Fork: 0
pmarini / nc-env
Transfer to URL with SHA Find file
Newer
Older
nc-env / templates / template17-mail-server / artifacts / mox.conf
@pmarini pmarini on 29 Jun 2023 5 KB first commit for mail server template
Raw Blame History 

# Directory where all data is stored, e.g. queue, accounts and messages, ACME TLS
# certs/keys. If this is a relative path, it is relative to the directory of
# mox.conf.
DataDir: ../data

# Default log level, one of: error, info, debug, trace, traceauth, tracedata.
# Trace logs SMTP and IMAP protocol transcripts, with traceauth also messages with
# passwords, and tracedata on top of that also the full data exchanges (full
# messages), which can be a large amount of data.
LogLevel: debug

# User to switch to after binding to all sockets as root. Default: mox. If the
# value is not a known user, it is parsed as integer and used as uid and gid.
# (optional)
User: mox

# Full hostname of system, e.g. mail.<domain>
Hostname: #MACHINE_HOSTNAME#

# If enabled, a single DNS TXT lookup of _updates.xmox.nl is done every 24h to
# check for a new release. Each time a new release is found, a changelog is
# fetched from https://updates.xmox.nl and delivered to the postmaster mailbox.
# (optional)
#
# RECOMMENDED: please enable to stay up to date
#
#CheckUpdates: true

# File containing hash of admin password, for authentication in the web admin
# pages (if enabled). (optional)
AdminPasswordFile: adminpasswd

# Listeners are groups of IP addresses and services enabled on those IP addresses,
# such as SMTP/IMAP or internal endpoints for administration or Prometheus
# metrics. All listeners with SMTP/IMAP services enabled will serve all configured
# domains. If the listener is named 'public', it will get a few helpful additional
# configuration checks, for acme automatic tls certificates and monitoring of ips
# in dnsbls if those are configured.
Listeners:
	internal:

		# Use 0.0.0.0 to listen on all IPv4 and/or :: to listen on all IPv6 addresses, but
		# it is better to explicitly specify the IPs you want to use for email, as mox
		# will make sure outgoing connections will only be made from one of those IPs.
		IPs:
			- #ip_address_0#

		# If empty, the config global Hostname is used. (optional)
		Hostname: localhost

		# Account web interface, for email users wanting to change their accounts, e.g.
		# set new password, set new delivery rulesets. Served at /. (optional)
		AccountHTTPS:
			Enabled: true
			Port: 444

		# Admin web interface, for managing domains, accounts, etc. Served at /admin/.
		# Preferably only enable on non-public IPs. Hint: use 'ssh -L 8080:localhost:80
		# you@yourmachine' and open http://localhost:8080/admin/, or set up a tunnel (e.g.
		# WireGuard) and add its IP to the mox 'internal' listener. (optional)
		AdminHTTPS:
			Enabled: true
			Port: 444

		TLS:
			KeyCerts:
				-
					CertFile: /etc/ssl/certs/#MACHINE_HOSTNAME#.pem
					KeyFile: /etc/ssl/private/#MACHINE_HOSTNAME#-key.pem

		# Serve prometheus metrics, for monitoring. You should not enable this on a public
		# IP. (optional)
		MetricsHTTP:
			Enabled: false
	public:

		# Use 0.0.0.0 to listen on all IPv4 and/or :: to listen on all IPv6 addresses, but
		# it is better to explicitly specify the IPs you want to use for email, as mox
		# will make sure outgoing connections will only be made from one of those IPs.
		IPs:
			- #ip_address_0#

		# For SMTP/IMAP STARTTLS, direct TLS and HTTPS connections. (optional)
		TLS:
			KeyCerts:
				-
					CertFile: /etc/ssl/certs/#MACHINE_HOSTNAME#.pem
					KeyFile: /etc/ssl/private/#MACHINE_HOSTNAME#-key.pem

		# (optional)
		SMTP:
			Enabled: true

			# Addresses of DNS block lists for incoming messages. Block lists are only
			# consulted for connections/messages without enough reputation to make an
			# accept/reject decision. This prevents sending IPs of all communications to the
			# block list provider. If any of the listed DNSBLs contains a requested IP
			# address, the message is rejected as spam. The DNSBLs are checked for healthiness
			# before use, at most once per 4 hours. Example DNSBLs: sbl.spamhaus.org,
			# bl.spamcop.net (optional)
			#DNSBLs:
				#- sbl.spamhaus.org
				#- bl.spamcop.net

		# SMTP over TLS for submitting email, by email applications. Requires a TLS
		# config. (optional)
		Submissions:
			Enabled: true

		# IMAP over TLS for reading email, by email applications. Requires a TLS config.
		# (optional)
		IMAPS:
			Enabled: true

		# Serve autoconfiguration/autodiscovery to simplify configuring email
		# applications, will use port 443. Requires a TLS config. (optional)
		AutoconfigHTTPS:
			Enabled: true

		# Serve MTA-STS policies describing SMTP TLS requirements. Requires a TLS config.
		# (optional)
		MTASTSHTTPS:
			Enabled: true

		# All configured WebHandlers will serve on an enabled listener. (optional)
		WebserverHTTP:
			Enabled: false

		# All configured WebHandlers will serve on an enabled listener. Either ACME must
		# be configured, or for each WebHandler domain a TLS certificate must be
		# configured. (optional)
		WebserverHTTPS:
			Enabled: true

# Destination for emails delivered to postmaster addresses: a plain 'postmaster'
# without domain, 'postmaster@<hostname>' (also for each listener with SMTP
# enabled), and as fallback for each domain without explicitly configured
# postmaster destination.
Postmaster:
	Account: admin

	# E.g. Postmaster or Inbox.
	Mailbox: Postmaster