GNU Mailutils
	General-Purpose Mail Package	Official GNU Software

• Main
• Downloads
• Documentation
• Wiki

3.2.13.2 The server Statement

Syntax:

server ipaddr[:port] {
  # Run this server as a single process.
  single-process bool;
  
  # Log the session transcript.
  transcript bool;

  # Set idle timeout.
  timeout time;

  # Size of the queue of pending connections
  backlog <number: callback>;

  # Kind of TLS encryption to use for this server.
  tls-mode ‘no’|‘ondemand’|‘required’|‘connection’;

  tls {
    # Specify SSL certificate file.
    ssl-certificate-file string;
    # Specify SSL certificate key file.
    ssl-key-file file;
    # Specify trusted CAs file.
    ssl-ca-file file;
    # Set the priorities to use on the ciphers, methods, etc.
    ssl-priorities string;
    # Set timeout for I/O operations during TLS handshake (seconds).
    handshake-timeout n;
  }
  
  # Set server specific ACLs.
  acl { /* See ACL Statement. */ };
}

Description:

The server block statement configures a single TCP or UDP server. It takes effect only in daemon mode (see server mode). The argument to this statement specifies the IP address, and, optionally, the port, to listen on for requests. The ipaddr part is either an IPv4 address in dotted-quad form, or a IPv6 address enclosed in square brackets, or a symbolic host name which can be resolved to such an address. Specifying ‘0.0.0.0’ as the ipaddr means listen on all available network interfaces. The port argument is either a port number in decimal, or a symbolic service name, as listed in /etc/services (see Internet network services list in services(5) man page). If port is omitted, Mailutils uses the port set by port statement (see port), or, in its absence, the default port number, which depends on a server being used (e.g. 110, for pop3d, 143, for imap4d, etc.).

Any number of server statements may be specified in a single configuration file, allowing to set up the same service on several IP addresses and/or port numbers, and with different configurations.

Statements within the server block statement configure this particular server.

Configuration: single-process bool;

If set to true, this server will operate in single-process mode. This mode is intended for debugging only, do not use it on production servers.

Configuration: transcript bool;

Enable transcript of the client-server interaction. This may generate excessive amounts of logging, which in turn may slow down the operation considerably.

Session transcripts are useful in fine-tuning your configurations and in debugging. They should be turned off on most production servers.

Configuration: timeout time;

Set idle timeout for this server. This overrides the global timeout settings (see timeout).

Configuration: backlog number;

Configures the size of the queue of pending connections

Configuration: tls-mode mode;

Configure the use of TLS encryption. The mode argument is one of the following:

no

TLS is not used. The corresponding command (STLS, for POP3, STARTTLS, for IMAP4) won’t be available even if the TLS configuration is otherwise complete.

ondemand

TLS is initiated when the user issues the appropriate command. This is the default when TLS is configured.

required

Same as above, but the use of TLS is mandatory. The authentication state is entered only after TLS negotiation has succeeded.

connection

TLS is always forced when the connection is established. For pop3d this means using POP3S protocol (or IMAP4S, for imap4d).

Configuration: tls { ... }

The tls statement configures SSL certificate and key files, as well as other SSL settings for use in this server. It is used when tls-mode is set to any of the following values: ondemand, required, connection.

If tls-mode is set to any of the values above and tls section is absent, settings from the global tls section will be used. In this case, it is an error if the global tls section is not defined.

See tls statement, for a discussion of its syntax.

Configuration: acl

This statement defines a per-server Access Control List. Its syntax is as described in ACL Statement. Per-server ACLs complement, but not override, global ACLs, i.e. if both global ACL and per-server ACL are used, the connection is allowed only if both of them allow it, and is denied if any one of them denies it.