Index: scripts/imapproxy.conf
--- scripts/imapproxy.conf.orig
+++ scripts/imapproxy.conf
@@ -84,14 +84,14 @@ cache_expiration_time 300
 ## This setting controls which username the IMAP proxy process will run as.
 ## It is not allowed to run as "root".
 #
-proc_username nobody
+proc_username _imapproxy
 
 #
 ## proc_groupname
 ##
 ## This setting controls which groupname the IMAP proxy process will run as.
 #
-proc_groupname nobody
+proc_groupname _imapproxy
 
 
 #
@@ -181,7 +181,7 @@ force_tls no
 ## a directory is specified here, squirrelmail-imap_proxy will chroot() to
 ## that directory.
 #
-#chroot_directory /var/empty
+chroot_directory /var/empty
 
 
 #
@@ -213,12 +213,14 @@ enable_admin_commands no
 #
 ## TLS configuration options
 #
-#tls_ca_file /usr/share/ssl/certs/ca-bundle.crt
+tls_ca_file /etc/ssl/cert.pem
 #tls_ca_path /usr/share/ssl/certs/
+tls_verify_server yes
+#tls_ciphers ALL:!aNULL:!eNULL
+
+## Client certificate options
 #tls_cert_file /usr/share/ssl/certs/mycert.crt
 #tls_key_file /usr/share/ssl/certs/mycert.key
-#tls_verify_server no
-#tls_ciphers ALL:!aNULL:!eNULL
 
 
 #
