From: root Date: Sat, 7 Jan 2017 19:46:42 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=69ffc98e224d67ebac91da99babbda4d56852203;p=config%2Fhelga%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/.etckeeper b/.etckeeper index 03239eb..40cbf8c 100755 --- a/.etckeeper +++ b/.etckeeper @@ -594,6 +594,8 @@ maybe chmod 0644 'config-archive/etc/conf.d/keymaps' maybe chmod 0644 'config-archive/etc/conf.d/keymaps,v' maybe chmod 0644 'config-archive/etc/conf.d/keymaps.1' maybe chmod 0644 'config-archive/etc/conf.d/keymaps.dist' +maybe chmod 0644 'config-archive/etc/conf.d/lm_sensors' +maybe chmod 0644 'config-archive/etc/conf.d/lm_sensors.dist' maybe chmod 0644 'config-archive/etc/conf.d/modules,v' maybe chmod 0644 'config-archive/etc/conf.d/mysql,v' maybe chmod 0644 'config-archive/etc/conf.d/mysql.dist.new' @@ -624,9 +626,10 @@ maybe chmod 0644 'config-archive/etc/courier-imap/imapd,v' maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl' maybe chmod 0644 'config-archive/etc/courier-imap/imapd-ssl,v' maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.1' +maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.2' maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.dist' -maybe chmod 0600 'config-archive/etc/courier-imap/imapd-ssl.dist.new' maybe chmod 0600 'config-archive/etc/courier-imap/imapd.1' +maybe chmod 0600 'config-archive/etc/courier-imap/imapd.2' maybe chmod 0600 'config-archive/etc/courier-imap/imapd.dist' maybe chmod 0600 'config-archive/etc/courier-imap/pop3d' maybe chmod 0644 'config-archive/etc/courier-imap/pop3d,v' @@ -634,7 +637,6 @@ maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl' maybe chmod 0644 'config-archive/etc/courier-imap/pop3d-ssl,v' maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.1' maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.dist' -maybe chmod 0600 'config-archive/etc/courier-imap/pop3d-ssl.dist.new' maybe chmod 0600 'config-archive/etc/courier-imap/pop3d.dist' maybe chmod 0755 'config-archive/etc/courier/authlib' maybe chmod 0660 'config-archive/etc/courier/authlib/authdaemonrc' @@ -689,7 +691,8 @@ maybe chmod 0644 'config-archive/etc/genkernel.conf.3' maybe chmod 0644 'config-archive/etc/genkernel.conf.dist' maybe chmod 0644 'config-archive/etc/hosts' maybe chmod 0644 'config-archive/etc/hosts,v' -maybe chmod 0644 'config-archive/etc/hosts.dist.new' +maybe chmod 0644 'config-archive/etc/hosts.1' +maybe chmod 0644 'config-archive/etc/hosts.dist' maybe chmod 0755 'config-archive/etc/init.d' maybe chmod 0755 'config-archive/etc/init.d/apache2,v' maybe chmod 0755 'config-archive/etc/init.d/atd,v' @@ -753,6 +756,7 @@ maybe chmod 0644 'config-archive/etc/mc/mc.keymap.emacs,v' maybe chmod 0644 'config-archive/etc/mc/mc.menu,v' maybe chmod 0644 'config-archive/etc/mdadm.conf' maybe chmod 0644 'config-archive/etc/mdadm.conf,v' +maybe chmod 0644 'config-archive/etc/mdadm.conf.1' maybe chmod 0644 'config-archive/etc/mdadm.conf.dist' maybe chmod 0644 'config-archive/etc/mke2fs.conf,v' maybe chmod 0644 'config-archive/etc/mlocate-cron.conf,v' @@ -920,7 +924,7 @@ maybe chmod 0644 'config-archive/etc/postfix/master.cf.1' maybe chmod 0644 'config-archive/etc/postfix/master.cf.dist.new' maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients' maybe chmod 0644 'config-archive/etc/postfix/postgrey_whitelist_clients,v' -maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients.dist.new' +maybe chmod 0640 'config-archive/etc/postfix/postgrey_whitelist_clients.dist' maybe chmod 0644 'config-archive/etc/postfix/saslpass,v' maybe chmod 0644 'config-archive/etc/procmailrc,v' maybe chmod 0644 'config-archive/etc/procmailrc.dist.new' @@ -944,6 +948,7 @@ maybe chmod 0644 'config-archive/etc/rc.conf.3' maybe chmod 0644 'config-archive/etc/rc.conf.4' maybe chmod 0644 'config-archive/etc/rc.conf.5' maybe chmod 0644 'config-archive/etc/rc.conf.6' +maybe chmod 0644 'config-archive/etc/rc.conf.7' maybe chmod 0644 'config-archive/etc/rc.conf.dist' maybe chmod 0755 'config-archive/etc/reoback' maybe chmod 0644 'config-archive/etc/reoback/files.conf' @@ -974,7 +979,7 @@ maybe chmod 0755 'config-archive/etc/security/namespace.init,v' maybe chmod 0644 'config-archive/etc/sensors3.conf,v' maybe chmod 0644 'config-archive/etc/services' maybe chmod 0644 'config-archive/etc/services,v' -maybe chmod 0644 'config-archive/etc/services.dist.new' +maybe chmod 0644 'config-archive/etc/services.dist' maybe chmod 0755 'config-archive/etc/skel' maybe chmod 0644 'config-archive/etc/skel/.bash_logout' maybe chmod 0644 'config-archive/etc/skel/.bash_logout.dist.new' diff --git a/conf.d/lm_sensors b/conf.d/lm_sensors index 5d1353c..721a6de 100644 --- a/conf.d/lm_sensors +++ b/conf.d/lm_sensors @@ -1,10 +1,4 @@ -# Generated by sensors-detect on Tue Jul 24 10:07:08 2012 -# This file is sourced by /etc/init.d/lm_sensors and defines the modules to -# be loaded/unloaded. -# -# The format of this file is a shell script that simply defines variables: -# HWMON_MODULES for hardware monitoring driver modules, and optionally -# BUS_MODULES for any required bus driver module (for example for I2C or SPI). +# /etc/conf.d/lm_sensors # Load modules at startup LOADMODULES=yes @@ -23,3 +17,6 @@ HWMON_MODULES="w83627ehf" # You should use BUS_MODULES and HWMON_MODULES instead if possible. MODULE_0=w83627ehf + +# NOTE: +# For module loading please use /etc/modules-load.d/lm_sensors.conf diff --git a/config-archive/etc/conf.d/lm_sensors b/config-archive/etc/conf.d/lm_sensors new file mode 100644 index 0000000..5d1353c --- /dev/null +++ b/config-archive/etc/conf.d/lm_sensors @@ -0,0 +1,25 @@ +# Generated by sensors-detect on Tue Jul 24 10:07:08 2012 +# This file is sourced by /etc/init.d/lm_sensors and defines the modules to +# be loaded/unloaded. +# +# The format of this file is a shell script that simply defines variables: +# HWMON_MODULES for hardware monitoring driver modules, and optionally +# BUS_MODULES for any required bus driver module (for example for I2C or SPI). + +# Load modules at startup +LOADMODULES=yes + +# Initialize sensors at startup +INITSENSORS=yes + +HWMON_MODULES="w83627ehf" + +# For compatibility reasons, modules are also listed individually as variables +# MODULE_0, MODULE_1, MODULE_2, etc. +# Please note that the numbers in MODULE_X must start at 0 and increase in +# steps of 1. Any number that is missing will make the init script skip the +# rest of the modules. Use MODULE_X_ARGS for arguments. +# +# You should use BUS_MODULES and HWMON_MODULES instead if possible. + +MODULE_0=w83627ehf diff --git a/config-archive/etc/conf.d/lm_sensors.dist b/config-archive/etc/conf.d/lm_sensors.dist new file mode 100644 index 0000000..bae2ea0 --- /dev/null +++ b/config-archive/etc/conf.d/lm_sensors.dist @@ -0,0 +1,4 @@ +# /etc/conf.d/lm_sensors + +# NOTE: +# For module loading please use /etc/modules-load.d/lm_sensors.conf diff --git a/config-archive/etc/courier-imap/imapd b/config-archive/etc/courier-imap/imapd index c0d690d..e817027 100644 --- a/config-archive/etc/courier-imap/imapd +++ b/config-archive/etc/courier-imap/imapd @@ -1,4 +1,4 @@ -##VERSION: $Id: imapd.dist.in,v 1.41 2008/06/21 16:01:23 mrsam Exp $ +##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$ # # imapd created from imapd.dist by sysconftool # @@ -340,6 +340,24 @@ IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 +##NAME: IMAP_LOG_DELETIONS:0 +# +# +# Set IMAP_LOG_DELETIONS to log all message deletions to syslog. +# +# IMAP_LOG_DELETIONS=1 + +##NAME: IMAPDEBUGFILE:0 +# +# IMAPDEBUGFILE="imaplog.dat" +# +# Generate diagnostic logging of IMAP commands. +# +# Set this globally, restart the server. Touch this file in an account's +# maildir directory, and Courier-IMAP will append all IMAP commands received +# for new sessions for this account. NOTE: existing IMAP sessions are not +# affected, only new IMAP logins. + ##NAME: OUTBOX:0 # @@ -388,6 +406,30 @@ SENDMAIL=/usr/sbin/sendmail HEADERFROM=X-IMAP-Sender +##NAME: ID_FIELDS:0 +# +# Have the server be polite, and identify its version to the client. The client +# must be logged in before the server will identify itself. Additionally, +# the client will mutually supply its own software version, and the server will +# log it. +# +# Although the server's banner message identifies itself, in free-form manner, +# this the ID IMAP extension, for clients to log. +# +# IMAP_ID_FIELDS is the sum of the following values: +# +# 1 - identify the version of the IMAP server +# 2 - identify the operating system (if available) +# 4 - identify the operating system release (if available) +# +# A value of 0 identifies the server software only. +# +# Uncomment this setting to enable the IMAP ID extension. One reason you might +# want to enable it is to log the clients' software version. Enabling this +# setting will mutually log the client's software, in the system logs. +# +# IMAP_ID_FIELDS=0 + ##NAME: OUTBOX_MULTIPLE_SEND:0 # # Remove the following comment to allow a COPY of more than one message to diff --git a/config-archive/etc/courier-imap/imapd-ssl b/config-archive/etc/courier-imap/imapd-ssl index 93e9328..9111619 100644 --- a/config-archive/etc/courier-imap/imapd-ssl +++ b/config-archive/etc/courier-imap/imapd-ssl @@ -1,11 +1,11 @@ -##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $ +##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ # # imapd-ssl created from imapd-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for +# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -104,16 +104,27 @@ IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/sbin/couriertls +##NAME: TLS_PRIORITY:0 +# +# GnuTLS setting only +# +# Set TLS protocol priority settings (GnuTLS only) +# +# DEFAULT: NORMAL:-CTYPE-OPENPGP +# +# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" + ##NAME: TLS_PROTOCOL:0 # # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # -# SSL2 - SSLv2 # SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# SSL23 - all protocols (including TLS 1.x protocols) # TLS1 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 # # Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST # setting, below. @@ -131,7 +142,7 @@ COURIERTLS=/usr/sbin/couriertls # DEFAULT VALUES: # # SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) -TLS_PROTOCOL="SSL3" +TLS_PROTOCOL="SSL23" ##NAME: TLS_STARTTLS_PROTOCOL:0 # @@ -149,10 +160,8 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# To enable SSL2, remove the obvious "!SSLv2" part from the above list. -# +# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" # # GnuTLS: # @@ -170,6 +179,9 @@ TLS_STARTTLS_PROTOCOL=TLS1 # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_MIN_DH_BITS:0 # @@ -220,16 +232,6 @@ TLS_CERTS=X509 # This is supposed to be an inactivity timeout, but its not yet implemented. # -##NAME: TLS_DHCERTFILE:0 -# -# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. -# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA -# you must generate a DH pair that will be used. In most situations the -# DH pair is to be treated as confidential, and the file specified by -# TLS_DHCERTFILE must not be world-readable. -# -# TLS_DHCERTFILE= - ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS @@ -264,6 +266,12 @@ TLS_CERTS=X509 TLS_CERTFILE=/etc/courier-imap/imapd.pem +##NAME: TLS_DHPARAMS:0 +# +# TLS_DHPARAMS - DH parameter file. +# +TLS_DHPARAMS=/etc/ssl/dhparams.pem + ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. diff --git a/config-archive/etc/courier-imap/imapd-ssl.1 b/config-archive/etc/courier-imap/imapd-ssl.1 index 92d6619..93e9328 100644 --- a/config-archive/etc/courier-imap/imapd-ssl.1 +++ b/config-archive/etc/courier-imap/imapd-ssl.1 @@ -1,4 +1,4 @@ -##VERSION: $Id: imapd-ssl,v 1.3 2010/10/05 17:35:41 root Exp $ +##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $ # # imapd-ssl created from imapd-ssl.dist by sysconftool # @@ -149,7 +149,7 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH" +# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # To enable SSL2, remove the obvious "!SSLv2" part from the above list. # diff --git a/config-archive/etc/courier-imap/imapd-ssl.2 b/config-archive/etc/courier-imap/imapd-ssl.2 new file mode 100644 index 0000000..92d6619 --- /dev/null +++ b/config-archive/etc/courier-imap/imapd-ssl.2 @@ -0,0 +1,338 @@ +##VERSION: $Id: imapd-ssl,v 1.3 2010/10/05 17:35:41 root Exp $ +# +# imapd-ssl created from imapd-ssl.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for +# distribution information. +# +# This configuration file sets various options for the Courier-IMAP server +# when used to handle SSL IMAP connections. +# +# SSL and non-SSL connections are handled by a dedicated instance of the +# couriertcpd daemon. If you are accepting both SSL and non-SSL IMAP +# connections, you will start two instances of couriertcpd, one on the +# IMAP port 143, and another one on the IMAP-SSL port 993. +# +# Download OpenSSL from http://www.openssl.org/ +# +##NAME: SSLPORT:1 +# +# Options in the imapd-ssl configuration file AUGMENT the options in the +# imapd configuration file. First the imapd configuration file is read, +# then the imapd-ssl configuration file, so we do not have to redefine +# anything. +# +# However, some things do have to be redefined. The port number is +# specified by SSLPORT, instead of PORT. The default port is port 993. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possibly to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1 +# The SSLADDRESS setting is a default for ports that do not have +# a specified IP address. + +SSLPORT=993 + +##NAME: SSLADDRESS:0 +# +# Address to listen on, can be set to a single IP address. +# +# SSLADDRESS=127.0.0.1 + +SSLADDRESS=0 + +##NAME: SSLPIDFILE:0 +# +# That's the SSL IMAP port we'll listen on. +# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP. + +SSLPIDFILE=/var/run/imapd-ssl.pid + +##NAME: SSLLOGGEROPTS:0 +# +# courierlogger(1) options. +# + +SSLLOGGEROPTS="-name=imapd-ssl" + +##NAME: IMAPDSSLSTART:0 +# +# Different pid files, so that both instances of couriertcpd can coexist +# happily. +# +# You can also redefine IMAP_CAPABILITY, although I can't +# think of why you'd want to do that. +# +# +# Ok, the following settings are new to imapd-ssl: +# +# Whether or not to start IMAP over SSL on simap port: + +IMAPDSSLSTART=NO + +##NAME: IMAPDSTARTTLS:0 +# +# Whether or not to implement IMAP STARTTLS extension instead: + +IMAPDSTARTTLS=YES + +##NAME: IMAP_TLS_REQUIRED:1 +# +# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. +# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS +# is issued). + +IMAP_TLS_REQUIRED=0 + + +######################################################################### +# +# The following variables configure IMAP over SSL. If OpenSSL or GnuTLS +# is available during configuration, the couriertls helper gets compiled, and +# upon installation a dummy TLS_CERTFILE gets generated. +# +# WARNING: Peer certificate verification has NOT yet been tested. Proceed +# at your own risk. Only the basic SSL/TLS functionality is known to be +# working. Keep this in mind as you play with the following variables. +# +##NAME: COURIERTLS:0 +# + +COURIERTLS=/usr/sbin/couriertls + +##NAME: TLS_PROTOCOL:0 +# +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL2 - SSLv2 +# SSL3 - SSLv3 +# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# TLS1 - TLS1 +# +# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST +# setting, below. +# +# GnuTLS: +# +# SSL3 - SSLv3 +# TLS1 - TLS 1.0 +# TLS1_1 - TLS 1.1 +# +# When compiled against GnuTLS, multiple protocols can be selected as follows: +# +# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# +# DEFAULT VALUES: +# +# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) +TLS_PROTOCOL="SSL3" + +##NAME: TLS_STARTTLS_PROTOCOL:0 +# +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS +# extension, as opposed to IMAP over SSL on port 993. +# +# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL +TLS_STARTTLS_PROTOCOL=TLS1 + +##NAME: TLS_CIPHER_LIST:0 +# +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined +# +# OpenSSL: +# +# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH" +# +# To enable SSL2, remove the obvious "!SSLv2" part from the above list. +# +# +# GnuTLS: +# +# TLS_CIPHER_LIST="HIGH:MEDIUM" +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher + +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n +# +# GnuTLS only: +# +# Set the minimum number of acceptable bits for a DH key exchange. +# +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. + +##NAME: TLS_KX_LIST:0 +# +# GnuTLS only: +# +# Allowed key exchange protocols. The default of "ALL" should be sufficient. +# The list of supported key exchange protocols depends on the options GnuTLS +# was compiled against, but may include the following: +# +# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT + +TLS_KX_LIST=ALL + +##NAME: TLS_COMPRESSION:0 +# +# GnuTLS only: +# +# Optional compression. "ALL" selects all available compression methods. +# +# Available compression methods: DEFLATE, LZO, NULL + +TLS_COMPRESSION=ALL + +##NAME: TLS_CERTS:0 +# +# GnuTLS only: +# +# Supported certificate types are X509 and OPENPGP. +# +# OPENPGP has not been tested + +TLS_CERTS=X509 + +##NAME: TLS_TIMEOUT:0 +# TLS_TIMEOUT is currently not implemented, and reserved for future use. +# This is supposed to be an inactivity timeout, but its not yet implemented. +# + +##NAME: TLS_DHCERTFILE:0 +# +# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. +# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA +# you must generate a DH pair that will be used. In most situations the +# DH pair is to be treated as confidential, and the file specified by +# TLS_DHCERTFILE must not be world-readable. +# +# TLS_DHCERTFILE= + +##NAME: TLS_CERTFILE:0 +# +# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS +# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually +# treated as confidential, and must not be world-readable. Set TLS_CERTFILE +# instead of TLS_DHCERTFILE if this is a garden-variety certificate +# +# VIRTUAL HOSTS (servers only): +# +# Due to technical limitations in the original SSL/TLS protocol, a dedicated +# IP address is required for each virtual host certificate. If you have +# multiple certificates, install each certificate file as +# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address +# for the certificate's domain name. So, if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 +# and so on, for each IP address. +# +# GnuTLS only (servers only): +# +# GnuTLS implements a new TLS extension that eliminates the need to have a +# dedicated IP address for each SSL/TLS domain name. Install each certificate +# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, +# then you'll need to install the actual certificate files as +# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com +# and so on. +# +# Note that this TLS extension also requires a corresponding support in the +# client. Older SSL/TLS clients may not support this feature. +# +# This is an experimental feature. + +TLS_CERTFILE=/etc/courier-imap/imapd.pem + +##NAME: TLS_TRUSTCERTS:0 +# +# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. +# pathname can be a file or a directory. If a file, the file should +# contain a list of trusted certificates, in PEM format. If a +# directory, the directory should contain the trusted certificates, +# in PEM format, one per file and hashed using OpenSSL's c_rehash +# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying +# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set +# to PEER or REQUIREPEER). +# + +TLS_TRUSTCERTS=/etc/ssl/certs + +##NAME: TLS_VERIFYPEER:0 +# +# TLS_VERIFYPEER - how to verify client certificates. The possible values of +# this setting are: +# +# NONE - do not verify anything +# +# PEER - verify the client certificate, if one's presented +# +# REQUIREPEER - require a client certificate, fail if one's not presented +# +# +TLS_VERIFYPEER=NONE + + +##NAME: TLS_EXTERNAL:0 +# +# To enable SSL certificate-based authentication: +# +# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate +# authority's SSL certificate +# +# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings +# requires all SSL clients to present a certificate, and rejects +# SSL/TLS connections without a valid cert). +# +# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. +# Example: +# +# TLS_EXTERNAL=emailaddress +# +# The above example retrieves the login ID from the "emailaddress" subject +# field. The certificate's emailaddress subject must match exactly the login +# ID in the courier-authlib database. + +##NAME: TLS_CACHE:0 +# +# A TLS/SSL session cache may slightly improve response for IMAP clients +# that open multiple SSL sessions to the server. TLS_CACHEFILE will be +# automatically created, TLS_CACHESIZE bytes long, and used as a cache +# buffer. +# +# This is an experimental feature and should be disabled if it causes +# problems with SSL clients. Disable SSL caching by commenting out the +# following settings: + +TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache +TLS_CACHESIZE=524288 + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir diff --git a/config-archive/etc/courier-imap/imapd-ssl.dist b/config-archive/etc/courier-imap/imapd-ssl.dist index be0fb3f..47ca432 100644 --- a/config-archive/etc/courier-imap/imapd-ssl.dist +++ b/config-archive/etc/courier-imap/imapd-ssl.dist @@ -1,11 +1,11 @@ -##VERSION: $Id: imapd-ssl.dist.in,v 1.22 2009/08/12 22:25:49 mrsam Exp $ +##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ # # imapd-ssl created from imapd-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for +# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -54,7 +54,7 @@ SSLPIDFILE=/var/run/imapd-ssl.pid ##NAME: SSLLOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # SSLLOGGEROPTS="-name=imapd-ssl" @@ -104,40 +104,48 @@ IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/sbin/couriertls -##NAME: TLS_PROTOCOL:0 -# -# TLS_PROTOCOL sets the protocol version. The possible versions are: +##NAME: TLS_PRIORITY:0 # -# OpenSSL: +# GnuTLS setting only # -# SSL2 - SSLv2 -# SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) -# TLS1 - TLS1 +# Set TLS protocol priority settings (GnuTLS only) # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. +# DEFAULT: NORMAL:-CTYPE-OPENPGP # -# GnuTLS: +# This setting is also used to select the available ciphers. # -# SSL3 - SSLv3 -# TLS1 - TLS 1.0 -# TLS1_1 - TLS 1.1 +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: # -# When compiled against GnuTLS, multiple protocols can be selected as follows: +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL # -# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# Also, the following aliases: # -# DEFAULT VALUES: +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher # -# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS -# extension, as opposed to IMAP over SSL on port 993. +##NAME: TLS_PROTOCOL:0 +# +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL3 - SSLv3 +# SSL23 - all protocols (including TLS 1.x protocols) +# TLSv1 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 +# +# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# higher protocols. # -# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL +# The default value is TLSv1+ ##NAME: TLS_CIPHER_LIST:0 # @@ -147,10 +155,7 @@ COURIERTLS=/usr/sbin/couriertls # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# To enable SSL2, remove the obvious "!SSLv2" part from the above list. -# +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -168,66 +173,46 @@ COURIERTLS=/usr/sbin/couriertls # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher - -##NAME: TLS_MIN_DH_BITS:0 # -# TLS_MIN_DH_BITS=n -# -# GnuTLS only: +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. + +##NAME: TLS_STARTTLS_PROTOCOL:0 # -# Set the minimum number of acceptable bits for a DH key exchange. +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS +# extension, as opposed to IMAP over SSL on port 993. # -# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server -# have been encountered that offer 512 bit keys. You may have to set -# TLS_MIN_DH_BITS=512 here, if necessary. +# It takes the same values for OpenSSL as TLS_PROTOCOL -##NAME: TLS_KX_LIST:0 -# -# GnuTLS only: +##NAME: TLS_CIPHER_LIST:0 # -# Allowed key exchange protocols. The default of "ALL" should be sufficient. -# The list of supported key exchange protocols depends on the options GnuTLS -# was compiled against, but may include the following: +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined # -# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT - -TLS_KX_LIST=ALL - -##NAME: TLS_COMPRESSION:0 +# OpenSSL: # -# GnuTLS only: +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # -# Optional compression. "ALL" selects all available compression methods. # -# Available compression methods: DEFLATE, LZO, NULL -TLS_COMPRESSION=ALL - -##NAME: TLS_CERTS:0 +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n # # GnuTLS only: # -# Supported certificate types are X509 and OPENPGP. +# Set the minimum number of acceptable bits for a DH key exchange. # -# OPENPGP has not been tested - -TLS_CERTS=X509 +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. # This is supposed to be an inactivity timeout, but its not yet implemented. # -##NAME: TLS_DHCERTFILE:0 -# -# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. -# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA -# you must generate a DH pair that will be used. In most situations the -# DH pair is to be treated as confidential, and the file specified by -# TLS_DHCERTFILE must not be world-readable. -# -# TLS_DHCERTFILE= - ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS @@ -262,6 +247,12 @@ TLS_CERTS=X509 TLS_CERTFILE=/etc/courier-imap/imapd.pem +##NAME: TLS_DHPARAMS:0 +# +# TLS_DHPARAMS - DH parameter file. +# +TLS_DHPARAMS=/usr/share/dhparams.pem + ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. @@ -290,7 +281,6 @@ TLS_TRUSTCERTS=/etc/ssl/certs # TLS_VERIFYPEER=NONE - ##NAME: TLS_EXTERNAL:0 # # To enable SSL certificate-based authentication: diff --git a/config-archive/etc/courier-imap/imapd-ssl.dist.new b/config-archive/etc/courier-imap/imapd-ssl.dist.new deleted file mode 100644 index 0811b73..0000000 --- a/config-archive/etc/courier-imap/imapd-ssl.dist.new +++ /dev/null @@ -1,307 +0,0 @@ -##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ -# -# imapd-ssl created from imapd-ssl.dist by sysconftool -# -# Do not alter lines that begin with ##, they are used when upgrading -# this configuration. -# -# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for -# distribution information. -# -# This configuration file sets various options for the Courier-IMAP server -# when used to handle SSL IMAP connections. -# -# SSL and non-SSL connections are handled by a dedicated instance of the -# couriertcpd daemon. If you are accepting both SSL and non-SSL IMAP -# connections, you will start two instances of couriertcpd, one on the -# IMAP port 143, and another one on the IMAP-SSL port 993. -# -# Download OpenSSL from http://www.openssl.org/ -# -##NAME: SSLPORT:1 -# -# Options in the imapd-ssl configuration file AUGMENT the options in the -# imapd configuration file. First the imapd configuration file is read, -# then the imapd-ssl configuration file, so we do not have to redefine -# anything. -# -# However, some things do have to be redefined. The port number is -# specified by SSLPORT, instead of PORT. The default port is port 993. -# -# Multiple port numbers can be separated by commas. When multiple port -# numbers are used it is possibly to select a specific IP address for a -# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900" -# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1 -# The SSLADDRESS setting is a default for ports that do not have -# a specified IP address. - -SSLPORT=993 - -##NAME: SSLADDRESS:0 -# -# Address to listen on, can be set to a single IP address. -# -# SSLADDRESS=127.0.0.1 - -SSLADDRESS=0 - -##NAME: SSLPIDFILE:0 -# -# That's the SSL IMAP port we'll listen on. -# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP. - -SSLPIDFILE=/var/run/imapd-ssl.pid - -##NAME: SSLLOGGEROPTS:0 -# -# courierlogger(1) options. -# - -SSLLOGGEROPTS="-name=imapd-ssl" - -##NAME: IMAPDSSLSTART:0 -# -# Different pid files, so that both instances of couriertcpd can coexist -# happily. -# -# You can also redefine IMAP_CAPABILITY, although I can't -# think of why you'd want to do that. -# -# -# Ok, the following settings are new to imapd-ssl: -# -# Whether or not to start IMAP over SSL on simap port: - -IMAPDSSLSTART=NO - -##NAME: IMAPDSTARTTLS:0 -# -# Whether or not to implement IMAP STARTTLS extension instead: - -IMAPDSTARTTLS=YES - -##NAME: IMAP_TLS_REQUIRED:1 -# -# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. -# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS -# is issued). - -IMAP_TLS_REQUIRED=0 - - -######################################################################### -# -# The following variables configure IMAP over SSL. If OpenSSL or GnuTLS -# is available during configuration, the couriertls helper gets compiled, and -# upon installation a dummy TLS_CERTFILE gets generated. -# -# WARNING: Peer certificate verification has NOT yet been tested. Proceed -# at your own risk. Only the basic SSL/TLS functionality is known to be -# working. Keep this in mind as you play with the following variables. -# -##NAME: COURIERTLS:0 -# - -COURIERTLS=/usr/sbin/couriertls - -##NAME: TLS_PRIORITY:0 -# -# GnuTLS setting only -# -# Set TLS protocol priority settings (GnuTLS only) -# -# DEFAULT: NORMAL:-CTYPE-OPENPGP -# -# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" - -##NAME: TLS_PROTOCOL:0 -# -# TLS_PROTOCOL sets the protocol version. The possible versions are: -# -# OpenSSL: -# -# SSL3 - SSLv3 -# SSL23 - all protocols (including TLS 1.x protocols) -# TLS1 - TLS1 -# TLSv1.1 - TLS1.1 -# TLSv1.2 - TLS1.2 -# -# Leave it unset to use any protocol except SSL 2. - -##NAME: TLS_CIPHER_LIST:0 -# -# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the -# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST -# undefined -# -# OpenSSL: -# -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# GnuTLS: -# -# TLS_CIPHER_LIST="HIGH:MEDIUM" -# -# The actual list of available ciphers depend on the options GnuTLS was -# compiled against. The possible ciphers are: -# -# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL -# -# Also, the following aliases: -# -# HIGH -- all ciphers that use more than a 128 bit key size -# MEDIUM -- all ciphers that use a 128 bit key size -# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher -# is not included -# ALL -- all ciphers except the NULL cipher -# -# See GnuTLS documentation, gnutls_priority_init(3) for additional -# documentation. - -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS -# extension, as opposed to IMAP over SSL on port 993. -# -# It takes the same values for OpenSSL as TLS_PROTOCOL - -##NAME: TLS_CIPHER_LIST:0 -# -# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the -# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST -# undefined -# -# OpenSSL: -# -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# - -##NAME: TLS_MIN_DH_BITS:0 -# -# TLS_MIN_DH_BITS=n -# -# GnuTLS only: -# -# Set the minimum number of acceptable bits for a DH key exchange. -# -# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server -# have been encountered that offer 512 bit keys. You may have to set -# TLS_MIN_DH_BITS=512 here, if necessary. - -##NAME: TLS_TIMEOUT:0 -# TLS_TIMEOUT is currently not implemented, and reserved for future use. -# This is supposed to be an inactivity timeout, but its not yet implemented. -# - -##NAME: TLS_CERTFILE:0 -# -# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS -# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually -# treated as confidential, and must not be world-readable. Set TLS_CERTFILE -# instead of TLS_DHCERTFILE if this is a garden-variety certificate -# -# VIRTUAL HOSTS (servers only): -# -# Due to technical limitations in the original SSL/TLS protocol, a dedicated -# IP address is required for each virtual host certificate. If you have -# multiple certificates, install each certificate file as -# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address -# for the certificate's domain name. So, if TLS_CERTFILE is set to -# /etc/certificate.pem, then you'll need to install the actual certificate -# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 -# and so on, for each IP address. -# -# GnuTLS only (servers only): -# -# GnuTLS implements a new TLS extension that eliminates the need to have a -# dedicated IP address for each SSL/TLS domain name. Install each certificate -# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, -# then you'll need to install the actual certificate files as -# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com -# and so on. -# -# Note that this TLS extension also requires a corresponding support in the -# client. Older SSL/TLS clients may not support this feature. -# -# This is an experimental feature. - -TLS_CERTFILE=/etc/courier-imap/imapd.pem - -##NAME: TLS_DHPARAMS:0 -# -# TLS_DHPARAMS - DH parameter file. -# -TLS_DHPARAMS=/usr/share/dhparams.pem - -##NAME: TLS_TRUSTCERTS:0 -# -# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. -# pathname can be a file or a directory. If a file, the file should -# contain a list of trusted certificates, in PEM format. If a -# directory, the directory should contain the trusted certificates, -# in PEM format, one per file and hashed using OpenSSL's c_rehash -# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying -# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set -# to PEER or REQUIREPEER). -# - -TLS_TRUSTCERTS=/etc/ssl/certs - -##NAME: TLS_VERIFYPEER:0 -# -# TLS_VERIFYPEER - how to verify client certificates. The possible values of -# this setting are: -# -# NONE - do not verify anything -# -# PEER - verify the client certificate, if one's presented -# -# REQUIREPEER - require a client certificate, fail if one's not presented -# -# -TLS_VERIFYPEER=NONE - -##NAME: TLS_EXTERNAL:0 -# -# To enable SSL certificate-based authentication: -# -# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate -# authority's SSL certificate -# -# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings -# requires all SSL clients to present a certificate, and rejects -# SSL/TLS connections without a valid cert). -# -# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. -# Example: -# -# TLS_EXTERNAL=emailaddress -# -# The above example retrieves the login ID from the "emailaddress" subject -# field. The certificate's emailaddress subject must match exactly the login -# ID in the courier-authlib database. - -##NAME: TLS_CACHE:0 -# -# A TLS/SSL session cache may slightly improve response for IMAP clients -# that open multiple SSL sessions to the server. TLS_CACHEFILE will be -# automatically created, TLS_CACHESIZE bytes long, and used as a cache -# buffer. -# -# This is an experimental feature and should be disabled if it causes -# problems with SSL clients. Disable SSL caching by commenting out the -# following settings: - -TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache -TLS_CACHESIZE=524288 - -##NAME: MAILDIRPATH:0 -# -# MAILDIRPATH - directory name of the maildir directory. -# -MAILDIRPATH=Maildir - -# Hardwire a value for ${MAILDIR} -MAILDIR=.maildir -MAILDIRPATH=.maildir diff --git a/config-archive/etc/courier-imap/imapd.1 b/config-archive/etc/courier-imap/imapd.1 index 3c6c141..c0d690d 100644 --- a/config-archive/etc/courier-imap/imapd.1 +++ b/config-archive/etc/courier-imap/imapd.1 @@ -1,4 +1,4 @@ -##VERSION: $Id: imapd,v 1.2 2010/10/05 17:24:49 root Exp $ +##VERSION: $Id: imapd.dist.in,v 1.41 2008/06/21 16:01:23 mrsam Exp $ # # imapd created from imapd.dist by sysconftool # diff --git a/config-archive/etc/courier-imap/imapd.2 b/config-archive/etc/courier-imap/imapd.2 new file mode 100644 index 0000000..3c6c141 --- /dev/null +++ b/config-archive/etc/courier-imap/imapd.2 @@ -0,0 +1,429 @@ +##VERSION: $Id: imapd,v 1.2 2010/10/05 17:24:49 root Exp $ +# +# imapd created from imapd.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for +# distribution information. +# +# This configuration file sets various options for the Courier-IMAP server +# when used with the couriertcpd server. +# A lot of the stuff here is documented in the manual page for couriertcpd. +# +# NOTE - do not use \ to split long variable contents on multiple lines. +# This will break the default imapd.rc script, which parses this file. +# +##NAME: ADDRESS:0 +# +# Address to listen on, can be set to a single IP address. +# +# ADDRESS=127.0.0.1 + +ADDRESS=0 + +##NAME: PORT:1 +# +# Port numbers that connections are accepted on. The default is 143, +# the standard IMAP port. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possible to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 +# The previous ADDRESS setting is a default for ports that do not have +# a specified IP address. + +PORT=143 + +##NAME: AUTHSERVICE:0 +# +# It's possible to authenticate using a different 'service' parameter +# depending on the connection's port. This only works with authentication +# modules that use the 'service' parameter, such as PAM. Example: +# +# AUTHSERVICE143=imap +# AUTHSERVICE993=imaps + +##NAME: MAXDAEMONS:0 +# +# Maximum number of IMAP servers started +# + +MAXDAEMONS=40 + +##NAME: MAXPERIP:0 +# +# Maximum number of connections to accept from the same IP address + +MAXPERIP=10 + +##NAME: PIDFILE:0 +# +# File where couriertcpd will save its process ID +# + +PIDFILE=/var/run/imapd.pid + +##NAME: TCPDOPTS:0 +# +# Miscellaneous couriertcpd options that shouldn't be changed. +# + +TCPDOPTS="-nodnslookup -noidentlookup" + +##NAME: LOGGEROPTS:0 +# +# courierlogger(1) options. +# + +LOGGEROPTS="-name=imapd" + +##NAME: DEFDOMAIN:0 +# +# Optional default domain. If the username does not contain the +# first character of DEFDOMAIN, then it is appended to the username. +# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended +# only if the username does not contain any character from DOMAINSEP. +# You can set different default domains based on the the interface IP +# address using the -access and -accesslocal options of couriertcpd(1). + +#DEFDOMAIN="@example.com" + +##NAME: IMAP_CAPABILITY:1 +# +# IMAP_CAPABILITY specifies what most of the response should be to the +# CAPABILITY command. +# +# If you have properly configured Courier to use CRAM-MD5, CRAM-SHA1, or +# CRAM-SHA256 authentication (see INSTALL), set IMAP_CAPABILITY as follows: +# +# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" +# + +IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" + +##NAME: KEYWORDS_CAPABILITY:0 +# +# IMAP_KEYWORDS=1 enables custom IMAP keywords. Set this option to 0 to +# disable custom keywords. +# +# IMAP_KEYWORDS=2 also enables custom IMAP keywords, but uses a slower +# algorithm. Use this setting if keyword-related problems occur when +# multiple IMAP clients are updating keywords on the same message. + +IMAP_KEYWORDS=1 + +##NAME: ACL_CAPABILITY:0 +# +# IMAP_ACL=1 enables IMAP ACL extension. Set this option to 0 to +# disable ACL capabilities announce. + +IMAP_ACL=1 + +##NAME: SMAP1_CAPABILITY:0 +# +# EXPERIMENTAL +# +# To enable the experimental "Simple Mail Access Protocol" extensions, +# uncomment the following setting. +# +# SMAP_CAPABILITY=SMAP1 + +##NAME: IMAP_CAPABILITY_ORIG:2 +# +# For use by webadmin + +IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" + +##NAME: IMAP_PROXY:0 +# +# Enable proxying. See README.proxy + +IMAP_PROXY=0 + +##NAME: PROXY_HOSTNAME:0 +# +# Override value from gethostname() when checking if a proxy connection is +# required. +# +# PROXY_HOSTNAME= + +##NAME: IMAP_PROXY_FOREIGN:0 +# +# Proxying to non-Courier servers. Re-sends the CAPABILITY command after +# logging in to the remote server. May not work with all IMAP clients. + +IMAP_PROXY_FOREIGN=0 + +##NAME: IMAP_IDLE_TIMEOUT:0 +# +# This setting controls how often +# the server polls for changes to the folder, in IDLE mode (in seconds). + +IMAP_IDLE_TIMEOUT=60 + +##NAME: IMAP_MAILBOX_SANITY_CHECK:0 +# +# Sanity check -- make sure home directory and maildir's ownership matches +# the IMAP server's effective uid and gid + +IMAP_MAILBOX_SANITY_CHECK=1 + +##NAME: IMAP_CAPABILITY_TLS:0 +# +# The following setting will advertise SASL PLAIN authentication after +# STARTTLS is established. If you want to allow SASL PLAIN authentication +# with or without TLS then just comment this out, and add AUTH=PLAIN to +# IMAP_CAPABILITY + +IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" + +##NAME: IMAP_TLS_ORIG:0 +# +# For use by webadmin + +IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" + +##NAME: IMAP_DISABLETHREADSORT:0 +# +# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands - +# server side sorting and threading. +# +# Those capabilities will still be advertised, but the server will reject +# them. Set this option if you want to disable all the extra load from +# server-side threading and sorting. Not advertising those capabilities +# will simply result in the clients reading the entire folder, and sorting +# it on the client side. That will still put some load on the server. +# advertising these capabilities, but rejecting the commands, will stop this +# silliness. +# + +IMAP_DISABLETHREADSORT=0 + +##NAME: IMAP_CHECK_ALL_FOLDERS:0 +# +# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new +# mail in every folder. Not all IMAP clients use the IMAP's new mail +# indicator, but some do. Normally new mail is checked only in INBOX, +# because it is a comparatively time consuming operation, and it would be +# a complete waste of time unless mail filters are used to deliver +# mail directly to folders. +# +# When IMAP clients are used which support new mail indication, and when +# mail filters are used to sort incoming mail into folders, setting +# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new +# mail in folders. Note that this will result in slightly more load on the +# server. +# + +IMAP_CHECK_ALL_FOLDERS=0 + +##NAME: IMAP_OBSOLETE_CLIENT:0 +# +# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean +# what \\HasNoChildren really means. + +IMAP_OBSOLETE_CLIENT=0 + +##NAME: IMAP_UMASK:0 +# +# IMAP_UMASK sets the umask of the server process. The value of IMAP_UMASK is +# simply passed to the "umask" command. The default value is 022. +# +# This feature is mostly useful for shared folders, where the file permissions +# of the messages may be important. + +IMAP_UMASK=022 + +##NAME: IMAP_ULIMITD:0 +# +# IMAP_ULIMITD sets the maximum size of the data segment of the server +# process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d" +# command (or ulimit -v). The argument to ulimi sets the upper limit on the +# size of the data segment of the server process, in kilobytes. The default +# value of 65536 sets a very generous limit of 64 megabytes, which should +# be more than plenty for anyone. +# +# This feature is used as an additional safety check that should stop +# any potential denial-of-service attacks that exploit any kind of +# a memory leak to exhaust all the available memory on the server. +# It is theoretically possible that obscenely huge folders will also +# result in the server running out of memory when doing server-side +# sorting (by my calculations you have to have at least 100,000 messages +# in a single folder, for that to happen). + +IMAP_ULIMITD=65536 + +##NAME: IMAP_USELOCKS:0 +# +# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent +# multiple access to the same folder. This incurs slight additional +# overhead. Concurrent multiple access will still work without this setting, +# however occasionally a minor race condition may result in an IMAP client +# downloading the same message twice, or a keyword update will fail. +# +# IMAP_USELOCKS=1 is strongly recommended when shared folders are used. + +IMAP_USELOCKS=1 + +##NAME: IMAP_SHAREDINDEXFILE:0 +# +# The index of all accessible folders. Do not change this setting unless +# you know what you're doing. See README.sharedfolders for additional +# information. + +IMAP_SHAREDINDEXFILE=/etc/courier-imap/shared/index + +##NAME: IMAP_ENHANCEDIDLE:0 +# +# If Courier was compiled with the File Alteration Monitor, setting +# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple +# clients may open the same folder concurrently, and receive updates to +# folder contents in realtime. See the imapd(8) man page for additional +# information. +# +# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included +# in the IMAP_CAPABILITY list. +# + +IMAP_ENHANCEDIDLE=0 + +##NAME: IMAP_TRASHFOLDERNAME:0 +# +# The name of the magic trash Folder. For MSOE compatibility, +# you can set IMAP_TRASHFOLDERNAME="Deleted Items". +# +# IMPORTANT: If you change this, you must also change IMAP_EMPTYTRASH + +IMAP_TRASHFOLDERNAME=Trash + +##NAME: IMAP_EMPTYTRASH:0 +# +# The following setting is optional, and causes messages from the given +# folder to be automatically deleted after the given number of days. +# IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default +# setting, below, purges 7 day old messages from the Trash folder. +# Another useful setting would be: +# +# IMAP_EMPTYTRASH=Trash:7,Sent:30 +# +# This would also delete messages from the Sent folder (presumably copies +# of sent mail) after 30 days. This is a global setting that is applied to +# every mail account, and is probably useful in a controlled, corporate +# environment. +# +# Important: the purging is controlled by CTIME, not MTIME (the file time +# as shown by ls). It is perfectly ordinary to see stuff in Trash that's +# a year old. That's the file modification time, MTIME, that's displayed. +# This is generally when the message was originally delivered to this +# mailbox. Purging is controlled by a different timestamp, CTIME, which is +# changed when the file is moved to the Trash folder (and at other times too). +# +# You might want to disable this setting in certain situations - it results +# in a stat() of every file in each folder, at login and logout. +# + +IMAP_EMPTYTRASH=Trash:7 + +##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0 +# +# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This +# effectively allows an undo of message deletion by fishing the deleted +# mail from trash. Trash can be manually expunged as usually, and mail +# will get automatically expunged from Trash according to IMAP_EMPTYTRASH. +# +# NOTE: shared folders are still expunged as usual. Shared folders are +# not affected. +# + +IMAP_MOVE_EXPUNGE_TO_TRASH=0 + + +##NAME: OUTBOX:0 +# +# The next set of options deal with the "Outbox" enhancement. +# Uncomment the following setting to create a special folder, named +# INBOX.Outbox +# +# OUTBOX=.Outbox + +##NAME: SENDMAIL:0 +# +# If OUTBOX is defined, mail can be sent via the IMAP connection by copying +# a message to the INBOX.Outbox folder. For all practical matters, +# INBOX.Outbox looks and behaves just like any other IMAP folder. If this +# folder doesn't exist it must be created by the IMAP mail client, just +# like any other IMAP folder. The kicker: any message copied or moved to +# this folder is will be E-mailed by the Courier-IMAP server, by running +# the SENDMAIL program. Therefore, messages copied or moved to this +# folder must be well-formed RFC-2822 messages, with the recipient list +# specified in the To:, Cc:, and Bcc: headers. Courier-IMAP relies on +# SENDMAIL to read the recipient list from these headers (and delete the Bcc: +# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the +# message piped on standard input. $SENDER will be the return address +# of the message, which is set by the authentication module. +# +# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing. +# + +SENDMAIL=/usr/sbin/sendmail + +##NAME: HEADERFROM:0 +# +# For administrative and oversight purposes, the return address, $SENDER +# will also be saved in the X-IMAP-Sender mail header. This header gets +# added to the sent E-mail (but it doesn't get saved in the copy of the +# message that's saved in the folder) +# +# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive +# the magic OUTBOX treatment. Therefore advance LARTing is in order for +# _all_ of your lusers, until every one of them is aware of this. Otherwise if +# OUTBOX is left at its default setting - a folder name that might be used +# accidentally - some people may be in for a rude surprise. You can redefine +# the name of the magic folder by changing OUTBOX, above. You should do that +# and pick a less-obvious name. Perhaps brand it with your organizational +# name ( OUTBOX=.WidgetsAndSonsOutbox ) + +HEADERFROM=X-IMAP-Sender + +##NAME: OUTBOX_MULTIPLE_SEND:0 +# +# Remove the following comment to allow a COPY of more than one message to +# the Outbox, at a time. +# +# OUTBOX_MULTIPLE_SEND=1 + +##NAME: IMAPDSTART:0 +# +# IMAPDSTART is not used directly. Rather, this is a convenient flag to +# be read by your system startup script in /etc/rc.d, like this: +# +# . /etc/courier-imap/imapd +# +# case x$IMAPDSTART in +# x[yY]*) +# /usr/lib64/courier-imap/imapd.rc start +# ;; +# esac +# +# The default setting is going to be NO, so you'll have to manually flip +# it to yes. + +IMAPDSTART=YES + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir +# Put any program for ${PRERUN} here +PRERUN= +# Put any program for ${LOGINRUN} here +# this is for relay-ctrl-allow in 4* +LOGINRUN= diff --git a/config-archive/etc/courier-imap/imapd.dist b/config-archive/etc/courier-imap/imapd.dist index 7c20c45..d58ca75 100644 --- a/config-archive/etc/courier-imap/imapd.dist +++ b/config-archive/etc/courier-imap/imapd.dist @@ -1,11 +1,11 @@ -##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$ +##VERSION: $Id: 106596a150c4585c41d65f60a17e173402125332-20150610064018$ # # imapd created from imapd.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for +# Copyright 1998 - 2015 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -73,16 +73,22 @@ PIDFILE=/var/run/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" +##NAME: ACCESSFILE:0 +# +# IMAP access file. + +IMAPACCESSFILE=/etc/courier-imap/imapaccess + ##NAME: LOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # LOGGEROPTS="-name=imapd" ##NAME: DEFDOMAIN:0 # -# Optional default domain. If the username does not contain the +# Optional default domain. If the username does not contain the # first character of DEFDOMAIN, then it is appended to the username. # If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended # only if the username does not contain any character from DOMAINSEP. @@ -347,6 +353,27 @@ IMAP_MOVE_EXPUNGE_TO_TRASH=0 # # IMAP_LOG_DELETIONS=1 +##NAME: AUTH_MKHOMEDIR_SKEL:0 +# +# Uncomment this setting to automatically create a home directory on first +# login. if the AUTH_MKHOMEDIR_SKEL environment variable is set, and the +# home directory does not exist, the home directory gets created, with its +# initial contents copied from AUTH_MKHOMEDIR_SKEL which must be a directory, +# typically /etc/skel. +# +# Note that this must be a complete home directory structure, including +# the maildir. Typically: +# +# mkdir /etc/skel +# chmod 700 /etc/skel +# maildirmak /etc/skel/Maildir +# +# This directory gets copied as is, preserving each file/subdirectory's +# permissions, with only userid/groupid changed to match the account's. +# +# +# AUTH_MKHOMEDIR_SKEL=/etc/skel + ##NAME: IMAPDEBUGFILE:0 # # IMAPDEBUGFILE="imaplog.dat" diff --git a/config-archive/etc/courier-imap/pop3d-ssl.dist b/config-archive/etc/courier-imap/pop3d-ssl.dist index 472fa52..7f5fc42 100644 --- a/config-archive/etc/courier-imap/pop3d-ssl.dist +++ b/config-archive/etc/courier-imap/pop3d-ssl.dist @@ -1,11 +1,11 @@ -##VERSION: $Id: pop3d-ssl.dist.in,v 1.23 2009/08/12 22:25:49 mrsam Exp $ +##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ # # pop3d-ssl created from pop3d-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000-2008 Double Precision, Inc. See COPYING for +# Copyright 2000-2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -52,7 +52,7 @@ SSLPIDFILE=/var/run/pop3d-ssl.pid ##NAME: SSLLOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # SSLLOGGEROPTS="-name=pop3d-ssl" @@ -89,42 +89,48 @@ POP3_TLS_REQUIRED=0 COURIERTLS=/usr/sbin/couriertls -##NAME: TLS_PROTOCOL:0 -# -# TLS_PROTOCOL sets the protocol version. The possible versions are: +##NAME: TLS_PRIORITY:0 # -# OpenSSL: +# Set TLS protocol priority settings (GnuTLS only) # -# SSL2 - SSLv2 -# SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) -# TLS1 - TLS1 +# DEFAULT: NORMAL:-CTYPE-OPENPGP # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. +# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" # -# GnuTLS: +# This setting is also used to select the available ciphers. # -# SSL3 - SSLv3 -# TLS1 - TLS 1.0 -# TLS1_1 - TLS 1.1 +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: # -# When compiled against GnuTLS, multiple protocols can be selected as follows: +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL # -# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# Also, the following aliases: # -# DEFAULT VALUES: +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher # -# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS -# extension, as opposed to POP3 over SSL on port 995. +##NAME: TLS_PROTOCOL:0 # -# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL - -TLS_STARTTLS_PROTOCOL=TLS1 +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL3 - SSLv3 +# SSL23 - all protocols (including TLS 1.x protocols) +# TLSv11 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 +# +# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# higher protocols. +# +# The default value is TLSv1+ ##NAME: TLS_CIPHER_LIST:0 # @@ -134,10 +140,7 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# To enable SSL2, remove the obvious "!SSLv2" part from the above list. -# +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -155,7 +158,9 @@ TLS_STARTTLS_PROTOCOL=TLS1 # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher - +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_MIN_DH_BITS:0 # @@ -169,53 +174,11 @@ TLS_STARTTLS_PROTOCOL=TLS1 # have been encountered that offer 512 bit keys. You may have to set # TLS_MIN_DH_BITS=512 here, if necessary. -##NAME: TLS_KX_LIST:0 -# -# GnuTLS only: -# -# Allowed key exchange protocols. The default of "ALL" should be sufficient. -# The list of supported key exchange protocols depends on the options GnuTLS -# was compiled against, but may include the following: -# -# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT - -TLS_KX_LIST=ALL - -##NAME: TLS_COMPRESSION:0 -# -# GnuTLS only: -# -# Optional compression. "ALL" selects all available compression methods. -# -# Available compression methods: DEFLATE, LZO, NULL - -TLS_COMPRESSION=ALL - -##NAME: TLS_CERTS:0 -# -# GnuTLS only: -# -# Supported certificate types are X509 and OPENPGP. -# -# OPENPGP has not been tested - -TLS_CERTS=X509 - ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. # This is supposed to be an inactivity timeout, but its not yet implemented. # -##NAME: TLS_DHCERTFILE:0 -# -# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. -# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA -# you must generate a DH pair that will be used. In most situations the -# DH pair is to be treated as confidential, and the file specified by -# TLS_DHCERTFILE must not be world-readable. -# -# TLS_DHCERTFILE= - ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS @@ -250,6 +213,12 @@ TLS_CERTS=X509 TLS_CERTFILE=/etc/courier-imap/pop3d.pem +##NAME: TLS_DHPARAMS:0 +# +# TLS_DHPARAMS - DH parameter file. +# +TLS_DHPARAMS=/usr/share/dhparams.pem + ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. diff --git a/config-archive/etc/courier-imap/pop3d-ssl.dist.new b/config-archive/etc/courier-imap/pop3d-ssl.dist.new deleted file mode 100644 index 8597a05..0000000 --- a/config-archive/etc/courier-imap/pop3d-ssl.dist.new +++ /dev/null @@ -1,270 +0,0 @@ -##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ -# -# pop3d-ssl created from pop3d-ssl.dist by sysconftool -# -# Do not alter lines that begin with ##, they are used when upgrading -# this configuration. -# -# Copyright 2000-2013 Double Precision, Inc. See COPYING for -# distribution information. -# -# This configuration file sets various options for the Courier-IMAP server -# when used to handle SSL POP3 connections. -# -# SSL and non-SSL connections are handled by a dedicated instance of the -# couriertcpd daemon. If you are accepting both SSL and non-SSL POP3 -# connections, you will start two instances of couriertcpd, one on the -# POP3 port 110, and another one on the POP3-SSL port 995. -# -# Download OpenSSL from http://www.openssl.org/ -# -##NAME: SSLPORT:0 -# -# Options in the pop3d-ssl configuration file AUGMENT the options in the -# pop3d configuration file. First the pop3d configuration file is read, -# then the pop3d-ssl configuration file, so we do not have to redefine -# anything. -# -# However, some things do have to be redefined. The port number is -# specified by SSLPORT, instead of PORT. The default port is port 995. -# -# Multiple port numbers can be separated by commas. When multiple port -# numbers are used it is possibly to select a specific IP address for a -# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900" -# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1 -# The SSLADDRESS setting is a default for ports that do not have -# a specified IP address. - -SSLPORT=995 - -##NAME: SSLADDRESS:0 -# -# Address to listen on, can be set to a single IP address. -# -# SSLADDRESS=127.0.0.1 - -SSLADDRESS=0 - -##NAME: SSLPIDFILE:0 -# - -SSLPIDFILE=/var/run/pop3d-ssl.pid - -##NAME: SSLLOGGEROPTS:0 -# -# courierlogger(1) options. -# - -SSLLOGGEROPTS="-name=pop3d-ssl" - -##NAME: POP3DSSLSTART:0 -# -# Whether or not to start POP3 over SSL on spop3 port: - -POP3DSSLSTART=NO - -##NAME: POP3_STARTTLS:0 -# -# Whether or not to implement the POP3 STLS extension: - -POP3_STARTTLS=YES - -##NAME: POP3_TLS_REQUIRED:1 -# -# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. -# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS -# is issued). - -POP3_TLS_REQUIRED=0 - -##NAME: COURIERTLS:0 -# -# The following variables configure POP3 over SSL. If OpenSSL or GnuTLS -# is available during configuration, the couriertls helper gets compiled, and -# upon installation a dummy TLS_CERTFILE gets generated. -# -# WARNING: Peer certificate verification has NOT yet been tested. Proceed -# at your own risk. Only the basic SSL/TLS functionality is known to be -# working. Keep this in mind as you play with the following variables. - -COURIERTLS=/usr/sbin/couriertls - -##NAME: TLS_PRIORITY:0 -# -# Set TLS protocol priority settings (GnuTLS only) -# -# DEFAULT: NORMAL:-CTYPE-OPENPGP -# -# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" - -##NAME: TLS_PROTOCOL:0 -# -# TLS_PROTOCOL sets the protocol version. The possible versions are: -# -# OpenSSL: -# -# SSL3 - SSLv3 -# SSL23 - all protocols (including TLS 1.x protocols) -# TLS1 - TLS1 -# TLSv1.1 - TLS1.1 -# TLSv1.2 - TLS1.2 -# -# Leave it unset to use any protocol except SSL 2. - -##NAME: TLS_CIPHER_LIST:0 -# -# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the -# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST -# undefined -# -# OpenSSL: -# -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# GnuTLS: -# -# TLS_CIPHER_LIST="HIGH:MEDIUM" -# -# The actual list of available ciphers depend on the options GnuTLS was -# compiled against. The possible ciphers are: -# -# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL -# -# Also, the following aliases: -# -# HIGH -- all ciphers that use more than a 128 bit key size -# MEDIUM -- all ciphers that use a 128 bit key size -# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher -# is not included -# ALL -- all ciphers except the NULL cipher -# -# See GnuTLS documentation, gnutls_priority_init(3) for additional -# documentation. - -##NAME: TLS_MIN_DH_BITS:0 -# -# TLS_MIN_DH_BITS=n -# -# GnuTLS only: -# -# Set the minimum number of acceptable bits for a DH key exchange. -# -# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server -# have been encountered that offer 512 bit keys. You may have to set -# TLS_MIN_DH_BITS=512 here, if necessary. - -##NAME: TLS_TIMEOUT:0 -# TLS_TIMEOUT is currently not implemented, and reserved for future use. -# This is supposed to be an inactivity timeout, but its not yet implemented. -# - -##NAME: TLS_CERTFILE:0 -# -# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS -# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually -# treated as confidential, and must not be world-readable. Set TLS_CERTFILE -# instead of TLS_DHCERTFILE if this is a garden-variety certificate -# -# VIRTUAL HOSTS (servers only): -# -# Due to technical limitations in the original SSL/TLS protocol, a dedicated -# IP address is required for each virtual host certificate. If you have -# multiple certificates, install each certificate file as -# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address -# for the certificate's domain name. So, if TLS_CERTFILE is set to -# /etc/certificate.pem, then you'll need to install the actual certificate -# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 -# and so on, for each IP address. -# -# GnuTLS only (servers only): -# -# GnuTLS implements a new TLS extension that eliminates the need to have a -# dedicated IP address for each SSL/TLS domain name. Install each certificate -# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, -# then you'll need to install the actual certificate files as -# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com -# and so on. -# -# Note that this TLS extension also requires a corresponding support in the -# client. Older SSL/TLS clients may not support this feature. -# -# This is an experimental feature. - -TLS_CERTFILE=/etc/courier-imap/pop3d.pem - -##NAME: TLS_DHPARAMS:0 -# -# TLS_DHPARAMS - DH parameter file. -# -TLS_DHPARAMS=/usr/share/dhparams.pem - -##NAME: TLS_TRUSTCERTS:0 -# -# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. -# pathname can be a file or a directory. If a file, the file should -# contain a list of trusted certificates, in PEM format. If a -# directory, the directory should contain the trusted certificates, -# in PEM format, one per file and hashed using OpenSSL's c_rehash -# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying -# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set -# to PEER or REQUIREPEER). -# - -TLS_TRUSTCERTS=/etc/ssl/certs - -##NAME: TLS_VERIFYPEER:0 -# -# TLS_VERIFYPEER - how to verify client certificates. The possible values of -# this setting are: -# -# NONE - do not verify anything -# -# PEER - verify the client certificate, if one's presented -# -# REQUIREPEER - require a client certificate, fail if one's not presented -# -# -TLS_VERIFYPEER=NONE - -##NAME: TLS_EXTERNAL:0 -# -# To enable SSL certificate-based authentication: -# -# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate -# authority's SSL certificate -# -# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings -# requires all SSL clients to present a certificate, and rejects -# SSL/TLS connections without a valid cert). -# -# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. -# Example: -# -# TLS_EXTERNAL=emailaddress -# -# The above example retrieves the login ID from the "emailaddress" subject -# field. The certificate's emailaddress subject must match exactly the login -# ID in the courier-authlib database. - -##NAME: TLS_CACHE:0 -# -# A TLS/SSL session cache may slightly improve response for long-running -# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE -# bytes long, and used as a cache buffer. -# -# This is an experimental feature and should be disabled if it causes -# problems with SSL clients. Disable SSL caching by commenting out the -# following settings: - -TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache -TLS_CACHESIZE=524288 - -##NAME: MAILDIRPATH:0 -# -# MAILDIRPATH - directory name of the maildir directory. -# -MAILDIRPATH=Maildir - -# Hardwire a value for ${MAILDIR} -MAILDIR=.maildir -MAILDIRPATH=.maildir diff --git a/config-archive/etc/hosts b/config-archive/etc/hosts index 43d0c67..d16bd02 100644 --- a/config-archive/etc/hosts +++ b/config-archive/etc/hosts @@ -15,6 +15,11 @@ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df helga.brehm-online.com helga h1763652.stratoserver.net h1763652 2001:6f8:1c00:365::2 home.brehm-online.com +#2a02:8109:9300:488:5604:a6ff:fe38:99f9 bruni bruni.home.brehm-online.com +2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9 bruni bruni.home.brehm-online.com +2a02:8109:ae3f:fa04:fdab:16f0:c83a:d1f7 olga olga.home.brehm-online.com + +#185.48.117.162 fratest.profitbricks.com # # Imaginary network. diff --git a/config-archive/etc/hosts.1 b/config-archive/etc/hosts.1 new file mode 100644 index 0000000..43d0c67 --- /dev/null +++ b/config-archive/etc/hosts.1 @@ -0,0 +1,36 @@ +# /etc/hosts: Local Host Database +# +# This file describes a number of aliases-to-address mappings for the for +# local hosts that share this file. +# +# In the presence of the domain name service or NIS, this file may not be +# consulted at all; see /etc/host.conf for the resolution order. +# + +# IPv4 and IPv6 localhost aliases +127.0.0.1 localhost +::1 localhost + +85.214.134.152 helga.brehm-online.com helga h1763652.stratoserver.net h1763652 +2a01:238:4225:6e00:8f8c:808a:7fb8:88df helga.brehm-online.com helga h1763652.stratoserver.net h1763652 + +2001:6f8:1c00:365::2 home.brehm-online.com + +# +# Imaginary network. +#10.0.0.2 myname +#10.0.0.3 myfriend +# +# According to RFC 1918, you can use the following IP networks for private +# nets which will never be connected to the Internet: +# +# 10.0.0.0 - 10.255.255.255 +# 172.16.0.0 - 172.31.255.255 +# 192.168.0.0 - 192.168.255.255 +# +# In case you want to be able to connect directly to the Internet (i.e. not +# behind a NAT, ADSL router, etc...), you need real official assigned +# numbers. Do not try to invent your own network numbers but instead get one +# from your network provider (if any) or from your regional registry (ARIN, +# APNIC, LACNIC, RIPE NCC, or AfriNIC.) +# diff --git a/config-archive/etc/hosts.dist b/config-archive/etc/hosts.dist new file mode 100644 index 0000000..b3d3721 --- /dev/null +++ b/config-archive/etc/hosts.dist @@ -0,0 +1,37 @@ +# /etc/hosts: Local Host Database +# +# This file describes a number of aliases-to-address mappings for the for +# local hosts that share this file. +# +# The format of lines in this file is: +# +# IP_ADDRESS canonical_hostname [aliases...] +# +#The fields can be separated by any number of spaces or tabs. +# +# In the presence of the domain name service or NIS, this file may not be +# consulted at all; see /etc/host.conf for the resolution order. +# + +# IPv4 and IPv6 localhost aliases +127.0.0.1 localhost +::1 localhost + +# +# Imaginary network. +#10.0.0.2 myname +#10.0.0.3 myfriend +# +# According to RFC 1918, you can use the following IP networks for private +# nets which will never be connected to the Internet: +# +# 10.0.0.0 - 10.255.255.255 +# 172.16.0.0 - 172.31.255.255 +# 192.168.0.0 - 192.168.255.255 +# +# In case you want to be able to connect directly to the Internet (i.e. not +# behind a NAT, ADSL router, etc...), you need real official assigned +# numbers. Do not try to invent your own network numbers but instead get one +# from your network provider (if any) or from your regional registry (ARIN, +# APNIC, LACNIC, RIPE NCC, or AfriNIC.) +# diff --git a/config-archive/etc/hosts.dist.new b/config-archive/etc/hosts.dist.new deleted file mode 100644 index 8a37ca5..0000000 --- a/config-archive/etc/hosts.dist.new +++ /dev/null @@ -1,31 +0,0 @@ -# /etc/hosts: Local Host Database -# -# This file describes a number of aliases-to-address mappings for the for -# local hosts that share this file. -# -# In the presence of the domain name service or NIS, this file may not be -# consulted at all; see /etc/host.conf for the resolution order. -# - -# IPv4 and IPv6 localhost aliases -127.0.0.1 localhost -::1 localhost - -# -# Imaginary network. -#10.0.0.2 myname -#10.0.0.3 myfriend -# -# According to RFC 1918, you can use the following IP networks for private -# nets which will never be connected to the Internet: -# -# 10.0.0.0 - 10.255.255.255 -# 172.16.0.0 - 172.31.255.255 -# 192.168.0.0 - 192.168.255.255 -# -# In case you want to be able to connect directly to the Internet (i.e. not -# behind a NAT, ADSL router, etc...), you need real official assigned -# numbers. Do not try to invent your own network numbers but instead get one -# from your network provider (if any) or from your regional registry (ARIN, -# APNIC, LACNIC, RIPE NCC, or AfriNIC.) -# diff --git a/config-archive/etc/mdadm.conf b/config-archive/etc/mdadm.conf index 3ec36db..5d95f56 100644 --- a/config-archive/etc/mdadm.conf +++ b/config-archive/etc/mdadm.conf @@ -59,7 +59,7 @@ # When used in --follow (aka --monitor) mode, mdadm needs a # mail address and/or a program. This can be given with "mailaddr" # and "program" lines to that monitoring can be started using -# mdadm --follow --scan & echo $! > /var/run/mdadm +# mdadm --follow --scan & echo $! > /run/mdadm/mon.pid # If the lines are not found, mdadm will exit quietly MAILADDR frank@brehm-online.com #PROGRAM /usr/sbin/handle-mdadm-events diff --git a/config-archive/etc/mdadm.conf.1 b/config-archive/etc/mdadm.conf.1 new file mode 100644 index 0000000..3ec36db --- /dev/null +++ b/config-archive/etc/mdadm.conf.1 @@ -0,0 +1,71 @@ +# mdadm configuration file +# +# mdadm will function properly without the use of a configuration file, +# but this file is useful for keeping track of arrays and member disks. +# In general, a mdadm.conf file is created, and updated, after arrays +# are created. This is the opposite behavior of /etc/raidtab which is +# created prior to array construction. +# +# +# the config file takes two types of lines: +# +# DEVICE lines specify a list of devices of where to look for +# potential member disks +# +# ARRAY lines specify information about how to identify arrays so +# so that they can be activated +# +# You can have more than one device line and use wild cards. The first +# example includes SCSI the first partition of SCSI disks /dev/sdb, +# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second +# line looks for array slices on IDE disks. +# +#DEVICE /dev/sd[bcdjkl]1 +#DEVICE /dev/hda1 /dev/hdb1 +# +# If you mount devfs on /dev, then a suitable way to list all devices is: +#DEVICE /dev/discs/*/* +# +# +# The AUTO line can control which arrays get assembled by auto-assembly, +# meaing either "mdadm -As" when there are no 'ARRAY' lines in this file, +# or "mdadm --incremental" when the array found is not listed in this file. +# By default, all arrays that are found are assembled. +# If you want to ignore all DDF arrays (maybe they are managed by dmraid), +# and only assemble 1.x arrays if which are marked for 'this' homehost, +# but assemble all others, then use +#AUTO -ddf homehost -1.x +all +# +# ARRAY lines specify an array to assemble and a method of identification. +# Arrays can currently be identified by using a UUID, superblock minor number, +# or a listing of devices. +# +# super-minor is usually the minor number of the metadevice +# UUID is the Universally Unique Identifier for the array +# Each can be obtained using +# +# mdadm -D +# +#ARRAY /dev/md0 UUID=3aaa0122:29827cfa:5331ad66:ca767371 +#ARRAY /dev/md1 super-minor=1 +#ARRAY /dev/md2 devices=/dev/hda1,/dev/hdb1 +# +# ARRAY lines can also specify a "spare-group" for each array. mdadm --monitor +# will then move a spare between arrays in a spare-group if one array has a failed +# drive but no spare +#ARRAY /dev/md4 uuid=b23f3c6d:aec43a9f:fd65db85:369432df spare-group=group1 +#ARRAY /dev/md5 uuid=19464854:03f71b1b:e0df2edd:246cc977 spare-group=group1 +# +# When used in --follow (aka --monitor) mode, mdadm needs a +# mail address and/or a program. This can be given with "mailaddr" +# and "program" lines to that monitoring can be started using +# mdadm --follow --scan & echo $! > /var/run/mdadm +# If the lines are not found, mdadm will exit quietly +MAILADDR frank@brehm-online.com +#PROGRAM /usr/sbin/handle-mdadm-events + +ARRAY /dev/md0 UUID=b7a8f9c1:8286d56c:3d186b3c:53958f34 +ARRAY /dev/md1 UUID=b0ec76b7:d7abfcad:8b23e4b1:c398e955 +ARRAY /dev/md2 metadata=1.2 UUID=f4df350f:db2bcbff:6c11726f:a221fad0 name=helga.brehm-online.com:2 +ARRAY /dev/md3 metadata=1.2 UUID=845bd74a:ad0cbe0e:033b20d0:a9bd0ff5 name=helga.brehm-online.com:3 + diff --git a/config-archive/etc/mdadm.conf.dist b/config-archive/etc/mdadm.conf.dist index d9d8d39..35a75d1 100644 --- a/config-archive/etc/mdadm.conf.dist +++ b/config-archive/etc/mdadm.conf.dist @@ -15,9 +15,9 @@ # ARRAY lines specify information about how to identify arrays so # so that they can be activated # -# You can have more than one device line and use wild cards. The first +# You can have more than one device line and use wild cards. The first # example includes SCSI the first partition of SCSI disks /dev/sdb, -# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second +# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second # line looks for array slices on IDE disks. # #DEVICE /dev/sd[bcdjkl]1 diff --git a/config-archive/etc/postfix/main.cf b/config-archive/etc/postfix/main.cf index 4ceb0fd..d74b74a 100644 --- a/config-archive/etc/postfix/main.cf +++ b/config-archive/etc/postfix/main.cf @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.0/html +html_directory = /usr/share/doc/postfix-3.1.0-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.0/readme +readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme #inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.1 b/config-archive/etc/postfix/main.cf.1 index 6b136f4..4ceb0fd 100644 --- a/config-archive/etc/postfix/main.cf.1 +++ b/config-archive/etc/postfix/main.cf.1 @@ -156,8 +156,8 @@ mail_owner = postfix # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.3-r1/html +html_directory = /usr/share/doc/postfix-3.1.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,8 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme - +readme_directory = /usr/share/doc/postfix-3.1.0/readme #inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} @@ -715,6 +714,9 @@ relocated_maps = hash:/etc/postfix/maps/relocated #sender_bcc_maps = mysql:/etc/postfix/mysql-sender_bcc.cf sender_bcc_maps = hash:/etc/postfix/maps/sender_bcc smtp_generic_maps = hash:/etc/postfix/maps/generic +smtp_sasl_password_maps = hash:/etc/postfix/maps/smtp_auth +smtp_sasl_auth_enable = yes +smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/CA-Brehm/cacert.pem smtp_tls_cert_file = /etc/postfix/postfix.pem smtp_tls_enforce_peername = no @@ -737,12 +739,13 @@ smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service unix:private/postgrey, - check_policy_service inet:127.0.0.1:12525, reject_unverified_recipient, permit_mx_backup, reject_unauth_destination, permit +# check_policy_service inet:127.0.0.1:12525, + smtpd_sasl_auth_enable = yes smtpd_tls_CAfile = $smtp_tls_CAfile smtpd_tls_cert_file = $smtp_tls_cert_file diff --git a/config-archive/etc/postfix/main.cf.2 b/config-archive/etc/postfix/main.cf.2 index e551205..6b136f4 100644 --- a/config-archive/etc/postfix/main.cf.2 +++ b/config-archive/etc/postfix/main.cf.2 @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.2/html +html_directory = /usr/share/doc/postfix-3.0.3-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,8 +675,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.2/readme +readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme +#inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ @@ -700,7 +701,7 @@ message_size_limit = 51200000 mydestination = $myhostname, $mydomain, hash:/etc/postfix/maps/mydomains mydomain = brehm-online.com myhostname = helga.brehm-online.com -mynetworks = 127.0.0.0/8 85.214.134.152/32 85.214.109.1/32 [::1]/128 [2a01:238:4225:6e00:8f8c:808a:7fb8:88df]/128 +mynetworks = 127.0.0.0/8 85.214.134.152/32 [::1]/128 [2a01:238:4225:6e00:8f8c:808a:7fb8:88df]/128 138.201.28.135/32 [2a01:4f8:171:3006::2]/128 mynetworks_style = host myorigin = $mydomain #recipient_bcc_maps = mysql:/etc/postfix/mysql-recipient_bcc.cf diff --git a/config-archive/etc/postfix/main.cf.3 b/config-archive/etc/postfix/main.cf.3 index c8dd848..e551205 100644 --- a/config-archive/etc/postfix/main.cf.3 +++ b/config-archive/etc/postfix/main.cf.3 @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.1-r1/html +html_directory = /usr/share/doc/postfix-3.0.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,8 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme +readme_directory = /usr/share/doc/postfix-3.0.2/readme + meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/config-archive/etc/postfix/main.cf.4 b/config-archive/etc/postfix/main.cf.4 index 2a7bdde..c8dd848 100644 --- a/config-archive/etc/postfix/main.cf.4 +++ b/config-archive/etc/postfix/main.cf.4 @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.0/html +html_directory = /usr/share/doc/postfix-3.0.1-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.0/readme +readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/config-archive/etc/postfix/main.cf.5 b/config-archive/etc/postfix/main.cf.5 index a5d06c4..2a7bdde 100644 --- a/config-archive/etc/postfix/main.cf.5 +++ b/config-archive/etc/postfix/main.cf.5 @@ -12,6 +12,26 @@ # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +#compatibility_level = 2 +compatibility_level = 2 + # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for @@ -642,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.11.3/html +html_directory = /usr/share/doc/postfix-3.0.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +675,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.11.3/readme +readme_directory = /usr/share/doc/postfix-3.0.0/readme +meta_directory = /etc/postfix +shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases @@ -739,3 +761,6 @@ virtual_mailbox_limit = 512000000 #virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf virtual_mailbox_maps = hash:/etc/postfix/maps/virtual_mailbox_maps virtual_uid_maps = static:1023 +append_dot_mydomain = yes +# smtputf8_enable = yes +smtputf8_enable = no diff --git a/config-archive/etc/postfix/main.cf.6 b/config-archive/etc/postfix/main.cf.6 index 9408611..a5d06c4 100644 --- a/config-archive/etc/postfix/main.cf.6 +++ b/config-archive/etc/postfix/main.cf.6 @@ -7,7 +7,7 @@ # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/. +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.3/html +html_directory = /usr/share/doc/postfix-2.11.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.3/readme +readme_directory = /usr/share/doc/postfix-2.11.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.7 b/config-archive/etc/postfix/main.cf.7 index 67ed344..9408611 100644 --- a/config-archive/etc/postfix/main.cf.7 +++ b/config-archive/etc/postfix/main.cf.7 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.2/html +html_directory = /usr/share/doc/postfix-2.10.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.2/readme +readme_directory = /usr/share/doc/postfix-2.10.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.8 b/config-archive/etc/postfix/main.cf.8 index 508be66..67ed344 100644 --- a/config-archive/etc/postfix/main.cf.8 +++ b/config-archive/etc/postfix/main.cf.8 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.1/html +html_directory = /usr/share/doc/postfix-2.10.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.1/readme +readme_directory = /usr/share/doc/postfix-2.10.2/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.9 b/config-archive/etc/postfix/main.cf.9 index f1639d8..508be66 100644 --- a/config-archive/etc/postfix/main.cf.9 +++ b/config-archive/etc/postfix/main.cf.9 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.0/html +html_directory = /usr/share/doc/postfix-2.10.1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.0/readme +readme_directory = /usr/share/doc/postfix-2.10.1/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.dist b/config-archive/etc/postfix/main.cf.dist index 4baa94e..00a5e74 100644 --- a/config-archive/etc/postfix/main.cf.dist +++ b/config-archive/etc/postfix/main.cf.dist @@ -659,7 +659,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.0-r1/html +html_directory = /usr/share/doc/postfix-3.1.2-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -672,7 +672,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme +readme_directory = /usr/share/doc/postfix-3.1.2-r1/readme inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/postgrey_whitelist_clients.dist b/config-archive/etc/postfix/postgrey_whitelist_clients.dist new file mode 100644 index 0000000..cdd8885 --- /dev/null +++ b/config-archive/etc/postfix/postgrey_whitelist_clients.dist @@ -0,0 +1,239 @@ +# postgrey whitelist for mail client hostnames +# -------------------------------------------- +# put this file in /etc/postfix or specify its path +# with --whitelist-clients=xxx +# +# postgrey version: 1.36, build date: 2015-09-01 + +# greylisting.org: Southwest Airlines (unique sender, no retry) +southwest.com +# greylisting.org: isp.belgacom.be (wierd retry pattern) +isp.belgacom.be +# greylisting.org: Ameritrade (no retry) +ameritradeinfo.com +# greylisting.org: Amazon.com (unique sender with letters) +amazon.com +# 2004-05-20: Linux kernel mailing-list (unique sender with letters) +vger.kernel.org +# 2004-06-02: karger.ch, no retry +karger.ch +# 2004-06-02: lilys.ch, (slow: 4 hours) +server-x001.hostpoint.ch +# 2004-06-09: roche.com (no retry) +gw.bas.roche.com +# 2004-06-09: newsletter (no retry) +mail.hhlaw.com +# 2004-06-09: no retry (reported by Ralph Hildebrandt) +prd051.appliedbiosystems.com +# 2004-06-17: swissre.com (no retry) +swissre.com +# 2004-06-17: dowjones.com newsletter (unique sender with letters) +returns.dowjones.com +# 2004-06-18: switch.ch (works but personnel is confused by the error) +domin.switch.ch +# 2004-06-23: accor-hotels.com (slow: 6 hours) +accor-hotels.com +# 2004-06-29: rr.com (no retry, reported by Duncan Hill) +/^ms-smtp.*\.rr\.com$/ +# 2004-06-29: cox.net (no retry, reported by Duncan Hill) +/^lake.*mta.*\.cox\.net$/ +# 2004-06-29: motorola.com (no retry) +mot.com +# 2004-07-01: nic.fr (address verification, reported by Arnaud Launay) +nic.fr +# 2004-07-01: verizon.net (address verification, reported by Bill Moran and Eric, adapted by Adam C. Mathews) +/^s[cv]\d+pub\.verizon\.net$/ +# 2004-07-02: cs.columbia.edu (no retry) +cs.columbia.edu +# 2004-07-02: papersinvited.com (no retry) +66.216.126.174 +# 2004-07-02: telekom.de (slow: 6 hours) +/^mail\d+\.telekom\.de$/ +# 2004-07-04: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup) +/^smtp\d+\.tiscali\.dk$/ +# 2004-07-04: freshmeat.net (address verification) +freshmeat.net +# 2004-07-11: zd-swx.com (unique sender with letters, reported by Bill Landry) +zd-swx.com +# 2004-07-11: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry) +lockergnome.wc09.net +# 2004-07-19: mxlogic.net (no retry, reported by Eric) +p01m168.mxlogic.net +p02m169.mxlogic.net +# 2004-09-08: intel.com (pool on different subnets) +/^fmr\d+\.intel\.com$/ +# 2004-09-17: cox-internet.com (no retry, reported by Rod Roark) +/^fe\d+\.cox-internet\.com$/ +# 2004-10-11: logismata.ch (no retry) +logismata.ch +# 2004-11-25: brief.cw.reum.de (no retry, reported by Manuel Oetiker) +brief.cw.reum.de +# 2004-12-03: ingeno.ch (no retry) +qmail.ingeno.ch +# 2004-12-06: rein.ch (no retry) +mail1.thurweb.ch +# 2005-01-26: tu-ilmenau.de (no retry) +piggy.rz.tu-ilmenau.de +# 2005-04-06: polymed.ch (no retry) +mail.polymed.ch +# 2005-06-08: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg) +rz.hu-berlin.de +# 2005-06-17: gmail.com (big pool, reported by Beat Mueller) +proxy.gmail.com +# 2005-06-23: cacert.org (address verification, reported by Martin Lohmeier) +cacert.org +# 2005-07-27: polytech.univ-mrs.fr (no retry, reported by Giovanni Mandorino) +polytech.univ-mrs.fr +# 2005-08-05: gnu.org (address verification, reported by Martin Lohmeier) +gnu.org +# 2005-08-17: ciphirelabs.com (needs fast responses, reported by Sven Mueller) +cs.ciphire.net +# 2005-11-11: lufthansa (no retry, reported by Peter Bieringer) +/^gateway\d+\.np4\.de$/ +# 2005-11-23: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz) +/^mail-in-\d+\.arcor-online\.net$/ +# 2005-12-29: netsolmail.com (no retry, reported by Gareth Greenaway) +netsolmail.com +# mail.likopris.si (no retry, reported by Vito Robar) +193.77.153.67 +# jcsw.nato.int (several servers, no retry, reported by Vito Robar) +195.235.39 +# tesla.vtszg.hr (no retry, reported by Vito Robar) +tesla.vtszg.hr +# mailgw*.iai.co.il (pool of several servers, reported by Vito Robar) +/^mailgw.*\.iai\.co\.il$/ +# gw.stud-serv-mb.si (no retry, reported by Vito Robar) +gw.stud-serv-mb.si +# mail.commandtech.com (no retry, reported by Vito Robar) +216.238.112.99 +# duropack.co.at (no retry, reported by Vito Robar) +193.81.20.195 +# mail.esimit-tech.si (no retry, reported by Vito Robar) +193.77.126.208 +# mail.resotel.be (ocasionally no retry, reported by Vito Robar) +80.200.249.216 +# mail2.alliancefr.be (ocasionally no retry, reported by Vito Robar) +mail2.alliancefr.be +# webserver.turboinstitut.si (no retry, reported by Vito Robar) +webserver.turboinstitut.si +# mil.be (pool of different servers, reported by Vito Robar) +193.191.218.141 +193.191.218.142 +193.191.218.143 +194.7.234.141 +194.7.234.142 +194.7.234.143 +# mail*.usafisnews.org (no retry, reported by Vito Robar) +/^mail\d+\.usafisnews\.org$/ +# odk.fdv.uni-lj.si (no retry, reported by Vito Robar) +/^odk.fdv.uni-lj.si$/ +# rak-gentoo-1.nameserver.de (no retry, reported by Vito Robar) +rak-gentoo-1.nameserver.de +# dars.si (ocasionally no retry, reported by Vito Robar) +mx.dars.si +# cosis.si (no retry, reported by Vito Robar) +213.143.66.210 +# mta?.siol.net (sometimes no or slow retry; they use intermail, reported by Vito Robar) +/^mta[12].siol.net$/ +# pim-N-N.quickinspirationsmail.com (unique sender, reported by Vito Robar) +/^pim-\d+-\d+\.quickinspirationsmail\.com$/ +# flymonarch (no retry, reported by Marko Djukic) +flymonarch.com +# wxs.nl (no retry, reported by Johannes Fehr) +/^p?smtp.*\.wxs\.nl$/ +# ibm.com (big pool, reported by Casey Peel) +ibm.com +# messagelabs.com (big pool, reported by John Tobin) +messagelabs.com +# ptb.de (slow, reported by Joachim Schoenberg) +berlin.ptb.de +# registrarmail.net (unique sender names, reported by Simon Waters) +registrarmail.net +# google.com (big pool, reported by Matthias Dyer, Martin Toft) +google.com +# orange.fr (big pool, reported by Loïc Le Loarer) +/^smtp\d+\.orange\.fr$/ +# citigroup.com (slow retry, reported by Michael Monnerie) +/^smtp\d+.citigroup.com$/ +# cruisingclub.ch (no retry) +mail.ccs-cruising.ch +# digg.com (no retry, Debian #406774) +diggstage01.digg.com +# liberal.ca (retries only during 270 seconds, Debian #406774) +smtp.liberal.ca +# pi.ws (pool + long retry, Debian #409851) +/^mail[12]\.pi\.ws$/ +# rambler.ru (big pool, reported by Michael Monnerie) +rambler.ru +# free.fr (big pool, reported by Denis Sacchet) +/^smtp[0-9]+-g[0-9]+\.free\.fr$/ +/^postfix[0-9]+-g[0-9]+\.free\.fr$/ +# thehartford.com (pool + long retry, reported by Jacob Leifman) +/^netmail\d+\.thehartford\.com$/ +# abb.com (only one retry, reported by Roman Plessl) +/^nse\d+\.abb\.com$/ +# 2007-07-27: sourceforge.net (sender verification) +lists.sourceforge.net +# 2007-08-06: polytec.de (no retry, reported by Patrick McLean) +polytec.de +# 2007-09-06: qualiflow.com (no retry, reported by Alex Beckert) +/^mail\d+\.msg\.oleane\.net$/ +# 2007-09-07: nrl.navy.mil (no retry, reported by Axel Beckert) +nrl.navy.mil +# 2007-10-18: aliplast.com (long retry, reported by Johannes Feigl) +mail.aliplast.com +# 2007-10-18: inode.at (long retry, reported by Johannes Feigl) +/^mx\d+\..*\.inode\.at$/ +# 2008-02-01: bol.com (no retry, reported by Frank Breedijk) +/^.*?.server.arvato-systems.de$/ +# 2008-06-05: registeredsite.com (no retry, reported by Fred Kilbourn) +/^(?:mail|fallback-mx)\d+.atl.registeredsite.com$/ +# 2008-07-17: mahidol.ac.th (no retry, reported by Alex Beckert) +saturn.mahidol.ac.th +# 2008-07-18: ebay.com (big pool, reported by Peter Samuelson) +ebay.com +# 2008-07-22: yahoo.com (big pool, reported by Juan Alonso) +yahoo.com +# 2008-11-07: facebook (no retry, reported by Tim Freeman) +/^outmail\d+\.sctm\.tfbnw\.net$/ +# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert) +server14.cyon.ch +# 2009-08-19: 126.com (big pool) +/^m\d+-\d+\.126\.com$/ +# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert) +home.theory.tifr.res.in +# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert) +ms4-1.1blu.de +# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys) +/^viefep\d+-int\.chello\.at$/ +# 2010-05-31: nic.nu (long retry, reported by Ivan Sie) +mx.nic.nu +# 2010-06-10: Microsoft servers (long/no retry, reported by Roy McMorran) +bigfish.com +frontbridge.com +microsoft.com +# 2010-06-18: Google/Postini (big pool, reported by Warren Trakman) +postini.com +# 2011-02-04: evanzo-server.de (no retry, reported by Andre Hoepner) +/^mx.*\.evanzo-server\.de$/ +# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie) +upcmail.net +# 2013-12-18: orange.fr (big pool, reported by fulax) +/^smtp\d+\.smtpout\.orange\.fr$/ +# 2014-01-29: gmx/web.de/1&1 (long retry, reported by Axel Beckert) +mout-xforward.gmx.net +mout-xforward.web.de +mout-xforward.kundenserver.de +mout-xforward.perfora.net +# 2014-02-01: startcom.org (long retry, reported by jweiher) +gateway.startcom.org +# 2014-12-18: mail.ru (retries from fallback*.mail.ru, reported by Andriy Yurchuk) +/^fallback\d+\.mail\.ru$/ +# French tax authority, no retry +dgfip.finances.gouv.fr +# 2015-06-10: magisto.com (requested by postmaster) +/^o\d+\.ntdc\.magisto\.com$/ +# 2015-07-23: outlook.com (github #20) +outlook.com +# 2015-08-19 (the retrying is failing) +mail.alibaba.com diff --git a/config-archive/etc/postfix/postgrey_whitelist_clients.dist.new b/config-archive/etc/postfix/postgrey_whitelist_clients.dist.new deleted file mode 100644 index 9dbe6bd..0000000 --- a/config-archive/etc/postfix/postgrey_whitelist_clients.dist.new +++ /dev/null @@ -1,220 +0,0 @@ -# postgrey whitelist for mail client hostnames -# -------------------------------------------- -# put this file in /etc/postfix or specify its path -# with --whitelist-clients=xxx -# -# postgrey version: 1.34, build date: 2011-05-04 - -# greylisting.org: Southwest Airlines (unique sender, no retry) -southwest.com -# greylisting.org: isp.belgacom.be (wierd retry pattern) -isp.belgacom.be -# greylisting.org: Ameritrade (no retry) -ameritradeinfo.com -# greylisting.org: Amazon.com (unique sender with letters) -amazon.com -# 2004-05-20: Linux kernel mailing-list (unique sender with letters) -vger.kernel.org -# 2004-06-02: karger.ch, no retry -karger.ch -# 2004-06-02: lilys.ch, (slow: 4 hours) -server-x001.hostpoint.ch -# 2004-06-09: roche.com (no retry) -gw.bas.roche.com -# 2004-06-09: newsletter (no retry) -mail.hhlaw.com -# 2004-06-09: no retry (reported by Ralph Hildebrandt) -prd051.appliedbiosystems.com -# 2004-06-17: swissre.com (no retry) -swissre.com -# 2004-06-17: dowjones.com newsletter (unique sender with letters) -returns.dowjones.com -# 2004-06-18: switch.ch (works but personnel is confused by the error) -domin.switch.ch -# 2004-06-23: accor-hotels.com (slow: 6 hours) -accor-hotels.com -# 2004-06-29: rr.com (no retry, reported by Duncan Hill) -/^ms-smtp.*\.rr\.com$/ -# 2004-06-29: cox.net (no retry, reported by Duncan Hill) -/^lake.*mta.*\.cox\.net$/ -# 2004-06-29: motorola.com (no retry) -mot.com -# 2004-07-01: nic.fr (address verification, reported by Arnaud Launay) -nic.fr -# 2004-07-01: verizon.net (address verification, reported by Bill Moran and Eric, adapted by Adam C. Mathews) -/^s[cv]\d+pub\.verizon\.net$/ -# 2004-07-02: cs.columbia.edu (no retry) -cs.columbia.edu -# 2004-07-02: papersinvited.com (no retry) -66.216.126.174 -# 2004-07-02: telekom.de (slow: 6 hours) -/^mail\d+\.telekom\.de$/ -# 2004-07-04: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup) -/^smtp\d+\.tiscali\.dk$/ -# 2004-07-04: freshmeat.net (address verification) -freshmeat.net -# 2004-07-11: zd-swx.com (unique sender with letters, reported by Bill Landry) -zd-swx.com -# 2004-07-11: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry) -lockergnome.wc09.net -# 2004-07-19: mxlogic.net (no retry, reported by Eric) -p01m168.mxlogic.net -p02m169.mxlogic.net -# 2004-09-08: intel.com (pool on different subnets) -/^fmr\d+\.intel\.com$/ -# 2004-09-17: cox-internet.com (no retry, reported by Rod Roark) -/^fe\d+\.cox-internet\.com$/ -# 2004-10-11: logismata.ch (no retry) -logismata.ch -# 2004-11-25: brief.cw.reum.de (no retry, reported by Manuel Oetiker) -brief.cw.reum.de -# 2004-12-03: ingeno.ch (no retry) -qmail.ingeno.ch -# 2004-12-06: rein.ch (no retry) -mail1.thurweb.ch -# 2005-01-26: tu-ilmenau.de (no retry) -piggy.rz.tu-ilmenau.de -# 2005-04-06: polymed.ch (no retry) -mail.polymed.ch -# 2005-06-08: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg) -rz.hu-berlin.de -# 2005-06-17: gmail.com (big pool, reported by Beat Mueller) -proxy.gmail.com -# 2005-06-23: cacert.org (address verification, reported by Martin Lohmeier) -cacert.org -# 2005-07-27: polytech.univ-mrs.fr (no retry, reported by Giovanni Mandorino) -polytech.univ-mrs.fr -# 2005-08-05: gnu.org (address verification, reported by Martin Lohmeier) -gnu.org -# 2005-08-17: ciphirelabs.com (needs fast responses, reported by Sven Mueller) -cs.ciphire.net -# 2005-11-11: lufthansa (no retry, reported by Peter Bieringer) -/^gateway\d+\.np4\.de$/ -# 2005-11-23: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz) -/^mail-in-\d+\.arcor-online\.net$/ -# 2005-12-29: netsolmail.com (no retry, reported by Gareth Greenaway) -netsolmail.com -# mail.likopris.si (no retry, reported by Vito Robar) -193.77.153.67 -# jcsw.nato.int (several servers, no retry, reported by Vito Robar) -195.235.39 -# tesla.vtszg.hr (no retry, reported by Vito Robar) -tesla.vtszg.hr -# mailgw*.iai.co.il (pool of several servers, reported by Vito Robar) -/^mailgw.*\.iai\.co\.il$/ -# gw.stud-serv-mb.si (no retry, reported by Vito Robar) -gw.stud-serv-mb.si -# mail.commandtech.com (no retry, reported by Vito Robar) -216.238.112.99 -# duropack.co.at (no retry, reported by Vito Robar) -193.81.20.195 -# mail.esimit-tech.si (no retry, reported by Vito Robar) -193.77.126.208 -# mail.resotel.be (ocasionally no retry, reported by Vito Robar) -80.200.249.216 -# mail2.alliancefr.be (ocasionally no retry, reported by Vito Robar) -mail2.alliancefr.be -# webserver.turboinstitut.si (no retry, reported by Vito Robar) -webserver.turboinstitut.si -# mil.be (pool of different servers, reported by Vito Robar) -193.191.218.141 -193.191.218.142 -193.191.218.143 -194.7.234.141 -194.7.234.142 -194.7.234.143 -# mail*.usafisnews.org (no retry, reported by Vito Robar) -/^mail\d+\.usafisnews\.org$/ -# odk.fdv.uni-lj.si (no retry, reported by Vito Robar) -/^odk.fdv.uni-lj.si$/ -# rak-gentoo-1.nameserver.de (no retry, reported by Vito Robar) -rak-gentoo-1.nameserver.de -# dars.si (ocasionally no retry, reported by Vito Robar) -mx.dars.si -# cosis.si (no retry, reported by Vito Robar) -213.143.66.210 -# mta?.siol.net (sometimes no or slow retry; they use intermail, reported by Vito Robar) -/^mta[12].siol.net$/ -# pim-N-N.quickinspirationsmail.com (unique sender, reported by Vito Robar) -/^pim-\d+-\d+\.quickinspirationsmail\.com$/ -# flymonarch (no retry, reported by Marko Djukic) -flymonarch.com -# wxs.nl (no retry, reported by Johannes Fehr) -/^p?smtp.*\.wxs\.nl$/ -# ibm.com (big pool, reported by Casey Peel) -ibm.com -# messagelabs.com (big pool, reported by John Tobin) -/^mail\d+\.messagelabs\.com$/ -# ptb.de (slow, reported by Joachim Schoenberg) -berlin.ptb.de -# registrarmail.net (unique sender names, reported by Simon Waters) -registrarmail.net -# google.com (big pool, reported by Matthias Dyer, Martin Toft) -google.com -# orange.fr (big pool, reported by Loïc Le Loarer) -/^smtp\d+\.orange\.fr$/ -# citigroup.com (slow retry, reported by Michael Monnerie) -/^smtp\d+.citigroup.com$/ -# cruisingclub.ch (no retry) -mail.ccs-cruising.ch -# digg.com (no retry, Debian #406774) -diggstage01.digg.com -# liberal.ca (retries only during 270 seconds, Debian #406774) -smtp.liberal.ca -# pi.ws (pool + long retry, Debian #409851) -/^mail[12]\.pi\.ws$/ -# rambler.ru (big pool, reported by Michael Monnerie) -rambler.ru -# free.fr (big pool, reported by Denis Sacchet) -/^smtp[0-9]+-g[0-9]+\.free\.fr$/ -/^postfix[0-9]+-g[0-9]+\.free\.fr$/ -# thehartford.com (pool + long retry, reported by Jacob Leifman) -/^netmail\d+\.thehartford\.com$/ -# abb.com (only one retry, reported by Roman Plessl) -/^nse\d+\.abb\.com$/ -# 2007-07-27: sourceforge.net (sender verification) -lists.sourceforge.net -# 2007-08-06: polytec.de (no retry, reported by Patrick McLean) -polytec.de -# 2007-09-06: qualiflow.com (no retry, reported by Alex Beckert) -/^mail\d+\.msg\.oleane\.net$/ -# 2007-09-07: nrl.navy.mil (no retry, reported by Axel Beckert) -nrl.navy.mil -# 2007-10-18: aliplast.com (long retry, reported by Johannes Feigl) -mail.aliplast.com -# 2007-10-18: inode.at (long retry, reported by Johannes Feigl) -/^mx\d+\..*\.inode\.at$/ -# 2008-02-01: bol.com (no retry, reported by Frank Breedijk) -/^.*?.server.arvato-systems.de$/ -# 2008-06-05: registeredsite.com (no retry, reported by Fred Kilbourn) -/^(?:mail|fallback-mx)\d+.atl.registeredsite.com$/ -# 2008-07-17: mahidol.ac.th (no retry, reported by Alex Beckert) -saturn.mahidol.ac.th -# 2008-07-18: ebay.com (big pool, reported by Peter Samuelson) -ebay.com -# 2008-07-22: yahoo.com (big pool, reported by Juan Alonso) -yahoo.com -# 2008-11-07: facebook (no retry, reported by Tim Freeman) -/^outmail\d+\.sctm\.tfbnw\.net$/ -# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert) -server14.cyon.ch -# 2009-08-19: 126.com (big pool) -/^m\d+-\d+\.126\.com$/ -# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert) -home.theory.tifr.res.in -# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert) -ms4-1.1blu.de -# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys) -/^viefep\d+-int\.chello\.at$/ -# 2010-05-31: nic.nu (long retry, reported by Ivan Sie) -mx.nic.nu -# 2010-06-10: Microsoft servers (long/no retry, reported by Roy McMorran) -bigfish.com -frontbridge.com -microsoft.com -# 2010-06-18: Google/Postini (big pool, reported by Warren Trakman) -postini.com -# 2011-02-04: evanzo-server.de (no retry, reported by Andre Hoepner) -/^mx.*\.evanzo-server\.de$/ -# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie) -upcmail.net diff --git a/config-archive/etc/rc.conf b/config-archive/etc/rc.conf index 8593150..c3d7fea 100644 --- a/config-archive/etc/rc.conf +++ b/config-archive/etc/rc.conf @@ -29,17 +29,20 @@ rc_shell=/sbin/sulogin # come up. #rc_depend_strict="YES" -# rc_hotplug is a list of services that we allow to be hotplugged. -# By default we do not allow hotplugging. +# rc_hotplug controls which services we allow to be hotplugged. # A hotplugged service is one started by a dynamic dev manager when a matching # hardware device is found. -# This service is intrinsically included in the boot runlevel. -# To disable services, prefix with a ! +# Hotplugged services appear in the "hotplugged" runlevel. +# If rc_hotplug is set to any value, we compare the name of this service +# to every pattern in the value, from left to right, and we allow the +# service to be hotplugged if it matches a pattern, or if it matches no +# patterns. Patterns can include shell wildcards. +# To disable services from being hotplugged, prefix patterns with "!". +#If rc_hotplug is not set or is empty, all hotplugging is disabled. # Example - rc_hotplug="net.wlan !net.*" -# This allows net.wlan and any service not matching net.* to be plugged. -# Example - rc_hotplug="*" -# This allows all services to be hotplugged -#rc_hotplug="*" +# This allows net.wlan and any service not matching net.* to be hotplugged. +# Example - rc_hotplug="!net.*" +# This allows services that do not match "net.*" to be hotplugged. # rc_logger launches a logging daemon to log the entire rc process to # /var/log/rc.log @@ -151,9 +154,11 @@ unicode="YES" # This is the subsystem type. Valid options on Linux: # "" - nothing special +# "docker" - Docker container manager # "lxc" - Linux Containers # "openvz" - Linux OpenVZ # "prefix" - Prefix +# "rkt" - CoreOS container management system # "uml" - Usermode Linux # "vserver" - Linux vserver # "systemd-nspawn" - Container created by the systemd-nspawn utility diff --git a/config-archive/etc/rc.conf.1 b/config-archive/etc/rc.conf.1 index e9b3725..8593150 100644 --- a/config-archive/etc/rc.conf.1 +++ b/config-archive/etc/rc.conf.1 @@ -210,12 +210,21 @@ rc_tty_number=12 # Set the devices controller settings for this service. #rc_cgroup_devices="" +# Set the hugetlb controller settings for this service. +#rc_cgroup_hugetlb="" + # Set the memory controller settings for this service. #rc_cgroup_memory="" +# Set the net_cls controller settings for this service. +#rc_cgroup_net_cls="" + # Set the net_prio controller settings for this service. #rc_cgroup_net_prio="" +# Set the pids controller settings for this service. +#rc_cgroup_pids="" + # Set this to YES if yu want all of the processes in a service's cgroup # killed when the service is stopped or restarted. # This should not be set globally because it kills all of the service's diff --git a/config-archive/etc/rc.conf.2 b/config-archive/etc/rc.conf.2 index 118530b..e9b3725 100644 --- a/config-archive/etc/rc.conf.2 +++ b/config-archive/etc/rc.conf.2 @@ -116,6 +116,9 @@ unicode="YES" #SSD_NICELEVEL="-19" # Pass ulimit parameters +# If you are using bash in POSIX mode for your shell, note that the +# ulimit command uses a block size of 512 bytes for the -c and -f +# options #rc_ulimit="-u 30" # It's possible to define extra dependencies for services like so @@ -147,14 +150,15 @@ unicode="YES" # LINUX SPECIFIC OPTIONS # This is the subsystem type. Valid options on Linux: -# "" - nothing special -# "lxc" - Linux Containers -# "openvz" - Linux OpenVZ -# "prefix" - Prefix -# "uml" - Usermode Linux -# "vserver" - Linux vserver -# "xen0" - Xen0 Domain -# "xenU" - XenU Domain +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "systemd-nspawn" - Container created by the systemd-nspawn utility +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain # If this is commented out, automatic detection will be used. # # This should be set to the value representing the environment this file is diff --git a/config-archive/etc/rc.conf.3 b/config-archive/etc/rc.conf.3 index 42b7dfd..118530b 100644 --- a/config-archive/etc/rc.conf.3 +++ b/config-archive/etc/rc.conf.3 @@ -51,6 +51,10 @@ rc_logger="YES" # The default value is: /var/log/rc.log rc_log_path="/var/log/rc.log" +# If you want verbose output for OpenRC, set this to yes. If you want +# verbose output for service foo only, set it to yes in /etc/conf.d/foo. +#rc_verbose=no + # By default we filter the environment for our running scripts. To allow other # variables through, add them here. Use a * to allow all variables through. #rc_env_allow="VAR1 VAR2" @@ -73,6 +77,10 @@ rc_log_path="/var/log/rc.log" #rc_crashed_stop=NO #rc_crashed_start=YES +# Set rc_nocolor to yes if you do not want colors displayed in OpenRC +# output. +#rc_nocolor=NO + ############################################################################## # MISC CONFIGURATION VARIABLES # There variables are shared between many init scripts @@ -86,7 +94,7 @@ unicode="YES" # Below is the default list of network fstypes. # -# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# afs ceph cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs # nfs nfs4 ocfs2 shfs smbfs # # If you would like to add to this list, you can do so by adding your diff --git a/config-archive/etc/rc.conf.4 b/config-archive/etc/rc.conf.4 index b9a9d6d..42b7dfd 100644 --- a/config-archive/etc/rc.conf.4 +++ b/config-archive/etc/rc.conf.4 @@ -80,6 +80,10 @@ rc_log_path="/var/log/rc.log" # Set unicode to YES to turn on unicode support for keyboards and screens. unicode="YES" +# This is how long fuser should wait for a remote server to respond. The +# default is 60 seconds, but it can be adjusted here. +#rc_fuser_timeout=60 + # Below is the default list of network fstypes. # # afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs @@ -101,7 +105,7 @@ unicode="YES" # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. -#export SSD_NICELEVEL="-19" +#SSD_NICELEVEL="-19" # Pass ulimit parameters #rc_ulimit="-u 30" @@ -153,10 +157,59 @@ rc_sys="" # consolefont, numlock, etc ...) rc_tty_number=12 +############################################################################## +# CGROUPS RESOURCE MANAGEMENT + # If you have cgroups turned on in your kernel, this switch controls # whether or not a group for each controller is mounted under # /sys/fs/cgroup. -# Support for process management by cgroups is planned in the future, -# so if you turn this off, be aware that you may not be able to use that -# feature. +# None of the other options in this section work if this is set to "NO". #rc_controller_cgroups="YES" + +# The following settings allow you to set up values for the cgroup +# controllers for your services. +# They can be set in this file;, however, if you do this, the settings +# will apply to all of your services. +# If you want different settings for each service, place the settings in +# /etc/conf.d/foo for service foo. +# The format is to specify the names of the settings followed by their +# values. Each variable can hold multiple settings. +# For example, you would use this to set the cpu.shares setting in the +# cpu controller to 512 for your service. +# rc_cgroup_cpu=" +# cpu.shares 512 +# " +# +#For more information about the adjustments that can be made with +#cgroups, see Documentation/cgroups/* in the linux kernel source tree. + +# Set the blkio controller settings for this service. +#rc_cgroup_blkio="" + +# Set the cpu controller settings for this service. +#rc_cgroup_cpu="" + +# Add this service to the cpuacct controller (any value means yes). +#rc_cgroup_cpuacct="" + +# Set the cpuset controller settings for this service. +#rc_cgroup_cpuset="" + +# Set the devices controller settings for this service. +#rc_cgroup_devices="" + +# Set the memory controller settings for this service. +#rc_cgroup_memory="" + +# Set the net_prio controller settings for this service. +#rc_cgroup_net_prio="" + +# Set this to YES if yu want all of the processes in a service's cgroup +# killed when the service is stopped or restarted. +# This should not be set globally because it kills all of the service's +# child processes, and most of the time this is undesirable. Please set +# it in /etc/conf.d/. +# To perform this cleanup manually for a stopped service, you can +# execute cgroup_cleanup with /etc/init.d/ cgroup_cleanup or +# rc-service cgroup_cleanup. +# rc_cgroup_cleanup="NO" diff --git a/config-archive/etc/rc.conf.5 b/config-archive/etc/rc.conf.5 index ae9e0cf..b9a9d6d 100644 --- a/config-archive/etc/rc.conf.5 +++ b/config-archive/etc/rc.conf.5 @@ -154,7 +154,7 @@ rc_sys="" rc_tty_number=12 # If you have cgroups turned on in your kernel, this switch controls -# whether or not a group for each controler is mounted under +# whether or not a group for each controller is mounted under # /sys/fs/cgroup. # Support for process management by cgroups is planned in the future, # so if you turn this off, be aware that you may not be able to use that diff --git a/config-archive/etc/rc.conf.6 b/config-archive/etc/rc.conf.6 index e0be8cb..ae9e0cf 100644 --- a/config-archive/etc/rc.conf.6 +++ b/config-archive/etc/rc.conf.6 @@ -1,8 +1,18 @@ # Global OpenRC configuration settings +# Set to "YES" if you want the rc system to try and start services +# in parallel for a slight speed improvement. When running in parallel we +# prefix the service output with its name as the output will get +# jumbled up. +# WARNING: whilst we have improved parallel, it can still potentially lock +# the boot process. Don't file bugs about this unless you can supply +# patches that fix it without breaking other things! +#rc_parallel="NO" + # Set rc_interactive to "YES" and you'll be able to press the I key during # boot so you can choose to start specific services. Set to "NO" to disable -# this feature. +# this feature. This feature is automatically disabled if rc_parallel is +# set to YES. #rc_interactive="YES" # If we need to drop to a shell, you can specify it here. @@ -84,6 +94,10 @@ unicode="YES" # These variables are documented here, but should be configured in # /etc/conf.d/foo for service foo and NOT enabled here unless you # really want them to work on a global basis. +# If your service has characters in its name which are not legal in +# shell variable names and you configure the variables for it in this +# file, those characters should be replaced with underscores in the +# variable names as shown below. # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. @@ -106,6 +120,13 @@ unicode="YES" #rc_foo_need="openvpn" #rc_foo_after="clock" +# Below is an example for service foo-bar. Note that the '-' is illegal +# in a shell variable name, so we convert it to an underscore. +# example for service foo-bar. +#rc_foo_bar_config="/etc/foo-bar" +#rc_foo_bar_need="openvpn" +#rc_foo_bar_after="clock" + # You can also remove dependencies. # This is mainly used for saying which servies do NOT provide net. #rc_net_tap0_provide="!net" @@ -122,9 +143,7 @@ unicode="YES" # "vserver" - Linux vserver # "xen0" - Xen0 Domain # "xenU" - XenU Domain -# If this is commented out, automatic detection will be attempted. -# Note that autodetection will not work in a prefix environment or in a -# linux container. +# If this is commented out, automatic detection will be used. # # This should be set to the value representing the environment this file is # PRESENTLY in, not the virtualization the environment is capable of. @@ -133,3 +152,11 @@ rc_sys="" # This is the number of tty's used in most of the rc-scripts (like # consolefont, numlock, etc ...) rc_tty_number=12 + +# If you have cgroups turned on in your kernel, this switch controls +# whether or not a group for each controler is mounted under +# /sys/fs/cgroup. +# Support for process management by cgroups is planned in the future, +# so if you turn this off, be aware that you may not be able to use that +# feature. +#rc_controller_cgroups="YES" diff --git a/config-archive/etc/rc.conf.7 b/config-archive/etc/rc.conf.7 new file mode 100644 index 0000000..e0be8cb --- /dev/null +++ b/config-archive/etc/rc.conf.7 @@ -0,0 +1,135 @@ +# Global OpenRC configuration settings + +# Set rc_interactive to "YES" and you'll be able to press the I key during +# boot so you can choose to start specific services. Set to "NO" to disable +# this feature. +#rc_interactive="YES" + +# If we need to drop to a shell, you can specify it here. +# If not specified we use $SHELL, otherwise the one specified in /etc/passwd, +# otherwise /bin/sh +# Linux users could specify /sbin/sulogin +rc_shell=/sbin/sulogin + +# Do we allow any started service in the runlevel to satisfy the dependency +# or do we want all of them regardless of state? For example, if net.eth0 +# and net.eth1 are in the default runlevel then with rc_depend_strict="NO" +# both will be started, but services that depend on 'net' will work if either +# one comes up. With rc_depend_strict="YES" we would require them both to +# come up. +#rc_depend_strict="YES" + +# rc_hotplug is a list of services that we allow to be hotplugged. +# By default we do not allow hotplugging. +# A hotplugged service is one started by a dynamic dev manager when a matching +# hardware device is found. +# This service is intrinsically included in the boot runlevel. +# To disable services, prefix with a ! +# Example - rc_hotplug="net.wlan !net.*" +# This allows net.wlan and any service not matching net.* to be plugged. +# Example - rc_hotplug="*" +# This allows all services to be hotplugged +#rc_hotplug="*" + +# rc_logger launches a logging daemon to log the entire rc process to +# /var/log/rc.log +# NOTE: Linux systems require the devfs service to be started before +# logging can take place and as such cannot log the sysinit runlevel. +rc_logger="YES" + +# Through rc_log_path you can specify a custom log file. +# The default value is: /var/log/rc.log +rc_log_path="/var/log/rc.log" + +# By default we filter the environment for our running scripts. To allow other +# variables through, add them here. Use a * to allow all variables through. +#rc_env_allow="VAR1 VAR2" + +# By default we assume that all daemons will start correctly. +# However, some do not - a classic example is that they fork and return 0 AND +# then child barfs on a configuration error. Or the daemon has a bug and the +# child crashes. You can set the number of milliseconds start-stop-daemon +# waits to check that the daemon is still running after starting here. +# The default is 0 - no checking. +#rc_start_wait=100 + +# rc_nostop is a list of services which will not stop when changing runlevels. +# This still allows the service itself to be stopped when called directly. +#rc_nostop="" + +# rc will attempt to start crashed services by default. +# However, it will not stop them by default as that could bring down other +# critical services. +#rc_crashed_stop=NO +#rc_crashed_start=YES + +############################################################################## +# MISC CONFIGURATION VARIABLES +# There variables are shared between many init scripts + +# Set unicode to YES to turn on unicode support for keyboards and screens. +unicode="YES" + +# Below is the default list of network fstypes. +# +# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# nfs nfs4 ocfs2 shfs smbfs +# +# If you would like to add to this list, you can do so by adding your +# own fstypes to the following variable. +#extra_net_fs_list="" + +############################################################################## +# SERVICE CONFIGURATION VARIABLES +# These variables are documented here, but should be configured in +# /etc/conf.d/foo for service foo and NOT enabled here unless you +# really want them to work on a global basis. + +# Some daemons are started and stopped via start-stop-daemon. +# We can set some things on a per service basis, like the nicelevel. +#export SSD_NICELEVEL="-19" + +# Pass ulimit parameters +#rc_ulimit="-u 30" + +# It's possible to define extra dependencies for services like so +#rc_config="/etc/foo" +#rc_need="openvpn" +#rc_use="net.eth0" +#rc_after="clock" +#rc_before="local" +#rc_provide="!net" + +# You can also enable the above commands here for each service. Below is an +# example for service foo. +#rc_foo_config="/etc/foo" +#rc_foo_need="openvpn" +#rc_foo_after="clock" + +# You can also remove dependencies. +# This is mainly used for saying which servies do NOT provide net. +#rc_net_tap0_provide="!net" + +############################################################################## +# LINUX SPECIFIC OPTIONS + +# This is the subsystem type. Valid options on Linux: +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain +# If this is commented out, automatic detection will be attempted. +# Note that autodetection will not work in a prefix environment or in a +# linux container. +# +# This should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +rc_sys="" + +# This is the number of tty's used in most of the rc-scripts (like +# consolefont, numlock, etc ...) +rc_tty_number=12 diff --git a/config-archive/etc/rc.conf.dist b/config-archive/etc/rc.conf.dist index 9209bc6..68ab997 100644 --- a/config-archive/etc/rc.conf.dist +++ b/config-archive/etc/rc.conf.dist @@ -117,6 +117,9 @@ unicode="YES" # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. #SSD_NICELEVEL="-19" +# Or the ionice level. The format is class[:data] , just like the +# --ionice start-stop-daemon parameter. +#SSD_IONICELEVEL="2:2" # Pass ulimit parameters # If you are using bash in POSIX mode for your shell, note that the @@ -146,36 +149,42 @@ unicode="YES" #rc_foo_bar_after="clock" # You can also remove dependencies. -# This is mainly used for saying which servies do NOT provide net. +# This is mainly used for saying which services do NOT provide net. #rc_net_tap0_provide="!net" -############################################################################## -# LINUX SPECIFIC OPTIONS - -# This is the subsystem type. Valid options on Linux: +# This is the subsystem type. +# It is used to match against keywords set by the keyword call in the +# depend function of service scripts. +# +# It should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +# If it is commented out, automatic detection will be used. +# +# The list below shows all possible settings as well as the host +# operating systems where they can be used and autodetected. +# # "" - nothing special -# "docker" - Docker container manager +# "docker" - Docker container manager (Linux) +# "jail" - Jail (DragonflyBSD or FreeBSD) # "lxc" - Linux Containers # "openvz" - Linux OpenVZ # "prefix" - Prefix -# "rkt" - CoreOS container management system +# "rkt" - CoreOS container management system (Linux) +# "subhurd" - Hurd subhurds (to be checked) +# "systemd-nspawn" - Container created by systemd-nspawn (Linux) # "uml" - Usermode Linux # "vserver" - Linux vserver -# "systemd-nspawn" - Container created by the systemd-nspawn utility -# "xen0" - Xen0 Domain -# "xenU" - XenU Domain -# If this is commented out, automatic detection will be used. -# -# This should be set to the value representing the environment this file is -# PRESENTLY in, not the virtualization the environment is capable of. +# "xen0" - Xen0 Domain (Linux and NetBSD) +# "xenU" - XenU Domain (Linux and NetBSD) #rc_sys="" -# This is the number of tty's used in most of the rc-scripts (like -# consolefont, numlock, etc ...) +# on Linux and Hurd, this is the number of ttys allocated for logins +# It is used in the consolefont, keymaps, numlock and termencoding +# service scripts. rc_tty_number=12 ############################################################################## -# CGROUPS RESOURCE MANAGEMENT +# LINUX CGROUPS RESOURCE MANAGEMENT # If you have cgroups turned on in your kernel, this switch controls # whether or not a group for each controller is mounted under @@ -230,7 +239,7 @@ rc_tty_number=12 # Set the pids controller settings for this service. #rc_cgroup_pids="" -# Set this to YES if yu want all of the processes in a service's cgroup +# Set this to YES if you want all of the processes in a service's cgroup # killed when the service is stopped or restarted. # This should not be set globally because it kills all of the service's # child processes, and most of the time this is undesirable. Please set diff --git a/config-archive/etc/services.dist b/config-archive/etc/services.dist new file mode 100644 index 0000000..d6b2bb4 --- /dev/null +++ b/config-archive/etc/services.dist @@ -0,0 +1,1192 @@ +# /etc/services +# +# Network services, Internet style +# +# Note that it is presently the policy of IANA to assign a single well-known +# port number for both TCP and UDP; hence, most entries here have two entries +# even if the protocol doesn't support UDP operations. +# +# Some References: +# http://www.iana.org/assignments/port-numbers +# http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services +# +# Each line describes one service, and is of the form: +# service-name port/protocol [aliases ...] [# comment] +# +# See services(5) for more info. +# + +# +# IANA Assignments [Well Known Ports] +# The Well Known Ports are assigned by the IANA and on most systems can +# only be used by system (or root) processes or by programs executed by +# privileged users. +# The range for assigned ports managed by the IANA is 0-1023. +# +tcpmux 1/tcp # TCP port service multiplexer +tcpmux 1/udp +compressnet 2/tcp # Management Utility +compressnet 2/udp +compressnet 3/tcp # Compression Process +compressnet 3/udp +rje 5/tcp # Remote Job Entry +rje 5/udp +echo 7/tcp # Echo +echo 7/udp +discard 9/tcp sink null # Discard +discard 9/udp sink null +systat 11/tcp users # Active Users +systat 11/udp users +daytime 13/tcp # Daytime (RFC 867) +daytime 13/udp +#netstat 15/tcp # (was once asssigned, no more) +qotd 17/tcp quote # Quote of the Day +qotd 17/udp quote +msp 18/tcp # Message Send Protocol +msp 18/udp +chargen 19/tcp ttytst source # Character Generator +chargen 19/udp ttytst source +ftp-data 20/tcp # File Transfer [Default Data] +ftp-data 20/udp +ftp 21/tcp # File Transfer [Control] +ftp 21/udp fsp fspd +ssh 22/tcp # SSH Remote Login Protocol +ssh 22/udp +telnet 23/tcp # Telnet +telnet 23/udp +# private 24/tcp # any private mail system +# private 24/udp +smtp 25/tcp mail # Simple Mail Transfer +smtp 25/udp +nsw-fe 27/tcp # NSW User System FE +nsw-fe 27/udp +msg-icp 29/tcp # MSG ICP +msg-icp 29/udp +msg-auth 31/tcp # MSG Authentication +msg-auth 31/udp +dsp 33/tcp # Display Support Protocol +dsp 33/udp +# private 35/tcp # any private printer server +# private 35/udp +time 37/tcp timserver +time 37/udp timserver +rap 38/tcp # Route Access Protocol +rap 38/udp +rlp 39/tcp resource # Resource Location Protocol +rlp 39/udp resource +graphics 41/tcp # Graphics +graphics 41/udp +nameserver 42/tcp name # Host Name Server +nameserver 42/udp name +nicname 43/tcp whois # Who Is +nicname 43/udp whois +mpm-flags 44/tcp # MPM FLAGS Protocol +mpm-flags 44/udp +mpm 45/tcp # Message Processing Module [recv] +mpm 45/udp +mpm-snd 46/tcp # MPM [default send] +mpm-snd 46/udp +ni-ftp 47/tcp # NI FTP +ni-ftp 47/udp +auditd 48/tcp # Digital Audit Daemon +auditd 48/udp +tacacs 49/tcp # Login Host Protocol (TACACS) +tacacs 49/udp +re-mail-ck 50/tcp # Remote Mail Checking Protocol +re-mail-ck 50/udp +domain 53/tcp # Domain Name Server +domain 53/udp +xns-ch 54/tcp # XNS Clearinghouse +xns-ch 54/udp +isi-gl 55/tcp # ISI Graphics Language +isi-gl 55/udp +xns-auth 56/tcp # XNS Authentication +xns-auth 56/udp +# private 57/tcp # any private terminal access +# private 57/udp +xns-mail 58/tcp # XNS Mail +xns-mail 58/udp +# private 59/tcp # any private file service +# private 59/udp +ni-mail 61/tcp # NI MAIL +ni-mail 61/udp +acas 62/tcp # ACA Services +acas 62/udp +whois++ 63/tcp # whois++ +whois++ 63/udp +covia 64/tcp # Communications Integrator (CI) +covia 64/udp +tacacs-ds 65/tcp # TACACS-Database Service +tacacs-ds 65/udp +sql*net 66/tcp # Oracle SQL*NET +sql*net 66/udp +bootps 67/tcp # Bootstrap Protocol Server (BOOTP) +bootps 67/udp +bootpc 68/tcp # Bootstrap Protocol Client (BOOTP) +bootpc 68/udp +tftp 69/tcp # Trivial File Transfer +tftp 69/udp +gopher 70/tcp # Gopher +gopher 70/udp +netrjs-1 71/tcp # Remote Job Service +netrjs-1 71/udp +netrjs-2 72/tcp +netrjs-2 72/udp +netrjs-3 73/tcp +netrjs-3 73/udp +netrjs-4 74/tcp +netrjs-4 74/udp +# private 75/tcp # any private dial out service +# private 75/udp +deos 76/tcp # Distributed External Object Store +deos 76/udp +# private 77/tcp # any private RJE service +# private 77/udp +vettcp 78/tcp # vettcp +vettcp 78/udp +finger 79/tcp # Finger +finger 79/udp +http 80/tcp www www-http # World Wide Web HTTP +http 80/udp www www-http +hosts2-ns 81/tcp # HOSTS2 Name Server +hosts2-ns 81/udp +xfer 82/tcp # XFER Utility +xfer 82/udp +mit-ml-dev 83/tcp # MIT ML Device +mit-ml-dev 83/udp +ctf 84/tcp # Common Trace Facility +ctf 84/udp +mit-ml-dev 85/tcp # MIT ML Device +mit-ml-dev 85/udp +mfcobol 86/tcp # Micro Focus Cobol +mfcobol 86/udp +# private 87/tcp # any private terminal link +# private 87/udp +kerberos 88/tcp kerberos5 krb5 # Kerberos +kerberos 88/udp kerberos5 krb5 +su-mit-tg 89/tcp # SU/MIT Telnet Gateway +su-mit-tg 89/udp +dnsix 90/tcp # DNSIX Securit Attribute Token Map +dnsix 90/udp +mit-dov 91/tcp # MIT Dover Spooler +mit-dov 91/udp +npp 92/tcp # Network Printing Protocol +npp 92/udp +dcp 93/tcp # Device Control Protocol +dcp 93/udp +objcall 94/tcp # Tivoli Object Dispatcher +objcall 94/udp +supdup 95/tcp # SUPDUP +supdup 95/udp +dixie 96/tcp # DIXIE Protocol Specification +dixie 96/udp +swift-rvf 97/tcp # Swift Remote Virtural File Protocol +swift-rvf 97/udp +tacnews 98/tcp linuxconf # TAC News +tacnews 98/udp +metagram 99/tcp # Metagram Relay +metagram 99/udp +#newacct 100/tcp # [unauthorized use] +hostname 101/tcp hostnames # NIC Host Name Server +hostname 101/udp hostnames +iso-tsap 102/tcp tsap # ISO-TSAP Class 0 +iso-tsap 102/udp tsap +gppitnp 103/tcp # Genesis Point-to-Point Trans Net +gppitnp 103/udp +acr-nema 104/tcp # ACR-NEMA Digital Imag. & Comm. 300 +acr-nema 104/udp +cso 105/tcp csnet-ns cso-ns # CCSO name server protocol +cso 105/udp csnet-ns cso-ns +3com-tsmux 106/tcp poppassd # 3COM-TSMUX +3com-tsmux 106/udp poppassd # Eudora: Unauthorized use by insecure poppassd protocol +rtelnet 107/tcp # Remote Telnet Service +rtelnet 107/udp +snagas 108/tcp # SNA Gateway Access Server +snagas 108/udp +pop2 109/tcp pop-2 postoffice# Post Office Protocol - Version 2 +pop2 109/udp pop-2 +pop3 110/tcp pop-3 # Post Office Protocol - Version 3 +pop3 110/udp pop-3 +sunrpc 111/tcp portmapper rpcbind # SUN Remote Procedure Call +sunrpc 111/udp portmapper rpcbind +mcidas 112/tcp # McIDAS Data Transmission Protocol +mcidas 112/udp +auth 113/tcp authentication tap ident # Authentication Service +auth 113/udp +sftp 115/tcp # Simple File Transfer Protocol +sftp 115/udp +ansanotify 116/tcp # ANSA REX Notify +ansanotify 116/udp +uucp-path 117/tcp # UUCP Path Service +uucp-path 117/udp +sqlserv 118/tcp # SQL Services +sqlserv 118/udp +nntp 119/tcp readnews untp # Network News Transfer Protocol +nntp 119/udp readnews untp +cfdptkt 120/tcp # CFDPTKT +cfdptkt 120/udp +erpc 121/tcp # Encore Expedited Remote Pro.Call +erpc 121/udp +smakynet 122/tcp # SMAKYNET +smakynet 122/udp +ntp 123/tcp # Network Time Protocol +ntp 123/udp +ansatrader 124/tcp # ANSA REX Trader +ansatrader 124/udp +locus-map 125/tcp # Locus PC-Interface Net Map Ser +locus-map 125/udp +nxedit 126/tcp unitary # NXEdit +nxedit 126/udp unitary # Unisys Unitary Login +locus-con 127/tcp # Locus PC-Interface Conn Server +locus-con 127/udp +gss-xlicen 128/tcp # GSS X License Verification +gss-xlicen 128/udp +pwdgen 129/tcp # Password Generator Protocol +pwdgen 129/udp +cisco-fna 130/tcp # cisco FNATIVE +cisco-fna 130/udp +cisco-tna 131/tcp # cisco TNATIVE +cisco-tna 131/udp +cisco-sys 132/tcp # cisco SYSMAINT +cisco-sys 132/udp +statsrv 133/tcp # Statistics Service +statsrv 133/udp +ingres-net 134/tcp # INGRES-NET Service +ingres-net 134/udp +epmap 135/tcp loc-srv # DCE endpoint resolution +epmap 135/udp loc-srv +profile 136/tcp # PROFILE Naming System +profile 136/udp +netbios-ns 137/tcp # NETBIOS Name Service +netbios-ns 137/udp +netbios-dgm 138/tcp # NETBIOS Datagram Service +netbios-dgm 138/udp +netbios-ssn 139/tcp # NETBIOS Session Service +netbios-ssn 139/udp +emfis-data 140/tcp # EMFIS Data Service +emfis-data 140/udp +emfis-cntl 141/tcp # EMFIS Control Service +emfis-cntl 141/udp +imap 143/tcp imap2 # Internet Message Access Protocol +imap 143/udp imap2 +uma 144/tcp # Universal Management Architecture +uma 144/udp +uaac 145/tcp # UAAC Protocol +uaac 145/udp +iso-tp0 146/tcp # ISO-TP0 +iso-tp0 146/udp +iso-ip 147/tcp # ISO-IP +iso-ip 147/udp +jargon 148/tcp # Jargon +jargon 148/udp +aed-512 149/tcp # AED 512 Emulation Service +aed-512 149/udp +sql-net 150/tcp # SQL-NET +sql-net 150/udp +hems 151/tcp # HEMS +hems 151/udp +bftp 152/tcp # Background File Transfer Program +bftp 152/udp +sgmp 153/tcp # SGMP +sgmp 153/udp +netsc-prod 154/tcp # NETSC +netsc-prod 154/udp +netsc-dev 155/tcp +netsc-dev 155/udp +sqlsrv 156/tcp # SQL Service +sqlsrv 156/udp +knet-cmp 157/tcp # KNET/VM Command/Message Protocol +knet-cmp 157/udp +pcmail-srv 158/tcp # PCMail Server +pcmail-srv 158/udp +nss-routing 159/tcp # NSS-Routing +nss-routing 159/udp +sgmp-traps 160/tcp # SGMP-TRAPS +sgmp-traps 160/udp +snmp 161/tcp # Simple Net Mgmt Proto +snmp 161/udp +snmptrap 162/tcp snmp-trap # Traps for SNMP +snmptrap 162/udp snmp-trap +cmip-man 163/tcp # CMIP/TCP Manager +cmip-man 163/udp +cmip-agent 164/tcp # CMIP/TCP Agent +cmip-agent 164/udp +xns-courier 165/tcp # Xerox +xns-courier 165/udp +s-net 166/tcp # Sirius Systems +s-net 166/udp +namp 167/tcp # NAMP +namp 167/udp +rsvd 168/tcp # RSVD +rsvd 168/udp +send 169/tcp # SEND +send 169/udp +print-srv 170/tcp # Network PostScript +print-srv 170/udp +multiplex 171/tcp # Network Innovations Multiplex +multiplex 171/udp +cl/1 172/tcp # Network Innovations CL/1 +cl/1 172/udp +xyplex-mux 173/tcp # Xyplex +xyplex-mux 173/udp +mailq 174/tcp # Mailer transport queue for Zmailer +mailq 174/udp +vmnet 175/tcp # VMNET +vmnet 175/udp +genrad-mux 176/tcp # GENRAD-MUX +genrad-mux 176/udp +xdmcp 177/tcp # X Display Manager Control Protocol +xdmcp 177/udp +nextstep 178/tcp NeXTStep NextStep# NextStep Window Server +nextstep 178/udp NeXTStep NextStep +bgp 179/tcp # Border Gateway Protocol +bgp 179/udp +ris 180/tcp # Intergraph +ris 180/udp +unify 181/tcp # Unify +unify 181/udp +audit 182/tcp # Unisys Audit SITP +audit 182/udp +ocbinder 183/tcp # OCBinder +ocbinder 183/udp +ocserver 184/tcp # OCServer +ocserver 184/udp +remote-kis 185/tcp # Remote-KIS +remote-kis 185/udp +kis 186/tcp # KIS Protocol +kis 186/udp +aci 187/tcp # Application Communication Interface +aci 187/udp +mumps 188/tcp # Plus Five's MUMPS +mumps 188/udp +qft 189/tcp # Queued File Transport +qft 189/udp +gacp 190/tcp # Gateway Access Control Protocol +gacp 190/udp +prospero 191/tcp # Prospero Directory Service +prospero 191/udp +osu-nms 192/tcp # OSU Network Monitoring System +osu-nms 192/udp +srmp 193/tcp # Spider Remote Monitoring Protocol +srmp 193/udp +irc 194/tcp # Internet Relay Chat Protocol +irc 194/udp +dn6-nlm-aud 195/tcp # DNSIX Network Level Module Audit +dn6-nlm-aud 195/udp +dn6-smm-red 196/tcp # DNSIX Session Mgt Module Audit Redir +dn6-smm-red 196/udp +dls 197/tcp # Directory Location Service +dls 197/udp +dls-mon 198/tcp # Directory Location Service Monitor +dls-mon 198/udp +smux 199/tcp # SNMP Unix Multiplexer +smux 199/udp +src 200/tcp # IBM System Resource Controller +src 200/udp +at-rtmp 201/tcp # AppleTalk Routing Maintenance +at-rtmp 201/udp +at-nbp 202/tcp # AppleTalk Name Binding +at-nbp 202/udp +at-echo 204/tcp # AppleTalk Echo +at-echo 204/udp +at-zis 206/tcp # AppleTalk Zone Information +at-zis 206/udp +qmtp 209/tcp # The Quick Mail Transfer Protocol +qmtp 209/udp +z39.50 210/tcp wais z3950 # ANSI Z39.50 +z39.50 210/udp wais z3950 +914c/g 211/tcp # Texas Instruments 914C/G Terminal +914c/g 211/udp +anet 212/tcp # ATEXSSTR +anet 212/udp +ipx 213/tcp # IPX +ipx 213/udp +imap3 220/tcp # Interactive Mail Access +imap3 220/udp +link 245/tcp # ttylink +link 245/udp +pawserv 345/tcp # Perf Analysis Workbench +pawserv 345/udp +zserv 346/tcp # Zebra server +zserv 346/udp +fatserv 347/tcp # Fatmen Server +fatserv 347/udp +scoi2odialog 360/tcp # scoi2odialog +scoi2odialog 360/udp +semantix 361/tcp # Semantix +semantix 361/udp +srssend 362/tcp # SRS Send +srssend 362/udp +rsvp_tunnel 363/tcp # RSVP Tunnel +rsvp_tunnel 363/udp +aurora-cmgr 364/tcp # Aurora CMGR +aurora-cmgr 364/udp +dtk 365/tcp # Deception Tool Kit +dtk 365/udp +odmr 366/tcp # ODMR +odmr 366/udp +rpc2portmap 369/tcp # Coda portmapper +rpc2portmap 369/udp +codaauth2 370/tcp # Coda authentication server +codaauth2 370/udp +clearcase 371/tcp # Clearcase +clearcase 371/udp +ulistproc 372/tcp ulistserv # UNIX Listserv +ulistproc 372/udp ulistserv +ldap 389/tcp # Lightweight Directory Access Protocol +ldap 389/udp +imsp 406/tcp # Interactive Mail Support Protocol +imsp 406/udp +svrloc 427/tcp # Server Location +svrloc 427/udp +mobileip-agent 434/tcp # MobileIP-Agent +mobileip-agent 434/udp +mobilip-mn 435/tcp # MobilIP-MN +mobilip-mn 435/udp +https 443/tcp # MCom +https 443/udp +snpp 444/tcp # Simple Network Paging Protocol +snpp 444/udp +microsoft-ds 445/tcp Microsoft-DS +microsoft-ds 445/udp Microsoft-DS +kpasswd 464/tcp kpwd # Kerberos "passwd" +kpasswd 464/udp kpwd +urd 465/tcp smtps ssmtp # URL Rendesvous Directory for SSM / smtp protocol over TLS/SSL +igmpv3lite 465/udp smtps ssmtp # IGMP over UDP for SSM +photuris 468/tcp +photuris 468/udp +rcp 469/tcp # Radio Control Protocol +rcp 469/udp +saft 487/tcp # Simple Asynchronous File Transfer +saft 487/udp +gss-http 488/tcp +gss-http 488/udp +pim-rp-disc 496/tcp +pim-rp-disc 496/udp +isakmp 500/tcp # IPsec - Internet Security Association and Key Management Protocol +isakmp 500/udp +exec 512/tcp # remote process execution +comsat 512/udp biff # notify users of new mail received +login 513/tcp # remote login a la telnet +who 513/udp whod # who's logged in to machines +shell 514/tcp cmd # no passwords used +syslog 514/udp +printer 515/tcp spooler # line printer spooler +printer 515/udp spooler +videotex 516/tcp +videotex 516/udp +talk 517/tcp # like tenex link +talk 517/udp +ntalk 518/tcp +ntalk 518/udp +utime 519/tcp unixtime +utime 519/udp unixtime +efs 520/tcp # extended file name server +router 520/udp route routed # local routing process +ripng 521/tcp +ripng 521/udp +ulp 522/tcp +ulp 522/udp +ibm-db2 523/tcp +ibm-db2 523/udp +ncp 524/tcp +ncp 524/udp +timed 525/tcp timeserver +timed 525/udp timeserver +tempo 526/tcp newdate +tempo 526/udp newdate +courier 530/tcp rpc +courier 530/udp rpc +conference 531/tcp chat +conference 531/udp chat +netnews 532/tcp readnews +netnews 532/udp readnews +netwall 533/tcp # -for emergency broadcasts +netwall 533/udp +mm-admin 534/tcp # MegaMedia Admin +mm-admin 534/udp +iiop 535/tcp +iiop 535/udp +opalis-rdv 536/tcp +opalis-rdv 536/udp +nmsp 537/tcp # Networked Media Streaming Protocol +nmsp 537/udp +gdomap 538/tcp # GNUstep distributed objects +gdomap 538/udp +uucp 540/tcp uucpd # uucp daemon +uucp 540/udp uucpd +klogin 543/tcp # Kerberized `rlogin' (v5) +klogin 543/udp +kshell 544/tcp krcmd # Kerberized `rsh' (v5) +kshell 544/udp krcmd +appleqtcsrvr 545/tcp +appleqtcsrvr 545/udp +dhcpv6-client 546/tcp # DHCPv6 Client +dhcpv6-client 546/udp +dhcpv6-server 547/tcp # DHCPv6 Server +dhcpv6-server 547/udp +afpovertcp 548/tcp # AFP over TCP +afpovertcp 548/udp +rtsp 554/tcp # Real Time Stream Control Protocol +rtsp 554/udp +dsf 555/tcp +dsf 555/udp +remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem +remotefs 556/udp rfs_server rfs +nntps 563/tcp snntp # NNTP over SSL +nntps 563/udp snntp +9pfs 564/tcp # plan 9 file service +9pfs 564/udp +whoami 565/tcp +whoami 565/udp +submission 587/tcp # mail message submission +submission 587/udp +http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate +http-alt 591/udp +nqs 607/tcp # Network Queuing system +nqs 607/udp +npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS +npmp-local 610/udp dqs313_qmaster +npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS +npmp-gui 611/udp dqs313_execd +hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS +hmmp-ind 612/udp dqs313_intercell +cryptoadmin 624/tcp # Crypto Admin +cryptoadmin 624/udp +dec_dlm 625/tcp # DEC DLM +dec_dlm 625/udp +asia 626/tcp +asia 626/udp +passgo-tivoli 627/tcp # PassGo Tivoli +passgo-tivoli 627/udp +qmqp 628/tcp # Qmail QMQP +qmqp 628/udp +3com-amp3 629/tcp +3com-amp3 629/udp +rda 630/tcp +rda 630/udp +ipp 631/tcp # Internet Printing Protocol +ipp 631/udp +ldaps 636/tcp # LDAP over SSL +ldaps 636/udp +tinc 655/tcp # TINC control port +tinc 655/udp +acap 674/tcp # Application Configuration Access Protocol +acap 674/udp +asipregistry 687/tcp +asipregistry 687/udp +realm-rusd 688/tcp # ApplianceWare managment protocol +realm-rusd 688/udp +nmap 689/tcp # Opensource Network Mapper +nmap 689/udp +ha-cluster 694/tcp # Heartbeat HA-cluster +ha-cluster 694/udp +epp 700/tcp # Extensible Provisioning Protocol +epp 700/udp +iris-beep 702/tcp # IRIS over BEEP +iris-beep 702/udp +silc 706/tcp # SILC +silc 706/udp +kerberos-adm 749/tcp # Kerberos `kadmin' (v5) +kerberos-adm 749/udp +kerberos-iv 750/tcp kerberos4 kdc # Kerberos (server) +kerberos-iv 750/udp kerberos4 kdc +pump 751/tcp kerberos_master +pump 751/udp kerberos_master # Kerberos authentication +qrh 752/tcp passwd_server +qrh 752/udp passwd_server # Kerberos passwd server +rrh 753/tcp +rrh 753/udp +tell 754/tcp send krb_prop krb5_prop # Kerberos slave propagation +tell 754/udp send +nlogin 758/tcp +nlogin 758/udp +con 759/tcp +con 759/udp +ns 760/tcp krbupdate kreg # Kerberos registration +ns 760/udp +webster 765/tcp # Network dictionary +webster 765/udp +phonebook 767/tcp # Network phonebook +phonebook 767/udp +rsync 873/tcp # rsync +rsync 873/udp +ftps-data 989/tcp # ftp protocol, data, over TLS/SSL +ftps-data 989/udp +ftps 990/tcp # ftp protocol, control, over TLS/SSL +ftps 990/udp +nas 991/tcp # Netnews Administration System +nas 991/udp +telnets 992/tcp # telnet protocol over TLS/SSL +telnets 992/udp +imaps 993/tcp # imap4 protocol over TLS/SSL +imaps 993/udp +ircs 994/tcp # irc protocol over TLS/SSL +ircs 994/udp +pop3s 995/tcp # pop3 protocol over TLS/SSL +pop3s 995/udp + +# +# IANA Assignments [Registered Ports] +# +# The Registered Ports are listed by the IANA and on most systems can be +# used by ordinary user processes or programs executed by ordinary +# users. +# Ports are used in the TCP [RFC793] to name the ends of logical +# connections which carry long term conversations. For the purpose of +# providing services to unknown callers, a service contact port is +# defined. This list specifies the port used by the server process as +# its contact port. +# The IANA registers uses of these ports as a convenience to the +# community. +# To the extent possible, these same port assignments are used with the +# UDP [RFC768]. +# The Registered Ports are in the range 1024-49151. +# +imgames 1077/tcp +imgames 1077/udp +socks 1080/tcp # socks proxy server +socks 1080/udp +rmiregistry 1099/tcp # Java RMI Registry +rmiregistry 1099/udp +bnetgame 1119/tcp # Battle.net Chat/Game Protocol +bnetgame 1119/udp +bnetfile 1120/tcp # Battle.net File Transfer Protocol +bnetfile 1120/udp +hpvmmcontrol 1124/tcp # HP VMM Control +hpvmmcontrol 1124/udp +hpvmmagent 1125/tcp # HP VMM Agent +hpvmmagent 1125/udp +hpvmmdata 1126/tcp # HP VMM Agent +hpvmmdata 1126/udp +resacommunity 1154/tcp # Community Service +resacommunity 1154/udp +3comnetman 1181/tcp # 3Com Net Management +3comnetman 1181/udp +mysql-cluster 1186/tcp # MySQL Cluster Manager +mysql-cluster 1186/udp +alias 1187/tcp # Alias Service +alias 1187/udp +openvpn 1194/tcp # OpenVPN +openvpn 1194/udp +kazaa 1214/tcp # KAZAA +kazaa 1214/udp +bvcontrol 1236/tcp rmtcfg # Gracilis Packeten remote config server +bvcontrol 1236/udp rmtcfg +nessus 1241/tcp # Nessus vulnerability assessment scanner +nessus 1241/udp +h323hostcallsc 1300/tcp # H323 Host Call Secure +h323hostcallsc 1300/udp +lotusnote 1352/tcp # Lotus Note +lotusnote 1352/udp +ms-sql-s 1433/tcp # Microsoft-SQL-Server +ms-sql-s 1433/udp +ms-sql-m 1434/tcp # Microsoft-SQL-Monitor +ms-sql-m 1434/udp +ica 1494/tcp # Citrix ICA Client +ica 1494/udp +wins 1512/tcp # Microsoft's Windows Internet Name Service +wins 1512/udp +ingreslock 1524/tcp +ingreslock 1524/udp +prospero-np 1525/tcp # Prospero non-privileged +prospero-np 1525/udp +datametrics 1645/tcp old-radius # datametrics / old radius entry +datametrics 1645/udp old-radius +sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry +sa-msg-port 1646/udp old-radacct +rsap 1647/tcp +rsap 1647/udp +concurrent-lm 1648/tcp +concurrent-lm 1648/udp +kermit 1649/tcp +kermit 1649/udp +groupwise 1677/tcp +groupwise 1677/udp +l2tp 1701/tcp +l2tp 1701/udp +h323gatedisc 1718/tcp +h323gatedisc 1718/udp +h323gatestat 1719/tcp +h323gatestat 1719/udp +h323hostcall 1720/tcp +h323hostcall 1720/udp +iberiagames 1726/tcp +iberiagames 1726/udp +gamegen1 1738/tcp +gamegen1 1738/udp +tftp-mcast 1758/tcp +tftp-mcast 1758/udp +hello 1789/tcp +hello 1789/udp +radius 1812/tcp # Radius +radius 1812/udp +radius-acct 1813/tcp radacct # Radius Accounting +radius-acct 1813/udp radacct +mtp 1911/tcp # Starlight Networks Multimedia Transport Protocol +mtp 1911/udp +egs 1926/tcp # Evolution Game Server +egs 1926/udp +unix-status 1957/tcp # remstats unix-status server +unix-status 1957/udp +hsrp 1985/tcp # Hot Standby Router Protocol +hsrp 1985/udp +licensedaemon 1986/tcp # cisco license management +licensedaemon 1986/udp +tr-rsrb-p1 1987/tcp # cisco RSRB Priority 1 port +tr-rsrb-p1 1987/udp +tr-rsrb-p2 1988/tcp # cisco RSRB Priority 2 port +tr-rsrb-p2 1988/udp +tr-rsrb-p3 1989/tcp # cisco RSRB Priority 3 port +tr-rsrb-p3 1989/udp +stun-p1 1990/tcp # cisco STUN Priority 1 port +stun-p1 1990/udp +stun-p2 1991/tcp # cisco STUN Priority 2 port +stun-p2 1991/udp +stun-p3 1992/tcp # cisco STUN Priority 3 port +stun-p3 1992/udp +snmp-tcp-port 1994/tcp # cisco SNMP TCP port +snmp-tcp-port 1994/udp +stun-port 1995/tcp # cisco serial tunnel port +stun-port 1995/udp +perf-port 1996/tcp # cisco Remote SRB port +perf-port 1996/udp +gdp-port 1997/tcp # cisco Gateway Discovery Protocol +gdp-port 1997/udp +x25-svc-port 1998/tcp # cisco X.25 service (XOT) +x25-svc-port 1998/udp +tcp-id-port 1999/tcp # cisco identification port +tcp-id-port 1999/udp +cisco-sccp 2000/tcp # Cisco SCCP +cisco-sccp 2000/udp +nfs 2049/tcp # Network File System +nfs 2049/udp +radsec 2083/tcp # Secure Radius Service +radsec 2083/udp +gnunet 2086/tcp # GNUnet +gnunet 2086/udp +rtcm-sc104 2101/tcp # RTCM SC-104 +rtcm-sc104 2101/udp +zephyr-srv 2102/tcp # Zephyr server +zephyr-srv 2102/udp +zephyr-clt 2103/tcp # Zephyr serv-hm connection +zephyr-clt 2103/udp +zephyr-hm 2104/tcp # Zephyr hostmanager +zephyr-hm 2104/udp +eyetv 2170/tcp # EyeTV Server Port +eyetv 2170/udp +msfw-storage 2171/tcp # MS Firewall Storage +msfw-storage 2171/udp +msfw-s-storage 2172/tcp # MS Firewall SecureStorage +msfw-s-storage 2172/udp +msfw-replica 2173/tcp # MS Firewall Replication +msfw-replica 2173/udp +msfw-array 2174/tcp # MS Firewall Intra Array +msfw-array 2174/udp +airsync 2175/tcp # Microsoft Desktop AirSync Protocol +airsync 2175/udp +rapi 2176/tcp # Microsoft ActiveSync Remote API +rapi 2176/udp +qwave 2177/tcp # qWAVE Bandwidth Estimate +qwave 2177/udp +tivoconnect 2190/tcp # TiVoConnect Beacon +tivoconnect 2190/udp +tvbus 2191/tcp # TvBus Messaging +tvbus 2191/udp +mysql-im 2273/tcp # MySQL Instance Manager +mysql-im 2273/udp +dict-lookup 2289/tcp # Lookup dict server +dict-lookup 2289/udp +redstorm_join 2346/tcp # Game Connection Port +redstorm_join 2346/udp +redstorm_find 2347/tcp # Game Announcement and Location +redstorm_find 2347/udp +redstorm_info 2348/tcp # Information to query for game status +redstorm_info 2348/udp +cvspserver 2401/tcp # CVS client/server operations +cvspserver 2401/udp +venus 2430/tcp # codacon port +venus 2430/udp +venus-se 2431/tcp # tcp side effects +venus-se 2431/udp +codasrv 2432/tcp # not used +codasrv 2432/udp +codasrv-se 2433/tcp # tcp side effects +codasrv-se 2433/udp +netadmin 2450/tcp +netadmin 2450/udp +netchat 2451/tcp +netchat 2451/udp +snifferclient 2452/tcp +snifferclient 2452/udp +ppcontrol 2505/tcp # PowerPlay Control +ppcontrol 2505/udp +lstp 2559/tcp # +lstp 2559/udp +mon 2583/tcp +mon 2583/udp +hpstgmgr 2600/tcp zebrasrv +hpstgmgr 2600/udp zebrasrv +discp-client 2601/tcp zebra # discp client +discp-client 2601/udp zebra +discp-server 2602/tcp ripd # discp server +discp-server 2602/udp ripd +servicemeter 2603/tcp ripngd # Service Meter +servicemeter 2603/udp ripngd +nsc-ccs 2604/tcp ospfd # NSC CCS +nsc-ccs 2604/udp ospfd +nsc-posa 2605/tcp bgpd # NSC POSA +nsc-posa 2605/udp bgpd +netmon 2606/tcp ospf6d # Dell Netmon +netmon 2606/udp ospf6d +connection 2607/tcp # Dell Connection +connection 2607/udp +wag-service 2608/tcp # Wag Service +wag-service 2608/udp +dict 2628/tcp # Dictionary server +dict 2628/udp +exce 2769/tcp # eXcE +exce 2769/udp +dvr-esm 2804/tcp # March Networks Digital Video Recorders and Enterprise Service Manager products +dvr-esm 2804/udp +corbaloc 2809/tcp # CORBA LOC +corbaloc 2809/udp +ndtp 2882/tcp # Network Dictionary Transfer Protocol +ndtp 2882/udp +gamelobby 2914/tcp # Game Lobby +gamelobby 2914/udp +gds_db 3050/tcp # InterBase server +gds_db 3050/udp +xbox 3074/tcp # Xbox game port +xbox 3074/udp +icpv2 3130/tcp icp # Internet Cache Protocol (Squid) +icpv2 3130/udp icp +nm-game-admin 3148/tcp # NetMike Game Administrator +nm-game-admin 3148/udp +nm-game-server 3149/tcp # NetMike Game Server +nm-game-server 3149/udp +mysql 3306/tcp # MySQL +mysql 3306/udp +sftu 3326/tcp +sftu 3326/udp +trnsprntproxy 3346/tcp # Transparent Proxy +trnsprntproxy 3346/udp +ms-wbt-server 3389/tcp rdp # MS WBT Server +ms-wbt-server 3389/udp rdp # Microsoft Remote Desktop Protocol +prsvp 3455/tcp # RSVP Port +prsvp 3455/udp +nut 3493/tcp # Network UPS Tools +nut 3493/udp +ironstorm 3504/tcp # IronStorm game server +ironstorm 3504/udp +cctv-port 3559/tcp # CCTV control port +cctv-port 3559/udp +iw-mmogame 3596/tcp # Illusion Wireless MMOG +iw-mmogame 3596/udp +distcc 3632/tcp # Distributed Compiler +distcc 3632/udp +daap 3689/tcp # Digital Audio Access Protocol +daap 3689/udp +svn 3690/tcp # Subversion +svn 3690/udp +blizwow 3724/tcp # World of Warcraft +blizwow 3724/udp +netboot-pxe 3928/tcp pxe # PXE NetBoot Manager +netboot-pxe 3928/udp pxe +smauth-port 3929/tcp # AMS Port +smauth-port 3929/udp +treehopper 3959/tcp # Tree Hopper Networking +treehopper 3959/udp +cobraclient 3970/tcp # Cobra Client +cobraclient 3970/udp +cobraserver 3971/tcp # Cobra Server +cobraserver 3971/udp +pxc-spvr-ft 4002/tcp pxc-spvr-ft +pxc-spvr-ft 4002/udp pxc-spvr-ft +pxc-splr-ft 4003/tcp pxc-splr-ft rquotad +pxc-splr-ft 4003/udp pxc-splr-ft rquotad +pxc-roid 4004/tcp pxc-roid +pxc-roid 4004/udp pxc-roid +pxc-pin 4005/tcp pxc-pin +pxc-pin 4005/udp pxc-pin +pxc-spvr 4006/tcp pxc-spvr +pxc-spvr 4006/udp pxc-spvr +pxc-splr 4007/tcp pxc-splr +pxc-splr 4007/udp pxc-splr +xgrid 4111/tcp # Mac OS X Server Xgrid +xgrid 4111/udp +bzr 4155/tcp # Bazaar Version Control System +bzr 4155/udp # Bazaar version control system +sieve 4190/tcp # ManageSieve Protocol +sieve 4190/udp +rwhois 4321/tcp # Remote Who Is +rwhois 4321/udp +epmd 4369/tcp # Erlang Port Mapper Daemon +epmd 4369/udp +krb524 4444/tcp +krb524 4444/udp +ipsec-nat-t 4500/tcp # IPsec NAT-Traversal +ipsec-nat-t 4500/udp +hylafax 4559/tcp # HylaFAX client-server protocol (new) +hylafax 4559/udp +piranha1 4600/tcp +piranha1 4600/udp +playsta2-app 4658/tcp # PlayStation2 App Port +playsta2-app 4658/udp +playsta2-lob 4659/tcp # PlayStation2 Lobby Port +playsta2-lob 4659/udp +snap 4752/tcp # Simple Network Audio Protocol +snap 4752/udp +radmin-port 4899/tcp # RAdmin Port +radmin-port 4899/udp +rfe 5002/tcp # Radio Free Ethernet +rfe 5002/udp +ita-agent 5051/tcp # ITA Agent +ita-agent 5051/udp +sdl-ets 5081/tcp # SDL - Ent Trans Server +sdl-ets 5081/udp +bzflag 5154/tcp # BZFlag game server +bzflag 5154/udp +aol 5190/tcp # America-Online +aol 5190/udp +xmpp-client 5222/tcp # XMPP Client Connection +xmpp-client 5222/udp +caevms 5251/tcp # CA eTrust VM Service +caevms 5251/udp +xmpp-server 5269/tcp # XMPP Server Connection +xmpp-server 5269/udp +cfengine 5308/tcp # CFengine +cfengine 5308/udp +nat-pmp 5351/tcp # NAT Port Mapping Protocol +nat-pmp 5351/udp +dns-llq 5352/tcp # DNS Long-Lived Queries +dns-llq 5352/udp +mdns 5353/tcp # Multicast DNS +mdns 5353/udp +mdnsresponder 5354/tcp noclog # Multicast DNS Responder IPC +mdnsresponder 5354/udp noclog # noclogd with TCP (nocol) +llmnr 5355/tcp hostmon # Link-Local Multicast Name Resolution +llmnr 5355/udp hostmon # hostmon uses TCP (nocol) +dj-ice 5419/tcp +dj-ice 5419/udp +beyond-remote 5424/tcp # Beyond Remote +beyond-remote 5424/udp +br-channel 5425/tcp # Beyond Remote Command Channel +br-channel 5425/udp +postgresql 5432/tcp # POSTGRES +postgresql 5432/udp +sgi-eventmond 5553/tcp # SGI Eventmond Port +sgi-eventmond 5553/udp +sgi-esphttp 5554/tcp # SGI ESP HTTP +sgi-esphttp 5554/udp +cvsup 5999/tcp # CVSup +cvsup 5999/udp +x11 6000/tcp # X Window System +x11 6000/udp +kftp-data 6620/tcp # Kerberos V5 FTP Data +kftp-data 6620/udp +kftp 6621/tcp # Kerberos V5 FTP Control +kftp 6621/udp +ktelnet 6623/tcp # Kerberos V5 Telnet +ktelnet 6623/udp +gnutella-svc 6346/tcp +gnutella-svc 6346/udp +gnutella-rtr 6347/tcp +gnutella-rtr 6347/udp +sane-port 6566/tcp # SANE Network Scanner Control Port +sane-port 6566/udp +parsec-game 6582/tcp # Parsec Gameserver +parsec-game 6582/udp +afs3-fileserver 7000/tcp bbs # file server itself +afs3-fileserver 7000/udp bbs +afs3-callback 7001/tcp # callbacks to cache managers +afs3-callback 7001/udp +afs3-prserver 7002/tcp # users & groups database +afs3-prserver 7002/udp +afs3-vlserver 7003/tcp # volume location database +afs3-vlserver 7003/udp +afs3-kaserver 7004/tcp # AFS/Kerberos authentication +afs3-kaserver 7004/udp +afs3-volser 7005/tcp # volume managment server +afs3-volser 7005/udp +afs3-errors 7006/tcp # error interpretation service +afs3-errors 7006/udp +afs3-bos 7007/tcp # basic overseer process +afs3-bos 7007/udp +afs3-update 7008/tcp # server-to-server updater +afs3-update 7008/udp +afs3-rmtsys 7009/tcp # remote cache manager service +afs3-rmtsys 7009/udp +font-service 7100/tcp xfs # X Font Service +font-service 7100/udp xfs +sncp 7560/tcp # Sniffer Command Protocol +sncp 7560/udp +soap-http 7627/tcp # SOAP Service Port +soap-http 7627/udp +http-alt 8008/tcp # HTTP Alternate +http-alt 8008/udp +http-alt 8080/tcp webcache # HTTP Alternate +http-alt 8080/udp webcache # WWW caching service +sunproxyadmin 8081/tcp tproxy # Sun Proxy Admin Service +sunproxyadmin 8081/udp tproxy # Transparent Proxy +pichat 9009/tcp # Pichat Server +pichat 9009/udp +bacula-dir 9101/tcp # Bacula Director +bacula-dir 9101/udp +bacula-fd 9102/tcp # Bacula File Daemon +bacula-fd 9102/udp +bacula-sd 9103/tcp # Bacula Storage Daemon +bacula-sd 9103/udp +dddp 9131/tcp # Dynamic Device Discovery +dddp 9131/udp +wap-wsp 9200/tcp # WAP connectionless session service +wap-wsp 9200/udp +wap-wsp-wtp 9201/tcp # WAP session service +wap-wsp-wtp 9201/udp +wap-wsp-s 9202/tcp # WAP secure connectionless session service +wap-wsp-s 9202/udp +wap-wsp-wtp-s 9203/tcp # WAP secure session service +wap-wsp-wtp-s 9203/udp +wap-vcard 9204/tcp # WAP vCard +wap-vcard 9204/udp +wap-vcal 9205/tcp # WAP vCal +wap-vcal 9205/udp +wap-vcard-s 9206/tcp # WAP vCard Secure +wap-vcard-s 9206/udp +wap-vcal-s 9207/tcp # WAP vCal Secure +wap-vcal-s 9207/udp +git 9418/tcp # git pack transfer service +git 9418/udp +cba8 9593/tcp # LANDesk Management Agent +cba8 9593/udp +davsrc 9800/tcp # WebDav Source Port +davsrc 9800/udp +sqlexec 9088/tcp # IBM Informix SQL Interface +sqlexec 9088/udp +sqlexec-ssl 9089/tcp # IBM Informix SQL Interface - Encrypted +sqlexec-ssl 9089/udp +sd 9876/tcp # Session Director +sd 9876/udp +cyborg-systems 9888/tcp # CYBORG Systems +cyborg-systems 9888/udp +monkeycom 9898/tcp # MonkeyCom +monkeycom 9898/udp +sctp-tunneling 9899/tcp # SCTP TUNNELING +sctp-tunneling 9899/udp +domaintime 9909/tcp # domaintime +domaintime 9909/udp +amanda 10080/tcp # amanda backup services +amanda 10080/udp +vce 11111/tcp # Viral Computing Environment (VCE) +vce 11111/udp +smsqp 11201/tcp # Alamin SMS gateway +smsqp 11201/udp +hkp 11371/tcp # OpenPGP HTTP Keyserver +hkp 11371/udp +h323callsigalt 11720/tcp # h323 Call Signal Alternate +h323callsigalt 11720/udp +rets-ssl 12109/tcp # RETS over SSL +rets-ssl 12109/udp +cawas 12168/tcp # CA Web Access Service +cawas 12168/udp +bprd 13720/tcp # BPRD Protocol (VERITAS NetBackup) +bprd 13720/udp +bpdbm 13721/tcp # BPDBM Protocol (VERITAS NetBackup) +bpdbm 13721/udp +bpjava-msvc 13722/tcp # BP Java MSVC Protocol +bpjava-msvc 13722/udp +vnetd 13724/tcp # Veritas Network Utility +vnetd 13724/udp +bpcd 13782/tcp # VERITAS NetBackup +bpcd 13782/udp +vopied 13783/tcp # VOPIED Protocol +vopied 13783/udp +xpilot 15345/tcp # XPilot Contact Port +xpilot 15345/udp +wnn6 22273/tcp # wnn6 +wnn6 22273/udp +binkp 24554/tcp # Bink fidonet protocol +binkp 24554/udp +quake 26000/tcp # Quake @!# +quake 26000/udp +wnn6-ds 26208/tcp +wnn6-ds 26208/udp +tetrinet 31457/tcp # TetriNET Protocol +tetrinet 31457/udp +gamesmith-port 31765/tcp # GameSmith Port +gamesmith-port 31765/udp +traceroute 33434/tcp # traceroute use +traceroute 33434/udp +candp 42508/tcp # Computer Associates network discovery protocol +candp 42508/udp +candrp 42509/tcp # CA discovery response +candrp 42509/udp +caerpc 42510/tcp # CA eTrust RPC +caerpc 42510/udp + +#========================================================================= +# The remaining port numbers are not as allocated by IANA. + +# Kerberos (Project Athena/MIT) services +# Note that these are for Kerberos v4, and are unofficial +kpop 1109/tcp # Pop with Kerberos +knetd 2053/tcp # Kerberos de-multiplexor +eklogin 2105/tcp # Kerberos encrypted rlogin + +# CVSup support http://www.cvsup.org/ +supfilesrv 871/tcp # SUP server +supfiledbg 1127/tcp # SUP debugging + +# Datagram Delivery Protocol services +rtmp 1/ddp # Routing Table Maintenance Protocol +nbp 2/ddp # Name Binding Protocol +echo 4/ddp # AppleTalk Echo Protocol +zip 6/ddp # Zone Information Protocol + +# Many services now accepted as 'standard' +swat 901/tcp # Samba configuration tool +rndc 953/tcp # rndc control sockets (BIND 9) +rndc 953/udp +skkserv 1178/tcp # SKK Japanese input method +xtel 1313/tcp # french minitel +support 1529/tcp # GNATS +cfinger 2003/tcp lmtp # GNU Finger +ninstall 2150/tcp # ninstall service +ninstall 2150/udp +gpsd 2947/tcp gpsd # GPS Daemon request/response protocol +gpsd 2947/udp gpsd # GPS Daemon request/response protocol +afbackup 2988/tcp # Afbackup system +afbackup 2988/udp +fax 4557/tcp # FAX transmission service (old) +xmpp-bosh 5280/tcp # Bidirectional-streams Over Synchronous HTTP (BOSH) +rplay 5555/tcp # RPlay audio service +rplay 5555/udp +canna 5680/tcp # Canna (Japanese Input) +x11-ssh 6010/tcp x11-ssh-offset +x11-ssh 6010/udp x11-ssh-offset +ircd 6667/tcp # Internet Relay Chat +ircd 6667/udp +ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL +jetdirect 9100/tcp # HP JetDirect card +jetdirect 9100/udp +mandelspawn 9359/udp mandelbrot # network mandelbrot +kamanda 10081/tcp # amanda backup services (Kerberos) +kamanda 10081/udp +amandaidx 10082/tcp # amanda backup services +amidxtape 10083/tcp # amanda backup services +isdnlog 20011/tcp # isdn logging system +isdnlog 20011/udp +vboxd 20012/tcp # voice box system +vboxd 20012/udp +wnn4_Cn 22289/tcp wnn6_Cn # Wnn (Chinese input) +wnn4_Kr 22305/tcp wnn6_Kr # Wnn (Korean input) +wnn4_Tw 22321/tcp wnn6_Tw # Wnn (Taiwanse input) +asp 27374/tcp # Address Search Protocol +asp 27374/udp +tfido 60177/tcp # Ifmail +tfido 60177/udp +fido 60179/tcp # Ifmail +fido 60179/udp + +# Local services + diff --git a/config-archive/etc/services.dist.new b/config-archive/etc/services.dist.new deleted file mode 100644 index c16f0cc..0000000 --- a/config-archive/etc/services.dist.new +++ /dev/null @@ -1,1184 +0,0 @@ -# /etc/services -# -# Network services, Internet style -# -# Note that it is presently the policy of IANA to assign a single well-known -# port number for both TCP and UDP; hence, most entries here have two entries -# even if the protocol doesn't support UDP operations. -# -# Some References: -# http://www.iana.org/assignments/port-numbers -# http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services -# -# Each line describes one service, and is of the form: -# service-name port/protocol [aliases ...] [# comment] -# -# See services(5) for more info. -# - -# -# IANA Assignments [Well Known Ports] -# The Well Known Ports are assigned by the IANA and on most systems can -# only be used by system (or root) processes or by programs executed by -# privileged users. -# The range for assigned ports managed by the IANA is 0-1023. -# -tcpmux 1/tcp # TCP port service multiplexer -tcpmux 1/udp -compressnet 2/tcp # Management Utility -compressnet 2/udp -compressnet 3/tcp # Compression Process -compressnet 3/udp -rje 5/tcp # Remote Job Entry -rje 5/udp -echo 7/tcp # Echo -echo 7/udp -discard 9/tcp sink null # Discard -discard 9/udp sink null -systat 11/tcp users # Active Users -systat 11/udp users -daytime 13/tcp # Daytime (RFC 867) -daytime 13/udp -#netstat 15/tcp # (was once asssigned, no more) -qotd 17/tcp quote # Quote of the Day -qotd 17/udp quote -msp 18/tcp # Message Send Protocol -msp 18/udp -chargen 19/tcp ttytst source # Character Generator -chargen 19/udp ttytst source -ftp-data 20/tcp # File Transfer [Default Data] -ftp-data 20/udp -ftp 21/tcp # File Transfer [Control] -ftp 21/udp fsp fspd -ssh 22/tcp # SSH Remote Login Protocol -ssh 22/udp -telnet 23/tcp # Telnet -telnet 23/udp -# private 24/tcp # any private mail system -# private 24/udp -smtp 25/tcp mail # Simple Mail Transfer -smtp 25/udp -nsw-fe 27/tcp # NSW User System FE -nsw-fe 27/udp -msg-icp 29/tcp # MSG ICP -msg-icp 29/udp -msg-auth 31/tcp # MSG Authentication -msg-auth 31/udp -dsp 33/tcp # Display Support Protocol -dsp 33/udp -# private 35/tcp # any private printer server -# private 35/udp -time 37/tcp timserver -time 37/udp timserver -rap 38/tcp # Route Access Protocol -rap 38/udp -rlp 39/tcp resource # Resource Location Protocol -rlp 39/udp resource -graphics 41/tcp # Graphics -graphics 41/udp -nameserver 42/tcp name # Host Name Server -nameserver 42/udp name -nicname 43/tcp whois # Who Is -nicname 43/udp whois -mpm-flags 44/tcp # MPM FLAGS Protocol -mpm-flags 44/udp -mpm 45/tcp # Message Processing Module [recv] -mpm 45/udp -mpm-snd 46/tcp # MPM [default send] -mpm-snd 46/udp -ni-ftp 47/tcp # NI FTP -ni-ftp 47/udp -auditd 48/tcp # Digital Audit Daemon -auditd 48/udp -tacacs 49/tcp # Login Host Protocol (TACACS) -tacacs 49/udp -re-mail-ck 50/tcp # Remote Mail Checking Protocol -re-mail-ck 50/udp -domain 53/tcp # Domain Name Server -domain 53/udp -xns-ch 54/tcp # XNS Clearinghouse -xns-ch 54/udp -isi-gl 55/tcp # ISI Graphics Language -isi-gl 55/udp -xns-auth 56/tcp # XNS Authentication -xns-auth 56/udp -# private 57/tcp # any private terminal access -# private 57/udp -xns-mail 58/tcp # XNS Mail -xns-mail 58/udp -# private 59/tcp # any private file service -# private 59/udp -ni-mail 61/tcp # NI MAIL -ni-mail 61/udp -acas 62/tcp # ACA Services -acas 62/udp -whois++ 63/tcp # whois++ -whois++ 63/udp -covia 64/tcp # Communications Integrator (CI) -covia 64/udp -tacacs-ds 65/tcp # TACACS-Database Service -tacacs-ds 65/udp -sql*net 66/tcp # Oracle SQL*NET -sql*net 66/udp -bootps 67/tcp # Bootstrap Protocol Server (BOOTP) -bootps 67/udp -bootpc 68/tcp # Bootstrap Protocol Client (BOOTP) -bootpc 68/udp -tftp 69/tcp # Trivial File Transfer -tftp 69/udp -gopher 70/tcp # Gopher -gopher 70/udp -netrjs-1 71/tcp # Remote Job Service -netrjs-1 71/udp -netrjs-2 72/tcp -netrjs-2 72/udp -netrjs-3 73/tcp -netrjs-3 73/udp -netrjs-4 74/tcp -netrjs-4 74/udp -# private 75/tcp # any private dial out service -# private 75/udp -deos 76/tcp # Distributed External Object Store -deos 76/udp -# private 77/tcp # any private RJE service -# private 77/udp -vettcp 78/tcp # vettcp -vettcp 78/udp -finger 79/tcp # Finger -finger 79/udp -http 80/tcp www www-http # World Wide Web HTTP -http 80/udp www www-http -hosts2-ns 81/tcp # HOSTS2 Name Server -hosts2-ns 81/udp -xfer 82/tcp # XFER Utility -xfer 82/udp -mit-ml-dev 83/tcp # MIT ML Device -mit-ml-dev 83/udp -ctf 84/tcp # Common Trace Facility -ctf 84/udp -mit-ml-dev 85/tcp # MIT ML Device -mit-ml-dev 85/udp -mfcobol 86/tcp # Micro Focus Cobol -mfcobol 86/udp -# private 87/tcp # any private terminal link -# private 87/udp -kerberos 88/tcp kerberos5 krb5 # Kerberos -kerberos 88/udp kerberos5 krb5 -su-mit-tg 89/tcp # SU/MIT Telnet Gateway -su-mit-tg 89/udp -dnsix 90/tcp # DNSIX Securit Attribute Token Map -dnsix 90/udp -mit-dov 91/tcp # MIT Dover Spooler -mit-dov 91/udp -npp 92/tcp # Network Printing Protocol -npp 92/udp -dcp 93/tcp # Device Control Protocol -dcp 93/udp -objcall 94/tcp # Tivoli Object Dispatcher -objcall 94/udp -supdup 95/tcp # SUPDUP -supdup 95/udp -dixie 96/tcp # DIXIE Protocol Specification -dixie 96/udp -swift-rvf 97/tcp # Swift Remote Virtural File Protocol -swift-rvf 97/udp -tacnews 98/tcp linuxconf # TAC News -tacnews 98/udp -metagram 99/tcp # Metagram Relay -metagram 99/udp -#newacct 100/tcp # [unauthorized use] -hostname 101/tcp hostnames # NIC Host Name Server -hostname 101/udp hostnames -iso-tsap 102/tcp tsap # ISO-TSAP Class 0 -iso-tsap 102/udp tsap -gppitnp 103/tcp # Genesis Point-to-Point Trans Net -gppitnp 103/udp -acr-nema 104/tcp # ACR-NEMA Digital Imag. & Comm. 300 -acr-nema 104/udp -cso 105/tcp csnet-ns cso-ns # CCSO name server protocol -cso 105/udp csnet-ns cso-ns -3com-tsmux 106/tcp poppassd # 3COM-TSMUX -3com-tsmux 106/udp poppassd # Eudora: Unauthorized use by insecure poppassd protocol -rtelnet 107/tcp # Remote Telnet Service -rtelnet 107/udp -snagas 108/tcp # SNA Gateway Access Server -snagas 108/udp -pop2 109/tcp pop-2 postoffice# Post Office Protocol - Version 2 -pop2 109/udp pop-2 -pop3 110/tcp pop-3 # Post Office Protocol - Version 3 -pop3 110/udp pop-3 -sunrpc 111/tcp portmapper rpcbind # SUN Remote Procedure Call -sunrpc 111/udp portmapper rpcbind -mcidas 112/tcp # McIDAS Data Transmission Protocol -mcidas 112/udp -auth 113/tcp authentication tap ident # Authentication Service -auth 113/udp -sftp 115/tcp # Simple File Transfer Protocol -sftp 115/udp -ansanotify 116/tcp # ANSA REX Notify -ansanotify 116/udp -uucp-path 117/tcp # UUCP Path Service -uucp-path 117/udp -sqlserv 118/tcp # SQL Services -sqlserv 118/udp -nntp 119/tcp readnews untp # Network News Transfer Protocol -nntp 119/udp readnews untp -cfdptkt 120/tcp # CFDPTKT -cfdptkt 120/udp -erpc 121/tcp # Encore Expedited Remote Pro.Call -erpc 121/udp -smakynet 122/tcp # SMAKYNET -smakynet 122/udp -ntp 123/tcp # Network Time Protocol -ntp 123/udp -ansatrader 124/tcp # ANSA REX Trader -ansatrader 124/udp -locus-map 125/tcp # Locus PC-Interface Net Map Ser -locus-map 125/udp -nxedit 126/tcp unitary # NXEdit -nxedit 126/udp unitary # Unisys Unitary Login -locus-con 127/tcp # Locus PC-Interface Conn Server -locus-con 127/udp -gss-xlicen 128/tcp # GSS X License Verification -gss-xlicen 128/udp -pwdgen 129/tcp # Password Generator Protocol -pwdgen 129/udp -cisco-fna 130/tcp # cisco FNATIVE -cisco-fna 130/udp -cisco-tna 131/tcp # cisco TNATIVE -cisco-tna 131/udp -cisco-sys 132/tcp # cisco SYSMAINT -cisco-sys 132/udp -statsrv 133/tcp # Statistics Service -statsrv 133/udp -ingres-net 134/tcp # INGRES-NET Service -ingres-net 134/udp -epmap 135/tcp loc-srv # DCE endpoint resolution -epmap 135/udp loc-srv -profile 136/tcp # PROFILE Naming System -profile 136/udp -netbios-ns 137/tcp # NETBIOS Name Service -netbios-ns 137/udp -netbios-dgm 138/tcp # NETBIOS Datagram Service -netbios-dgm 138/udp -netbios-ssn 139/tcp # NETBIOS Session Service -netbios-ssn 139/udp -emfis-data 140/tcp # EMFIS Data Service -emfis-data 140/udp -emfis-cntl 141/tcp # EMFIS Control Service -emfis-cntl 141/udp -imap 143/tcp imap2 # Internet Message Access Protocol -imap 143/udp imap2 -uma 144/tcp # Universal Management Architecture -uma 144/udp -uaac 145/tcp # UAAC Protocol -uaac 145/udp -iso-tp0 146/tcp # ISO-TP0 -iso-tp0 146/udp -iso-ip 147/tcp # ISO-IP -iso-ip 147/udp -jargon 148/tcp # Jargon -jargon 148/udp -aed-512 149/tcp # AED 512 Emulation Service -aed-512 149/udp -sql-net 150/tcp # SQL-NET -sql-net 150/udp -hems 151/tcp # HEMS -hems 151/udp -bftp 152/tcp # Background File Transfer Program -bftp 152/udp -sgmp 153/tcp # SGMP -sgmp 153/udp -netsc-prod 154/tcp # NETSC -netsc-prod 154/udp -netsc-dev 155/tcp -netsc-dev 155/udp -sqlsrv 156/tcp # SQL Service -sqlsrv 156/udp -knet-cmp 157/tcp # KNET/VM Command/Message Protocol -knet-cmp 157/udp -pcmail-srv 158/tcp # PCMail Server -pcmail-srv 158/udp -nss-routing 159/tcp # NSS-Routing -nss-routing 159/udp -sgmp-traps 160/tcp # SGMP-TRAPS -sgmp-traps 160/udp -snmp 161/tcp # Simple Net Mgmt Proto -snmp 161/udp -snmptrap 162/tcp snmp-trap # Traps for SNMP -snmptrap 162/udp snmp-trap -cmip-man 163/tcp # CMIP/TCP Manager -cmip-man 163/udp -cmip-agent 164/tcp # CMIP/TCP Agent -cmip-agent 164/udp -xns-courier 165/tcp # Xerox -xns-courier 165/udp -s-net 166/tcp # Sirius Systems -s-net 166/udp -namp 167/tcp # NAMP -namp 167/udp -rsvd 168/tcp # RSVD -rsvd 168/udp -send 169/tcp # SEND -send 169/udp -print-srv 170/tcp # Network PostScript -print-srv 170/udp -multiplex 171/tcp # Network Innovations Multiplex -multiplex 171/udp -cl/1 172/tcp # Network Innovations CL/1 -cl/1 172/udp -xyplex-mux 173/tcp # Xyplex -xyplex-mux 173/udp -mailq 174/tcp # Mailer transport queue for Zmailer -mailq 174/udp -vmnet 175/tcp # VMNET -vmnet 175/udp -genrad-mux 176/tcp # GENRAD-MUX -genrad-mux 176/udp -xdmcp 177/tcp # X Display Manager Control Protocol -xdmcp 177/udp -nextstep 178/tcp NeXTStep NextStep# NextStep Window Server -nextstep 178/udp NeXTStep NextStep -bgp 179/tcp # Border Gateway Protocol -bgp 179/udp -ris 180/tcp # Intergraph -ris 180/udp -unify 181/tcp # Unify -unify 181/udp -audit 182/tcp # Unisys Audit SITP -audit 182/udp -ocbinder 183/tcp # OCBinder -ocbinder 183/udp -ocserver 184/tcp # OCServer -ocserver 184/udp -remote-kis 185/tcp # Remote-KIS -remote-kis 185/udp -kis 186/tcp # KIS Protocol -kis 186/udp -aci 187/tcp # Application Communication Interface -aci 187/udp -mumps 188/tcp # Plus Five's MUMPS -mumps 188/udp -qft 189/tcp # Queued File Transport -qft 189/udp -gacp 190/tcp # Gateway Access Control Protocol -gacp 190/udp -prospero 191/tcp # Prospero Directory Service -prospero 191/udp -osu-nms 192/tcp # OSU Network Monitoring System -osu-nms 192/udp -srmp 193/tcp # Spider Remote Monitoring Protocol -srmp 193/udp -irc 194/tcp # Internet Relay Chat Protocol -irc 194/udp -dn6-nlm-aud 195/tcp # DNSIX Network Level Module Audit -dn6-nlm-aud 195/udp -dn6-smm-red 196/tcp # DNSIX Session Mgt Module Audit Redir -dn6-smm-red 196/udp -dls 197/tcp # Directory Location Service -dls 197/udp -dls-mon 198/tcp # Directory Location Service Monitor -dls-mon 198/udp -smux 199/tcp # SNMP Unix Multiplexer -smux 199/udp -src 200/tcp # IBM System Resource Controller -src 200/udp -at-rtmp 201/tcp # AppleTalk Routing Maintenance -at-rtmp 201/udp -at-nbp 202/tcp # AppleTalk Name Binding -at-nbp 202/udp -at-echo 204/tcp # AppleTalk Echo -at-echo 204/udp -at-zis 206/tcp # AppleTalk Zone Information -at-zis 206/udp -qmtp 209/tcp # The Quick Mail Transfer Protocol -qmtp 209/udp -z39.50 210/tcp wais z3950 # ANSI Z39.50 -z39.50 210/udp wais z3950 -914c/g 211/tcp # Texas Instruments 914C/G Terminal -914c/g 211/udp -anet 212/tcp # ATEXSSTR -anet 212/udp -ipx 213/tcp # IPX -ipx 213/udp -imap3 220/tcp # Interactive Mail Access -imap3 220/udp -link 245/tcp # ttylink -link 245/udp -pawserv 345/tcp # Perf Analysis Workbench -pawserv 345/udp -zserv 346/tcp # Zebra server -zserv 346/udp -fatserv 347/tcp # Fatmen Server -fatserv 347/udp -scoi2odialog 360/tcp # scoi2odialog -scoi2odialog 360/udp -semantix 361/tcp # Semantix -semantix 361/udp -srssend 362/tcp # SRS Send -srssend 362/udp -rsvp_tunnel 363/tcp # RSVP Tunnel -rsvp_tunnel 363/udp -aurora-cmgr 364/tcp # Aurora CMGR -aurora-cmgr 364/udp -dtk 365/tcp # Deception Tool Kit -dtk 365/udp -odmr 366/tcp # ODMR -odmr 366/udp -rpc2portmap 369/tcp # Coda portmapper -rpc2portmap 369/udp -codaauth2 370/tcp # Coda authentication server -codaauth2 370/udp -clearcase 371/tcp # Clearcase -clearcase 371/udp -ulistproc 372/tcp ulistserv # UNIX Listserv -ulistproc 372/udp ulistserv -ldap 389/tcp # Lightweight Directory Access Protocol -ldap 389/udp -imsp 406/tcp # Interactive Mail Support Protocol -imsp 406/udp -svrloc 427/tcp # Server Location -svrloc 427/udp -mobileip-agent 434/tcp # MobileIP-Agent -mobileip-agent 434/udp -mobilip-mn 435/tcp # MobilIP-MN -mobilip-mn 435/udp -https 443/tcp # MCom -https 443/udp -snpp 444/tcp # Simple Network Paging Protocol -snpp 444/udp -microsoft-ds 445/tcp Microsoft-DS -microsoft-ds 445/udp Microsoft-DS -kpasswd 464/tcp kpwd # Kerberos "passwd" -kpasswd 464/udp kpwd -urd 465/tcp smtps ssmtp # URL Rendesvous Directory for SSM / smtp protocol over TLS/SSL -igmpv3lite 465/udp smtps ssmtp # IGMP over UDP for SSM -photuris 468/tcp -photuris 468/udp -rcp 469/tcp # Radio Control Protocol -rcp 469/udp -saft 487/tcp # Simple Asynchronous File Transfer -saft 487/udp -gss-http 488/tcp -gss-http 488/udp -pim-rp-disc 496/tcp -pim-rp-disc 496/udp -isakmp 500/tcp # IPsec - Internet Security Association and Key Management Protocol -isakmp 500/udp -exec 512/tcp # remote process execution -comsat 512/udp biff # notify users of new mail received -login 513/tcp # remote login a la telnet -who 513/udp whod # who's logged in to machines -shell 514/tcp cmd # no passwords used -syslog 514/udp -printer 515/tcp spooler # line printer spooler -printer 515/udp spooler -videotex 516/tcp -videotex 516/udp -talk 517/tcp # like tenex link -talk 517/udp -ntalk 518/tcp -ntalk 518/udp -utime 519/tcp unixtime -utime 519/udp unixtime -efs 520/tcp # extended file name server -router 520/udp route routed # local routing process -ripng 521/tcp -ripng 521/udp -ulp 522/tcp -ulp 522/udp -ibm-db2 523/tcp -ibm-db2 523/udp -ncp 524/tcp -ncp 524/udp -timed 525/tcp timeserver -timed 525/udp timeserver -tempo 526/tcp newdate -tempo 526/udp newdate -courier 530/tcp rpc -courier 530/udp rpc -conference 531/tcp chat -conference 531/udp chat -netnews 532/tcp readnews -netnews 532/udp readnews -netwall 533/tcp # -for emergency broadcasts -netwall 533/udp -mm-admin 534/tcp # MegaMedia Admin -mm-admin 534/udp -iiop 535/tcp -iiop 535/udp -opalis-rdv 536/tcp -opalis-rdv 536/udp -nmsp 537/tcp # Networked Media Streaming Protocol -nmsp 537/udp -gdomap 538/tcp # GNUstep distributed objects -gdomap 538/udp -uucp 540/tcp uucpd # uucp daemon -uucp 540/udp uucpd -klogin 543/tcp # Kerberized `rlogin' (v5) -klogin 543/udp -kshell 544/tcp krcmd # Kerberized `rsh' (v5) -kshell 544/udp krcmd -appleqtcsrvr 545/tcp -appleqtcsrvr 545/udp -dhcpv6-client 546/tcp # DHCPv6 Client -dhcpv6-client 546/udp -dhcpv6-server 547/tcp # DHCPv6 Server -dhcpv6-server 547/udp -afpovertcp 548/tcp # AFP over TCP -afpovertcp 548/udp -rtsp 554/tcp # Real Time Stream Control Protocol -rtsp 554/udp -dsf 555/tcp -dsf 555/udp -remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem -remotefs 556/udp rfs_server rfs -nntps 563/tcp snntp # NNTP over SSL -nntps 563/udp snntp -9pfs 564/tcp # plan 9 file service -9pfs 564/udp -whoami 565/tcp -whoami 565/udp -submission 587/tcp # mail message submission -submission 587/udp -http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate -http-alt 591/udp -nqs 607/tcp # Network Queuing system -nqs 607/udp -npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS -npmp-local 610/udp dqs313_qmaster -npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS -npmp-gui 611/udp dqs313_execd -hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS -hmmp-ind 612/udp dqs313_intercell -cryptoadmin 624/tcp # Crypto Admin -cryptoadmin 624/udp -dec_dlm 625/tcp # DEC DLM -dec_dlm 625/udp -asia 626/tcp -asia 626/udp -passgo-tivoli 627/tcp # PassGo Tivoli -passgo-tivoli 627/udp -qmqp 628/tcp # Qmail QMQP -qmqp 628/udp -3com-amp3 629/tcp -3com-amp3 629/udp -rda 630/tcp -rda 630/udp -ipp 631/tcp # Internet Printing Protocol -ipp 631/udp -ldaps 636/tcp # LDAP over SSL -ldaps 636/udp -tinc 655/tcp # TINC control port -tinc 655/udp -acap 674/tcp # Application Configuration Access Protocol -acap 674/udp -asipregistry 687/tcp -asipregistry 687/udp -realm-rusd 688/tcp # ApplianceWare managment protocol -realm-rusd 688/udp -nmap 689/tcp # Opensource Network Mapper -nmap 689/udp -ha-cluster 694/tcp # Heartbeat HA-cluster -ha-cluster 694/udp -epp 700/tcp # Extensible Provisioning Protocol -epp 700/udp -iris-beep 702/tcp # IRIS over BEEP -iris-beep 702/udp -silc 706/tcp # SILC -silc 706/udp -kerberos-adm 749/tcp # Kerberos `kadmin' (v5) -kerberos-adm 749/udp -kerberos-iv 750/tcp kerberos4 kdc # Kerberos (server) -kerberos-iv 750/udp kerberos4 kdc -pump 751/tcp kerberos_master -pump 751/udp kerberos_master # Kerberos authentication -qrh 752/tcp passwd_server -qrh 752/udp passwd_server # Kerberos passwd server -rrh 753/tcp -rrh 753/udp -tell 754/tcp send krb_prop krb5_prop # Kerberos slave propagation -tell 754/udp send -nlogin 758/tcp -nlogin 758/udp -con 759/tcp -con 759/udp -ns 760/tcp krbupdate kreg # Kerberos registration -ns 760/udp -webster 765/tcp # Network dictionary -webster 765/udp -phonebook 767/tcp # Network phonebook -phonebook 767/udp -rsync 873/tcp # rsync -rsync 873/udp -ftps-data 989/tcp # ftp protocol, data, over TLS/SSL -ftps-data 989/udp -ftps 990/tcp # ftp protocol, control, over TLS/SSL -ftps 990/udp -nas 991/tcp # Netnews Administration System -nas 991/udp -telnets 992/tcp # telnet protocol over TLS/SSL -telnets 992/udp -imaps 993/tcp # imap4 protocol over TLS/SSL -imaps 993/udp -ircs 994/tcp # irc protocol over TLS/SSL -ircs 994/udp -pop3s 995/tcp # pop3 protocol over TLS/SSL -pop3s 995/udp - -# -# IANA Assignments [Registered Ports] -# -# The Registered Ports are listed by the IANA and on most systems can be -# used by ordinary user processes or programs executed by ordinary -# users. -# Ports are used in the TCP [RFC793] to name the ends of logical -# connections which carry long term conversations. For the purpose of -# providing services to unknown callers, a service contact port is -# defined. This list specifies the port used by the server process as -# its contact port. -# The IANA registers uses of these ports as a convenience to the -# community. -# To the extent possible, these same port assignments are used with the -# UDP [RFC768]. -# The Registered Ports are in the range 1024-49151. -# -imgames 1077/tcp -imgames 1077/udp -socks 1080/tcp # socks proxy server -socks 1080/udp -rmiregistry 1099/tcp # Java RMI Registry -rmiregistry 1099/udp -bnetgame 1119/tcp # Battle.net Chat/Game Protocol -bnetgame 1119/udp -bnetfile 1120/tcp # Battle.net File Transfer Protocol -bnetfile 1120/udp -hpvmmcontrol 1124/tcp # HP VMM Control -hpvmmcontrol 1124/udp -hpvmmagent 1125/tcp # HP VMM Agent -hpvmmagent 1125/udp -hpvmmdata 1126/tcp # HP VMM Agent -hpvmmdata 1126/udp -resacommunity 1154/tcp # Community Service -resacommunity 1154/udp -3comnetman 1181/tcp # 3Com Net Management -3comnetman 1181/udp -mysql-cluster 1186/tcp # MySQL Cluster Manager -mysql-cluster 1186/udp -alias 1187/tcp # Alias Service -alias 1187/udp -openvpn 1194/tcp # OpenVPN -openvpn 1194/udp -kazaa 1214/tcp # KAZAA -kazaa 1214/udp -bvcontrol 1236/tcp rmtcfg # Gracilis Packeten remote config server -bvcontrol 1236/udp rmtcfg -nessus 1241/tcp # Nessus vulnerability assessment scanner -nessus 1241/udp -h323hostcallsc 1300/tcp # H323 Host Call Secure -h323hostcallsc 1300/udp -lotusnote 1352/tcp # Lotus Note -lotusnote 1352/udp -ms-sql-s 1433/tcp # Microsoft-SQL-Server -ms-sql-s 1433/udp -ms-sql-m 1434/tcp # Microsoft-SQL-Monitor -ms-sql-m 1434/udp -ica 1494/tcp # Citrix ICA Client -ica 1494/udp -wins 1512/tcp # Microsoft's Windows Internet Name Service -wins 1512/udp -ingreslock 1524/tcp -ingreslock 1524/udp -prospero-np 1525/tcp # Prospero non-privileged -prospero-np 1525/udp -datametrics 1645/tcp old-radius # datametrics / old radius entry -datametrics 1645/udp old-radius -sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry -sa-msg-port 1646/udp old-radacct -rsap 1647/tcp -rsap 1647/udp -concurrent-lm 1648/tcp -concurrent-lm 1648/udp -kermit 1649/tcp -kermit 1649/udp -l2tp 1701/tcp -l2tp 1701/udp -h323gatedisc 1718/tcp -h323gatedisc 1718/udp -h323gatestat 1719/tcp -h323gatestat 1719/udp -h323hostcall 1720/tcp -h323hostcall 1720/udp -iberiagames 1726/tcp -iberiagames 1726/udp -gamegen1 1738/tcp -gamegen1 1738/udp -tftp-mcast 1758/tcp -tftp-mcast 1758/udp -hello 1789/tcp -hello 1789/udp -radius 1812/tcp # Radius -radius 1812/udp -radius-acct 1813/tcp radacct # Radius Accounting -radius-acct 1813/udp radacct -mtp 1911/tcp # Starlight Networks Multimedia Transport Protocol -mtp 1911/udp -egs 1926/tcp # Evolution Game Server -egs 1926/udp -unix-status 1957/tcp # remstats unix-status server -unix-status 1957/udp -hsrp 1985/tcp # Hot Standby Router Protocol -hsrp 1985/udp -licensedaemon 1986/tcp # cisco license management -licensedaemon 1986/udp -tr-rsrb-p1 1987/tcp # cisco RSRB Priority 1 port -tr-rsrb-p1 1987/udp -tr-rsrb-p2 1988/tcp # cisco RSRB Priority 2 port -tr-rsrb-p2 1988/udp -tr-rsrb-p3 1989/tcp # cisco RSRB Priority 3 port -tr-rsrb-p3 1989/udp -stun-p1 1990/tcp # cisco STUN Priority 1 port -stun-p1 1990/udp -stun-p2 1991/tcp # cisco STUN Priority 2 port -stun-p2 1991/udp -stun-p3 1992/tcp # cisco STUN Priority 3 port -stun-p3 1992/udp -snmp-tcp-port 1994/tcp # cisco SNMP TCP port -snmp-tcp-port 1994/udp -stun-port 1995/tcp # cisco serial tunnel port -stun-port 1995/udp -perf-port 1996/tcp # cisco Remote SRB port -perf-port 1996/udp -gdp-port 1997/tcp # cisco Gateway Discovery Protocol -gdp-port 1997/udp -x25-svc-port 1998/tcp # cisco X.25 service (XOT) -x25-svc-port 1998/udp -tcp-id-port 1999/tcp # cisco identification port -tcp-id-port 1999/udp -cisco-sccp 2000/tcp sieve # Cisco SCCP -cisco-sccp 2000/udp sieve -nfs 2049/tcp # Network File System -nfs 2049/udp -radsec 2083/tcp # Secure Radius Service -radsec 2083/udp -gnunet 2086/tcp # GNUnet -gnunet 2086/udp -rtcm-sc104 2101/tcp # RTCM SC-104 -rtcm-sc104 2101/udp -zephyr-srv 2102/tcp # Zephyr server -zephyr-srv 2102/udp -zephyr-clt 2103/tcp # Zephyr serv-hm connection -zephyr-clt 2103/udp -zephyr-hm 2104/tcp # Zephyr hostmanager -zephyr-hm 2104/udp -eyetv 2170/tcp # EyeTV Server Port -eyetv 2170/udp -msfw-storage 2171/tcp # MS Firewall Storage -msfw-storage 2171/udp -msfw-s-storage 2172/tcp # MS Firewall SecureStorage -msfw-s-storage 2172/udp -msfw-replica 2173/tcp # MS Firewall Replication -msfw-replica 2173/udp -msfw-array 2174/tcp # MS Firewall Intra Array -msfw-array 2174/udp -airsync 2175/tcp # Microsoft Desktop AirSync Protocol -airsync 2175/udp -rapi 2176/tcp # Microsoft ActiveSync Remote API -rapi 2176/udp -qwave 2177/tcp # qWAVE Bandwidth Estimate -qwave 2177/udp -tivoconnect 2190/tcp # TiVoConnect Beacon -tivoconnect 2190/udp -tvbus 2191/tcp # TvBus Messaging -tvbus 2191/udp -mysql-im 2273/tcp # MySQL Instance Manager -mysql-im 2273/udp -dict-lookup 2289/tcp # Lookup dict server -dict-lookup 2289/udp -redstorm_join 2346/tcp # Game Connection Port -redstorm_join 2346/udp -redstorm_find 2347/tcp # Game Announcement and Location -redstorm_find 2347/udp -redstorm_info 2348/tcp # Information to query for game status -redstorm_info 2348/udp -cvspserver 2401/tcp # CVS client/server operations -cvspserver 2401/udp -venus 2430/tcp # codacon port -venus 2430/udp -venus-se 2431/tcp # tcp side effects -venus-se 2431/udp -codasrv 2432/tcp # not used -codasrv 2432/udp -codasrv-se 2433/tcp # tcp side effects -codasrv-se 2433/udp -netadmin 2450/tcp -netadmin 2450/udp -netchat 2451/tcp -netchat 2451/udp -snifferclient 2452/tcp -snifferclient 2452/udp -ppcontrol 2505/tcp # PowerPlay Control -ppcontrol 2505/udp -lstp 2559/tcp # -lstp 2559/udp -mon 2583/tcp -mon 2583/udp -hpstgmgr 2600/tcp zebrasrv -hpstgmgr 2600/udp zebrasrv -discp-client 2601/tcp zebra # discp client -discp-client 2601/udp zebra -discp-server 2602/tcp ripd # discp server -discp-server 2602/udp ripd -servicemeter 2603/tcp ripngd # Service Meter -servicemeter 2603/udp ripngd -nsc-ccs 2604/tcp ospfd # NSC CCS -nsc-ccs 2604/udp ospfd -nsc-posa 2605/tcp bgpd # NSC POSA -nsc-posa 2605/udp bgpd -netmon 2606/tcp ospf6d # Dell Netmon -netmon 2606/udp ospf6d -connection 2607/tcp # Dell Connection -connection 2607/udp -wag-service 2608/tcp # Wag Service -wag-service 2608/udp -dict 2628/tcp # Dictionary server -dict 2628/udp -exce 2769/tcp # eXcE -exce 2769/udp -dvr-esm 2804/tcp # March Networks Digital Video Recorders and Enterprise Service Manager products -dvr-esm 2804/udp -corbaloc 2809/tcp # CORBA LOC -corbaloc 2809/udp -ndtp 2882/tcp # Network Dictionary Transfer Protocol -ndtp 2882/udp -gamelobby 2914/tcp # Game Lobby -gamelobby 2914/udp -gds_db 3050/tcp # InterBase server -gds_db 3050/udp -xbox 3074/tcp # Xbox game port -xbox 3074/udp -icpv2 3130/tcp icp # Internet Cache Protocol (Squid) -icpv2 3130/udp icp -nm-game-admin 3148/tcp # NetMike Game Administrator -nm-game-admin 3148/udp -nm-game-server 3149/tcp # NetMike Game Server -nm-game-server 3149/udp -mysql 3306/tcp # MySQL -mysql 3306/udp -sftu 3326/tcp -sftu 3326/udp -trnsprntproxy 3346/tcp # Transparent Proxy -trnsprntproxy 3346/udp -ms-wbt-server 3389/tcp rdp # MS WBT Server -ms-wbt-server 3389/udp rdp # Microsoft Remote Desktop Protocol -prsvp 3455/tcp # RSVP Port -prsvp 3455/udp -nut 3493/tcp # Network UPS Tools -nut 3493/udp -ironstorm 3504/tcp # IronStorm game server -ironstorm 3504/udp -cctv-port 3559/tcp # CCTV control port -cctv-port 3559/udp -iw-mmogame 3596/tcp # Illusion Wireless MMOG -iw-mmogame 3596/udp -distcc 3632/tcp # Distributed Compiler -distcc 3632/udp -daap 3689/tcp # Digital Audio Access Protocol -daap 3689/udp -svn 3690/tcp # Subversion -svn 3690/udp -blizwow 3724/tcp # World of Warcraft -blizwow 3724/udp -netboot-pxe 3928/tcp pxe # PXE NetBoot Manager -netboot-pxe 3928/udp pxe -smauth-port 3929/tcp # AMS Port -smauth-port 3929/udp -treehopper 3959/tcp # Tree Hopper Networking -treehopper 3959/udp -cobraclient 3970/tcp # Cobra Client -cobraclient 3970/udp -cobraserver 3971/tcp # Cobra Server -cobraserver 3971/udp -pxc-spvr-ft 4002/tcp pxc-spvr-ft -pxc-spvr-ft 4002/udp pxc-spvr-ft -pxc-splr-ft 4003/tcp pxc-splr-ft rquotad -pxc-splr-ft 4003/udp pxc-splr-ft rquotad -pxc-roid 4004/tcp pxc-roid -pxc-roid 4004/udp pxc-roid -pxc-pin 4005/tcp pxc-pin -pxc-pin 4005/udp pxc-pin -pxc-spvr 4006/tcp pxc-spvr -pxc-spvr 4006/udp pxc-spvr -pxc-splr 4007/tcp pxc-splr -pxc-splr 4007/udp pxc-splr -xgrid 4111/tcp # Mac OS X Server Xgrid -xgrid 4111/udp -bzr 4155/tcp # Bazaar Version Control System -bzr 4155/udp # Bazaar version control system -rwhois 4321/tcp # Remote Who Is -rwhois 4321/udp -epmd 4369/tcp # Erlang Port Mapper Daemon -epmd 4369/udp -krb524 4444/tcp -krb524 4444/udp -ipsec-nat-t 4500/tcp # IPsec NAT-Traversal -ipsec-nat-t 4500/udp -hylafax 4559/tcp # HylaFAX client-server protocol (new) -hylafax 4559/udp -piranha1 4600/tcp -piranha1 4600/udp -playsta2-app 4658/tcp # PlayStation2 App Port -playsta2-app 4658/udp -playsta2-lob 4659/tcp # PlayStation2 Lobby Port -playsta2-lob 4659/udp -snap 4752/tcp # Simple Network Audio Protocol -snap 4752/udp -radmin-port 4899/tcp # RAdmin Port -radmin-port 4899/udp -rfe 5002/tcp # Radio Free Ethernet -rfe 5002/udp -ita-agent 5051/tcp # ITA Agent -ita-agent 5051/udp -sdl-ets 5081/tcp # SDL - Ent Trans Server -sdl-ets 5081/udp -bzflag 5154/tcp # BZFlag game server -bzflag 5154/udp -aol 5190/tcp # America-Online -aol 5190/udp -xmpp-client 5222/tcp # XMPP Client Connection -xmpp-client 5222/udp -caevms 5251/tcp # CA eTrust VM Service -caevms 5251/udp -xmpp-server 5269/tcp # XMPP Server Connection -xmpp-server 5269/udp -cfengine 5308/tcp # CFengine -cfengine 5308/udp -nat-pmp 5351/tcp # NAT Port Mapping Protocol -nat-pmp 5351/udp -dns-llq 5352/tcp # DNS Long-Lived Queries -dns-llq 5352/udp -mdns 5353/tcp # Multicast DNS -mdns 5353/udp -mdnsresponder 5354/tcp noclog # Multicast DNS Responder IPC -mdnsresponder 5354/udp noclog # noclogd with TCP (nocol) -llmnr 5355/tcp hostmon # Link-Local Multicast Name Resolution -llmnr 5355/udp hostmon # hostmon uses TCP (nocol) -dj-ice 5419/tcp -dj-ice 5419/udp -beyond-remote 5424/tcp # Beyond Remote -beyond-remote 5424/udp -br-channel 5425/tcp # Beyond Remote Command Channel -br-channel 5425/udp -postgresql 5432/tcp # POSTGRES -postgresql 5432/udp -sgi-eventmond 5553/tcp # SGI Eventmond Port -sgi-eventmond 5553/udp -sgi-esphttp 5554/tcp # SGI ESP HTTP -sgi-esphttp 5554/udp -cvsup 5999/tcp # CVSup -cvsup 5999/udp -x11 6000/tcp # X Window System -x11 6000/udp -kftp-data 6620/tcp # Kerberos V5 FTP Data -kftp-data 6620/udp -kftp 6621/tcp # Kerberos V5 FTP Control -kftp 6621/udp -ktelnet 6623/tcp # Kerberos V5 Telnet -ktelnet 6623/udp -gnutella-svc 6346/tcp -gnutella-svc 6346/udp -gnutella-rtr 6347/tcp -gnutella-rtr 6347/udp -sane-port 6566/tcp # SANE Network Scanner Control Port -sane-port 6566/udp -parsec-game 6582/tcp # Parsec Gameserver -parsec-game 6582/udp -afs3-fileserver 7000/tcp bbs # file server itself -afs3-fileserver 7000/udp bbs -afs3-callback 7001/tcp # callbacks to cache managers -afs3-callback 7001/udp -afs3-prserver 7002/tcp # users & groups database -afs3-prserver 7002/udp -afs3-vlserver 7003/tcp # volume location database -afs3-vlserver 7003/udp -afs3-kaserver 7004/tcp # AFS/Kerberos authentication -afs3-kaserver 7004/udp -afs3-volser 7005/tcp # volume managment server -afs3-volser 7005/udp -afs3-errors 7006/tcp # error interpretation service -afs3-errors 7006/udp -afs3-bos 7007/tcp # basic overseer process -afs3-bos 7007/udp -afs3-update 7008/tcp # server-to-server updater -afs3-update 7008/udp -afs3-rmtsys 7009/tcp # remote cache manager service -afs3-rmtsys 7009/udp -font-service 7100/tcp xfs # X Font Service -font-service 7100/udp xfs -sncp 7560/tcp # Sniffer Command Protocol -sncp 7560/udp -soap-http 7627/tcp # SOAP Service Port -soap-http 7627/udp -http-alt 8008/tcp # HTTP Alternate -http-alt 8008/udp -http-alt 8080/tcp webcache # HTTP Alternate -http-alt 8080/udp webcache # WWW caching service -sunproxyadmin 8081/tcp tproxy # Sun Proxy Admin Service -sunproxyadmin 8081/udp tproxy # Transparent Proxy -pichat 9009/tcp # Pichat Server -pichat 9009/udp -bacula-dir 9101/tcp # Bacula Director -bacula-dir 9101/udp -bacula-fd 9102/tcp # Bacula File Daemon -bacula-fd 9102/udp -bacula-sd 9103/tcp # Bacula Storage Daemon -bacula-sd 9103/udp -dddp 9131/tcp # Dynamic Device Discovery -dddp 9131/udp -wap-wsp 9200/tcp # WAP connectionless session service -wap-wsp 9200/udp -wap-wsp-wtp 9201/tcp # WAP session service -wap-wsp-wtp 9201/udp -wap-wsp-s 9202/tcp # WAP secure connectionless session service -wap-wsp-s 9202/udp -wap-wsp-wtp-s 9203/tcp # WAP secure session service -wap-wsp-wtp-s 9203/udp -wap-vcard 9204/tcp # WAP vCard -wap-vcard 9204/udp -wap-vcal 9205/tcp # WAP vCal -wap-vcal 9205/udp -wap-vcard-s 9206/tcp # WAP vCard Secure -wap-vcard-s 9206/udp -wap-vcal-s 9207/tcp # WAP vCal Secure -wap-vcal-s 9207/udp -git 9418/tcp # git pack transfer service -git 9418/udp -cba8 9593/tcp # LANDesk Management Agent -cba8 9593/udp -davsrc 9800/tcp # WebDav Source Port -davsrc 9800/udp -sqlexec 9088/tcp # IBM Informix SQL Interface -sqlexec 9088/udp -sqlexec-ssl 9089/tcp # IBM Informix SQL Interface - Encrypted -sqlexec-ssl 9089/udp -sd 9876/tcp # Session Director -sd 9876/udp -cyborg-systems 9888/tcp # CYBORG Systems -cyborg-systems 9888/udp -monkeycom 9898/tcp # MonkeyCom -monkeycom 9898/udp -sctp-tunneling 9899/tcp # SCTP TUNNELING -sctp-tunneling 9899/udp -domaintime 9909/tcp # domaintime -domaintime 9909/udp -amanda 10080/tcp # amanda backup services -amanda 10080/udp -vce 11111/tcp # Viral Computing Environment (VCE) -vce 11111/udp -smsqp 11201/tcp # Alamin SMS gateway -smsqp 11201/udp -hkp 11371/tcp # OpenPGP HTTP Keyserver -hkp 11371/udp -h323callsigalt 11720/tcp # h323 Call Signal Alternate -h323callsigalt 11720/udp -rets-ssl 12109/tcp # RETS over SSL -rets-ssl 12109/udp -cawas 12168/tcp # CA Web Access Service -cawas 12168/udp -bprd 13720/tcp # BPRD Protocol (VERITAS NetBackup) -bprd 13720/udp -bpdbm 13721/tcp # BPDBM Protocol (VERITAS NetBackup) -bpdbm 13721/udp -bpjava-msvc 13722/tcp # BP Java MSVC Protocol -bpjava-msvc 13722/udp -vnetd 13724/tcp # Veritas Network Utility -vnetd 13724/udp -bpcd 13782/tcp # VERITAS NetBackup -bpcd 13782/udp -vopied 13783/tcp # VOPIED Protocol -vopied 13783/udp -xpilot 15345/tcp # XPilot Contact Port -xpilot 15345/udp -wnn6 22273/tcp # wnn6 -wnn6 22273/udp -binkp 24554/tcp # Bink fidonet protocol -binkp 24554/udp -quake 26000/tcp # Quake @!# -quake 26000/udp -wnn6-ds 26208/tcp -wnn6-ds 26208/udp -tetrinet 31457/tcp # TetriNET Protocol -tetrinet 31457/udp -gamesmith-port 31765/tcp # GameSmith Port -gamesmith-port 31765/udp -traceroute 33434/tcp # traceroute use -traceroute 33434/udp -candp 42508/tcp # Computer Associates network discovery protocol -candp 42508/udp -candrp 42509/tcp # CA discovery response -candrp 42509/udp -caerpc 42510/tcp # CA eTrust RPC -caerpc 42510/udp - -#========================================================================= -# The remaining port numbers are not as allocated by IANA. - -# Kerberos (Project Athena/MIT) services -# Note that these are for Kerberos v4, and are unofficial -kpop 1109/tcp # Pop with Kerberos -knetd 2053/tcp # Kerberos de-multiplexor -eklogin 2105/tcp # Kerberos encrypted rlogin - -# CVSup support http://www.cvsup.org/ -supfilesrv 871/tcp # SUP server -supfiledbg 1127/tcp # SUP debugging - -# Datagram Delivery Protocol services -rtmp 1/ddp # Routing Table Maintenance Protocol -nbp 2/ddp # Name Binding Protocol -echo 4/ddp # AppleTalk Echo Protocol -zip 6/ddp # Zone Information Protocol - -# Many services now accepted as 'standard' -swat 901/tcp # Samba configuration tool -rndc 953/tcp # rndc control sockets (BIND 9) -rndc 953/udp -skkserv 1178/tcp # SKK Japanese input method -xtel 1313/tcp # french minitel -support 1529/tcp # GNATS -cfinger 2003/tcp lmtp # GNU Finger -ninstall 2150/tcp # ninstall service -ninstall 2150/udp -afbackup 2988/tcp # Afbackup system -afbackup 2988/udp -fax 4557/tcp # FAX transmission service (old) -rplay 5555/tcp # RPlay audio service -rplay 5555/udp -canna 5680/tcp # Canna (Japanese Input) -x11-ssh 6010/tcp x11-ssh-offset -x11-ssh 6010/udp x11-ssh-offset -ircd 6667/tcp # Internet Relay Chat -ircd 6667/udp -jetdirect 9100/tcp # HP JetDirect card -jetdirect 9100/udp -mandelspawn 9359/udp mandelbrot # network mandelbrot -kamanda 10081/tcp # amanda backup services (Kerberos) -kamanda 10081/udp -amandaidx 10082/tcp # amanda backup services -amidxtape 10083/tcp # amanda backup services -isdnlog 20011/tcp # isdn logging system -isdnlog 20011/udp -vboxd 20012/tcp # voice box system -vboxd 20012/udp -wnn4_Cn 22289/tcp wnn6_Cn # Wnn (Chinese input) -wnn4_Kr 22305/tcp wnn6_Kr # Wnn (Korean input) -wnn4_Tw 22321/tcp wnn6_Tw # Wnn (Taiwanse input) -asp 27374/tcp # Address Search Protocol -asp 27374/udp -tfido 60177/tcp # Ifmail -tfido 60177/udp -fido 60179/tcp # Ifmail -fido 60179/udp - -# Local services - diff --git a/courier-imap/imapd b/courier-imap/imapd index e817027..6642bd5 100644 --- a/courier-imap/imapd +++ b/courier-imap/imapd @@ -1,11 +1,11 @@ -##VERSION: $Id: 2013-08-19 16:39:41 -0400 9c45d9ad13fdf439d44d7443ae75da15ea0223ed$ +##VERSION: $Id: 106596a150c4585c41d65f60a17e173402125332-20150610064018$ # # imapd created from imapd.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 1998 - 2008 Double Precision, Inc. See COPYING for +# Copyright 1998 - 2015 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -73,16 +73,22 @@ PIDFILE=/var/run/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" +##NAME: ACCESSFILE:0 +# +# IMAP access file. + +IMAPACCESSFILE=/etc/courier-imap/imapaccess + ##NAME: LOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # LOGGEROPTS="-name=imapd" ##NAME: DEFDOMAIN:0 # -# Optional default domain. If the username does not contain the +# Optional default domain. If the username does not contain the # first character of DEFDOMAIN, then it is appended to the username. # If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended # only if the username does not contain any character from DOMAINSEP. @@ -347,6 +353,27 @@ IMAP_MOVE_EXPUNGE_TO_TRASH=0 # # IMAP_LOG_DELETIONS=1 +##NAME: AUTH_MKHOMEDIR_SKEL:0 +# +# Uncomment this setting to automatically create a home directory on first +# login. if the AUTH_MKHOMEDIR_SKEL environment variable is set, and the +# home directory does not exist, the home directory gets created, with its +# initial contents copied from AUTH_MKHOMEDIR_SKEL which must be a directory, +# typically /etc/skel. +# +# Note that this must be a complete home directory structure, including +# the maildir. Typically: +# +# mkdir /etc/skel +# chmod 700 /etc/skel +# maildirmak /etc/skel/Maildir +# +# This directory gets copied as is, preserving each file/subdirectory's +# permissions, with only userid/groupid changed to match the account's. +# +# +# AUTH_MKHOMEDIR_SKEL=/etc/skel + ##NAME: IMAPDEBUGFILE:0 # # IMAPDEBUGFILE="imaplog.dat" diff --git a/courier-imap/imapd-ssl b/courier-imap/imapd-ssl index 9111619..47ca432 100644 --- a/courier-imap/imapd-ssl +++ b/courier-imap/imapd-ssl @@ -1,4 +1,4 @@ -##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ +##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ # # imapd-ssl created from imapd-ssl.dist by sysconftool # @@ -54,7 +54,7 @@ SSLPIDFILE=/var/run/imapd-ssl.pid ##NAME: SSLLOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # SSLLOGGEROPTS="-name=imapd-ssl" @@ -112,45 +112,40 @@ COURIERTLS=/usr/sbin/couriertls # # DEFAULT: NORMAL:-CTYPE-OPENPGP # -# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" +# This setting is also used to select the available ciphers. +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_PROTOCOL:0 -# +# # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # # SSL3 - SSLv3 # SSL23 - all protocols (including TLS 1.x protocols) -# TLS1 - TLS1 +# TLSv1 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. -# -# GnuTLS: -# -# SSL3 - SSLv3 -# TLS1 - TLS 1.0 -# TLS1_1 - TLS 1.1 -# -# When compiled against GnuTLS, multiple protocols can be selected as follows: -# -# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" -# -# DEFAULT VALUES: +# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# higher protocols. # -# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) -TLS_PROTOCOL="SSL23" - -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS -# extension, as opposed to IMAP over SSL on port 993. -# -# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL -TLS_STARTTLS_PROTOCOL=TLS1 +# The default value is TLSv1+ ##NAME: TLS_CIPHER_LIST:0 # @@ -160,8 +155,7 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -183,49 +177,36 @@ TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" # See GnuTLS documentation, gnutls_priority_init(3) for additional # documentation. -##NAME: TLS_MIN_DH_BITS:0 -# -# TLS_MIN_DH_BITS=n -# -# GnuTLS only: +##NAME: TLS_STARTTLS_PROTOCOL:0 # -# Set the minimum number of acceptable bits for a DH key exchange. +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS +# extension, as opposed to IMAP over SSL on port 993. # -# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server -# have been encountered that offer 512 bit keys. You may have to set -# TLS_MIN_DH_BITS=512 here, if necessary. +# It takes the same values for OpenSSL as TLS_PROTOCOL -##NAME: TLS_KX_LIST:0 -# -# GnuTLS only: +##NAME: TLS_CIPHER_LIST:0 # -# Allowed key exchange protocols. The default of "ALL" should be sufficient. -# The list of supported key exchange protocols depends on the options GnuTLS -# was compiled against, but may include the following: +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined # -# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT - -TLS_KX_LIST=ALL - -##NAME: TLS_COMPRESSION:0 +# OpenSSL: # -# GnuTLS only: +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # -# Optional compression. "ALL" selects all available compression methods. # -# Available compression methods: DEFLATE, LZO, NULL - -TLS_COMPRESSION=ALL -##NAME: TLS_CERTS:0 +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n # # GnuTLS only: # -# Supported certificate types are X509 and OPENPGP. +# Set the minimum number of acceptable bits for a DH key exchange. # -# OPENPGP has not been tested - -TLS_CERTS=X509 +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. @@ -270,7 +251,7 @@ TLS_CERTFILE=/etc/courier-imap/imapd.pem # # TLS_DHPARAMS - DH parameter file. # -TLS_DHPARAMS=/etc/ssl/dhparams.pem +TLS_DHPARAMS=/usr/share/dhparams.pem ##NAME: TLS_TRUSTCERTS:0 # @@ -300,7 +281,6 @@ TLS_TRUSTCERTS=/etc/ssl/certs # TLS_VERIFYPEER=NONE - ##NAME: TLS_EXTERNAL:0 # # To enable SSL certificate-based authentication: diff --git a/courier-imap/pop3d-ssl b/courier-imap/pop3d-ssl index 21c2625..7f5fc42 100644 --- a/courier-imap/pop3d-ssl +++ b/courier-imap/pop3d-ssl @@ -1,4 +1,4 @@ -##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ +##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ # # pop3d-ssl created from pop3d-ssl.dist by sysconftool # @@ -52,7 +52,7 @@ SSLPIDFILE=/var/run/pop3d-ssl.pid ##NAME: SSLLOGGEROPTS:0 # -# courierlogger(1) options. +# courierlogger(1) options. # SSLLOGGEROPTS="-name=pop3d-ssl" @@ -96,20 +96,41 @@ COURIERTLS=/usr/sbin/couriertls # DEFAULT: NORMAL:-CTYPE-OPENPGP # # TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" +# +# This setting is also used to select the available ciphers. +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_PROTOCOL:0 -# +# # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # # SSL3 - SSLv3 # SSL23 - all protocols (including TLS 1.x protocols) -# TLS1 - TLS1 +# TLSv11 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # -# Leave it unset to use any protocol except SSL 2. +# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# higher protocols. +# +# The default value is TLSv1+ ##NAME: TLS_CIPHER_LIST:0 # @@ -119,8 +140,7 @@ COURIERTLS=/usr/sbin/couriertls # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -197,7 +217,7 @@ TLS_CERTFILE=/etc/courier-imap/pop3d.pem # # TLS_DHPARAMS - DH parameter file. # -TLS_DHPARAMS=/etc/ssl/dhparams.pem +TLS_DHPARAMS=/usr/share/dhparams.pem ##NAME: TLS_TRUSTCERTS:0 # diff --git a/hosts b/hosts index d16bd02..8767e6b 100644 --- a/hosts +++ b/hosts @@ -3,6 +3,12 @@ # This file describes a number of aliases-to-address mappings for the for # local hosts that share this file. # +# The format of lines in this file is: +# +# IP_ADDRESS canonical_hostname [aliases...] +# +#The fields can be separated by any number of spaces or tabs. +# # In the presence of the domain name service or NIS, this file may not be # consulted at all; see /etc/host.conf for the resolution order. # diff --git a/mdadm.conf b/mdadm.conf index 5d95f56..def141e 100644 --- a/mdadm.conf +++ b/mdadm.conf @@ -15,9 +15,9 @@ # ARRAY lines specify information about how to identify arrays so # so that they can be activated # -# You can have more than one device line and use wild cards. The first +# You can have more than one device line and use wild cards. The first # example includes SCSI the first partition of SCSI disks /dev/sdb, -# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second +# /dev/sdc, /dev/sdd, /dev/sdj, /dev/sdk, and /dev/sdl. The second # line looks for array slices on IDE disks. # #DEVICE /dev/sd[bcdjkl]1 diff --git a/portage/package.use b/portage/package.use index aaf15eb..9da934d 100644 --- a/portage/package.use +++ b/portage/package.use @@ -124,6 +124,7 @@ media-libs/fontconfig -doc media-libs/freetype kpathsea utils media-libs/gd fontconfig media-libs/giflib rle +media-libs/libcaca -doc media-libs/lasi -doc media-libs/libtheora encode media-libs/libwmf -expat diff --git a/postfix/main.cf b/postfix/main.cf index d74b74a..4680d05 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.0-r1/html +html_directory = /usr/share/doc/postfix-3.1.2-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme +readme_directory = /usr/share/doc/postfix-3.1.2-r1/readme #inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/postfix/postgrey_whitelist_clients b/postfix/postgrey_whitelist_clients index 480e8e0..cdd8885 100644 --- a/postfix/postgrey_whitelist_clients +++ b/postfix/postgrey_whitelist_clients @@ -3,7 +3,7 @@ # put this file in /etc/postfix or specify its path # with --whitelist-clients=xxx # -# postgrey version: 1.34, build date: 2011-05-04 +# postgrey version: 1.36, build date: 2015-09-01 # greylisting.org: Southwest Airlines (unique sender, no retry) southwest.com @@ -144,14 +144,14 @@ flymonarch.com # ibm.com (big pool, reported by Casey Peel) ibm.com # messagelabs.com (big pool, reported by John Tobin) -/^mail\d+\.messagelabs\.com$/ +messagelabs.com # ptb.de (slow, reported by Joachim Schoenberg) berlin.ptb.de # registrarmail.net (unique sender names, reported by Simon Waters) registrarmail.net # google.com (big pool, reported by Matthias Dyer, Martin Toft) google.com -# orange.fr (big pool, reported by Loïc Le Loarer) +# orange.fr (big pool, reported by Loïc Le Loarer) /^smtp\d+\.orange\.fr$/ # citigroup.com (slow retry, reported by Michael Monnerie) /^smtp\d+.citigroup.com$/ @@ -218,6 +218,22 @@ postini.com /^mx.*\.evanzo-server\.de$/ # 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie) upcmail.net - -mx\.acwain\.net - +# 2013-12-18: orange.fr (big pool, reported by fulax) +/^smtp\d+\.smtpout\.orange\.fr$/ +# 2014-01-29: gmx/web.de/1&1 (long retry, reported by Axel Beckert) +mout-xforward.gmx.net +mout-xforward.web.de +mout-xforward.kundenserver.de +mout-xforward.perfora.net +# 2014-02-01: startcom.org (long retry, reported by jweiher) +gateway.startcom.org +# 2014-12-18: mail.ru (retries from fallback*.mail.ru, reported by Andriy Yurchuk) +/^fallback\d+\.mail\.ru$/ +# French tax authority, no retry +dgfip.finances.gouv.fr +# 2015-06-10: magisto.com (requested by postmaster) +/^o\d+\.ntdc\.magisto\.com$/ +# 2015-07-23: outlook.com (github #20) +outlook.com +# 2015-08-19 (the retrying is failing) +mail.alibaba.com diff --git a/rc.conf b/rc.conf index c3d7fea..58bf2d7 100644 --- a/rc.conf +++ b/rc.conf @@ -117,6 +117,9 @@ unicode="YES" # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. #SSD_NICELEVEL="-19" +# Or the ionice level. The format is class[:data] , just like the +# --ionice start-stop-daemon parameter. +#SSD_IONICELEVEL="2:2" # Pass ulimit parameters # If you are using bash in POSIX mode for your shell, note that the @@ -146,36 +149,42 @@ unicode="YES" #rc_foo_bar_after="clock" # You can also remove dependencies. -# This is mainly used for saying which servies do NOT provide net. +# This is mainly used for saying which services do NOT provide net. #rc_net_tap0_provide="!net" -############################################################################## -# LINUX SPECIFIC OPTIONS - -# This is the subsystem type. Valid options on Linux: +# This is the subsystem type. +# It is used to match against keywords set by the keyword call in the +# depend function of service scripts. +# +# It should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +# If it is commented out, automatic detection will be used. +# +# The list below shows all possible settings as well as the host +# operating systems where they can be used and autodetected. +# # "" - nothing special -# "docker" - Docker container manager +# "docker" - Docker container manager (Linux) +# "jail" - Jail (DragonflyBSD or FreeBSD) # "lxc" - Linux Containers # "openvz" - Linux OpenVZ # "prefix" - Prefix -# "rkt" - CoreOS container management system +# "rkt" - CoreOS container management system (Linux) +# "subhurd" - Hurd subhurds (to be checked) +# "systemd-nspawn" - Container created by systemd-nspawn (Linux) # "uml" - Usermode Linux # "vserver" - Linux vserver -# "systemd-nspawn" - Container created by the systemd-nspawn utility -# "xen0" - Xen0 Domain -# "xenU" - XenU Domain -# If this is commented out, automatic detection will be used. -# -# This should be set to the value representing the environment this file is -# PRESENTLY in, not the virtualization the environment is capable of. +# "xen0" - Xen0 Domain (Linux and NetBSD) +# "xenU" - XenU Domain (Linux and NetBSD) rc_sys="" -# This is the number of tty's used in most of the rc-scripts (like -# consolefont, numlock, etc ...) +# on Linux and Hurd, this is the number of ttys allocated for logins +# It is used in the consolefont, keymaps, numlock and termencoding +# service scripts. rc_tty_number=12 ############################################################################## -# CGROUPS RESOURCE MANAGEMENT +# LINUX CGROUPS RESOURCE MANAGEMENT # If you have cgroups turned on in your kernel, this switch controls # whether or not a group for each controller is mounted under @@ -230,7 +239,7 @@ rc_tty_number=12 # Set the pids controller settings for this service. #rc_cgroup_pids="" -# Set this to YES if yu want all of the processes in a service's cgroup +# Set this to YES if you want all of the processes in a service's cgroup # killed when the service is stopped or restarted. # This should not be set globally because it kills all of the service's # child processes, and most of the time this is undesirable. Please set diff --git a/services b/services index c6d5cb2..d6b2bb4 100644 --- a/services +++ b/services @@ -701,6 +701,8 @@ concurrent-lm 1648/tcp concurrent-lm 1648/udp kermit 1649/tcp kermit 1649/udp +groupwise 1677/tcp +groupwise 1677/udp l2tp 1701/tcp l2tp 1701/udp h323gatedisc 1718/tcp @@ -755,8 +757,8 @@ x25-svc-port 1998/tcp # cisco X.25 service (XOT) x25-svc-port 1998/udp tcp-id-port 1999/tcp # cisco identification port tcp-id-port 1999/udp -cisco-sccp 2000/tcp sieve # Cisco SCCP -cisco-sccp 2000/udp sieve +cisco-sccp 2000/tcp # Cisco SCCP +cisco-sccp 2000/udp nfs 2049/tcp # Network File System nfs 2049/udp radsec 2083/tcp # Secure Radius Service @@ -915,6 +917,8 @@ xgrid 4111/tcp # Mac OS X Server Xgrid xgrid 4111/udp bzr 4155/tcp # Bazaar Version Control System bzr 4155/udp # Bazaar version control system +sieve 4190/tcp # ManageSieve Protocol +sieve 4190/udp rwhois 4321/tcp # Remote Who Is rwhois 4321/udp epmd 4369/tcp # Erlang Port Mapper Daemon @@ -975,8 +979,6 @@ sgi-eventmond 5553/tcp # SGI Eventmond Port sgi-eventmond 5553/udp sgi-esphttp 5554/tcp # SGI ESP HTTP sgi-esphttp 5554/udp -nrpe 5666/tcp # Nagios NRPE -nrpe 5666/udp # Nagios NRPE cvsup 5999/tcp # CVSup cvsup 5999/udp x11 6000/tcp # X Window System @@ -1151,9 +1153,12 @@ support 1529/tcp # GNATS cfinger 2003/tcp lmtp # GNU Finger ninstall 2150/tcp # ninstall service ninstall 2150/udp +gpsd 2947/tcp gpsd # GPS Daemon request/response protocol +gpsd 2947/udp gpsd # GPS Daemon request/response protocol afbackup 2988/tcp # Afbackup system afbackup 2988/udp fax 4557/tcp # FAX transmission service (old) +xmpp-bosh 5280/tcp # Bidirectional-streams Over Synchronous HTTP (BOSH) rplay 5555/tcp # RPlay audio service rplay 5555/udp canna 5680/tcp # Canna (Japanese Input) @@ -1161,6 +1166,7 @@ x11-ssh 6010/tcp x11-ssh-offset x11-ssh 6010/udp x11-ssh-offset ircd 6667/tcp # Internet Relay Chat ircd 6667/udp +ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL jetdirect 9100/tcp # HP JetDirect card jetdirect 9100/udp mandelspawn 9359/udp mandelbrot # network mandelbrot