151 lines
3.1 KiB
TOML
151 lines
3.1 KiB
TOML
[server.listener.smtp]
|
|
bind = "[::]:25"
|
|
protocol = "smtp"
|
|
|
|
[server.listener.submission]
|
|
bind = "[::]:587"
|
|
protocol = "smtp"
|
|
|
|
[server.listener.submissions]
|
|
bind = "[::]:465"
|
|
protocol = "smtp"
|
|
tls.implicit = true
|
|
|
|
[server.listener.imap]
|
|
bind = "[::]:143"
|
|
protocol = "imap"
|
|
|
|
[server.listener.imaptls]
|
|
bind = "[::]:993"
|
|
protocol = "imap"
|
|
tls.implicit = true
|
|
|
|
[server.listener.pop3]
|
|
bind = "[::]:110"
|
|
protocol = "pop3"
|
|
|
|
[server.listener.pop3s]
|
|
bind = "[::]:995"
|
|
protocol = "pop3"
|
|
tls.implicit = true
|
|
|
|
[server.listener.sieve]
|
|
bind = "[::]:4190"
|
|
protocol = "managesieve"
|
|
|
|
[server.listener.https]
|
|
protocol = "http"
|
|
bind = "127.0.0.1:8443"
|
|
tls.implicit = false
|
|
|
|
[server.listener.http]
|
|
protocol = "http"
|
|
bind = "127.0.0.1:8880"
|
|
|
|
[storage]
|
|
data = "rocksdb"
|
|
fts = "rocksdb"
|
|
blob = "rocksdb"
|
|
lookup = "rocksdb"
|
|
directory = "internal"
|
|
|
|
[store.rocksdb]
|
|
type = "rocksdb"
|
|
path = "/opt/stalwart/data"
|
|
compression = "lz4"
|
|
|
|
[directory.internal]
|
|
type = "internal"
|
|
store = "rocksdb"
|
|
|
|
[tracer.log]
|
|
type = "log"
|
|
level = "info"
|
|
path = "/opt/stalwart/logs"
|
|
prefix = "stalwart.log"
|
|
rotate = "daily"
|
|
ansi = false
|
|
enable = true
|
|
|
|
[authentication.fallback-admin]
|
|
user = "admin"
|
|
secret = "$6$stalwartjames$OlCxhWXHNuO3Szh.HHPmjuh3oI/B0iCYjeERKqXSlpGHw40oHxVOd0IW9pJZn54QjA2Dbdlrin.SQRfZBG8pw1"
|
|
|
|
[lookup.default]
|
|
hostname = "mail.jongsma.me"
|
|
|
|
[certificate.default]
|
|
cert = "%{file:/etc/letsencrypt/live/mail.jongsma.me/fullchain.pem}%"
|
|
private-key = "%{file:/etc/letsencrypt/live/mail.jongsma.me/privkey.pem}%"
|
|
default = true
|
|
|
|
[server.allowed-ip]
|
|
"47.197.93.62" = true
|
|
|
|
[spam-filter.score]
|
|
spam = 8.0
|
|
discard = 0
|
|
reject = 0
|
|
|
|
[spam-filter.dnsbl.server.mailspike]
|
|
enable = true
|
|
scope = "ip"
|
|
lookup = "bl.mailspike.net"
|
|
tag = "RBL_MAILSPIKE"
|
|
score = 7.0
|
|
|
|
[spam-filter.dnsbl.server.psbl]
|
|
enable = true
|
|
scope = "ip"
|
|
lookup = "psbl.surriel.com"
|
|
tag = "RBL_PSBL"
|
|
score = 6.0
|
|
|
|
[spam-filter.dnsbl.server.uceprotect1]
|
|
enable = true
|
|
scope = "ip"
|
|
lookup = "dnsbl.uceprotect.net"
|
|
tag = "RBL_UCEPROTECT1"
|
|
score = 5.0
|
|
|
|
[spam-filter.dnsbl.server.spamcop]
|
|
enable = true
|
|
scope = "ip"
|
|
lookup = "bl.spamcop.net"
|
|
tag = "RBL_SPAMCOP"
|
|
score = 5.0
|
|
|
|
[spam-filter.dnsbl.server.barracuda]
|
|
enable = true
|
|
scope = "ip"
|
|
lookup = "b.barracudacentral.org"
|
|
tag = "RBL_BARRACUDA"
|
|
score = 5.0
|
|
|
|
|
|
# Trusted senders — bypass Bayes spam scoring (TRUSTED_DOMAIN = -7.0)
|
|
# Added 2026-02-24: squareup.com (Health Link invoices via Square/Amazon SES)
|
|
[lookup.trusted-domains]
|
|
"squareup.com" = ""
|
|
"messaging.squareup.com" = ""
|
|
"amazonses.com" = ""
|
|
|
|
[spam-filter.bayes]
|
|
enable = false
|
|
|
|
# DMARC+DKIM pass = guaranteed inbox — score so low it can never be stamped as spam
|
|
# Replaces defaults: DMARC_POLICY_ALLOW=-0.5, DKIM_ALLOW=-0.2
|
|
[spam-filter.list.scores]
|
|
DMARC_POLICY_ALLOW = -100.0
|
|
DKIM_ALLOW = -50.0
|
|
|
|
# DKIM signature for vault1984.com
|
|
[signature."ed25519-vault1984.com"]
|
|
algorithm = "ed25519-sha256"
|
|
canonicalization = "relaxed/relaxed"
|
|
domain = "vault1984.com"
|
|
headers = ["From", "To", "Date", "Subject", "Message-ID"]
|
|
private-key = "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIO8f0CnaZdOxw5kZg32P2gZdVtCv+nNi1dPQokbRBTjV\n-----END PRIVATE KEY-----\n"
|
|
report = false
|
|
selector = "stalwart"
|