mirrors/smtp-server
1
0
Fork 0
mirror of https://github.com/stalwartlabs/smtp-server.git synced 2024-11-25 00:37:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
smtp-server/resources/config/config.toml
Mauro D 4e117d4a2c DSN signing implementation.
2023-01-10 18:26:58 +00:00

391 lines
10 KiB
TOML
Raw Blame History

[server]
hostname = "mx.example.org"
greeting = "Stalwart SMTP at your service"
protocol = "smtp"
[server.listener."smtp"]
bind = ["0.0.0.0:9025"]
tls.implicit = false
[server.listener."smtps"]
bind = ["0.0.0.0:9465"]
#tls.sni = [{subject = "domain.org", pki = "abc"}]
#socket.backlog = 1024
[server.listener."submission"]
bind = ["0.0.0.0:9587"]
#tls = {implicit = true}
[server.tls]
enable = true
implicit = true
timeout = "1m"
certificate = "default"
#sni = [{subject = "domain.org", pki = "abc"}]
#protocols = ["TLSv1.2", TLSv1.3"]
#ciphers = []
ignore-client-order = true
[server.socket]
reuse-addr = true
#reuse-port = true
backlog = 1024
#ttl = 3600
#send-buffer-size = 65535
#recv-buffer-size = 65535
#linger = 1
#tos = 1
[global]
log-level = "trace"
concurrency = 1024
throttle-map = {shard = 32, capacity = 10}
[session]
timeout = "5m"
transfer-limit = 5000000
duration = "10m"
[session.connect]
#script = "connect.sieve"
[session.ehlo]
require = true
#script = ehlo.sieve
[session.extensions]
pipelining = true
chunking = true
requiretls = true
no-soliciting = ""
dsn = true
future-release = [
{ if = "listener", eq = "submission", then = "5d"},
{ else = false }
]
deliver-by = false
mt-priority = false
[session.auth]
mechanisms = [
{ if = "listener", eq = "submission", then = ["plain", "login"]},
{ else = false }
]
lookup = [ { if = "listener", eq = "submission", then = "local-addresses" },
{ else = false } ]
[session.auth.errors]
total = 3
wait = "5s"
[session.mail]
#script = mail-from.sieve
timeout = 10
[session.rcpt]
#script = rcpt-to.sieve
relay = [ { if = "authenticated-as", ne = "", then = true },
{ else = false } ]
max-recipients = 100
[session.rcpt.lookup]
domains = "local-domains"
addresses = "local-addresses"
vrfy = [ { if = "authenticated-as", ne = "", then = "local-addresses" },
{ else = false } ]
expn = [ { if = "authenticated-as", ne = "", then = "local-addresses" },
{ else = false } ]
[session.rcpt.errors]
total = 3
wait = "5s"
[session.data]
#script = data.sieve
[session.data.limits]
messages = 10
size = 100000
received-headers = 50
mime-parts = 50
nested-messages = 3
[session.data.add-headers]
received = true
received-spf = true
return-path = true
auth-results = true
message-id = true
date = true
[[session.throttle]]
match = {if = "remote-ip", eq = "127.0.0.1"}
key = ["remote-ip", "authenticated-as"]
concurrency = 100
rate = "50/30s"
[[session.throttle]]
key = "sender-domain"
concurrency = 10000
[auth.iprev]
verify = "strict"
[auth.dkim]
verify = "strict"
sign = true
[auth.signature."default"]
public-key = "cert-name"
private-key = "cert-name"
domain = "example.org"
selector = ""
headers = ["From", "To", "Date", "Subject", "Message-ID"]
algorithm = "rsa-sha256"
canonicalization = "simple/relaxed"
expire = "10d"
third-party = ""
third-party-algo = ""
auid = ""
set-body-length = false
report = true
[auth.spf]
verify.ehlo = "relaxed"
verify.mail-from = "relaxed"
[auth.arc]
verify = "strict"
seal = true
[auth.dmarc]
verify = "strict"
[remote."lmtp"]
address = 192.168.0.1
port = 25
protocol = "lmtp"
[remote."lmtp".auth]
username = "hello"
secret = "world"
[remote."lmtp".cache]
entries = 1000
ttl = {positive = 10, negative = 5}
[remote."lmtp".tls]
implicit = true
allow-invalid-certs = true
[queue]
path = "/var/spool/queue"
hash = 123
[queue.schedule]
retry = ["0m", "2m", "5m", "10m", "15m", "30m", "1h", "2h"]
notify = ["1d", "3d"]
expire = "5d"
[queue.outbound]
#hostname = mx.domain.org
next-hop = "lmtp"
[queue.outbound.tls]
dane = require
mta-sts = disabled
starttls = optional
[queue.outbound.source-ip]
v4 = ["192.168.0.2", "162.168.0.1"]
v6 = ["192.168.0.2", "162.168.0.1"]
[queue.outbound.limits]
mx = 5
multihomed = 2
[queue.outbound.timeouts]
connect = "1m"
greeting = "1m"
tls = "1m"
ehlo = "1m"
mail-from = "1m"
rcpt-to = "1m"
data = "5m"
mta-sts = "1m"
[[queue.quota]]
match = {if = "remote-ip", eq = "127.0.0.1"}
key = [""]
messages = 10000
size = 1000000
[[queue.throttle]]
rate = "1/60s"
concurrency = 1000
key = ["remote-ip"]
[resolver]
type = "cloudflare"
strategy = "ipv6"
dnssec = true
preserve-intermediates = true
concurrency = 2
timeout = 100
attempts = 3
try-tcp-on-error = true
[resolver.cache]
a = 1000
mx = 9393
txt = 3233
tlsa = 333
[scripts]
[scripts]
ehlo = "this is my script"
[list."local-domains"]
type = "inline"
items = ["example.org", "*.example.net"]
[list."local-addresses"]
type = "remote"
host = "lmtp"
#[list."local-users"]
#type = "file"
#path = "/tmp/file.txt"
[report.dsn]
from-name = "Mail Delivery Subsystem"
from-address = "MAILER-DAEMON@domain.org"
subject = "Delivery Status Notification"
sign-with = []
[report.dkim]
from-name = "Autentication Report"
from-address = "noreply-auth-failure"
subject = "SPF Authentication Failure Report"
send-rate = "1/20d"
analyze = true
[report.spf]
from-name = "Autentication Report"
from-address = "noreply-auth-failure"
subject = "SPF Authentication Failure Report"
sign-with = []
send-rate = "1/20d"
analyze = true
[report.dmarc]
from-name = "DMARC report"
from-address = "noreply-dmarc"
subject = "DMARC aggregate report for $1"
send-rate = "1/20d"
sign-with = []
aggregate-frequency = never
analyze = true
[report.tls]
from-name = "Autentication Report"
from-address = "noreply-auth-failure"
subject = "TLS Failure Report"
send-rate = "1/30d"
analyze = true
sign-with = []
[servers."relay".dmarc]
send-reports = true
#report-frequency = requested, 86400
incoming-address = "dmarc@*"
[certificate]
[certificate."default"]
cert = '''
-----BEGIN CERTIFICATE-----
MIIFCTCCAvGgAwIBAgIUCgHGQYUqtelbHGVSzCVwBL3fyEUwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDUxNjExNDAzNFoXDTIzMDUx
NjExNDAzNFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEAtwS0Fzl3SjaCuKEXgZ/fdWbDoj/qDphyNCAKNevQ0+D0
STNkWCO04aFSH0zcL8zoD9gokNos0i7OU9//ZhZQmex4V6EFdZn8bFwUWN/scUvW
HEFXVjtHldO2isZgIxH9LuwRv7KAgkISuWahqerOVDhe7SeQUV0AJGNEh3cT9PZr
gSY931BxB7n+5k8eoSk8Z1gtBzQzL62kVGpHDKfw8yX8m65owF9eLUBrNzgxmXfC
xpuHwj7hmVhS09PPKeN/RsFS8PsYO7bo0u8jEKalteumjRT7RyUEbioqfo6ZFOGj
FHPIq/uKXS9zN1fpoyNh3ur5hMznQhrqlwBM9KlM7GdBJ0pZ3ad0YjT8IL/GnGKR
85J2WZdLqaQdUZo7nV67FhqdDlNE4MdwiykTMjfmLRXGAVhAzJHKyRKNwmkI2aqe
S7aqeNgvuDBwY80Q9a2rb5py1Aw+L8yCkUBuHboToDpxSVRDNN8DrWNmmsXnxsOG
wRDODy4GICKyxlP+RFSM8xWSQ6y9ktS2OfDBm+Eqcw+3pZKhdz2wgxLkUBJ8X1eh
kJrCA/6LTuhy6m6mMjAfoSOFU7fu88jxaWPgvP7GKyH+LM/t9eucobz2ks5rtSjz
V4Dc5DCS94/OpVRHwHdaFSPbJKBN9Ev8gnNrAyx/aBPGoHBPG/QUiU7dcUNIPt0C
AwEAAaNTMFEwHQYDVR0OBBYEFI167IxBmErB11EqiPPqFLa31ZaMMB8GA1UdIwQY
MBaAFI167IxBmErB11EqiPPqFLa31ZaMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggIBALU00IOiH5ubEauVCmakms5ermNTZfculnhnDfWTLMeh2+a7
G4cqADErfMhm/mmLbrw33t9s6tCAhQltvewKR40ST9uMPSyiQbYaCXd5DXnuI6Ox
JtNW+UOWIaMf8abnkdLvREOvb8dVQS1i3xq14tAjY5XgpGwCPP8m54b7N3Q7soLn
e5PDhPNTnhRIn2RLuYoZmQmMA5fcqEUDYff4epUww7PhrM1QckZligI3566NlGOf
j1G9JrivBtY0eaJtamIFnGMBT0ThDudxVja2Nv0C2Elry0p4T/o4nc4M67BJ/y1R
vjNLAgFhbxssemU3lZqSd+pykpJBwDBjFSPrZZmQcbk7H6Uz8V1xr/xuzfw6fA13
NWZ5vLgP/DQ13sM+XFlxThKfbPMPVe/UCTvfGtNW+3XyBgPntEkR+fNEawQmzbYl
R+X1ymT9MZnEZqRMf7/UD/SYek1aUJefoew3upjMgxYVvh4F8dqJ+39F+xoFzIA2
1dDAEMzXtjA3zKhZ2cycZbEzpJvYA3eGLuR16Suqfi4kPvfwK0mOhCxQmpayt7/X
vuEzW6dPCH8Hgbb0WvsSppGOvhdbDaZFNfFc5eNSxhyKzu3H3ACNImZRtZE+yixx
0fR8+xz9kDLf8xupV+X9heyFGHSyYU2Lveaevtr2Ij3weLRgJ6LbNALoeKXk
-----END CERTIFICATE-----
'''
private-key = '''
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC3BLQXOXdKNoK4
oReBn991ZsOiP+oOmHI0IAo169DT4PRJM2RYI7ThoVIfTNwvzOgP2CiQ2izSLs5T
3/9mFlCZ7HhXoQV1mfxsXBRY3+xxS9YcQVdWO0eV07aKxmAjEf0u7BG/soCCQhK5
ZqGp6s5UOF7tJ5BRXQAkY0SHdxP09muBJj3fUHEHuf7mTx6hKTxnWC0HNDMvraRU
akcMp/DzJfybrmjAX14tQGs3ODGZd8LGm4fCPuGZWFLT088p439GwVLw+xg7tujS
7yMQpqW166aNFPtHJQRuKip+jpkU4aMUc8ir+4pdL3M3V+mjI2He6vmEzOdCGuqX
AEz0qUzsZ0EnSlndp3RiNPwgv8acYpHzknZZl0uppB1RmjudXrsWGp0OU0Tgx3CL
KRMyN+YtFcYBWEDMkcrJEo3CaQjZqp5Ltqp42C+4MHBjzRD1ratvmnLUDD4vzIKR
QG4duhOgOnFJVEM03wOtY2aaxefGw4bBEM4PLgYgIrLGU/5EVIzzFZJDrL2S1LY5
8MGb4SpzD7elkqF3PbCDEuRQEnxfV6GQmsID/otO6HLqbqYyMB+hI4VTt+7zyPFp
Y+C8/sYrIf4sz+3165yhvPaSzmu1KPNXgNzkMJL3j86lVEfAd1oVI9skoE30S/yC
c2sDLH9oE8agcE8b9BSJTt1xQ0g+3QIDAQABAoICABq5oxqpF5RMtXYEgAw7rkPU
h8jPkHwlIrgd3Z/WGZ53APUXfhWo0ScJiZZsgNKyF0kJBZNxaI4gq5xv3zmnFIoF
j+Ur7EIqBERGheoceMhqjI9/syMycNeeHM/S/ALjA5ewfT8C7+UVhOpx5DWNxidi
O+phlp9q9zRZEo69grqIqVYooWxUsMyyCljTQOPDw8BLjfe5VagmsRJqmolslLDM
4UBSjZVZ18S/3Wgo2oVQia660244BHWCAkZQbbXuNI2+eUAbSoSdxw3WQcaSrywL
hzyezbqr2yPDIIVuiUgVUt0Ps0P57VCCN07jlYhvCEGnClysFzD+ATefoZ0wg7za
dQu2E+d166rAjnssyhzcHMn3pxgSdtXD+dQR/xfIGbPABucCupEFqKmhLdMm9+ud
lHay87qzMpIa8cITJwEQROfXqWAhNUU98pKCOx1SVXBqQC7QVqGQ5solDf0eMSVh
ngQ6Dz2WUI2ty75LteiFwlyTgnU9nyPN0NXsrMEET2BHWre7ufTQqiULtQ7+9BwH
AMxEKvrQHjMUjdfbXuzdyc5w5mPYJZfFVSQ1HMslx66h9yCpRIsBZvUGvoaP8Tpe
nQ66FTYRbiOkkdJ7k8DtrnhsJI1oOGjnvj/rvZ8D2pvrlJcIH2AyN3MOL8Jp5Oj1
nCFt77TwpF92pgl0g9gBAoIBAQDcarmP54QboaIQ9S2gE/4gSVC5i44iDJuSRdI8
K081RQcWiNzqQXTRc5nqJ7KzLyPiGlg+6rWsBKLos5l4t+MdhhH+KUvk/OtT/g8V
0NZBNXLIbSb8j8ix4v3/f2qKHN3Co6QOlxb3gFvobKDdoKqUNiSH1zTZ8/Y/BzkM
jqWKhTdaLz6eyzhKfOTA4LO8kJ3VF8HUM1N9/e8Gjorl+gZpJUXUQS0+AIi8W76C
OwDrVb3BPGVnApQJfWF78h4g20RwXrx/GYUW2vOMcLjXXDV5U7+nobPUoJnLxoZC
16o88y0Ivan8dBNXsc1epyPvvEqp6MJbAyyVuNeuRJcgYA0BAoIBAQDUkGRV7fLG
wCr5rNysUO+FKzVtTJnf9KEsqAqUmmVnG4oubxAJJtiB5n2+DT+CtO8Nrtz05BbR
uxfWm+lbEw6lVMj63bywtp0NdULg7/2t+oq2Svv16KrZIRJttXMkdEiFFmkVAEhX
l8Fyl6PJPfSMwbPdXEUPUAaNrXweVFffXczHc4W2G212ZzDB0z7QQSgEntbTDFB/
2Cg5dvuojlM9zw0fuEyLwItZs7n16j/ONZLgBHyroMU9ZPxbnLrVyoZlqtob+RWm
Ju2fSIL9QqG6O4td1TqcUBGvFQYjGvKA+q5fsG26NBJ0Ac48cNK6PS4lMkN3Av2J
ccloYaMEHAXdAoIBAE8WMCy1Ok6byUXiYxOL+OPmyoM40q/e7DcovE2AkLQhZ3Cr
fPDEucCphPFiexkV8f8fysgQeU0WgMmUH54UBPbD81LJyISKR3nkr875Ftdg8SV/
HL0EblN9ifuR4U1bHCrJgoUFq2T09oVH7NR44Ju7bZIcIseNZK6qzcp2qGkycXD3
gLWDX1hCxeV6+qLPFQKvuomEPRH4+jnVDXuFIaW6jPqixDP6BxXmqU2bFDJcmnBq
VkwGvc1F4qORdUP+yOi05VeJdZqEx1x92aTUXg+BgEQKnjbNxUE7o1L6hQfHjUIU
o5iEoagWkQTEXf2YBwY+EPaNBgNWxnSuAbfJHwECggEBALOF95ezTVWauzD/U6ic
+o3n/kl/Zn4FJ5KFodn7xCSe18d7uXlhO34KYqx+l+MWWMefpbGWacdcUjfImf93
SulLgCqP12sP7/iLzp4XUpL7hOeM0NvRU2nqSpwpoUNqik0Mrlc0U+TWoGTduVCf
aMjwV65e3VyfY8mIeclLxqM5n1fcM1OoOnzDjiRE+0n7nYa5eAnq3pn6v4449TZY
belH03e0ucFWLtrltesBmj3YdWGJqJlzQOInRhNBfXJOh8+ZynfRmP0o54udPDQV
cG3PGFd5XPTjkuvhv7sqaSGRlm/um92lWOhtFfdp+i+cuDpmByCef+7zEP19aKZx
3GkCggEAFTs7KNMfvIEaLH0yQUFeq2gLmtcMofmOmeoIECycN1rG7iJo07lJLIs0
bVODH8Z0kX8llu3cjGMAH/6R2uugJSxkmFiZKrngTzKmxDPvTCKWR4RFwXH9j8IO
cPq7FtKN4SgrPy9ciAPdkcGmu3zz/sBKOaoPwvU2PdBRT+v/aoz+GCLXAvzFlKVe
9/7zdg87ilo8+AtV+71EJeR3kyBPKS9JrWYUKfiams12+uuH4/53rMFZfNCAaZ3Z
1sdXEO4o3Loc5TX4DbO9FVdBSBe6klEXx4T0QJboO6uBvTBnnRL2SQriJQQFwYT6
XzVV5pwOxkIDBWDIqMUfwJDChBKfpw==
-----END PRIVATE KEY-----
'''
Reference in a new issue View git blame Copy permalink