nc-env/templates/template17-mail-server/artifacts/domains.conf at 20941772cd6da799442f2e3332b2fae89fb1bd9b

Fork: 0
pmarini / nc-env
Find file
Newer
Older
nc-env / templates / template17-mail-server / artifacts / domains.conf
pmarini on 29 Jun 2023 6 KB first commit for mail server template
Raw Blame History

# Domains for which email is accepted. For internationalized domains, use their
# IDNA names in UTF-8.
Domains:
	#MAIL_DOMAIN#:

		# If not empty, only the string before the separator is used to for email delivery
		# decisions. For example, if set to "+", you+anything@example.com will be
		# delivered to you@example.com. (optional)
		LocalpartCatchallSeparator: +

		# With DMARC, a domain publishes, in DNS, a policy on how other mail servers
		# should handle incoming messages with the From-header matching this domain and/or
		# subdomain (depending on the configured alignment). Receiving mail servers use
		# this to build up a reputation of this domain, which can help with mail delivery.
		# A domain can also publish an email address to which reports about DMARC
		# verification results can be sent by verifying mail servers, useful for
		# monitoring. Incoming DMARC reports are automatically parsed, validated, added to
		# metrics and stored in the reporting database for later display in the admin web
		# pages. (optional)
		DMARC:

			# Address-part before the @ that accepts DMARC reports. Must be
			# non-internationalized. Recommended value: dmarc-reports.
			Localpart: dmarc-reports

			# Account to deliver to.
			Account: admin

			# Mailbox to deliver to, e.g. DMARC.
			Mailbox: DMARC

		# With MTA-STS a domain publishes, in DNS, presence of a policy for
		# using/requiring TLS for SMTP connections. The policy is served over HTTPS.
		# (optional)
		MTASTS:

			# Policies are versioned. The version must be specified in the DNS record. If you
			# change a policy, first change it in mox, then update the DNS record.
			PolicyID: 20230623T151905

			# testing, enforce or none. If set to enforce, a remote SMTP server will not
			# deliver email to us if it cannot make a TLS connection.
			Mode: enforce

			# How long a remote mail server is allowed to cache a policy. Typically 1 or
			# several weeks.
			MaxAge: 24h0m0s

			# List of server names allowed for SMTP. If empty, the configured hostname is set.
			# Host names can contain a wildcard (*) as a leading label (matching a single
			# label, e.g. *.example matches host.example, not sub.host.example). (optional)
			MX:
				- #MACHINE_HOSTNAME#

		# With TLSRPT a domain specifies in DNS where reports about encountered SMTP TLS
		# behaviour should be sent. Useful for monitoring. Incoming TLS reports are
		# automatically parsed, validated, added to metrics and stored in the reporting
		# database for later display in the admin web pages. (optional)
		TLSRPT:

			# Address-part before the @ that accepts TLSRPT reports. Recommended value:
			# tls-reports.
			Localpart: tls-reports

			# Account to deliver to.
			Account: admin

			# Mailbox to deliver to, e.g. TLSRPT.
			Mailbox: TLSRPT

# Accounts to which email can be delivered. An account can accept email for
# multiple domains, for multiple localparts, and deliver to multiple mailboxes.
Accounts:
	admin:

		# Default domain for account. Deprecated behaviour: If a destination is not a full
		# address but only a localpart, this domain is added to form a full address.
		Domain: #MAIL_DOMAIN#

		# Destinations, keys are email addresses (with IDNA domains). If the address is of
		# the form '@domain', i.e. with localpart missing, it serves as a catchall for the
		# domain, matching all messages that are not explicitly configured. Deprecated
		# behaviour: If the address is not a full address but a localpart, it is combined
		# with Domain to form a full address.
		Destinations:
			admin@#MAIL_DOMAIN#: nil

		# If configured, messages classified as weakly spam are rejected with instructions
		# to retry delivery, but this time with a signed token added to the subject.
		# During the next delivery attempt, the signed token will bypass the spam filter.
		# Messages with a clear spam signal, such as a known bad reputation, are
		# rejected/delayed without a signed token. (optional)
		SubjectPass:

			# How long unique values are accepted after generating, e.g. 12h.
			Period: 12h0m0s

		# Mail that looks like spam will be rejected, but a copy can be stored temporarily
		# in a mailbox, e.g. Rejects. If mail isn't coming in when you expect, you can
		# look there. The mail still isn't accepted, so the remote mail server may retry
		# (hopefully, if legitimate), or give up (hopefully, if indeed a spammer).
		# Messages are automatically removed from this mailbox, so do not set it to a
		# mailbox that has messages you want to keep. (optional)
		RejectsMailbox: Rejects

		# Automatically set $Junk and $NotJunk flags based on mailbox messages are
		# delivered/moved/copied to. Email clients typically have too limited
		# functionality to conveniently set these flags, especially $NonJunk, but they can
		# all move messages to a different mailbox, so this helps them. (optional)
		AutomaticJunkFlags:

			# If enabled, flags will be set automatically if they match a regular expression
			# below. When two of the three mailbox regular expressions are set, the remaining
			# one will match all unmatched messages. Messages are matched in the order
			# specified and the search stops on the first match. Mailboxes are lowercased
			# before matching.
			Enabled: true

			# Example: ^(junk|spam). (optional)
			JunkMailboxRegexp: ^(junk|spam)

			# Example: ^(inbox|neutral|postmaster|dmarc|tlsrpt|rejects), and you may wish to
			# add trash depending on how you use it, or leave this empty. (optional)
			NeutralMailboxRegexp: ^(inbox|neutral|postmaster|dmarc|tlsrpt|rejects)

		# Content-based filtering, using the junk-status of individual messages to rank
		# words in such messages as spam or ham. It is recommended you always set the
		# applicable (non)-junk status on messages, and that you do not empty your Trash
		# because those messages contain valuable ham/spam training information.
		# (optional)
		JunkFilter:

			# Approximate spaminess score between 0 and 1 above which emails are rejected as
			# spam. Each delivery attempt adds a little noise to make it slightly harder for
			# spammers to identify words that strongly indicate non-spaminess and use it to
			# bypass the filter. E.g. 0.95.
			Threshold: 0.950000
			Params:

				# Track ham/spam ranking for single words. (optional)
				Onegrams: true

				# Maximum power a word (combination) can have. If spaminess is 0.99, and max power
				# is 0.1, spaminess of the word will be set to 0.9. Similar for ham words.
				MaxPower: 0.010000

				# Number of most spammy/hammy words to use for calculating probability. E.g. 10.
				TopWords: 10

				# Ignore words that are this much away from 0.5 haminess/spaminess. E.g. 0.1,
				# causing word (combinations) of 0.4 to 0.6 to be ignored. (optional)
				IgnoreWords: 0.100000

				# Occurrences in word database until a word is considered rare and its influence
				# in calculating probability reduced. E.g. 1 or 2. (optional)
				RareWords: 2