authentication.fallback-admin.secret = "{{ mailserver_secrets['admin_secret'] }}" authentication.fallback-admin.user = "{{ mailserver_secrets['admin_user'] }}" cluster.node-id = 1 lookup.default.hostname = "mail.{{ domain }}" lookup.default.domain = "{{ domain }}" # Server settings server.http.permissive-cors = false server.http.url = "protocol + '://' + key_get('default', 'hostname') + ':' + local_port" server.http.use-x-forwarded = true server.max-connections = 8192 server.socket.backlog = 1024 server.socket.nodelay = true server.socket.reuse-addr = true server.socket.reuse-port = true # Listeners server.listener.https.bind = "[::]:443" server.listener.https.protocol = "http" server.listener.https.tls.implicit = true server.listener.imaptls.bind = "[::]:993" server.listener.imaptls.protocol = "imap" server.listener.imaptls.tls.implicit = true server.listener.smtp.bind = "[::]:25" server.listener.smtp.protocol = "smtp" server.listener.smtp.tls.implicit = false server.listener.submissions.bind = "[::]:465" server.listener.submissions.protocol = "smtp" server.listener.submissions.tls.implicit = true # Certificate settings certificate."default".cert = "%{file:///etc/fullchain.pem}%" certificate."default".default = true certificate."default".private-key = "%{file:///etc/privkey.pem}%" # Storage settings storage.blob = "postgresql" storage.data = "postgresql" storage.directory = "ldap" storage.fts = "postgresql" storage.lookup = "postgresql" # Directory settings # Note: 'directory.ldap.attributes.secret' must not be defined # to correctly disable OAuth, if the LDAP server doesn't expose passwords hashes. directory.ldap.attributes.class = "objectClass" directory.ldap.attributes.description = "distinguishedName" directory.ldap.attributes.email = "mail" directory.ldap.attributes.email-alias = "mailAlias" directory.ldap.attributes.groups = "memberOf" directory.ldap.attributes.name = "uid" directory.ldap.attributes.quota = "diskQuota" directory.ldap.base-dn = "{{ ldap_base_dn }}" directory.ldap.bind.auth.dn = "uid=?,ou=people,{{ ldap_base_dn }}" directory.ldap.bind.auth.enable = true directory.ldap.bind.dn = "{{ mailserver_secrets['ldap_user'] }}" directory.ldap.bind.secret = "{{ mailserver_secrets['ldap_password'] }}" directory.ldap.cache.entries = 500 directory.ldap.filter.domains = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=*@?)(mailAlias=*@?)))" directory.ldap.filter.email = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=?)(mailAlias=?)(mailList=?))(mail=*@{{ domain }}))" directory.ldap.filter.expand = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(mailList=?))" directory.ldap.filter.name = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(uid=?))" directory.ldap.filter.verify = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=*?*)(mailAlias=*?*)))" directory.ldap.tls.allow-invalid-certs = false directory.ldap.tls.enable = false directory.ldap.type = "ldap" directory.ldap.url = "ldap://lldap:3890" # Store settings store.postgresql.compression = "lz4" store.postgresql.database = "stalwart" store.postgresql.host = "postgres.{{ domain }}" store.postgresql.password = "{{ mailserver_secrets['postgres_password'] }}" store.postgresql.port = "5432" store.postgresql.purge.frequency = "0 3 *" store.postgresql.tls.allow-invalid-certs = true store.postgresql.tls.enable = true store.postgresql.type = "postgresql" store.postgresql.user = "{{ mailserver_secrets['postgres_user'] }}" # Logs settings tracer.stdout.ansi = true tracer.stdout.enable = true tracer.stdout.level = "info" tracer.stdout.type = "stdout"