# plugins/wildduck.toml ["modules/@zone-eu/zonemta-wildduck"] enabled = ["receiver", "main", "sender"] # to which SMTP interfaces this plugin applies to. Use "*" for all interfaces interfaces = ["feeder"] # optional hostname to be used in headers # defaults to os.hostname() hostname = "example.com" # How long to keep auth records in log # NB! removed, use const:authlog:time setting instead #authlogExpireDays=30 disableUploads = false # if true then messages are not uploaded to Sent Mail folder uploadAll = false # if false then messages from Outlook are not uploaded to Sent Mail folder # SRS settings for forwarded emails # --------------------------------- ["modules/@zone-eu/zonemta-wildduck".srs] # Handle rewriting of forwarded emails. If false then SRS is not used # Only affect messages that have interface set to "forwarder" enabled = true # SRS secret value. Must be the same as in the MX side secret = "secret value" # SRS domain, must resolve back to MX rewriteDomain = "example.com" # DKIM Settings # ------------- ["modules/@zone-eu/zonemta-wildduck".dkim] # If true then also adds a signature for the outbound domain signTransportDomain = false # If set then decrypt encrypted DKIM keys using this password #secret="a secret cat" # Cipher to use to decrypt encrypted DKIM keys (legacy keys only) #cipher="aes192" # Logging Settings # ------------- ["modules/@zone-eu/zonemta-wildduck".gelf] enabled = false component = "mta" ["modules/@zone-eu/zonemta-wildduck".gelf.options] graylogPort = 12201 graylogHostname = '127.0.0.1' connection = 'lan' # Certificate Settings # ------------- ["modules/@zone-eu/zonemta-wildduck".certs] # Configuration for centralised TLS certification handling # If set then decrypt encrypted TLS keys using this password #secret="a secret cat" # Cipher to use to decrypt encrypted TLS keys (legacy keys only) #cipher="aes192" ["modules/@zone-eu/zonemta-wildduck".certs.tlsOptions] # options from https://nodejs.org/dist/latest-v16.x/docs/api/tls.html#tls_tls_createsecurecontext_options minVersion = "TLSv1" # Autogenerated SNI certificates # ------------------------------ ["modules/@zone-eu/zonemta-wildduck".acme] # ACME configuration for generating TLS certificates with Let's Encrypt # Only relevant if acme.autogenerate.enabled is `true`, otherwise no certificates are generated using this module # ACME production settings # Must match with ACME settings in WildDuck key = "production" directoryUrl = "https://acme-v02.api.letsencrypt.org/directory" email = "domainadmin@example.com" # If hostname has a CAA record set then match it against this list # CAA check is done before WildDuck tries to request certificate from ACME caaDomains = ["letsencrypt.org"] # Private key settings, if WildDuck has to generate a key by itself keyBits = 2048 keyExponent = 65537 ["modules/@zone-eu/zonemta-wildduck".acme.autogenerate] # If enabled then automatically generates TLS certificates based on SNI servernames enabled = false ["modules/@zone-eu/zonemta-wildduck".acme.autogenerate.cnameMapping] # Sudomain CNAME mapping # "abc" = ["def.com"] means that if the SNI servername domain is "abc.{domain}" # then there must be a CNAME record for this domain that points to "def.com". # If multiple CNAME targets are defined (eg ["def.com", "bef.com"], then at least 1 must match. # Additionally, there must be at least 1 email account with "@{domain}" address. # If there is no match, then TLS certificate is not generated. #imap = ["imap.example.com"] #smtp = ["smtp.example.com"] #pop3 = ["imap.example.com"] #["modules/@zone-eu/zonemta-wildduck".mxRoutes] # "*.l.google.com" = "gmail"