mirror of
https://github.com/stalwartlabs/mail-server.git
synced 2024-10-23 15:00:14 +00:00
Updated configuration files
This commit is contained in:
parent
02faa04e27
commit
d7d27063d8
10 changed files with 98 additions and 90 deletions
|
@ -327,6 +327,13 @@ impl LdapMappings {
|
|||
fn entry_to_principal(&self, entry: SearchEntry) -> Principal<String> {
|
||||
let mut principal = Principal::default();
|
||||
|
||||
tracing::debug!(
|
||||
context = "ldap",
|
||||
event = "fetch_princpal",
|
||||
entry = ?entry,
|
||||
"LDAP entry"
|
||||
);
|
||||
|
||||
for (attr, value) in entry.attrs {
|
||||
if self.attr_name.contains(&attr) {
|
||||
principal.name = value.into_iter().next().unwrap_or_default();
|
||||
|
|
|
@ -481,11 +481,11 @@ impl ParseValue for Canonicalization {
|
|||
impl ParseValue for IpLookupStrategy {
|
||||
fn parse_value(key: impl AsKey, value: &str) -> super::Result<Self> {
|
||||
Ok(match value.to_lowercase().as_str() {
|
||||
"ipv4-only" => IpLookupStrategy::Ipv4Only,
|
||||
"ipv6-only" => IpLookupStrategy::Ipv6Only,
|
||||
//"ipv4-and-ipv6" => IpLookupStrategy::Ipv4AndIpv6,
|
||||
"ipv6-then-ipv4" => IpLookupStrategy::Ipv6thenIpv4,
|
||||
"ipv4-then-ipv6" => IpLookupStrategy::Ipv4thenIpv6,
|
||||
"ipv4_only" => IpLookupStrategy::Ipv4Only,
|
||||
"ipv6_only" => IpLookupStrategy::Ipv6Only,
|
||||
//"ipv4_and_ipv6" => IpLookupStrategy::Ipv4AndIpv6,
|
||||
"ipv6_then_ipv4" => IpLookupStrategy::Ipv6thenIpv4,
|
||||
"ipv4_then_ipv6" => IpLookupStrategy::Ipv4thenIpv6,
|
||||
_ => {
|
||||
return Err(format!(
|
||||
"Invalid IP lookup strategy {:?} for property {:?}.",
|
||||
|
|
|
@ -4,25 +4,25 @@
|
|||
#############################################
|
||||
|
||||
[auth.iprev]
|
||||
verify = [ { if = "listener", eq = "smtp", then = "relaxed" },
|
||||
verify = [ { if = "listener = 'smtp'", then = "relaxed" },
|
||||
{ else = "disable" } ]
|
||||
|
||||
[auth.dkim]
|
||||
verify = "relaxed"
|
||||
sign = [ { if = "listener", ne = "smtp", then = ["rsa"] },
|
||||
{ else = [] } ]
|
||||
sign = [ { if = "listener != 'smtp'", then = "['rsa']" },
|
||||
{ else = false } ]
|
||||
|
||||
[auth.spf.verify]
|
||||
ehlo = [ { if = "listener", eq = "smtp", then = "relaxed" },
|
||||
ehlo = [ { if = "listener = 'smtp'", then = "relaxed" },
|
||||
{ else = "disable" } ]
|
||||
mail-from = [ { if = "listener", eq = "smtp", then = "relaxed" },
|
||||
mail-from = [ { if = "listener = 'smtp'", then = "relaxed" },
|
||||
{ else = "disable" } ]
|
||||
|
||||
[auth.arc]
|
||||
verify = "relaxed"
|
||||
seal = ["rsa"]
|
||||
seal = "['rsa']"
|
||||
|
||||
[auth.dmarc]
|
||||
verify = [ { if = "listener", eq = "smtp", then = "relaxed" },
|
||||
verify = [ { if = "listener = 'smtp'", then = "relaxed" },
|
||||
{ else = "disable" } ]
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
#############################################
|
||||
|
||||
#[session.data.milter."rspamd"]
|
||||
#enable = [ { if = "listener", eq = "smtp", then = true },
|
||||
#enable = [ { if = "listener = 'smtp'", then = true },
|
||||
# { else = false } ]
|
||||
#hostname = "127.0.0.1"
|
||||
#port = 11332
|
||||
|
|
|
@ -7,15 +7,15 @@ path = "%{BASE_PATH}%/queue"
|
|||
hash = 64
|
||||
|
||||
[queue.schedule]
|
||||
retry = ["2m", "5m", "10m", "15m", "30m", "1h", "2h"]
|
||||
notify = ["1d", "3d"]
|
||||
retry = "[2m, 5m, 10m, 15m, 30m, 1h, 2h]"
|
||||
notify = "[1d, 3d]"
|
||||
expire = "5d"
|
||||
|
||||
[queue.outbound]
|
||||
#hostname = "%{HOST}%"
|
||||
next-hop = [ { if = "rcpt-domain", in-list = "%{DEFAULT_DIRECTORY}%/domains", then = "local" },
|
||||
next-hop = [ { if = "is_local_domain('%{DEFAULT_DIRECTORY}%', rcpt_domain)", then = "'local'" },
|
||||
{ else = false } ]
|
||||
ip-strategy = "ipv4-then-ipv6"
|
||||
ip-strategy = "ipv4_then_ipv6"
|
||||
|
||||
[queue.outbound.tls]
|
||||
dane = "optional"
|
||||
|
@ -24,8 +24,8 @@ starttls = "require"
|
|||
allow-invalid-certs = false
|
||||
|
||||
#[queue.outbound.source-ip]
|
||||
#v4 = ["10.0.0.10", "10.0.0.11"]
|
||||
#v6 = ["a::b", "a::c"]
|
||||
#v4 = "['10.0.0.10', '10.0.0.11']"
|
||||
#v6 = "['a::b', 'a::c']"
|
||||
|
||||
[queue.outbound.limits]
|
||||
mx = 7
|
||||
|
@ -42,12 +42,12 @@ data = "10m"
|
|||
mta-sts = "2m"
|
||||
|
||||
[[queue.quota]]
|
||||
#match = {if = "sender-domain", eq = "foobar.org"}
|
||||
#match = "sender_domain = 'foobar.org'"
|
||||
#key = ["rcpt"]
|
||||
messages = 100000
|
||||
size = 10737418240 # 10gb
|
||||
|
||||
[[queue.throttle]]
|
||||
key = ["rcpt-domain"]
|
||||
key = ["rcpt_domain"]
|
||||
#rate = "100/1h"
|
||||
concurrency = 5
|
||||
|
|
|
@ -13,45 +13,45 @@ forward = true
|
|||
#store = "%{BASE_PATH}%/incoming"
|
||||
|
||||
[report.dsn]
|
||||
from-name = "Mail Delivery Subsystem"
|
||||
from-address = "MAILER-DAEMON@%{DEFAULT_DOMAIN}%"
|
||||
sign = ["rsa"]
|
||||
from-name = "'Mail Delivery Subsystem'"
|
||||
from-address = "'MAILER-DAEMON@%{DEFAULT_DOMAIN}%'"
|
||||
sign = "['rsa']"
|
||||
|
||||
[report.dkim]
|
||||
from-name = "Report Subsystem"
|
||||
from-address = "noreply-dkim@%{DEFAULT_DOMAIN}%"
|
||||
subject = "DKIM Authentication Failure Report"
|
||||
sign = ["rsa"]
|
||||
send = "1/1d"
|
||||
from-name = "'Report Subsystem'"
|
||||
from-address = "'noreply-dkim@%{DEFAULT_DOMAIN}%'"
|
||||
subject = "'DKIM Authentication Failure Report'"
|
||||
sign = "['rsa']"
|
||||
send = "[1, 1d]"
|
||||
|
||||
[report.spf]
|
||||
from-name = "Report Subsystem"
|
||||
from-address = "noreply-spf@%{DEFAULT_DOMAIN}%"
|
||||
subject = "SPF Authentication Failure Report"
|
||||
send = "1/1d"
|
||||
sign = ["rsa"]
|
||||
from-name = "'Report Subsystem'"
|
||||
from-address = "'noreply-spf@%{DEFAULT_DOMAIN}%'"
|
||||
subject = "'SPF Authentication Failure Report'"
|
||||
send = "[1, 1d]"
|
||||
sign = "['rsa']"
|
||||
|
||||
[report.dmarc]
|
||||
from-name = "Report Subsystem"
|
||||
from-address = "noreply-dmarc@%{DEFAULT_DOMAIN}%"
|
||||
subject = "DMARC Authentication Failure Report"
|
||||
send = "1/1d"
|
||||
sign = ["rsa"]
|
||||
from-name = "'Report Subsystem'"
|
||||
from-address = "'noreply-dmarc@%{DEFAULT_DOMAIN}%'"
|
||||
subject = "'DMARC Authentication Failure Report'"
|
||||
send = "[1, 1d]"
|
||||
sign = "['rsa']"
|
||||
|
||||
[report.dmarc.aggregate]
|
||||
from-name = "DMARC Report"
|
||||
from-address = "noreply-dmarc@%{DEFAULT_DOMAIN}%"
|
||||
org-name = "%{DEFAULT_DOMAIN}%"
|
||||
from-name = "'DMARC Report'"
|
||||
from-address = "'noreply-dmarc@%{DEFAULT_DOMAIN}%'"
|
||||
org-name = "'%{DEFAULT_DOMAIN}%'"
|
||||
#contact-info = ""
|
||||
send = "daily"
|
||||
max-size = 26214400 # 25mb
|
||||
sign = ["rsa"]
|
||||
sign = "['rsa']"
|
||||
|
||||
[report.tls.aggregate]
|
||||
from-name = "TLS Report"
|
||||
from-address = "noreply-tls@%{DEFAULT_DOMAIN}%"
|
||||
org-name = "%{DEFAULT_DOMAIN}%"
|
||||
from-name = "'TLS Report'"
|
||||
from-address = "'noreply-tls@%{DEFAULT_DOMAIN}%'"
|
||||
org-name = "'%{DEFAULT_DOMAIN}%'"
|
||||
#contact-info = ""
|
||||
send = "daily"
|
||||
max-size = 26214400 # 25 mb
|
||||
sign = ["rsa"]
|
||||
sign = "['rsa']"
|
||||
|
|
|
@ -8,38 +8,38 @@ transfer-limit = 262144000 # 250 MB
|
|||
duration = "10m"
|
||||
|
||||
[session.connect]
|
||||
#script = "connect.sieve"
|
||||
#script = "'connect'"
|
||||
|
||||
[session.ehlo]
|
||||
require = true
|
||||
reject-non-fqdn = [ { if = "listener", eq = "smtp", then = true},
|
||||
reject-non-fqdn = [ { if = "listener = 'smtp'", then = true},
|
||||
{ else = false } ]
|
||||
#script = "ehlo"
|
||||
#script = "'ehlo'"
|
||||
|
||||
[session.extensions]
|
||||
pipelining = true
|
||||
chunking = true
|
||||
requiretls = true
|
||||
no-soliciting = ""
|
||||
dsn = [ { if = "authenticated-as", ne = "", then = true},
|
||||
dsn = [ { if = "!is_empty(authenticated_as)", then = true},
|
||||
{ else = false } ]
|
||||
expn = [ { if = "authenticated-as", ne = "", then = true},
|
||||
expn = [ { if = "!is_empty(authenticated_as)", then = true},
|
||||
{ else = false } ]
|
||||
vrfy = [ { if = "authenticated-as", ne = "", then = true},
|
||||
vrfy = [ { if = "!is_empty(authenticated_as)", then = true},
|
||||
{ else = false } ]
|
||||
future-release = [ { if = "authenticated-as", ne = "", then = "7d"},
|
||||
future-release = [ { if = "!is_empty(authenticated_as)", then = "7d"},
|
||||
{ else = false } ]
|
||||
deliver-by = [ { if = "authenticated-as", ne = "", then = "15d"},
|
||||
deliver-by = [ { if = "!is_empty(authenticated_as)", then = "15d"},
|
||||
{ else = false } ]
|
||||
mt-priority = [ { if = "authenticated-as", ne = "", then = "mixer"},
|
||||
mt-priority = [ { if = "!is_empty(authenticated_as)", then = "mixer"},
|
||||
{ else = false } ]
|
||||
|
||||
[session.auth]
|
||||
mechanisms = [ { if = "listener", ne = "smtp", then = ["plain", "login"]},
|
||||
{ else = [] } ]
|
||||
directory = [ { if = "listener", ne = "smtp", then = "%{DEFAULT_DIRECTORY}%" },
|
||||
mechanisms = [ { if = "listener != 'smtp'", then = "[plain, login]"},
|
||||
{ else = false } ]
|
||||
directory = [ { if = "listener != 'smtp'", then = "'%{DEFAULT_DIRECTORY}%'" },
|
||||
{ else = false } ]
|
||||
require = [ { if = "listener", ne = "smtp", then = true},
|
||||
require = [ { if = "listener != 'smtp'", then = true},
|
||||
{ else = false } ]
|
||||
allow-plain-text = false
|
||||
|
||||
|
@ -49,29 +49,25 @@ wait = "5s"
|
|||
|
||||
[session.mail]
|
||||
#script = "mail-from"
|
||||
#rewrite = [ { all-of = [ { if = "listener", ne = "smtp" },
|
||||
# { if = "rcpt", matches = "^([^.]+)@([^.]+)\.(.+)$"},
|
||||
# ], then = "${1}@${3}" },
|
||||
#rewrite = [ { if = "listener != 'smtp' & matches('^([^.]+)@([^.]+)\.(.+)$', rcpt)", then = "$1 + '@' + $3" },
|
||||
# { else = false } ]
|
||||
|
||||
[session.rcpt]
|
||||
#script = "greylist"
|
||||
relay = [ { if = "authenticated-as", ne = "", then = true },
|
||||
relay = [ { if = "!is_empty(authenticated_as)", then = true },
|
||||
{ else = false } ]
|
||||
#rewrite = [ { all-of = [ { if = "rcpt-domain", in-list = "%{DEFAULT_DIRECTORY}%/domains" },
|
||||
# { if = "rcpt", matches = "^([^.]+)\.([^.]+)@(.+)$"},
|
||||
# ], then = "${1}+${2}@${3}" },
|
||||
#rewrite = [ { if = "is_local_domain('%{DEFAULT_DIRECTORY}%', rcpt_domain) & matches('^([^.]+)\.([^.]+)@(.+)$', rcpt)", then = "$1 + '+' + $2 + '@' + $3" },
|
||||
# { else = false } ]
|
||||
max-recipients = 25
|
||||
directory = "%{DEFAULT_DIRECTORY}%"
|
||||
directory = "'%{DEFAULT_DIRECTORY}%'"
|
||||
|
||||
[session.rcpt.errors]
|
||||
total = 5
|
||||
wait = "5s"
|
||||
|
||||
[session.data]
|
||||
script = [ { if = "authenticated-as", eq = "", then = "spam-filter"},
|
||||
{ else = "track-replies" } ]
|
||||
script = [ { if = "is_empty(authenticated_as)", then = "'spam-filter'"},
|
||||
{ else = "'track-replies'" } ]
|
||||
|
||||
[session.data.limits]
|
||||
messages = 10
|
||||
|
@ -79,24 +75,24 @@ size = 104857600
|
|||
received-headers = 50
|
||||
|
||||
[session.data.add-headers]
|
||||
received = [ { if = "listener", eq = "smtp", then = true },
|
||||
received = [ { if = "listener = 'smtp'", then = true },
|
||||
{ else = false } ]
|
||||
received-spf = [ { if = "listener", eq = "smtp", then = true },
|
||||
received-spf = [ { if = "listener = 'smtp'", then = true },
|
||||
{ else = false } ]
|
||||
auth-results = [ { if = "listener", eq = "smtp", then = true },
|
||||
auth-results = [ { if = "listener = 'smtp'", then = true },
|
||||
{ else = false } ]
|
||||
message-id = [ { if = "listener", eq = "smtp", then = false },
|
||||
message-id = [ { if = "listener = 'smtp'", then = false },
|
||||
{ else = true } ]
|
||||
date = [ { if = "listener", eq = "smtp", then = false },
|
||||
date = [ { if = "listener = 'smtp'", then = false },
|
||||
{ else = true } ]
|
||||
return-path = false
|
||||
|
||||
[[session.throttle]]
|
||||
#match = {if = "remote-ip", eq = "10.0.0.1"}
|
||||
key = ["remote-ip"]
|
||||
#match = "remote_ip = '10.0.0.1'"
|
||||
key = ["remote_ip"]
|
||||
concurrency = 5
|
||||
#rate = "5/1h"
|
||||
|
||||
[[session.throttle]]
|
||||
key = ["sender-domain", "rcpt"]
|
||||
key = ["sender_domain", "rcpt"]
|
||||
rate = "25/1h"
|
||||
|
|
|
@ -10,6 +10,11 @@ DOMAIN="example.org"
|
|||
STORE="rocksdb"
|
||||
FTS_STORE="rocksdb"
|
||||
BLOB_STORE="rocksdb"
|
||||
#STORE="sqlite"
|
||||
#FTS_STORE="sqlite"
|
||||
#BLOB_STORE="sqlite"
|
||||
FEATURES="foundationdb postgres mysql rocks elastic s3 redis"
|
||||
#FEATURES="sqlite"
|
||||
|
||||
# Directories
|
||||
DIRECTORY="internal"
|
||||
|
@ -59,5 +64,5 @@ mkdir -p $BASE_DIR/etc/dkim
|
|||
openssl genpkey -algorithm RSA -out $BASE_DIR/etc/dkim/$DOMAIN.key
|
||||
|
||||
# Create admin user
|
||||
SET_ADMIN_USER="admin" SET_ADMIN_PASS="secret" cargo run -p mail-server --no-default-features --features "foundationdb postgres mysql rocks elastic s3 redis" -- --config=/tmp/stalwart-test/etc/config.toml
|
||||
cargo run -p mail-server --no-default-features --features "foundationdb postgres mysql rocks elastic s3 redis" -- --config=/tmp/stalwart-test/etc/config.toml
|
||||
SET_ADMIN_USER="admin" SET_ADMIN_PASS="secret" cargo run -p mail-server --no-default-features --features "$FEATURES" -- --config=/tmp/stalwart-test/etc/config.toml
|
||||
cargo run -p mail-server --no-default-features --features "$FEATURES" -- --config=/tmp/stalwart-test/etc/config.toml
|
||||
|
|
|
@ -93,9 +93,9 @@ certificate = "default"
|
|||
reject-non-fqdn = false
|
||||
|
||||
[session.rcpt]
|
||||
relay = [ { if = "authenticated-as", ne = "", then = true },
|
||||
relay = [ { if = "!is_empty(authenticated_as)", then = true },
|
||||
{ else = false } ]
|
||||
directory = "auth"
|
||||
directory = "'auth'"
|
||||
|
||||
[session.rcpt.errors]
|
||||
total = 5
|
||||
|
@ -113,8 +113,8 @@ hash = 64
|
|||
type = "system"
|
||||
|
||||
[queue.outbound]
|
||||
next-hop = [ { if = "rcpt-domain", in-list = "local/domains", then = "local" },
|
||||
{ if = "rcpt-domain", in-list = "local/remote-domains", then = "mock-smtp" },
|
||||
next-hop = [ { if = "key_exists('local/domains', rcpt_domain)", then = "'local'" },
|
||||
{ if = "key_exists('local/remote-domains', rcpt_domain)", then = "'mock-smtp'" },
|
||||
{ else = false } ]
|
||||
|
||||
[remote."mock-smtp"]
|
||||
|
@ -127,7 +127,7 @@ implicit = false
|
|||
allow-invalid-certs = true
|
||||
|
||||
[session.extensions]
|
||||
future-release = [ { if = "authenticated-as", ne = "", then = "99999999d"},
|
||||
future-release = [ { if = "!is_empty(authenticated_as)", then = "99999999d"},
|
||||
{ else = false } ]
|
||||
|
||||
[store."sqlite"]
|
||||
|
|
|
@ -105,9 +105,9 @@ fail2ban = "101/5s"
|
|||
reject-non-fqdn = false
|
||||
|
||||
[session.rcpt]
|
||||
relay = [ { if = "authenticated-as", ne = "", then = true },
|
||||
relay = [ { if = "!is_empty(authenticated_as)", then = true },
|
||||
{ else = false } ]
|
||||
directory = "auth"
|
||||
directory = "'auth'"
|
||||
|
||||
[session.rcpt.errors]
|
||||
total = 5
|
||||
|
@ -125,8 +125,8 @@ hash = 64
|
|||
type = "system"
|
||||
|
||||
[queue.outbound]
|
||||
next-hop = [ { if = "rcpt-domain", in-list = "local/domains", then = "local" },
|
||||
{ if = "rcpt-domain", in-list = "local/remote-domains", then = "mock-smtp" },
|
||||
next-hop = [ { if = "key_exists('local/domains', rcpt_domain)", then = "'local'" },
|
||||
{ if = "key_exists('local/remote-domains', rcpt_domain)", then = "'mock-smtp'" },
|
||||
{ else = false } ]
|
||||
|
||||
[remote."mock-smtp"]
|
||||
|
@ -139,7 +139,7 @@ implicit = false
|
|||
allow-invalid-certs = true
|
||||
|
||||
[session.extensions]
|
||||
future-release = [ { if = "authenticated-as", ne = "", then = "99999999d"},
|
||||
future-release = [ { if = "!is_empty(authenticated_as)", then = "99999999d"},
|
||||
{ else = false } ]
|
||||
|
||||
[store."sqlite"]
|
||||
|
|
Loading…
Reference in a new issue