This file is indexed.

/etc/courier/courierd is in courier-mta 0.68.2-1ubuntu7.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
##VERSION: $Id: courierd.dist.in 197 2012-04-22 14:11:29Z mrsam $
#
# courierd created from courierd.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
#  Copyright 1998 - 2011 Double Precision, Inc.  See COPYING for
#  distribution information.
#
#  This configuration file sets various global options for Courier.
#  The contents of this file is turned into courierd's environment by
#  the courierctl.start script.

##NAME: prefixes:0
#

prefix="/usr"
exec_prefix="/usr"

##NAME: SYSLOCALE:0
#
# Define the default system locale.
#
# Put whatever's needed here to load the default system locale into a completely
# empty environment.
#
# Example (for Fedora/CentOs):
#
#   . /etc/sysconfig/i18n
#
# Alternatively, manually set the necessary environment variable directly:
#
#   LANG=en_US.utf-8
#

. /etc/environment

##NAME: PATH:0
#
#
#  Specify the default PATH that everything inherits -- including commands
#  executed from individual .courier files

PATH=/usr/bin:/bin:/usr/bin:/usr/local/bin

##NAME: SHELL:0
#
#  The default shell

SHELL=/bin/bash

##NAME: DSNNOTIFY:0
#
#  If you would like to suppress all bounces for mail forwarded via an
#  individual .courier file, uncomment the following:
#
# DSNNOTIFY=N

##NAME: DSNTOAUTHADDR:0
#
#  If DSNTOAUTHADDR=1 and the ESMTP client authenticates, bounces will be
#  sent to the authenticated address, and not the return address the sender
#  provided.  This will work only if:
#
#  * The authenticated address is a full <user@domain> address.
#
#  * The authenticated address does not contain 8bit chars!
#
#  Enabling the DSNTOAUTHADDR=1 setting helps prevent abusive backscatter
#  originating from local users.  Turn it off if you want to.

DSNTOAUTHADDR=0

##NAME: DYNAMICDELIVERIES:0
#
#  If you would like to disable the ability to generate dynamic delivery
#  instructions, set the following variable to 0.  See dot-courier(5)
#  for more information.

DYNAMICDELIVERIES=1

########################################################################
#
##NAME: DEFAULTDELIVERY:0
#
#  Specify default delivery instructions by setting DEFAULTDELIVERY
#  One of the following definitions of DEFAULTDELIVERY should be
#  uncommented.
#
#  Default deliveries to $HOME/Maildir
#
#  DEFAULTDELIVERY=./Maildir
#
#  Alternatively, use procmail to deliver mail to local mailboxes.
#
#  DEFAULTDELIVERY="| /usr/bin/preline /usr/bin/procmail"
#
#  Here's how to have maildrop handle local deliveries.
#
#  DEFAULTDELIVERY="| /usr/bin/maildrop"
#
#  If you want to automatically enable .forward support globally,
#  use something like this:
#
#  DEFAULTDELIVERY="|| dotforward
#  ./Maildir"
#
#  Yes, it's two lines long, with an embedded newline.  Of course, you can use
#  any default local mail delivery instruction in place of ./Maildir.

DEFAULTDELIVERY=./Maildir

##NAME: MAILDROPDEFAULT:0
#
#  The following setting initializes the DEFAULT variable in maildrop,
#  the location of the default mailbox.  You should not change this setting
#  unless you REALLY know what you're doing.

MAILDROPDEFAULT=./Maildir

##NAME: ESMTP_CORK:0
#
#  ESMTP_CORK=1 is an extension used with Linux kernel >2.2 that avoids sending
#  partial frames when sending a message via ESMTP.  Set ESMTP_CORK to 0 to
#  disable it (diagnostic option).  In certain situations this option has no
#  effect.  For example, when using SSL the entire channel has an encryption
#  layer around, so courieresmtp is actually talking to a pipe.

ESMTP_CORK=1

##NAME: ESMTP_BLOCKBACKSCATTER:0
#
# Default setting of ESMTP_BLOCKBACKSCATTER drops backscatter bounces.
#
# "Backscatter" is generally defined as a non-delivery notice sent to a
# forged return address.  Since we all know that anyone can use any return
# address on unauthenticated SMTP mail, any bounce message may potentially
# go to a victim of E-mail forgery.
#
# Courier is very good at refusing unwanted mail, and should rarely
# bounce a message after accepting it.  Still, sometimes this can happen,
# usually due to a rejection by a local mail filter.
#
# This is the default setting:
#
# ESMTP_BLOCKBACKSCATTER=smtp/dsn
#
# This setting silently discards a message when all of the following
# conditions are true.
#
# 1) The message is sent via SMTP
# 2) The message is a delivery status notification
# 3) The delivery status notification was in response to a message received
#    via SMTP.
# 4) The original message did not originate from a sender with relaying
#    privileges (not a trusted IP address, no SMTP authentication took place).
#
#
# The following setting does the same thing, except that backscatter from
# senders with relaying privileges is also discarded.
#
# ESMTP_BLOCKBACKSCATTER=smtp/dsn,authsmtp/dsn
#
# To turn off backscatter suppression completely, remove this setting
# altogether.
#
# Do not set this variable to anything else.
#
# Important: if you've configured Courier to enforce mailbox quotas, and
# mailbox overquota is a hard bounce, messages sent to overquota mailboxes
# will be lost!  (This will be fixed, stay tuned).

ESMTP_BLOCKBACKSCATTER=smtp/dsn

##NAME: SOURCE_ADDRESS:0
#
# The SOURCE_ADDRESS and SOURCE_ADDRESS_IPV6 settings have been deprecated and
# replaced by the ipout and ip6out configuration files. See the courier(8)
# man page for more information. These settings will be removed completely in
# a future release.

##NAME: UUXFLAGS:0
#
#  Specify additional flags to uux.  Allowed flags are -g [grade], -j, and
#  -r ONLY.  This environment variable is parsed in a rather simplistic
#  fashion -- it is broken up into space-separate words, and each one is
#  passed to uux together with the mandatory uux flags (namely -p).

UUXFLAGS="-j -g C"

##NAME: ARCHIVEDIR:0
#
#  This is the big-brother option that saves a copy of EACH and EVERY
#  message passing through the system.  Uncomment ARCHIVEDIR, and after
#  a message is delivered, its queue and data file is moved to ARCHIVEDIR
#  instead of being deleted.  You must create the ARCHIVEDIR directory
#  yourself, and it must be owned by the "daemon" userid.
#
#  Also, ARCHIVEDIR *MUST* be on the same partition/volume as Courier's
#  mail queue directory.
#
#  All messages will be saved into a flat directory, with one subdirectory
#  created each calendar day.  Therefore, you will need to make sure that
#  your filesystem can handle it.  Each message consists of two files,
#  the control file, and the message data file.  The Linux ext2 filesystem,
#  for example, will start to have problems once there are more than
#  32,000 files in the same directory, so if your system carries a higher
#  daily volume, you'll need to purge out the archive subdirectory several
#  times a day.
#
#  If you fill up an archive directory, mail will continue to move, but
#  not archived.  Caveat emptor.
#
#  ARCHIVEDIR="/usr/lib/courier/bigbrother"

##NAME: ESMTP_USE_STARTTLS:0
#
# The following variables specify whether or not the ESMTP *client* will use
# SSL when talking to a remote ESMTP server that supports SSL.

ESMTP_USE_STARTTLS=1

##NAME: COURIERTLS:0
#
# For SSL to work, OpenSSL must be available when Courier is compiled, and
# couriertls must be installed here:
#
# If couriertls is not installed, ESMTP_USE_TLS is quietly ignored.

COURIERTLS=/usr/bin/couriertls

##NAME: ESMTP_TLS_VERIFY_DOMAIN:0
#
# The following variables specify SSL/TLS properties for the ESMTP SSL client.
#
# Set ESMTP_TLS_VERIFY_DOMAIN to 1 if we must verify the domain in the remote
# server's certificate.  For this to actually work as intended, you must
# install root authority certificates in the locations specified by CERTINFO
# setting, and set TLS_VERIFYPEER to PEER.  Otherwise, this is meaningless.
#
# This setting must be set to 1 when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.

ESMTP_TLS_VERIFY_DOMAIN=0

##NAME: TLS_PROTOCOL:0
# 
# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# OpenSSL:
#
# SSL3 - SSLv3
# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems)
# TLS1 - TLS1
#
# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST
# setting, below.
#
# GnuTLS:
#
# SSL3   - SSLv3
# TLS1   - TLS 1.0
# TLS1_1 - TLS 1.1
#
# When compiled against GnuTLS, multiple protocols can be selected as follows:
#
# TLS_PROTOCOL="TLS1_1:TLS1:SSL3"
#
# DEFAULT VALUES:
#
# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS)

##NAME: TLS_CIPHER_LIST:0
#
# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
# OpenSSL:
#
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
#
# GnuTLS:
#
# TLS_CIPHER_LIST="HIGH:MEDIUM"
#
# The actual list of available ciphers depend on the options GnuTLS was
# compiled against. The possible ciphers are:
#
# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
#
# Also, the following aliases:
#
# HIGH -- all ciphers that use more than a 128 bit key size
# MEDIUM -- all ciphers that use a 128 bit key size
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
#        is not included
# ALL -- all ciphers except the NULL cipher

##NAME: TLS_MIN_DH_BITS:0
#
# TLS_MIN_DH_BITS=n
#
# GnuTLS only:
#
# Set the minimum number of acceptable bits for a DH key exchange.
#
# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server
# have been encountered that offer 512 bit keys. You may have to set
# TLS_MIN_DH_BITS=512 here, if necessary.

##NAME: TLS_KX_LIST:0
#
# GnuTLS only:
#
# Allowed key exchange protocols. The default of "ALL" should be sufficient.
# The list of supported key exchange protocols depends on the options GnuTLS
# was compiled against, but may include the following:
#
# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT

TLS_KX_LIST=ALL

##NAME: TLS_COMPRESSION:0
#
# GnuTLS only:
#
# Optional compression. "ALL" selects all available compression methods.
#
# Available compression methods: DEFLATE, LZO, NULL

TLS_COMPRESSION=ALL

##NAME: TLS_CERTS:0
#
# GnuTLS only:
#
# Supported certificate types are X509 and OPENPGP.
#
# OPENPGP has not been tested

TLS_CERTS=X509

##NAME: TLS_TIMEOUT:0
# TLS_TIMEOUT is currently not implemented, and reserved for future use.
# This is supposed to be an inactivity timeout, but its not yet implemented.
#

##NAME: TLS_DHCERTFILE:0
#
# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate.
# Use this setting instead of TLS_CERTFILE when using a DH client certificate
# instead of an RSA client certificate.
#
# This setting must be set when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.
#
# TLS_DHCERTFILE=

##NAME: TLS_CERTFILE:0
#
# TLS_CERTFILE - client SSL certificate
#
# This setting must be set when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.
#
# TLS_CERTFILE=


##NAME: TLS_TRUSTCERTS:1
#
# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
# Use this setting to define SSL certificate authorities
#
# This setting must be set when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.

TLS_TRUSTCERTS=/etc/ssl/certs

##NAME: TLS_TRUSTSECURITYCERTS:0
#
# TLS_TRUSTSECURITYCERTS=pathname - same as TLS_TRUSTCERTS, except that
# these certs are used when the Courier-specific SECURITY extension is
# specified for a given message. ESMTP_USE_STARTTLS must be set to 1,
# above, and this option implies ESMTP_TLS_VERIFY_DOMAIN.
#
# This setting, of course, can be same as TLS_TRUSTCERTS, however it is
# often desirable to use a separate, private, root CA cert in order to
# create private, organization-internal, secure mail delivery channel
# over an untrusted network, that's validated by X.509 certs signed
# by a private root CA.
#
# !!!NOTE!!! this is an experimental, not heavily tested, extension
#
# TLS_TRUSTSECURITYCERTS=

##NAME: TLS_VERIFYPEER:1
#
# TLS_VERIFYPEER - how to verify server certificates.  Possible settings:
#
# NONE - do not verify anything
#
# PEER - verify the client certificate, if one's presented
#
# REQUIREPEER - require a client certificate, fail if one's not presented
#
# Most SMTP server certificates on the Internet are self signed, so this
# setting should be left at its default value of "NONE".
#
# This setting must be set to "PEER" when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.

TLS_VERIFYPEER=NONE

##NAME: TLS_ERROR_HANDLE:0
#
# The sad reality of SMTP on the Internet is that TLS is broken. Many certs
# are self-signed. Many servers are misconfigured, advertise STARTTLS, but
# barf when they're taken up on this offer.
#
# TLS_ERROR_HANDLE takes the following values:
#
# ignore - attempt a TLS connection, if fails, ignore and proceed sending
# mail without TLS, as long as the connection is still there. Some servers are
# exceptionally broken, and will close the connection. Can't do much there; only
# put them into esmtproutes, with /SECURITY=NONE, so that STARTTLS isn't even
# tried. But, if the peer is still alive, go ahead and proceed without TLS.
#
# soft - attempt a TLS connection, if the host replies with a 5xx error, treat
# it as a soft error, and keep it queued up.
#
# If unset, if this setting is removed, Courier treats TLS connection errors
# as fatal errors, unless the remote host responds with a 4xx error, in which
# case it's a soft error

TLS_ERROR_HANDLE=ignore

##NAME: TLS_ERROR_REPORT
#
# An external hook to report broken TLS hosts.
#
# Use this setting to set up a custom script that gets invoked when encountering
# a server with a broken STARTTLS response:
#
# TLS_ERROR_REPORT="/usr/sbin/another_loser"
#
# The string of TLS_ERROR_REPORT gets passed, verbatim, to your shell for
# execution. The TLS_ERROR_REPORT script can read the following environment
# variables:
#
# ERROR_HOST and ERROR_IP - the broken mail server.
# ERROR_CODE - this environment variable is always set to "STARTTLS", for now.
# ERROR_TEXT - the response from the remote mail server. If it's a multiline
# response, this is just the first line. If the remote mail server closed
# the connection without even the courtesy of telling you to fsck off, this
# will be the literal text "(none)".
#
# Use care in writing the script. Attention should be paid to properly quoting
# any usage of these environment variables, since most of their contents are
# defined by a remote, possibly hostile, party.
#
# This script gets forked off as a child process, and the server continues to
# handle the error code as prescribed by TLS_ERROR_HANDLE, without waiting for
# this script to end. The intended usage of this hook is a quick script that
# logs this somewhere. Do not send mail from here. If you are the loser,
# you've just mailbombed yourself.