ms.conf is used to configure the mailstore at invocation. The options that can be listed in the ms.conf file are organized into Required Configuration, Recommended Configuration, Option Configuration and authproxyd. Each line of the file has the form:
option value ... |
where option is the name of the configuration option being set and value is the value the configuration option is being set to. Blank lines and lines beginning with "#" are ignored. Options take either a boolean, numerical, or (multiple) string argument.
 | Note: If an option is not present in the file, its default is assumed. Default values appear in square brackets at the head of the description text, that is, [ <default> ]. Some options have no default value; these are listed with <no default>. Options that default to an empty string are listed with <none>. |
For boolean options, the values yes, on, t, and 1 (one) turn the option on, and the values no, off, f, and 0 (zero) turn the option off.
The following options are required for the operation of M-Store (see NOTE in “ Store Configuration”):
Table 4-1. ms.conf Required Options
Option | Description |
|---|---|
admin_domain [<no default>] | All users of the specified domain are assumed to have site administration privileges. This option is necessary to perform Web-based site administration. |
cleartext-login-enable [on] | Enables the IMAP4 LOGIN command and the POP3 USER and PASS commands. At least one of cleartext-login-enable or sasl-enable-<mech> must be enabled for users to authenticate. By default, all SASL CRAM-MD5 and DIGEST-MD5 authentication mechanisms are also enabled. |
default-domain name [<no default>] | The default domain name if single-domain is enabled. |
mailstore name path [<no default>] | Declare path as a mailstore with the symbolic name name. There must be at least one mailstore declared.
|
ms-assignment-policy rule [glob] mailstore ... [<no default>] | Determine the mailstore (with symbolic name mailstore) on which a newly created mailbox resides. There must be at least one assignment policy defined as each acts as a filter executed in order of appearance in the ms.conf file. |
There are three available ms-assignment-policy rules:
user-rule | The mailbox resides on the mailstore for which the user matches the glob pattern. This rule takes both a glob pattern and a single mailstore name. |
domain-rule | The mailbox resides on the mailstore for which the domain matches the glob pattern. This rule takes both a glob pattern and a single mailstore name. |
bytes-free | The mailbox resides on the mailstore with the most free space. This rule does not require a glob pattern, but does take a list of mailstore names. It is recommended to end with a bytes-free rule or a glob rule with a glob pattern of "*" to ensure a default mailstore exists for newly created mailboxes. |
Table 4-2. SASL Plugin Options
Option | Description |
|---|---|
sasl-enable-cram-md5 [on] | Enable the built-in SASL CRAM-MD5 authentication mechanism. |
sasl-enable-digest-md5 [on] | Enable the built-in SASL DIGEST-MD5 authentication mechanism. |
sasl-enable-plain [off] | Enable the built-in SASL PLAIN authentication mechanism. |
sasl-enable-<mech> [off] | Enable the SASL <mech> authentication mechanism plugin. The <mech> plugin must also be installed in executable_base_path /lib/plugins/ |
The following options are recommended for proper operation of M-Store (see NOTE in “ Store Configuration”):
Table 4-4. Recommended M-Store Configuration Options
Option | Description |
|---|---|
hash-level-1 [20] | The number of hash directories in the first level of the mailstore. The minimum value allowed is 5 and the maximum is 500. (See NOTE in hash-level-2 Description) |
hash-level-2 [200] | The number of hash directories in the second level of the mailstore. The minimum value allowed is 5 and the maximum is 500. NOTE: Under each of the defined mailstores exist a number of first-level hash directories. Each of which contains a number of second level hash directories. Mailboxes physically reside under the second-level hash directories. |
quotawarn [90] | The percentage of quota utilization above which the IMAP server generates warnings. |
transaction-log-directory [transaction_log] | The directory path where the database log files are stored. If
the argument is a relative path, the logs are stored in
ms-path/database/ \
transaction_log_directory/. , for more information. |
The following are optional for M-Store configuration file (see NOTE in “ Store Configuration”):
Table 4-5. Optional ms.conf Entries
Option | Description |
|---|---|
admin-append-domain-auth [on] | When enabled, append the current domain to the identifier when creating authentication accounts with the administration tools. For example, creating an authentication account for user foo implicitly creates the account for foo@mydomain.bar instead. |
allow-one-message-overquota [off] | Allow a user to receive one message that would put them over quota. Note that if a user is already over quota then no messages can be received. |
allowanonymouslogin [off] | Permit logins by the user anonymous using any password (this feature is not supported by all authentication mechanisms). |
auto-create-inbox [off] | If the authenticated user does not already have an IMAP INBOX, create one automatically when they authenticate. |
auto-create-inbox-quota [0] | If auto-create-inbox is enabled, the newly created INBOX is assigned a quota root with the specified value (in bytes). If the value is less than or equal to zero, no quota root is assigned. |
defaultacl [anyone lrs] | The default acl (access control list) for newly created mailboxes. |
executable-base-path [/usr/local/md] | The base path for M-Store binaries and documentation. |
imap-port [143] | Specify the port used by imapd. |
license-file-path [/etc/md/store/license.dat] | Specify the absolute path of the license file license.dat. |
lmtp-enable-overquota-delivery [off] | When enabled, lmtpd will also listen to the named socket ms-path /ipc/lmtpd-oq. All mail delivered through this socket is delivered regardless of a user's quota. The behavior of the default socket is unchanged. |
lmtp-shared-name [shared] | Specify the local name used by lmtpd to denote shared folders during Plus-Addressing delivery. |
max-overquota-kb [0] | If we have allow-one-message-overquota set [on], this option limits the size of a message that can be delivered over quota. If this is set to 0 or undefined, there is no limit. |
messagestore-deliver-eat-nuls [off] | Enable the removal of NUL characters in messages. The default behavior is to reject such messages. Note that removing such characters may render parts of the message unreadable. NUL characters are illegal in messages according to RFC2060; this option is provided to allow sites to work around non-compliant (broken) mail clients. |
messagestore-deliver-overquota -bounce [off] | If enabled, causes deliver and lmtpd to return a permanent delivery failure for any message delivery that would put the target mailbox over its quota limit. Normally these programs return a temporary failure, allowing the message transport agent (MTA) to requeue the delivery attempt. Enabling this option forces the MTA to immediately bounce the message. |
ms-path [/var/md/store] | The base path of the message store data. |
plaintextloginpause [0] | Number of seconds to pause after a successful plaintext login. For systems that support strong authentication, this permits users to perceive a cost in using plaintext passwords. |
pop-port [110] | Specify the port used by pop3d. |
popminpoll [0] | Set the minimum amount of time, in minutes, the server forces users to wait between successive POP3 logins. |
poptimeout [10] | Set the length of the POP3 server inactivity for the autologout timer, in minutes. The minimum value is 10 minutes. |
runtime-user [sms] | The login name of the UNIX account under which the server runs. |
timeout [30] | The length of the IMAP server inactivity for the autologout timer, in minutes. The minimum value is 30 minutes. |
umask [077] | The default umask value used by the server programs. |
The following options are used by authproxyd, the M-Store authentication server (see NOTE in “ Store Configuration”):
Option | Description |
|---|---|
authproxy-authmech [authdb] | Specify the mechanism used to authenticate plaintext logins. |
authproxy-legacy-authmech [<no default>] | If authentication using authmech fails, authenticate using the legacy-authmech. If the latter succeeds, automatically build an account in the authmech authentication environment using the username and password information supplied in the authentication request. Future authentications with the same username and password will succeed with the original authmech. |
authproxy-rimap-host [<no default>] | The remote host to be contacted by the rimap authentication mechanism. The argument can be a hostname (imap.foo.bar) or a dotted-quad IP address (192.168.0.1). The latter is useful if the remote server is multi-homed and has network interfaces that are unreachable from the local IMAP server. The remote host is contacted on the imap service port. A nondefault port can be specified by appending a forward slash and the port name or number to the host argument. |
authproxy-pam-service [authproxyd] | The service name for PAM authentication. Setting this value to a predefined PAM service allows IMAP and POP users to authenticate with the same credentials used to authenticate via the defined service, i.e., login allows users who can physically log into the machine to be authenticated via authproxyd. |
storemgr [-f config_file] |
storemgr is a daemon process that manages the collection of protocol, authentication and database management server processes that make up the message store. It is the primary control daemon for the store, managing starting, restarting and shutting down the entire message store. Running storemgr starts the store manager, which subsequently starts all of the other store processes. Once started, store processes are monitored and restarted in the event that one of them terminates outside of storemgr control.
storemgr must be run as the superuser and is normally invoked from the rc.m-store boot script. The rc.m-store should be used as the command line interface for performing control operations for the store, rather than using the signal-based control support provided by the store manager.
Option | Description |
|---|---|
-f config_file | Specify an alternate location for the M-Store configuration file. |
SIGTERM stops the store. This causes all managed processes to be terminated.
SIGHUP restarts the store. This causes all managed server processes to be stopped and then re-started.
authproxyd, “Authentication Server (authproxyd) ” in Chapter 11
imapd, “M-Store Message Server (imapd)” in Chapter 11
lmtpd, “LMTP Delivery Server (lmtpd)” in Chapter 11
ms.conf, “Message Store Configuration (ms.conf)” in Chapter 10
msdb_checkpoint, “Database Checkpoint Tool (msdb_checkpoint)” in Chapter 12
msdb_test, “Database Test Tool (msdb_test)” in Chapter 12
pop3d, “POP3 Message Service (pop3d)” in Chapter 11
rc.m-store, “Message Store Configuration (ms.conf)” in Chapter 10
Generally, filesystem parameters are system specific. However, M-Store is designed to run without any difficulty using the default system settings of any standard installation.
In deciding the number of inodes for a given partition, it is generally assumed that there should be eight (8) i nodes per mailbox. Additionally, one (1) inode should be assumed for each message. With these assumptions, the administrator can determine an adequate level of inodes for optimum performance.
When an existing partition is running low on free space or the need for additional partitions occurs, perform the following:
Install a new hard disk drive and mount the new filesystem. See your system documentation for assistance in this area. Let's assume the file system is mounted at /d/d2.
Enter the following commands:
mkdir /d/d2/mailstore
chown sms:sms /d/d2/mailstore
vi /etc/md/store/ms.conf
Add the mailstore name/path and a rule so the new partition is used. For example:
mailstore ms2 /d/d2/mailstore
ms_assignment_policy bytes_free ms1 ms2
HUP the server to reread the ms.conf file as follows:
kill -1 'cat /var/md/store/run/imapd.lock'
Only the Linux platform requires a change to the system parameters. The default Linux OS configuration disables synchronous meta-data updates in the ext2fs filesystem. This is a serious design flaw that can make it impossible for fsck to recover filesystem data after a system crash. We strongly recommend that Linux sites add the sync option to all ext2fs entries in /etc/fstab.
Reboot the server for this change to take effect.