to two arguments, so it is safe to truncate after this length.
+ */
+#define POP_BUFFER_SIZE 0x80
+
+/*
+ * There's no reason to change this one either. Making this larger would
+ * waste memory, and smaller values could make the authentication fail.
+ */
+#define AUTH_BUFFER_SIZE (2 * POP_BUFFER_SIZE)
+
+#if POP_VIRTUAL
+
+/*
+ * Buffer size for reading entire per-user authentication files.
+ */
+#define VIRTUAL_AUTH_SIZE 0x100
+
+#endif
+
+/*
+ * File buffer sizes to use while parsing the mailbox and retrieving a
+ * message, respectively. Can be changed.
+ */
+#define FILE_BUFFER_SIZE 0x10000
+#define RETR_BUFFER_SIZE 0x8000
+
+/*
+ * The mailbox parsing code isn't allowed to truncate lines earlier than
+ * this length. Keep this at least as large as the longest header field
+ * name we need to check for, but not too large for performance reasons.
+ */
+#define LINE_BUFFER_SIZE 0x20
+
+#endif