stalwartlabs/mail-server
1
1
Fork 0
mirror of https://github.com/stalwartlabs/mail-server.git synced 2024-09-20 07:16:18 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated configuration files

Browse source
This commit is contained in:
Mauro D 2024-01-19 19:10:31 +01:00
parent 02faa04e27
commit d7d27063d8
10 changed files with 98 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
crates/directory/src/backend/ldap/lookup.rs
View file

@ -327,6 +327,13 @@ impl LdapMappings {
fn entry_to_principal(&self, entry: SearchEntry) -> Principal<String> {
let mut principal = Principal::default();
tracing::debug!(
context = "ldap",
event = "fetch_princpal",
entry = ?entry,
"LDAP entry"
);
for (attr, value) in entry.attrs {
if self.attr_name.contains(&attr) {
principal.name = value.into_iter().next().unwrap_or_default();

10
crates/utils/src/config/utils.rs
View file

@ -481,11 +481,11 @@ impl ParseValue for Canonicalization {
impl ParseValue for IpLookupStrategy {
fn parse_value(key: impl AsKey, value: &str) -> super::Result<Self> {
Ok(match value.to_lowercase().as_str() {
"ipv4-only" => IpLookupStrategy::Ipv4Only,
"ipv6-only" => IpLookupStrategy::Ipv6Only,
//"ipv4-and-ipv6" => IpLookupStrategy::Ipv4AndIpv6,
"ipv6-then-ipv4" => IpLookupStrategy::Ipv6thenIpv4,
"ipv4-then-ipv6" => IpLookupStrategy::Ipv4thenIpv6,
"ipv4_only" => IpLookupStrategy::Ipv4Only,
"ipv6_only" => IpLookupStrategy::Ipv6Only,
//"ipv4_and_ipv6" => IpLookupStrategy::Ipv4AndIpv6,
"ipv6_then_ipv4" => IpLookupStrategy::Ipv6thenIpv4,
"ipv4_then_ipv6" => IpLookupStrategy::Ipv4thenIpv6,
_ => {
return Err(format!(
"Invalid IP lookup strategy {:?} for property {:?}.",

14
resources/config/smtp/auth.toml
View file

@ -4,25 +4,25 @@
#############################################
[auth.iprev]
verify = [ { if = "listener", eq = "smtp", then = "relaxed" },
verify = [ { if = "listener = 'smtp'", then = "relaxed" },
{ else = "disable" } ]
[auth.dkim]
verify = "relaxed"
sign = [ { if = "listener", ne = "smtp", then = ["rsa"] },
{ else = [] } ]
sign = [ { if = "listener != 'smtp'", then = "['rsa']" },
{ else = false } ]
[auth.spf.verify]
ehlo = [ { if = "listener", eq = "smtp", then = "relaxed" },
ehlo = [ { if = "listener = 'smtp'", then = "relaxed" },
{ else = "disable" } ]
mail-from = [ { if = "listener", eq = "smtp", then = "relaxed" },
mail-from = [ { if = "listener = 'smtp'", then = "relaxed" },
{ else = "disable" } ]
[auth.arc]
verify = "relaxed"
seal = ["rsa"]
seal = "['rsa']"
[auth.dmarc]
verify = [ { if = "listener", eq = "smtp", then = "relaxed" },
verify = [ { if = "listener = 'smtp'", then = "relaxed" },
{ else = "disable" } ]

2
resources/config/smtp/milter.toml
View file

@ -3,7 +3,7 @@
#############################################
#[session.data.milter."rspamd"]
#enable = [ { if = "listener", eq = "smtp", then = true },
#enable = [ { if = "listener = 'smtp'", then = true },
# { else = false } ]
#hostname = "127.0.0.1"
#port = 11332

16
resources/config/smtp/queue.toml
View file

@ -7,15 +7,15 @@ path = "%{BASE_PATH}%/queue"
hash = 64
[queue.schedule]
retry = ["2m", "5m", "10m", "15m", "30m", "1h", "2h"]
notify = ["1d", "3d"]
retry = "[2m, 5m, 10m, 15m, 30m, 1h, 2h]"
notify = "[1d, 3d]"
expire = "5d"
[queue.outbound]
#hostname = "%{HOST}%"
next-hop = [ { if = "rcpt-domain", in-list = "%{DEFAULT_DIRECTORY}%/domains", then = "local" },
next-hop = [ { if = "is_local_domain('%{DEFAULT_DIRECTORY}%', rcpt_domain)", then = "'local'" },
{ else = false } ]
ip-strategy = "ipv4-then-ipv6"
ip-strategy = "ipv4_then_ipv6"
[queue.outbound.tls]
dane = "optional"
@ -24,8 +24,8 @@ starttls = "require"
allow-invalid-certs = false
#[queue.outbound.source-ip]
#v4 = ["10.0.0.10", "10.0.0.11"]
#v6 = ["a::b", "a::c"]
#v4 = "['10.0.0.10', '10.0.0.11']"
#v6 = "['a::b', 'a::c']"
[queue.outbound.limits]
mx = 7
@ -42,12 +42,12 @@ data = "10m"
mta-sts = "2m"
[[queue.quota]]
#match = {if = "sender-domain", eq = "foobar.org"}
#match = "sender_domain = 'foobar.org'"
#key = ["rcpt"]
messages = 100000
size = 10737418240 # 10gb
[[queue.throttle]]
key = ["rcpt-domain"]
key = ["rcpt_domain"]
#rate = "100/1h"
concurrency = 5

52
resources/config/smtp/report.toml
View file

@ -13,45 +13,45 @@ forward = true
#store = "%{BASE_PATH}%/incoming"
[report.dsn]
from-name = "Mail Delivery Subsystem"
from-address = "MAILER-DAEMON@%{DEFAULT_DOMAIN}%"
sign = ["rsa"]
from-name = "'Mail Delivery Subsystem'"
from-address = "'MAILER-DAEMON@%{DEFAULT_DOMAIN}%'"
sign = "['rsa']"
[report.dkim]
from-name = "Report Subsystem"
from-address = "noreply-dkim@%{DEFAULT_DOMAIN}%"
subject = "DKIM Authentication Failure Report"
sign = ["rsa"]
send = "1/1d"
from-name = "'Report Subsystem'"
from-address = "'noreply-dkim@%{DEFAULT_DOMAIN}%'"
subject = "'DKIM Authentication Failure Report'"
sign = "['rsa']"
send = "[1, 1d]"
[report.spf]
from-name = "Report Subsystem"
from-address = "noreply-spf@%{DEFAULT_DOMAIN}%"
subject = "SPF Authentication Failure Report"
send = "1/1d"
sign = ["rsa"]
from-name = "'Report Subsystem'"
from-address = "'noreply-spf@%{DEFAULT_DOMAIN}%'"
subject = "'SPF Authentication Failure Report'"
send = "[1, 1d]"
sign = "['rsa']"
[report.dmarc]
from-name = "Report Subsystem"
from-address = "noreply-dmarc@%{DEFAULT_DOMAIN}%"
subject = "DMARC Authentication Failure Report"
send = "1/1d"
sign = ["rsa"]
from-name = "'Report Subsystem'"
from-address = "'noreply-dmarc@%{DEFAULT_DOMAIN}%'"
subject = "'DMARC Authentication Failure Report'"
send = "[1, 1d]"
sign = "['rsa']"
[report.dmarc.aggregate]
from-name = "DMARC Report"
from-address = "noreply-dmarc@%{DEFAULT_DOMAIN}%"
org-name = "%{DEFAULT_DOMAIN}%"
from-name = "'DMARC Report'"
from-address = "'noreply-dmarc@%{DEFAULT_DOMAIN}%'"
org-name = "'%{DEFAULT_DOMAIN}%'"
#contact-info = ""
send = "daily"
max-size = 26214400 # 25mb
sign = ["rsa"]
sign = "['rsa']"
[report.tls.aggregate]
from-name = "TLS Report"
from-address = "noreply-tls@%{DEFAULT_DOMAIN}%"
org-name = "%{DEFAULT_DOMAIN}%"
from-name = "'TLS Report'"
from-address = "'noreply-tls@%{DEFAULT_DOMAIN}%'"
org-name = "'%{DEFAULT_DOMAIN}%'"
#contact-info = ""
send = "daily"
max-size = 26214400 # 25 mb
sign = ["rsa"]
sign = "['rsa']"

58
resources/config/smtp/session.toml
View file

@ -8,38 +8,38 @@ transfer-limit = 262144000 # 250 MB
duration = "10m"
[session.connect]
#script = "connect.sieve"
#script = "'connect'"
[session.ehlo]
require = true
reject-non-fqdn = [ { if = "listener", eq = "smtp", then = true},
reject-non-fqdn = [ { if = "listener = 'smtp'", then = true},
{ else = false } ]
#script = "ehlo"
#script = "'ehlo'"
[session.extensions]
pipelining = true
chunking = true
requiretls = true
no-soliciting = ""
dsn = [ { if = "authenticated-as", ne = "", then = true},
dsn = [ { if = "!is_empty(authenticated_as)", then = true},
{ else = false } ]
expn = [ { if = "authenticated-as", ne = "", then = true},
expn = [ { if = "!is_empty(authenticated_as)", then = true},
{ else = false } ]
vrfy = [ { if = "authenticated-as", ne = "", then = true},
vrfy = [ { if = "!is_empty(authenticated_as)", then = true},
{ else = false } ]
future-release = [ { if = "authenticated-as", ne = "", then = "7d"},
future-release = [ { if = "!is_empty(authenticated_as)", then = "7d"},
{ else = false } ]
deliver-by = [ { if = "authenticated-as", ne = "", then = "15d"},
deliver-by = [ { if = "!is_empty(authenticated_as)", then = "15d"},
{ else = false } ]
mt-priority = [ { if = "authenticated-as", ne = "", then = "mixer"},
mt-priority = [ { if = "!is_empty(authenticated_as)", then = "mixer"},
{ else = false } ]
[session.auth]
mechanisms = [ { if = "listener", ne = "smtp", then = ["plain", "login"]},
{ else = [] } ]
directory = [ { if = "listener", ne = "smtp", then = "%{DEFAULT_DIRECTORY}%" },
mechanisms = [ { if = "listener != 'smtp'", then = "[plain, login]"},
{ else = false } ]
directory = [ { if = "listener != 'smtp'", then = "'%{DEFAULT_DIRECTORY}%'" },
{ else = false } ]
require = [ { if = "listener", ne = "smtp", then = true},
require = [ { if = "listener != 'smtp'", then = true},
{ else = false } ]
allow-plain-text = false
@ -49,29 +49,25 @@ wait = "5s"
[session.mail]
#script = "mail-from"
#rewrite = [ { all-of = [ { if = "listener", ne = "smtp" },
# { if = "rcpt", matches = "^([^.]+)@([^.]+)\.(.+)$"},
# ], then = "${1}@${3}" },
#rewrite = [ { if = "listener != 'smtp' & matches('^([^.]+)@([^.]+)\.(.+)$', rcpt)", then = "$1 + '@' + $3" },
# { else = false } ]
[session.rcpt]
#script = "greylist"
relay = [ { if = "authenticated-as", ne = "", then = true },
relay = [ { if = "!is_empty(authenticated_as)", then = true },
{ else = false } ]
#rewrite = [ { all-of = [ { if = "rcpt-domain", in-list = "%{DEFAULT_DIRECTORY}%/domains" },
# { if = "rcpt", matches = "^([^.]+)\.([^.]+)@(.+)$"},
# ], then = "${1}+${2}@${3}" },
#rewrite = [ { if = "is_local_domain('%{DEFAULT_DIRECTORY}%', rcpt_domain) & matches('^([^.]+)\.([^.]+)@(.+)$', rcpt)", then = "$1 + '+' + $2 + '@' + $3" },
# { else = false } ]
max-recipients = 25
directory = "%{DEFAULT_DIRECTORY}%"
directory = "'%{DEFAULT_DIRECTORY}%'"
[session.rcpt.errors]
total = 5
wait = "5s"
[session.data]
script = [ { if = "authenticated-as", eq = "", then = "spam-filter"},
{ else = "track-replies" } ]
script = [ { if = "is_empty(authenticated_as)", then = "'spam-filter'"},
{ else = "'track-replies'" } ]
[session.data.limits]
messages = 10
@ -79,24 +75,24 @@ size = 104857600
received-headers = 50
[session.data.add-headers]
received = [ { if = "listener", eq = "smtp", then = true },
received = [ { if = "listener = 'smtp'", then = true },
{ else = false } ]
received-spf = [ { if = "listener", eq = "smtp", then = true },
received-spf = [ { if = "listener = 'smtp'", then = true },
{ else = false } ]
auth-results = [ { if = "listener", eq = "smtp", then = true },
auth-results = [ { if = "listener = 'smtp'", then = true },
{ else = false } ]
message-id = [ { if = "listener", eq = "smtp", then = false },
message-id = [ { if = "listener = 'smtp'", then = false },
{ else = true } ]
date = [ { if = "listener", eq = "smtp", then = false },
date = [ { if = "listener = 'smtp'", then = false },
{ else = true } ]
return-path = false
[[session.throttle]]
#match = {if = "remote-ip", eq = "10.0.0.1"}
key = ["remote-ip"]
#match = "remote_ip = '10.0.0.1'"
key = ["remote_ip"]
concurrency = 5
#rate = "5/1h"
[[session.throttle]]
key = ["sender-domain", "rcpt"]
key = ["sender_domain", "rcpt"]
rate = "25/1h"

9
tests/resources/scripts/create_test_env.sh
View file

@ -10,6 +10,11 @@ DOMAIN="example.org"
STORE="rocksdb"
FTS_STORE="rocksdb"
BLOB_STORE="rocksdb"
#STORE="sqlite"
#FTS_STORE="sqlite"
#BLOB_STORE="sqlite"
FEATURES="foundationdb postgres mysql rocks elastic s3 redis"
#FEATURES="sqlite"
# Directories
DIRECTORY="internal"
@ -59,5 +64,5 @@ mkdir -p $BASE_DIR/etc/dkim
openssl genpkey -algorithm RSA -out $BASE_DIR/etc/dkim/$DOMAIN.key
# Create admin user
SET_ADMIN_USER="admin" SET_ADMIN_PASS="secret" cargo run -p mail-server --no-default-features --features "foundationdb postgres mysql rocks elastic s3 redis" -- --config=/tmp/stalwart-test/etc/config.toml
cargo run -p mail-server --no-default-features --features "foundationdb postgres mysql rocks elastic s3 redis" -- --config=/tmp/stalwart-test/etc/config.toml
SET_ADMIN_USER="admin" SET_ADMIN_PASS="secret" cargo run -p mail-server --no-default-features --features "$FEATURES" -- --config=/tmp/stalwart-test/etc/config.toml
cargo run -p mail-server --no-default-features --features "$FEATURES" -- --config=/tmp/stalwart-test/etc/config.toml

10
tests/src/imap/mod.rs
View file

@ -93,9 +93,9 @@ certificate = "default"
reject-non-fqdn = false
[session.rcpt]
relay = [ { if = "authenticated-as", ne = "", then = true },
relay = [ { if = "!is_empty(authenticated_as)", then = true },
{ else = false } ]
directory = "auth"
directory = "'auth'"
[session.rcpt.errors]
total = 5
@ -113,8 +113,8 @@ hash = 64
type = "system"
[queue.outbound]
next-hop = [ { if = "rcpt-domain", in-list = "local/domains", then = "local" },
{ if = "rcpt-domain", in-list = "local/remote-domains", then = "mock-smtp" },
next-hop = [ { if = "key_exists('local/domains', rcpt_domain)", then = "'local'" },
{ if = "key_exists('local/remote-domains', rcpt_domain)", then = "'mock-smtp'" },
{ else = false } ]
[remote."mock-smtp"]
@ -127,7 +127,7 @@ implicit = false
allow-invalid-certs = true
[session.extensions]
future-release = [ { if = "authenticated-as", ne = "", then = "99999999d"},
future-release = [ { if = "!is_empty(authenticated_as)", then = "99999999d"},
{ else = false } ]
[store."sqlite"]

10
tests/src/jmap/mod.rs
View file

@ -105,9 +105,9 @@ fail2ban = "101/5s"
reject-non-fqdn = false
[session.rcpt]
relay = [ { if = "authenticated-as", ne = "", then = true },
relay = [ { if = "!is_empty(authenticated_as)", then = true },
{ else = false } ]
directory = "auth"
directory = "'auth'"
[session.rcpt.errors]
total = 5
@ -125,8 +125,8 @@ hash = 64
type = "system"
[queue.outbound]
next-hop = [ { if = "rcpt-domain", in-list = "local/domains", then = "local" },
{ if = "rcpt-domain", in-list = "local/remote-domains", then = "mock-smtp" },
next-hop = [ { if = "key_exists('local/domains', rcpt_domain)", then = "'local'" },
{ if = "key_exists('local/remote-domains', rcpt_domain)", then = "'mock-smtp'" },
{ else = false } ]
[remote."mock-smtp"]
@ -139,7 +139,7 @@ implicit = false
allow-invalid-certs = true
[session.extensions]
future-release = [ { if = "authenticated-as", ne = "", then = "99999999d"},
future-release = [ { if = "!is_empty(authenticated_as)", then = "99999999d"},
{ else = false } ]
[store."sqlite"]