diff --git a/courier-imap/libs/imap/imapd-ssl.dist.in b/courier-imap/libs/imap/imapd-ssl.dist.in index a4256a0..1eb9564 100644 --- a/courier-imap/libs/imap/imapd-ssl.dist.in +++ b/courier-imap/libs/imap/imapd-ssl.dist.in @@ -43,21 +43,21 @@ SSLPORT=993 # # SSLADDRESS=127.0.0.1 -SSLADDRESS=0 +SSLADDRESS=127.0.0.1 ##NAME: SSLPIDFILE:0 # # That's the SSL IMAP port we'll listen on. # Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP. -SSLPIDFILE=@piddir@/imapd-ssl.pid +SSLPIDFILE=@piddir@/courier-imaps.pid ##NAME: SSLLOGGEROPTS:0 # # courierlogger(1) options. # -SSLLOGGEROPTS="-name=imapd-ssl" +SSLLOGGEROPTS="-name=courier-imaps" ##NAME: IMAPDSSLSTART:0 # @@ -72,7 +72,7 @@ SSLLOGGEROPTS="-name=imapd-ssl" # # Whether or not to start IMAP over SSL on simap port: -IMAPDSSLSTART=NO +IMAPDSSLSTART=YES ##NAME: IMAPDSTARTTLS:0 # @@ -86,7 +86,7 @@ IMAPDSTARTTLS=YES # (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS # is issued). -IMAP_TLS_REQUIRED=0 +IMAP_TLS_REQUIRED=1 ######################################################################### @@ -102,7 +102,7 @@ IMAP_TLS_REQUIRED=0 ##NAME: COURIERTLS:0 # -COURIERTLS=@bindir@/couriertls +COURIERTLS=@sbindir@/couriertls ##NAME: TLS_PRIORITY:0 # @@ -145,6 +145,8 @@ COURIERTLS=@bindir@/couriertls # # The default value is TLSv1+ +TLS_PROTOCOL=TLS1.2++ + ##NAME: TLS_CIPHER_LIST:0 # # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the @@ -194,6 +196,8 @@ COURIERTLS=@bindir@/couriertls # # +TLS_CIPHER_LIST="EECDH+AESGCM:EDH+AESGCM" + ##NAME: TLS_MIN_DH_BITS:0 # # TLS_MIN_DH_BITS=n @@ -248,7 +252,7 @@ TLS_CERTFILE=@certsdir@/imapd.pem # # TLS_DHPARAMS - DH parameter file. # -TLS_DHPARAMS=@certsdir@/dhparams.pem +TLS_DHPARAMS=@certsdir@/imapd.dh ##NAME: TLS_TRUSTCERTS:0 # @@ -276,7 +280,7 @@ TLS_TRUSTCERTS=@cacerts@ # REQUIREPEER - require a client certificate, fail if one's not presented # # -TLS_VERIFYPEER=NONE +TLS_VERIFYPEER=PEER ##NAME: TLS_EXTERNAL:0 # diff --git a/courier-imap/libs/imap/pop3d-ssl.dist.in b/courier-imap/libs/imap/pop3d-ssl.dist.in index f5fd7be..2682ad6 100644 --- a/courier-imap/libs/imap/pop3d-ssl.dist.in +++ b/courier-imap/libs/imap/pop3d-ssl.dist.in @@ -43,25 +43,25 @@ SSLPORT=995 # # SSLADDRESS=127.0.0.1 -SSLADDRESS=0 +SSLADDRESS=127.0.0.1 ##NAME: SSLPIDFILE:0 # -SSLPIDFILE=@piddir@/pop3d-ssl.pid +SSLPIDFILE=@piddir@/courier-pop3s.pid ##NAME: SSLLOGGEROPTS:0 # # courierlogger(1) options. # -SSLLOGGEROPTS="-name=pop3d-ssl" +SSLLOGGEROPTS="-name=courier-pop3s" ##NAME: POP3DSSLSTART:0 # # Whether or not to start POP3 over SSL on spop3 port: -POP3DSSLSTART=NO +POP3DSSLSTART=YES ##NAME: POP3_STARTTLS:0 # @@ -75,7 +75,7 @@ POP3_STARTTLS=YES # (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS # is issued). -POP3_TLS_REQUIRED=0 +POP3_TLS_REQUIRED=1 ##NAME: COURIERTLS:0 # @@ -87,7 +87,7 @@ POP3_TLS_REQUIRED=0 # at your own risk. Only the basic SSL/TLS functionality is known to be # working. Keep this in mind as you play with the following variables. -COURIERTLS=@bindir@/couriertls +COURIERTLS=@sbindir@/couriertls ##NAME: TLS_PRIORITY:0 # @@ -130,6 +130,8 @@ COURIERTLS=@bindir@/couriertls # # The default value is TLSv1+ +TLS_PROTOCOL=TLSv1.2++ + ##NAME: TLS_CIPHER_LIST:0 # # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the @@ -160,6 +162,8 @@ COURIERTLS=@bindir@/couriertls # See GnuTLS documentation, gnutls_priority_init(3) for additional # documentation. +TLS_CIPHER_LIST="EECDH+AESGCM:EDH+AESGCM" + ##NAME: TLS_MIN_DH_BITS:0 # # TLS_MIN_DH_BITS=n @@ -214,7 +218,7 @@ TLS_CERTFILE=@certsdir@/pop3d.pem # # TLS_DHPARAMS - DH parameter file. # -TLS_DHPARAMS=@certsdir@/dhparams.pem +TLS_DHPARAMS=@certsdir@/pop3d.dh ##NAME: TLS_TRUSTCERTS:0 # @@ -242,7 +246,7 @@ TLS_TRUSTCERTS=@cacerts@ # REQUIREPEER - require a client certificate, fail if one's not presented # # -TLS_VERIFYPEER=NONE +TLS_VERIFYPEER=PEER ##NAME: TLS_EXTERNAL:0 #