maybe chmod 0644 'config-archive/etc/conf.d/keymaps,v'
maybe chmod 0644 'config-archive/etc/conf.d/keymaps.1'
maybe chmod 0644 'config-archive/etc/conf.d/keymaps.dist'
+maybe chmod 0644 'config-archive/etc/conf.d/lm_sensors'
+maybe chmod 0644 'config-archive/etc/conf.d/lm_sensors.dist'
maybe chmod 0644 'config-archive/etc/conf.d/modules,v'
maybe chmod 0644 'config-archive/etc/conf.d/mysql,v'
maybe chmod 0644 'config-archive/etc/conf.d/mysql.dist.new'
maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl'
maybe chmod 0644 'config-archive/etc/courier-imap/imapd-ssl,v'
maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.1'
+maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.2'
maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.dist'
-maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.dist.new'
maybe chmod 0600 'config-archive/etc/courier-imap/imapd.1'
+maybe chmod 0600 'config-archive/etc/courier-imap/imapd.2'
maybe chmod 0600 'config-archive/etc/courier-imap/imapd.dist'
maybe chmod 0600 'config-archive/etc/courier-imap/pop3d'
maybe chmod 0644 'config-archive/etc/courier-imap/pop3d,v'
maybe chmod 0644 'config-archive/etc/courier-imap/pop3d-ssl,v'
maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.1'
maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.dist'
-maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.dist.new'
maybe chmod 0600 'config-archive/etc/courier-imap/pop3d.dist'
maybe chmod 0755 'config-archive/etc/courier/authlib'
maybe chmod 0660 'config-archive/etc/courier/authlib/authdaemonrc'
maybe chmod 0644 'config-archive/etc/genkernel.conf.dist'
maybe chmod 0644 'config-archive/etc/hosts'
maybe chmod 0644 'config-archive/etc/hosts,v'
-maybe chmod 0644 'config-archive/etc/hosts.dist.new'
+maybe chmod 0644 'config-archive/etc/hosts.1'
+maybe chmod 0644 'config-archive/etc/hosts.dist'
maybe chmod 0755 'config-archive/etc/init.d'
maybe chmod 0755 'config-archive/etc/init.d/apache2,v'
maybe chmod 0755 'config-archive/etc/init.d/atd,v'
maybe chmod 0644 'config-archive/etc/mc/mc.menu,v'
maybe chmod 0644 'config-archive/etc/mdadm.conf'
maybe chmod 0644 'config-archive/etc/mdadm.conf,v'
+maybe chmod 0644 'config-archive/etc/mdadm.conf.1'
maybe chmod 0644 'config-archive/etc/mdadm.conf.dist'
maybe chmod 0644 'config-archive/etc/mke2fs.conf,v'
maybe chmod 0644 'config-archive/etc/mlocate-cron.conf,v'
maybe chmod 0644 'config-archive/etc/postfix/master.cf.dist.new'
maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients'
maybe chmod 0644 'config-archive/etc/postfix/postgrey_whitelist_clients,v'
-maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients.dist.new'
+maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients.dist'
maybe chmod 0644 'config-archive/etc/postfix/saslpass,v'
maybe chmod 0644 'config-archive/etc/procmailrc,v'
maybe chmod 0644 'config-archive/etc/procmailrc.dist.new'
maybe chmod 0644 'config-archive/etc/rc.conf.4'
maybe chmod 0644 'config-archive/etc/rc.conf.5'
maybe chmod 0644 'config-archive/etc/rc.conf.6'
+maybe chmod 0644 'config-archive/etc/rc.conf.7'
maybe chmod 0644 'config-archive/etc/rc.conf.dist'
maybe chmod 0755 'config-archive/etc/reoback'
maybe chmod 0644 'config-archive/etc/reoback/files.conf'
maybe chmod 0644 'config-archive/etc/sensors3.conf,v'
maybe chmod 0644 'config-archive/etc/services'
maybe chmod 0644 'config-archive/etc/services,v'
-maybe chmod 0644 'config-archive/etc/services.dist.new'
+maybe chmod 0644 'config-archive/etc/services.dist'
maybe chmod 0755 'config-archive/etc/skel'
maybe chmod 0644 'config-archive/etc/skel/.bash_logout'
maybe chmod 0644 'config-archive/etc/skel/.bash_logout.dist.new'
-# Generated by sensors-detect on Tue Jul 24 10:07:08 2012
-# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
-# be loaded/unloaded.
-#
-# The format of this file is a shell script that simply defines variables:
-# HWMON_MODULES for hardware monitoring driver modules, and optionally
-# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
+# /etc/conf.d/lm_sensors
# Load modules at startup
LOADMODULES=yes
# You should use BUS_MODULES and HWMON_MODULES instead if possible.
MODULE_0=w83627ehf
+
+# NOTE:
+# For module loading please use /etc/modules-load.d/lm_sensors.conf
--- /dev/null
+# Generated by sensors-detect on Tue Jul 24 10:07:08 2012
+# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
+# be loaded/unloaded.
+#
+# The format of this file is a shell script that simply defines variables:
+# HWMON_MODULES for hardware monitoring driver modules, and optionally
+# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
+
+# Load modules at startup
+LOADMODULES=yes
+
+# Initialize sensors at startup
+INITSENSORS=yes
+
+HWMON_MODULES="w83627ehf"
+
+# For compatibility reasons, modules are also listed individually as variables
+# MODULE_0, MODULE_1, MODULE_2, etc.
+# Please note that the numbers in MODULE_X must start at 0 and increase in
+# steps of 1. Any number that is missing will make the init script skip the
+# rest of the modules. Use MODULE_X_ARGS for arguments.
+#
+# You should use BUS_MODULES and HWMON_MODULES instead if possible.
+
+MODULE_0=w83627ehf
--- /dev/null
+# /etc/conf.d/lm_sensors
+
+# NOTE:
+# For module loading please use /etc/modules-load.d/lm_sensors.conf
-##VERSION: $Id: imapd.dist.in,v 1.41 2008/06/21 16:01:23 mrsam Exp $
+##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$
#
# imapd created from imapd.dist by sysconftool
#
IMAP_MOVE_EXPUNGE_TO_TRASH=0
+##NAME: IMAP_LOG_DELETIONS:0
+#
+#
+# Set IMAP_LOG_DELETIONS to log all message deletions to syslog.
+#
+# IMAP_LOG_DELETIONS=1
+
+##NAME: IMAPDEBUGFILE:0
+#
+# IMAPDEBUGFILE="imaplog.dat"
+#
+# Generate diagnostic logging of IMAP commands.
+#
+# Set this globally, restart the server. Touch this file in an account's
+# maildir directory, and Courier-IMAP will append all IMAP commands received
+# for new sessions for this account. NOTE: existing IMAP sessions are not
+# affected, only new IMAP logins.
+
##NAME: OUTBOX:0
#
HEADERFROM=X-IMAP-Sender
+##NAME: ID_FIELDS:0
+#
+# Have the server be polite, and identify its version to the client. The client
+# must be logged in before the server will identify itself. Additionally,
+# the client will mutually supply its own software version, and the server will
+# log it.
+#
+# Although the server's banner message identifies itself, in free-form manner,
+# this the ID IMAP extension, for clients to log.
+#
+# IMAP_ID_FIELDS is the sum of the following values:
+#
+# 1 - identify the version of the IMAP server
+# 2 - identify the operating system (if available)
+# 4 - identify the operating system release (if available)
+#
+# A value of 0 identifies the server software only.
+#
+# Uncomment this setting to enable the IMAP ID extension. One reason you might
+# want to enable it is to log the clients' software version. Enabling this
+# setting will mutually log the client's software, in the system logs.
+#
+# IMAP_ID_FIELDS=0
+
##NAME: OUTBOX_MULTIPLE_SEND:0
#
# Remove the following comment to allow a COPY of more than one message to
-##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $
+##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$
#
# imapd-ssl created from imapd-ssl.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
-# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for
+# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file sets various options for the Courier-IMAP server
COURIERTLS=/usr/sbin/couriertls
+##NAME: TLS_PRIORITY:0
+#
+# GnuTLS setting only
+#
+# Set TLS protocol priority settings (GnuTLS only)
+#
+# DEFAULT: NORMAL:-CTYPE-OPENPGP
+#
+# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP"
+
##NAME: TLS_PROTOCOL:0
#
# TLS_PROTOCOL sets the protocol version. The possible versions are:
#
# OpenSSL:
#
-# SSL2 - SSLv2
# SSL3 - SSLv3
-# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems)
+# SSL23 - all protocols (including TLS 1.x protocols)
# TLS1 - TLS1
+# TLSv1.1 - TLS1.1
+# TLSv1.2 - TLS1.2
#
# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST
# setting, below.
# DEFAULT VALUES:
#
# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS)
-TLS_PROTOCOL="SSL3"
+TLS_PROTOCOL="SSL23"
##NAME: TLS_STARTTLS_PROTOCOL:0
#
#
# OpenSSL:
#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-#
-# To enable SSL2, remove the obvious "!SSLv2" part from the above list.
-#
+# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
+TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH"
#
# GnuTLS:
#
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
# is not included
# ALL -- all ciphers except the NULL cipher
+#
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
##NAME: TLS_MIN_DH_BITS:0
#
# This is supposed to be an inactivity timeout, but its not yet implemented.
#
-##NAME: TLS_DHCERTFILE:0
-#
-# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate.
-# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
-# you must generate a DH pair that will be used. In most situations the
-# DH pair is to be treated as confidential, and the file specified by
-# TLS_DHCERTFILE must not be world-readable.
-#
-# TLS_DHCERTFILE=
-
##NAME: TLS_CERTFILE:0
#
# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
TLS_CERTFILE=/etc/courier-imap/imapd.pem
+##NAME: TLS_DHPARAMS:0
+#
+# TLS_DHPARAMS - DH parameter file.
+#
+TLS_DHPARAMS=/etc/ssl/dhparams.pem
+
##NAME: TLS_TRUSTCERTS:0
#
# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
-##VERSION: $Id: imapd-ssl,v 1.3 2010/10/05 17:35:41 root Exp $
+##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $
#
# imapd-ssl created from imapd-ssl.dist by sysconftool
#
#
# OpenSSL:
#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH"
+# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
# To enable SSL2, remove the obvious "!SSLv2" part from the above list.
#
--- /dev/null
+##VERSION: $Id: imapd-ssl,v 1.3 2010/10/05 17:35:41 root Exp $
+#
+# imapd-ssl created from imapd-ssl.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# This configuration file sets various options for the Courier-IMAP server
+# when used to handle SSL IMAP connections.
+#
+# SSL and non-SSL connections are handled by a dedicated instance of the
+# couriertcpd daemon. If you are accepting both SSL and non-SSL IMAP
+# connections, you will start two instances of couriertcpd, one on the
+# IMAP port 143, and another one on the IMAP-SSL port 993.
+#
+# Download OpenSSL from http://www.openssl.org/
+#
+##NAME: SSLPORT:1
+#
+# Options in the imapd-ssl configuration file AUGMENT the options in the
+# imapd configuration file. First the imapd configuration file is read,
+# then the imapd-ssl configuration file, so we do not have to redefine
+# anything.
+#
+# However, some things do have to be redefined. The port number is
+# specified by SSLPORT, instead of PORT. The default port is port 993.
+#
+# Multiple port numbers can be separated by commas. When multiple port
+# numbers are used it is possibly to select a specific IP address for a
+# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900"
+# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1
+# The SSLADDRESS setting is a default for ports that do not have
+# a specified IP address.
+
+SSLPORT=993
+
+##NAME: SSLADDRESS:0
+#
+# Address to listen on, can be set to a single IP address.
+#
+# SSLADDRESS=127.0.0.1
+
+SSLADDRESS=0
+
+##NAME: SSLPIDFILE:0
+#
+# That's the SSL IMAP port we'll listen on.
+# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP.
+
+SSLPIDFILE=/var/run/imapd-ssl.pid
+
+##NAME: SSLLOGGEROPTS:0
+#
+# courierlogger(1) options.
+#
+
+SSLLOGGEROPTS="-name=imapd-ssl"
+
+##NAME: IMAPDSSLSTART:0
+#
+# Different pid files, so that both instances of couriertcpd can coexist
+# happily.
+#
+# You can also redefine IMAP_CAPABILITY, although I can't
+# think of why you'd want to do that.
+#
+#
+# Ok, the following settings are new to imapd-ssl:
+#
+# Whether or not to start IMAP over SSL on simap port:
+
+IMAPDSSLSTART=NO
+
+##NAME: IMAPDSTARTTLS:0
+#
+# Whether or not to implement IMAP STARTTLS extension instead:
+
+IMAPDSTARTTLS=YES
+
+##NAME: IMAP_TLS_REQUIRED:1
+#
+# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
+# is issued).
+
+IMAP_TLS_REQUIRED=0
+
+
+#########################################################################
+#
+# The following variables configure IMAP over SSL. If OpenSSL or GnuTLS
+# is available during configuration, the couriertls helper gets compiled, and
+# upon installation a dummy TLS_CERTFILE gets generated.
+#
+# WARNING: Peer certificate verification has NOT yet been tested. Proceed
+# at your own risk. Only the basic SSL/TLS functionality is known to be
+# working. Keep this in mind as you play with the following variables.
+#
+##NAME: COURIERTLS:0
+#
+
+COURIERTLS=/usr/sbin/couriertls
+
+##NAME: TLS_PROTOCOL:0
+#
+# TLS_PROTOCOL sets the protocol version. The possible versions are:
+#
+# OpenSSL:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems)
+# TLS1 - TLS1
+#
+# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST
+# setting, below.
+#
+# GnuTLS:
+#
+# SSL3 - SSLv3
+# TLS1 - TLS 1.0
+# TLS1_1 - TLS 1.1
+#
+# When compiled against GnuTLS, multiple protocols can be selected as follows:
+#
+# TLS_PROTOCOL="TLS1_1:TLS1:SSL3"
+#
+# DEFAULT VALUES:
+#
+# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS)
+TLS_PROTOCOL="SSL3"
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+#
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
+#
+# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL
+TLS_STARTTLS_PROTOCOL=TLS1
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# OpenSSL:
+#
+# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH"
+#
+# To enable SSL2, remove the obvious "!SSLv2" part from the above list.
+#
+#
+# GnuTLS:
+#
+# TLS_CIPHER_LIST="HIGH:MEDIUM"
+#
+# The actual list of available ciphers depend on the options GnuTLS was
+# compiled against. The possible ciphers are:
+#
+# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
+#
+# Also, the following aliases:
+#
+# HIGH -- all ciphers that use more than a 128 bit key size
+# MEDIUM -- all ciphers that use a 128 bit key size
+# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
+# is not included
+# ALL -- all ciphers except the NULL cipher
+
+##NAME: TLS_MIN_DH_BITS:0
+#
+# TLS_MIN_DH_BITS=n
+#
+# GnuTLS only:
+#
+# Set the minimum number of acceptable bits for a DH key exchange.
+#
+# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
+# have been encountered that offer 512 bit keys. You may have to set
+# TLS_MIN_DH_BITS=512 here, if necessary.
+
+##NAME: TLS_KX_LIST:0
+#
+# GnuTLS only:
+#
+# Allowed key exchange protocols. The default of "ALL" should be sufficient.
+# The list of supported key exchange protocols depends on the options GnuTLS
+# was compiled against, but may include the following:
+#
+# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT
+
+TLS_KX_LIST=ALL
+
+##NAME: TLS_COMPRESSION:0
+#
+# GnuTLS only:
+#
+# Optional compression. "ALL" selects all available compression methods.
+#
+# Available compression methods: DEFLATE, LZO, NULL
+
+TLS_COMPRESSION=ALL
+
+##NAME: TLS_CERTS:0
+#
+# GnuTLS only:
+#
+# Supported certificate types are X509 and OPENPGP.
+#
+# OPENPGP has not been tested
+
+TLS_CERTS=X509
+
+##NAME: TLS_TIMEOUT:0
+# TLS_TIMEOUT is currently not implemented, and reserved for future use.
+# This is supposed to be an inactivity timeout, but its not yet implemented.
+#
+
+##NAME: TLS_DHCERTFILE:0
+#
+# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used. In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+# TLS_DHCERTFILE=
+
+##NAME: TLS_CERTFILE:0
+#
+# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
+# instead of TLS_DHCERTFILE if this is a garden-variety certificate
+#
+# VIRTUAL HOSTS (servers only):
+#
+# Due to technical limitations in the original SSL/TLS protocol, a dedicated
+# IP address is required for each virtual host certificate. If you have
+# multiple certificates, install each certificate file as
+# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address
+# for the certificate's domain name. So, if TLS_CERTFILE is set to
+# /etc/certificate.pem, then you'll need to install the actual certificate
+# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3
+# and so on, for each IP address.
+#
+# GnuTLS only (servers only):
+#
+# GnuTLS implements a new TLS extension that eliminates the need to have a
+# dedicated IP address for each SSL/TLS domain name. Install each certificate
+# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem,
+# then you'll need to install the actual certificate files as
+# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com
+# and so on.
+#
+# Note that this TLS extension also requires a corresponding support in the
+# client. Older SSL/TLS clients may not support this feature.
+#
+# This is an experimental feature.
+
+TLS_CERTFILE=/etc/courier-imap/imapd.pem
+
+##NAME: TLS_TRUSTCERTS:0
+#
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+
+TLS_TRUSTCERTS=/etc/ssl/certs
+
+##NAME: TLS_VERIFYPEER:0
+#
+# TLS_VERIFYPEER - how to verify client certificates. The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the client certificate, if one's presented
+#
+# REQUIREPEER - require a client certificate, fail if one's not presented
+#
+#
+TLS_VERIFYPEER=NONE
+
+
+##NAME: TLS_EXTERNAL:0
+#
+# To enable SSL certificate-based authentication:
+#
+# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate
+# authority's SSL certificate
+#
+# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings
+# requires all SSL clients to present a certificate, and rejects
+# SSL/TLS connections without a valid cert).
+#
+# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID.
+# Example:
+#
+# TLS_EXTERNAL=emailaddress
+#
+# The above example retrieves the login ID from the "emailaddress" subject
+# field. The certificate's emailaddress subject must match exactly the login
+# ID in the courier-authlib database.
+
+##NAME: TLS_CACHE:0
+#
+# A TLS/SSL session cache may slightly improve response for IMAP clients
+# that open multiple SSL sessions to the server. TLS_CACHEFILE will be
+# automatically created, TLS_CACHESIZE bytes long, and used as a cache
+# buffer.
+#
+# This is an experimental feature and should be disabled if it causes
+# problems with SSL clients. Disable SSL caching by commenting out the
+# following settings:
+
+TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
+TLS_CACHESIZE=524288
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+# Hardwire a value for ${MAILDIR}
+MAILDIR=.maildir
+MAILDIRPATH=.maildir
-##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $
+##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$
#
# imapd-ssl created from imapd-ssl.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
-# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for
+# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file sets various options for the Courier-IMAP server
##NAME: SSLLOGGEROPTS:0
#
-# courierlogger(1) options.
+# courierlogger(1) options.
#
SSLLOGGEROPTS="-name=imapd-ssl"
COURIERTLS=/usr/sbin/couriertls
-##NAME: TLS_PROTOCOL:0
-#
-# TLS_PROTOCOL sets the protocol version. The possible versions are:
+##NAME: TLS_PRIORITY:0
#
-# OpenSSL:
+# GnuTLS setting only
#
-# SSL2 - SSLv2
-# SSL3 - SSLv3
-# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems)
-# TLS1 - TLS1
+# Set TLS protocol priority settings (GnuTLS only)
#
-# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST
-# setting, below.
+# DEFAULT: NORMAL:-CTYPE-OPENPGP
#
-# GnuTLS:
+# This setting is also used to select the available ciphers.
#
-# SSL3 - SSLv3
-# TLS1 - TLS 1.0
-# TLS1_1 - TLS 1.1
+# The actual list of available ciphers depend on the options GnuTLS was
+# compiled against. The possible ciphers are:
#
-# When compiled against GnuTLS, multiple protocols can be selected as follows:
+# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
#
-# TLS_PROTOCOL="TLS1_1:TLS1:SSL3"
+# Also, the following aliases:
#
-# DEFAULT VALUES:
+# HIGH -- all ciphers that use more than a 128 bit key size
+# MEDIUM -- all ciphers that use a 128 bit key size
+# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
+# is not included
+# ALL -- all ciphers except the NULL cipher
#
-# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS)
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
-##NAME: TLS_STARTTLS_PROTOCOL:0
-#
-# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
-# extension, as opposed to IMAP over SSL on port 993.
+##NAME: TLS_PROTOCOL:0
+#
+# TLS_PROTOCOL sets the protocol version. The possible versions are:
+#
+# OpenSSL:
+#
+# SSL3 - SSLv3
+# SSL23 - all protocols (including TLS 1.x protocols)
+# TLSv1 - TLS1
+# TLSv1.1 - TLS1.1
+# TLSv1.2 - TLS1.2
+#
+# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
+# higher protocols.
#
-# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL
+# The default value is TLSv1+
##NAME: TLS_CIPHER_LIST:0
#
#
# OpenSSL:
#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-#
-# To enable SSL2, remove the obvious "!SSLv2" part from the above list.
-#
+# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
# GnuTLS:
#
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
# is not included
# ALL -- all ciphers except the NULL cipher
-
-##NAME: TLS_MIN_DH_BITS:0
#
-# TLS_MIN_DH_BITS=n
-#
-# GnuTLS only:
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
#
-# Set the minimum number of acceptable bits for a DH key exchange.
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
#
-# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
-# have been encountered that offer 512 bit keys. You may have to set
-# TLS_MIN_DH_BITS=512 here, if necessary.
+# It takes the same values for OpenSSL as TLS_PROTOCOL
-##NAME: TLS_KX_LIST:0
-#
-# GnuTLS only:
+##NAME: TLS_CIPHER_LIST:0
#
-# Allowed key exchange protocols. The default of "ALL" should be sufficient.
-# The list of supported key exchange protocols depends on the options GnuTLS
-# was compiled against, but may include the following:
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
+# undefined
#
-# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT
-
-TLS_KX_LIST=ALL
-
-##NAME: TLS_COMPRESSION:0
+# OpenSSL:
#
-# GnuTLS only:
+# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
-# Optional compression. "ALL" selects all available compression methods.
#
-# Available compression methods: DEFLATE, LZO, NULL
-TLS_COMPRESSION=ALL
-
-##NAME: TLS_CERTS:0
+##NAME: TLS_MIN_DH_BITS:0
+#
+# TLS_MIN_DH_BITS=n
#
# GnuTLS only:
#
-# Supported certificate types are X509 and OPENPGP.
+# Set the minimum number of acceptable bits for a DH key exchange.
#
-# OPENPGP has not been tested
-
-TLS_CERTS=X509
+# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
+# have been encountered that offer 512 bit keys. You may have to set
+# TLS_MIN_DH_BITS=512 here, if necessary.
##NAME: TLS_TIMEOUT:0
# TLS_TIMEOUT is currently not implemented, and reserved for future use.
# This is supposed to be an inactivity timeout, but its not yet implemented.
#
-##NAME: TLS_DHCERTFILE:0
-#
-# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate.
-# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
-# you must generate a DH pair that will be used. In most situations the
-# DH pair is to be treated as confidential, and the file specified by
-# TLS_DHCERTFILE must not be world-readable.
-#
-# TLS_DHCERTFILE=
-
##NAME: TLS_CERTFILE:0
#
# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
TLS_CERTFILE=/etc/courier-imap/imapd.pem
+##NAME: TLS_DHPARAMS:0
+#
+# TLS_DHPARAMS - DH parameter file.
+#
+TLS_DHPARAMS=/usr/share/dhparams.pem
+
##NAME: TLS_TRUSTCERTS:0
#
# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
#
TLS_VERIFYPEER=NONE
-
##NAME: TLS_EXTERNAL:0
#
# To enable SSL certificate-based authentication:
+++ /dev/null
-##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$
-#
-# imapd-ssl created from imapd-ssl.dist by sysconftool
-#
-# Do not alter lines that begin with ##, they are used when upgrading
-# this configuration.
-#
-# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for
-# distribution information.
-#
-# This configuration file sets various options for the Courier-IMAP server
-# when used to handle SSL IMAP connections.
-#
-# SSL and non-SSL connections are handled by a dedicated instance of the
-# couriertcpd daemon. If you are accepting both SSL and non-SSL IMAP
-# connections, you will start two instances of couriertcpd, one on the
-# IMAP port 143, and another one on the IMAP-SSL port 993.
-#
-# Download OpenSSL from http://www.openssl.org/
-#
-##NAME: SSLPORT:1
-#
-# Options in the imapd-ssl configuration file AUGMENT the options in the
-# imapd configuration file. First the imapd configuration file is read,
-# then the imapd-ssl configuration file, so we do not have to redefine
-# anything.
-#
-# However, some things do have to be redefined. The port number is
-# specified by SSLPORT, instead of PORT. The default port is port 993.
-#
-# Multiple port numbers can be separated by commas. When multiple port
-# numbers are used it is possibly to select a specific IP address for a
-# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900"
-# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1
-# The SSLADDRESS setting is a default for ports that do not have
-# a specified IP address.
-
-SSLPORT=993
-
-##NAME: SSLADDRESS:0
-#
-# Address to listen on, can be set to a single IP address.
-#
-# SSLADDRESS=127.0.0.1
-
-SSLADDRESS=0
-
-##NAME: SSLPIDFILE:0
-#
-# That's the SSL IMAP port we'll listen on.
-# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP.
-
-SSLPIDFILE=/var/run/imapd-ssl.pid
-
-##NAME: SSLLOGGEROPTS:0
-#
-# courierlogger(1) options.
-#
-
-SSLLOGGEROPTS="-name=imapd-ssl"
-
-##NAME: IMAPDSSLSTART:0
-#
-# Different pid files, so that both instances of couriertcpd can coexist
-# happily.
-#
-# You can also redefine IMAP_CAPABILITY, although I can't
-# think of why you'd want to do that.
-#
-#
-# Ok, the following settings are new to imapd-ssl:
-#
-# Whether or not to start IMAP over SSL on simap port:
-
-IMAPDSSLSTART=NO
-
-##NAME: IMAPDSTARTTLS:0
-#
-# Whether or not to implement IMAP STARTTLS extension instead:
-
-IMAPDSTARTTLS=YES
-
-##NAME: IMAP_TLS_REQUIRED:1
-#
-# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
-# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
-# is issued).
-
-IMAP_TLS_REQUIRED=0
-
-
-#########################################################################
-#
-# The following variables configure IMAP over SSL. If OpenSSL or GnuTLS
-# is available during configuration, the couriertls helper gets compiled, and
-# upon installation a dummy TLS_CERTFILE gets generated.
-#
-# WARNING: Peer certificate verification has NOT yet been tested. Proceed
-# at your own risk. Only the basic SSL/TLS functionality is known to be
-# working. Keep this in mind as you play with the following variables.
-#
-##NAME: COURIERTLS:0
-#
-
-COURIERTLS=/usr/sbin/couriertls
-
-##NAME: TLS_PRIORITY:0
-#
-# GnuTLS setting only
-#
-# Set TLS protocol priority settings (GnuTLS only)
-#
-# DEFAULT: NORMAL:-CTYPE-OPENPGP
-#
-# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP"
-
-##NAME: TLS_PROTOCOL:0
-#
-# TLS_PROTOCOL sets the protocol version. The possible versions are:
-#
-# OpenSSL:
-#
-# SSL3 - SSLv3
-# SSL23 - all protocols (including TLS 1.x protocols)
-# TLS1 - TLS1
-# TLSv1.1 - TLS1.1
-# TLSv1.2 - TLS1.2
-#
-# Leave it unset to use any protocol except SSL 2.
-
-##NAME: TLS_CIPHER_LIST:0
-#
-# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
-# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
-# undefined
-#
-# OpenSSL:
-#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-#
-# GnuTLS:
-#
-# TLS_CIPHER_LIST="HIGH:MEDIUM"
-#
-# The actual list of available ciphers depend on the options GnuTLS was
-# compiled against. The possible ciphers are:
-#
-# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
-#
-# Also, the following aliases:
-#
-# HIGH -- all ciphers that use more than a 128 bit key size
-# MEDIUM -- all ciphers that use a 128 bit key size
-# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
-# is not included
-# ALL -- all ciphers except the NULL cipher
-#
-# See GnuTLS documentation, gnutls_priority_init(3) for additional
-# documentation.
-
-##NAME: TLS_STARTTLS_PROTOCOL:0
-#
-# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
-# extension, as opposed to IMAP over SSL on port 993.
-#
-# It takes the same values for OpenSSL as TLS_PROTOCOL
-
-##NAME: TLS_CIPHER_LIST:0
-#
-# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
-# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
-# undefined
-#
-# OpenSSL:
-#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-#
-#
-
-##NAME: TLS_MIN_DH_BITS:0
-#
-# TLS_MIN_DH_BITS=n
-#
-# GnuTLS only:
-#
-# Set the minimum number of acceptable bits for a DH key exchange.
-#
-# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
-# have been encountered that offer 512 bit keys. You may have to set
-# TLS_MIN_DH_BITS=512 here, if necessary.
-
-##NAME: TLS_TIMEOUT:0
-# TLS_TIMEOUT is currently not implemented, and reserved for future use.
-# This is supposed to be an inactivity timeout, but its not yet implemented.
-#
-
-##NAME: TLS_CERTFILE:0
-#
-# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
-# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
-# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
-# instead of TLS_DHCERTFILE if this is a garden-variety certificate
-#
-# VIRTUAL HOSTS (servers only):
-#
-# Due to technical limitations in the original SSL/TLS protocol, a dedicated
-# IP address is required for each virtual host certificate. If you have
-# multiple certificates, install each certificate file as
-# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address
-# for the certificate's domain name. So, if TLS_CERTFILE is set to
-# /etc/certificate.pem, then you'll need to install the actual certificate
-# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3
-# and so on, for each IP address.
-#
-# GnuTLS only (servers only):
-#
-# GnuTLS implements a new TLS extension that eliminates the need to have a
-# dedicated IP address for each SSL/TLS domain name. Install each certificate
-# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem,
-# then you'll need to install the actual certificate files as
-# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com
-# and so on.
-#
-# Note that this TLS extension also requires a corresponding support in the
-# client. Older SSL/TLS clients may not support this feature.
-#
-# This is an experimental feature.
-
-TLS_CERTFILE=/etc/courier-imap/imapd.pem
-
-##NAME: TLS_DHPARAMS:0
-#
-# TLS_DHPARAMS - DH parameter file.
-#
-TLS_DHPARAMS=/usr/share/dhparams.pem
-
-##NAME: TLS_TRUSTCERTS:0
-#
-# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
-# pathname can be a file or a directory. If a file, the file should
-# contain a list of trusted certificates, in PEM format. If a
-# directory, the directory should contain the trusted certificates,
-# in PEM format, one per file and hashed using OpenSSL's c_rehash
-# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
-# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
-# to PEER or REQUIREPEER).
-#
-
-TLS_TRUSTCERTS=/etc/ssl/certs
-
-##NAME: TLS_VERIFYPEER:0
-#
-# TLS_VERIFYPEER - how to verify client certificates. The possible values of
-# this setting are:
-#
-# NONE - do not verify anything
-#
-# PEER - verify the client certificate, if one's presented
-#
-# REQUIREPEER - require a client certificate, fail if one's not presented
-#
-#
-TLS_VERIFYPEER=NONE
-
-##NAME: TLS_EXTERNAL:0
-#
-# To enable SSL certificate-based authentication:
-#
-# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate
-# authority's SSL certificate
-#
-# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings
-# requires all SSL clients to present a certificate, and rejects
-# SSL/TLS connections without a valid cert).
-#
-# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID.
-# Example:
-#
-# TLS_EXTERNAL=emailaddress
-#
-# The above example retrieves the login ID from the "emailaddress" subject
-# field. The certificate's emailaddress subject must match exactly the login
-# ID in the courier-authlib database.
-
-##NAME: TLS_CACHE:0
-#
-# A TLS/SSL session cache may slightly improve response for IMAP clients
-# that open multiple SSL sessions to the server. TLS_CACHEFILE will be
-# automatically created, TLS_CACHESIZE bytes long, and used as a cache
-# buffer.
-#
-# This is an experimental feature and should be disabled if it causes
-# problems with SSL clients. Disable SSL caching by commenting out the
-# following settings:
-
-TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
-TLS_CACHESIZE=524288
-
-##NAME: MAILDIRPATH:0
-#
-# MAILDIRPATH - directory name of the maildir directory.
-#
-MAILDIRPATH=Maildir
-
-# Hardwire a value for ${MAILDIR}
-MAILDIR=.maildir
-MAILDIRPATH=.maildir
-##VERSION: $Id: imapd,v 1.2 2010/10/05 17:24:49 root Exp $
+##VERSION: $Id: imapd.dist.in,v 1.41 2008/06/21 16:01:23 mrsam Exp $
#
# imapd created from imapd.dist by sysconftool
#
--- /dev/null
+##VERSION: $Id: imapd,v 1.2 2010/10/05 17:24:49 root Exp $
+#
+# imapd created from imapd.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# This configuration file sets various options for the Courier-IMAP server
+# when used with the couriertcpd server.
+# A lot of the stuff here is documented in the manual page for couriertcpd.
+#
+# NOTE - do not use \ to split long variable contents on multiple lines.
+# This will break the default imapd.rc script, which parses this file.
+#
+##NAME: ADDRESS:0
+#
+# Address to listen on, can be set to a single IP address.
+#
+# ADDRESS=127.0.0.1
+
+ADDRESS=0
+
+##NAME: PORT:1
+#
+# Port numbers that connections are accepted on. The default is 143,
+# the standard IMAP port.
+#
+# Multiple port numbers can be separated by commas. When multiple port
+# numbers are used it is possible to select a specific IP address for a
+# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900"
+# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+# The previous ADDRESS setting is a default for ports that do not have
+# a specified IP address.
+
+PORT=143
+
+##NAME: AUTHSERVICE:0
+#
+# It's possible to authenticate using a different 'service' parameter
+# depending on the connection's port. This only works with authentication
+# modules that use the 'service' parameter, such as PAM. Example:
+#
+# AUTHSERVICE143=imap
+# AUTHSERVICE993=imaps
+
+##NAME: MAXDAEMONS:0
+#
+# Maximum number of IMAP servers started
+#
+
+MAXDAEMONS=40
+
+##NAME: MAXPERIP:0
+#
+# Maximum number of connections to accept from the same IP address
+
+MAXPERIP=10
+
+##NAME: PIDFILE:0
+#
+# File where couriertcpd will save its process ID
+#
+
+PIDFILE=/var/run/imapd.pid
+
+##NAME: TCPDOPTS:0
+#
+# Miscellaneous couriertcpd options that shouldn't be changed.
+#
+
+TCPDOPTS="-nodnslookup -noidentlookup"
+
+##NAME: LOGGEROPTS:0
+#
+# courierlogger(1) options.
+#
+
+LOGGEROPTS="-name=imapd"
+
+##NAME: DEFDOMAIN:0
+#
+# Optional default domain. If the username does not contain the
+# first character of DEFDOMAIN, then it is appended to the username.
+# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended
+# only if the username does not contain any character from DOMAINSEP.
+# You can set different default domains based on the the interface IP
+# address using the -access and -accesslocal options of couriertcpd(1).
+
+#DEFDOMAIN="@example.com"
+
+##NAME: IMAP_CAPABILITY:1
+#
+# IMAP_CAPABILITY specifies what most of the response should be to the
+# CAPABILITY command.
+#
+# If you have properly configured Courier to use CRAM-MD5, CRAM-SHA1, or
+# CRAM-SHA256 authentication (see INSTALL), set IMAP_CAPABILITY as follows:
+#
+# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
+#
+
+IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
+
+##NAME: KEYWORDS_CAPABILITY:0
+#
+# IMAP_KEYWORDS=1 enables custom IMAP keywords. Set this option to 0 to
+# disable custom keywords.
+#
+# IMAP_KEYWORDS=2 also enables custom IMAP keywords, but uses a slower
+# algorithm. Use this setting if keyword-related problems occur when
+# multiple IMAP clients are updating keywords on the same message.
+
+IMAP_KEYWORDS=1
+
+##NAME: ACL_CAPABILITY:0
+#
+# IMAP_ACL=1 enables IMAP ACL extension. Set this option to 0 to
+# disable ACL capabilities announce.
+
+IMAP_ACL=1
+
+##NAME: SMAP1_CAPABILITY:0
+#
+# EXPERIMENTAL
+#
+# To enable the experimental "Simple Mail Access Protocol" extensions,
+# uncomment the following setting.
+#
+# SMAP_CAPABILITY=SMAP1
+
+##NAME: IMAP_CAPABILITY_ORIG:2
+#
+# For use by webadmin
+
+IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
+
+##NAME: IMAP_PROXY:0
+#
+# Enable proxying. See README.proxy
+
+IMAP_PROXY=0
+
+##NAME: PROXY_HOSTNAME:0
+#
+# Override value from gethostname() when checking if a proxy connection is
+# required.
+#
+# PROXY_HOSTNAME=
+
+##NAME: IMAP_PROXY_FOREIGN:0
+#
+# Proxying to non-Courier servers. Re-sends the CAPABILITY command after
+# logging in to the remote server. May not work with all IMAP clients.
+
+IMAP_PROXY_FOREIGN=0
+
+##NAME: IMAP_IDLE_TIMEOUT:0
+#
+# This setting controls how often
+# the server polls for changes to the folder, in IDLE mode (in seconds).
+
+IMAP_IDLE_TIMEOUT=60
+
+##NAME: IMAP_MAILBOX_SANITY_CHECK:0
+#
+# Sanity check -- make sure home directory and maildir's ownership matches
+# the IMAP server's effective uid and gid
+
+IMAP_MAILBOX_SANITY_CHECK=1
+
+##NAME: IMAP_CAPABILITY_TLS:0
+#
+# The following setting will advertise SASL PLAIN authentication after
+# STARTTLS is established. If you want to allow SASL PLAIN authentication
+# with or without TLS then just comment this out, and add AUTH=PLAIN to
+# IMAP_CAPABILITY
+
+IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
+
+##NAME: IMAP_TLS_ORIG:0
+#
+# For use by webadmin
+
+IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
+
+##NAME: IMAP_DISABLETHREADSORT:0
+#
+# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
+# server side sorting and threading.
+#
+# Those capabilities will still be advertised, but the server will reject
+# them. Set this option if you want to disable all the extra load from
+# server-side threading and sorting. Not advertising those capabilities
+# will simply result in the clients reading the entire folder, and sorting
+# it on the client side. That will still put some load on the server.
+# advertising these capabilities, but rejecting the commands, will stop this
+# silliness.
+#
+
+IMAP_DISABLETHREADSORT=0
+
+##NAME: IMAP_CHECK_ALL_FOLDERS:0
+#
+# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
+# mail in every folder. Not all IMAP clients use the IMAP's new mail
+# indicator, but some do. Normally new mail is checked only in INBOX,
+# because it is a comparatively time consuming operation, and it would be
+# a complete waste of time unless mail filters are used to deliver
+# mail directly to folders.
+#
+# When IMAP clients are used which support new mail indication, and when
+# mail filters are used to sort incoming mail into folders, setting
+# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
+# mail in folders. Note that this will result in slightly more load on the
+# server.
+#
+
+IMAP_CHECK_ALL_FOLDERS=0
+
+##NAME: IMAP_OBSOLETE_CLIENT:0
+#
+# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
+# what \\HasNoChildren really means.
+
+IMAP_OBSOLETE_CLIENT=0
+
+##NAME: IMAP_UMASK:0
+#
+# IMAP_UMASK sets the umask of the server process. The value of IMAP_UMASK is
+# simply passed to the "umask" command. The default value is 022.
+#
+# This feature is mostly useful for shared folders, where the file permissions
+# of the messages may be important.
+
+IMAP_UMASK=022
+
+##NAME: IMAP_ULIMITD:0
+#
+# IMAP_ULIMITD sets the maximum size of the data segment of the server
+# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
+# command (or ulimit -v). The argument to ulimi sets the upper limit on the
+# size of the data segment of the server process, in kilobytes. The default
+# value of 65536 sets a very generous limit of 64 megabytes, which should
+# be more than plenty for anyone.
+#
+# This feature is used as an additional safety check that should stop
+# any potential denial-of-service attacks that exploit any kind of
+# a memory leak to exhaust all the available memory on the server.
+# It is theoretically possible that obscenely huge folders will also
+# result in the server running out of memory when doing server-side
+# sorting (by my calculations you have to have at least 100,000 messages
+# in a single folder, for that to happen).
+
+IMAP_ULIMITD=65536
+
+##NAME: IMAP_USELOCKS:0
+#
+# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent
+# multiple access to the same folder. This incurs slight additional
+# overhead. Concurrent multiple access will still work without this setting,
+# however occasionally a minor race condition may result in an IMAP client
+# downloading the same message twice, or a keyword update will fail.
+#
+# IMAP_USELOCKS=1 is strongly recommended when shared folders are used.
+
+IMAP_USELOCKS=1
+
+##NAME: IMAP_SHAREDINDEXFILE:0
+#
+# The index of all accessible folders. Do not change this setting unless
+# you know what you're doing. See README.sharedfolders for additional
+# information.
+
+IMAP_SHAREDINDEXFILE=/etc/courier-imap/shared/index
+
+##NAME: IMAP_ENHANCEDIDLE:0
+#
+# If Courier was compiled with the File Alteration Monitor, setting
+# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple
+# clients may open the same folder concurrently, and receive updates to
+# folder contents in realtime. See the imapd(8) man page for additional
+# information.
+#
+# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included
+# in the IMAP_CAPABILITY list.
+#
+
+IMAP_ENHANCEDIDLE=0
+
+##NAME: IMAP_TRASHFOLDERNAME:0
+#
+# The name of the magic trash Folder. For MSOE compatibility,
+# you can set IMAP_TRASHFOLDERNAME="Deleted Items".
+#
+# IMPORTANT: If you change this, you must also change IMAP_EMPTYTRASH
+
+IMAP_TRASHFOLDERNAME=Trash
+
+##NAME: IMAP_EMPTYTRASH:0
+#
+# The following setting is optional, and causes messages from the given
+# folder to be automatically deleted after the given number of days.
+# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default
+# setting, below, purges 7 day old messages from the Trash folder.
+# Another useful setting would be:
+#
+# IMAP_EMPTYTRASH=Trash:7,Sent:30
+#
+# This would also delete messages from the Sent folder (presumably copies
+# of sent mail) after 30 days. This is a global setting that is applied to
+# every mail account, and is probably useful in a controlled, corporate
+# environment.
+#
+# Important: the purging is controlled by CTIME, not MTIME (the file time
+# as shown by ls). It is perfectly ordinary to see stuff in Trash that's
+# a year old. That's the file modification time, MTIME, that's displayed.
+# This is generally when the message was originally delivered to this
+# mailbox. Purging is controlled by a different timestamp, CTIME, which is
+# changed when the file is moved to the Trash folder (and at other times too).
+#
+# You might want to disable this setting in certain situations - it results
+# in a stat() of every file in each folder, at login and logout.
+#
+
+IMAP_EMPTYTRASH=Trash:7
+
+##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0
+#
+# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This
+# effectively allows an undo of message deletion by fishing the deleted
+# mail from trash. Trash can be manually expunged as usually, and mail
+# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
+#
+# NOTE: shared folders are still expunged as usual. Shared folders are
+# not affected.
+#
+
+IMAP_MOVE_EXPUNGE_TO_TRASH=0
+
+
+##NAME: OUTBOX:0
+#
+# The next set of options deal with the "Outbox" enhancement.
+# Uncomment the following setting to create a special folder, named
+# INBOX.Outbox
+#
+# OUTBOX=.Outbox
+
+##NAME: SENDMAIL:0
+#
+# If OUTBOX is defined, mail can be sent via the IMAP connection by copying
+# a message to the INBOX.Outbox folder. For all practical matters,
+# INBOX.Outbox looks and behaves just like any other IMAP folder. If this
+# folder doesn't exist it must be created by the IMAP mail client, just
+# like any other IMAP folder. The kicker: any message copied or moved to
+# this folder is will be E-mailed by the Courier-IMAP server, by running
+# the SENDMAIL program. Therefore, messages copied or moved to this
+# folder must be well-formed RFC-2822 messages, with the recipient list
+# specified in the To:, Cc:, and Bcc: headers. Courier-IMAP relies on
+# SENDMAIL to read the recipient list from these headers (and delete the Bcc:
+# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the
+# message piped on standard input. $SENDER will be the return address
+# of the message, which is set by the authentication module.
+#
+# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.
+#
+
+SENDMAIL=/usr/sbin/sendmail
+
+##NAME: HEADERFROM:0
+#
+# For administrative and oversight purposes, the return address, $SENDER
+# will also be saved in the X-IMAP-Sender mail header. This header gets
+# added to the sent E-mail (but it doesn't get saved in the copy of the
+# message that's saved in the folder)
+#
+# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive
+# the magic OUTBOX treatment. Therefore advance LARTing is in order for
+# _all_ of your lusers, until every one of them is aware of this. Otherwise if
+# OUTBOX is left at its default setting - a folder name that might be used
+# accidentally - some people may be in for a rude surprise. You can redefine
+# the name of the magic folder by changing OUTBOX, above. You should do that
+# and pick a less-obvious name. Perhaps brand it with your organizational
+# name ( OUTBOX=.WidgetsAndSonsOutbox )
+
+HEADERFROM=X-IMAP-Sender
+
+##NAME: OUTBOX_MULTIPLE_SEND:0
+#
+# Remove the following comment to allow a COPY of more than one message to
+# the Outbox, at a time.
+#
+# OUTBOX_MULTIPLE_SEND=1
+
+##NAME: IMAPDSTART:0
+#
+# IMAPDSTART is not used directly. Rather, this is a convenient flag to
+# be read by your system startup script in /etc/rc.d, like this:
+#
+# . /etc/courier-imap/imapd
+#
+# case x$IMAPDSTART in
+# x[yY]*)
+# /usr/lib64/courier-imap/imapd.rc start
+# ;;
+# esac
+#
+# The default setting is going to be NO, so you'll have to manually flip
+# it to yes.
+
+IMAPDSTART=YES
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+# Hardwire a value for ${MAILDIR}
+MAILDIR=.maildir
+MAILDIRPATH=.maildir
+# Put any program for ${PRERUN} here
+PRERUN=
+# Put any program for ${LOGINRUN} here
+# this is for relay-ctrl-allow in 4*
+LOGINRUN=
-##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$
+##VERSION: $Id: 106596a150c4585c41d65f60a17e173402125332-20150610064018$
#
# imapd created from imapd.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
-# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for
+# Copyright 1998 - 2015 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file sets various options for the Courier-IMAP server
TCPDOPTS="-nodnslookup -noidentlookup"
+##NAME: ACCESSFILE:0
+#
+# IMAP access file.
+
+IMAPACCESSFILE=/etc/courier-imap/imapaccess
+
##NAME: LOGGEROPTS:0
#
-# courierlogger(1) options.
+# courierlogger(1) options.
#
LOGGEROPTS="-name=imapd"
##NAME: DEFDOMAIN:0
#
-# Optional default domain. If the username does not contain the
+# Optional default domain. If the username does not contain the
# first character of DEFDOMAIN, then it is appended to the username.
# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended
# only if the username does not contain any character from DOMAINSEP.
#
# IMAP_LOG_DELETIONS=1
+##NAME: AUTH_MKHOMEDIR_SKEL:0
+#
+# Uncomment this setting to automatically create a home directory on first
+# login. if the AUTH_MKHOMEDIR_SKEL environment variable is set, and the
+# home directory does not exist, the home directory gets created, with its
+# initial contents copied from AUTH_MKHOMEDIR_SKEL which must be a directory,
+# typically /etc/skel.
+#
+# Note that this must be a complete home directory structure, including
+# the maildir. Typically:
+#
+# mkdir /etc/skel
+# chmod 700 /etc/skel
+# maildirmak /etc/skel/Maildir
+#
+# This directory gets copied as is, preserving each file/subdirectory's
+# permissions, with only userid/groupid changed to match the account's.
+#
+#
+# AUTH_MKHOMEDIR_SKEL=/etc/skel
+
##NAME: IMAPDEBUGFILE:0
#
# IMAPDEBUGFILE="imaplog.dat"
-##VERSION: $Id: pop3d-ssl.dist.in,v 1.23 2009/08/12 22:25:49 mrsam Exp $
+##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$
#
# pop3d-ssl created from pop3d-ssl.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
-# Copyright 2000-2008 Double Precision, Inc. See COPYING for
+# Copyright 2000-2013 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file sets various options for the Courier-IMAP server
##NAME: SSLLOGGEROPTS:0
#
-# courierlogger(1) options.
+# courierlogger(1) options.
#
SSLLOGGEROPTS="-name=pop3d-ssl"
COURIERTLS=/usr/sbin/couriertls
-##NAME: TLS_PROTOCOL:0
-#
-# TLS_PROTOCOL sets the protocol version. The possible versions are:
+##NAME: TLS_PRIORITY:0
#
-# OpenSSL:
+# Set TLS protocol priority settings (GnuTLS only)
#
-# SSL2 - SSLv2
-# SSL3 - SSLv3
-# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems)
-# TLS1 - TLS1
+# DEFAULT: NORMAL:-CTYPE-OPENPGP
#
-# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST
-# setting, below.
+# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP"
#
-# GnuTLS:
+# This setting is also used to select the available ciphers.
#
-# SSL3 - SSLv3
-# TLS1 - TLS 1.0
-# TLS1_1 - TLS 1.1
+# The actual list of available ciphers depend on the options GnuTLS was
+# compiled against. The possible ciphers are:
#
-# When compiled against GnuTLS, multiple protocols can be selected as follows:
+# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
#
-# TLS_PROTOCOL="TLS1_1:TLS1:SSL3"
+# Also, the following aliases:
#
-# DEFAULT VALUES:
+# HIGH -- all ciphers that use more than a 128 bit key size
+# MEDIUM -- all ciphers that use a 128 bit key size
+# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
+# is not included
+# ALL -- all ciphers except the NULL cipher
#
-# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS)
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
-##NAME: TLS_STARTTLS_PROTOCOL:0
-#
-# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS
-# extension, as opposed to POP3 over SSL on port 995.
+##NAME: TLS_PROTOCOL:0
#
-# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL
-
-TLS_STARTTLS_PROTOCOL=TLS1
+# TLS_PROTOCOL sets the protocol version. The possible versions are:
+#
+# OpenSSL:
+#
+# SSL3 - SSLv3
+# SSL23 - all protocols (including TLS 1.x protocols)
+# TLSv11 - TLS1
+# TLSv1.1 - TLS1.1
+# TLSv1.2 - TLS1.2
+#
+# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
+# higher protocols.
+#
+# The default value is TLSv1+
##NAME: TLS_CIPHER_LIST:0
#
#
# OpenSSL:
#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-#
-# To enable SSL2, remove the obvious "!SSLv2" part from the above list.
-#
+# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
# GnuTLS:
#
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
# is not included
# ALL -- all ciphers except the NULL cipher
-
+#
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
##NAME: TLS_MIN_DH_BITS:0
#
# have been encountered that offer 512 bit keys. You may have to set
# TLS_MIN_DH_BITS=512 here, if necessary.
-##NAME: TLS_KX_LIST:0
-#
-# GnuTLS only:
-#
-# Allowed key exchange protocols. The default of "ALL" should be sufficient.
-# The list of supported key exchange protocols depends on the options GnuTLS
-# was compiled against, but may include the following:
-#
-# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT
-
-TLS_KX_LIST=ALL
-
-##NAME: TLS_COMPRESSION:0
-#
-# GnuTLS only:
-#
-# Optional compression. "ALL" selects all available compression methods.
-#
-# Available compression methods: DEFLATE, LZO, NULL
-
-TLS_COMPRESSION=ALL
-
-##NAME: TLS_CERTS:0
-#
-# GnuTLS only:
-#
-# Supported certificate types are X509 and OPENPGP.
-#
-# OPENPGP has not been tested
-
-TLS_CERTS=X509
-
##NAME: TLS_TIMEOUT:0
# TLS_TIMEOUT is currently not implemented, and reserved for future use.
# This is supposed to be an inactivity timeout, but its not yet implemented.
#
-##NAME: TLS_DHCERTFILE:0
-#
-# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate.
-# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
-# you must generate a DH pair that will be used. In most situations the
-# DH pair is to be treated as confidential, and the file specified by
-# TLS_DHCERTFILE must not be world-readable.
-#
-# TLS_DHCERTFILE=
-
##NAME: TLS_CERTFILE:0
#
# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
TLS_CERTFILE=/etc/courier-imap/pop3d.pem
+##NAME: TLS_DHPARAMS:0
+#
+# TLS_DHPARAMS - DH parameter file.
+#
+TLS_DHPARAMS=/usr/share/dhparams.pem
+
##NAME: TLS_TRUSTCERTS:0
#
# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+++ /dev/null
-##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$
-#
-# pop3d-ssl created from pop3d-ssl.dist by sysconftool
-#
-# Do not alter lines that begin with ##, they are used when upgrading
-# this configuration.
-#
-# Copyright 2000-2013 Double Precision, Inc. See COPYING for
-# distribution information.
-#
-# This configuration file sets various options for the Courier-IMAP server
-# when used to handle SSL POP3 connections.
-#
-# SSL and non-SSL connections are handled by a dedicated instance of the
-# couriertcpd daemon. If you are accepting both SSL and non-SSL POP3
-# connections, you will start two instances of couriertcpd, one on the
-# POP3 port 110, and another one on the POP3-SSL port 995.
-#
-# Download OpenSSL from http://www.openssl.org/
-#
-##NAME: SSLPORT:0
-#
-# Options in the pop3d-ssl configuration file AUGMENT the options in the
-# pop3d configuration file. First the pop3d configuration file is read,
-# then the pop3d-ssl configuration file, so we do not have to redefine
-# anything.
-#
-# However, some things do have to be redefined. The port number is
-# specified by SSLPORT, instead of PORT. The default port is port 995.
-#
-# Multiple port numbers can be separated by commas. When multiple port
-# numbers are used it is possibly to select a specific IP address for a
-# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900"
-# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1
-# The SSLADDRESS setting is a default for ports that do not have
-# a specified IP address.
-
-SSLPORT=995
-
-##NAME: SSLADDRESS:0
-#
-# Address to listen on, can be set to a single IP address.
-#
-# SSLADDRESS=127.0.0.1
-
-SSLADDRESS=0
-
-##NAME: SSLPIDFILE:0
-#
-
-SSLPIDFILE=/var/run/pop3d-ssl.pid
-
-##NAME: SSLLOGGEROPTS:0
-#
-# courierlogger(1) options.
-#
-
-SSLLOGGEROPTS="-name=pop3d-ssl"
-
-##NAME: POP3DSSLSTART:0
-#
-# Whether or not to start POP3 over SSL on spop3 port:
-
-POP3DSSLSTART=NO
-
-##NAME: POP3_STARTTLS:0
-#
-# Whether or not to implement the POP3 STLS extension:
-
-POP3_STARTTLS=YES
-
-##NAME: POP3_TLS_REQUIRED:1
-#
-# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
-# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS
-# is issued).
-
-POP3_TLS_REQUIRED=0
-
-##NAME: COURIERTLS:0
-#
-# The following variables configure POP3 over SSL. If OpenSSL or GnuTLS
-# is available during configuration, the couriertls helper gets compiled, and
-# upon installation a dummy TLS_CERTFILE gets generated.
-#
-# WARNING: Peer certificate verification has NOT yet been tested. Proceed
-# at your own risk. Only the basic SSL/TLS functionality is known to be
-# working. Keep this in mind as you play with the following variables.
-
-COURIERTLS=/usr/sbin/couriertls
-
-##NAME: TLS_PRIORITY:0
-#
-# Set TLS protocol priority settings (GnuTLS only)
-#
-# DEFAULT: NORMAL:-CTYPE-OPENPGP
-#
-# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP"
-
-##NAME: TLS_PROTOCOL:0
-#
-# TLS_PROTOCOL sets the protocol version. The possible versions are:
-#
-# OpenSSL:
-#
-# SSL3 - SSLv3
-# SSL23 - all protocols (including TLS 1.x protocols)
-# TLS1 - TLS1
-# TLSv1.1 - TLS1.1
-# TLSv1.2 - TLS1.2
-#
-# Leave it unset to use any protocol except SSL 2.
-
-##NAME: TLS_CIPHER_LIST:0
-#
-# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
-# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
-# undefined
-#
-# OpenSSL:
-#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-#
-# GnuTLS:
-#
-# TLS_CIPHER_LIST="HIGH:MEDIUM"
-#
-# The actual list of available ciphers depend on the options GnuTLS was
-# compiled against. The possible ciphers are:
-#
-# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
-#
-# Also, the following aliases:
-#
-# HIGH -- all ciphers that use more than a 128 bit key size
-# MEDIUM -- all ciphers that use a 128 bit key size
-# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
-# is not included
-# ALL -- all ciphers except the NULL cipher
-#
-# See GnuTLS documentation, gnutls_priority_init(3) for additional
-# documentation.
-
-##NAME: TLS_MIN_DH_BITS:0
-#
-# TLS_MIN_DH_BITS=n
-#
-# GnuTLS only:
-#
-# Set the minimum number of acceptable bits for a DH key exchange.
-#
-# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
-# have been encountered that offer 512 bit keys. You may have to set
-# TLS_MIN_DH_BITS=512 here, if necessary.
-
-##NAME: TLS_TIMEOUT:0
-# TLS_TIMEOUT is currently not implemented, and reserved for future use.
-# This is supposed to be an inactivity timeout, but its not yet implemented.
-#
-
-##NAME: TLS_CERTFILE:0
-#
-# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
-# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
-# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
-# instead of TLS_DHCERTFILE if this is a garden-variety certificate
-#
-# VIRTUAL HOSTS (servers only):
-#
-# Due to technical limitations in the original SSL/TLS protocol, a dedicated
-# IP address is required for each virtual host certificate. If you have
-# multiple certificates, install each certificate file as
-# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address
-# for the certificate's domain name. So, if TLS_CERTFILE is set to
-# /etc/certificate.pem, then you'll need to install the actual certificate
-# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3
-# and so on, for each IP address.
-#
-# GnuTLS only (servers only):
-#
-# GnuTLS implements a new TLS extension that eliminates the need to have a
-# dedicated IP address for each SSL/TLS domain name. Install each certificate
-# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem,
-# then you'll need to install the actual certificate files as
-# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com
-# and so on.
-#
-# Note that this TLS extension also requires a corresponding support in the
-# client. Older SSL/TLS clients may not support this feature.
-#
-# This is an experimental feature.
-
-TLS_CERTFILE=/etc/courier-imap/pop3d.pem
-
-##NAME: TLS_DHPARAMS:0
-#
-# TLS_DHPARAMS - DH parameter file.
-#
-TLS_DHPARAMS=/usr/share/dhparams.pem
-
-##NAME: TLS_TRUSTCERTS:0
-#
-# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
-# pathname can be a file or a directory. If a file, the file should
-# contain a list of trusted certificates, in PEM format. If a
-# directory, the directory should contain the trusted certificates,
-# in PEM format, one per file and hashed using OpenSSL's c_rehash
-# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
-# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
-# to PEER or REQUIREPEER).
-#
-
-TLS_TRUSTCERTS=/etc/ssl/certs
-
-##NAME: TLS_VERIFYPEER:0
-#
-# TLS_VERIFYPEER - how to verify client certificates. The possible values of
-# this setting are:
-#
-# NONE - do not verify anything
-#
-# PEER - verify the client certificate, if one's presented
-#
-# REQUIREPEER - require a client certificate, fail if one's not presented
-#
-#
-TLS_VERIFYPEER=NONE
-
-##NAME: TLS_EXTERNAL:0
-#
-# To enable SSL certificate-based authentication:
-#
-# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate
-# authority's SSL certificate
-#
-# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings
-# requires all SSL clients to present a certificate, and rejects
-# SSL/TLS connections without a valid cert).
-#
-# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID.
-# Example:
-#
-# TLS_EXTERNAL=emailaddress
-#
-# The above example retrieves the login ID from the "emailaddress" subject
-# field. The certificate's emailaddress subject must match exactly the login
-# ID in the courier-authlib database.
-
-##NAME: TLS_CACHE:0
-#
-# A TLS/SSL session cache may slightly improve response for long-running
-# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE
-# bytes long, and used as a cache buffer.
-#
-# This is an experimental feature and should be disabled if it causes
-# problems with SSL clients. Disable SSL caching by commenting out the
-# following settings:
-
-TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
-TLS_CACHESIZE=524288
-
-##NAME: MAILDIRPATH:0
-#
-# MAILDIRPATH - directory name of the maildir directory.
-#
-MAILDIRPATH=Maildir
-
-# Hardwire a value for ${MAILDIR}
-MAILDIR=.maildir
-MAILDIRPATH=.maildir
2a01:238:4225:6e00:8f8c:808a:7fb8:88df helga.brehm-online.com helga h1763652.stratoserver.net h1763652
2001:6f8:1c00:365::2 home.brehm-online.com
+#2a02:8109:9300:488:5604:a6ff:fe38:99f9 bruni bruni.home.brehm-online.com
+2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9 bruni bruni.home.brehm-online.com
+2a02:8109:ae3f:fa04:fdab:16f0:c83a:d1f7 olga olga.home.brehm-online.com
+
+#185.48.117.162 fratest.profitbricks.com
#
# Imaginary network.
--- /dev/null
+# /etc/hosts: Local Host Database
+#
+# This file describes a number of aliases-to-address mappings for the for
+# local hosts that share this file.
+#
+# In the presence of the domain name service or NIS, this file may not be
+# consulted at all; see /etc/host.conf for the resolution order.
+#
+
+# IPv4 and IPv6 localhost aliases
+127.0.0.1 localhost
+::1 localhost
+
+85.214.134.152 helga.brehm-online.com helga h1763652.stratoserver.net h1763652
+2a01:238:4225:6e00:8f8c:808a:7fb8:88df helga.brehm-online.com helga h1763652.stratoserver.net h1763652
+
+2001:6f8:1c00:365::2 home.brehm-online.com
+
+#
+# Imaginary network.
+#10.0.0.2 myname
+#10.0.0.3 myfriend
+#
+# According to RFC 1918, you can use the following IP networks for private
+# nets which will never be connected to the Internet:
+#
+# 10.0.0.0 - 10.255.255.255
+# 172.16.0.0 - 172.31.255.255
+# 192.168.0.0 - 192.168.255.255
+#
+# In case you want to be able to connect directly to the Internet (i.e. not
+# behind a NAT, ADSL router, etc...), you need real official assigned
+# numbers. Do not try to invent your own network numbers but instead get one
+# from your network provider (if any) or from your regional registry (ARIN,
+# APNIC, LACNIC, RIPE NCC, or AfriNIC.)
+#
--- /dev/null
+# /etc/hosts: Local Host Database
+#
+# This file describes a number of aliases-to-address mappings for the for
+# local hosts that share this file.
+#
+# The format of lines in this file is:
+#
+# IP_ADDRESS canonical_hostname [aliases...]
+#
+#The fields can be separated by any number of spaces or tabs.
+#
+# In the presence of the domain name service or NIS, this file may not be
+# consulted at all; see /etc/host.conf for the resolution order.
+#
+
+# IPv4 and IPv6 localhost aliases
+127.0.0.1 localhost
+::1 localhost
+
+#
+# Imaginary network.
+#10.0.0.2 myname
+#10.0.0.3 myfriend
+#
+# According to RFC 1918, you can use the following IP networks for private
+# nets which will never be connected to the Internet:
+#
+# 10.0.0.0 - 10.255.255.255
+# 172.16.0.0 - 172.31.255.255
+# 192.168.0.0 - 192.168.255.255
+#
+# In case you want to be able to connect directly to the Internet (i.e. not
+# behind a NAT, ADSL router, etc...), you need real official assigned
+# numbers. Do not try to invent your own network numbers but instead get one
+# from your network provider (if any) or from your regional registry (ARIN,
+# APNIC, LACNIC, RIPE NCC, or AfriNIC.)
+#
+++ /dev/null
-# /etc/hosts: Local Host Database
-#
-# This file describes a number of aliases-to-address mappings for the for
-# local hosts that share this file.
-#
-# In the presence of the domain name service or NIS, this file may not be
-# consulted at all; see /etc/host.conf for the resolution order.
-#
-
-# IPv4 and IPv6 localhost aliases
-127.0.0.1 localhost
-::1 localhost
-
-#
-# Imaginary network.
-#10.0.0.2 myname
-#10.0.0.3 myfriend
-#
-# According to RFC 1918, you can use the following IP networks for private
-# nets which will never be connected to the Internet:
-#
-# 10.0.0.0 - 10.255.255.255
-# 172.16.0.0 - 172.31.255.255
-# 192.168.0.0 - 192.168.255.255
-#
-# In case you want to be able to connect directly to the Internet (i.e. not
-# behind a NAT, ADSL router, etc...), you need real official assigned
-# numbers. Do not try to invent your own network numbers but instead get one
-# from your network provider (if any) or from your regional registry (ARIN,
-# APNIC, LACNIC, RIPE NCC, or AfriNIC.)
-#
# When used in --follow (aka --monitor) mode, mdadm needs a
# mail address and/or a program. This can be given with "mailaddr"
# and "program" lines to that monitoring can be started using
-# mdadm --follow --scan & echo $! > /var/run/mdadm
+# mdadm --follow --scan & echo $! > /run/mdadm/mon.pid
# If the lines are not found, mdadm will exit quietly
MAILADDR frank@brehm-online.com
#PROGRAM /usr/sbin/handle-mdadm-events
--- /dev/null
+# mdadm configuration file
+#
+# mdadm will function properly without the use of a configuration file,
+# but this file is useful for keeping track of arrays and member disks.
+# In general, a mdadm.conf file is created, and updated, after arrays
+# are created. This is the opposite behavior of /etc/raidtab which is
+# created prior to array construction.
+#
+#
+# the config file takes two types of lines:
+#
+# DEVICE lines specify a list of devices of where to look for
+# potential member disks
+#
+# ARRAY lines specify information about how to identify arrays so
+# so that they can be activated
+#
+# You can have more than one device line and use wild cards. The first
+# example includes SCSI the first partition of SCSI disks /dev/sdb,
+# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second
+# line looks for array slices on IDE disks.
+#
+#DEVICE /dev/sd[bcdjkl]1
+#DEVICE /dev/hda1 /dev/hdb1
+#
+# If you mount devfs on /dev, then a suitable way to list all devices is:
+#DEVICE /dev/discs/*/*
+#
+#
+# The AUTO line can control which arrays get assembled by auto-assembly,
+# meaing either "mdadm -As" when there are no 'ARRAY' lines in this file,
+# or "mdadm --incremental" when the array found is not listed in this file.
+# By default, all arrays that are found are assembled.
+# If you want to ignore all DDF arrays (maybe they are managed by dmraid),
+# and only assemble 1.x arrays if which are marked for 'this' homehost,
+# but assemble all others, then use
+#AUTO -ddf homehost -1.x +all
+#
+# ARRAY lines specify an array to assemble and a method of identification.
+# Arrays can currently be identified by using a UUID, superblock minor number,
+# or a listing of devices.
+#
+# super-minor is usually the minor number of the metadevice
+# UUID is the Universally Unique Identifier for the array
+# Each can be obtained using
+#
+# mdadm -D <md>
+#
+#ARRAY /dev/md0 UUID=3aaa0122:29827cfa:5331ad66:ca767371
+#ARRAY /dev/md1 super-minor=1
+#ARRAY /dev/md2 devices=/dev/hda1,/dev/hdb1
+#
+# ARRAY lines can also specify a "spare-group" for each array. mdadm --monitor
+# will then move a spare between arrays in a spare-group if one array has a failed
+# drive but no spare
+#ARRAY /dev/md4 uuid=b23f3c6d:aec43a9f:fd65db85:369432df spare-group=group1
+#ARRAY /dev/md5 uuid=19464854:03f71b1b:e0df2edd:246cc977 spare-group=group1
+#
+# When used in --follow (aka --monitor) mode, mdadm needs a
+# mail address and/or a program. This can be given with "mailaddr"
+# and "program" lines to that monitoring can be started using
+# mdadm --follow --scan & echo $! > /var/run/mdadm
+# If the lines are not found, mdadm will exit quietly
+MAILADDR frank@brehm-online.com
+#PROGRAM /usr/sbin/handle-mdadm-events
+
+ARRAY /dev/md0 UUID=b7a8f9c1:8286d56c:3d186b3c:53958f34
+ARRAY /dev/md1 UUID=b0ec76b7:d7abfcad:8b23e4b1:c398e955
+ARRAY /dev/md2 metadata=1.2 UUID=f4df350f:db2bcbff:6c11726f:a221fad0 name=helga.brehm-online.com:2
+ARRAY /dev/md3 metadata=1.2 UUID=845bd74a:ad0cbe0e:033b20d0:a9bd0ff5 name=helga.brehm-online.com:3
+
# ARRAY lines specify information about how to identify arrays so
# so that they can be activated
#
-# You can have more than one device line and use wild cards. The first
+# You can have more than one device line and use wild cards. The first
# example includes SCSI the first partition of SCSI disks /dev/sdb,
-# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second
+# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second
# line looks for array slices on IDE disks.
#
#DEVICE /dev/sd[bcdjkl]1
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-3.1.0/html
+html_directory = /usr/share/doc/postfix-3.1.0-r1/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-3.1.0/readme
+readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme
#inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix/${mail_version}
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
-# The default is $myhostname + localhost.$mydomain. On a mail domain
-# gateway, you should also include $mydomain.
+# The default is $myhostname + localhost.$mydomain + localhost. On
+# a mail domain gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-3.0.3-r1/html
+html_directory = /usr/share/doc/postfix-3.1.0/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme
-
+readme_directory = /usr/share/doc/postfix-3.1.0/readme
#inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix/${mail_version}
#sender_bcc_maps = mysql:/etc/postfix/mysql-sender_bcc.cf
sender_bcc_maps = hash:/etc/postfix/maps/sender_bcc
smtp_generic_maps = hash:/etc/postfix/maps/generic
+smtp_sasl_password_maps = hash:/etc/postfix/maps/smtp_auth
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/CA-Brehm/cacert.pem
smtp_tls_cert_file = /etc/postfix/postfix.pem
smtp_tls_enforce_peername = no
reject_rbl_client zen.spamhaus.org,
reject_rbl_client ix.dnsbl.manitu.net,
check_policy_service unix:private/postgrey,
- check_policy_service inet:127.0.0.1:12525,
reject_unverified_recipient,
permit_mx_backup,
reject_unauth_destination,
permit
+# check_policy_service inet:127.0.0.1:12525,
+
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = $smtp_tls_CAfile
smtpd_tls_cert_file = $smtp_tls_cert_file
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-3.0.2/html
+html_directory = /usr/share/doc/postfix-3.0.3-r1/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-3.0.2/readme
+readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme
+#inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix/${mail_version}
home_mailbox = .maildir/
mydestination = $myhostname, $mydomain, hash:/etc/postfix/maps/mydomains
mydomain = brehm-online.com
myhostname = helga.brehm-online.com
-mynetworks = 127.0.0.0/8 85.214.134.152/32 85.214.109.1/32 [::1]/128 [2a01:238:4225:6e00:8f8c:808a:7fb8:88df]/128
+mynetworks = 127.0.0.0/8 85.214.134.152/32 [::1]/128 [2a01:238:4225:6e00:8f8c:808a:7fb8:88df]/128 138.201.28.135/32 [2a01:4f8:171:3006::2]/128
mynetworks_style = host
myorigin = $mydomain
#recipient_bcc_maps = mysql:/etc/postfix/mysql-recipient_bcc.cf
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-3.0.1-r1/html
+html_directory = /usr/share/doc/postfix-3.0.2/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme
+readme_directory = /usr/share/doc/postfix-3.0.2/readme
+
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix/${mail_version}
home_mailbox = .maildir/
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-3.0.0/html
+html_directory = /usr/share/doc/postfix-3.0.1-r1/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-3.0.0/readme
+readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix/${mail_version}
home_mailbox = .maildir/
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
+# COMPATIBILITY
+#
+# The compatibility_level determines what default settings Postfix
+# will use for main.cf and master.cf settings. These defaults will
+# change over time.
+#
+# To avoid breaking things, Postfix will use backwards-compatible
+# default settings and log where it uses those old backwards-compatible
+# default settings, until the system administrator has determined
+# if any backwards-compatible default settings need to be made
+# permanent in main.cf or master.cf.
+#
+# When this review is complete, update the compatibility_level setting
+# below as recommended in the RELEASE_NOTES file.
+#
+# The level below is what should be used with new (not upgrade) installs.
+#
+#compatibility_level = 2
+compatibility_level = 2
+
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-2.11.3/html
+html_directory = /usr/share/doc/postfix-3.0.0/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-2.11.3/readme
+readme_directory = /usr/share/doc/postfix-3.0.0/readme
+meta_directory = /etc/postfix
+shlib_directory = /usr/lib64/postfix/${mail_version}
home_mailbox = .maildir/
#alias_maps = mysql:/etc/postfix/mysql-aliases.cf
alias_maps = hash:/etc/postfix/maps/aliases
#virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_mailbox_maps = hash:/etc/postfix/maps/virtual_mailbox_maps
virtual_uid_maps = static:1023
+append_dot_mydomain = yes
+# smtputf8_enable = yes
+smtputf8_enable = no
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
-# http://www.postfix.org/.
+# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-2.10.3/html
+html_directory = /usr/share/doc/postfix-2.11.3/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-2.10.3/readme
+readme_directory = /usr/share/doc/postfix-2.11.3/readme
home_mailbox = .maildir/
#alias_maps = mysql:/etc/postfix/mysql-aliases.cf
alias_maps = hash:/etc/postfix/maps/aliases
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-2.10.2/html
+html_directory = /usr/share/doc/postfix-2.10.3/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-2.10.2/readme
+readme_directory = /usr/share/doc/postfix-2.10.3/readme
home_mailbox = .maildir/
#alias_maps = mysql:/etc/postfix/mysql-aliases.cf
alias_maps = hash:/etc/postfix/maps/aliases
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-2.10.1/html
+html_directory = /usr/share/doc/postfix-2.10.2/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-2.10.1/readme
+readme_directory = /usr/share/doc/postfix-2.10.2/readme
home_mailbox = .maildir/
#alias_maps = mysql:/etc/postfix/mysql-aliases.cf
alias_maps = hash:/etc/postfix/maps/aliases
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-2.10.0/html
+html_directory = /usr/share/doc/postfix-2.10.1/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-2.10.0/readme
+readme_directory = /usr/share/doc/postfix-2.10.1/readme
home_mailbox = .maildir/
#alias_maps = mysql:/etc/postfix/mysql-aliases.cf
alias_maps = hash:/etc/postfix/maps/aliases
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-3.1.0-r1/html
+html_directory = /usr/share/doc/postfix-3.1.2-r1/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme
+readme_directory = /usr/share/doc/postfix-3.1.2-r1/readme
inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix/${mail_version}
--- /dev/null
+# postgrey whitelist for mail client hostnames
+# --------------------------------------------
+# put this file in /etc/postfix or specify its path
+# with --whitelist-clients=xxx
+#
+# postgrey version: 1.36, build date: 2015-09-01
+
+# greylisting.org: Southwest Airlines (unique sender, no retry)
+southwest.com
+# greylisting.org: isp.belgacom.be (wierd retry pattern)
+isp.belgacom.be
+# greylisting.org: Ameritrade (no retry)
+ameritradeinfo.com
+# greylisting.org: Amazon.com (unique sender with letters)
+amazon.com
+# 2004-05-20: Linux kernel mailing-list (unique sender with letters)
+vger.kernel.org
+# 2004-06-02: karger.ch, no retry
+karger.ch
+# 2004-06-02: lilys.ch, (slow: 4 hours)
+server-x001.hostpoint.ch
+# 2004-06-09: roche.com (no retry)
+gw.bas.roche.com
+# 2004-06-09: newsletter (no retry)
+mail.hhlaw.com
+# 2004-06-09: no retry (reported by Ralph Hildebrandt)
+prd051.appliedbiosystems.com
+# 2004-06-17: swissre.com (no retry)
+swissre.com
+# 2004-06-17: dowjones.com newsletter (unique sender with letters)
+returns.dowjones.com
+# 2004-06-18: switch.ch (works but personnel is confused by the error)
+domin.switch.ch
+# 2004-06-23: accor-hotels.com (slow: 6 hours)
+accor-hotels.com
+# 2004-06-29: rr.com (no retry, reported by Duncan Hill)
+/^ms-smtp.*\.rr\.com$/
+# 2004-06-29: cox.net (no retry, reported by Duncan Hill)
+/^lake.*mta.*\.cox\.net$/
+# 2004-06-29: motorola.com (no retry)
+mot.com
+# 2004-07-01: nic.fr (address verification, reported by Arnaud Launay)
+nic.fr
+# 2004-07-01: verizon.net (address verification, reported by Bill Moran and Eric, adapted by Adam C. Mathews)
+/^s[cv]\d+pub\.verizon\.net$/
+# 2004-07-02: cs.columbia.edu (no retry)
+cs.columbia.edu
+# 2004-07-02: papersinvited.com (no retry)
+66.216.126.174
+# 2004-07-02: telekom.de (slow: 6 hours)
+/^mail\d+\.telekom\.de$/
+# 2004-07-04: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup)
+/^smtp\d+\.tiscali\.dk$/
+# 2004-07-04: freshmeat.net (address verification)
+freshmeat.net
+# 2004-07-11: zd-swx.com (unique sender with letters, reported by Bill Landry)
+zd-swx.com
+# 2004-07-11: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry)
+lockergnome.wc09.net
+# 2004-07-19: mxlogic.net (no retry, reported by Eric)
+p01m168.mxlogic.net
+p02m169.mxlogic.net
+# 2004-09-08: intel.com (pool on different subnets)
+/^fmr\d+\.intel\.com$/
+# 2004-09-17: cox-internet.com (no retry, reported by Rod Roark)
+/^fe\d+\.cox-internet\.com$/
+# 2004-10-11: logismata.ch (no retry)
+logismata.ch
+# 2004-11-25: brief.cw.reum.de (no retry, reported by Manuel Oetiker)
+brief.cw.reum.de
+# 2004-12-03: ingeno.ch (no retry)
+qmail.ingeno.ch
+# 2004-12-06: rein.ch (no retry)
+mail1.thurweb.ch
+# 2005-01-26: tu-ilmenau.de (no retry)
+piggy.rz.tu-ilmenau.de
+# 2005-04-06: polymed.ch (no retry)
+mail.polymed.ch
+# 2005-06-08: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg)
+rz.hu-berlin.de
+# 2005-06-17: gmail.com (big pool, reported by Beat Mueller)
+proxy.gmail.com
+# 2005-06-23: cacert.org (address verification, reported by Martin Lohmeier)
+cacert.org
+# 2005-07-27: polytech.univ-mrs.fr (no retry, reported by Giovanni Mandorino)
+polytech.univ-mrs.fr
+# 2005-08-05: gnu.org (address verification, reported by Martin Lohmeier)
+gnu.org
+# 2005-08-17: ciphirelabs.com (needs fast responses, reported by Sven Mueller)
+cs.ciphire.net
+# 2005-11-11: lufthansa (no retry, reported by Peter Bieringer)
+/^gateway\d+\.np4\.de$/
+# 2005-11-23: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz)
+/^mail-in-\d+\.arcor-online\.net$/
+# 2005-12-29: netsolmail.com (no retry, reported by Gareth Greenaway)
+netsolmail.com
+# mail.likopris.si (no retry, reported by Vito Robar)
+193.77.153.67
+# jcsw.nato.int (several servers, no retry, reported by Vito Robar)
+195.235.39
+# tesla.vtszg.hr (no retry, reported by Vito Robar)
+tesla.vtszg.hr
+# mailgw*.iai.co.il (pool of several servers, reported by Vito Robar)
+/^mailgw.*\.iai\.co\.il$/
+# gw.stud-serv-mb.si (no retry, reported by Vito Robar)
+gw.stud-serv-mb.si
+# mail.commandtech.com (no retry, reported by Vito Robar)
+216.238.112.99
+# duropack.co.at (no retry, reported by Vito Robar)
+193.81.20.195
+# mail.esimit-tech.si (no retry, reported by Vito Robar)
+193.77.126.208
+# mail.resotel.be (ocasionally no retry, reported by Vito Robar)
+80.200.249.216
+# mail2.alliancefr.be (ocasionally no retry, reported by Vito Robar)
+mail2.alliancefr.be
+# webserver.turboinstitut.si (no retry, reported by Vito Robar)
+webserver.turboinstitut.si
+# mil.be (pool of different servers, reported by Vito Robar)
+193.191.218.141
+193.191.218.142
+193.191.218.143
+194.7.234.141
+194.7.234.142
+194.7.234.143
+# mail*.usafisnews.org (no retry, reported by Vito Robar)
+/^mail\d+\.usafisnews\.org$/
+# odk.fdv.uni-lj.si (no retry, reported by Vito Robar)
+/^odk.fdv.uni-lj.si$/
+# rak-gentoo-1.nameserver.de (no retry, reported by Vito Robar)
+rak-gentoo-1.nameserver.de
+# dars.si (ocasionally no retry, reported by Vito Robar)
+mx.dars.si
+# cosis.si (no retry, reported by Vito Robar)
+213.143.66.210
+# mta?.siol.net (sometimes no or slow retry; they use intermail, reported by Vito Robar)
+/^mta[12].siol.net$/
+# pim-N-N.quickinspirationsmail.com (unique sender, reported by Vito Robar)
+/^pim-\d+-\d+\.quickinspirationsmail\.com$/
+# flymonarch (no retry, reported by Marko Djukic)
+flymonarch.com
+# wxs.nl (no retry, reported by Johannes Fehr)
+/^p?smtp.*\.wxs\.nl$/
+# ibm.com (big pool, reported by Casey Peel)
+ibm.com
+# messagelabs.com (big pool, reported by John Tobin)
+messagelabs.com
+# ptb.de (slow, reported by Joachim Schoenberg)
+berlin.ptb.de
+# registrarmail.net (unique sender names, reported by Simon Waters)
+registrarmail.net
+# google.com (big pool, reported by Matthias Dyer, Martin Toft)
+google.com
+# orange.fr (big pool, reported by Loïc Le Loarer)
+/^smtp\d+\.orange\.fr$/
+# citigroup.com (slow retry, reported by Michael Monnerie)
+/^smtp\d+.citigroup.com$/
+# cruisingclub.ch (no retry)
+mail.ccs-cruising.ch
+# digg.com (no retry, Debian #406774)
+diggstage01.digg.com
+# liberal.ca (retries only during 270 seconds, Debian #406774)
+smtp.liberal.ca
+# pi.ws (pool + long retry, Debian #409851)
+/^mail[12]\.pi\.ws$/
+# rambler.ru (big pool, reported by Michael Monnerie)
+rambler.ru
+# free.fr (big pool, reported by Denis Sacchet)
+/^smtp[0-9]+-g[0-9]+\.free\.fr$/
+/^postfix[0-9]+-g[0-9]+\.free\.fr$/
+# thehartford.com (pool + long retry, reported by Jacob Leifman)
+/^netmail\d+\.thehartford\.com$/
+# abb.com (only one retry, reported by Roman Plessl)
+/^nse\d+\.abb\.com$/
+# 2007-07-27: sourceforge.net (sender verification)
+lists.sourceforge.net
+# 2007-08-06: polytec.de (no retry, reported by Patrick McLean)
+polytec.de
+# 2007-09-06: qualiflow.com (no retry, reported by Alex Beckert)
+/^mail\d+\.msg\.oleane\.net$/
+# 2007-09-07: nrl.navy.mil (no retry, reported by Axel Beckert)
+nrl.navy.mil
+# 2007-10-18: aliplast.com (long retry, reported by Johannes Feigl)
+mail.aliplast.com
+# 2007-10-18: inode.at (long retry, reported by Johannes Feigl)
+/^mx\d+\..*\.inode\.at$/
+# 2008-02-01: bol.com (no retry, reported by Frank Breedijk)
+/^.*?.server.arvato-systems.de$/
+# 2008-06-05: registeredsite.com (no retry, reported by Fred Kilbourn)
+/^(?:mail|fallback-mx)\d+.atl.registeredsite.com$/
+# 2008-07-17: mahidol.ac.th (no retry, reported by Alex Beckert)
+saturn.mahidol.ac.th
+# 2008-07-18: ebay.com (big pool, reported by Peter Samuelson)
+ebay.com
+# 2008-07-22: yahoo.com (big pool, reported by Juan Alonso)
+yahoo.com
+# 2008-11-07: facebook (no retry, reported by Tim Freeman)
+/^outmail\d+\.sctm\.tfbnw\.net$/
+# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert)
+server14.cyon.ch
+# 2009-08-19: 126.com (big pool)
+/^m\d+-\d+\.126\.com$/
+# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert)
+home.theory.tifr.res.in
+# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert)
+ms4-1.1blu.de
+# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys)
+/^viefep\d+-int\.chello\.at$/
+# 2010-05-31: nic.nu (long retry, reported by Ivan Sie)
+mx.nic.nu
+# 2010-06-10: Microsoft servers (long/no retry, reported by Roy McMorran)
+bigfish.com
+frontbridge.com
+microsoft.com
+# 2010-06-18: Google/Postini (big pool, reported by Warren Trakman)
+postini.com
+# 2011-02-04: evanzo-server.de (no retry, reported by Andre Hoepner)
+/^mx.*\.evanzo-server\.de$/
+# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie)
+upcmail.net
+# 2013-12-18: orange.fr (big pool, reported by fulax)
+/^smtp\d+\.smtpout\.orange\.fr$/
+# 2014-01-29: gmx/web.de/1&1 (long retry, reported by Axel Beckert)
+mout-xforward.gmx.net
+mout-xforward.web.de
+mout-xforward.kundenserver.de
+mout-xforward.perfora.net
+# 2014-02-01: startcom.org (long retry, reported by jweiher)
+gateway.startcom.org
+# 2014-12-18: mail.ru (retries from fallback*.mail.ru, reported by Andriy Yurchuk)
+/^fallback\d+\.mail\.ru$/
+# French tax authority, no retry
+dgfip.finances.gouv.fr
+# 2015-06-10: magisto.com (requested by postmaster)
+/^o\d+\.ntdc\.magisto\.com$/
+# 2015-07-23: outlook.com (github #20)
+outlook.com
+# 2015-08-19 (the retrying is failing)
+mail.alibaba.com
+++ /dev/null
-# postgrey whitelist for mail client hostnames
-# --------------------------------------------
-# put this file in /etc/postfix or specify its path
-# with --whitelist-clients=xxx
-#
-# postgrey version: 1.34, build date: 2011-05-04
-
-# greylisting.org: Southwest Airlines (unique sender, no retry)
-southwest.com
-# greylisting.org: isp.belgacom.be (wierd retry pattern)
-isp.belgacom.be
-# greylisting.org: Ameritrade (no retry)
-ameritradeinfo.com
-# greylisting.org: Amazon.com (unique sender with letters)
-amazon.com
-# 2004-05-20: Linux kernel mailing-list (unique sender with letters)
-vger.kernel.org
-# 2004-06-02: karger.ch, no retry
-karger.ch
-# 2004-06-02: lilys.ch, (slow: 4 hours)
-server-x001.hostpoint.ch
-# 2004-06-09: roche.com (no retry)
-gw.bas.roche.com
-# 2004-06-09: newsletter (no retry)
-mail.hhlaw.com
-# 2004-06-09: no retry (reported by Ralph Hildebrandt)
-prd051.appliedbiosystems.com
-# 2004-06-17: swissre.com (no retry)
-swissre.com
-# 2004-06-17: dowjones.com newsletter (unique sender with letters)
-returns.dowjones.com
-# 2004-06-18: switch.ch (works but personnel is confused by the error)
-domin.switch.ch
-# 2004-06-23: accor-hotels.com (slow: 6 hours)
-accor-hotels.com
-# 2004-06-29: rr.com (no retry, reported by Duncan Hill)
-/^ms-smtp.*\.rr\.com$/
-# 2004-06-29: cox.net (no retry, reported by Duncan Hill)
-/^lake.*mta.*\.cox\.net$/
-# 2004-06-29: motorola.com (no retry)
-mot.com
-# 2004-07-01: nic.fr (address verification, reported by Arnaud Launay)
-nic.fr
-# 2004-07-01: verizon.net (address verification, reported by Bill Moran and Eric, adapted by Adam C. Mathews)
-/^s[cv]\d+pub\.verizon\.net$/
-# 2004-07-02: cs.columbia.edu (no retry)
-cs.columbia.edu
-# 2004-07-02: papersinvited.com (no retry)
-66.216.126.174
-# 2004-07-02: telekom.de (slow: 6 hours)
-/^mail\d+\.telekom\.de$/
-# 2004-07-04: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup)
-/^smtp\d+\.tiscali\.dk$/
-# 2004-07-04: freshmeat.net (address verification)
-freshmeat.net
-# 2004-07-11: zd-swx.com (unique sender with letters, reported by Bill Landry)
-zd-swx.com
-# 2004-07-11: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry)
-lockergnome.wc09.net
-# 2004-07-19: mxlogic.net (no retry, reported by Eric)
-p01m168.mxlogic.net
-p02m169.mxlogic.net
-# 2004-09-08: intel.com (pool on different subnets)
-/^fmr\d+\.intel\.com$/
-# 2004-09-17: cox-internet.com (no retry, reported by Rod Roark)
-/^fe\d+\.cox-internet\.com$/
-# 2004-10-11: logismata.ch (no retry)
-logismata.ch
-# 2004-11-25: brief.cw.reum.de (no retry, reported by Manuel Oetiker)
-brief.cw.reum.de
-# 2004-12-03: ingeno.ch (no retry)
-qmail.ingeno.ch
-# 2004-12-06: rein.ch (no retry)
-mail1.thurweb.ch
-# 2005-01-26: tu-ilmenau.de (no retry)
-piggy.rz.tu-ilmenau.de
-# 2005-04-06: polymed.ch (no retry)
-mail.polymed.ch
-# 2005-06-08: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg)
-rz.hu-berlin.de
-# 2005-06-17: gmail.com (big pool, reported by Beat Mueller)
-proxy.gmail.com
-# 2005-06-23: cacert.org (address verification, reported by Martin Lohmeier)
-cacert.org
-# 2005-07-27: polytech.univ-mrs.fr (no retry, reported by Giovanni Mandorino)
-polytech.univ-mrs.fr
-# 2005-08-05: gnu.org (address verification, reported by Martin Lohmeier)
-gnu.org
-# 2005-08-17: ciphirelabs.com (needs fast responses, reported by Sven Mueller)
-cs.ciphire.net
-# 2005-11-11: lufthansa (no retry, reported by Peter Bieringer)
-/^gateway\d+\.np4\.de$/
-# 2005-11-23: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz)
-/^mail-in-\d+\.arcor-online\.net$/
-# 2005-12-29: netsolmail.com (no retry, reported by Gareth Greenaway)
-netsolmail.com
-# mail.likopris.si (no retry, reported by Vito Robar)
-193.77.153.67
-# jcsw.nato.int (several servers, no retry, reported by Vito Robar)
-195.235.39
-# tesla.vtszg.hr (no retry, reported by Vito Robar)
-tesla.vtszg.hr
-# mailgw*.iai.co.il (pool of several servers, reported by Vito Robar)
-/^mailgw.*\.iai\.co\.il$/
-# gw.stud-serv-mb.si (no retry, reported by Vito Robar)
-gw.stud-serv-mb.si
-# mail.commandtech.com (no retry, reported by Vito Robar)
-216.238.112.99
-# duropack.co.at (no retry, reported by Vito Robar)
-193.81.20.195
-# mail.esimit-tech.si (no retry, reported by Vito Robar)
-193.77.126.208
-# mail.resotel.be (ocasionally no retry, reported by Vito Robar)
-80.200.249.216
-# mail2.alliancefr.be (ocasionally no retry, reported by Vito Robar)
-mail2.alliancefr.be
-# webserver.turboinstitut.si (no retry, reported by Vito Robar)
-webserver.turboinstitut.si
-# mil.be (pool of different servers, reported by Vito Robar)
-193.191.218.141
-193.191.218.142
-193.191.218.143
-194.7.234.141
-194.7.234.142
-194.7.234.143
-# mail*.usafisnews.org (no retry, reported by Vito Robar)
-/^mail\d+\.usafisnews\.org$/
-# odk.fdv.uni-lj.si (no retry, reported by Vito Robar)
-/^odk.fdv.uni-lj.si$/
-# rak-gentoo-1.nameserver.de (no retry, reported by Vito Robar)
-rak-gentoo-1.nameserver.de
-# dars.si (ocasionally no retry, reported by Vito Robar)
-mx.dars.si
-# cosis.si (no retry, reported by Vito Robar)
-213.143.66.210
-# mta?.siol.net (sometimes no or slow retry; they use intermail, reported by Vito Robar)
-/^mta[12].siol.net$/
-# pim-N-N.quickinspirationsmail.com (unique sender, reported by Vito Robar)
-/^pim-\d+-\d+\.quickinspirationsmail\.com$/
-# flymonarch (no retry, reported by Marko Djukic)
-flymonarch.com
-# wxs.nl (no retry, reported by Johannes Fehr)
-/^p?smtp.*\.wxs\.nl$/
-# ibm.com (big pool, reported by Casey Peel)
-ibm.com
-# messagelabs.com (big pool, reported by John Tobin)
-/^mail\d+\.messagelabs\.com$/
-# ptb.de (slow, reported by Joachim Schoenberg)
-berlin.ptb.de
-# registrarmail.net (unique sender names, reported by Simon Waters)
-registrarmail.net
-# google.com (big pool, reported by Matthias Dyer, Martin Toft)
-google.com
-# orange.fr (big pool, reported by Loïc Le Loarer)
-/^smtp\d+\.orange\.fr$/
-# citigroup.com (slow retry, reported by Michael Monnerie)
-/^smtp\d+.citigroup.com$/
-# cruisingclub.ch (no retry)
-mail.ccs-cruising.ch
-# digg.com (no retry, Debian #406774)
-diggstage01.digg.com
-# liberal.ca (retries only during 270 seconds, Debian #406774)
-smtp.liberal.ca
-# pi.ws (pool + long retry, Debian #409851)
-/^mail[12]\.pi\.ws$/
-# rambler.ru (big pool, reported by Michael Monnerie)
-rambler.ru
-# free.fr (big pool, reported by Denis Sacchet)
-/^smtp[0-9]+-g[0-9]+\.free\.fr$/
-/^postfix[0-9]+-g[0-9]+\.free\.fr$/
-# thehartford.com (pool + long retry, reported by Jacob Leifman)
-/^netmail\d+\.thehartford\.com$/
-# abb.com (only one retry, reported by Roman Plessl)
-/^nse\d+\.abb\.com$/
-# 2007-07-27: sourceforge.net (sender verification)
-lists.sourceforge.net
-# 2007-08-06: polytec.de (no retry, reported by Patrick McLean)
-polytec.de
-# 2007-09-06: qualiflow.com (no retry, reported by Alex Beckert)
-/^mail\d+\.msg\.oleane\.net$/
-# 2007-09-07: nrl.navy.mil (no retry, reported by Axel Beckert)
-nrl.navy.mil
-# 2007-10-18: aliplast.com (long retry, reported by Johannes Feigl)
-mail.aliplast.com
-# 2007-10-18: inode.at (long retry, reported by Johannes Feigl)
-/^mx\d+\..*\.inode\.at$/
-# 2008-02-01: bol.com (no retry, reported by Frank Breedijk)
-/^.*?.server.arvato-systems.de$/
-# 2008-06-05: registeredsite.com (no retry, reported by Fred Kilbourn)
-/^(?:mail|fallback-mx)\d+.atl.registeredsite.com$/
-# 2008-07-17: mahidol.ac.th (no retry, reported by Alex Beckert)
-saturn.mahidol.ac.th
-# 2008-07-18: ebay.com (big pool, reported by Peter Samuelson)
-ebay.com
-# 2008-07-22: yahoo.com (big pool, reported by Juan Alonso)
-yahoo.com
-# 2008-11-07: facebook (no retry, reported by Tim Freeman)
-/^outmail\d+\.sctm\.tfbnw\.net$/
-# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert)
-server14.cyon.ch
-# 2009-08-19: 126.com (big pool)
-/^m\d+-\d+\.126\.com$/
-# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert)
-home.theory.tifr.res.in
-# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert)
-ms4-1.1blu.de
-# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys)
-/^viefep\d+-int\.chello\.at$/
-# 2010-05-31: nic.nu (long retry, reported by Ivan Sie)
-mx.nic.nu
-# 2010-06-10: Microsoft servers (long/no retry, reported by Roy McMorran)
-bigfish.com
-frontbridge.com
-microsoft.com
-# 2010-06-18: Google/Postini (big pool, reported by Warren Trakman)
-postini.com
-# 2011-02-04: evanzo-server.de (no retry, reported by Andre Hoepner)
-/^mx.*\.evanzo-server\.de$/
-# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie)
-upcmail.net
# come up.
#rc_depend_strict="YES"
-# rc_hotplug is a list of services that we allow to be hotplugged.
-# By default we do not allow hotplugging.
+# rc_hotplug controls which services we allow to be hotplugged.
# A hotplugged service is one started by a dynamic dev manager when a matching
# hardware device is found.
-# This service is intrinsically included in the boot runlevel.
-# To disable services, prefix with a !
+# Hotplugged services appear in the "hotplugged" runlevel.
+# If rc_hotplug is set to any value, we compare the name of this service
+# to every pattern in the value, from left to right, and we allow the
+# service to be hotplugged if it matches a pattern, or if it matches no
+# patterns. Patterns can include shell wildcards.
+# To disable services from being hotplugged, prefix patterns with "!".
+#If rc_hotplug is not set or is empty, all hotplugging is disabled.
# Example - rc_hotplug="net.wlan !net.*"
-# This allows net.wlan and any service not matching net.* to be plugged.
-# Example - rc_hotplug="*"
-# This allows all services to be hotplugged
-#rc_hotplug="*"
+# This allows net.wlan and any service not matching net.* to be hotplugged.
+# Example - rc_hotplug="!net.*"
+# This allows services that do not match "net.*" to be hotplugged.
# rc_logger launches a logging daemon to log the entire rc process to
# /var/log/rc.log
# This is the subsystem type. Valid options on Linux:
# "" - nothing special
+# "docker" - Docker container manager
# "lxc" - Linux Containers
# "openvz" - Linux OpenVZ
# "prefix" - Prefix
+# "rkt" - CoreOS container management system
# "uml" - Usermode Linux
# "vserver" - Linux vserver
# "systemd-nspawn" - Container created by the systemd-nspawn utility
# Set the devices controller settings for this service.
#rc_cgroup_devices=""
+# Set the hugetlb controller settings for this service.
+#rc_cgroup_hugetlb=""
+
# Set the memory controller settings for this service.
#rc_cgroup_memory=""
+# Set the net_cls controller settings for this service.
+#rc_cgroup_net_cls=""
+
# Set the net_prio controller settings for this service.
#rc_cgroup_net_prio=""
+# Set the pids controller settings for this service.
+#rc_cgroup_pids=""
+
# Set this to YES if yu want all of the processes in a service's cgroup
# killed when the service is stopped or restarted.
# This should not be set globally because it kills all of the service's
#SSD_NICELEVEL="-19"
# Pass ulimit parameters
+# If you are using bash in POSIX mode for your shell, note that the
+# ulimit command uses a block size of 512 bytes for the -c and -f
+# options
#rc_ulimit="-u 30"
# It's possible to define extra dependencies for services like so
# LINUX SPECIFIC OPTIONS
# This is the subsystem type. Valid options on Linux:
-# "" - nothing special
-# "lxc" - Linux Containers
-# "openvz" - Linux OpenVZ
-# "prefix" - Prefix
-# "uml" - Usermode Linux
-# "vserver" - Linux vserver
-# "xen0" - Xen0 Domain
-# "xenU" - XenU Domain
+# "" - nothing special
+# "lxc" - Linux Containers
+# "openvz" - Linux OpenVZ
+# "prefix" - Prefix
+# "uml" - Usermode Linux
+# "vserver" - Linux vserver
+# "systemd-nspawn" - Container created by the systemd-nspawn utility
+# "xen0" - Xen0 Domain
+# "xenU" - XenU Domain
# If this is commented out, automatic detection will be used.
#
# This should be set to the value representing the environment this file is
# The default value is: /var/log/rc.log
rc_log_path="/var/log/rc.log"
+# If you want verbose output for OpenRC, set this to yes. If you want
+# verbose output for service foo only, set it to yes in /etc/conf.d/foo.
+#rc_verbose=no
+
# By default we filter the environment for our running scripts. To allow other
# variables through, add them here. Use a * to allow all variables through.
#rc_env_allow="VAR1 VAR2"
#rc_crashed_stop=NO
#rc_crashed_start=YES
+# Set rc_nocolor to yes if you do not want colors displayed in OpenRC
+# output.
+#rc_nocolor=NO
+
##############################################################################
# MISC CONFIGURATION VARIABLES
# There variables are shared between many init scripts
# Below is the default list of network fstypes.
#
-# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs
+# afs ceph cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs
# nfs nfs4 ocfs2 shfs smbfs
#
# If you would like to add to this list, you can do so by adding your
# Set unicode to YES to turn on unicode support for keyboards and screens.
unicode="YES"
+# This is how long fuser should wait for a remote server to respond. The
+# default is 60 seconds, but it can be adjusted here.
+#rc_fuser_timeout=60
+
# Below is the default list of network fstypes.
#
# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs
# Some daemons are started and stopped via start-stop-daemon.
# We can set some things on a per service basis, like the nicelevel.
-#export SSD_NICELEVEL="-19"
+#SSD_NICELEVEL="-19"
# Pass ulimit parameters
#rc_ulimit="-u 30"
# consolefont, numlock, etc ...)
rc_tty_number=12
+##############################################################################
+# CGROUPS RESOURCE MANAGEMENT
+
# If you have cgroups turned on in your kernel, this switch controls
# whether or not a group for each controller is mounted under
# /sys/fs/cgroup.
-# Support for process management by cgroups is planned in the future,
-# so if you turn this off, be aware that you may not be able to use that
-# feature.
+# None of the other options in this section work if this is set to "NO".
#rc_controller_cgroups="YES"
+
+# The following settings allow you to set up values for the cgroup
+# controllers for your services.
+# They can be set in this file;, however, if you do this, the settings
+# will apply to all of your services.
+# If you want different settings for each service, place the settings in
+# /etc/conf.d/foo for service foo.
+# The format is to specify the names of the settings followed by their
+# values. Each variable can hold multiple settings.
+# For example, you would use this to set the cpu.shares setting in the
+# cpu controller to 512 for your service.
+# rc_cgroup_cpu="
+# cpu.shares 512
+# "
+#
+#For more information about the adjustments that can be made with
+#cgroups, see Documentation/cgroups/* in the linux kernel source tree.
+
+# Set the blkio controller settings for this service.
+#rc_cgroup_blkio=""
+
+# Set the cpu controller settings for this service.
+#rc_cgroup_cpu=""
+
+# Add this service to the cpuacct controller (any value means yes).
+#rc_cgroup_cpuacct=""
+
+# Set the cpuset controller settings for this service.
+#rc_cgroup_cpuset=""
+
+# Set the devices controller settings for this service.
+#rc_cgroup_devices=""
+
+# Set the memory controller settings for this service.
+#rc_cgroup_memory=""
+
+# Set the net_prio controller settings for this service.
+#rc_cgroup_net_prio=""
+
+# Set this to YES if yu want all of the processes in a service's cgroup
+# killed when the service is stopped or restarted.
+# This should not be set globally because it kills all of the service's
+# child processes, and most of the time this is undesirable. Please set
+# it in /etc/conf.d/<service>.
+# To perform this cleanup manually for a stopped service, you can
+# execute cgroup_cleanup with /etc/init.d/<service> cgroup_cleanup or
+# rc-service <service> cgroup_cleanup.
+# rc_cgroup_cleanup="NO"
rc_tty_number=12
# If you have cgroups turned on in your kernel, this switch controls
-# whether or not a group for each controler is mounted under
+# whether or not a group for each controller is mounted under
# /sys/fs/cgroup.
# Support for process management by cgroups is planned in the future,
# so if you turn this off, be aware that you may not be able to use that
# Global OpenRC configuration settings
+# Set to "YES" if you want the rc system to try and start services
+# in parallel for a slight speed improvement. When running in parallel we
+# prefix the service output with its name as the output will get
+# jumbled up.
+# WARNING: whilst we have improved parallel, it can still potentially lock
+# the boot process. Don't file bugs about this unless you can supply
+# patches that fix it without breaking other things!
+#rc_parallel="NO"
+
# Set rc_interactive to "YES" and you'll be able to press the I key during
# boot so you can choose to start specific services. Set to "NO" to disable
-# this feature.
+# this feature. This feature is automatically disabled if rc_parallel is
+# set to YES.
#rc_interactive="YES"
# If we need to drop to a shell, you can specify it here.
# These variables are documented here, but should be configured in
# /etc/conf.d/foo for service foo and NOT enabled here unless you
# really want them to work on a global basis.
+# If your service has characters in its name which are not legal in
+# shell variable names and you configure the variables for it in this
+# file, those characters should be replaced with underscores in the
+# variable names as shown below.
# Some daemons are started and stopped via start-stop-daemon.
# We can set some things on a per service basis, like the nicelevel.
#rc_foo_need="openvpn"
#rc_foo_after="clock"
+# Below is an example for service foo-bar. Note that the '-' is illegal
+# in a shell variable name, so we convert it to an underscore.
+# example for service foo-bar.
+#rc_foo_bar_config="/etc/foo-bar"
+#rc_foo_bar_need="openvpn"
+#rc_foo_bar_after="clock"
+
# You can also remove dependencies.
# This is mainly used for saying which servies do NOT provide net.
#rc_net_tap0_provide="!net"
# "vserver" - Linux vserver
# "xen0" - Xen0 Domain
# "xenU" - XenU Domain
-# If this is commented out, automatic detection will be attempted.
-# Note that autodetection will not work in a prefix environment or in a
-# linux container.
+# If this is commented out, automatic detection will be used.
#
# This should be set to the value representing the environment this file is
# PRESENTLY in, not the virtualization the environment is capable of.
# This is the number of tty's used in most of the rc-scripts (like
# consolefont, numlock, etc ...)
rc_tty_number=12
+
+# If you have cgroups turned on in your kernel, this switch controls
+# whether or not a group for each controler is mounted under
+# /sys/fs/cgroup.
+# Support for process management by cgroups is planned in the future,
+# so if you turn this off, be aware that you may not be able to use that
+# feature.
+#rc_controller_cgroups="YES"
--- /dev/null
+# Global OpenRC configuration settings
+
+# Set rc_interactive to "YES" and you'll be able to press the I key during
+# boot so you can choose to start specific services. Set to "NO" to disable
+# this feature.
+#rc_interactive="YES"
+
+# If we need to drop to a shell, you can specify it here.
+# If not specified we use $SHELL, otherwise the one specified in /etc/passwd,
+# otherwise /bin/sh
+# Linux users could specify /sbin/sulogin
+rc_shell=/sbin/sulogin
+
+# Do we allow any started service in the runlevel to satisfy the dependency
+# or do we want all of them regardless of state? For example, if net.eth0
+# and net.eth1 are in the default runlevel then with rc_depend_strict="NO"
+# both will be started, but services that depend on 'net' will work if either
+# one comes up. With rc_depend_strict="YES" we would require them both to
+# come up.
+#rc_depend_strict="YES"
+
+# rc_hotplug is a list of services that we allow to be hotplugged.
+# By default we do not allow hotplugging.
+# A hotplugged service is one started by a dynamic dev manager when a matching
+# hardware device is found.
+# This service is intrinsically included in the boot runlevel.
+# To disable services, prefix with a !
+# Example - rc_hotplug="net.wlan !net.*"
+# This allows net.wlan and any service not matching net.* to be plugged.
+# Example - rc_hotplug="*"
+# This allows all services to be hotplugged
+#rc_hotplug="*"
+
+# rc_logger launches a logging daemon to log the entire rc process to
+# /var/log/rc.log
+# NOTE: Linux systems require the devfs service to be started before
+# logging can take place and as such cannot log the sysinit runlevel.
+rc_logger="YES"
+
+# Through rc_log_path you can specify a custom log file.
+# The default value is: /var/log/rc.log
+rc_log_path="/var/log/rc.log"
+
+# By default we filter the environment for our running scripts. To allow other
+# variables through, add them here. Use a * to allow all variables through.
+#rc_env_allow="VAR1 VAR2"
+
+# By default we assume that all daemons will start correctly.
+# However, some do not - a classic example is that they fork and return 0 AND
+# then child barfs on a configuration error. Or the daemon has a bug and the
+# child crashes. You can set the number of milliseconds start-stop-daemon
+# waits to check that the daemon is still running after starting here.
+# The default is 0 - no checking.
+#rc_start_wait=100
+
+# rc_nostop is a list of services which will not stop when changing runlevels.
+# This still allows the service itself to be stopped when called directly.
+#rc_nostop=""
+
+# rc will attempt to start crashed services by default.
+# However, it will not stop them by default as that could bring down other
+# critical services.
+#rc_crashed_stop=NO
+#rc_crashed_start=YES
+
+##############################################################################
+# MISC CONFIGURATION VARIABLES
+# There variables are shared between many init scripts
+
+# Set unicode to YES to turn on unicode support for keyboards and screens.
+unicode="YES"
+
+# Below is the default list of network fstypes.
+#
+# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs
+# nfs nfs4 ocfs2 shfs smbfs
+#
+# If you would like to add to this list, you can do so by adding your
+# own fstypes to the following variable.
+#extra_net_fs_list=""
+
+##############################################################################
+# SERVICE CONFIGURATION VARIABLES
+# These variables are documented here, but should be configured in
+# /etc/conf.d/foo for service foo and NOT enabled here unless you
+# really want them to work on a global basis.
+
+# Some daemons are started and stopped via start-stop-daemon.
+# We can set some things on a per service basis, like the nicelevel.
+#export SSD_NICELEVEL="-19"
+
+# Pass ulimit parameters
+#rc_ulimit="-u 30"
+
+# It's possible to define extra dependencies for services like so
+#rc_config="/etc/foo"
+#rc_need="openvpn"
+#rc_use="net.eth0"
+#rc_after="clock"
+#rc_before="local"
+#rc_provide="!net"
+
+# You can also enable the above commands here for each service. Below is an
+# example for service foo.
+#rc_foo_config="/etc/foo"
+#rc_foo_need="openvpn"
+#rc_foo_after="clock"
+
+# You can also remove dependencies.
+# This is mainly used for saying which servies do NOT provide net.
+#rc_net_tap0_provide="!net"
+
+##############################################################################
+# LINUX SPECIFIC OPTIONS
+
+# This is the subsystem type. Valid options on Linux:
+# "" - nothing special
+# "lxc" - Linux Containers
+# "openvz" - Linux OpenVZ
+# "prefix" - Prefix
+# "uml" - Usermode Linux
+# "vserver" - Linux vserver
+# "xen0" - Xen0 Domain
+# "xenU" - XenU Domain
+# If this is commented out, automatic detection will be attempted.
+# Note that autodetection will not work in a prefix environment or in a
+# linux container.
+#
+# This should be set to the value representing the environment this file is
+# PRESENTLY in, not the virtualization the environment is capable of.
+rc_sys=""
+
+# This is the number of tty's used in most of the rc-scripts (like
+# consolefont, numlock, etc ...)
+rc_tty_number=12
# Some daemons are started and stopped via start-stop-daemon.
# We can set some things on a per service basis, like the nicelevel.
#SSD_NICELEVEL="-19"
+# Or the ionice level. The format is class[:data] , just like the
+# --ionice start-stop-daemon parameter.
+#SSD_IONICELEVEL="2:2"
# Pass ulimit parameters
# If you are using bash in POSIX mode for your shell, note that the
#rc_foo_bar_after="clock"
# You can also remove dependencies.
-# This is mainly used for saying which servies do NOT provide net.
+# This is mainly used for saying which services do NOT provide net.
#rc_net_tap0_provide="!net"
-##############################################################################
-# LINUX SPECIFIC OPTIONS
-
-# This is the subsystem type. Valid options on Linux:
+# This is the subsystem type.
+# It is used to match against keywords set by the keyword call in the
+# depend function of service scripts.
+#
+# It should be set to the value representing the environment this file is
+# PRESENTLY in, not the virtualization the environment is capable of.
+# If it is commented out, automatic detection will be used.
+#
+# The list below shows all possible settings as well as the host
+# operating systems where they can be used and autodetected.
+#
# "" - nothing special
-# "docker" - Docker container manager
+# "docker" - Docker container manager (Linux)
+# "jail" - Jail (DragonflyBSD or FreeBSD)
# "lxc" - Linux Containers
# "openvz" - Linux OpenVZ
# "prefix" - Prefix
-# "rkt" - CoreOS container management system
+# "rkt" - CoreOS container management system (Linux)
+# "subhurd" - Hurd subhurds (to be checked)
+# "systemd-nspawn" - Container created by systemd-nspawn (Linux)
# "uml" - Usermode Linux
# "vserver" - Linux vserver
-# "systemd-nspawn" - Container created by the systemd-nspawn utility
-# "xen0" - Xen0 Domain
-# "xenU" - XenU Domain
-# If this is commented out, automatic detection will be used.
-#
-# This should be set to the value representing the environment this file is
-# PRESENTLY in, not the virtualization the environment is capable of.
+# "xen0" - Xen0 Domain (Linux and NetBSD)
+# "xenU" - XenU Domain (Linux and NetBSD)
#rc_sys=""
-# This is the number of tty's used in most of the rc-scripts (like
-# consolefont, numlock, etc ...)
+# on Linux and Hurd, this is the number of ttys allocated for logins
+# It is used in the consolefont, keymaps, numlock and termencoding
+# service scripts.
rc_tty_number=12
##############################################################################
-# CGROUPS RESOURCE MANAGEMENT
+# LINUX CGROUPS RESOURCE MANAGEMENT
# If you have cgroups turned on in your kernel, this switch controls
# whether or not a group for each controller is mounted under
# Set the pids controller settings for this service.
#rc_cgroup_pids=""
-# Set this to YES if yu want all of the processes in a service's cgroup
+# Set this to YES if you want all of the processes in a service's cgroup
# killed when the service is stopped or restarted.
# This should not be set globally because it kills all of the service's
# child processes, and most of the time this is undesirable. Please set
--- /dev/null
+# /etc/services
+#
+# Network services, Internet style
+#
+# Note that it is presently the policy of IANA to assign a single well-known
+# port number for both TCP and UDP; hence, most entries here have two entries
+# even if the protocol doesn't support UDP operations.
+#
+# Some References:
+# http://www.iana.org/assignments/port-numbers
+# http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services
+#
+# Each line describes one service, and is of the form:
+# service-name port/protocol [aliases ...] [# comment]
+#
+# See services(5) for more info.
+#
+
+#
+# IANA Assignments [Well Known Ports]
+# The Well Known Ports are assigned by the IANA and on most systems can
+# only be used by system (or root) processes or by programs executed by
+# privileged users.
+# The range for assigned ports managed by the IANA is 0-1023.
+#
+tcpmux 1/tcp # TCP port service multiplexer
+tcpmux 1/udp
+compressnet 2/tcp # Management Utility
+compressnet 2/udp
+compressnet 3/tcp # Compression Process
+compressnet 3/udp
+rje 5/tcp # Remote Job Entry
+rje 5/udp
+echo 7/tcp # Echo
+echo 7/udp
+discard 9/tcp sink null # Discard
+discard 9/udp sink null
+systat 11/tcp users # Active Users
+systat 11/udp users
+daytime 13/tcp # Daytime (RFC 867)
+daytime 13/udp
+#netstat 15/tcp # (was once asssigned, no more)
+qotd 17/tcp quote # Quote of the Day
+qotd 17/udp quote
+msp 18/tcp # Message Send Protocol
+msp 18/udp
+chargen 19/tcp ttytst source # Character Generator
+chargen 19/udp ttytst source
+ftp-data 20/tcp # File Transfer [Default Data]
+ftp-data 20/udp
+ftp 21/tcp # File Transfer [Control]
+ftp 21/udp fsp fspd
+ssh 22/tcp # SSH Remote Login Protocol
+ssh 22/udp
+telnet 23/tcp # Telnet
+telnet 23/udp
+# private 24/tcp # any private mail system
+# private 24/udp
+smtp 25/tcp mail # Simple Mail Transfer
+smtp 25/udp
+nsw-fe 27/tcp # NSW User System FE
+nsw-fe 27/udp
+msg-icp 29/tcp # MSG ICP
+msg-icp 29/udp
+msg-auth 31/tcp # MSG Authentication
+msg-auth 31/udp
+dsp 33/tcp # Display Support Protocol
+dsp 33/udp
+# private 35/tcp # any private printer server
+# private 35/udp
+time 37/tcp timserver
+time 37/udp timserver
+rap 38/tcp # Route Access Protocol
+rap 38/udp
+rlp 39/tcp resource # Resource Location Protocol
+rlp 39/udp resource
+graphics 41/tcp # Graphics
+graphics 41/udp
+nameserver 42/tcp name # Host Name Server
+nameserver 42/udp name
+nicname 43/tcp whois # Who Is
+nicname 43/udp whois
+mpm-flags 44/tcp # MPM FLAGS Protocol
+mpm-flags 44/udp
+mpm 45/tcp # Message Processing Module [recv]
+mpm 45/udp
+mpm-snd 46/tcp # MPM [default send]
+mpm-snd 46/udp
+ni-ftp 47/tcp # NI FTP
+ni-ftp 47/udp
+auditd 48/tcp # Digital Audit Daemon
+auditd 48/udp
+tacacs 49/tcp # Login Host Protocol (TACACS)
+tacacs 49/udp
+re-mail-ck 50/tcp # Remote Mail Checking Protocol
+re-mail-ck 50/udp
+domain 53/tcp # Domain Name Server
+domain 53/udp
+xns-ch 54/tcp # XNS Clearinghouse
+xns-ch 54/udp
+isi-gl 55/tcp # ISI Graphics Language
+isi-gl 55/udp
+xns-auth 56/tcp # XNS Authentication
+xns-auth 56/udp
+# private 57/tcp # any private terminal access
+# private 57/udp
+xns-mail 58/tcp # XNS Mail
+xns-mail 58/udp
+# private 59/tcp # any private file service
+# private 59/udp
+ni-mail 61/tcp # NI MAIL
+ni-mail 61/udp
+acas 62/tcp # ACA Services
+acas 62/udp
+whois++ 63/tcp # whois++
+whois++ 63/udp
+covia 64/tcp # Communications Integrator (CI)
+covia 64/udp
+tacacs-ds 65/tcp # TACACS-Database Service
+tacacs-ds 65/udp
+sql*net 66/tcp # Oracle SQL*NET
+sql*net 66/udp
+bootps 67/tcp # Bootstrap Protocol Server (BOOTP)
+bootps 67/udp
+bootpc 68/tcp # Bootstrap Protocol Client (BOOTP)
+bootpc 68/udp
+tftp 69/tcp # Trivial File Transfer
+tftp 69/udp
+gopher 70/tcp # Gopher
+gopher 70/udp
+netrjs-1 71/tcp # Remote Job Service
+netrjs-1 71/udp
+netrjs-2 72/tcp
+netrjs-2 72/udp
+netrjs-3 73/tcp
+netrjs-3 73/udp
+netrjs-4 74/tcp
+netrjs-4 74/udp
+# private 75/tcp # any private dial out service
+# private 75/udp
+deos 76/tcp # Distributed External Object Store
+deos 76/udp
+# private 77/tcp # any private RJE service
+# private 77/udp
+vettcp 78/tcp # vettcp
+vettcp 78/udp
+finger 79/tcp # Finger
+finger 79/udp
+http 80/tcp www www-http # World Wide Web HTTP
+http 80/udp www www-http
+hosts2-ns 81/tcp # HOSTS2 Name Server
+hosts2-ns 81/udp
+xfer 82/tcp # XFER Utility
+xfer 82/udp
+mit-ml-dev 83/tcp # MIT ML Device
+mit-ml-dev 83/udp
+ctf 84/tcp # Common Trace Facility
+ctf 84/udp
+mit-ml-dev 85/tcp # MIT ML Device
+mit-ml-dev 85/udp
+mfcobol 86/tcp # Micro Focus Cobol
+mfcobol 86/udp
+# private 87/tcp # any private terminal link
+# private 87/udp
+kerberos 88/tcp kerberos5 krb5 # Kerberos
+kerberos 88/udp kerberos5 krb5
+su-mit-tg 89/tcp # SU/MIT Telnet Gateway
+su-mit-tg 89/udp
+dnsix 90/tcp # DNSIX Securit Attribute Token Map
+dnsix 90/udp
+mit-dov 91/tcp # MIT Dover Spooler
+mit-dov 91/udp
+npp 92/tcp # Network Printing Protocol
+npp 92/udp
+dcp 93/tcp # Device Control Protocol
+dcp 93/udp
+objcall 94/tcp # Tivoli Object Dispatcher
+objcall 94/udp
+supdup 95/tcp # SUPDUP
+supdup 95/udp
+dixie 96/tcp # DIXIE Protocol Specification
+dixie 96/udp
+swift-rvf 97/tcp # Swift Remote Virtural File Protocol
+swift-rvf 97/udp
+tacnews 98/tcp linuxconf # TAC News
+tacnews 98/udp
+metagram 99/tcp # Metagram Relay
+metagram 99/udp
+#newacct 100/tcp # [unauthorized use]
+hostname 101/tcp hostnames # NIC Host Name Server
+hostname 101/udp hostnames
+iso-tsap 102/tcp tsap # ISO-TSAP Class 0
+iso-tsap 102/udp tsap
+gppitnp 103/tcp # Genesis Point-to-Point Trans Net
+gppitnp 103/udp
+acr-nema 104/tcp # ACR-NEMA Digital Imag. & Comm. 300
+acr-nema 104/udp
+cso 105/tcp csnet-ns cso-ns # CCSO name server protocol
+cso 105/udp csnet-ns cso-ns
+3com-tsmux 106/tcp poppassd # 3COM-TSMUX
+3com-tsmux 106/udp poppassd # Eudora: Unauthorized use by insecure poppassd protocol
+rtelnet 107/tcp # Remote Telnet Service
+rtelnet 107/udp
+snagas 108/tcp # SNA Gateway Access Server
+snagas 108/udp
+pop2 109/tcp pop-2 postoffice# Post Office Protocol - Version 2
+pop2 109/udp pop-2
+pop3 110/tcp pop-3 # Post Office Protocol - Version 3
+pop3 110/udp pop-3
+sunrpc 111/tcp portmapper rpcbind # SUN Remote Procedure Call
+sunrpc 111/udp portmapper rpcbind
+mcidas 112/tcp # McIDAS Data Transmission Protocol
+mcidas 112/udp
+auth 113/tcp authentication tap ident # Authentication Service
+auth 113/udp
+sftp 115/tcp # Simple File Transfer Protocol
+sftp 115/udp
+ansanotify 116/tcp # ANSA REX Notify
+ansanotify 116/udp
+uucp-path 117/tcp # UUCP Path Service
+uucp-path 117/udp
+sqlserv 118/tcp # SQL Services
+sqlserv 118/udp
+nntp 119/tcp readnews untp # Network News Transfer Protocol
+nntp 119/udp readnews untp
+cfdptkt 120/tcp # CFDPTKT
+cfdptkt 120/udp
+erpc 121/tcp # Encore Expedited Remote Pro.Call
+erpc 121/udp
+smakynet 122/tcp # SMAKYNET
+smakynet 122/udp
+ntp 123/tcp # Network Time Protocol
+ntp 123/udp
+ansatrader 124/tcp # ANSA REX Trader
+ansatrader 124/udp
+locus-map 125/tcp # Locus PC-Interface Net Map Ser
+locus-map 125/udp
+nxedit 126/tcp unitary # NXEdit
+nxedit 126/udp unitary # Unisys Unitary Login
+locus-con 127/tcp # Locus PC-Interface Conn Server
+locus-con 127/udp
+gss-xlicen 128/tcp # GSS X License Verification
+gss-xlicen 128/udp
+pwdgen 129/tcp # Password Generator Protocol
+pwdgen 129/udp
+cisco-fna 130/tcp # cisco FNATIVE
+cisco-fna 130/udp
+cisco-tna 131/tcp # cisco TNATIVE
+cisco-tna 131/udp
+cisco-sys 132/tcp # cisco SYSMAINT
+cisco-sys 132/udp
+statsrv 133/tcp # Statistics Service
+statsrv 133/udp
+ingres-net 134/tcp # INGRES-NET Service
+ingres-net 134/udp
+epmap 135/tcp loc-srv # DCE endpoint resolution
+epmap 135/udp loc-srv
+profile 136/tcp # PROFILE Naming System
+profile 136/udp
+netbios-ns 137/tcp # NETBIOS Name Service
+netbios-ns 137/udp
+netbios-dgm 138/tcp # NETBIOS Datagram Service
+netbios-dgm 138/udp
+netbios-ssn 139/tcp # NETBIOS Session Service
+netbios-ssn 139/udp
+emfis-data 140/tcp # EMFIS Data Service
+emfis-data 140/udp
+emfis-cntl 141/tcp # EMFIS Control Service
+emfis-cntl 141/udp
+imap 143/tcp imap2 # Internet Message Access Protocol
+imap 143/udp imap2
+uma 144/tcp # Universal Management Architecture
+uma 144/udp
+uaac 145/tcp # UAAC Protocol
+uaac 145/udp
+iso-tp0 146/tcp # ISO-TP0
+iso-tp0 146/udp
+iso-ip 147/tcp # ISO-IP
+iso-ip 147/udp
+jargon 148/tcp # Jargon
+jargon 148/udp
+aed-512 149/tcp # AED 512 Emulation Service
+aed-512 149/udp
+sql-net 150/tcp # SQL-NET
+sql-net 150/udp
+hems 151/tcp # HEMS
+hems 151/udp
+bftp 152/tcp # Background File Transfer Program
+bftp 152/udp
+sgmp 153/tcp # SGMP
+sgmp 153/udp
+netsc-prod 154/tcp # NETSC
+netsc-prod 154/udp
+netsc-dev 155/tcp
+netsc-dev 155/udp
+sqlsrv 156/tcp # SQL Service
+sqlsrv 156/udp
+knet-cmp 157/tcp # KNET/VM Command/Message Protocol
+knet-cmp 157/udp
+pcmail-srv 158/tcp # PCMail Server
+pcmail-srv 158/udp
+nss-routing 159/tcp # NSS-Routing
+nss-routing 159/udp
+sgmp-traps 160/tcp # SGMP-TRAPS
+sgmp-traps 160/udp
+snmp 161/tcp # Simple Net Mgmt Proto
+snmp 161/udp
+snmptrap 162/tcp snmp-trap # Traps for SNMP
+snmptrap 162/udp snmp-trap
+cmip-man 163/tcp # CMIP/TCP Manager
+cmip-man 163/udp
+cmip-agent 164/tcp # CMIP/TCP Agent
+cmip-agent 164/udp
+xns-courier 165/tcp # Xerox
+xns-courier 165/udp
+s-net 166/tcp # Sirius Systems
+s-net 166/udp
+namp 167/tcp # NAMP
+namp 167/udp
+rsvd 168/tcp # RSVD
+rsvd 168/udp
+send 169/tcp # SEND
+send 169/udp
+print-srv 170/tcp # Network PostScript
+print-srv 170/udp
+multiplex 171/tcp # Network Innovations Multiplex
+multiplex 171/udp
+cl/1 172/tcp # Network Innovations CL/1
+cl/1 172/udp
+xyplex-mux 173/tcp # Xyplex
+xyplex-mux 173/udp
+mailq 174/tcp # Mailer transport queue for Zmailer
+mailq 174/udp
+vmnet 175/tcp # VMNET
+vmnet 175/udp
+genrad-mux 176/tcp # GENRAD-MUX
+genrad-mux 176/udp
+xdmcp 177/tcp # X Display Manager Control Protocol
+xdmcp 177/udp
+nextstep 178/tcp NeXTStep NextStep# NextStep Window Server
+nextstep 178/udp NeXTStep NextStep
+bgp 179/tcp # Border Gateway Protocol
+bgp 179/udp
+ris 180/tcp # Intergraph
+ris 180/udp
+unify 181/tcp # Unify
+unify 181/udp
+audit 182/tcp # Unisys Audit SITP
+audit 182/udp
+ocbinder 183/tcp # OCBinder
+ocbinder 183/udp
+ocserver 184/tcp # OCServer
+ocserver 184/udp
+remote-kis 185/tcp # Remote-KIS
+remote-kis 185/udp
+kis 186/tcp # KIS Protocol
+kis 186/udp
+aci 187/tcp # Application Communication Interface
+aci 187/udp
+mumps 188/tcp # Plus Five's MUMPS
+mumps 188/udp
+qft 189/tcp # Queued File Transport
+qft 189/udp
+gacp 190/tcp # Gateway Access Control Protocol
+gacp 190/udp
+prospero 191/tcp # Prospero Directory Service
+prospero 191/udp
+osu-nms 192/tcp # OSU Network Monitoring System
+osu-nms 192/udp
+srmp 193/tcp # Spider Remote Monitoring Protocol
+srmp 193/udp
+irc 194/tcp # Internet Relay Chat Protocol
+irc 194/udp
+dn6-nlm-aud 195/tcp # DNSIX Network Level Module Audit
+dn6-nlm-aud 195/udp
+dn6-smm-red 196/tcp # DNSIX Session Mgt Module Audit Redir
+dn6-smm-red 196/udp
+dls 197/tcp # Directory Location Service
+dls 197/udp
+dls-mon 198/tcp # Directory Location Service Monitor
+dls-mon 198/udp
+smux 199/tcp # SNMP Unix Multiplexer
+smux 199/udp
+src 200/tcp # IBM System Resource Controller
+src 200/udp
+at-rtmp 201/tcp # AppleTalk Routing Maintenance
+at-rtmp 201/udp
+at-nbp 202/tcp # AppleTalk Name Binding
+at-nbp 202/udp
+at-echo 204/tcp # AppleTalk Echo
+at-echo 204/udp
+at-zis 206/tcp # AppleTalk Zone Information
+at-zis 206/udp
+qmtp 209/tcp # The Quick Mail Transfer Protocol
+qmtp 209/udp
+z39.50 210/tcp wais z3950 # ANSI Z39.50
+z39.50 210/udp wais z3950
+914c/g 211/tcp # Texas Instruments 914C/G Terminal
+914c/g 211/udp
+anet 212/tcp # ATEXSSTR
+anet 212/udp
+ipx 213/tcp # IPX
+ipx 213/udp
+imap3 220/tcp # Interactive Mail Access
+imap3 220/udp
+link 245/tcp # ttylink
+link 245/udp
+pawserv 345/tcp # Perf Analysis Workbench
+pawserv 345/udp
+zserv 346/tcp # Zebra server
+zserv 346/udp
+fatserv 347/tcp # Fatmen Server
+fatserv 347/udp
+scoi2odialog 360/tcp # scoi2odialog
+scoi2odialog 360/udp
+semantix 361/tcp # Semantix
+semantix 361/udp
+srssend 362/tcp # SRS Send
+srssend 362/udp
+rsvp_tunnel 363/tcp # RSVP Tunnel
+rsvp_tunnel 363/udp
+aurora-cmgr 364/tcp # Aurora CMGR
+aurora-cmgr 364/udp
+dtk 365/tcp # Deception Tool Kit
+dtk 365/udp
+odmr 366/tcp # ODMR
+odmr 366/udp
+rpc2portmap 369/tcp # Coda portmapper
+rpc2portmap 369/udp
+codaauth2 370/tcp # Coda authentication server
+codaauth2 370/udp
+clearcase 371/tcp # Clearcase
+clearcase 371/udp
+ulistproc 372/tcp ulistserv # UNIX Listserv
+ulistproc 372/udp ulistserv
+ldap 389/tcp # Lightweight Directory Access Protocol
+ldap 389/udp
+imsp 406/tcp # Interactive Mail Support Protocol
+imsp 406/udp
+svrloc 427/tcp # Server Location
+svrloc 427/udp
+mobileip-agent 434/tcp # MobileIP-Agent
+mobileip-agent 434/udp
+mobilip-mn 435/tcp # MobilIP-MN
+mobilip-mn 435/udp
+https 443/tcp # MCom
+https 443/udp
+snpp 444/tcp # Simple Network Paging Protocol
+snpp 444/udp
+microsoft-ds 445/tcp Microsoft-DS
+microsoft-ds 445/udp Microsoft-DS
+kpasswd 464/tcp kpwd # Kerberos "passwd"
+kpasswd 464/udp kpwd
+urd 465/tcp smtps ssmtp # URL Rendesvous Directory for SSM / smtp protocol over TLS/SSL
+igmpv3lite 465/udp smtps ssmtp # IGMP over UDP for SSM
+photuris 468/tcp
+photuris 468/udp
+rcp 469/tcp # Radio Control Protocol
+rcp 469/udp
+saft 487/tcp # Simple Asynchronous File Transfer
+saft 487/udp
+gss-http 488/tcp
+gss-http 488/udp
+pim-rp-disc 496/tcp
+pim-rp-disc 496/udp
+isakmp 500/tcp # IPsec - Internet Security Association and Key Management Protocol
+isakmp 500/udp
+exec 512/tcp # remote process execution
+comsat 512/udp biff # notify users of new mail received
+login 513/tcp # remote login a la telnet
+who 513/udp whod # who's logged in to machines
+shell 514/tcp cmd # no passwords used
+syslog 514/udp
+printer 515/tcp spooler # line printer spooler
+printer 515/udp spooler
+videotex 516/tcp
+videotex 516/udp
+talk 517/tcp # like tenex link
+talk 517/udp
+ntalk 518/tcp
+ntalk 518/udp
+utime 519/tcp unixtime
+utime 519/udp unixtime
+efs 520/tcp # extended file name server
+router 520/udp route routed # local routing process
+ripng 521/tcp
+ripng 521/udp
+ulp 522/tcp
+ulp 522/udp
+ibm-db2 523/tcp
+ibm-db2 523/udp
+ncp 524/tcp
+ncp 524/udp
+timed 525/tcp timeserver
+timed 525/udp timeserver
+tempo 526/tcp newdate
+tempo 526/udp newdate
+courier 530/tcp rpc
+courier 530/udp rpc
+conference 531/tcp chat
+conference 531/udp chat
+netnews 532/tcp readnews
+netnews 532/udp readnews
+netwall 533/tcp # -for emergency broadcasts
+netwall 533/udp
+mm-admin 534/tcp # MegaMedia Admin
+mm-admin 534/udp
+iiop 535/tcp
+iiop 535/udp
+opalis-rdv 536/tcp
+opalis-rdv 536/udp
+nmsp 537/tcp # Networked Media Streaming Protocol
+nmsp 537/udp
+gdomap 538/tcp # GNUstep distributed objects
+gdomap 538/udp
+uucp 540/tcp uucpd # uucp daemon
+uucp 540/udp uucpd
+klogin 543/tcp # Kerberized `rlogin' (v5)
+klogin 543/udp
+kshell 544/tcp krcmd # Kerberized `rsh' (v5)
+kshell 544/udp krcmd
+appleqtcsrvr 545/tcp
+appleqtcsrvr 545/udp
+dhcpv6-client 546/tcp # DHCPv6 Client
+dhcpv6-client 546/udp
+dhcpv6-server 547/tcp # DHCPv6 Server
+dhcpv6-server 547/udp
+afpovertcp 548/tcp # AFP over TCP
+afpovertcp 548/udp
+rtsp 554/tcp # Real Time Stream Control Protocol
+rtsp 554/udp
+dsf 555/tcp
+dsf 555/udp
+remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
+remotefs 556/udp rfs_server rfs
+nntps 563/tcp snntp # NNTP over SSL
+nntps 563/udp snntp
+9pfs 564/tcp # plan 9 file service
+9pfs 564/udp
+whoami 565/tcp
+whoami 565/udp
+submission 587/tcp # mail message submission
+submission 587/udp
+http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate
+http-alt 591/udp
+nqs 607/tcp # Network Queuing system
+nqs 607/udp
+npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS
+npmp-local 610/udp dqs313_qmaster
+npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS
+npmp-gui 611/udp dqs313_execd
+hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS
+hmmp-ind 612/udp dqs313_intercell
+cryptoadmin 624/tcp # Crypto Admin
+cryptoadmin 624/udp
+dec_dlm 625/tcp # DEC DLM
+dec_dlm 625/udp
+asia 626/tcp
+asia 626/udp
+passgo-tivoli 627/tcp # PassGo Tivoli
+passgo-tivoli 627/udp
+qmqp 628/tcp # Qmail QMQP
+qmqp 628/udp
+3com-amp3 629/tcp
+3com-amp3 629/udp
+rda 630/tcp
+rda 630/udp
+ipp 631/tcp # Internet Printing Protocol
+ipp 631/udp
+ldaps 636/tcp # LDAP over SSL
+ldaps 636/udp
+tinc 655/tcp # TINC control port
+tinc 655/udp
+acap 674/tcp # Application Configuration Access Protocol
+acap 674/udp
+asipregistry 687/tcp
+asipregistry 687/udp
+realm-rusd 688/tcp # ApplianceWare managment protocol
+realm-rusd 688/udp
+nmap 689/tcp # Opensource Network Mapper
+nmap 689/udp
+ha-cluster 694/tcp # Heartbeat HA-cluster
+ha-cluster 694/udp
+epp 700/tcp # Extensible Provisioning Protocol
+epp 700/udp
+iris-beep 702/tcp # IRIS over BEEP
+iris-beep 702/udp
+silc 706/tcp # SILC
+silc 706/udp
+kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
+kerberos-adm 749/udp
+kerberos-iv 750/tcp kerberos4 kdc # Kerberos (server)
+kerberos-iv 750/udp kerberos4 kdc
+pump 751/tcp kerberos_master
+pump 751/udp kerberos_master # Kerberos authentication
+qrh 752/tcp passwd_server
+qrh 752/udp passwd_server # Kerberos passwd server
+rrh 753/tcp
+rrh 753/udp
+tell 754/tcp send krb_prop krb5_prop # Kerberos slave propagation
+tell 754/udp send
+nlogin 758/tcp
+nlogin 758/udp
+con 759/tcp
+con 759/udp
+ns 760/tcp krbupdate kreg # Kerberos registration
+ns 760/udp
+webster 765/tcp # Network dictionary
+webster 765/udp
+phonebook 767/tcp # Network phonebook
+phonebook 767/udp
+rsync 873/tcp # rsync
+rsync 873/udp
+ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
+ftps-data 989/udp
+ftps 990/tcp # ftp protocol, control, over TLS/SSL
+ftps 990/udp
+nas 991/tcp # Netnews Administration System
+nas 991/udp
+telnets 992/tcp # telnet protocol over TLS/SSL
+telnets 992/udp
+imaps 993/tcp # imap4 protocol over TLS/SSL
+imaps 993/udp
+ircs 994/tcp # irc protocol over TLS/SSL
+ircs 994/udp
+pop3s 995/tcp # pop3 protocol over TLS/SSL
+pop3s 995/udp
+
+#
+# IANA Assignments [Registered Ports]
+#
+# The Registered Ports are listed by the IANA and on most systems can be
+# used by ordinary user processes or programs executed by ordinary
+# users.
+# Ports are used in the TCP [RFC793] to name the ends of logical
+# connections which carry long term conversations. For the purpose of
+# providing services to unknown callers, a service contact port is
+# defined. This list specifies the port used by the server process as
+# its contact port.
+# The IANA registers uses of these ports as a convenience to the
+# community.
+# To the extent possible, these same port assignments are used with the
+# UDP [RFC768].
+# The Registered Ports are in the range 1024-49151.
+#
+imgames 1077/tcp
+imgames 1077/udp
+socks 1080/tcp # socks proxy server
+socks 1080/udp
+rmiregistry 1099/tcp # Java RMI Registry
+rmiregistry 1099/udp
+bnetgame 1119/tcp # Battle.net Chat/Game Protocol
+bnetgame 1119/udp
+bnetfile 1120/tcp # Battle.net File Transfer Protocol
+bnetfile 1120/udp
+hpvmmcontrol 1124/tcp # HP VMM Control
+hpvmmcontrol 1124/udp
+hpvmmagent 1125/tcp # HP VMM Agent
+hpvmmagent 1125/udp
+hpvmmdata 1126/tcp # HP VMM Agent
+hpvmmdata 1126/udp
+resacommunity 1154/tcp # Community Service
+resacommunity 1154/udp
+3comnetman 1181/tcp # 3Com Net Management
+3comnetman 1181/udp
+mysql-cluster 1186/tcp # MySQL Cluster Manager
+mysql-cluster 1186/udp
+alias 1187/tcp # Alias Service
+alias 1187/udp
+openvpn 1194/tcp # OpenVPN
+openvpn 1194/udp
+kazaa 1214/tcp # KAZAA
+kazaa 1214/udp
+bvcontrol 1236/tcp rmtcfg # Gracilis Packeten remote config server
+bvcontrol 1236/udp rmtcfg
+nessus 1241/tcp # Nessus vulnerability assessment scanner
+nessus 1241/udp
+h323hostcallsc 1300/tcp # H323 Host Call Secure
+h323hostcallsc 1300/udp
+lotusnote 1352/tcp # Lotus Note
+lotusnote 1352/udp
+ms-sql-s 1433/tcp # Microsoft-SQL-Server
+ms-sql-s 1433/udp
+ms-sql-m 1434/tcp # Microsoft-SQL-Monitor
+ms-sql-m 1434/udp
+ica 1494/tcp # Citrix ICA Client
+ica 1494/udp
+wins 1512/tcp # Microsoft's Windows Internet Name Service
+wins 1512/udp
+ingreslock 1524/tcp
+ingreslock 1524/udp
+prospero-np 1525/tcp # Prospero non-privileged
+prospero-np 1525/udp
+datametrics 1645/tcp old-radius # datametrics / old radius entry
+datametrics 1645/udp old-radius
+sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry
+sa-msg-port 1646/udp old-radacct
+rsap 1647/tcp
+rsap 1647/udp
+concurrent-lm 1648/tcp
+concurrent-lm 1648/udp
+kermit 1649/tcp
+kermit 1649/udp
+groupwise 1677/tcp
+groupwise 1677/udp
+l2tp 1701/tcp
+l2tp 1701/udp
+h323gatedisc 1718/tcp
+h323gatedisc 1718/udp
+h323gatestat 1719/tcp
+h323gatestat 1719/udp
+h323hostcall 1720/tcp
+h323hostcall 1720/udp
+iberiagames 1726/tcp
+iberiagames 1726/udp
+gamegen1 1738/tcp
+gamegen1 1738/udp
+tftp-mcast 1758/tcp
+tftp-mcast 1758/udp
+hello 1789/tcp
+hello 1789/udp
+radius 1812/tcp # Radius
+radius 1812/udp
+radius-acct 1813/tcp radacct # Radius Accounting
+radius-acct 1813/udp radacct
+mtp 1911/tcp # Starlight Networks Multimedia Transport Protocol
+mtp 1911/udp
+egs 1926/tcp # Evolution Game Server
+egs 1926/udp
+unix-status 1957/tcp # remstats unix-status server
+unix-status 1957/udp
+hsrp 1985/tcp # Hot Standby Router Protocol
+hsrp 1985/udp
+licensedaemon 1986/tcp # cisco license management
+licensedaemon 1986/udp
+tr-rsrb-p1 1987/tcp # cisco RSRB Priority 1 port
+tr-rsrb-p1 1987/udp
+tr-rsrb-p2 1988/tcp # cisco RSRB Priority 2 port
+tr-rsrb-p2 1988/udp
+tr-rsrb-p3 1989/tcp # cisco RSRB Priority 3 port
+tr-rsrb-p3 1989/udp
+stun-p1 1990/tcp # cisco STUN Priority 1 port
+stun-p1 1990/udp
+stun-p2 1991/tcp # cisco STUN Priority 2 port
+stun-p2 1991/udp
+stun-p3 1992/tcp # cisco STUN Priority 3 port
+stun-p3 1992/udp
+snmp-tcp-port 1994/tcp # cisco SNMP TCP port
+snmp-tcp-port 1994/udp
+stun-port 1995/tcp # cisco serial tunnel port
+stun-port 1995/udp
+perf-port 1996/tcp # cisco Remote SRB port
+perf-port 1996/udp
+gdp-port 1997/tcp # cisco Gateway Discovery Protocol
+gdp-port 1997/udp
+x25-svc-port 1998/tcp # cisco X.25 service (XOT)
+x25-svc-port 1998/udp
+tcp-id-port 1999/tcp # cisco identification port
+tcp-id-port 1999/udp
+cisco-sccp 2000/tcp # Cisco SCCP
+cisco-sccp 2000/udp
+nfs 2049/tcp # Network File System
+nfs 2049/udp
+radsec 2083/tcp # Secure Radius Service
+radsec 2083/udp
+gnunet 2086/tcp # GNUnet
+gnunet 2086/udp
+rtcm-sc104 2101/tcp # RTCM SC-104
+rtcm-sc104 2101/udp
+zephyr-srv 2102/tcp # Zephyr server
+zephyr-srv 2102/udp
+zephyr-clt 2103/tcp # Zephyr serv-hm connection
+zephyr-clt 2103/udp
+zephyr-hm 2104/tcp # Zephyr hostmanager
+zephyr-hm 2104/udp
+eyetv 2170/tcp # EyeTV Server Port
+eyetv 2170/udp
+msfw-storage 2171/tcp # MS Firewall Storage
+msfw-storage 2171/udp
+msfw-s-storage 2172/tcp # MS Firewall SecureStorage
+msfw-s-storage 2172/udp
+msfw-replica 2173/tcp # MS Firewall Replication
+msfw-replica 2173/udp
+msfw-array 2174/tcp # MS Firewall Intra Array
+msfw-array 2174/udp
+airsync 2175/tcp # Microsoft Desktop AirSync Protocol
+airsync 2175/udp
+rapi 2176/tcp # Microsoft ActiveSync Remote API
+rapi 2176/udp
+qwave 2177/tcp # qWAVE Bandwidth Estimate
+qwave 2177/udp
+tivoconnect 2190/tcp # TiVoConnect Beacon
+tivoconnect 2190/udp
+tvbus 2191/tcp # TvBus Messaging
+tvbus 2191/udp
+mysql-im 2273/tcp # MySQL Instance Manager
+mysql-im 2273/udp
+dict-lookup 2289/tcp # Lookup dict server
+dict-lookup 2289/udp
+redstorm_join 2346/tcp # Game Connection Port
+redstorm_join 2346/udp
+redstorm_find 2347/tcp # Game Announcement and Location
+redstorm_find 2347/udp
+redstorm_info 2348/tcp # Information to query for game status
+redstorm_info 2348/udp
+cvspserver 2401/tcp # CVS client/server operations
+cvspserver 2401/udp
+venus 2430/tcp # codacon port
+venus 2430/udp
+venus-se 2431/tcp # tcp side effects
+venus-se 2431/udp
+codasrv 2432/tcp # not used
+codasrv 2432/udp
+codasrv-se 2433/tcp # tcp side effects
+codasrv-se 2433/udp
+netadmin 2450/tcp
+netadmin 2450/udp
+netchat 2451/tcp
+netchat 2451/udp
+snifferclient 2452/tcp
+snifferclient 2452/udp
+ppcontrol 2505/tcp # PowerPlay Control
+ppcontrol 2505/udp
+lstp 2559/tcp #
+lstp 2559/udp
+mon 2583/tcp
+mon 2583/udp
+hpstgmgr 2600/tcp zebrasrv
+hpstgmgr 2600/udp zebrasrv
+discp-client 2601/tcp zebra # discp client
+discp-client 2601/udp zebra
+discp-server 2602/tcp ripd # discp server
+discp-server 2602/udp ripd
+servicemeter 2603/tcp ripngd # Service Meter
+servicemeter 2603/udp ripngd
+nsc-ccs 2604/tcp ospfd # NSC CCS
+nsc-ccs 2604/udp ospfd
+nsc-posa 2605/tcp bgpd # NSC POSA
+nsc-posa 2605/udp bgpd
+netmon 2606/tcp ospf6d # Dell Netmon
+netmon 2606/udp ospf6d
+connection 2607/tcp # Dell Connection
+connection 2607/udp
+wag-service 2608/tcp # Wag Service
+wag-service 2608/udp
+dict 2628/tcp # Dictionary server
+dict 2628/udp
+exce 2769/tcp # eXcE
+exce 2769/udp
+dvr-esm 2804/tcp # March Networks Digital Video Recorders and Enterprise Service Manager products
+dvr-esm 2804/udp
+corbaloc 2809/tcp # CORBA LOC
+corbaloc 2809/udp
+ndtp 2882/tcp # Network Dictionary Transfer Protocol
+ndtp 2882/udp
+gamelobby 2914/tcp # Game Lobby
+gamelobby 2914/udp
+gds_db 3050/tcp # InterBase server
+gds_db 3050/udp
+xbox 3074/tcp # Xbox game port
+xbox 3074/udp
+icpv2 3130/tcp icp # Internet Cache Protocol (Squid)
+icpv2 3130/udp icp
+nm-game-admin 3148/tcp # NetMike Game Administrator
+nm-game-admin 3148/udp
+nm-game-server 3149/tcp # NetMike Game Server
+nm-game-server 3149/udp
+mysql 3306/tcp # MySQL
+mysql 3306/udp
+sftu 3326/tcp
+sftu 3326/udp
+trnsprntproxy 3346/tcp # Transparent Proxy
+trnsprntproxy 3346/udp
+ms-wbt-server 3389/tcp rdp # MS WBT Server
+ms-wbt-server 3389/udp rdp # Microsoft Remote Desktop Protocol
+prsvp 3455/tcp # RSVP Port
+prsvp 3455/udp
+nut 3493/tcp # Network UPS Tools
+nut 3493/udp
+ironstorm 3504/tcp # IronStorm game server
+ironstorm 3504/udp
+cctv-port 3559/tcp # CCTV control port
+cctv-port 3559/udp
+iw-mmogame 3596/tcp # Illusion Wireless MMOG
+iw-mmogame 3596/udp
+distcc 3632/tcp # Distributed Compiler
+distcc 3632/udp
+daap 3689/tcp # Digital Audio Access Protocol
+daap 3689/udp
+svn 3690/tcp # Subversion
+svn 3690/udp
+blizwow 3724/tcp # World of Warcraft
+blizwow 3724/udp
+netboot-pxe 3928/tcp pxe # PXE NetBoot Manager
+netboot-pxe 3928/udp pxe
+smauth-port 3929/tcp # AMS Port
+smauth-port 3929/udp
+treehopper 3959/tcp # Tree Hopper Networking
+treehopper 3959/udp
+cobraclient 3970/tcp # Cobra Client
+cobraclient 3970/udp
+cobraserver 3971/tcp # Cobra Server
+cobraserver 3971/udp
+pxc-spvr-ft 4002/tcp pxc-spvr-ft
+pxc-spvr-ft 4002/udp pxc-spvr-ft
+pxc-splr-ft 4003/tcp pxc-splr-ft rquotad
+pxc-splr-ft 4003/udp pxc-splr-ft rquotad
+pxc-roid 4004/tcp pxc-roid
+pxc-roid 4004/udp pxc-roid
+pxc-pin 4005/tcp pxc-pin
+pxc-pin 4005/udp pxc-pin
+pxc-spvr 4006/tcp pxc-spvr
+pxc-spvr 4006/udp pxc-spvr
+pxc-splr 4007/tcp pxc-splr
+pxc-splr 4007/udp pxc-splr
+xgrid 4111/tcp # Mac OS X Server Xgrid
+xgrid 4111/udp
+bzr 4155/tcp # Bazaar Version Control System
+bzr 4155/udp # Bazaar version control system
+sieve 4190/tcp # ManageSieve Protocol
+sieve 4190/udp
+rwhois 4321/tcp # Remote Who Is
+rwhois 4321/udp
+epmd 4369/tcp # Erlang Port Mapper Daemon
+epmd 4369/udp
+krb524 4444/tcp
+krb524 4444/udp
+ipsec-nat-t 4500/tcp # IPsec NAT-Traversal
+ipsec-nat-t 4500/udp
+hylafax 4559/tcp # HylaFAX client-server protocol (new)
+hylafax 4559/udp
+piranha1 4600/tcp
+piranha1 4600/udp
+playsta2-app 4658/tcp # PlayStation2 App Port
+playsta2-app 4658/udp
+playsta2-lob 4659/tcp # PlayStation2 Lobby Port
+playsta2-lob 4659/udp
+snap 4752/tcp # Simple Network Audio Protocol
+snap 4752/udp
+radmin-port 4899/tcp # RAdmin Port
+radmin-port 4899/udp
+rfe 5002/tcp # Radio Free Ethernet
+rfe 5002/udp
+ita-agent 5051/tcp # ITA Agent
+ita-agent 5051/udp
+sdl-ets 5081/tcp # SDL - Ent Trans Server
+sdl-ets 5081/udp
+bzflag 5154/tcp # BZFlag game server
+bzflag 5154/udp
+aol 5190/tcp # America-Online
+aol 5190/udp
+xmpp-client 5222/tcp # XMPP Client Connection
+xmpp-client 5222/udp
+caevms 5251/tcp # CA eTrust VM Service
+caevms 5251/udp
+xmpp-server 5269/tcp # XMPP Server Connection
+xmpp-server 5269/udp
+cfengine 5308/tcp # CFengine
+cfengine 5308/udp
+nat-pmp 5351/tcp # NAT Port Mapping Protocol
+nat-pmp 5351/udp
+dns-llq 5352/tcp # DNS Long-Lived Queries
+dns-llq 5352/udp
+mdns 5353/tcp # Multicast DNS
+mdns 5353/udp
+mdnsresponder 5354/tcp noclog # Multicast DNS Responder IPC
+mdnsresponder 5354/udp noclog # noclogd with TCP (nocol)
+llmnr 5355/tcp hostmon # Link-Local Multicast Name Resolution
+llmnr 5355/udp hostmon # hostmon uses TCP (nocol)
+dj-ice 5419/tcp
+dj-ice 5419/udp
+beyond-remote 5424/tcp # Beyond Remote
+beyond-remote 5424/udp
+br-channel 5425/tcp # Beyond Remote Command Channel
+br-channel 5425/udp
+postgresql 5432/tcp # POSTGRES
+postgresql 5432/udp
+sgi-eventmond 5553/tcp # SGI Eventmond Port
+sgi-eventmond 5553/udp
+sgi-esphttp 5554/tcp # SGI ESP HTTP
+sgi-esphttp 5554/udp
+cvsup 5999/tcp # CVSup
+cvsup 5999/udp
+x11 6000/tcp # X Window System
+x11 6000/udp
+kftp-data 6620/tcp # Kerberos V5 FTP Data
+kftp-data 6620/udp
+kftp 6621/tcp # Kerberos V5 FTP Control
+kftp 6621/udp
+ktelnet 6623/tcp # Kerberos V5 Telnet
+ktelnet 6623/udp
+gnutella-svc 6346/tcp
+gnutella-svc 6346/udp
+gnutella-rtr 6347/tcp
+gnutella-rtr 6347/udp
+sane-port 6566/tcp # SANE Network Scanner Control Port
+sane-port 6566/udp
+parsec-game 6582/tcp # Parsec Gameserver
+parsec-game 6582/udp
+afs3-fileserver 7000/tcp bbs # file server itself
+afs3-fileserver 7000/udp bbs
+afs3-callback 7001/tcp # callbacks to cache managers
+afs3-callback 7001/udp
+afs3-prserver 7002/tcp # users & groups database
+afs3-prserver 7002/udp
+afs3-vlserver 7003/tcp # volume location database
+afs3-vlserver 7003/udp
+afs3-kaserver 7004/tcp # AFS/Kerberos authentication
+afs3-kaserver 7004/udp
+afs3-volser 7005/tcp # volume managment server
+afs3-volser 7005/udp
+afs3-errors 7006/tcp # error interpretation service
+afs3-errors 7006/udp
+afs3-bos 7007/tcp # basic overseer process
+afs3-bos 7007/udp
+afs3-update 7008/tcp # server-to-server updater
+afs3-update 7008/udp
+afs3-rmtsys 7009/tcp # remote cache manager service
+afs3-rmtsys 7009/udp
+font-service 7100/tcp xfs # X Font Service
+font-service 7100/udp xfs
+sncp 7560/tcp # Sniffer Command Protocol
+sncp 7560/udp
+soap-http 7627/tcp # SOAP Service Port
+soap-http 7627/udp
+http-alt 8008/tcp # HTTP Alternate
+http-alt 8008/udp
+http-alt 8080/tcp webcache # HTTP Alternate
+http-alt 8080/udp webcache # WWW caching service
+sunproxyadmin 8081/tcp tproxy # Sun Proxy Admin Service
+sunproxyadmin 8081/udp tproxy # Transparent Proxy
+pichat 9009/tcp # Pichat Server
+pichat 9009/udp
+bacula-dir 9101/tcp # Bacula Director
+bacula-dir 9101/udp
+bacula-fd 9102/tcp # Bacula File Daemon
+bacula-fd 9102/udp
+bacula-sd 9103/tcp # Bacula Storage Daemon
+bacula-sd 9103/udp
+dddp 9131/tcp # Dynamic Device Discovery
+dddp 9131/udp
+wap-wsp 9200/tcp # WAP connectionless session service
+wap-wsp 9200/udp
+wap-wsp-wtp 9201/tcp # WAP session service
+wap-wsp-wtp 9201/udp
+wap-wsp-s 9202/tcp # WAP secure connectionless session service
+wap-wsp-s 9202/udp
+wap-wsp-wtp-s 9203/tcp # WAP secure session service
+wap-wsp-wtp-s 9203/udp
+wap-vcard 9204/tcp # WAP vCard
+wap-vcard 9204/udp
+wap-vcal 9205/tcp # WAP vCal
+wap-vcal 9205/udp
+wap-vcard-s 9206/tcp # WAP vCard Secure
+wap-vcard-s 9206/udp
+wap-vcal-s 9207/tcp # WAP vCal Secure
+wap-vcal-s 9207/udp
+git 9418/tcp # git pack transfer service
+git 9418/udp
+cba8 9593/tcp # LANDesk Management Agent
+cba8 9593/udp
+davsrc 9800/tcp # WebDav Source Port
+davsrc 9800/udp
+sqlexec 9088/tcp # IBM Informix SQL Interface
+sqlexec 9088/udp
+sqlexec-ssl 9089/tcp # IBM Informix SQL Interface - Encrypted
+sqlexec-ssl 9089/udp
+sd 9876/tcp # Session Director
+sd 9876/udp
+cyborg-systems 9888/tcp # CYBORG Systems
+cyborg-systems 9888/udp
+monkeycom 9898/tcp # MonkeyCom
+monkeycom 9898/udp
+sctp-tunneling 9899/tcp # SCTP TUNNELING
+sctp-tunneling 9899/udp
+domaintime 9909/tcp # domaintime
+domaintime 9909/udp
+amanda 10080/tcp # amanda backup services
+amanda 10080/udp
+vce 11111/tcp # Viral Computing Environment (VCE)
+vce 11111/udp
+smsqp 11201/tcp # Alamin SMS gateway
+smsqp 11201/udp
+hkp 11371/tcp # OpenPGP HTTP Keyserver
+hkp 11371/udp
+h323callsigalt 11720/tcp # h323 Call Signal Alternate
+h323callsigalt 11720/udp
+rets-ssl 12109/tcp # RETS over SSL
+rets-ssl 12109/udp
+cawas 12168/tcp # CA Web Access Service
+cawas 12168/udp
+bprd 13720/tcp # BPRD Protocol (VERITAS NetBackup)
+bprd 13720/udp
+bpdbm 13721/tcp # BPDBM Protocol (VERITAS NetBackup)
+bpdbm 13721/udp
+bpjava-msvc 13722/tcp # BP Java MSVC Protocol
+bpjava-msvc 13722/udp
+vnetd 13724/tcp # Veritas Network Utility
+vnetd 13724/udp
+bpcd 13782/tcp # VERITAS NetBackup
+bpcd 13782/udp
+vopied 13783/tcp # VOPIED Protocol
+vopied 13783/udp
+xpilot 15345/tcp # XPilot Contact Port
+xpilot 15345/udp
+wnn6 22273/tcp # wnn6
+wnn6 22273/udp
+binkp 24554/tcp # Bink fidonet protocol
+binkp 24554/udp
+quake 26000/tcp # Quake @!#
+quake 26000/udp
+wnn6-ds 26208/tcp
+wnn6-ds 26208/udp
+tetrinet 31457/tcp # TetriNET Protocol
+tetrinet 31457/udp
+gamesmith-port 31765/tcp # GameSmith Port
+gamesmith-port 31765/udp
+traceroute 33434/tcp # traceroute use
+traceroute 33434/udp
+candp 42508/tcp # Computer Associates network discovery protocol
+candp 42508/udp
+candrp 42509/tcp # CA discovery response
+candrp 42509/udp
+caerpc 42510/tcp # CA eTrust RPC
+caerpc 42510/udp
+
+#=========================================================================
+# The remaining port numbers are not as allocated by IANA.
+
+# Kerberos (Project Athena/MIT) services
+# Note that these are for Kerberos v4, and are unofficial
+kpop 1109/tcp # Pop with Kerberos
+knetd 2053/tcp # Kerberos de-multiplexor
+eklogin 2105/tcp # Kerberos encrypted rlogin
+
+# CVSup support http://www.cvsup.org/
+supfilesrv 871/tcp # SUP server
+supfiledbg 1127/tcp # SUP debugging
+
+# Datagram Delivery Protocol services
+rtmp 1/ddp # Routing Table Maintenance Protocol
+nbp 2/ddp # Name Binding Protocol
+echo 4/ddp # AppleTalk Echo Protocol
+zip 6/ddp # Zone Information Protocol
+
+# Many services now accepted as 'standard'
+swat 901/tcp # Samba configuration tool
+rndc 953/tcp # rndc control sockets (BIND 9)
+rndc 953/udp
+skkserv 1178/tcp # SKK Japanese input method
+xtel 1313/tcp # french minitel
+support 1529/tcp # GNATS
+cfinger 2003/tcp lmtp # GNU Finger
+ninstall 2150/tcp # ninstall service
+ninstall 2150/udp
+gpsd 2947/tcp gpsd # GPS Daemon request/response protocol
+gpsd 2947/udp gpsd # GPS Daemon request/response protocol
+afbackup 2988/tcp # Afbackup system
+afbackup 2988/udp
+fax 4557/tcp # FAX transmission service (old)
+xmpp-bosh 5280/tcp # Bidirectional-streams Over Synchronous HTTP (BOSH)
+rplay 5555/tcp # RPlay audio service
+rplay 5555/udp
+canna 5680/tcp # Canna (Japanese Input)
+x11-ssh 6010/tcp x11-ssh-offset
+x11-ssh 6010/udp x11-ssh-offset
+ircd 6667/tcp # Internet Relay Chat
+ircd 6667/udp
+ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL
+jetdirect 9100/tcp # HP JetDirect card
+jetdirect 9100/udp
+mandelspawn 9359/udp mandelbrot # network mandelbrot
+kamanda 10081/tcp # amanda backup services (Kerberos)
+kamanda 10081/udp
+amandaidx 10082/tcp # amanda backup services
+amidxtape 10083/tcp # amanda backup services
+isdnlog 20011/tcp # isdn logging system
+isdnlog 20011/udp
+vboxd 20012/tcp # voice box system
+vboxd 20012/udp
+wnn4_Cn 22289/tcp wnn6_Cn # Wnn (Chinese input)
+wnn4_Kr 22305/tcp wnn6_Kr # Wnn (Korean input)
+wnn4_Tw 22321/tcp wnn6_Tw # Wnn (Taiwanse input)
+asp 27374/tcp # Address Search Protocol
+asp 27374/udp
+tfido 60177/tcp # Ifmail
+tfido 60177/udp
+fido 60179/tcp # Ifmail
+fido 60179/udp
+
+# Local services
+
+++ /dev/null
-# /etc/services
-#
-# Network services, Internet style
-#
-# Note that it is presently the policy of IANA to assign a single well-known
-# port number for both TCP and UDP; hence, most entries here have two entries
-# even if the protocol doesn't support UDP operations.
-#
-# Some References:
-# http://www.iana.org/assignments/port-numbers
-# http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services
-#
-# Each line describes one service, and is of the form:
-# service-name port/protocol [aliases ...] [# comment]
-#
-# See services(5) for more info.
-#
-
-#
-# IANA Assignments [Well Known Ports]
-# The Well Known Ports are assigned by the IANA and on most systems can
-# only be used by system (or root) processes or by programs executed by
-# privileged users.
-# The range for assigned ports managed by the IANA is 0-1023.
-#
-tcpmux 1/tcp # TCP port service multiplexer
-tcpmux 1/udp
-compressnet 2/tcp # Management Utility
-compressnet 2/udp
-compressnet 3/tcp # Compression Process
-compressnet 3/udp
-rje 5/tcp # Remote Job Entry
-rje 5/udp
-echo 7/tcp # Echo
-echo 7/udp
-discard 9/tcp sink null # Discard
-discard 9/udp sink null
-systat 11/tcp users # Active Users
-systat 11/udp users
-daytime 13/tcp # Daytime (RFC 867)
-daytime 13/udp
-#netstat 15/tcp # (was once asssigned, no more)
-qotd 17/tcp quote # Quote of the Day
-qotd 17/udp quote
-msp 18/tcp # Message Send Protocol
-msp 18/udp
-chargen 19/tcp ttytst source # Character Generator
-chargen 19/udp ttytst source
-ftp-data 20/tcp # File Transfer [Default Data]
-ftp-data 20/udp
-ftp 21/tcp # File Transfer [Control]
-ftp 21/udp fsp fspd
-ssh 22/tcp # SSH Remote Login Protocol
-ssh 22/udp
-telnet 23/tcp # Telnet
-telnet 23/udp
-# private 24/tcp # any private mail system
-# private 24/udp
-smtp 25/tcp mail # Simple Mail Transfer
-smtp 25/udp
-nsw-fe 27/tcp # NSW User System FE
-nsw-fe 27/udp
-msg-icp 29/tcp # MSG ICP
-msg-icp 29/udp
-msg-auth 31/tcp # MSG Authentication
-msg-auth 31/udp
-dsp 33/tcp # Display Support Protocol
-dsp 33/udp
-# private 35/tcp # any private printer server
-# private 35/udp
-time 37/tcp timserver
-time 37/udp timserver
-rap 38/tcp # Route Access Protocol
-rap 38/udp
-rlp 39/tcp resource # Resource Location Protocol
-rlp 39/udp resource
-graphics 41/tcp # Graphics
-graphics 41/udp
-nameserver 42/tcp name # Host Name Server
-nameserver 42/udp name
-nicname 43/tcp whois # Who Is
-nicname 43/udp whois
-mpm-flags 44/tcp # MPM FLAGS Protocol
-mpm-flags 44/udp
-mpm 45/tcp # Message Processing Module [recv]
-mpm 45/udp
-mpm-snd 46/tcp # MPM [default send]
-mpm-snd 46/udp
-ni-ftp 47/tcp # NI FTP
-ni-ftp 47/udp
-auditd 48/tcp # Digital Audit Daemon
-auditd 48/udp
-tacacs 49/tcp # Login Host Protocol (TACACS)
-tacacs 49/udp
-re-mail-ck 50/tcp # Remote Mail Checking Protocol
-re-mail-ck 50/udp
-domain 53/tcp # Domain Name Server
-domain 53/udp
-xns-ch 54/tcp # XNS Clearinghouse
-xns-ch 54/udp
-isi-gl 55/tcp # ISI Graphics Language
-isi-gl 55/udp
-xns-auth 56/tcp # XNS Authentication
-xns-auth 56/udp
-# private 57/tcp # any private terminal access
-# private 57/udp
-xns-mail 58/tcp # XNS Mail
-xns-mail 58/udp
-# private 59/tcp # any private file service
-# private 59/udp
-ni-mail 61/tcp # NI MAIL
-ni-mail 61/udp
-acas 62/tcp # ACA Services
-acas 62/udp
-whois++ 63/tcp # whois++
-whois++ 63/udp
-covia 64/tcp # Communications Integrator (CI)
-covia 64/udp
-tacacs-ds 65/tcp # TACACS-Database Service
-tacacs-ds 65/udp
-sql*net 66/tcp # Oracle SQL*NET
-sql*net 66/udp
-bootps 67/tcp # Bootstrap Protocol Server (BOOTP)
-bootps 67/udp
-bootpc 68/tcp # Bootstrap Protocol Client (BOOTP)
-bootpc 68/udp
-tftp 69/tcp # Trivial File Transfer
-tftp 69/udp
-gopher 70/tcp # Gopher
-gopher 70/udp
-netrjs-1 71/tcp # Remote Job Service
-netrjs-1 71/udp
-netrjs-2 72/tcp
-netrjs-2 72/udp
-netrjs-3 73/tcp
-netrjs-3 73/udp
-netrjs-4 74/tcp
-netrjs-4 74/udp
-# private 75/tcp # any private dial out service
-# private 75/udp
-deos 76/tcp # Distributed External Object Store
-deos 76/udp
-# private 77/tcp # any private RJE service
-# private 77/udp
-vettcp 78/tcp # vettcp
-vettcp 78/udp
-finger 79/tcp # Finger
-finger 79/udp
-http 80/tcp www www-http # World Wide Web HTTP
-http 80/udp www www-http
-hosts2-ns 81/tcp # HOSTS2 Name Server
-hosts2-ns 81/udp
-xfer 82/tcp # XFER Utility
-xfer 82/udp
-mit-ml-dev 83/tcp # MIT ML Device
-mit-ml-dev 83/udp
-ctf 84/tcp # Common Trace Facility
-ctf 84/udp
-mit-ml-dev 85/tcp # MIT ML Device
-mit-ml-dev 85/udp
-mfcobol 86/tcp # Micro Focus Cobol
-mfcobol 86/udp
-# private 87/tcp # any private terminal link
-# private 87/udp
-kerberos 88/tcp kerberos5 krb5 # Kerberos
-kerberos 88/udp kerberos5 krb5
-su-mit-tg 89/tcp # SU/MIT Telnet Gateway
-su-mit-tg 89/udp
-dnsix 90/tcp # DNSIX Securit Attribute Token Map
-dnsix 90/udp
-mit-dov 91/tcp # MIT Dover Spooler
-mit-dov 91/udp
-npp 92/tcp # Network Printing Protocol
-npp 92/udp
-dcp 93/tcp # Device Control Protocol
-dcp 93/udp
-objcall 94/tcp # Tivoli Object Dispatcher
-objcall 94/udp
-supdup 95/tcp # SUPDUP
-supdup 95/udp
-dixie 96/tcp # DIXIE Protocol Specification
-dixie 96/udp
-swift-rvf 97/tcp # Swift Remote Virtural File Protocol
-swift-rvf 97/udp
-tacnews 98/tcp linuxconf # TAC News
-tacnews 98/udp
-metagram 99/tcp # Metagram Relay
-metagram 99/udp
-#newacct 100/tcp # [unauthorized use]
-hostname 101/tcp hostnames # NIC Host Name Server
-hostname 101/udp hostnames
-iso-tsap 102/tcp tsap # ISO-TSAP Class 0
-iso-tsap 102/udp tsap
-gppitnp 103/tcp # Genesis Point-to-Point Trans Net
-gppitnp 103/udp
-acr-nema 104/tcp # ACR-NEMA Digital Imag. & Comm. 300
-acr-nema 104/udp
-cso 105/tcp csnet-ns cso-ns # CCSO name server protocol
-cso 105/udp csnet-ns cso-ns
-3com-tsmux 106/tcp poppassd # 3COM-TSMUX
-3com-tsmux 106/udp poppassd # Eudora: Unauthorized use by insecure poppassd protocol
-rtelnet 107/tcp # Remote Telnet Service
-rtelnet 107/udp
-snagas 108/tcp # SNA Gateway Access Server
-snagas 108/udp
-pop2 109/tcp pop-2 postoffice# Post Office Protocol - Version 2
-pop2 109/udp pop-2
-pop3 110/tcp pop-3 # Post Office Protocol - Version 3
-pop3 110/udp pop-3
-sunrpc 111/tcp portmapper rpcbind # SUN Remote Procedure Call
-sunrpc 111/udp portmapper rpcbind
-mcidas 112/tcp # McIDAS Data Transmission Protocol
-mcidas 112/udp
-auth 113/tcp authentication tap ident # Authentication Service
-auth 113/udp
-sftp 115/tcp # Simple File Transfer Protocol
-sftp 115/udp
-ansanotify 116/tcp # ANSA REX Notify
-ansanotify 116/udp
-uucp-path 117/tcp # UUCP Path Service
-uucp-path 117/udp
-sqlserv 118/tcp # SQL Services
-sqlserv 118/udp
-nntp 119/tcp readnews untp # Network News Transfer Protocol
-nntp 119/udp readnews untp
-cfdptkt 120/tcp # CFDPTKT
-cfdptkt 120/udp
-erpc 121/tcp # Encore Expedited Remote Pro.Call
-erpc 121/udp
-smakynet 122/tcp # SMAKYNET
-smakynet 122/udp
-ntp 123/tcp # Network Time Protocol
-ntp 123/udp
-ansatrader 124/tcp # ANSA REX Trader
-ansatrader 124/udp
-locus-map 125/tcp # Locus PC-Interface Net Map Ser
-locus-map 125/udp
-nxedit 126/tcp unitary # NXEdit
-nxedit 126/udp unitary # Unisys Unitary Login
-locus-con 127/tcp # Locus PC-Interface Conn Server
-locus-con 127/udp
-gss-xlicen 128/tcp # GSS X License Verification
-gss-xlicen 128/udp
-pwdgen 129/tcp # Password Generator Protocol
-pwdgen 129/udp
-cisco-fna 130/tcp # cisco FNATIVE
-cisco-fna 130/udp
-cisco-tna 131/tcp # cisco TNATIVE
-cisco-tna 131/udp
-cisco-sys 132/tcp # cisco SYSMAINT
-cisco-sys 132/udp
-statsrv 133/tcp # Statistics Service
-statsrv 133/udp
-ingres-net 134/tcp # INGRES-NET Service
-ingres-net 134/udp
-epmap 135/tcp loc-srv # DCE endpoint resolution
-epmap 135/udp loc-srv
-profile 136/tcp # PROFILE Naming System
-profile 136/udp
-netbios-ns 137/tcp # NETBIOS Name Service
-netbios-ns 137/udp
-netbios-dgm 138/tcp # NETBIOS Datagram Service
-netbios-dgm 138/udp
-netbios-ssn 139/tcp # NETBIOS Session Service
-netbios-ssn 139/udp
-emfis-data 140/tcp # EMFIS Data Service
-emfis-data 140/udp
-emfis-cntl 141/tcp # EMFIS Control Service
-emfis-cntl 141/udp
-imap 143/tcp imap2 # Internet Message Access Protocol
-imap 143/udp imap2
-uma 144/tcp # Universal Management Architecture
-uma 144/udp
-uaac 145/tcp # UAAC Protocol
-uaac 145/udp
-iso-tp0 146/tcp # ISO-TP0
-iso-tp0 146/udp
-iso-ip 147/tcp # ISO-IP
-iso-ip 147/udp
-jargon 148/tcp # Jargon
-jargon 148/udp
-aed-512 149/tcp # AED 512 Emulation Service
-aed-512 149/udp
-sql-net 150/tcp # SQL-NET
-sql-net 150/udp
-hems 151/tcp # HEMS
-hems 151/udp
-bftp 152/tcp # Background File Transfer Program
-bftp 152/udp
-sgmp 153/tcp # SGMP
-sgmp 153/udp
-netsc-prod 154/tcp # NETSC
-netsc-prod 154/udp
-netsc-dev 155/tcp
-netsc-dev 155/udp
-sqlsrv 156/tcp # SQL Service
-sqlsrv 156/udp
-knet-cmp 157/tcp # KNET/VM Command/Message Protocol
-knet-cmp 157/udp
-pcmail-srv 158/tcp # PCMail Server
-pcmail-srv 158/udp
-nss-routing 159/tcp # NSS-Routing
-nss-routing 159/udp
-sgmp-traps 160/tcp # SGMP-TRAPS
-sgmp-traps 160/udp
-snmp 161/tcp # Simple Net Mgmt Proto
-snmp 161/udp
-snmptrap 162/tcp snmp-trap # Traps for SNMP
-snmptrap 162/udp snmp-trap
-cmip-man 163/tcp # CMIP/TCP Manager
-cmip-man 163/udp
-cmip-agent 164/tcp # CMIP/TCP Agent
-cmip-agent 164/udp
-xns-courier 165/tcp # Xerox
-xns-courier 165/udp
-s-net 166/tcp # Sirius Systems
-s-net 166/udp
-namp 167/tcp # NAMP
-namp 167/udp
-rsvd 168/tcp # RSVD
-rsvd 168/udp
-send 169/tcp # SEND
-send 169/udp
-print-srv 170/tcp # Network PostScript
-print-srv 170/udp
-multiplex 171/tcp # Network Innovations Multiplex
-multiplex 171/udp
-cl/1 172/tcp # Network Innovations CL/1
-cl/1 172/udp
-xyplex-mux 173/tcp # Xyplex
-xyplex-mux 173/udp
-mailq 174/tcp # Mailer transport queue for Zmailer
-mailq 174/udp
-vmnet 175/tcp # VMNET
-vmnet 175/udp
-genrad-mux 176/tcp # GENRAD-MUX
-genrad-mux 176/udp
-xdmcp 177/tcp # X Display Manager Control Protocol
-xdmcp 177/udp
-nextstep 178/tcp NeXTStep NextStep# NextStep Window Server
-nextstep 178/udp NeXTStep NextStep
-bgp 179/tcp # Border Gateway Protocol
-bgp 179/udp
-ris 180/tcp # Intergraph
-ris 180/udp
-unify 181/tcp # Unify
-unify 181/udp
-audit 182/tcp # Unisys Audit SITP
-audit 182/udp
-ocbinder 183/tcp # OCBinder
-ocbinder 183/udp
-ocserver 184/tcp # OCServer
-ocserver 184/udp
-remote-kis 185/tcp # Remote-KIS
-remote-kis 185/udp
-kis 186/tcp # KIS Protocol
-kis 186/udp
-aci 187/tcp # Application Communication Interface
-aci 187/udp
-mumps 188/tcp # Plus Five's MUMPS
-mumps 188/udp
-qft 189/tcp # Queued File Transport
-qft 189/udp
-gacp 190/tcp # Gateway Access Control Protocol
-gacp 190/udp
-prospero 191/tcp # Prospero Directory Service
-prospero 191/udp
-osu-nms 192/tcp # OSU Network Monitoring System
-osu-nms 192/udp
-srmp 193/tcp # Spider Remote Monitoring Protocol
-srmp 193/udp
-irc 194/tcp # Internet Relay Chat Protocol
-irc 194/udp
-dn6-nlm-aud 195/tcp # DNSIX Network Level Module Audit
-dn6-nlm-aud 195/udp
-dn6-smm-red 196/tcp # DNSIX Session Mgt Module Audit Redir
-dn6-smm-red 196/udp
-dls 197/tcp # Directory Location Service
-dls 197/udp
-dls-mon 198/tcp # Directory Location Service Monitor
-dls-mon 198/udp
-smux 199/tcp # SNMP Unix Multiplexer
-smux 199/udp
-src 200/tcp # IBM System Resource Controller
-src 200/udp
-at-rtmp 201/tcp # AppleTalk Routing Maintenance
-at-rtmp 201/udp
-at-nbp 202/tcp # AppleTalk Name Binding
-at-nbp 202/udp
-at-echo 204/tcp # AppleTalk Echo
-at-echo 204/udp
-at-zis 206/tcp # AppleTalk Zone Information
-at-zis 206/udp
-qmtp 209/tcp # The Quick Mail Transfer Protocol
-qmtp 209/udp
-z39.50 210/tcp wais z3950 # ANSI Z39.50
-z39.50 210/udp wais z3950
-914c/g 211/tcp # Texas Instruments 914C/G Terminal
-914c/g 211/udp
-anet 212/tcp # ATEXSSTR
-anet 212/udp
-ipx 213/tcp # IPX
-ipx 213/udp
-imap3 220/tcp # Interactive Mail Access
-imap3 220/udp
-link 245/tcp # ttylink
-link 245/udp
-pawserv 345/tcp # Perf Analysis Workbench
-pawserv 345/udp
-zserv 346/tcp # Zebra server
-zserv 346/udp
-fatserv 347/tcp # Fatmen Server
-fatserv 347/udp
-scoi2odialog 360/tcp # scoi2odialog
-scoi2odialog 360/udp
-semantix 361/tcp # Semantix
-semantix 361/udp
-srssend 362/tcp # SRS Send
-srssend 362/udp
-rsvp_tunnel 363/tcp # RSVP Tunnel
-rsvp_tunnel 363/udp
-aurora-cmgr 364/tcp # Aurora CMGR
-aurora-cmgr 364/udp
-dtk 365/tcp # Deception Tool Kit
-dtk 365/udp
-odmr 366/tcp # ODMR
-odmr 366/udp
-rpc2portmap 369/tcp # Coda portmapper
-rpc2portmap 369/udp
-codaauth2 370/tcp # Coda authentication server
-codaauth2 370/udp
-clearcase 371/tcp # Clearcase
-clearcase 371/udp
-ulistproc 372/tcp ulistserv # UNIX Listserv
-ulistproc 372/udp ulistserv
-ldap 389/tcp # Lightweight Directory Access Protocol
-ldap 389/udp
-imsp 406/tcp # Interactive Mail Support Protocol
-imsp 406/udp
-svrloc 427/tcp # Server Location
-svrloc 427/udp
-mobileip-agent 434/tcp # MobileIP-Agent
-mobileip-agent 434/udp
-mobilip-mn 435/tcp # MobilIP-MN
-mobilip-mn 435/udp
-https 443/tcp # MCom
-https 443/udp
-snpp 444/tcp # Simple Network Paging Protocol
-snpp 444/udp
-microsoft-ds 445/tcp Microsoft-DS
-microsoft-ds 445/udp Microsoft-DS
-kpasswd 464/tcp kpwd # Kerberos "passwd"
-kpasswd 464/udp kpwd
-urd 465/tcp smtps ssmtp # URL Rendesvous Directory for SSM / smtp protocol over TLS/SSL
-igmpv3lite 465/udp smtps ssmtp # IGMP over UDP for SSM
-photuris 468/tcp
-photuris 468/udp
-rcp 469/tcp # Radio Control Protocol
-rcp 469/udp
-saft 487/tcp # Simple Asynchronous File Transfer
-saft 487/udp
-gss-http 488/tcp
-gss-http 488/udp
-pim-rp-disc 496/tcp
-pim-rp-disc 496/udp
-isakmp 500/tcp # IPsec - Internet Security Association and Key Management Protocol
-isakmp 500/udp
-exec 512/tcp # remote process execution
-comsat 512/udp biff # notify users of new mail received
-login 513/tcp # remote login a la telnet
-who 513/udp whod # who's logged in to machines
-shell 514/tcp cmd # no passwords used
-syslog 514/udp
-printer 515/tcp spooler # line printer spooler
-printer 515/udp spooler
-videotex 516/tcp
-videotex 516/udp
-talk 517/tcp # like tenex link
-talk 517/udp
-ntalk 518/tcp
-ntalk 518/udp
-utime 519/tcp unixtime
-utime 519/udp unixtime
-efs 520/tcp # extended file name server
-router 520/udp route routed # local routing process
-ripng 521/tcp
-ripng 521/udp
-ulp 522/tcp
-ulp 522/udp
-ibm-db2 523/tcp
-ibm-db2 523/udp
-ncp 524/tcp
-ncp 524/udp
-timed 525/tcp timeserver
-timed 525/udp timeserver
-tempo 526/tcp newdate
-tempo 526/udp newdate
-courier 530/tcp rpc
-courier 530/udp rpc
-conference 531/tcp chat
-conference 531/udp chat
-netnews 532/tcp readnews
-netnews 532/udp readnews
-netwall 533/tcp # -for emergency broadcasts
-netwall 533/udp
-mm-admin 534/tcp # MegaMedia Admin
-mm-admin 534/udp
-iiop 535/tcp
-iiop 535/udp
-opalis-rdv 536/tcp
-opalis-rdv 536/udp
-nmsp 537/tcp # Networked Media Streaming Protocol
-nmsp 537/udp
-gdomap 538/tcp # GNUstep distributed objects
-gdomap 538/udp
-uucp 540/tcp uucpd # uucp daemon
-uucp 540/udp uucpd
-klogin 543/tcp # Kerberized `rlogin' (v5)
-klogin 543/udp
-kshell 544/tcp krcmd # Kerberized `rsh' (v5)
-kshell 544/udp krcmd
-appleqtcsrvr 545/tcp
-appleqtcsrvr 545/udp
-dhcpv6-client 546/tcp # DHCPv6 Client
-dhcpv6-client 546/udp
-dhcpv6-server 547/tcp # DHCPv6 Server
-dhcpv6-server 547/udp
-afpovertcp 548/tcp # AFP over TCP
-afpovertcp 548/udp
-rtsp 554/tcp # Real Time Stream Control Protocol
-rtsp 554/udp
-dsf 555/tcp
-dsf 555/udp
-remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
-remotefs 556/udp rfs_server rfs
-nntps 563/tcp snntp # NNTP over SSL
-nntps 563/udp snntp
-9pfs 564/tcp # plan 9 file service
-9pfs 564/udp
-whoami 565/tcp
-whoami 565/udp
-submission 587/tcp # mail message submission
-submission 587/udp
-http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate
-http-alt 591/udp
-nqs 607/tcp # Network Queuing system
-nqs 607/udp
-npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS
-npmp-local 610/udp dqs313_qmaster
-npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS
-npmp-gui 611/udp dqs313_execd
-hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS
-hmmp-ind 612/udp dqs313_intercell
-cryptoadmin 624/tcp # Crypto Admin
-cryptoadmin 624/udp
-dec_dlm 625/tcp # DEC DLM
-dec_dlm 625/udp
-asia 626/tcp
-asia 626/udp
-passgo-tivoli 627/tcp # PassGo Tivoli
-passgo-tivoli 627/udp
-qmqp 628/tcp # Qmail QMQP
-qmqp 628/udp
-3com-amp3 629/tcp
-3com-amp3 629/udp
-rda 630/tcp
-rda 630/udp
-ipp 631/tcp # Internet Printing Protocol
-ipp 631/udp
-ldaps 636/tcp # LDAP over SSL
-ldaps 636/udp
-tinc 655/tcp # TINC control port
-tinc 655/udp
-acap 674/tcp # Application Configuration Access Protocol
-acap 674/udp
-asipregistry 687/tcp
-asipregistry 687/udp
-realm-rusd 688/tcp # ApplianceWare managment protocol
-realm-rusd 688/udp
-nmap 689/tcp # Opensource Network Mapper
-nmap 689/udp
-ha-cluster 694/tcp # Heartbeat HA-cluster
-ha-cluster 694/udp
-epp 700/tcp # Extensible Provisioning Protocol
-epp 700/udp
-iris-beep 702/tcp # IRIS over BEEP
-iris-beep 702/udp
-silc 706/tcp # SILC
-silc 706/udp
-kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
-kerberos-adm 749/udp
-kerberos-iv 750/tcp kerberos4 kdc # Kerberos (server)
-kerberos-iv 750/udp kerberos4 kdc
-pump 751/tcp kerberos_master
-pump 751/udp kerberos_master # Kerberos authentication
-qrh 752/tcp passwd_server
-qrh 752/udp passwd_server # Kerberos passwd server
-rrh 753/tcp
-rrh 753/udp
-tell 754/tcp send krb_prop krb5_prop # Kerberos slave propagation
-tell 754/udp send
-nlogin 758/tcp
-nlogin 758/udp
-con 759/tcp
-con 759/udp
-ns 760/tcp krbupdate kreg # Kerberos registration
-ns 760/udp
-webster 765/tcp # Network dictionary
-webster 765/udp
-phonebook 767/tcp # Network phonebook
-phonebook 767/udp
-rsync 873/tcp # rsync
-rsync 873/udp
-ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
-ftps-data 989/udp
-ftps 990/tcp # ftp protocol, control, over TLS/SSL
-ftps 990/udp
-nas 991/tcp # Netnews Administration System
-nas 991/udp
-telnets 992/tcp # telnet protocol over TLS/SSL
-telnets 992/udp
-imaps 993/tcp # imap4 protocol over TLS/SSL
-imaps 993/udp
-ircs 994/tcp # irc protocol over TLS/SSL
-ircs 994/udp
-pop3s 995/tcp # pop3 protocol over TLS/SSL
-pop3s 995/udp
-
-#
-# IANA Assignments [Registered Ports]
-#
-# The Registered Ports are listed by the IANA and on most systems can be
-# used by ordinary user processes or programs executed by ordinary
-# users.
-# Ports are used in the TCP [RFC793] to name the ends of logical
-# connections which carry long term conversations. For the purpose of
-# providing services to unknown callers, a service contact port is
-# defined. This list specifies the port used by the server process as
-# its contact port.
-# The IANA registers uses of these ports as a convenience to the
-# community.
-# To the extent possible, these same port assignments are used with the
-# UDP [RFC768].
-# The Registered Ports are in the range 1024-49151.
-#
-imgames 1077/tcp
-imgames 1077/udp
-socks 1080/tcp # socks proxy server
-socks 1080/udp
-rmiregistry 1099/tcp # Java RMI Registry
-rmiregistry 1099/udp
-bnetgame 1119/tcp # Battle.net Chat/Game Protocol
-bnetgame 1119/udp
-bnetfile 1120/tcp # Battle.net File Transfer Protocol
-bnetfile 1120/udp
-hpvmmcontrol 1124/tcp # HP VMM Control
-hpvmmcontrol 1124/udp
-hpvmmagent 1125/tcp # HP VMM Agent
-hpvmmagent 1125/udp
-hpvmmdata 1126/tcp # HP VMM Agent
-hpvmmdata 1126/udp
-resacommunity 1154/tcp # Community Service
-resacommunity 1154/udp
-3comnetman 1181/tcp # 3Com Net Management
-3comnetman 1181/udp
-mysql-cluster 1186/tcp # MySQL Cluster Manager
-mysql-cluster 1186/udp
-alias 1187/tcp # Alias Service
-alias 1187/udp
-openvpn 1194/tcp # OpenVPN
-openvpn 1194/udp
-kazaa 1214/tcp # KAZAA
-kazaa 1214/udp
-bvcontrol 1236/tcp rmtcfg # Gracilis Packeten remote config server
-bvcontrol 1236/udp rmtcfg
-nessus 1241/tcp # Nessus vulnerability assessment scanner
-nessus 1241/udp
-h323hostcallsc 1300/tcp # H323 Host Call Secure
-h323hostcallsc 1300/udp
-lotusnote 1352/tcp # Lotus Note
-lotusnote 1352/udp
-ms-sql-s 1433/tcp # Microsoft-SQL-Server
-ms-sql-s 1433/udp
-ms-sql-m 1434/tcp # Microsoft-SQL-Monitor
-ms-sql-m 1434/udp
-ica 1494/tcp # Citrix ICA Client
-ica 1494/udp
-wins 1512/tcp # Microsoft's Windows Internet Name Service
-wins 1512/udp
-ingreslock 1524/tcp
-ingreslock 1524/udp
-prospero-np 1525/tcp # Prospero non-privileged
-prospero-np 1525/udp
-datametrics 1645/tcp old-radius # datametrics / old radius entry
-datametrics 1645/udp old-radius
-sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry
-sa-msg-port 1646/udp old-radacct
-rsap 1647/tcp
-rsap 1647/udp
-concurrent-lm 1648/tcp
-concurrent-lm 1648/udp
-kermit 1649/tcp
-kermit 1649/udp
-l2tp 1701/tcp
-l2tp 1701/udp
-h323gatedisc 1718/tcp
-h323gatedisc 1718/udp
-h323gatestat 1719/tcp
-h323gatestat 1719/udp
-h323hostcall 1720/tcp
-h323hostcall 1720/udp
-iberiagames 1726/tcp
-iberiagames 1726/udp
-gamegen1 1738/tcp
-gamegen1 1738/udp
-tftp-mcast 1758/tcp
-tftp-mcast 1758/udp
-hello 1789/tcp
-hello 1789/udp
-radius 1812/tcp # Radius
-radius 1812/udp
-radius-acct 1813/tcp radacct # Radius Accounting
-radius-acct 1813/udp radacct
-mtp 1911/tcp # Starlight Networks Multimedia Transport Protocol
-mtp 1911/udp
-egs 1926/tcp # Evolution Game Server
-egs 1926/udp
-unix-status 1957/tcp # remstats unix-status server
-unix-status 1957/udp
-hsrp 1985/tcp # Hot Standby Router Protocol
-hsrp 1985/udp
-licensedaemon 1986/tcp # cisco license management
-licensedaemon 1986/udp
-tr-rsrb-p1 1987/tcp # cisco RSRB Priority 1 port
-tr-rsrb-p1 1987/udp
-tr-rsrb-p2 1988/tcp # cisco RSRB Priority 2 port
-tr-rsrb-p2 1988/udp
-tr-rsrb-p3 1989/tcp # cisco RSRB Priority 3 port
-tr-rsrb-p3 1989/udp
-stun-p1 1990/tcp # cisco STUN Priority 1 port
-stun-p1 1990/udp
-stun-p2 1991/tcp # cisco STUN Priority 2 port
-stun-p2 1991/udp
-stun-p3 1992/tcp # cisco STUN Priority 3 port
-stun-p3 1992/udp
-snmp-tcp-port 1994/tcp # cisco SNMP TCP port
-snmp-tcp-port 1994/udp
-stun-port 1995/tcp # cisco serial tunnel port
-stun-port 1995/udp
-perf-port 1996/tcp # cisco Remote SRB port
-perf-port 1996/udp
-gdp-port 1997/tcp # cisco Gateway Discovery Protocol
-gdp-port 1997/udp
-x25-svc-port 1998/tcp # cisco X.25 service (XOT)
-x25-svc-port 1998/udp
-tcp-id-port 1999/tcp # cisco identification port
-tcp-id-port 1999/udp
-cisco-sccp 2000/tcp sieve # Cisco SCCP
-cisco-sccp 2000/udp sieve
-nfs 2049/tcp # Network File System
-nfs 2049/udp
-radsec 2083/tcp # Secure Radius Service
-radsec 2083/udp
-gnunet 2086/tcp # GNUnet
-gnunet 2086/udp
-rtcm-sc104 2101/tcp # RTCM SC-104
-rtcm-sc104 2101/udp
-zephyr-srv 2102/tcp # Zephyr server
-zephyr-srv 2102/udp
-zephyr-clt 2103/tcp # Zephyr serv-hm connection
-zephyr-clt 2103/udp
-zephyr-hm 2104/tcp # Zephyr hostmanager
-zephyr-hm 2104/udp
-eyetv 2170/tcp # EyeTV Server Port
-eyetv 2170/udp
-msfw-storage 2171/tcp # MS Firewall Storage
-msfw-storage 2171/udp
-msfw-s-storage 2172/tcp # MS Firewall SecureStorage
-msfw-s-storage 2172/udp
-msfw-replica 2173/tcp # MS Firewall Replication
-msfw-replica 2173/udp
-msfw-array 2174/tcp # MS Firewall Intra Array
-msfw-array 2174/udp
-airsync 2175/tcp # Microsoft Desktop AirSync Protocol
-airsync 2175/udp
-rapi 2176/tcp # Microsoft ActiveSync Remote API
-rapi 2176/udp
-qwave 2177/tcp # qWAVE Bandwidth Estimate
-qwave 2177/udp
-tivoconnect 2190/tcp # TiVoConnect Beacon
-tivoconnect 2190/udp
-tvbus 2191/tcp # TvBus Messaging
-tvbus 2191/udp
-mysql-im 2273/tcp # MySQL Instance Manager
-mysql-im 2273/udp
-dict-lookup 2289/tcp # Lookup dict server
-dict-lookup 2289/udp
-redstorm_join 2346/tcp # Game Connection Port
-redstorm_join 2346/udp
-redstorm_find 2347/tcp # Game Announcement and Location
-redstorm_find 2347/udp
-redstorm_info 2348/tcp # Information to query for game status
-redstorm_info 2348/udp
-cvspserver 2401/tcp # CVS client/server operations
-cvspserver 2401/udp
-venus 2430/tcp # codacon port
-venus 2430/udp
-venus-se 2431/tcp # tcp side effects
-venus-se 2431/udp
-codasrv 2432/tcp # not used
-codasrv 2432/udp
-codasrv-se 2433/tcp # tcp side effects
-codasrv-se 2433/udp
-netadmin 2450/tcp
-netadmin 2450/udp
-netchat 2451/tcp
-netchat 2451/udp
-snifferclient 2452/tcp
-snifferclient 2452/udp
-ppcontrol 2505/tcp # PowerPlay Control
-ppcontrol 2505/udp
-lstp 2559/tcp #
-lstp 2559/udp
-mon 2583/tcp
-mon 2583/udp
-hpstgmgr 2600/tcp zebrasrv
-hpstgmgr 2600/udp zebrasrv
-discp-client 2601/tcp zebra # discp client
-discp-client 2601/udp zebra
-discp-server 2602/tcp ripd # discp server
-discp-server 2602/udp ripd
-servicemeter 2603/tcp ripngd # Service Meter
-servicemeter 2603/udp ripngd
-nsc-ccs 2604/tcp ospfd # NSC CCS
-nsc-ccs 2604/udp ospfd
-nsc-posa 2605/tcp bgpd # NSC POSA
-nsc-posa 2605/udp bgpd
-netmon 2606/tcp ospf6d # Dell Netmon
-netmon 2606/udp ospf6d
-connection 2607/tcp # Dell Connection
-connection 2607/udp
-wag-service 2608/tcp # Wag Service
-wag-service 2608/udp
-dict 2628/tcp # Dictionary server
-dict 2628/udp
-exce 2769/tcp # eXcE
-exce 2769/udp
-dvr-esm 2804/tcp # March Networks Digital Video Recorders and Enterprise Service Manager products
-dvr-esm 2804/udp
-corbaloc 2809/tcp # CORBA LOC
-corbaloc 2809/udp
-ndtp 2882/tcp # Network Dictionary Transfer Protocol
-ndtp 2882/udp
-gamelobby 2914/tcp # Game Lobby
-gamelobby 2914/udp
-gds_db 3050/tcp # InterBase server
-gds_db 3050/udp
-xbox 3074/tcp # Xbox game port
-xbox 3074/udp
-icpv2 3130/tcp icp # Internet Cache Protocol (Squid)
-icpv2 3130/udp icp
-nm-game-admin 3148/tcp # NetMike Game Administrator
-nm-game-admin 3148/udp
-nm-game-server 3149/tcp # NetMike Game Server
-nm-game-server 3149/udp
-mysql 3306/tcp # MySQL
-mysql 3306/udp
-sftu 3326/tcp
-sftu 3326/udp
-trnsprntproxy 3346/tcp # Transparent Proxy
-trnsprntproxy 3346/udp
-ms-wbt-server 3389/tcp rdp # MS WBT Server
-ms-wbt-server 3389/udp rdp # Microsoft Remote Desktop Protocol
-prsvp 3455/tcp # RSVP Port
-prsvp 3455/udp
-nut 3493/tcp # Network UPS Tools
-nut 3493/udp
-ironstorm 3504/tcp # IronStorm game server
-ironstorm 3504/udp
-cctv-port 3559/tcp # CCTV control port
-cctv-port 3559/udp
-iw-mmogame 3596/tcp # Illusion Wireless MMOG
-iw-mmogame 3596/udp
-distcc 3632/tcp # Distributed Compiler
-distcc 3632/udp
-daap 3689/tcp # Digital Audio Access Protocol
-daap 3689/udp
-svn 3690/tcp # Subversion
-svn 3690/udp
-blizwow 3724/tcp # World of Warcraft
-blizwow 3724/udp
-netboot-pxe 3928/tcp pxe # PXE NetBoot Manager
-netboot-pxe 3928/udp pxe
-smauth-port 3929/tcp # AMS Port
-smauth-port 3929/udp
-treehopper 3959/tcp # Tree Hopper Networking
-treehopper 3959/udp
-cobraclient 3970/tcp # Cobra Client
-cobraclient 3970/udp
-cobraserver 3971/tcp # Cobra Server
-cobraserver 3971/udp
-pxc-spvr-ft 4002/tcp pxc-spvr-ft
-pxc-spvr-ft 4002/udp pxc-spvr-ft
-pxc-splr-ft 4003/tcp pxc-splr-ft rquotad
-pxc-splr-ft 4003/udp pxc-splr-ft rquotad
-pxc-roid 4004/tcp pxc-roid
-pxc-roid 4004/udp pxc-roid
-pxc-pin 4005/tcp pxc-pin
-pxc-pin 4005/udp pxc-pin
-pxc-spvr 4006/tcp pxc-spvr
-pxc-spvr 4006/udp pxc-spvr
-pxc-splr 4007/tcp pxc-splr
-pxc-splr 4007/udp pxc-splr
-xgrid 4111/tcp # Mac OS X Server Xgrid
-xgrid 4111/udp
-bzr 4155/tcp # Bazaar Version Control System
-bzr 4155/udp # Bazaar version control system
-rwhois 4321/tcp # Remote Who Is
-rwhois 4321/udp
-epmd 4369/tcp # Erlang Port Mapper Daemon
-epmd 4369/udp
-krb524 4444/tcp
-krb524 4444/udp
-ipsec-nat-t 4500/tcp # IPsec NAT-Traversal
-ipsec-nat-t 4500/udp
-hylafax 4559/tcp # HylaFAX client-server protocol (new)
-hylafax 4559/udp
-piranha1 4600/tcp
-piranha1 4600/udp
-playsta2-app 4658/tcp # PlayStation2 App Port
-playsta2-app 4658/udp
-playsta2-lob 4659/tcp # PlayStation2 Lobby Port
-playsta2-lob 4659/udp
-snap 4752/tcp # Simple Network Audio Protocol
-snap 4752/udp
-radmin-port 4899/tcp # RAdmin Port
-radmin-port 4899/udp
-rfe 5002/tcp # Radio Free Ethernet
-rfe 5002/udp
-ita-agent 5051/tcp # ITA Agent
-ita-agent 5051/udp
-sdl-ets 5081/tcp # SDL - Ent Trans Server
-sdl-ets 5081/udp
-bzflag 5154/tcp # BZFlag game server
-bzflag 5154/udp
-aol 5190/tcp # America-Online
-aol 5190/udp
-xmpp-client 5222/tcp # XMPP Client Connection
-xmpp-client 5222/udp
-caevms 5251/tcp # CA eTrust VM Service
-caevms 5251/udp
-xmpp-server 5269/tcp # XMPP Server Connection
-xmpp-server 5269/udp
-cfengine 5308/tcp # CFengine
-cfengine 5308/udp
-nat-pmp 5351/tcp # NAT Port Mapping Protocol
-nat-pmp 5351/udp
-dns-llq 5352/tcp # DNS Long-Lived Queries
-dns-llq 5352/udp
-mdns 5353/tcp # Multicast DNS
-mdns 5353/udp
-mdnsresponder 5354/tcp noclog # Multicast DNS Responder IPC
-mdnsresponder 5354/udp noclog # noclogd with TCP (nocol)
-llmnr 5355/tcp hostmon # Link-Local Multicast Name Resolution
-llmnr 5355/udp hostmon # hostmon uses TCP (nocol)
-dj-ice 5419/tcp
-dj-ice 5419/udp
-beyond-remote 5424/tcp # Beyond Remote
-beyond-remote 5424/udp
-br-channel 5425/tcp # Beyond Remote Command Channel
-br-channel 5425/udp
-postgresql 5432/tcp # POSTGRES
-postgresql 5432/udp
-sgi-eventmond 5553/tcp # SGI Eventmond Port
-sgi-eventmond 5553/udp
-sgi-esphttp 5554/tcp # SGI ESP HTTP
-sgi-esphttp 5554/udp
-cvsup 5999/tcp # CVSup
-cvsup 5999/udp
-x11 6000/tcp # X Window System
-x11 6000/udp
-kftp-data 6620/tcp # Kerberos V5 FTP Data
-kftp-data 6620/udp
-kftp 6621/tcp # Kerberos V5 FTP Control
-kftp 6621/udp
-ktelnet 6623/tcp # Kerberos V5 Telnet
-ktelnet 6623/udp
-gnutella-svc 6346/tcp
-gnutella-svc 6346/udp
-gnutella-rtr 6347/tcp
-gnutella-rtr 6347/udp
-sane-port 6566/tcp # SANE Network Scanner Control Port
-sane-port 6566/udp
-parsec-game 6582/tcp # Parsec Gameserver
-parsec-game 6582/udp
-afs3-fileserver 7000/tcp bbs # file server itself
-afs3-fileserver 7000/udp bbs
-afs3-callback 7001/tcp # callbacks to cache managers
-afs3-callback 7001/udp
-afs3-prserver 7002/tcp # users & groups database
-afs3-prserver 7002/udp
-afs3-vlserver 7003/tcp # volume location database
-afs3-vlserver 7003/udp
-afs3-kaserver 7004/tcp # AFS/Kerberos authentication
-afs3-kaserver 7004/udp
-afs3-volser 7005/tcp # volume managment server
-afs3-volser 7005/udp
-afs3-errors 7006/tcp # error interpretation service
-afs3-errors 7006/udp
-afs3-bos 7007/tcp # basic overseer process
-afs3-bos 7007/udp
-afs3-update 7008/tcp # server-to-server updater
-afs3-update 7008/udp
-afs3-rmtsys 7009/tcp # remote cache manager service
-afs3-rmtsys 7009/udp
-font-service 7100/tcp xfs # X Font Service
-font-service 7100/udp xfs
-sncp 7560/tcp # Sniffer Command Protocol
-sncp 7560/udp
-soap-http 7627/tcp # SOAP Service Port
-soap-http 7627/udp
-http-alt 8008/tcp # HTTP Alternate
-http-alt 8008/udp
-http-alt 8080/tcp webcache # HTTP Alternate
-http-alt 8080/udp webcache # WWW caching service
-sunproxyadmin 8081/tcp tproxy # Sun Proxy Admin Service
-sunproxyadmin 8081/udp tproxy # Transparent Proxy
-pichat 9009/tcp # Pichat Server
-pichat 9009/udp
-bacula-dir 9101/tcp # Bacula Director
-bacula-dir 9101/udp
-bacula-fd 9102/tcp # Bacula File Daemon
-bacula-fd 9102/udp
-bacula-sd 9103/tcp # Bacula Storage Daemon
-bacula-sd 9103/udp
-dddp 9131/tcp # Dynamic Device Discovery
-dddp 9131/udp
-wap-wsp 9200/tcp # WAP connectionless session service
-wap-wsp 9200/udp
-wap-wsp-wtp 9201/tcp # WAP session service
-wap-wsp-wtp 9201/udp
-wap-wsp-s 9202/tcp # WAP secure connectionless session service
-wap-wsp-s 9202/udp
-wap-wsp-wtp-s 9203/tcp # WAP secure session service
-wap-wsp-wtp-s 9203/udp
-wap-vcard 9204/tcp # WAP vCard
-wap-vcard 9204/udp
-wap-vcal 9205/tcp # WAP vCal
-wap-vcal 9205/udp
-wap-vcard-s 9206/tcp # WAP vCard Secure
-wap-vcard-s 9206/udp
-wap-vcal-s 9207/tcp # WAP vCal Secure
-wap-vcal-s 9207/udp
-git 9418/tcp # git pack transfer service
-git 9418/udp
-cba8 9593/tcp # LANDesk Management Agent
-cba8 9593/udp
-davsrc 9800/tcp # WebDav Source Port
-davsrc 9800/udp
-sqlexec 9088/tcp # IBM Informix SQL Interface
-sqlexec 9088/udp
-sqlexec-ssl 9089/tcp # IBM Informix SQL Interface - Encrypted
-sqlexec-ssl 9089/udp
-sd 9876/tcp # Session Director
-sd 9876/udp
-cyborg-systems 9888/tcp # CYBORG Systems
-cyborg-systems 9888/udp
-monkeycom 9898/tcp # MonkeyCom
-monkeycom 9898/udp
-sctp-tunneling 9899/tcp # SCTP TUNNELING
-sctp-tunneling 9899/udp
-domaintime 9909/tcp # domaintime
-domaintime 9909/udp
-amanda 10080/tcp # amanda backup services
-amanda 10080/udp
-vce 11111/tcp # Viral Computing Environment (VCE)
-vce 11111/udp
-smsqp 11201/tcp # Alamin SMS gateway
-smsqp 11201/udp
-hkp 11371/tcp # OpenPGP HTTP Keyserver
-hkp 11371/udp
-h323callsigalt 11720/tcp # h323 Call Signal Alternate
-h323callsigalt 11720/udp
-rets-ssl 12109/tcp # RETS over SSL
-rets-ssl 12109/udp
-cawas 12168/tcp # CA Web Access Service
-cawas 12168/udp
-bprd 13720/tcp # BPRD Protocol (VERITAS NetBackup)
-bprd 13720/udp
-bpdbm 13721/tcp # BPDBM Protocol (VERITAS NetBackup)
-bpdbm 13721/udp
-bpjava-msvc 13722/tcp # BP Java MSVC Protocol
-bpjava-msvc 13722/udp
-vnetd 13724/tcp # Veritas Network Utility
-vnetd 13724/udp
-bpcd 13782/tcp # VERITAS NetBackup
-bpcd 13782/udp
-vopied 13783/tcp # VOPIED Protocol
-vopied 13783/udp
-xpilot 15345/tcp # XPilot Contact Port
-xpilot 15345/udp
-wnn6 22273/tcp # wnn6
-wnn6 22273/udp
-binkp 24554/tcp # Bink fidonet protocol
-binkp 24554/udp
-quake 26000/tcp # Quake @!#
-quake 26000/udp
-wnn6-ds 26208/tcp
-wnn6-ds 26208/udp
-tetrinet 31457/tcp # TetriNET Protocol
-tetrinet 31457/udp
-gamesmith-port 31765/tcp # GameSmith Port
-gamesmith-port 31765/udp
-traceroute 33434/tcp # traceroute use
-traceroute 33434/udp
-candp 42508/tcp # Computer Associates network discovery protocol
-candp 42508/udp
-candrp 42509/tcp # CA discovery response
-candrp 42509/udp
-caerpc 42510/tcp # CA eTrust RPC
-caerpc 42510/udp
-
-#=========================================================================
-# The remaining port numbers are not as allocated by IANA.
-
-# Kerberos (Project Athena/MIT) services
-# Note that these are for Kerberos v4, and are unofficial
-kpop 1109/tcp # Pop with Kerberos
-knetd 2053/tcp # Kerberos de-multiplexor
-eklogin 2105/tcp # Kerberos encrypted rlogin
-
-# CVSup support http://www.cvsup.org/
-supfilesrv 871/tcp # SUP server
-supfiledbg 1127/tcp # SUP debugging
-
-# Datagram Delivery Protocol services
-rtmp 1/ddp # Routing Table Maintenance Protocol
-nbp 2/ddp # Name Binding Protocol
-echo 4/ddp # AppleTalk Echo Protocol
-zip 6/ddp # Zone Information Protocol
-
-# Many services now accepted as 'standard'
-swat 901/tcp # Samba configuration tool
-rndc 953/tcp # rndc control sockets (BIND 9)
-rndc 953/udp
-skkserv 1178/tcp # SKK Japanese input method
-xtel 1313/tcp # french minitel
-support 1529/tcp # GNATS
-cfinger 2003/tcp lmtp # GNU Finger
-ninstall 2150/tcp # ninstall service
-ninstall 2150/udp
-afbackup 2988/tcp # Afbackup system
-afbackup 2988/udp
-fax 4557/tcp # FAX transmission service (old)
-rplay 5555/tcp # RPlay audio service
-rplay 5555/udp
-canna 5680/tcp # Canna (Japanese Input)
-x11-ssh 6010/tcp x11-ssh-offset
-x11-ssh 6010/udp x11-ssh-offset
-ircd 6667/tcp # Internet Relay Chat
-ircd 6667/udp
-jetdirect 9100/tcp # HP JetDirect card
-jetdirect 9100/udp
-mandelspawn 9359/udp mandelbrot # network mandelbrot
-kamanda 10081/tcp # amanda backup services (Kerberos)
-kamanda 10081/udp
-amandaidx 10082/tcp # amanda backup services
-amidxtape 10083/tcp # amanda backup services
-isdnlog 20011/tcp # isdn logging system
-isdnlog 20011/udp
-vboxd 20012/tcp # voice box system
-vboxd 20012/udp
-wnn4_Cn 22289/tcp wnn6_Cn # Wnn (Chinese input)
-wnn4_Kr 22305/tcp wnn6_Kr # Wnn (Korean input)
-wnn4_Tw 22321/tcp wnn6_Tw # Wnn (Taiwanse input)
-asp 27374/tcp # Address Search Protocol
-asp 27374/udp
-tfido 60177/tcp # Ifmail
-tfido 60177/udp
-fido 60179/tcp # Ifmail
-fido 60179/udp
-
-# Local services
-
-##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$
+##VERSION: $Id: 106596a150c4585c41d65f60a17e173402125332-20150610064018$
#
# imapd created from imapd.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
-# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for
+# Copyright 1998 - 2015 Double Precision, Inc. See COPYING for
# distribution information.
#
# This configuration file sets various options for the Courier-IMAP server
TCPDOPTS="-nodnslookup -noidentlookup"
+##NAME: ACCESSFILE:0
+#
+# IMAP access file.
+
+IMAPACCESSFILE=/etc/courier-imap/imapaccess
+
##NAME: LOGGEROPTS:0
#
-# courierlogger(1) options.
+# courierlogger(1) options.
#
LOGGEROPTS="-name=imapd"
##NAME: DEFDOMAIN:0
#
-# Optional default domain. If the username does not contain the
+# Optional default domain. If the username does not contain the
# first character of DEFDOMAIN, then it is appended to the username.
# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended
# only if the username does not contain any character from DOMAINSEP.
#
# IMAP_LOG_DELETIONS=1
+##NAME: AUTH_MKHOMEDIR_SKEL:0
+#
+# Uncomment this setting to automatically create a home directory on first
+# login. if the AUTH_MKHOMEDIR_SKEL environment variable is set, and the
+# home directory does not exist, the home directory gets created, with its
+# initial contents copied from AUTH_MKHOMEDIR_SKEL which must be a directory,
+# typically /etc/skel.
+#
+# Note that this must be a complete home directory structure, including
+# the maildir. Typically:
+#
+# mkdir /etc/skel
+# chmod 700 /etc/skel
+# maildirmak /etc/skel/Maildir
+#
+# This directory gets copied as is, preserving each file/subdirectory's
+# permissions, with only userid/groupid changed to match the account's.
+#
+#
+# AUTH_MKHOMEDIR_SKEL=/etc/skel
+
##NAME: IMAPDEBUGFILE:0
#
# IMAPDEBUGFILE="imaplog.dat"
-##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$
+##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$
#
# imapd-ssl created from imapd-ssl.dist by sysconftool
#
##NAME: SSLLOGGEROPTS:0
#
-# courierlogger(1) options.
+# courierlogger(1) options.
#
SSLLOGGEROPTS="-name=imapd-ssl"
#
# DEFAULT: NORMAL:-CTYPE-OPENPGP
#
-# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP"
+# This setting is also used to select the available ciphers.
+#
+# The actual list of available ciphers depend on the options GnuTLS was
+# compiled against. The possible ciphers are:
+#
+# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
+#
+# Also, the following aliases:
+#
+# HIGH -- all ciphers that use more than a 128 bit key size
+# MEDIUM -- all ciphers that use a 128 bit key size
+# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
+# is not included
+# ALL -- all ciphers except the NULL cipher
+#
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
##NAME: TLS_PROTOCOL:0
-#
+#
# TLS_PROTOCOL sets the protocol version. The possible versions are:
#
# OpenSSL:
#
# SSL3 - SSLv3
# SSL23 - all protocols (including TLS 1.x protocols)
-# TLS1 - TLS1
+# TLSv1 - TLS1
# TLSv1.1 - TLS1.1
# TLSv1.2 - TLS1.2
#
-# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST
-# setting, below.
-#
-# GnuTLS:
-#
-# SSL3 - SSLv3
-# TLS1 - TLS 1.0
-# TLS1_1 - TLS 1.1
-#
-# When compiled against GnuTLS, multiple protocols can be selected as follows:
-#
-# TLS_PROTOCOL="TLS1_1:TLS1:SSL3"
-#
-# DEFAULT VALUES:
+# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
+# higher protocols.
#
-# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS)
-TLS_PROTOCOL="SSL23"
-
-##NAME: TLS_STARTTLS_PROTOCOL:0
-#
-# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
-# extension, as opposed to IMAP over SSL on port 993.
-#
-# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL
-TLS_STARTTLS_PROTOCOL=TLS1
+# The default value is TLSv1+
##NAME: TLS_CIPHER_LIST:0
#
#
# OpenSSL:
#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH"
+# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
# GnuTLS:
#
# See GnuTLS documentation, gnutls_priority_init(3) for additional
# documentation.
-##NAME: TLS_MIN_DH_BITS:0
-#
-# TLS_MIN_DH_BITS=n
-#
-# GnuTLS only:
+##NAME: TLS_STARTTLS_PROTOCOL:0
#
-# Set the minimum number of acceptable bits for a DH key exchange.
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
#
-# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
-# have been encountered that offer 512 bit keys. You may have to set
-# TLS_MIN_DH_BITS=512 here, if necessary.
+# It takes the same values for OpenSSL as TLS_PROTOCOL
-##NAME: TLS_KX_LIST:0
-#
-# GnuTLS only:
+##NAME: TLS_CIPHER_LIST:0
#
-# Allowed key exchange protocols. The default of "ALL" should be sufficient.
-# The list of supported key exchange protocols depends on the options GnuTLS
-# was compiled against, but may include the following:
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
+# undefined
#
-# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT
-
-TLS_KX_LIST=ALL
-
-##NAME: TLS_COMPRESSION:0
+# OpenSSL:
#
-# GnuTLS only:
+# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
-# Optional compression. "ALL" selects all available compression methods.
#
-# Available compression methods: DEFLATE, LZO, NULL
-
-TLS_COMPRESSION=ALL
-##NAME: TLS_CERTS:0
+##NAME: TLS_MIN_DH_BITS:0
+#
+# TLS_MIN_DH_BITS=n
#
# GnuTLS only:
#
-# Supported certificate types are X509 and OPENPGP.
+# Set the minimum number of acceptable bits for a DH key exchange.
#
-# OPENPGP has not been tested
-
-TLS_CERTS=X509
+# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
+# have been encountered that offer 512 bit keys. You may have to set
+# TLS_MIN_DH_BITS=512 here, if necessary.
##NAME: TLS_TIMEOUT:0
# TLS_TIMEOUT is currently not implemented, and reserved for future use.
#
# TLS_DHPARAMS - DH parameter file.
#
-TLS_DHPARAMS=/etc/ssl/dhparams.pem
+TLS_DHPARAMS=/usr/share/dhparams.pem
##NAME: TLS_TRUSTCERTS:0
#
#
TLS_VERIFYPEER=NONE
-
##NAME: TLS_EXTERNAL:0
#
# To enable SSL certificate-based authentication:
-##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$
+##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$
#
# pop3d-ssl created from pop3d-ssl.dist by sysconftool
#
##NAME: SSLLOGGEROPTS:0
#
-# courierlogger(1) options.
+# courierlogger(1) options.
#
SSLLOGGEROPTS="-name=pop3d-ssl"
# DEFAULT: NORMAL:-CTYPE-OPENPGP
#
# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP"
+#
+# This setting is also used to select the available ciphers.
+#
+# The actual list of available ciphers depend on the options GnuTLS was
+# compiled against. The possible ciphers are:
+#
+# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
+#
+# Also, the following aliases:
+#
+# HIGH -- all ciphers that use more than a 128 bit key size
+# MEDIUM -- all ciphers that use a 128 bit key size
+# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
+# is not included
+# ALL -- all ciphers except the NULL cipher
+#
+# See GnuTLS documentation, gnutls_priority_init(3) for additional
+# documentation.
##NAME: TLS_PROTOCOL:0
-#
+#
# TLS_PROTOCOL sets the protocol version. The possible versions are:
#
# OpenSSL:
#
# SSL3 - SSLv3
# SSL23 - all protocols (including TLS 1.x protocols)
-# TLS1 - TLS1
+# TLSv11 - TLS1
# TLSv1.1 - TLS1.1
# TLSv1.2 - TLS1.2
#
-# Leave it unset to use any protocol except SSL 2.
+# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all
+# higher protocols.
+#
+# The default value is TLSv1+
##NAME: TLS_CIPHER_LIST:0
#
#
# OpenSSL:
#
-# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
-TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH"
+# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
# GnuTLS:
#
#
# TLS_DHPARAMS - DH parameter file.
#
-TLS_DHPARAMS=/etc/ssl/dhparams.pem
+TLS_DHPARAMS=/usr/share/dhparams.pem
##NAME: TLS_TRUSTCERTS:0
#
# This file describes a number of aliases-to-address mappings for the for
# local hosts that share this file.
#
+# The format of lines in this file is:
+#
+# IP_ADDRESS canonical_hostname [aliases...]
+#
+#The fields can be separated by any number of spaces or tabs.
+#
# In the presence of the domain name service or NIS, this file may not be
# consulted at all; see /etc/host.conf for the resolution order.
#
# ARRAY lines specify information about how to identify arrays so
# so that they can be activated
#
-# You can have more than one device line and use wild cards. The first
+# You can have more than one device line and use wild cards. The first
# example includes SCSI the first partition of SCSI disks /dev/sdb,
-# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second
+# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second
# line looks for array slices on IDE disks.
#
#DEVICE /dev/sd[bcdjkl]1
media-libs/freetype kpathsea utils
media-libs/gd fontconfig
media-libs/giflib rle
+media-libs/libcaca -doc
media-libs/lasi -doc
media-libs/libtheora encode
media-libs/libwmf -expat
# html_directory: The location of the Postfix HTML documentation.
#
-html_directory = /usr/share/doc/postfix-3.1.0-r1/html
+html_directory = /usr/share/doc/postfix-3.1.2-r1/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
# readme_directory: The location of the Postfix README files.
#
-readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme
+readme_directory = /usr/share/doc/postfix-3.1.2-r1/readme
#inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix/${mail_version}
# put this file in /etc/postfix or specify its path
# with --whitelist-clients=xxx
#
-# postgrey version: 1.34, build date: 2011-05-04
+# postgrey version: 1.36, build date: 2015-09-01
# greylisting.org: Southwest Airlines (unique sender, no retry)
southwest.com
# ibm.com (big pool, reported by Casey Peel)
ibm.com
# messagelabs.com (big pool, reported by John Tobin)
-/^mail\d+\.messagelabs\.com$/
+messagelabs.com
# ptb.de (slow, reported by Joachim Schoenberg)
berlin.ptb.de
# registrarmail.net (unique sender names, reported by Simon Waters)
registrarmail.net
# google.com (big pool, reported by Matthias Dyer, Martin Toft)
google.com
-# orange.fr (big pool, reported by Loïc Le Loarer)
+# orange.fr (big pool, reported by Loïc Le Loarer)
/^smtp\d+\.orange\.fr$/
# citigroup.com (slow retry, reported by Michael Monnerie)
/^smtp\d+.citigroup.com$/
/^mx.*\.evanzo-server\.de$/
# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie)
upcmail.net
-
-mx\.acwain\.net
-
+# 2013-12-18: orange.fr (big pool, reported by fulax)
+/^smtp\d+\.smtpout\.orange\.fr$/
+# 2014-01-29: gmx/web.de/1&1 (long retry, reported by Axel Beckert)
+mout-xforward.gmx.net
+mout-xforward.web.de
+mout-xforward.kundenserver.de
+mout-xforward.perfora.net
+# 2014-02-01: startcom.org (long retry, reported by jweiher)
+gateway.startcom.org
+# 2014-12-18: mail.ru (retries from fallback*.mail.ru, reported by Andriy Yurchuk)
+/^fallback\d+\.mail\.ru$/
+# French tax authority, no retry
+dgfip.finances.gouv.fr
+# 2015-06-10: magisto.com (requested by postmaster)
+/^o\d+\.ntdc\.magisto\.com$/
+# 2015-07-23: outlook.com (github #20)
+outlook.com
+# 2015-08-19 (the retrying is failing)
+mail.alibaba.com
# Some daemons are started and stopped via start-stop-daemon.
# We can set some things on a per service basis, like the nicelevel.
#SSD_NICELEVEL="-19"
+# Or the ionice level. The format is class[:data] , just like the
+# --ionice start-stop-daemon parameter.
+#SSD_IONICELEVEL="2:2"
# Pass ulimit parameters
# If you are using bash in POSIX mode for your shell, note that the
#rc_foo_bar_after="clock"
# You can also remove dependencies.
-# This is mainly used for saying which servies do NOT provide net.
+# This is mainly used for saying which services do NOT provide net.
#rc_net_tap0_provide="!net"
-##############################################################################
-# LINUX SPECIFIC OPTIONS
-
-# This is the subsystem type. Valid options on Linux:
+# This is the subsystem type.
+# It is used to match against keywords set by the keyword call in the
+# depend function of service scripts.
+#
+# It should be set to the value representing the environment this file is
+# PRESENTLY in, not the virtualization the environment is capable of.
+# If it is commented out, automatic detection will be used.
+#
+# The list below shows all possible settings as well as the host
+# operating systems where they can be used and autodetected.
+#
# "" - nothing special
-# "docker" - Docker container manager
+# "docker" - Docker container manager (Linux)
+# "jail" - Jail (DragonflyBSD or FreeBSD)
# "lxc" - Linux Containers
# "openvz" - Linux OpenVZ
# "prefix" - Prefix
-# "rkt" - CoreOS container management system
+# "rkt" - CoreOS container management system (Linux)
+# "subhurd" - Hurd subhurds (to be checked)
+# "systemd-nspawn" - Container created by systemd-nspawn (Linux)
# "uml" - Usermode Linux
# "vserver" - Linux vserver
-# "systemd-nspawn" - Container created by the systemd-nspawn utility
-# "xen0" - Xen0 Domain
-# "xenU" - XenU Domain
-# If this is commented out, automatic detection will be used.
-#
-# This should be set to the value representing the environment this file is
-# PRESENTLY in, not the virtualization the environment is capable of.
+# "xen0" - Xen0 Domain (Linux and NetBSD)
+# "xenU" - XenU Domain (Linux and NetBSD)
rc_sys=""
-# This is the number of tty's used in most of the rc-scripts (like
-# consolefont, numlock, etc ...)
+# on Linux and Hurd, this is the number of ttys allocated for logins
+# It is used in the consolefont, keymaps, numlock and termencoding
+# service scripts.
rc_tty_number=12
##############################################################################
-# CGROUPS RESOURCE MANAGEMENT
+# LINUX CGROUPS RESOURCE MANAGEMENT
# If you have cgroups turned on in your kernel, this switch controls
# whether or not a group for each controller is mounted under
# Set the pids controller settings for this service.
#rc_cgroup_pids=""
-# Set this to YES if yu want all of the processes in a service's cgroup
+# Set this to YES if you want all of the processes in a service's cgroup
# killed when the service is stopped or restarted.
# This should not be set globally because it kills all of the service's
# child processes, and most of the time this is undesirable. Please set
concurrent-lm 1648/udp
kermit 1649/tcp
kermit 1649/udp
+groupwise 1677/tcp
+groupwise 1677/udp
l2tp 1701/tcp
l2tp 1701/udp
h323gatedisc 1718/tcp
x25-svc-port 1998/udp
tcp-id-port 1999/tcp # cisco identification port
tcp-id-port 1999/udp
-cisco-sccp 2000/tcp sieve # Cisco SCCP
-cisco-sccp 2000/udp sieve
+cisco-sccp 2000/tcp # Cisco SCCP
+cisco-sccp 2000/udp
nfs 2049/tcp # Network File System
nfs 2049/udp
radsec 2083/tcp # Secure Radius Service
xgrid 4111/udp
bzr 4155/tcp # Bazaar Version Control System
bzr 4155/udp # Bazaar version control system
+sieve 4190/tcp # ManageSieve Protocol
+sieve 4190/udp
rwhois 4321/tcp # Remote Who Is
rwhois 4321/udp
epmd 4369/tcp # Erlang Port Mapper Daemon
sgi-eventmond 5553/udp
sgi-esphttp 5554/tcp # SGI ESP HTTP
sgi-esphttp 5554/udp
-nrpe 5666/tcp # Nagios NRPE
-nrpe 5666/udp # Nagios NRPE
cvsup 5999/tcp # CVSup
cvsup 5999/udp
x11 6000/tcp # X Window System
cfinger 2003/tcp lmtp # GNU Finger
ninstall 2150/tcp # ninstall service
ninstall 2150/udp
+gpsd 2947/tcp gpsd # GPS Daemon request/response protocol
+gpsd 2947/udp gpsd # GPS Daemon request/response protocol
afbackup 2988/tcp # Afbackup system
afbackup 2988/udp
fax 4557/tcp # FAX transmission service (old)
+xmpp-bosh 5280/tcp # Bidirectional-streams Over Synchronous HTTP (BOSH)
rplay 5555/tcp # RPlay audio service
rplay 5555/udp
canna 5680/tcp # Canna (Japanese Input)
x11-ssh 6010/udp x11-ssh-offset
ircd 6667/tcp # Internet Relay Chat
ircd 6667/udp
+ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL
jetdirect 9100/tcp # HP JetDirect card
jetdirect 9100/udp
mandelspawn 9359/udp mandelbrot # network mandelbrot
projects / config / helga / etc.git / commitdiff