piler/etc/example.conf
Janos SUTO e093d11a09 piler-smtp refactor
Signed-off-by: Janos SUTO <sj@acts.hu>
2024-04-06 20:46:54 +02:00

275 lines
8.7 KiB
Plaintext

; This is an example config with default values
; Attention: do _not_ use whitespace between keys and values
; verbosity level. The more logging the greater load
; 1: normal
; 3: info
; 5: debug
verbosity=1
; unique server id. If you have more than 1 piler hosts combined,
; then assign a unique value to each host. Possible values: 0-255
server_id=0
; piler daemon will use this user (and its group)
; it it was started by root
username=piler
; by default (unless a specific retention rule applies),
; preserve an email for this many days. The purge utility
; won't harm the message until its retention days are gone.
; The default is 7 years + 2 days (=7*365+2=2557 days)
default_retention_days=2557
; The initialization vector for encryption.
; By now it has become obsolete. Don't use it for
; new installations. However, if you used it before
; then you must keep it as it is.
;iv=
; whether to encrypt messages (1) or not (0).
; Make sure to set this value to your needs right after installing piler,
; and don't change it after you got the first email. Otherwise
; you'll have half the archive encrypted, the other half unencrypted
; which will cause problems.
encrypt_messages=1
; number of worker processes, ie. the number of simultaneous smtp connections to piler.
; This value should be the number of cpus + 1, ie. 2 for a single cpu host
number_of_worker_processes=2
; max. number of parallel connections piler-smtp can handle.
; Important! If you want to change this value, then you must first
; stop piler-smtp, change the value, then start piler-smtp.
; I don't suggest to go under 10 or above 1000.
max_connections=64
; number of processed emails per each piler process
max_requests_per_child=10000
; SMTP HELO identification string
; this should be the FQDN part of the email address
; where you copy emails, eg. archive@piler.example.com -> piler.example.com
hostid=piler.example.com
; whether to process rcpt to addresses and add them to rcpt table (1) or not (0)
process_rcpt_to_addresses=0
; write pid file
pidfile=/var/run/piler/piler.pid
; piler will listen here
; if you have postfix, exim, ... installed on localhost
; then make sure to set the listen_addr parameter for piler
listen_addr=0.0.0.0
listen_port=25
clamd_socket=/tmp/clamd
; check for client timeout interval. Default: 20 sec
check_for_client_timeout_interval=20
; smtp timeout. Default: 60 sec
smtp_timeout=60
helper_timeout=20
; whether to run external attachment extractors (1) or not (0)
extract_attachments=1
; the 2nd parameter of the listen() system call. Please note that this is set
; when piler starts up and you should restart piler if you change this variable.
; Please also note that the meaning of this variable depends on your Unix implementation
backlog=20
workdir=/var/piler/tmp
; whether to enable writing folder_message table (1) or not (0)
enable_folders=0
; discard a message if it's shorter than this value (in bytes)
min_message_size=100
;
; starttls stuff
;
; whether to enable (1) or disable (0) starttls support
tls_enable=0
; PEM file containing both the certificate and the private key.
; Make sure to create this file (and secure it with chmod 600 /usr/local/etc/piler.pem)
; before turning on starttls support!
pemfile=
; cipher list to use, see 'man SSL_CTX_set_cipher_list' for more details
cipher_list=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
; set the minimum TLS protocol version for piler-smtp daemon
;
; Valid values: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
; TLSv1 and TLSv1.1 are not recommended for security reasons
tls_min_version=TLSv1.2
; piler's own header to indicate previously archived messages
piler_header_field=X-piler-id:
; extra header field to treat as To:
;
; to make postfix to insert the envelope recipient address to the email
; header, do the following:
;
; /etc/postfix/main.cf:
;
; smtpd_recipient_restrictions = reject_non_fqdn_recipient, ... check_recipient_access pcre:$config_directory/x-add-envelope-to, ...
;
; /etc/postfix/x-add-envelope-to:
;
; /(.*)/ prepend X-Envelope-To: $1
;
extra_to_field=X-Envelope-To:
; whether to archive an email not having a Message-ID header line (1)
; or not (0).
; If enabled then piler will assign piler_id as the message-id
; to messages without message-id.
archive_emails_not_having_message_id=0
; whether to archive each and every single email received (0) or
; only those on the mydomains list (1). The default is to archive
; everything
archive_only_mydomains=0
; whether to syslog the recipients of the email in the following format:
; 400000.....xxxxx: rcpt=recipient1@domain.com
; 400000.....xxxxx: rcpt=recipient2@domain.com
syslog_recipients=0
; minimum word length in mail body to index
min_word_len=1
; whether to enable CJK (=Chinese, Japanese, and Korean) "characters".
; the text piler can see with CJK languages may have extremely long
; sequences without any whitespace. To prevent the parser to drop
; these very long sequences, enable (1) this feature. By default it's
; disabled (0).
enable_cjk=0
; whether to enable the CHUNKING / BDAT feature (1) or not (0)
; You may read about the feature at https://tools.ietf.org/html/rfc3030)
enable_chunking=0
; if piler detects this line in the mail header, then it will assume
; the message is a spam. You should include your own antispam solution's
; specific line.
;
; If you use SpamAssassin you may use
;
; spam_header_line=X-Spam-Status: Yes
;
; OR
;
; spam_header_line=X-Spam-Level: ********
;
; The default value is empty.
spam_header_line=
;
; memcached stuff
;
; memcached server to use. Currently piler supports only 1 memcached server
memcached_servers=127.0.0.1
; ttl (in secs) of a stored object
; 0 means records don't expire
memcached_ttl=86400
; whether to update counters to memcached (1) or to the database (0)
update_counters_to_memcached=0
; interval to sync memcached data (eg. counters) to database
; this setting is only effective if you have update_counters_to_memcached=1
;
; hint: if you are using a mysql replicated environment and you do _not_ want
; piler to write to the replicated database (because you do sync it some other
; way to the master database or you are not interested in keeping the counters
; persistantly at all), then specify a big number here, that fits to the
; "long int" size, eg. 2147483647
memcached_to_db_interval=900
;
; mysql stuff
;
// this can be either utf8 or utf8mb4. Make sure to match the value
// to the charset of the piler database! Also, make sure to set this
// value in sphinx.conf
mysqlcharset=utf8mb4
;mysqlhost=127.0.0.1
;mysqlport=3306
mysqlsocket=/var/run/mysqld/mysqld.sock
mysqluser=piler
mysqlpwd=verystrongpassword
mysqldb=piler
mysql_connect_timeout=2
;
; manticore stuff
;
sphxhost=127.0.0.1
sphxport=9306
; whether to enable (1) or not (0) the rt index. If so, then piler
; writes the index data directly to manticore's sql API
rtindex=0
; if you want to change the 'sent' time as you archive the message
; set this in seconds. This can be a postive or negative value.
; By default this feature is not enabled, use --tweak-sent-time
; configure option to enable it.
tweak_sent_time_offset=0
; whether to enable (1) or not (0) the extra mmap dedup test feature
; if you change it, be sure to stop, then start piler
mmap_dedup_test=0
; security header that must be present in the first mail header of
; the message. If the security_header value is not empty, then the
; parser checks for this header line. Unless it's found it will discard
; the given email. Note that this feature is supposed to be a security
; mechanism against unwanted email in the archive if limiting smtp
; clients via an IP-address list is not feasible.
security_header=
; By default the archive accepts any envelope recipient addresses.
; If your archive's port 25 is wide open to the Internet (which it
; shouldn't be, then spammers may find it, and fill it with spam.
;
; By setting this variable you may restrict the envelope address
; to a single email address, eg. some-random-address-12345@archive.example.com
; Then the archive will reject any other envelope recipients
archive_address=
; whether to enable (1) or not (0) an smtp access list similar to
; postfix's postscreen. Valid actions in the acl file are "permit"
; and "reject" (without quotes). See smtp.acl.example for more.
;
; Important! There's an implicit default deny at the end of the
; rules. In other words if you decide to use the acl file, then
; everyone is not explicitly permitted is denied.
smtp_access_list=0
; max message size in bytes
; piler-smtp will reject any message that's bigger than this number
max_message_size=50000000
; max memory in bytes piler-smtp uses for buffering messages
; when this limit is exceeded, no new emails will be accepted
; until the used memory decreases below this level
max_smtp_memory=500000000