smtp-server/resources/config/config.toml

[servers]

[servers."relay"]
hostname = "mx.example.org"
greeting = "Stalwart SMTP v0.1 at your service"
type = "smtp"
bind = ["0.0.0.0", 25]

[servers."relay".tls]
enable = true,
implicit = true,
sni = "abc",
cert = "key",
protocols = "SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3",
ciphers = "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH",
clientcert = true

[servers."relay".socket]
backlog = 111,
ttl = 123,
send-buffer-size = 123,
recv-buffer-size = 444,
linger = 1,
tos = 1,

[servers."relay".transaction.connect]
script = connect.sieve

[[servers."relay".transaction.connect.throttle]]
concurrency = 1000

[[servers."relay".transaction.connect.throttle]]
key = remoteip + localip
concurrency = 10,
rate = [3, 60]

[servers."relay".transaction.ehlo]
require = true
extensions = "chunking, pipeline, smtputf8, starttls"
script = ehlo.sieve
authenticate = spf

[[servers."relay".transaction.ehlo]]
commands = 1
idle = 10

[servers."relay".transaction.auth]
require = true
require-tls = true
auth-host = "auth-server"
mechanisms = "plain, login"

[[servers."relay".transaction.auth.limits]]
idle = 10,
errors = 3,
errors-wait = 10

[servers."relay".transaction.mail]
authenticate = spf
script = mail-from.sieve

[[servers."relay".transaction.mail.limits]]
idle = 10,
messages = 10

[[servers."relay".transaction.mail.throttle]]
key = mail-from,
concurrency = 10,
rate = [3, 60]

[servers."relay".transaction.rcpt]
script = rcpt-to.sieve
local-domains = list-domains
local-addresses = list-addresses
cache = { entries = 1000, ttl-positive = 10, ttl-negative = 5 }

[[servers."relay".transaction.rcpt.limits]]
idle = 10,
max-recipients = 100,
errors = 5

[[servers."relay".transaction.rcpt.throttle]]
key = rcpt-to
concurrency = 10
rate = [3, 60]

[servers."relay".transaction.data]
authenticate = [dkim, arc, dmarc]
sign = dkim, arc
script = data.sieve

[[servers."relay".transaction.data.limits]]
idle = 10
size = 100000
received-headers = 50
mime-parts = 50
nested-messages = 3

[servers."relay".transaction.quit]
script = quit.sieve

[servers."relay".transaction.disconnect]
script = disconnect.sieve

[external]

[external.lmtp]
address = 192.168.0.1
port = 25
protocol = "lmtp"
auth.username = "hello"
auth.password = "world"
tls = "optional, require, dane, dane-fallback-require, dane-require

[queues]

[queues."default"]
retry = [0, 1, 15, 60, 90]
notify = [9, 10]
prefer = ipv6
source-ips = [192.168.0.2, 162.168.0.1]
tls = optional, require, dane, dane-fallback-require, dane-require

[[queues."default".limits]]
attempts = 100
time = 3600
queued-messages = 10000
queue-size = 1000000

[[queues."default".throttle]]
rate = 1/60
concurrency = 1000
key = all

[[queues."default".throttle]]
rate = 1/60
concurrency = 100
key = localip, remote-ip, remote-mx

[queues.local]
smart-host = lmtp
match-rule = "is-local"

[rules]

[rules."is-local"]
rcpt-domain = ["*.example.org"]
rcpt-to = [""]
server-id = "relay"
mx = ["mx.gmail.com", "mx.coco.com"]
remote-ip = [192.168.0.32/1]
priority = 1



[resolver]
type = system, google, cloudflare
dnssec = true
preserve-intermediates = true

[resolver.limits]
concurrency = 2
timeout = 100
attempts = 3

[resolver.cache]
a = 1000
mx = 9393
txt = 3233

[general.spool]
path = "/var/spool/queue"
hash = 123

[scripts]

[scripts.ehlo]
data = this is my script

[lists]

[lists.localdomains]
data = ["example.org", "*.example.net"]

[list.localaddresses]
server = lmtp

[certificates]

[certificates.tls]
type = "rsa"
certificate = ""
privatekey = ""

[servers."relay".outgoing.dsn]
name = "Mail Delivery Subsystem"
address = "MAILER-DAEMON"
subject = "Delivery Status Notification"

[servers."relay".outgoing.auth-failure]
name = "Autentication Report"
address = "noreply-auth-failure"
subject = "Authentication Failure Report"

[servers."relay".outgoing.dmarc]
name = "DMARC report"
address = "noreply-dmarc"
subject = "DMARC aggregate report for $1"

[servers."relay".dmarc]
send-reports = true
report-frequency = requested, 86400
incoming-address = "dmarc@*"