#############################################
# Directory configuration
#############################################

[directory."sql"]
type = "sql"
address = "sqlite://__PATH__/data/accounts.sqlite3?mode=rwc"

[directory."sql".options]
catch-all = true
#catch-all = { map = "(.+)@(.+)$", to = "info@${2}" }
subaddressing = true
#subaddressing = { map = "^([^.]+)\.([^.]+)@(.+)$", to = "${2}@${3}" }
superuser-group = "superusers"

[directory."sql".pool]
max-connections = 10
min-connections = 0
#idle-timeout = "10m"

[directory."sql".cache]
entries = 500
ttl = {positive = '1h', negative = '10m'}

[directory."sql".query]
name = "SELECT name, type, secret, description, quota FROM accounts WHERE name = ? AND active = true"
members = "SELECT member_of FROM group_members WHERE name = ?"
recipients = "SELECT name FROM emails WHERE address = ?"
emails = "SELECT address FROM emails WHERE name = ? AND type != 'list' ORDER BY type DESC, address ASC"
verify = "SELECT address FROM emails WHERE address LIKE '%' || ? || '%' AND type = 'primary' ORDER BY address LIMIT 5"
expand = "SELECT p.address FROM emails AS p JOIN emails AS l ON p.name = l.name WHERE p.type = 'primary' AND l.address = ? AND l.type = 'list' ORDER BY p.address LIMIT 50"
domains = "SELECT 1 FROM emails WHERE address LIKE '%@' || ? LIMIT 1"

[directory."sql".columns]
name = "name"
description = "description"
secret = "secret"
email = "address"
quota = "quota"
type = "type"

[directory."ldap"]
type = "ldap"
address = "ldap://localhost:3893"
base-dn = "dc=example,dc=org"

[directory."ldap".bind]
dn = "cn=serviceuser,ou=svcaccts,dc=example,dc=org"
secret = "mysecret"

[directory."ldap".cache]
entries = 500
ttl = {positive = '1h', negative = '10m'}

[directory."ldap".options]
catch-all = true
#catch-all = { map = "(.+)@(.+)$", to = "info@${2}" }
subaddressing = true
#subaddressing = { map = "^([^.]+)\.([^.]+)@(.+)$", to = "${2}@${3}" }
superuser-group = "superusers"

[directory."ldap".pool]
max-connections = 10
min-connections = 0
max-lifetime = "30m"
idle-timeout = "10m"
connect-timeout = "30s"

[directory."ldap".filter]
name = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(uid=?))"
email = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=?)(mailAlias=?)(mailList=?)))"
verify = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=*?*)(mailAlias=*?*)))"
expand = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(mailList=?))"
domains = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=*@?)(mailAlias=*@?)))"

[directory."ldap".object-classes]
user = "posixAccount"
group = "posixGroup"

[directory."ldap".attributes]
name = "uid"
description = ["principalName", "description"]
secret = "userPassword"
groups = ["memberOf", "otherGroups"]
email = "mail"
email-alias = "mailAlias"
quota = "diskQuota"

[directory."imap"]
type = "imap"
address = "127.0.0.1"
port = 993

[directory."imap".pool]
max-connections = 10
min-connections = 0
max-lifetime = "30m"
idle-timeout = "10m"
connect-timeout = "30s"

[directory."imap".tls]
implicit = true
allow-invalid-certs = true

[directory."imap".cache]
entries = 500
ttl = {positive = '1h', negative = '10m'}

[directory."imap".lookup]
domains = ["__DOMAIN__"]

[directory."lmtp"]
type = "lmtp"
address = "127.0.0.1"
port = 11200

[directory."lmtp".limits]
auth-errors = 3
rcpt = 5

[directory."lmtp".pool]
max-connections = 10
min-connections = 0
max-lifetime = "30m"
idle-timeout = "10m"
connect-timeout = "30s"

[directory."lmtp".tls]
implicit = false
allow-invalid-certs = true

[directory."lmtp".cache]
entries = 500
ttl = {positive = '1h', negative = '10m'}

[directory."lmtp".lookup]
domains = ["__DOMAIN__"]

[directory."memory"]
type = "memory"

[directory."memory".options]
catch-all = true
#catch-all = { map = "(.+)@(.+)$", to = "info@${2}" }
subaddressing = true
#subaddressing = { map = "^([^.]+)\.([^.]+)@(.+)$", to = "${2}@${3}" }
superuser-group = "superusers"

[[directory."memory".users]]
name = "admin"
description = "Superuser"
secret = "changeme"
email = ["postmaster@__DOMAIN__"]
member-of = ["superusers"]

[[directory."memory".users]]
name = "jane"
description = "Jane Doe"
secret = "abcde"
email = ["jane@__DOMAIN__", "jane.doe@__DOMAIN__"]
email-list = ["info@__DOMAIN__"]
member-of = ["sales", "support"]

[[directory."memory".users]]
name = "bill"
description = "Bill Foobar"
secret = "$2y$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe"
quota = 50000000
email = ["bill@__DOMAIN__", "bill.foobar@__DOMAIN__"]
email-list = ["info@__DOMAIN__"]

[[directory."memory".groups]]
name = "sales"
description = "Sales Team"

[[directory."memory".groups]]
name = "support"
description = "Support Team"

[directory."memory".lookup]
domains = ["__DOMAIN__"]