############################################################## # SERVER SETTINGS # IP Address to bind to (empty for ANY) # Set to ::1 or 127.0.0.1 if connections should only come from localhost # and through the webserver proxy #server_bind = # Accept Unix pipe connections (not recommended to disable) server_pipe_enabled = yes # Unix socket location server_pipe_name = /var/run/kopano/server.sock # Priority Unix socket location server_pipe_priority = /var/run/kopano/prio.sock # Name for identifying the server in a multi-server environment server_name = Kopano # Override the hostname of this server, used by Kerberos SSO if enabled server_hostname = # Database engine (mysql) database_engine = mysql # Allow connections from normal users through the Unix socket allow_local_users = yes # local admin users who can connect to any store (use this for the kopano-dagent) # field is SPACE separated # eg: local_admin_users = root vmail #local_admin_users = root kopano local_admin_users = root alias # The user has full rights on a folder by default, uncomment the following line to disable this. # owner_auto_full_access = false owner_auto_full_access = true # e-mail address of the Kopano System user system_email_address = postmaster@localhost # drop privileges and run the process as this user #run_as_user = kopano # drop privileges and run the process as this group #run_as_group = kopano # create a pid file for stopping the service via the init.d scripts #pid_file = /var/run/kopano/server.pid # run server in this path (when not using the -F switch) #running_path = /var/lib/kopano # Use given allocator library. Values like libtcmalloc.so.4, # libtcmalloc_minimal.so.4 and libjemalloc.so.2 would work. #allocator_library = default # create memory coredumps upon crash [no, systemdefault, yes] #coredump_enabled = systemdefault # session timeout for clients. Values lower than 300 will be upped to 300 # automatically. If the server hears nothing from a client in session_timeout # seconds, then the session is killed. session_timeout = 300 # for temporary files # consider mounting a `tmpfs' underneath this path (wherever you # point it to) tmp_path = /tmp ############################################################## # LOG SETTINGS # Logging method (syslog, file), syslog facility is 'mail' log_method = file # Logfile (for log_method = file, '-' for stderr) log_file = /var/log/kopano/server.log # Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug)) #log_level = 3 # Log timestamp - prefix each log line with timestamp in 'file' logging mode log_timestamp = 1 # Buffer logging in what sized blocks. 0 for line-buffered (syslog-style). #log_buffer_size = 0 ############################################################## # AUDIT LOG SETTINGS # Audit logging is by default not enabled audit_log_enabled = no # Audit logging method (syslog, file), syslog facility is 'authpriv' audit_log_method = syslog # Audit logfile (for log_method = file, '-' for stderr) audit_log_file = /var/log/kopano/audit.log # Audit loglevel (0=no logging, 1=full logging) audit_log_level = 1 # Audit log timestamp - prefix each log line with timestamp in 'file' logging mode audit_log_timestamp = 1 ############################################################## # MYSQL SETTINGS (for database_engine = mysql) # MySQL hostname to connect to for database access mysql_host = localhost # MySQL port to connect with (usually 3306) mysql_port = 3306 # The user under which we connect with MySQL mysql_user = zarafa # The password for the user (leave empty for no password) mysql_password = %mysql_passwd% # Override the default MySQL socket to access mysql locally # Works only if the mysql_host value is empty or 'localhost' #mysql_socket = mysql_socket = /var/run/mysql/mysql.sock # Database to connect to mysql_database = zarafa # Where to place attachments. Value can be 'database', 'files' or 's3' attachment_storage = files # Enable fsync as method to make sure attachments are stored on disk where # supported and will not be buffered by OS and/or filesystem. Please note # this setting will lower attachment write performance depending on your # environment but enhances data safety with disaster recovery. # Only affects 'files' attachment storage backend. attachment_files_fsync = yes # When attachment_storage is 'files', use this path to store the files # When attachment_storage is 's3', use this path to set a prefix to all # attachment data of a certain cluster, for example 'attach' attachment_path = /home/system/kopano # Compression level for attachments when attachment_storage is 'files'. # Set compression level for attachments disabled=0, max=9 attachment_compression = 6 ############################################################## # S3 STORAGE SETTINGS (for attachment_storage = s3) # The hostname of the entry point to the S3 cloud where the bucket is located # If you are using miniio or an other S3 compatible implementation that # is using another port, you can specify the port with hostname:port. #attachment_s3_hostname = s3-eu-west-1.amazonaws.com # The region where the bucket is located #attachment_s3_region = eu-west-1 # The protocol that should be used to connect to S3, 'http' or 'https' (preferred) #attachment_s3_protocol = https # The URL style of the bucket, "virtualhost" or "path" #attachment_s3_uristyle = virtualhost # The access key id of your S3 account #attachment_s3_accesskeyid = # The secret access key of your S3 account #attachment_s3_secretaccesskey = # The bucket name in which the files will be stored #attachment_s3_bucketname = ############################################################## # SSL SETTINGS # Required Server certificate, contains the certificate and the private key parts server_ssl_key_file = /usr/webint/ssl/server.pem # Password of Server certificate server_ssl_key_pass = replace-with-server-cert-password # Required Certificate Authority of server server_ssl_ca_file = /usr/webint/ssl/server.crt # Path with CA certificates, e.g. /etc/ssl/certs server_ssl_ca_path = # SSL protocols to use, space-separated list of protocols # (SSLv3 TLSv1 TLSv1.1 TLSv1.2); prefix with ! to lock out a protocol. #server_ssl_protocols = # SSL ciphers to use, set to 'ALL' for backward compatibility server_ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL # Prefer the server's order of SSL ciphers over client's server_ssl_prefer_server_ciphers = no # Path of SSL Public keys of clients sslkeys_path = /etc/kopano/sslkeys ############################################################## # THREAD SETTINGS # Number of server threads # default: 8 #threads = 8 threads = 16 # Watchdog frequency. The number of watchdog checks per second. # default: 1 watchdog_frequency = 1 # Watchdog max age. The maximum age in ms of a task before a # new thread is started. # default: 500 watchdog_max_age = 500 # Maximum SOAP keep_alive value # default: 100 server_max_keep_alive_requests = 100 # SOAP recv timeout value (time between requests) # default: 5 server_recv_timeout = 5 # SOAP read timeout value (time during requests) # default: 60 server_read_timeout = 60 # SOAP send timeout value # default: 60 server_send_timeout = 60 ############################################################## # OTHER SETTINGS # Softdelete clean cycle (in days) 0=never running # softdelete_lifetime = 30 # (SYN-3 uses a cronjob) softdelete_lifetime = 0 # Sync lifetime, removes all changes remembered for a client after x days of inactivity sync_lifetime = 90 # Set to 'yes' if you have Kerberos or NTLM correctly configured for single sign-on enable_sso = no # Set to 'yes' if you want to show the GAB to your users enable_gab = yes # Authentication can be through plugin (default, recommended), pam or kerberos auth_method = plugin # If auth_method is set to pam, you should provide the pam service name pam_service = passwd ############################################################# # CACHE SETTINGS # # To see the live cache usage, use 'kopano-stats --system'. #SYN-3 caching config for around 1000 users. # Size in bytes of the 'cell' cache (should be set as high as you can afford to set it) #cache_cell_size = 256M # around 25% of total RAM size cache_cell_size = 1G # Size in bytes of the 'object' cache #cache_object_size = 16M # about 100kb per user cache_object_size = 100M # Size in bytes of the 'indexed object' cache #cache_indexedobject_size = 32M # about 512kb per user cache_indexedobject_size = 512M # Size in bytes of the userquota details cache_quota_size = 1M # Lifetime for userquota details cache_quota_lifetime = 1 # Size in bytes of the acl cache cache_acl_size = 1M # Size in bytes of the store id/guid cache #cache_store_size = 1M cache_store_size=512M # Size in bytes of the 'user id' cache (this is allocated twice) cache_user_size = 1M # Size in bytes of the 'user details' cache cache_userdetails_size = 25M # Lifetime for user details cache_userdetails_lifetime = 0 # Size in bytes of the server details (multiserver setups only) cache_server_size = 1M # Lifetime for server details (multiserver setups only) cache_server_lifetime = 30 ############################################################## # QUOTA SETTINGS # The default Warning Quota Level. Set to 0 to disable this level. # The user will receive an email when this level is reached. Value is in Mb. Default value is 0. quota_warn = 0 # The default Soft Quota Level. Set to 0 to disable this level. # The user will still receive mail, but sending new mail is prohibited, until objects are removed from the store. # VALUE is in Mb. Default value is 0. quota_soft = 0 # The default Hard Quota Level. Set to 0 to disable this level. # The user can not receive and send mail, until objects are removed from the store. # Value is in Mb. Default value is 0. quota_hard = 0 # The default Warning Quota Level for multitenant public stores. Set to 0 to disable this level. # The tenant administrator will receive an email when this level is reached. Value is in Mb. Default value is 0. companyquota_warn = 0 ############################################################## # USER PLUGIN SETTINGS # Name of the plugin that handles users # Required, default = db # Values: ldap, unix, db user_plugin = ldap # configuration file of the user plugin, examples can be found in /usr/share/doc/kopano/example-config user_plugin_config = /etc/kopano/ldap.cfg # scripts which create stores for users from an external source # used for ldap and unix plugins only createuser_script = /etc/kopano/userscripts/createuser deleteuser_script = /etc/kopano/userscripts/deleteuser creategroup_script = /etc/kopano/userscripts/creategroup deletegroup_script = /etc/kopano/userscripts/deletegroup createcompany_script = /etc/kopano/userscripts/createcompany deletecompany_script = /etc/kopano/userscripts/deletecompany # Set this option to 'yes' to skip the creation and deletion of new users # The action will be logged, so you can see if your changes to the plugin # configuration are correct. user_safe_mode = no ############################################################## # MISC SETTINGS # Enable multi-tenancy environment # When set to true it is possible to create tenants within the # kopano instance and assign all users and groups to particular # tenants. # When set to false, the normal single-tenancy environment is created. enable_hosted_kopano = false # Enable multi-server environment # When set to true it is possible to place users and tenants on # specific servers. # When set to false, the normal single-server environment is created. enable_distributed_kopano = false # Display format of store name # Allowed variables: # %u Username # %f Full name # %c Tenant's name # default: %f storename_format = %f # Loginname format (for Multi-tenancy installations) # When the user does not login through a system-wide unique # username (like the email address) a unique name is created # by combining the username and the tenantname. # With this configuration option you can set how the # loginname should be built up. # # Note: Do not use the = character in the format. # # Allowed variables: # %u Username # %c Teantname # # default: %u loginname_format = %u # Everyone is a special internal group, which contains every user and group # You may want to disable this group from the Global Addressbook by setting # this option to 'yes'. Administrators will still be able to see the group. hide_everyone = no # System is a special internal user, which has super-admin privileges # You may want to disable this user from the Global Addressbook by setting # this option to 'yes'. Administrators will still be able to see the user. hide_system = yes # Use Indexing service for faster searching. # Enabling this option requires the kopano-search service to # be running. search_enabled = yes # Path to the kopano-search service, this option is only required # if the server is going to make use of the indexing service. search_socket = file:///var/run/kopano/search.sock # Time (in seconds) to wait for a connection to the kopano-search service # before terminating the indexed search request. search_timeout = 10 # Allow enhanced ICS operations to speedup synchronization with cached profiles. # default: yes enable_enhanced_ics = yes # SQL Procedures allow for some optimized queries when streaming with enhanced ICS. # This is default disabled because you must set 'thread_stack = 256k' in your # MySQL server config under the [mysqld] tag and restart your MySQL server. #enable_sql_procedures = no enable_sql_procedures = yes # Synchronize GAB users on every open of the GAB (otherwise, only on # kopano-admin --sync) sync_gab_realtime = yes # Disable features for users. This list is space separated. # Currently valid values: imap pop3 mobile outlook #disabled_features = imap pop3 disabled_features = # Maximum number of deferred records in total max_deferred_records = 0 # Maximum number of deferred records per folder max_deferred_records_folder = 20 # Restrict the permissions that admins receive to folder permissions only. Please # read the server.cfg manpage before enabling this option so you really understand # the implications restrict_admin_permissions = no # The maximum level of attachment recursion; Defines the number of # attachment-in-attachment in-attachment levels are allowed when saving and # replicating objects in the database. If you really want a higher level of # recursion than about 20, you probably have to increase MySQL's stack_size # to allow replication to work properly. embedded_attachment_limit = 20 # Header to detect whether a connection has been received through a proxy. The # value of the header is not inspected. If the header exists then the connection # is taken to be received via a proxy. An empty value disables proxy detection # and the value of '*' is used to indicate that all connections are proxied proxy_header = # Enable/disable reminders for shared stores shared_reminders = yes