<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
  <meta charset="utf-8">
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  
  <title>Concepts &mdash; Cyrus IMAP 3.6.1 documentation</title>
  

  
  

  

  
  
    

  

  
  
    <link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />
  

  
    <link rel="stylesheet" href="../../_static/graphviz.css" type="text/css" />
  
    <link rel="stylesheet" href="../../_static/cyrus.css" type="text/css" />
  

  
        <link rel="index" title="Index"
              href="../../genindex.html"/>
        <link rel="search" title="Search" href="../../search.html"/>
    <link rel="top" title="Cyrus IMAP 3.6.1 documentation" href="../../index.html"/>
        <link rel="up" title="Overview" href="../../overview.html"/>
        <link rel="next" title="Setup" href="../../setup.html"/>
        <link rel="prev" title="Cyrus IMAP Murder (Server Aggregation)" href="features/server-aggregation.html"/> 

  
  
  

</head>

<body class="wy-body-for-nav" role="document">


  

<div class="pageheader">
  <ul>
    <li><a href="../../index.html">Home</a></li>
    <li><a href="../../download.html">Download</a></li>
    <li><a href="../../contribute.html">Contribute</a></li>
    <li><a href="../../support.html">Support</a></li>
    <li><a href="http://www.cyrusimap.org/sasl">Cyrus SASL</a></li>
  </ul>
  <div>
    <a href="../../index.html">
      <h1>Cyrus IMAP</h1>
      <!-- <img src="../../_static/logo.gif" alt="CYRUS" /> -->
    </a>
  </div>
</div>
<div style="clear: both;"></div>


  <div class="wy-grid-for-nav">

    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-nav-search">
        

        
 
          <a href="../../index.html">
 

          
          <h1>Cyrus IMAP</h1>
          
        </a>

        
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

        
      </div>

      <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
        
          
          
              <p class="caption"><span class="caption-text">Cyrus IMAP</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../download.html">Download</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../download/getcyrus.html">Get Cyrus</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../download/getcyrus.html#distribution-package">Distribution Package</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../download/installation/distributions/centos.html">CentOS</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/installation/distributions/debian.html">Debian</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/installation/distributions/fedora.html">Fedora</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/installation/distributions/opensuse.html">openSUSE</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/installation/distributions/rhel.html">Red Hat Enterprise Linux</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/installation/distributions/ubuntu.html">Ubuntu</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../download/getcyrus.html#build-and-install-yourself">Build and Install Yourself</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../download/getcyrus.html#use-a-release-packaged-tarball">Use a release packaged tarball</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/getcyrus.html#use-the-source-from-git">Use the source from Git</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../download/getcyrus.html#external-tools">External Tools</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/getcyrus.html#licensing">Licensing</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../download/release-notes/index.html">Release Notes</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../download/release-notes/index.html#stable-version">Stable Version</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/release-notes/index.html#development-version">Development Version</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/release-notes/index.html#supported-product-series">Supported Product Series</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/index.html#series-3-6">Series 3.6</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/index.html#series-3-4">Series 3.4</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/index.html#series-3-2">Series 3.2</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/index.html#series-3-0">Series 3.0</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/index.html#series-2-5">Series 2.5</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../download/release-notes/index.html#development-snapshots">Development snapshots</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/3.7/index.html">Cyrus IMAP 3.7 Tags</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/3.5/index.html">Cyrus IMAP 3.5 Tags</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/3.3/index.html">Cyrus IMAP 3.3 Tags</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/3.1/index.html">Cyrus IMAP 3.1 Tags</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../download/release-notes/index.html#older-versions">Older Versions</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/index.html#series-1">Series 1</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/release-notes/index.html#series-2-2-0-2-4">Series 2: 2.0 - 2.4</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../download/packagers.html">Notes for Packagers</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../download/packagers.html#binary-naming">Binary naming</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/packagers.html#sample-configuration-files">Sample configuration files</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/packagers.html#predefined-configurations">Predefined configurations</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../download/packagers.html#the-configuration-file-for-master-cyrus-conf">The configuration file for master: cyrus.conf</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/packagers.html#the-configuration-file-for-the-various-programs-imapd-conf">The configuration file for the various programs: imapd.conf</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../download/packagers.html#services-in-etc-services">Services in <code class="docutils literal notranslate"><span class="pre">/etc/services</span></code></a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../quickstart.html">Quickstart Guide</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../quickstart/introduction.html">Introduction to Cyrus IMAP</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../quickstart/introduction.html#what-is-imap">What is IMAP?</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../quickstart.html#quick-install">Quick install</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../../quickstart.html#install-cyrus-package-s">1. Install Cyrus package(s)</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../quickstart.html#setup-the-cyrus-mail-user-and-group">2. Setup the cyrus:mail user and group</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../quickstart.html#setting-up-authentication-with-sasl">3. Setting up authentication with SASL</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../quickstart.html#setup-mail-delivery-from-your-mta">4. Setup mail delivery from your MTA</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../quickstart.html#protocol-ports">5. Protocol ports</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../quickstart.html#configuring-cyrus">6. Configuring Cyrus</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../quickstart.html#launch-cyrus">7. Launch Cyrus</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1 current"><a class="reference internal" href="../../overview.html">Overview</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="features.html">Features</a><ul>
<li class="toctree-l3"><a class="reference internal" href="features.html#security-and-authentication">Security and Authentication</a><ul>
<li class="toctree-l4"><a class="reference internal" href="features/authentication-kerberos.html">Kerberos Authentication</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/authentication-ldap.html">LDAP Authentication</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/authentication-sql.html">SQL Authentication</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/access-control.html">Access Control</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/sealed-system.html">Sealed System Design</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="features.html#mailbox-management">Mailbox Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="features/automatic-creation-of-mailboxes.html">Automatic Creation of Mailboxes</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/namespaces.html">Mailbox Namespaces</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/virtual-domains.html">Virtual Domains</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/mailbox-annotations.html">Mailbox Annotations (METADATA)</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/mailbox-distribution.html">Mailbox Distribution</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="features.html#message-management">Message Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="features/delayed-delete.html">Delayed Delete</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/delayed-expunge.html">Delayed Expunge</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/message-annotations.html">Message Annotations (METADATA)</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/duplicate-message-delivery-suppression.html">Duplicate Message Delivery Suppression</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/shared-seen-state.html">Shared Seen State</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/server-side-filtering.html">Server Side Filtering (Sieve)</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/event-notifications.html">Event Notifications</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="features.html#calendar-and-contact-dav-collection-management">Calendar and Contact (DAV) Collection Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="features/caldav-collections.html">CalDAV Collections</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/dav-components.html">DAV Components</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/dav-collection-mgmt.html">DAV Collection Management</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/carddav.html">CardDAV Support</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="features.html#storage">Storage</a><ul>
<li class="toctree-l4"><a class="reference internal" href="features/mail-spool-partitions.html">Mail Spool Partitions</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/mailbox-metadata-partitions.html">Mailbox Metadata Partitions</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/archiving.html">Archiving</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/quota.html">Quota</a></li>
<li class="toctree-l4"><a class="reference internal" href="features/single-instance-store.html">Single-Instance Store</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="features.html#load-management">Load Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="features/server-aggregation.html">Cyrus IMAP Murder (Server Aggregation)</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Concepts</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#access-control-lists">Access Control Lists</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#working-with-acls">Working with ACLs</a></li>
<li class="toctree-l4"><a class="reference internal" href="#sample-acl">Sample ACL</a></li>
<li class="toctree-l4"><a class="reference internal" href="#access-rights">Access Rights</a></li>
<li class="toctree-l4"><a class="reference internal" href="#access-control-defaults">Access Control Defaults</a></li>
<li class="toctree-l4"><a class="reference internal" href="#access-control-identifier-aci">Access Control Identifier (ACI)</a></li>
<li class="toctree-l4"><a class="reference internal" href="#negative-rights">Negative Rights</a></li>
<li class="toctree-l4"><a class="reference internal" href="#calculating-a-users-rights">Calculating a Users’ Rights</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#login-authentication">Login Authentication</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#anonymous-login">Anonymous Login</a></li>
<li class="toctree-l4"><a class="reference internal" href="#plaintext-authentication">Plaintext Authentication</a></li>
<li class="toctree-l4"><a class="reference internal" href="#kerberos-logins">Kerberos Logins</a></li>
<li class="toctree-l4"><a class="reference internal" href="#shared-secrets-logins">Shared Secrets Logins</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#quotas">Quotas</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#working-with-quotas">Working with Quotas</a></li>
<li class="toctree-l4"><a class="reference internal" href="#monitor-and-repair">Monitor and Repair</a></li>
<li class="toctree-l4"><a class="reference internal" href="#supported-quota-types">Supported Quota Types</a></li>
<li class="toctree-l4"><a class="reference internal" href="#quota-roots">Quota Roots</a></li>
<li class="toctree-l4"><a class="reference internal" href="#controlling-quota-behavior">Controlling Quota Behavior</a></li>
<li class="toctree-l4"><a class="reference internal" href="#mail-delivery-behavior">Mail Delivery Behavior</a></li>
<li class="toctree-l4"><a class="reference internal" href="#quota-warnings-upon-select-when-user-has-d-rights">Quota Warnings Upon Select When User Has <code class="docutils literal notranslate"><span class="pre">d</span></code> Rights</a></li>
<li class="toctree-l4"><a class="reference internal" href="#quotas-and-partitions">Quotas and Partitions</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#new-mail-notification">New Mail Notification</a></li>
<li class="toctree-l3"><a class="reference internal" href="#partitions">Partitions</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#specifying-partitions-with-create">Specifying Partitions with “create”</a></li>
<li class="toctree-l4"><a class="reference internal" href="#changing-partitions-with-rename">Changing Partitions with “rename”</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#news">News</a></li>
<li class="toctree-l3"><a class="reference internal" href="#pop3-server">POP3 Server</a></li>
<li class="toctree-l3"><a class="reference internal" href="#the-syslog-facility">The syslog facility</a></li>
<li class="toctree-l3"><a class="reference internal" href="#mail-directory-recovery">Mail Directory Recovery</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#reconstructing-mailbox-directories">Reconstructing Mailbox Directories</a></li>
<li class="toctree-l4"><a class="reference internal" href="#reconstructing-the-mailboxes-file">Reconstructing the Mailboxes File</a></li>
<li class="toctree-l4"><a class="reference internal" href="#reconstructing-quota-roots">Reconstructing Quota Roots</a></li>
<li class="toctree-l4"><a class="reference internal" href="#removing-quota-roots">Removing Quota Roots</a></li>
<li class="toctree-l4"><a class="reference internal" href="#subscriptions">Subscriptions</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#configuration-directory">Configuration Directory</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#log-directory">Log Directory</a></li>
<li class="toctree-l4"><a class="reference internal" href="#proc-directory">Proc Directory</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#message-delivery">Message Delivery</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#local-mail-transfer-protocol-lmtp">Local Mail Transfer Protocol (lmtp)</a></li>
<li class="toctree-l4"><a class="reference internal" href="#single-instance-store">Single Instance Store</a></li>
<li class="toctree-l4"><a class="reference internal" href="#duplicate-delivery-suppression">Duplicate Delivery Suppression</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#sieve-a-mail-filtering-language">Sieve, a Mail Filtering Language</a></li>
<li class="toctree-l3"><a class="reference internal" href="#cyrus-murder-the-imap-aggregator">Cyrus Murder, the IMAP Aggregator</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../setup.html">Setup</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../developer/compiling.html">Compiling</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer/compiling.html#setting-up-dependencies">Setting up dependencies</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/compiling.html#required-build-dependencies">Required Build Dependencies</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/compiling.html#build-dependencies-for-additional-functionality">Build dependencies for additional functionality</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer/compiling.html#compile-cyrus">Compile Cyrus</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/compiling.html#default-build-mail-only">Default build: mail only</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/compiling.html#optional-dependencies">Optional dependencies</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/compiling.html#compile">Compile</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/compiling.html#check">Check</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../installing.html">Installing Cyrus</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../installing.html#install-cyrus">Install Cyrus</a></li>
<li class="toctree-l3"><a class="reference internal" href="../installing.html#optional-components">Optional Components</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../download/installation/manage-dav.html">HTTP modules</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/installation/virus.html">Virus Scanner</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../installing.html#setting-up-syslog">Setting up syslog</a></li>
<li class="toctree-l3"><a class="reference internal" href="../installing.html#create-cyrus-environment">Create Cyrus environment</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../installing.html#set-up-the-cyrus-mail-user-and-group">Set up the cyrus:mail user and group</a></li>
<li class="toctree-l4"><a class="reference internal" href="../installing.html#authentication-with-sasl">Authentication with SASL</a></li>
<li class="toctree-l4"><a class="reference internal" href="../installing.html#mail-delivery-from-your-mta">Mail delivery from your MTA</a></li>
<li class="toctree-l4"><a class="reference internal" href="../installing.html#protocol-ports">Protocol ports</a></li>
<li class="toctree-l4"><a class="reference internal" href="../installing.html#cyrus-config-files">Cyrus config files</a></li>
<li class="toctree-l4"><a class="reference internal" href="../installing.html#optional-setting-up-tls-certificates">Optional: Setting up TLS certificates</a></li>
<li class="toctree-l4"><a class="reference internal" href="../installing.html#prepare-ephemeral-run-time-storage-directories">Prepare ephemeral (run-time) storage directories</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../installing.html#launch-cyrus">Launch Cyrus</a></li>
<li class="toctree-l3"><a class="reference internal" href="../installing.html#send-a-test-email">Send a test email</a></li>
<li class="toctree-l3"><a class="reference internal" href="../installing.html#checking-carddav-and-caldav">Checking CardDAV and CalDAV</a></li>
<li class="toctree-l3"><a class="reference internal" href="../installing.html#troubleshooting">Troubleshooting</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../download/upgrade.html">Upgrading to 3.6</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#preparation">1. Preparation</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../download/upgrade.html#versions-to-upgrade-from">Versions to upgrade from</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/upgrade.html#installation-from-tarball">Installation from tarball</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/upgrade.html#storage-changes">Storage changes</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/upgrade.html#how-are-you-planning-on-upgrading">How are you planning on upgrading?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../download/upgrade.html#do-what-as-who">Do What As Who?</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#install-new-3-6-cyrus">2. Install new 3.6 Cyrus</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#shut-down-existing-cyrus">3. Shut down existing Cyrus</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#backup-and-copy-existing-data">4. Backup and Copy existing data</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#copy-config-files-and-update">5. Copy config files and update</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#upgrade-specific-items">6. Upgrade specific items</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#start-new-3-6-cyrus-and-verify">7. Start new 3.6 Cyrus and verify</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#reconstruct-databases-and-cache">8. Reconstruct databases and cache</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#do-you-want-any-new-features">9. Do you want any new features?</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#upgrade-complete">10. Upgrade complete</a></li>
<li class="toctree-l3"><a class="reference internal" href="../download/upgrade.html#special-note-for-murder-configurations">Special note for Murder configurations</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="deployment.html">Configuration Guide</a><ul>
<li class="toctree-l3"><a class="reference internal" href="deployment/deployment_scenarios.html">Deployment Scenarios</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/deployment_scenarios.html#single-server-deployments">Single Server Deployments</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/deployment_scenarios.html#multi-server-deployments">Multi Server Deployments</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="deployment/deployment_scenarios.html#cyrus-murder-server-aggregation">Cyrus Murder: Server aggregation</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/deployment_scenarios.html#the-discrete-murder">The Discrete Murder</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/deployment_scenarios.html#the-unified-murder">The Unified Murder</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/deployment_scenarios.html#the-shared-murder">The Shared Murder</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="deployment/deployment_scenarios.html#cyrus-replication">Cyrus Replication</a></li>
<li class="toctree-l3"><a class="reference internal" href="deployment/deployment_scenarios.html#hosted-environments">Hosted Environments</a></li>
<li class="toctree-l3"><a class="reference internal" href="deployment/databases.html">Databases</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/databases.html#overview">Overview</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/databases.html#file-list">File list</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/databases.html#storage-types">Storage types</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="deployment/mailbox_creation_distribution.html">Mailbox Creation Distribution</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/mailbox_creation_distribution.html#selection-mode">Selection Mode</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/mailbox_creation_distribution.html#special-cases">Special cases</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/mailbox_creation_distribution.html#partitions-exclusion">Partitions Exclusion</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/mailbox_creation_distribution.html#partitions-usage-data-reset">Partitions Usage Data Reset</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/mailbox_creation_distribution.html#mailbox-creation-distribution-through-murder-frontend">Mailbox Creation Distribution Through <code class="docutils literal notranslate"><span class="pre">murder</span> <span class="pre">frontend</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/mailbox_creation_distribution.html#backends-exclusion">Backends Exclusion</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/mailbox_creation_distribution.html#backends-usage-data-reset">Backends Usage Data Reset</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="deployment/known_protocol_limitations.html">Known Protocol Limitations</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/known_protocol_limitations.html#pop3-and-mailbox-locking">POP3 and Mailbox Locking</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/known_protocol_limitations.html#cyrus-imap-pop3-implementation">Cyrus IMAP POP3 Implementation</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="deployment/authentication_and_authorization.html">Authentication and Authorization</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/authentication_and_authorization.html#client-authentication">Client Authentication</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/authentication_and_authorization.html#users-and-mailboxes">Users and Mailboxes</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="deployment/performance_recommendations.html">Performance Recommendations</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/performance_recommendations.html#databases-on-temporary-filesystems">Databases on Temporary Filesystems</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/performance_recommendations.html#certificates">Certificates</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="deployment/storage.html">Storage Considerations</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/storage.html#general-notes-on-storage">General Notes on Storage</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/storage.html#redundancy">Redundancy</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/storage.html#availability">Availability</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/storage.html#performance">Performance</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/storage.html#scalability">Scalability</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/storage.html#capacity">Capacity</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/storage.html#cost">Cost</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="deployment/supported-platforms.html">Supported Platforms and System Requirements</a><ul>
<li class="toctree-l4"><a class="reference internal" href="deployment/supported-platforms.html#building-cyrus-imap">Building Cyrus IMAP</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/supported-platforms.html#required-software-components">Required Software Components</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/supported-platforms.html#recommended-software-components">Recommended Software Components</a></li>
<li class="toctree-l4"><a class="reference internal" href="deployment/supported-platforms.html#recommended-software-components-enabled-by-default">Recommended Software Components Enabled by Default</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../operations.html">Operations</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../reference/manpages/index.html">Man pages</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../reference/manpages/index.html#configuration-files">(5) Configuration Files</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/configs/cyrus.conf.html"><strong>cyrus.conf</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/configs/imapd.conf.html"><strong>imapd.conf</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/configs/krb.equiv.html"><strong>krb.equiv</strong></a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../reference/manpages/index.html#system-commands">(8) System Commands</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/arbitron.html"><strong>arbitron</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/backupd.html"><strong>backupd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/chk_cyrus.html"><strong>chk_cyrus</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ctl_backups.html"><strong>ctl_backups</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ctl_conversationsdb.html"><strong>ctl_conversationsdb</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ctl_cyrusdb.html"><strong>ctl_cyrusdb</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ctl_deliver.html"><strong>ctl_deliver</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ctl_mboxlist.html"><strong>ctl_mboxlist</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ctl_zoneinfo.html"><strong>ctl_zoneinfo</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cvt_cyrusdb.html"><strong>cvt_cyrusdb</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cvt_xlist_specialuse.html"><strong>cvt_xlist_specialuse</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_backup.html"><strong>cyr_backup</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_buildinfo.html"><strong>cyr_buildinfo</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_dbtool.html"><strong>cyr_dbtool</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_deny.html"><strong>cyr_deny</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_df.html"><strong>cyr_df</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_expire.html"><strong>cyr_expire</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_info.html"><strong>cyr_info</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_ls.html"><strong>cyr_ls</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_synclog.html"><strong>cyr_synclog</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_userseen.html"><strong>cyr_userseen</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyr_virusscan.html"><strong>cyr_virusscan</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html"><strong>cyradm</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/cyrdump.html"><strong>cyrdump</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/deliver.html"><strong>deliver</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/fetchnews.html"><strong>fetchnews</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/fud.html"><strong>fud</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/httpd.html"><strong>httpd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/idled.html"><strong>idled</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/imapd.html"><strong>imapd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ipurge.html"><strong>ipurge</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/lmtpd.html"><strong>lmtpd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/lmtpproxyd.html"><strong>lmtpproxyd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/masssievec.html"><strong>masssievec</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/master.html"><strong>master</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/mbexamine.html"><strong>mbexamine</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/mbpath.html"><strong>mbpath</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/mbtool.html"><strong>mbtool</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/mkimap.html"><strong>mkimap</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/mknewsgroups.html"><strong>mknewsgroups</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/mupdate.html"><strong>mupdate</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/nntpd.html"><strong>nntpd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/notifyd.html"><strong>notifyd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/pop3d.html"><strong>pop3d</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/pop3proxyd.html"><strong>pop3proxyd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/promstatsd.html"><strong>promstatsd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/proxyd.html"><strong>proxyd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ptdump.html"><strong>ptdump</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ptexpire.html"><strong>ptexpire</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/ptloader.html"><strong>ptloader</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/quota.html"><strong>quota</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/reconstruct.html"><strong>reconstruct</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/rehash.html"><strong>rehash</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/relocate_by_id.html"><strong>relocate_by_id</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/restore.html"><strong>restore</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/sievec.html"><strong>sievec</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/sieved.html"><strong>sieved</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/smmapd.html"><strong>smmapd</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/squatter.html"><strong>squatter</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/sync_client.html"><strong>sync_client</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/sync_reset.html"><strong>sync_reset</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/sync_server.html"><strong>sync_server</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/timsieved.html"><strong>timsieved</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/tls_prune.html"><strong>tls_prune</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/translatesieve.html"><strong>translatesieve</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/systemcommands/unexpunge.html"><strong>unexpunge</strong></a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../reference/manpages/index.html#user-commands">(1) User Commands</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/arbitronsort.pl.html"><strong>arbitronsort.pl</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/dav_reconstruct.html"><strong>dav_reconstruct</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/httptest.html"><strong>httptest</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/imtest.html"><strong>imtest</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/installsieve.html"><strong>installsieve</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/lmtptest.html"><strong>lmtptest</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/mupdatetest.html"><strong>mupdatetest</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/nntptest.html"><strong>nntptest</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/pop3test.html"><strong>pop3test</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/sieveshell.html"><strong>sieveshell</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/sivtest.html"><strong>sivtest</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/smtptest.html"><strong>smtptest</strong></a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/manpages/usercommands/synctest.html"><strong>synctest</strong></a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../reference/admin.html">Administrator Guide</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../reference/admin.html#architecture">Architecture</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/architecture.html">System Architecture</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../reference/admin.html#management">Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/locations.html">File &amp; Directory Locations</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/ports-sockets.html">Ports and Sockets</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/access-control.html">Access Control</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/quotas.html">Quotas</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/sieve.html">Cyrus Sieve</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/backups.html">Cyrus Backups</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/nntp.html">Cyrus NNTP</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/protlayer.html">Cyrus Prot Layer</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/sop.html">Standard Operating Procedures</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/eventsource.html">Cyrus Event Source</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/monitoring.html">Monitoring</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/config-mailboxdistribution.html">Mailbox Distribution</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/murder/murder.html">Cyrus Murder</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/nginx-proxy.html">HOWTO: Using an NGINX IMAP Proxy</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/admin/tweaking.html">Tweaking Cyrus IMAP</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../reference/faq.html">Frequently Asked Questions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../reference/faq.html#features">Features</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/feature-database-backend.html">Which database backend should I use for which databases?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/feature-duplicate-delivery.html">Duplicate Delivery Suppression</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../reference/faq.html#installation-problems">Installation Problems</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/install-compilationerrors.html">Compilation errors about kssl.h and krb5.h on Red Hat Linux/Fedora</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/install-install-help.html">Help! There must be an easier way to get all this going…</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/install-linkerwarnings.html">OpenSSL Version Mismatches</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../reference/faq.html#common-feature-requests">Common Feature Requests</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/r-murder-ha.html">Does the Cyrus Murder support High Availability configurations?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/r-pop3-logging.html">Can I configure pop3d to log amount and size of messages fetched by user?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/r-publicssharedfolders.html">How can I make CyrusSieve work with public shared folders?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/r-subfolders.html">Can I have subfolders not appear under INBOX?</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../reference/faq.html#common-operational-questions">Common Operational Questions</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-acls.html">How do I view ACLs on a mailbox?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-annotations.html">What annotations are available?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-configdir-tempfs.html">Is it safe to put &lt;configdirectory&gt;/proc and &lt;configdirectory&gt;/lock on a tmpfs filesystem?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-coredump.html">How to enable core dumps</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-delete-mailbox.html">Why can I not delete a mailbox as an admin user?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-deleted-expired-expunged-purged.html">When is What … Deleted, Expired, Expunged or Purged?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-deliverdb-size.html">Why is deliver.db so large?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-freezes.html">I have multiple imapd-SERVICES configured and experience occasional freezes when I try to log in!</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-gdb.html">How to run gdb on Cyrus components</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-mailbox-doesnotexist.html">Cyrus delivers claims that the mailbox does not exist</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-mixedcase.html">Why is mail being rejected with No Mailbox found due to MiXed CaSe incoming e-mail?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-otherdatabases.html">Can I use MySQL (or another SQL database) as the primary mail store?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-pop3slow.html">Why do POP3 connections take so long, but once the connection is established all is well?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-reconstruct.html">Why does reconstruct -m not work?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-sharedfilesystem-gpfs.html">Shared File Systems GPFS for high availability</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-telemetry.html">How to enable telemetry</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-toomanyprocesses.html">The process count keeps growing!</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-unable-join-environment.html">“unable to join environment” error</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/o-vacation-mailfrom.html">Why does Cyrus set the MAIL FROM address of the sender of vacation responses to ‘&lt;&gt;’?</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../reference/faq.html#common-interoperability-problems">Common Interoperability Problems</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/interop-8bit.html">Why does Cyrus reject 8-bit characters in the headers of my messages?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/interop-barenewlines.html">Why does Cyrus reject messages with “bare newlines”?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/interop-sieve-exim.html">How do I get Cyrus Sieve to play nice with Exim?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../reference/faqs/interop-slow-delivery.html">Why does mail delivery go slow or hang sometimes?</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../developers.html">Developers</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../contribute.html">We need your help</a></li>
<li class="toctree-l2"><a class="reference internal" href="../developer/documentation.html">Contribute docs</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer/documentation.html#overview">Overview</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer/documentation.html#documentation-tools">Documentation Tools</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer/documentation.html#building-the-files">Building the files</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer/documentation.html#submitting-updates">Submitting updates</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/documentation.html#using-github-pull-requests">Using GitHub pull requests</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/documentation.html#patches-through-the-mailing-list">Patches through the mailing list</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer/documentation.html#special-tags">Special Tags</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/documentation.html#rfc">rfc</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/documentation.html#cyrusman">cyrusman</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/documentation.html#imap-current-stable-version">imap_current_stable_version</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer/documentation.html#conventions-man-pages">Conventions: Man Pages</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/documentation.html#synopsis">Synopsis</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/documentation.html#examples">Examples</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer.html">Contribute code and tests</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer.html#getting-started">Getting Started</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/process.html">Development Process</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/overview.html">Overview of Cyrus development environment</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/github-guide.html">GitHub guide</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/compiling.html">Compiling</a></li>
<li class="toctree-l4"><a class="reference internal" href="../installing.html">Installing Cyrus</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/developer-testing.html">Developer Test Environment</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/jmap.html">JMAP support</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer.html#system-files-and-databases">System files and Databases</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/namespaces.html">Namespaces: a developer view</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer.html#resources">Resources</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/libraries.html">Developer Libraries</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer.html#releasing">Releasing</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/releasing.html">Releasing Cyrus IMAP</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/ancient-releasing.html">Releasing new builds of ancient Cyrus IMAP versions</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../developer/cyrusworks.html">Cyrus.Works</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer/cyrusworks.html#about-cyrus-works">About Cyrus Works</a></li>
<li class="toctree-l3"><a class="reference internal" href="../developer/cyrusworks.html#how-it-works">How it works</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../developers.html#cyrus-internals">Cyrus Internals</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer/API.html">Cyrus APIs</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/API/cyrusdb.html">CyrusDB API</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/API/cyrusdb2.html">cyrusdb API</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/API/index-api.html">Index API</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/API/mailbox-api.html">Mailbox API</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer/thoughts.html">Thoughts &amp; Notes</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/thoughts/backup.html">Notes for backup implementation</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/thoughts/bytecode.html">Cyrus IMAP Server: Sieve Bytecode</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/thoughts/caldav_scheduling_flowchart.html">Cyrus CalDAV Scheduling Flowchart</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/thoughts/improved_mboxlist_sort.html">Enabling improved_mboxlist_sort</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/thoughts/notes.html">Cyrus IMAP Server: Notes</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/thoughts/prot-events.html">Cyrus IMAP Server: Prot Events</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../developer/guidance.html">Guidance for Developers</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/hacking.html">Cyrus IMAP Server: Hacking</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/internationalization.html">Cyrus IMAP Server: Internationalization</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/locking.html">Cyrus IMAP Server: Locking</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/mailbox-format.html">Cyrus IMAP Server: Mailbox File Formats</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/namelocks.html">Cyrus IMAP Server: Namelocks</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/prot.html">Cyrus IMAP Server: prot layer</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/replication_examples.html">Cyrus IMAP Server: Replication Examples</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/replication_protocol.html">Cyrus IMAP Server: Replication Protocol v2.4+</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/special_chars.html">Cyrus IMAP Server: Special Characters</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/guidance/var_directory_structure.html">Cyrus IMAP Server: var directory structure</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../developers.html#unit-tests">Unit Tests</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../developer/unit-tests.html">Unit Tests</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#table-of-contents">Table of Contents</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#introduction">1. Introduction</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#what-is-a-unit-test">2. What Is A Unit Test?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#running-the-tests">3. Running The Tests</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#debugging-a-test">3.6 Debugging A Test</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#adding-your-own-tests">4. Adding Your Own Tests</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#where-to-put-your-tests">4.1 Where To Put Your Tests</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#adding-a-new-suite">4.1 Adding A New Suite</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#adding-a-test-to-a-suite">4.2 Adding A Test To A Suite</a></li>
<li class="toctree-l4"><a class="reference internal" href="../developer/unit-tests.html#suite-setup-and-teardown">4.3 Suite Setup And Teardown</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../support.html">Support/Community</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../support/feedback-bugs.html">Found a bug?</a></li>
<li class="toctree-l2"><a class="reference internal" href="../support/feedback-mailing-lists.html">Mailing lists</a></li>
<li class="toctree-l2"><a class="reference internal" href="../support/feedback-meetings.html">Weekly meetings</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../overview/about_cyrus.html">About</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../../overview/what_is_cyrus.html">What is Cyrus</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../../overview/what_is_cyrus.html#what-is-cyrus">What is Cyrus</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/what_is_cyrus.html#what-is-imap">What is IMAP?</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/what_is_cyrus.html#imap-version-4-imap4">IMAP Version 4 (IMAP4)</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/what_is_cyrus.html#mime">Mime</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/what_is_cyrus.html#smtp">SMTP</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../overview/who_is_cyrus.html">Who Is Cyrus</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../../overview/who_is_cyrus.html#core-contributors">Core Contributors</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/who_is_cyrus.html#individual-contributors-and-past-contributors">Individual contributors and past contributors</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../overview/cyrus_roadmap.html">Cyrus Roadmap</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../../overview/cyrus_roadmap.html#high-level-roadmap">High Level Roadmap</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../overview/cyrus_history.html">Cyrus History</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../overview/cyrus_bylaws.html">Cyrus Bylaws</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../../overview/cyrus_bylaws.html#i-the-cyrus-governance-board">I. The Cyrus Governance Board</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/cyrus_bylaws.html#ii-the-cyrus-core-developers-group">II. The Cyrus Core Developers Group</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/cyrus_bylaws.html#iii-the-release-engineer">III. The Release Engineer</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/cyrus_bylaws.html#iv-the-cyrus-roadmap">IV. The Cyrus Roadmap</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/cyrus_bylaws.html#v-development-process">V. Development Process</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../overview/cyrus_bylaws.html#vi-changes-to-the-bylaws">VI. Changes to the Bylaws</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<p class="caption"><span class="caption-text">Cyrus SASL</span></p>
<ul>
<li class="toctree-l1"><a class="reference external" href="http://www.cyrusimap.org/sasl">Cyrus SASL</a></li>
</ul>

          
        
      </div>
        
<div class="buildstatus">
    <a href="https://github.com/cyrusimap/cyrus-imapd/actions" target="_blank">cyrus-imapd-3.6: <img src="https://github.com/cyrusimap/cyrus-imapd/actions/workflows/main.yml/badge.svg?branch=cyrus-imapd-3.6"></a>
</div>
      &nbsp;
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
        <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
        <a href="../../index.html">Cyrus IMAP</a>
      </nav>


      
      <div class="wy-nav-content">
        <div class="rst-content">

          <div role="navigation" aria-label="breadcrumbs navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../index.html">Docs v3.6.1</a> &raquo;</li>
      
          <li><a href="../../overview.html">Overview</a> &raquo;</li>
      
    <li>Concepts</li>
      <li class="wy-breadcrumbs-aside">
        
          
            <a href="https://github.com/cyrusimap/cyrus-imapd/blob/cyrus-imapd-3.6/docsrc/imap/concepts/overview_and_concepts.rst" class="fa fa-github"> Edit on GitHub</a>
          
        
      </li>
  </ul>
  <hr/>
</div>
          <div role="main" class="document">
            
  <div class="section" id="concepts">
<h1>Concepts<a class="headerlink" href="#concepts" title="Permalink to this headline">¶</a></h1>
<p>This section gives an overview of several aspects of the Cyrus IMAP
server, as they relate to deployment.  In an effort to reduce
duplication of information, we will often direct you to documentation
in other areas.  Please do follow such referrals.</p>
<div class="section" id="access-control-lists">
<h2>Access Control Lists<a class="headerlink" href="#access-control-lists" title="Permalink to this headline">¶</a></h2>
<p>Access to each mailbox is controlled by access control
lists. Access Control Lists (ACLs) provide a powerful mechanism for
specifying the users, or groups of users, who have permission to access
the mailboxes, and the degree of that access.</p>
<p>An ACL is a list of zero or more entries. Each entry contains a
mailbox, an Access Control Identifier (ACI) and a set of rights. The
ACI specifies the user or group of users for which the entry
applies. The set of rights is one or more letters or digits, each
letter or digit conferring a particular privilege.</p>
<div class="section" id="working-with-acls">
<h3>Working with ACLs<a class="headerlink" href="#working-with-acls" title="Permalink to this headline">¶</a></h3>
<p>ACLs are manipulated via these subcommands within the
<a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#std-cyrusman-cyradm-8">cyradm(8)</a> program:</p>
<blockquote>
<div><ul class="simple">
<li><p><a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#imap-reference-manpages-systemcommands-cyradm-setaclmailbox"><span class="std std-ref">setaclmailbox</span></a></p></li>
<li><p><a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#imap-reference-manpages-systemcommands-cyradm-listaclmailbox"><span class="std std-ref">listaclmailbox</span></a></p></li>
<li><p><a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#imap-reference-manpages-systemcommands-cyradm-deleteaclmailbox"><span class="std std-ref">deleteaclmailbox</span></a></p></li>
</ul>
</div></blockquote>
</div>
<div class="section" id="sample-acl">
<h3>Sample ACL<a class="headerlink" href="#sample-acl" title="Permalink to this headline">¶</a></h3>
<p>A typical ACL is expressed like this:</p>
<pre class="literal-block"><strong>setaclmailbox</strong> <em>mailbox</em> <em>id</em> <em>rights</em> [<em>id</em> <em>rights</em> ...]</pre>
<p>where <em>mailbox</em> is the name of the mailbox to which the ACL is applied,
<em>id</em> is the ACI for the user or group for which the ACL applies, and
<em>rights</em> is a concatenated list of Access Rights from the list below.</p>
<p>A real world example may look like this:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">setaclmailbox</span> <span class="n">user</span><span class="o">/</span><span class="n">bovik</span><span class="o">/</span><span class="n">public</span> <span class="n">bovik</span> <span class="nb">all</span> <span class="n">group</span><span class="p">:</span><span class="n">users</span> <span class="n">lrsp</span> <span class="n">anyone</span> <span class="n">lrs</span>
</pre></div>
</div>
<p>Here are samples illustrated via output from the <code class="docutils literal notranslate"><span class="pre">listaclmailbox</span></code>
command in <a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#std-cyrusman-cyradm-8">cyradm(8)</a>:</p>
<pre class="literal-block">localhost&gt; <strong>listaclmamilbox tech/%</strong>
tech/Commits:
  group:tech lrswipkxtea
  anyone lrs
tech/abuse:
  group:tech lrswipkxtecda
  anyone lrsp
tech/security:
  anyone lrsp
  group:tech lrswipkxtecda
tech/support:
  group:tech lrswipkxtecda
  anyone lrsp

localhost&gt; <strong>listaclmamilbox user/bovik/%</strong>
user/bovik/Drafts:
  bovik lrswipkxtecda
user/bovik/Sent:
  bovik lrswipkxtecda
user/bovik/Sent Items:
  bovik lrswipkxtecda
user/bovik/Spam:
  anyone p
  bovik lrswipkxtecda
user/bovik/Trash:
  bovik lrswipkxtecda</pre>
</div>
<div class="section" id="access-rights">
<h3>Access Rights<a class="headerlink" href="#access-rights" title="Permalink to this headline">¶</a></h3>
<p>The following lists Access Rights that can be used in an Access Control
List entry.</p>
<dl class="simple">
<dt>l</dt><dd><p>The user may see that the mailbox exists (<strong>lookup</strong>).</p>
</dd>
<dt>r</dt><dd><p>The user may read the mailbox (<strong>read</strong>).</p>
</dd>
<dt>s</dt><dd><p>Keep per-user seen state (i.e. modify the “Seen” flag)
(<strong>setseen</strong>).</p>
</dd>
<dt>w</dt><dd><p>The user may modify flags and keywords other than “Seen” and
“Deleted”. (<strong>write</strong>)</p>
</dd>
<dt>i</dt><dd><p>The user may insert (append) new messages into the mailbox
(<strong>insert</strong>).</p>
</dd>
<dt>p</dt><dd><p>The user may send email to the submission address for the mailbox
(<strong>post</strong>).</p>
</dd>
<dt>c</dt><dd><p>[<strong>deprecated</strong>: see <code class="docutils literal notranslate"><span class="pre">k</span></code> right, below.]</p>
</dd>
<dt>k</dt><dd><p>The user may create new mailboxes in this mailbox, delete the
current mailbox, or rename the mailbox (<strong>create</strong>).</p>
</dd>
<dt>x</dt><dd><p>The user may delete the mailbox itself. (<strong>deletembox</strong>)</p>
</dd>
<dt>t</dt><dd><p>The user may store the “Deleted” flag.  In other words, delete
messages.</p>
</dd>
<dt>e</dt><dd><p>The user may Expunge messages which have the “Deleted” flag already
set (<strong>expunge</strong>).</p>
</dd>
<dt>d</dt><dd><p>This “legacy” right is treated by the software as a macro for <code class="docutils literal notranslate"><span class="pre">te</span></code>
(<strong>deletemsg</strong> &amp;&amp; <strong>expunge</strong>).</p>
</dd>
<dt>n</dt><dd><p>The user may store annotations for a message (<strong>annotatemsg</strong>)</p>
</dd>
<dt>a</dt><dd><p>The user may change the <em>Access Control Information</em> (ACI) on the
mailbox (<strong>administer</strong>).</p>
</dd>
</dl>
<p>For a complete reference to Access Rights, please see
<a class="reference internal" href="../reference/admin/access-control/rights-reference.html#imap-admin-access-control-lists-rights-reference"><span class="std std-ref">Access Control Lists Rights Reference</span></a></p>
<p>Rights are combined through concatenation.  Please see
<a class="reference internal" href="../reference/admin/access-control/combining-rights.html#imap-admin-access-control-combining-rights"><span class="std std-ref">Combining Access Rights</span></a></p>
</div>
<div class="section" id="access-control-defaults">
<h3>Access Control Defaults<a class="headerlink" href="#access-control-defaults" title="Permalink to this headline">¶</a></h3>
<div class="section" id="administrators">
<h4>Administrators<a class="headerlink" href="#administrators" title="Permalink to this headline">¶</a></h4>
<p>Regardless of the ACL on a mailbox, users who are listed in the
<code class="docutils literal notranslate"><span class="pre">admins</span></code> configuration option in <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> implicitly
have the <code class="docutils literal notranslate"><span class="pre">l</span></code> and <code class="docutils literal notranslate"><span class="pre">a</span></code> rights on all mailboxes.</p>
<p>Administrators can also see across domains which normal users cannot.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>An admin user should not be a normal email account.</p>
</div>
</div>
<div class="section" id="mailbox-owners">
<h4>Mailbox owners<a class="headerlink" href="#mailbox-owners" title="Permalink to this headline">¶</a></h4>
<p>The user who owns a mailbox folder has additional rights which are set
regardless of any additional ACLs. These are:</p>
<ul class="simple">
<li><p><strong>l</strong> - <a class="reference internal" href="../reference/admin/access-control/rights-reference.html#imap-admin-access-control-right-l"><span class="std std-ref">lookup</span></a></p></li>
<li><p><strong>k</strong> - <a class="reference internal" href="../reference/admin/access-control/rights-reference.html#imap-admin-access-control-right-k"><span class="std std-ref">create subfolders</span></a></p></li>
<li><p><strong>x</strong> - <a class="reference internal" href="../reference/admin/access-control/rights-reference.html#imap-admin-access-control-right-x"><span class="std std-ref">delete this folder</span></a></p></li>
<li><p><strong>a</strong> - <a class="reference internal" href="../reference/admin/access-control/rights-reference.html#imap-admin-access-control-right-a"><span class="std std-ref">administer</span></a></p></li>
</ul>
<p>These are set in <code class="docutils literal notranslate"><span class="pre">implicit_owner_rights</span></code> of <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
</div>
<div class="section" id="default">
<h4>Default<a class="headerlink" href="#default" title="Permalink to this headline">¶</a></h4>
<p>For all other mailboxes not owned by a user, any user accessing these
mailboxes have the following default privileges:</p>
<ul class="simple">
<li><p><strong>l</strong> - <a class="reference internal" href="../reference/admin/access-control/rights-reference.html#imap-admin-access-control-right-l"><span class="std std-ref">lookup</span></a></p></li>
<li><p><strong>r</strong> - <a class="reference internal" href="../reference/admin/access-control/rights-reference.html#imap-admin-access-control-right-r"><span class="std std-ref">read contents</span></a></p></li>
<li><p><strong>s</strong> - <a class="reference internal" href="../reference/admin/access-control/rights-reference.html#imap-admin-access-control-right-s"><span class="std std-ref">seen</span></a></p></li>
</ul>
<p>These are set in <code class="docutils literal notranslate"><span class="pre">defaultacl</span></code> of <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
</div>
<div class="section" id="initial-acls-for-newly-created-mailboxes">
<h4>Initial ACLs for Newly Created Mailboxes<a class="headerlink" href="#initial-acls-for-newly-created-mailboxes" title="Permalink to this headline">¶</a></h4>
<p>When a mailbox is created, its ACL starts off with a copy of the ACL of its closest parent mailbox. When a user is created, the ACL on the user’s <code class="docutils literal notranslate"><span class="pre">INBOX</span></code> starts off with a single entry granting all rights to the user. When a non-user mailbox is created and does not have a parent, its ACL is initialized to the value of the <code class="docutils literal notranslate"><span class="pre">defaultacl</span></code> option in <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
</div>
<div class="section" id="other-implicit-rights">
<h4>Other Implicit Rights<a class="headerlink" href="#other-implicit-rights" title="Permalink to this headline">¶</a></h4>
<p>Note that some rights are available implicitly, for example ‘anonymous’
always has ‘p’ on user INBOXes, and users always have <code class="docutils literal notranslate"><span class="pre">la</span></code> rights on
mailboxes within their INBOX hierarchy.</p>
</div>
</div>
<div class="section" id="access-control-identifier-aci">
<h3>Access Control Identifier (ACI)<a class="headerlink" href="#access-control-identifier-aci" title="Permalink to this headline">¶</a></h3>
<p>The Access Control Identifier (ACI) part of an ACL entry specifies the
user or group for which the entry applies.  Group identifiers are
distinguished be the prefix “group:”.  For example, “group:accounting”.</p>
<p>There are two special identifiers, “anonymous”, and “anyone”, which are
explained below. The meaning of other identifiers usually depends on
the authorization mechanism being used (selected by <code class="docutils literal notranslate"><span class="pre">--with-auth</span></code> at
compile time, defaulting to Unix).</p>
<div class="section" id="anonymous-and-anyone">
<h4><code class="docutils literal notranslate"><span class="pre">anonymous</span></code> and <code class="docutils literal notranslate"><span class="pre">anyone</span></code><a class="headerlink" href="#anonymous-and-anyone" title="Permalink to this headline">¶</a></h4>
<p>With any authorization mechanism, two special identifiers are defined.
The identifier <code class="docutils literal notranslate"><span class="pre">anonymous</span></code> refers to the anonymous, or unauthenticated
user. The identifier <code class="docutils literal notranslate"><span class="pre">anyone</span></code> refers to all users, including the
anonymous user.</p>
<p>Both <code class="docutils literal notranslate"><span class="pre">anonymous</span></code> and <code class="docutils literal notranslate"><span class="pre">anyone</span></code> may commonly be used with the <strong>post</strong>
right <code class="docutils literal notranslate"><span class="pre">p</span></code> to allow message insertion to mailboxes.</p>
</div>
<div class="section" id="kerberos-vs-unix-authorization">
<h4>Kerberos vs. Unix Authorization<a class="headerlink" href="#kerberos-vs-unix-authorization" title="Permalink to this headline">¶</a></h4>
<p>The Cyrus IMAP server comes with four authorization mechanisms, one is
compatible with Unix-style (<code class="docutils literal notranslate"><span class="pre">/etc/passwd</span></code>) authorization, one for use
with Kerberos 4, one for use with Kerberos 5, and one for use with an
external authorization process (ptloader) which can interface with
other group databases (e.g. AFS PTS groups, LDAP Groups, etc).</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p><strong>Authentication !== Authorization</strong></p>
<p>Note that authorization is <em>not</em> the same thing as authentication.
Authentication is the act of proving who you are. Authorization is
the act of determining what rights you have. Authentication is
discussed in the <a class="reference internal" href="#imap-concepts-login-authentication"><span class="std std-ref">Login Authentication</span></a> part of
this document.</p>
</div>
<div class="section" id="unix-authorization">
<h5>Unix Authorization<a class="headerlink" href="#unix-authorization" title="Permalink to this headline">¶</a></h5>
<p>In the Unix authorization mechanism, ACIs are either a valid userid or
the string <code class="docutils literal notranslate"><span class="pre">group:</span></code> followed by a group listed in <code class="docutils literal notranslate"><span class="pre">/etc/group</span></code>.
Thus:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">root</span>                <span class="n">Refers</span> <span class="n">to</span> <span class="n">the</span> <span class="n">user</span> <span class="n">root</span>
<span class="n">group</span><span class="p">:</span><span class="n">staff</span>         <span class="n">Refers</span> <span class="n">to</span> <span class="n">the</span> <span class="n">group</span> <span class="n">staff</span>
</pre></div>
</div>
<p>It is also possible to use unix groups with users authenticated through
a non-/etc/passwd backend. Note that using unix groups in this way
(without associated <code class="docutils literal notranslate"><span class="pre">/etc/passwd</span></code> entries) is not recommended.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Cyrus requires the getgrent(3) POSIX sysctl. As such, NSS needs to
be configured to have the groups available, one of which includes
“files”, but could also include “ldap”.</p>
<p>NSS augmentations, such as <code class="docutils literal notranslate"><span class="pre">nss_ldap</span></code>, <code class="docutils literal notranslate"><span class="pre">pam_ldap</span></code> or <code class="docutils literal notranslate"><span class="pre">sssd</span></code>
may be used to provide Cyrus access to group information via NSS.</p>
</div>
</div>
<div class="section" id="kerberos-authorization">
<h5>Kerberos Authorization<a class="headerlink" href="#kerberos-authorization" title="Permalink to this headline">¶</a></h5>
<p>Using the Kerberos authorization mechanism, ACIs are of the form:</p>
<blockquote>
<div><p><em>$principal</em>.*$instance*&#64;*$realm*</p>
</div></blockquote>
<p>If <code class="docutils literal notranslate"><span class="pre">$instance</span></code> is omitted, it defaults to the null string. If
<code class="docutils literal notranslate"><span class="pre">$realm</span></code> is omitted, it defaults to the local realm.</p>
<p>The file <code class="docutils literal notranslate"><span class="pre">/etc/krb.equiv</span></code> contains mappings between Kerberos
principals. The file contains zero or more lines, each containing two
fields. Any identity matching the first field of a line is changed to
the second identity during canonicalization. For example, a line in
<code class="docutils literal notranslate"><span class="pre">/etc/krb.equiv</span></code> of:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">bovik</span><span class="nd">@REMOTE</span><span class="o">.</span><span class="n">COM</span> <span class="n">bovik</span>
</pre></div>
</div>
<p>will cause the identity <code class="docutils literal notranslate"><span class="pre">bovik&#64;REMOTE.COM</span></code> to be treated as if it
were the local identity <code class="docutils literal notranslate"><span class="pre">bovik</span></code>.</p>
</div>
<div class="section" id="alternative-authorization">
<h5>Alternative Authorization<a class="headerlink" href="#alternative-authorization" title="Permalink to this headline">¶</a></h5>
<p>A site may wish to write their own authorization mechanism, perhaps to
implement a local group mechanism. If it does so (by implementing an
<code class="docutils literal notranslate"><span class="pre">auth_[whatever]</span></code> PTS module), it will dictate its own form and
meaning of identifiers.</p>
</div>
</div>
</div>
<div class="section" id="negative-rights">
<h3>Negative Rights<a class="headerlink" href="#negative-rights" title="Permalink to this headline">¶</a></h3>
<p>Any of the above defined identifiers may be prefixed with a <code class="docutils literal notranslate"><span class="pre">-</span></code>
character. The associated rights are then removed from that identifier.
These are referred to as <em>negative rights</em>.</p>
</div>
<div class="section" id="calculating-a-users-rights">
<h3>Calculating a Users’ Rights<a class="headerlink" href="#calculating-a-users-rights" title="Permalink to this headline">¶</a></h3>
<p>To calculate the set of rights granted to a user, the server first
calculates the union of all of the rights granted to the user and to
all groups the user is a member of. The server then calculates and
removes the union of all the negative rights granted to the user and to
all groups the user is a member of.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">anyone</span>       <span class="n">lrsp</span>
<span class="n">fred</span>         <span class="n">lwi</span>
<span class="o">-</span><span class="n">anonymous</span>   <span class="n">s</span>
</pre></div>
</div>
<p>The user <code class="docutils literal notranslate"><span class="pre">fred</span></code> will be granted the rights <code class="docutils literal notranslate"><span class="pre">lrswip</span></code> and the
anonymous user will be granted the rights <code class="docutils literal notranslate"><span class="pre">lrp</span></code>.</p>
</div>
</div>
<div class="section" id="login-authentication">
<span id="imap-concepts-login-authentication"></span><h2>Login Authentication<a class="headerlink" href="#login-authentication" title="Permalink to this headline">¶</a></h2>
<p>This section discusses different types of authentication (ways of logging in) that can be used with Cyrus IMAP.</p>
<p>The Cyrus IMAP server uses the Cyrus SASL library for authentication. This section describes how to configure SASL with use with Cyrus imapd. Please consult the <a class="reference external" href="https://www.cyrusimap.org/sasl/index.html#sasl-index" title="(in Cyrus SASL v2.1.28)"><span class="xref std std-ref">Cyrus SASL System Administrator’s Guide</span></a> for more detailed, up-to-date information.</p>
<div class="section" id="anonymous-login">
<h3>Anonymous Login<a class="headerlink" href="#anonymous-login" title="Permalink to this headline">¶</a></h3>
<p>Regardless of the SASL mechanism used by an individual connection, the
server may support anonymous login. If the <code class="docutils literal notranslate"><span class="pre">allowanonymouslogin</span></code>
option in <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> is turned on, then the server will
permit plaintext password logins using the user <code class="docutils literal notranslate"><span class="pre">anonymous</span></code> and any
password.</p>
<p>Additionally, the server will enable any SASL mechanisms that allow anonymous logins.</p>
</div>
<div class="section" id="plaintext-authentication">
<h3>Plaintext Authentication<a class="headerlink" href="#plaintext-authentication" title="Permalink to this headline">¶</a></h3>
<p>The SASL library has several ways of verifying plaintext passwords. Plaintext passwords are passed either by the IMAP <code class="docutils literal notranslate"><span class="pre">LOGIN</span></code> command or by the SASL <code class="docutils literal notranslate"><span class="pre">PLAIN</span></code> mechanism (under a TLS layer).</p>
<ul class="simple">
<li><p>PAM</p></li>
<li><p>Kerberos v4: Plaintext passwords are verified by obtaining a ticket for the server’s Kerberos identity, to protect against Kerberos server spoofing attacks.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">/etc/passwd</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">/etc/shadow</span></code>: <code class="docutils literal notranslate"><span class="pre">sasl_auto_transition</span></code> automatically creates secrets for shared secret authentication when given a password.</p></li>
</ul>
<p>The method of plaintext password verification is always through the SASL library, even in the case of the internal LOGIN command. This is to allow the SASL library to be the only source of authentication information. You’ll want to look at the <code class="docutils literal notranslate"><span class="pre">sasl_pwcheck_method</span></code> option in the SASL documentation to understand how to configure a plaintext password verifier for your system.</p>
<p>To disallow the use of plaintext passwords for authentication, you can set <code class="docutils literal notranslate"><span class="pre">allowplaintext:</span> <span class="pre">no</span></code> in imapd.conf. This will still allow PLAIN under TLS, but IMAP LOGIN commands will now fail.</p>
</div>
<div class="section" id="kerberos-logins">
<h3>Kerberos Logins<a class="headerlink" href="#kerberos-logins" title="Permalink to this headline">¶</a></h3>
<p>The Kerberos SASL mechanism supports the <code class="docutils literal notranslate"><span class="pre">KERBEROS_V4</span></code> authentication mechanism. The mechanism requires that a <code class="docutils literal notranslate"><span class="pre">srvtab</span></code> file exist in the location given in the <code class="docutils literal notranslate"><span class="pre">srvtab</span></code> configuration option. The <code class="docutils literal notranslate"><span class="pre">srvtab</span></code> file must be readable by the Cyrus server and must contain a <code class="docutils literal notranslate"><span class="pre">imap.$host&#64;$realm</span></code> service key, where <code class="docutils literal notranslate"><span class="pre">$host</span></code> is the first component of the server’s host name and <code class="docutils literal notranslate"><span class="pre">$realm</span></code> is the server’s Kerberos realm.</p>
<p>The server will permit logins by identities in the local realm and identities in the realms listed in the <code class="docutils literal notranslate"><span class="pre">loginrealms</span></code> option in <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
<p>The file <code class="docutils literal notranslate"><span class="pre">/etc/krb.equiv</span></code> contains mappings between Kerberos principals. The file contains zero or more lines, each containing two fields. Any identity matching the first field of a line is permitted to log in as the identity in the second field.</p>
<p>If the <code class="docutils literal notranslate"><span class="pre">loginuseacl</span></code> configuration option is turned on, than any Kerberos identity that is granted the <code class="docutils literal notranslate"><span class="pre">a</span></code> right on the user’s <code class="docutils literal notranslate"><span class="pre">INBOX</span></code> is permitted to log in as that user.</p>
</div>
<div class="section" id="shared-secrets-logins">
<h3>Shared Secrets Logins<a class="headerlink" href="#shared-secrets-logins" title="Permalink to this headline">¶</a></h3>
<p>Some mechanisms require the user and the server to share a secret (generally a password) that can be used for comparison without actually passing the password in the clear across the network. For these mechanism (such as CRAM-MD5 and DIGEST-MD5), you will need to supply a source of passwords, such as the sasldb (which is described more fully in the <a class="reference external" href="https://www.cyrusimap.org/sasl/index.html#sasl-index" title="(in Cyrus SASL v2.1.28)"><span class="xref std std-ref">Cyrus SASL distribution</span></a>)</p>
</div>
</div>
<div class="section" id="quotas">
<h2>Quotas<a class="headerlink" href="#quotas" title="Permalink to this headline">¶</a></h2>
<p>Quotas allow server administrators to limit resources used by hierarchies of mailboxes on the server.</p>
<div class="section" id="working-with-quotas">
<h3>Working with Quotas<a class="headerlink" href="#working-with-quotas" title="Permalink to this headline">¶</a></h3>
<p>Quotas are manipulated via these subcommands within the
<a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#std-cyrusman-cyradm-8">cyradm(8)</a> program:</p>
<blockquote>
<div><ul class="simple">
<li><p><a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#imap-reference-manpages-systemcommands-cyradm-setquota"><span class="std std-ref">setquota</span></a></p></li>
<li><p><a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#imap-reference-manpages-systemcommands-cyradm-listquota"><span class="std std-ref">listquota</span></a></p></li>
<li><p><a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#imap-reference-manpages-systemcommands-cyradm-listquotaroot"><span class="std std-ref">listquotaroot</span></a></p></li>
</ul>
</div></blockquote>
</div>
<div class="section" id="monitor-and-repair">
<h3>Monitor and Repair<a class="headerlink" href="#monitor-and-repair" title="Permalink to this headline">¶</a></h3>
<p>Quotas may be monitored and repaired via the <a class="reference internal" href="../reference/manpages/systemcommands/quota.html#std-cyrusman-quota-8">quota(8)</a>
command:</p>
<blockquote>
<div><ul class="simple">
<li><p><a class="reference internal" href="../reference/manpages/systemcommands/quota.html#imap-reference-manpages-systemcommands-quota"><span class="std std-ref">quota</span></a></p></li>
</ul>
</div></blockquote>
</div>
<div class="section" id="supported-quota-types">
<h3>Supported Quota Types<a class="headerlink" href="#supported-quota-types" title="Permalink to this headline">¶</a></h3>
<p>The Cyrus IMAP server supports quotas on Storage (KB), Messages (#),
Folders (#) and Annotation Storage (KB).  These types each have their
own identifier:</p>
<blockquote>
<div><ul class="simple">
<li><p>STORAGE</p></li>
<li><p>MESSAGE</p></li>
<li><p>X-NUM-FOLDERS</p></li>
<li><p>X-ANNOTATION-STORAGE</p></li>
</ul>
</div></blockquote>
<div class="section" id="storage-quotas">
<h4>Storage Quotas<a class="headerlink" href="#storage-quotas" title="Permalink to this headline">¶</a></h4>
<p>Storage quotas are defined as the number of kilobytes (KB) of the
relevant <span class="target" id="index-0"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc822.html"><strong>RFC 822</strong></a> messages located within a quota root. Each copy of
a message is counted independently, even when the server can conserve
disk space use by making hard links to message files. The additional
disk space overhead used by mailbox index and cache files is not
charged against a quota. On servers with <code class="docutils literal notranslate"><span class="pre">delete_mode:</span> <span class="pre">delayed</span></code>
and/or <code class="docutils literal notranslate"><span class="pre">expunge_mode:delayed</span></code> space used by deleted mailboxes or
expunged messages are not charged against quota.</p>
</div>
<div class="section" id="numeric-quotas">
<h4>Numeric Quotas<a class="headerlink" href="#numeric-quotas" title="Permalink to this headline">¶</a></h4>
<p>Numeric Quotas are quite simply a limit on the number of a particular
class of object.  Cyrus IMAP currently supports quotas on the number of
messages and/or folders below a given quota root.</p>
</div>
</div>
<div class="section" id="quota-roots">
<h3>Quota Roots<a class="headerlink" href="#quota-roots" title="Permalink to this headline">¶</a></h3>
<p>Quotas are applied to quota roots, which can be at any level of the mailbox hierarchy. Quota roots need not also be mailboxes.</p>
<p>Quotas on a quota root apply to the sum of the usage of any mailbox at that level and any sub-mailboxes of that level that are not underneath a quota root on a sub-hierarchy. This means that each mailbox is limited by at most one quota root.</p>
<p>For example, if the mailboxes</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">user</span><span class="o">/</span><span class="n">bovik</span>
<span class="n">user</span><span class="o">/</span><span class="n">bovik</span><span class="o">/</span><span class="nb">list</span><span class="o">/</span><span class="n">imap</span>
<span class="n">user</span><span class="o">/</span><span class="n">bovik</span><span class="o">/</span><span class="nb">list</span><span class="o">/</span><span class="n">info</span><span class="o">-</span><span class="n">cyrus</span>
<span class="n">user</span><span class="o">/</span><span class="n">bovik</span><span class="o">/</span><span class="n">saved</span>
<span class="n">user</span><span class="o">/</span><span class="n">bovik</span><span class="o">/</span><span class="n">todo</span>
</pre></div>
</div>
<p>exist and the quota roots</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">user</span><span class="o">/</span><span class="n">bovik</span>
<span class="n">user</span><span class="o">/</span><span class="n">bovik</span><span class="o">/</span><span class="nb">list</span>
<span class="n">user</span><span class="o">/</span><span class="n">bovik</span><span class="o">/</span><span class="n">saved</span>
</pre></div>
</div>
<p>exist, then the quota root <code class="docutils literal notranslate"><span class="pre">user/bovik</span></code> applies to the mailboxes <code class="docutils literal notranslate"><span class="pre">user/bovik</span></code> and <code class="docutils literal notranslate"><span class="pre">user/bovik/todo</span></code>; the quota root <code class="docutils literal notranslate"><span class="pre">user/bovik/list</span></code> applies to the mailboxes <code class="docutils literal notranslate"><span class="pre">user/bovik/list/imap</span></code> and <code class="docutils literal notranslate"><span class="pre">user/bovik/list/info-cyrus</span></code>; and the quota root <code class="docutils literal notranslate"><span class="pre">user/bovik/saved</span></code> applies to the mailbox <code class="docutils literal notranslate"><span class="pre">user/bovik/saved</span></code>.</p>
<p>Quota roots are created automatically when they are mentioned in the
<a class="reference internal" href="../reference/manpages/systemcommands/cyradm.html#imap-reference-manpages-systemcommands-cyradm-setquota"><span class="std std-ref">setquota</span></a> command. Quota
roots may not be deleted through the protocol, see Removing Quota Roots
for instructions on how to delete them.</p>
</div>
<div class="section" id="controlling-quota-behavior">
<h3>Controlling Quota Behavior<a class="headerlink" href="#controlling-quota-behavior" title="Permalink to this headline">¶</a></h3>
<p>How restrictive quotas will be may be tailored to the needs of different
sites, via the use of several settings in <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
<p>Please consult the <a class="reference internal" href="../reference/admin/quotas.html#imap-admin-quotas-config"><span class="std std-ref">Controlling Quota Behavior</span></a> section of the Cyrus
IMAP Administrator Guide for complete details.</p>
</div>
<div class="section" id="mail-delivery-behavior">
<h3>Mail Delivery Behavior<a class="headerlink" href="#mail-delivery-behavior" title="Permalink to this headline">¶</a></h3>
<div class="section" id="mailboxes-near-quota">
<h4>Mailboxes Near Quota<a class="headerlink" href="#mailboxes-near-quota" title="Permalink to this headline">¶</a></h4>
<p>Normally, in order for a message to be <em>appended</em> into a mailbox, the
quota root for the mailbox must have enough unused storage that
appending the message will not cause the quota to go over limit.</p>
<p>Mail delivery (posting) is a special case. In order for a message to be
delivered to a mailbox, the quota root for the mailbox merely need not
already be over the limit <em>in the default configuration</em>.</p>
<p>As long as usage is not over the limit, new messages may be delivered
regardless of size, unless <code class="docutils literal notranslate"><span class="pre">lmtp_strict_quota:</span> <span class="pre">on</span></code> is set in
<a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.  In that case, delivery of messages will be
rejected would such delivery exceed quota.</p>
<p>If a delivery puts the mailbox’s usage over the quota, the server will
issue an alert notifying the user that usage is close to or over the
limit, permitting them to correct it. If delivery were not permitted in
this case, the user would have no practical way of knowing that there
was mail that could not be delivered.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>While the Cyrus IMAP server may from time to time issue alerts,
there is great variability in how IMAP clients handle these.
Further, such alerts are only visible to users <em>while they are
connected</em>.</p>
<p>Therefore, many sites find it preferable to install cron jobs which
use the <a class="reference internal" href="../reference/manpages/systemcommands/quota.html#std-cyrusman-quota-8">quota(8)</a> command to produce periodic reports of
users at or near quota, so administrators may nag them or so that
warnings may be issued to users via some other mechanism.</p>
</div>
</div>
<div class="section" id="mailboxes-over-quota">
<h4>Mailboxes Over Quota<a class="headerlink" href="#mailboxes-over-quota" title="Permalink to this headline">¶</a></h4>
<p>If the usage is over the limit, mail delivery will fail with a temporary
error (LMTP error 452), unless <code class="docutils literal notranslate"><span class="pre">lmtp_over_quota_perm_failure:</span> <span class="pre">on</span></code>
is set in <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> in which case a permanent error
(LMTP error 552) will be returned.</p>
<p>A temporary error will <em>typically</em> cause the delivery system to requeue
the message and re-attempt delivery for a few days (permitting the user
time to notice and correct the problem) before returning the mail to
the sender.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Such requeuing behaviour is controlled by the MTA (i.e. Sendmail,
EXIM or Postfix) and as such is outside the purview of this
document.</p>
</div>
</div>
</div>
<div class="section" id="quota-warnings-upon-select-when-user-has-d-rights">
<h3>Quota Warnings Upon Select When User Has <code class="docutils literal notranslate"><span class="pre">d</span></code> Rights<a class="headerlink" href="#quota-warnings-upon-select-when-user-has-d-rights" title="Permalink to this headline">¶</a></h3>
<p>When a user selects a mailbox whose quota root has usage that is close to or over the limit and the user has <code class="docutils literal notranslate"><span class="pre">d</span></code> rights on the mailbox, the server will issue an alert notifying the user that usage is close to or over the limit. The threshold of usage at which the server will issue quota warnings is set by the <code class="docutils literal notranslate"><span class="pre">quotawarn</span></code> configuration option.</p>
<p>The server only issues warnings when the user has <code class="docutils literal notranslate"><span class="pre">d</span></code> rights because only users with <code class="docutils literal notranslate"><span class="pre">d</span></code> rights are capable of correcting the problem.</p>
</div>
<div class="section" id="quotas-and-partitions">
<h3>Quotas and Partitions<a class="headerlink" href="#quotas-and-partitions" title="Permalink to this headline">¶</a></h3>
<p>Quota roots are independent of partitions. A single quota root can apply to mailboxes in different partitions.</p>
</div>
</div>
<div class="section" id="new-mail-notification">
<h2>New Mail Notification<a class="headerlink" href="#new-mail-notification" title="Permalink to this headline">¶</a></h2>
<p>The Cyrus IMAP server comes with a notification daemon which supports
multiple mechanisms for notifying users of new mail. Notifications can
be configured to be sent upon normal delivery (<code class="docutils literal notranslate"><span class="pre">MAIL</span></code> class) and/or
sent as requested by a Sieve script (<code class="docutils literal notranslate"><span class="pre">SIEVE</span></code> class).</p>
<p>By default, both types of notifications are disabled. Notifications are
enabled by using one or both of the following configuration options:</p>
<ul class="simple">
<li><p>the <code class="docutils literal notranslate"><span class="pre">mailnotifier</span></code> option selects the <a class="reference internal" href="../reference/manpages/systemcommands/notifyd.html#std-cyrusman-notifyd-8">notifyd(8)</a> method
to use for <code class="docutils literal notranslate"><span class="pre">MAIL</span></code> class notifications</p></li>
<li><p>the <code class="docutils literal notranslate"><span class="pre">sievenotifier</span></code> option selects the <a class="reference internal" href="../reference/manpages/systemcommands/notifyd.html#std-cyrusman-notifyd-8">notifyd(8)</a>
method to use for <code class="docutils literal notranslate"><span class="pre">SIEVE</span></code> class notifications (when no method is
specified by the Sieve action)</p></li>
</ul>
</div>
<div class="section" id="partitions">
<h2>Partitions<a class="headerlink" href="#partitions" title="Permalink to this headline">¶</a></h2>
<p>Partitions allow administrators to store different mailboxes in different parts of the Unix filesystem.  This is intended to be used to allow hierarchies of mailboxes to be spread across multiple disks.</p>
<div class="section" id="specifying-partitions-with-create">
<h3>Specifying Partitions with “create”<a class="headerlink" href="#specifying-partitions-with-create" title="Permalink to this headline">¶</a></h3>
<p>When an administrator creates a new mailbox, the name of the partition for the mailbox may be specified using an optional second argument to the “create” command.  Non-administrators are not permitted to specify the partition of a mailbox.  If the partition is not specified, then the mailbox inherits the partition of its most immediate parent mailbox.  If the mailbox has no parent, it gets the partition specified in the “defaultpartition” configuration option.</p>
<p>The optional second argument to the “create” command can usually be given only when using a specialized Cyrus-aware administrative client such as <code class="docutils literal notranslate"><span class="pre">cyradm</span></code>.</p>
</div>
<div class="section" id="changing-partitions-with-rename">
<h3>Changing Partitions with “rename”<a class="headerlink" href="#changing-partitions-with-rename" title="Permalink to this headline">¶</a></h3>
<p>An administrator may change the partition of a mailbox by using the
rename command with an optional third argument.  When a third argument
to rename is given, the first and second arguments can be the
same; this changes the partition of a mailbox without changing its
name.  If a third argument to rename is not given and the first
argument is not <code class="docutils literal notranslate"><span class="pre">INBOX</span></code>, the partition of a mailbox does not change.
If a third argument to rename is not given and the first argument is
<code class="docutils literal notranslate"><span class="pre">INBOX</span></code>, the newly created mailbox gets the same partition it would
get from the <code class="docutils literal notranslate"><span class="pre">create</span></code> command.</p>
</div>
</div>
<div class="section" id="news">
<h2>News<a class="headerlink" href="#news" title="Permalink to this headline">¶</a></h2>
<p>Cyrus has the ability to export Usenet via IMAP and/or export shared
IMAP mailboxes via an NNTP server which is included with Cyrus.</p>
</div>
<div class="section" id="pop3-server">
<h2>POP3 Server<a class="headerlink" href="#pop3-server" title="Permalink to this headline">¶</a></h2>
<p>The Cyrus IMAP server software comes with a compatibility POP3 server.
Due to limitations in the POP3 protocol, the server can only access a
user’s <code class="docutils literal notranslate"><span class="pre">INBOX</span></code> and only one instance of a POP3 server may exist for any
one user at any time.  While a POP3 server has a user’s <code class="docutils literal notranslate"><span class="pre">INBOX</span></code> open,
expunge operations from any concurrent IMAP session will fail.</p>
<p>When Kerberos login authentication is being used, the POP3 server
uses the server identity
<code class="docutils literal notranslate"><span class="pre">pop.host&#64;realm</span></code> instead of
<code class="docutils literal notranslate"><span class="pre">imap.host&#64;realm</span></code>, where
<code class="docutils literal notranslate"><span class="pre">host</span></code> is the first component of the server’s host
name and <code class="docutils literal notranslate"><span class="pre">realm</span></code> is the server’s Kerberos realm.
When the POP3 server is invoked with the <code class="docutils literal notranslate"><span class="pre">-k</span></code> switch, the
server exports MIT’s KPOP protocol instead of generic POP3.</p>
</div>
<div class="section" id="the-syslog-facility">
<h2>The syslog facility<a class="headerlink" href="#the-syslog-facility" title="Permalink to this headline">¶</a></h2>
<p>The Cyrus IMAP server software sends log messages to the <code class="docutils literal notranslate"><span class="pre">local6</span></code>
syslog facility.  The severity levels used are:</p>
<ul class="simple">
<li><p><strong>CRIT</strong> - Critical errors which probably require prompt administrator action</p></li>
<li><p><strong>ERR</strong> - I/O errors, including failure to update quota usage. The syslog message includes the specific file and Unix error.</p></li>
<li><p><strong>WARNING</strong> - Protection mechanism failures, client inactivity timeouts</p></li>
<li><p><strong>NOTICE</strong> - Authentications, both successful and unsuccessful</p></li>
<li><p><strong>INFO</strong> - Mailbox openings, duplicate delivery suppression</p></li>
</ul>
</div>
<div class="section" id="mail-directory-recovery">
<h2>Mail Directory Recovery<a class="headerlink" href="#mail-directory-recovery" title="Permalink to this headline">¶</a></h2>
<p>This section describes the various databases used by the Cyrus IMAP
server software and what can be done to recover from various
inconsistencies in these databases.</p>
<div class="section" id="reconstructing-mailbox-directories">
<h3>Reconstructing Mailbox Directories<a class="headerlink" href="#reconstructing-mailbox-directories" title="Permalink to this headline">¶</a></h3>
<p>The largest database is the mailbox directories.  Each
mailbox directory contains the following files:</p>
<dl>
<dt>message files</dt><dd><p>There is one file per message, containing the message in <span class="target" id="index-1"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc822.html"><strong>RFC 822</strong></a> format.  Lines in the message are separated by CRLF, not just LF.  The file name of each message is the message’s UID followed by a dot (.).</p>
<p>In netnews newsgroups, the message files instead follow the format and naming conventions imposed by the netnews software.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">cyrus.header</span></code></dt><dd><p>This file contains a magic number and variable-length information about the mailbox itself.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">cyrus.index</span></code></dt><dd><p>This file contains fixed-length information about the mailbox itself and each message in the mailbox.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">cyrus.cache</span></code></dt><dd><p>This file contains variable-length information about each message in the mailbox.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">cyrus.seen</span></code></dt><dd><p>This file contains variable-length state information about each reader of the mailbox who has <code class="docutils literal notranslate"><span class="pre">s</span></code> permissions.</p>
</dd>
</dl>
<p>The <code class="docutils literal notranslate"><span class="pre">reconstruct</span></code> program can be used to recover from
corruption in mailbox directories.  If <code class="docutils literal notranslate"><span class="pre">reconstruct</span></code> can find
existing header and index files, it attempts to preserve any data in
them that is not derivable from the message files themselves.  The
state <code class="docutils literal notranslate"><span class="pre">reconstruct</span></code> attempts to preserve includes the flag
names, flag state, and internal date.  <code class="docutils literal notranslate"><span class="pre">Reconstruct</span></code>
derives all other information from the message files.</p>
<p>An administrator may recover from a damaged disk by restoring message
files from a backup and then running reconstruct to regenerate what it
can of the other files.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">reconstruct</span></code> program does not adjust the quota usage
recorded in any quota root files.  After running reconstruct, it is
advisable to run <code class="docutils literal notranslate"><span class="pre">quota</span> <span class="pre">-f</span></code> (described below) in order to fix
the quota root files.</p>
</div>
<div class="section" id="reconstructing-the-mailboxes-file">
<h3>Reconstructing the Mailboxes File<a class="headerlink" href="#reconstructing-the-mailboxes-file" title="Permalink to this headline">¶</a></h3>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>CURRENTLY UNAVAILABLE</p>
</div>
<p>The mailboxes file in the configuration directory is the most critical
file in the entire Cyrus IMAP system.  It contains a sorted list of
each mailbox on the server, along with the mailboxes quota root and
ACL.</p>
<p>To reconstruct a corrupted mailboxes file, run the <code class="docutils literal notranslate"><span class="pre">reconstruct</span>
<span class="pre">-m</span></code> command.  The <code class="docutils literal notranslate"><span class="pre">reconstruct</span></code> program, when invoked
with the <code class="docutils literal notranslate"><span class="pre">-m</span></code> switch, scavenges and corrects whatever data it
can find in the existing mailboxes file.  It then scans all partitions
listed in the imapd.conf file for additional mailbox directories to
put in the mailboxes file.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">cyrus.header</span></code> file in each mailbox directory stores a
redundant copy of the mailbox ACL, to be used as a backup when
rebuilding the mailboxes file.</p>
</div>
<div class="section" id="reconstructing-quota-roots">
<h3>Reconstructing Quota Roots<a class="headerlink" href="#reconstructing-quota-roots" title="Permalink to this headline">¶</a></h3>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The following instructions are valid where <code class="docutils literal notranslate"><span class="pre">quota_db:</span> <span class="pre">quotalegacy</span></code>
is set in <a class="reference internal" href="../reference/manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.  If your site uses a different
quota DB type, then these steps do not apply.</p>
</div>
<p>The subdirectory <code class="docutils literal notranslate"><span class="pre">quota</span></code> of the configuration directory (specified in
the <code class="docutils literal notranslate"><span class="pre">configdirectory</span></code> configuration option) contains one file per
quota root, with the file name being the name of the quota root.  These
files store the quota usage and limits of each of the quota roots.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">quota</span></code> program, when invoked with the <code class="docutils literal notranslate"><span class="pre">-f</span></code>
switch, recalculates the quota root of each mailbox and the quota
usage of each quota root.</p>
</div>
<div class="section" id="removing-quota-roots">
<h3>Removing Quota Roots<a class="headerlink" href="#removing-quota-roots" title="Permalink to this headline">¶</a></h3>
<p>To remove a quota root, remove the quota root’s file.  Then run
<code class="docutils literal notranslate"><span class="pre">quota</span> <span class="pre">-f</span></code> to make the quota files consistent again.</p>
</div>
<div class="section" id="subscriptions">
<h3>Subscriptions<a class="headerlink" href="#subscriptions" title="Permalink to this headline">¶</a></h3>
<p>The subdirectory <code class="docutils literal notranslate"><span class="pre">user</span></code> of the configuration directory contains user
subscriptions.  There is one file per user, with a filename of the
userid followed by <code class="docutils literal notranslate"><span class="pre">.sub</span></code>.  Each file contains a sorted list of
subscribed mailboxes.</p>
<p>There is no program to recover from damaged subscription files.  A
site may recover from lost subscription files by restoring from backups.</p>
</div>
</div>
<div class="section" id="configuration-directory">
<h2>Configuration Directory<a class="headerlink" href="#configuration-directory" title="Permalink to this headline">¶</a></h2>
<p>Many objects in the configuration directory are discussed in
the Database Recovery section. This section documents two
other directories that reside in the configuration directory.</p>
<div class="section" id="log-directory">
<h3>Log Directory<a class="headerlink" href="#log-directory" title="Permalink to this headline">¶</a></h3>
<p>The subdirectory <code class="docutils literal notranslate"><span class="pre">log</span></code> under the configuration directory permits
administrators to keep protocol telemetry logs on a per-user basis.</p>
<p>If a subdirectory of <code class="docutils literal notranslate"><span class="pre">log</span></code> exists with the same name as a user, the
IMAP and POP3 servers will keep a telemetry log of protocol sessions
authenticating as that user.  The telemetry log is stored in the
subdirectory with a filename of the server process-id and starts with
the first command following authentication.</p>
</div>
<div class="section" id="proc-directory">
<h3>Proc Directory<a class="headerlink" href="#proc-directory" title="Permalink to this headline">¶</a></h3>
<p>The subdirectory <code class="docutils literal notranslate"><span class="pre">proc</span></code> under the configuration directory
contains one file per active server process.  The file name is the ASCII
representation of the process id and the file contains the following
tab-separated fields:</p>
<ul class="simple">
<li><p>hostname of the client</p></li>
<li><p>login name of the user, if logged in</p></li>
<li><p>selected mailbox, if a mailbox is selected</p></li>
</ul>
<p>The file may contain arbitrary characters after the first newline
character.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">proc</span></code> subdirectory is normally be cleaned out on
server reboot.</p>
</div>
</div>
<div class="section" id="message-delivery">
<h2>Message Delivery<a class="headerlink" href="#message-delivery" title="Permalink to this headline">¶</a></h2>
<p>Mail transport agents such as Sendmail, Postfix, or Exim communicate
with the Cyrus server via LMTP (the Local Mail Transport Protocol)
implemented by the LMTP daemon.  This can be done either directly by the
MTA (prefered, for performance reasons) or via the <code class="docutils literal notranslate"><span class="pre">deliver</span></code> LMTP
client.</p>
<div class="section" id="local-mail-transfer-protocol-lmtp">
<h3>Local Mail Transfer Protocol (lmtp)<a class="headerlink" href="#local-mail-transfer-protocol-lmtp" title="Permalink to this headline">¶</a></h3>
<p>LMTP, the Local Mail Transfer Protocol, is a variant of SMTP design for
transferring mail to the final message store.  LMTP allows MTAs to deliver
“local” mail over a network.  This is an easy optimization so that the
IMAP server doesn’t need to maintain a queue of messages or run an
MTA.</p>
<p>The Cyrus server implements LMTP via the <code class="docutils literal notranslate"><span class="pre">lmtpd</span></code> daemon.  LMTP
can either be used over a network via TCP or local via a UNIX domain
socket. There are security differences between these two alternatives; read
more below.</p>
<p>For final delivery via LMTP over a TCP socket, it is necessary to use
LMTP AUTH.  This is accomplished using SASL to authenticate the delivering
user.  If your mail server is performing delivery via LMTP AUTH (that is,
using a SASL mechanism), you will want their authentication id to be an
LMTP admins (either via the <code class="docutils literal notranslate"><span class="pre">admins</span></code> imapd.conf option or via the
<code class="docutils literal notranslate"><span class="pre">&lt;service&gt;_admins</span></code> option, typically <code class="docutils literal notranslate"><span class="pre">lmtp_admins</span></code>).</p>
<p>Alternatively you may deliver via LMTP to a unix domain socket, and the
connection will be preauthenticated as an administrative user (and access
control is accomplished by controlling access to the socket).</p>
<p>Note that if a user has a sieve script, the sieve script runs authorized
as <em>that</em> user, and the rights of the posting user are ignored for the purposes
of determining the outcome of the sieve script.</p>
</div>
<div class="section" id="single-instance-store">
<h3>Single Instance Store<a class="headerlink" href="#single-instance-store" title="Permalink to this headline">¶</a></h3>
<p>If a delivery attempt mentions several recipients (only possible if
the MTA is speaking LMTP to <code class="docutils literal notranslate"><span class="pre">lmtpd</span></code>), the server attempts to
store as few copies of a message as possible.  It will store one copy
of the message per partition, and create hard links for all other
recipients of the message.</p>
<p>Single instance store can be turned off by using the
“singleinstancestore” flag in the configuration file.</p>
</div>
<div class="section" id="duplicate-delivery-suppression">
<h3>Duplicate Delivery Suppression<a class="headerlink" href="#duplicate-delivery-suppression" title="Permalink to this headline">¶</a></h3>
<p>A message is considered a duplicate if two copies of a message with
the same message-id and the same envelope recipient are received.
Cyrus uses the duplicate delivery database to hold this information,
and it looks approximately 3 days back in the default install.</p>
<p>Duplicate delivery suppression can be turned off by using the
“duplicatesuppression” flag in the configuration file.</p>
</div>
</div>
<div class="section" id="sieve-a-mail-filtering-language">
<h2>Sieve, a Mail Filtering Language<a class="headerlink" href="#sieve-a-mail-filtering-language" title="Permalink to this headline">¶</a></h2>
<p>Sieve is a mail filtering language that can filter mail into an appropriate
IMAP mailbox as it is delivered via lmtp.</p>
</div>
<div class="section" id="cyrus-murder-the-imap-aggregator">
<h2>Cyrus Murder, the IMAP Aggregator<a class="headerlink" href="#cyrus-murder-the-imap-aggregator" title="Permalink to this headline">¶</a></h2>
<p>Cyrus now supports the distribution of mailboxes across a number of IMAP
servers to allow for horizontal scalability.</p>
</div>
</div>


          </div>
          <footer>
  
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
      
        <a href="../../setup.html" class="btn btn-neutral float-right" title="Setup" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
      
      
        <a href="features/server-aggregation.html" class="btn btn-neutral" title="Cyrus IMAP Murder (Server Aggregation)" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
      
    </div>
  

  <hr/>

  <div role="contentinfo">
    <p>
        &copy; Copyright 1993–2023, The Cyrus Team. Last updated on May 11 2017
    </p>
  </div>
  Built with <a href="http://sphinx-doc.org/">Sphinx</a> 3.4.3 using a modified <a href="https://readthedocs.org">Read the Docs</a> <a href="https://github.com/snide/sphinx_rtd_theme">theme</a>.

</footer>
        </div>
      </div>

    </section>

  </div>
  


  

    <script type="text/javascript">
        var DOCUMENTATION_OPTIONS = {
            URL_ROOT:'../../',
            VERSION:'3.6.1',
            COLLAPSE_INDEX:false,
            FILE_SUFFIX:'.html',
            HAS_SOURCE:  true
        };
    </script>
      <script type="text/javascript" src="../../_static/jquery.js"></script>
      <script type="text/javascript" src="../../_static/underscore.js"></script>
      <script type="text/javascript" src="../../_static/doctools.js"></script>
      <script type="text/javascript" src="https://cdn.mathjax.org/mathjax/latest/MathJax.js"></script>

  

  
  
    <script type="text/javascript" src="../../_static/js/theme.js"></script>
  

  
  
  <script type="text/javascript">
<!--      jQuery(function () {
          SphinxRtdTheme.StickyNav.enable();
      }); -->
  </script>
  
 



</body>
</html>