diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-08-19 13:05:58 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-08-19 13:05:58 +0000 |
commit | a6a38350f779ddf3a6febf67dda7714fe368e492 (patch) | |
tree | b8ffbc248c20776618b1d6aa93ec16abb19e78d1 /usr.sbin/popa3d/params.h | |
parent | 580e400b41d341c2ad1bfe153d5ca6553351703a (diff) |
libexec is the wrong place for popa3d, since it can be started WITHOUT inetd
Diffstat (limited to 'usr.sbin/popa3d/params.h')
-rw-r--r-- | usr.sbin/popa3d/params.h | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/usr.sbin/popa3d/params.h b/usr.sbin/popa3d/params.h new file mode 100644 index 00000000000..03145b92f55 --- /dev/null +++ b/usr.sbin/popa3d/params.h @@ -0,0 +1,197 @@ +/* $OpenBSD: params.h,v 1.1 2001/08/19 13:05:57 deraadt Exp $ */ + +/* + * Global POP daemon parameters. + */ + +#ifndef _POP_PARAMS_H +#define _POP_PARAMS_H + +/* + * Are we going to be a standalone server or start via an inetd clone? + */ +#define POP_STANDALONE 1 + +#if POP_STANDALONE + +/* + * The address and port to listen on. + */ +#define DAEMON_ADDR "0.0.0.0" /* INADDR_ANY */ +#define DAEMON_PORT 110 + +/* + * Limit the number of POP sessions we can handle at a time to reduce + * the impact of connection flood DoS attacks. + */ +#define MAX_SESSIONS 100 +#define MAX_SESSIONS_PER_SOURCE 10 +#define MAX_BACKLOG 5 +#define MIN_DELAY 10 + +#endif + +/* + * Do we want to support virtual domains? + */ +#define POP_VIRTUAL 0 + +#if POP_VIRTUAL + +/* + * VIRTUAL_HOME_PATH is where the virtual domain root directories live. + */ +#define VIRTUAL_HOME_PATH "/vhome" + +/* + * Subdirectories within each virtual domain root for the authentication + * information and mailboxes, respectively. These defaults correspond to + * full pathnames of the form "/vhome/IP/{auth,mail}/username". + */ +#define VIRTUAL_AUTH_PATH "auth" +#define VIRTUAL_SPOOL_PATH "mail" + +/* + * Do we want to support virtual domains only? Normally, if the connected + * IP address doesn't correspond to a directory in VIRTUAL_HOME_PATH, the + * authentication will be done globally. + */ +#define VIRTUAL_ONLY 0 + +#else + +/* + * We don't support virtual domains (!POP_VIRTUAL), so we're definitely + * not virtual-only. Don't edit this. + */ +#define VIRTUAL_ONLY 0 + +#endif + +/* + * An unprivileged dummy user to run as before authentication. The user + * and its UID must not be used for any other purpose. + */ +#define POP_USER "popa3d" + +/* + * Sessions will be closed if idle for longer than POP_TIMEOUT seconds. + * RFC 1939 says that "such a timer MUST be of at least 10 minutes' + * duration", so I've made 10 minutes the default. In practice, you + * may want to reduce this to, say, 2 minutes. + */ +#define POP_TIMEOUT (10 * 60) + +/* + * Do we want to support the obsolete LAST command, as defined in RFC + * 1460? It has been removed from the protocol in 1994 by RFC 1725, + * and isn't even mentioned in RFC 1939. Still, some software doesn't + * work without it. + */ +#define POP_SUPPORT_LAST 1 + +/* + * Introduce some sane limits on the mailbox size in order to prevent + * a single huge mailbox from stopping the entire POP service. + */ +#define MAX_MAILBOX_MESSAGES 100000 +#define MAX_MAILBOX_BYTES 100000000 + +#if !VIRTUAL_ONLY + +/* + * Choose the password authentication method your system uses: + * + * AUTH_PASSWD Use getpwnam(3) only, for *BSD or readable passwd; + * + * Note that there's no built-in password aging support. + */ +#define AUTH_PASSWD 1 + +#endif + +#if POP_VIRTUAL || AUTH_PASSWD + +/* + * A salt used to waste some CPU time on dummy crypt(3) calls and make + * it harder (but still far from impossible, on most systems) to check + * for valid usernames. Adjust it for your crypt(3). + */ +/* echo -n "dummyblowfishsalt" | encrypt -b 7 */ +#define AUTH_DUMMY_SALT "$2a$07$deZMiFIouL0vgRsEG.AJY.Jx2Z8wJj3g5qs11UQWrBj8MERIu/rXi" + +#endif + +/* + * Message to return to the client when authentication fails. You can + * #undef this for no message. + */ +#define AUTH_FAILED_MESSAGE "Authentication failed (bad password?)" + +#if !VIRTUAL_ONLY + +/* + * Your mail spool directory. Note: only local (non-NFS) mode 775 mail + * spools are currently supported. + */ +#define MAIL_SPOOL_PATH "/var/mail" + +#endif + +/* + * Locking method your system uses for user mailboxes. It is important + * that you set this correctly. + */ +#define LOCK_FCNTL 1 +#define LOCK_FLOCK 0 + +/* + * How do we talk to syslogd? These should be fine for most systems. + */ +#define SYSLOG_IDENT "popa3d" +#define SYSLOG_OPTIONS LOG_PID +#define SYSLOG_FACILITY LOG_DAEMON +#define SYSLOG_PRIORITY LOG_NOTICE + +/* + * There's probably no reason to touch anything below this comment. + */ + +/* + * According to RFC 1939: "Keywords and arguments are each separated by + * a single SPACE character. Keywords are three or four characters long. + * Each argument may be up to 40 characters long." We're only processing + * up to two arguments, so it is safe to truncate after this length. + */ +#define POP_BUFFER_SIZE 0x80 + +/* + * There's no reason to change this one either. Making this larger would + * waste memory, and smaller values could make the authentication fail. + */ +#define AUTH_BUFFER_SIZE (2 * POP_BUFFER_SIZE) + +#if POP_VIRTUAL + +/* + * Buffer size for reading entire per-user authentication files. + */ +#define VIRTUAL_AUTH_SIZE 0x100 + +#endif + +/* + * File buffer sizes to use while parsing the mailbox and retrieving a + * message, respectively. Can be changed. + */ +#define FILE_BUFFER_SIZE 0x10000 +#define RETR_BUFFER_SIZE 0x8000 + +/* + * The mailbox parsing code isn't allowed to truncate lines earlier than + * this length. Keep this at least as large as the longest header field + * name we need to check for, but not too large for performance reasons. + */ +#define LINE_BUFFER_SIZE 0x20 + +#endif |