This file is indexed.

/etc/courier/courierd is in courier-mta 0.66.1-1ubuntu4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
##VERSION: $Id: courierd.dist.in 64 2011-04-11 11:01:33Z mrsam $
#
# courierd created from courierd.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
#  Copyright 1998 - 2010 Double Precision, Inc.  See COPYING for
#  distribution information.
#
#  This configuration file sets various global options for Courier.
#  The contents of this file is turned into courierd's environment by
#  the courierctl.start script.

##NAME: prefixes:0
#

prefix="/usr"
exec_prefix="/usr"

##NAME: SYSLOCALE:0
#
# Define the default system locale.
#
# Put whatever's needed here to load the default system locale into a completely
# empty environment.
#
# Example (for Fedora/CentOs):
#
#   . /etc/sysconfig/i18n
#
# Alternatively, manually set the necessary environment variable directly:
#
#   LANG=en_US.utf-8
#

. /etc/environment

##NAME: PATH:0
#
#
#  Specify the default PATH that everything inherits -- including commands
#  executed from individual .courier files

PATH=/usr/bin:/bin:/usr/bin:/usr/local/bin

##NAME: SHELL:0
#
#  The default shell

SHELL=/bin/bash

##NAME: DSNNOTIFY:0
#
#  If you would like to suppress all bounces for mail forwarded via an
#  individual .courier file, uncomment the following:
#
# DSNNOTIFY=N

##NAME: DSNTOAUTHADDR:0
#
#  If DSNTOAUTHADDR=1 and the ESMTP client authenticates, bounces will be
#  sent to the authenticated address, and not the return address the sender
#  provided.  This will work only if:
#
#  * The authenticated address is a full <user@domain> address.
#
#  * The authenticated address does not contain 8bit chars!
#
#  Enabling the DSNTOAUTHADDR=1 setting helps prevent abusive backscatter
#  originating from local users.  Turn it off if you want to.

DSNTOAUTHADDR=0

##NAME: DYNAMICDELIVERIES:0
#
#  If you would like to disable the ability to generate dynamic delivery
#  instructions, set the following variable to 0.  See dot-courier(5)
#  for more information.

DYNAMICDELIVERIES=1

########################################################################
#
##NAME: DEFAULTDELIVERY:0
#
#  Specify default delivery instructions by setting DEFAULTDELIVERY
#  One of the following definitions of DEFAULTDELIVERY should be
#  uncommented.
#
#  Default deliveries to $HOME/Maildir
#
#  DEFAULTDELIVERY=./Maildir
#
#  Alternatively, use procmail to deliver mail to local mailboxes.
#
#  DEFAULTDELIVERY="| /usr/bin/preline /usr/bin/procmail"
#
#  Here's how to have maildrop handle local deliveries.
#
#  DEFAULTDELIVERY="| /usr/bin/maildrop"
#
#  If you want to automatically enable .forward support globally,
#  use something like this:
#
#  DEFAULTDELIVERY="|| dotforward
#  ./Maildir"
#
#  Yes, it's two lines long, with an embedded newline.  Of course, you can use
#  any default local mail delivery instruction in place of ./Maildir.

DEFAULTDELIVERY=./Maildir

##NAME: MAILDROPDEFAULT:0
#
#  The following setting initializes the DEFAULT variable in maildrop,
#  the location of the default mailbox.  You should not change this setting
#  unless you REALLY know what you're doing.

MAILDROPDEFAULT=./Maildir

##NAME: ESMTP_CORK:0
#
#  ESMTP_CORK=1 is an extension used with Linux kernel >2.2 that avoids sending
#  partial frames when sending a message via ESMTP.  Set ESMTP_CORK to 0 to
#  disable it (diagnostic option).  In certain situations this option has no
#  effect.  For example, when using SSL the entire channel has an encryption
#  layer around, so courieresmtp is actually talking to a pipe.

ESMTP_CORK=1

##NAME: ESMTP_BLOCKBACKSCATTER:0
#
# Default setting of ESMTP_BLOCKBACKSCATTER drops backscatter bounces.
#
# "Backscatter" is generally defined as a non-delivery notice sent to a
# forged return address.  Since we all know that anyone can use any return
# address on unauthenticated SMTP mail, any bounce message may potentially
# go to a victim of E-mail forgery.
#
# Courier is very good at refusing unwanted mail, and should rarely
# bounce a message after accepting it.  Still, sometimes this can happen,
# usually due to a rejection by a local mail filter.
#
# This is the default setting:
#
# ESMTP_BLOCKBACKSCATTER=smtp/dsn
#
# This setting silently discards a message when all of the following
# conditions are true.
#
# 1) The message is sent via SMTP
# 2) The message is a delivery status notification
# 3) The delivery status notification was in response to a message received
#    via SMTP.
# 4) The original message did not originate from a sender with relaying
#    privileges (not a trusted IP address, no SMTP authentication took place).
#
#
# The following setting does the same thing, except that backscatter from
# senders with relaying privileges is also discarded.
#
# ESMTP_BLOCKBACKSCATTER=smtp/dsn,authsmtp/dsn
#
# To turn off backscatter suppression completely, remove this setting
# altogether.
#
# Do not set this variable to anything else.
#
# Important: if you've configured Courier to enforce mailbox quotas, and
# mailbox overquota is a hard bounce, messages sent to overquota mailboxes
# will be lost!  (This will be fixed, stay tuned).

ESMTP_BLOCKBACKSCATTER=smtp/dsn

##NAME: SOURCE_ADDRESS:0
#
#  Specify the source IP address to be used when making ESMTP connections
#  outbound to deliver mail. If this value is not specified or "0", the
#  kernel will assign the source IP address.
#
#  SOURCE_ADDRESS=127.0.0.1
#  SOURCE_ADDRESS_IPV6=fe80::230:48ff:fec4:429c
#
# SOURCE_ADDRESS specifies the source IP address for IPv4 destinations,
# SOURCE_ADDRESS_IPv6 specifies the source IP address for IPv6 destinations.

##NAME: UUXFLAGS:0
#
#  Specify additional flags to uux.  Allowed flags are -g [grade], -j, and
#  -r ONLY.  This environment variable is parsed in a rather simplistic
#  fashion -- it is broken up into space-separate words, and each one is
#  passed to uux together with the mandatory uux flags (namely -p).

UUXFLAGS="-j -g C"

##NAME: ARCHIVEDIR:0
#
#  This is the big-brother option that saves a copy of EACH and EVERY
#  message passing through the system.  Uncomment ARCHIVEDIR, and after
#  a message is delivered, its queue and data file is moved to ARCHIVEDIR
#  instead of being deleted.  You must create the ARCHIVEDIR directory
#  yourself, and it must be owned by the "daemon" userid.
#
#  Also, ARCHIVEDIR *MUST* be on the same partition/volume as Courier's
#  mail queue directory.
#
#  All messages will be saved into a flat directory, with one subdirectory
#  created each calendar day.  Therefore, you will need to make sure that
#  your filesystem can handle it.  Each message consists of two files,
#  the control file, and the message data file.  The Linux ext2 filesystem,
#  for example, will start to have problems once there are more than
#  32,000 files in the same directory, so if your system carries a higher
#  daily volume, you'll need to purge out the archive subdirectory several
#  times a day.
#
#  If you fill up an archive directory, mail will continue to move, but
#  not archived.  Caveat emptor.
#
#  ARCHIVEDIR="/usr/lib/courier/bigbrother"

##NAME: ESMTP_USE_STARTTLS:0
#
# The following variables specify whether or not the ESMTP *client* will use
# SSL when talking to a remote ESMTP server that supports SSL.

ESMTP_USE_STARTTLS=1

##NAME: COURIERTLS:0
#
# For SSL to work, OpenSSL must be available when Courier is compiled, and
# couriertls must be installed here:
#
# If couriertls is not installed, ESMTP_USE_TLS is quietly ignored.

COURIERTLS=/usr/bin/couriertls

##NAME: ESMTP_TLS_VERIFY_DOMAIN:0
#
# The following variables specify SSL/TLS properties for the ESMTP SSL client.
#
# Set ESMTP_TLS_VERIFY_DOMAIN to 1 if we must verify the domain in the remote
# server's certificate.  For this to actually work as intended, you must
# install root authority certificates in the locations specified by CERTINFO
# setting, and set TLS_VERIFYPEER to PEER.  Otherwise, this is meaningless.
#
# This setting must be set to 1 when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.

ESMTP_TLS_VERIFY_DOMAIN=0

##NAME: TLS_PROTOCOL:0
# 
# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# OpenSSL:
#
# SSL3 - SSLv3
# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems)
# TLS1 - TLS1
#
# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST
# setting, below.
#
# GnuTLS:
#
# SSL3   - SSLv3
# TLS1   - TLS 1.0
# TLS1_1 - TLS 1.1
#
# When compiled against GnuTLS, multiple protocols can be selected as follows:
#
# TLS_PROTOCOL="TLS1_1:TLS1:SSL3"
#
# DEFAULT VALUES:
#
# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS)

##NAME: TLS_CIPHER_LIST:0
#
# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
# OpenSSL:
#
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
#
# GnuTLS:
#
# TLS_CIPHER_LIST="HIGH:MEDIUM"
#
# The actual list of available ciphers depend on the options GnuTLS was
# compiled against. The possible ciphers are:
#
# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
#
# Also, the following aliases:
#
# HIGH -- all ciphers that use more than a 128 bit key size
# MEDIUM -- all ciphers that use a 128 bit key size
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
#        is not included
# ALL -- all ciphers except the NULL cipher

##NAME: TLS_MIN_DH_BITS:0
#
# TLS_MIN_DH_BITS=n
#
# GnuTLS only:
#
# Set the minimum number of acceptable bits for a DH key exchange.
#
# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
# have been encountered that offer 512 bit keys. You may have to set
# TLS_MIN_DH_BITS=512 here, if necessary.

##NAME: TLS_KX_LIST:0
#
# GnuTLS only:
#
# Allowed key exchange protocols. The default of "ALL" should be sufficient.
# The list of supported key exchange protocols depends on the options GnuTLS
# was compiled against, but may include the following:
#
# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT

TLS_KX_LIST=ALL

##NAME: TLS_COMPRESSION:0
#
# GnuTLS only:
#
# Optional compression. "ALL" selects all available compression methods.
#
# Available compression methods: DEFLATE, LZO, NULL

TLS_COMPRESSION=ALL

##NAME: TLS_CERTS:0
#
# GnuTLS only:
#
# Supported certificate types are X509 and OPENPGP.
#
# OPENPGP has not been tested

TLS_CERTS=X509

##NAME: TLS_TIMEOUT:0
# TLS_TIMEOUT is currently not implemented, and reserved for future use.
# This is supposed to be an inactivity timeout, but its not yet implemented.
#

##NAME: TLS_DHCERTFILE:0
#
# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate.
# Use this setting instead of TLS_CERTFILE when using a DH client certificate
# instead of an RSA client certificate.
#
# This setting must be set when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.
#
# TLS_DHCERTFILE=

##NAME: TLS_CERTFILE:0
#
# TLS_CERTFILE - client SSL certificate
#
# This setting must be set when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.
#
# TLS_CERTFILE=


##NAME: TLS_TRUSTCERTS:1
#
# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
# Use this setting to define SSL certificate authorities
#
# This setting must be set when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.

TLS_TRUSTCERTS=/etc/ssl/certs

##NAME: TLS_TRUSTSECURITYCERTS:0
#
# TLS_TRUSTSECURITYCERTS=pathname - same as TLS_TRUSTCERTS, except that
# these certs are used when the Courier-specific SECURITY extension is
# specified for a given message. ESMTP_USE_STARTTLS must be set to 1,
# above, and this option implies ESMTP_TLS_VERIFY_DOMAIN.
#
# This setting, of course, can be same as TLS_TRUSTCERTS, however it is
# often desirable to use a separate, private, root CA cert in order to
# create private, organization-internal, secure mail delivery channel
# over an untrusted network, that's validated by X.509 certs signed
# by a private root CA.
#
# !!!NOTE!!! this is an experimental, not heavily tested, extension
#
# TLS_TRUSTSECURITYCERTS=

##NAME: TLS_VERIFYPEER:1
#
# TLS_VERIFYPEER - how to verify server certificates.  Possible settings:
#
# NONE - do not verify anything
#
# PEER - verify the client certificate, if one's presented
#
# REQUIREPEER - require a client certificate, fail if one's not presented
#
# Most SMTP server certificates on the Internet are self signed, so this
# setting should be left at its default value of "NONE".
#
# This setting must be set to "PEER" when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.

TLS_VERIFYPEER=NONE