105 lines
4.6 KiB
TOML
105 lines
4.6 KiB
TOML
authentication.fallback-admin.secret = "{{ mailserver_secrets['admin_secret'] }}"
|
|
authentication.fallback-admin.user = "{{ mailserver_secrets['admin_user'] }}"
|
|
cluster.node-id = 1
|
|
lookup.default.hostname = "mail.{{ domain }}"
|
|
|
|
|
|
# Server settings
|
|
server.http.permissive-cors = false
|
|
server.http.url = "protocol + '://' + key_get('default', 'hostname') + ':' + local_port"
|
|
server.http.use-x-forwarded = true
|
|
server.max-connections = 8192
|
|
server.run-as.group = "mail"
|
|
server.run-as.user = "mail"
|
|
server.socket.backlog = 1024
|
|
server.socket.nodelay = true
|
|
server.socket.reuse-addr = true
|
|
server.socket.reuse-port = true
|
|
|
|
|
|
# Listeners
|
|
server.listener.https.bind = "[::]:443"
|
|
server.listener.https.protocol = "http"
|
|
server.listener.https.tls.implicit = true
|
|
server.listener.imaptls.bind = "[::]:993"
|
|
server.listener.imaptls.protocol = "imap"
|
|
server.listener.imaptls.tls.implicit = true
|
|
server.listener.smtp.bind = "[::]:25"
|
|
server.listener.smtp.protocol = "smtp"
|
|
server.listener.smtp.tls.implicit = false
|
|
server.listener.submissions.bind = "[::]:465"
|
|
server.listener.submissions.protocol = "smtp"
|
|
server.listener.submissions.tls.implicit = true
|
|
|
|
|
|
# Certificate settings
|
|
certificate."default".cert = "%{file:///etc/fullchain.pem}%"
|
|
certificate."default".default = true
|
|
certificate."default".private-key = "%{file:///etc/privkey.pem}%"
|
|
|
|
|
|
# Storage settings
|
|
storage.blob = "postgresql"
|
|
storage.data = "postgresql"
|
|
storage.directory = "ldap"
|
|
storage.fts = "postgresql"
|
|
storage.lookup = "postgresql"
|
|
|
|
|
|
# Directory settings
|
|
# Note: 'directory.ldap.attributes.secret' must not be defined
|
|
# to correctly disable OAuth, if the LDAP server doesn't expose passwords hashes.
|
|
directory.ldap.attributes.class = "objectClass"
|
|
directory.ldap.attributes.description = "distinguishedName"
|
|
directory.ldap.attributes.email = "mail"
|
|
directory.ldap.attributes.email-alias = "mailAlias"
|
|
directory.ldap.attributes.groups = "memberOf"
|
|
directory.ldap.attributes.name = "uid"
|
|
directory.ldap.attributes.quota = "diskQuota"
|
|
directory.ldap.base-dn = "{{ ldap_base_dn }}"
|
|
directory.ldap.bind.auth.dn = "uid=?,ou=people,{{ ldap_base_dn }}"
|
|
directory.ldap.bind.auth.enable = true
|
|
directory.ldap.bind.dn = "{{ mailserver_secrets['ldap_user'] }}"
|
|
directory.ldap.bind.secret = "{{ mailserver_secrets['ldap_password'] }}"
|
|
directory.ldap.cache.entries = 500
|
|
directory.ldap.cache.ttl.negative = "10m"
|
|
directory.ldap.cache.ttl.positive = "1h"
|
|
directory.ldap.filter.domains = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=*@?)(mailAlias=*@?)))"
|
|
directory.ldap.filter.email = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=?)(mailAlias=?)(mailList=?))(mail=*@{{ domain }}))"
|
|
directory.ldap.filter.expand = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(mailList=?))"
|
|
directory.ldap.filter.name = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(uid=?))"
|
|
directory.ldap.filter.verify = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=*?*)(mailAlias=*?*)))"
|
|
directory.ldap.timeout = "15s"
|
|
directory.ldap.tls.allow-invalid-certs = false
|
|
directory.ldap.tls.enable = false
|
|
directory.ldap.type = "ldap"
|
|
directory.ldap.url = "ldap://lldap:3890"
|
|
|
|
|
|
# Store settings
|
|
store.postgresql.compression = "lz4"
|
|
store.postgresql.database = "stalwart"
|
|
store.postgresql.host = "postgres.{{ domain }}"
|
|
store.postgresql.password = "{{ mailserver_secrets['postgres_password'] }}"
|
|
store.postgresql.pool.max-connections = 10
|
|
store.postgresql.port = "5432"
|
|
store.postgresql.purge.frequency = "0 3 *"
|
|
store.postgresql.query.domains = "SELECT 1 FROM emails WHERE address LIKE '%@' || $1 LIMIT 1"
|
|
store.postgresql.query.emails = "SELECT address FROM emails WHERE name = $1 AND type != 'list' ORDER BY type DESC, address ASC"
|
|
store.postgresql.query.expand = "SELECT p.address FROM emails AS p JOIN emails AS l ON p.name = l.name WHERE p.type = 'primary' AND l.address = $1 AND l.type = 'list' ORDER BY p.address LIMIT 50"
|
|
store.postgresql.query.members = "SELECT member_of FROM group_members WHERE name = $1"
|
|
store.postgresql.query.name = "SELECT name, type, secret, description, quota FROM accounts WHERE name = $1 AND active = true"
|
|
store.postgresql.query.recipients = "SELECT name FROM emails WHERE address = $1 ORDER BY name ASC"
|
|
store.postgresql.query.verify = "SELECT address FROM emails WHERE address LIKE '%' || $1 || '%' AND type = 'primary' ORDER BY address LIMIT 5"
|
|
store.postgresql.timeout = "15s"
|
|
store.postgresql.tls.allow-invalid-certs = true
|
|
store.postgresql.tls.enable = true
|
|
store.postgresql.type = "postgresql"
|
|
store.postgresql.user = "{{ mailserver_secrets['postgres_user'] }}"
|
|
|
|
|
|
# Logs settings
|
|
tracer.stdout.ansi = true
|
|
tracer.stdout.enable = true
|
|
tracer.stdout.level = "debug"
|
|
tracer.stdout.type = "stdout"
|