# Uncomment if you start the app as root and want to downgrade
# once all privileged actions are completed
# If you do not use privileged ports then you can start the app already under required user account
#user="wildduck"
#group="wildduck"

# process title
ident="wildduck"

# how many processes to start
# either a number for specific process count or "cpus" for machine thread count
processes=1

# If usernames are not email addresses then use this domain as default hostname part
#emailDomain="mydomain.info"

[dbs]
# @include "dbs.toml"

[totp]
    # If enabled then encrypt TOTP seed tokens with the secret password. By default TOTP seeds
    # are not encrypted and stored as cleartext. Once set up do not change these values,
    # otherwise decrypting totp seeds is going to fail
    #secret="a secret cat"
    #cipher="aes192" # only for decrypting legacy values (if there are any)

[webauthn]
    rpId = "example.com" # origin domain
    rpName = "WildDuck Email Server"

    challengeSize = 64
    attestation = "none"
    authenticatorUserVerification = "discouraged"

[attachments]
# @include "attachments.toml"

[log]
    level="silly"

    skipFetchLog=false # if true, then does not output individual * FETCH responses to log

    # delete authentication log entries after 30 days
    # changing this value only affects new entries
    # set to false to not log authentication events
    # set to 0 to keep the logs infinitely
    # NB! Removed. Use const:authlog:time setting instead
    #authlogExpireDays=30

    [log.gelf]
        enabled=false
        hostname=false # defaults to os.hostname()
        component="wildduck"
        [log.gelf.options]
            graylogPort=12201
            graylogHostname="127.0.0.1"
            connection="lan"

[imap]
# @include "imap.toml"

[tls]
# @include "tls.toml"

[lmtp]
# @include "lmtp.toml"

[pop3]
# @include "pop3.toml"

[api]
# @include "api.toml"

[sender]
# @include "sender.toml"

[dkim]
# @include "dkim.toml"

[acme]
# @include "acme.toml"

[certs]
# Encrypt stored TLS private keys with the following password (disabled by default):
#secret="a secret cat"
#cipher="aes192" # only for decrypting legacy values (if there are any)

[plugins]
# @include "plugins/*.toml"

[tasks]
# if enabled then process jobs like deleting expired messages etc
enabled=true

[smtp.setup]
# Public configuration for SMTP MDA, needed for mobileconfig files
hostname="localhost"
secure=false
port=2587

[webhooks]
# At least one server must have webhook processing enabled,
# otherwise events would pile up in the Redis queue.
enabled = true