forked from jsuto/piler
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexample.conf
275 lines (219 loc) · 8.76 KB
/
example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
; This is an example config with default values
; Attention: do _not_ use whitespace between keys and values
; verbosity level. The more logging the greater load
; 1: normal
; 3: info
; 5: debug
verbosity=1
; unique server id. If you have more than 1 piler hosts combined,
; then assign a unique value to each host. Possible values: 0-255
server_id=0
; piler daemon will use this user (and its group)
; it it was started by root
username=piler
; by default (unless a specific retention rule applies),
; preserve an email for this many days. The purge utility
; won't harm the message until its retention days are gone.
; The default is 7 years + 2 days (=7*365+2=2557 days)
default_retention_days=2557
; The initialization vector for encryption.
; By now it has become obsolete. Don't use it for
; new installations. However, if you used it before
; then you must keep it as it is.
;iv=
; whether to encrypt messages (1) or not (0).
; Make sure to set this value to your needs right after installing piler,
; and don't change it after you got the first email. Otherwise
; you'll have half the archive encrypted, the other half unencrypted
; which will cause problems.
encrypt_messages=1
; number of worker processes, ie. the number of simultaneous smtp connections to piler.
; This value should be the number of cpus + 1, ie. 2 for a single cpu host
number_of_worker_processes=2
; max. number of parallel connections piler-smtp can handle.
; Important! If you want to change this value, then you must first
; stop piler-smtp, change the value, then start piler-smtp.
; I don't suggest to go under 10 or above 1000.
max_connections=64
; number of processed emails per each piler process
max_requests_per_child=10000
; SMTP HELO identification string
; this should be the FQDN part of the email address
; where you copy emails, eg. archive@piler.example.com -> piler.example.com
hostid=piler.example.com
; whether to process rcpt to addresses and add them to rcpt table (1) or not (0)
process_rcpt_to_addresses=0
; write pid file
pidfile=/var/run/piler/piler.pid
; piler will listen here
; if you have postfix, exim, ... installed on localhost
; then make sure to set the listen_addr parameter for piler
listen_addr=0.0.0.0
listen_port=25
clamd_socket=/tmp/clamd
; check for client timeout interval. Default: 20 sec
check_for_client_timeout_interval=20
; smtp timeout. Default: 60 sec
smtp_timeout=60
helper_timeout=20
; whether to run external attachment extractors (1) or not (0)
extract_attachments=1
; the 2nd parameter of the listen() system call. Please note that this is set
; when piler starts up and you should restart piler if you change this variable.
; Please also note that the meaning of this variable depends on your Unix implementation
backlog=20
workdir=/var/piler/tmp
; whether to enable writing folder_message table (1) or not (0)
enable_folders=0
; discard a message if it's shorter than this value (in bytes)
min_message_size=100
;
; starttls stuff
;
; whether to enable (1) or disable (0) starttls support
tls_enable=0
; PEM file containing both the certificate and the private key.
; Make sure to create this file (and secure it with chmod 600 /usr/local/etc/piler.pem)
; before turning on starttls support!
pemfile=
; cipher list to use, see 'man SSL_CTX_set_cipher_list' for more details
cipher_list=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
; set the minimum TLS protocol version for piler-smtp daemon
;
; Valid values: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
; TLSv1 and TLSv1.1 are not recommended for security reasons
tls_min_version=TLSv1.2
; piler's own header to indicate previously archived messages
piler_header_field=X-piler-id:
; extra header field to treat as To:
;
; to make postfix to insert the envelope recipient address to the email
; header, do the following:
;
; /etc/postfix/main.cf:
;
; smtpd_recipient_restrictions = reject_non_fqdn_recipient, ... check_recipient_access pcre:$config_directory/x-add-envelope-to, ...
;
; /etc/postfix/x-add-envelope-to:
;
; /(.*)/ prepend X-Envelope-To: $1
;
extra_to_field=X-Envelope-To:
; whether to archive an email not having a Message-ID header line (1)
; or not (0).
; If enabled then piler will assign piler_id as the message-id
; to messages without message-id.
archive_emails_not_having_message_id=0
; whether to archive each and every single email received (0) or
; only those on the mydomains list (1). The default is to archive
; everything
archive_only_mydomains=0
; whether to syslog the recipients of the email in the following format:
; 400000.....xxxxx: rcpt=recipient1@domain.com
; 400000.....xxxxx: rcpt=recipient2@domain.com
syslog_recipients=0
; minimum word length in mail body to index
min_word_len=1
; whether to enable CJK (=Chinese, Japanese, and Korean) "characters".
; the text piler can see with CJK languages may have extremely long
; sequences without any whitespace. To prevent the parser to drop
; these very long sequences, enable (1) this feature. By default it's
; disabled (0).
enable_cjk=0
; whether to enable the CHUNKING / BDAT feature (1) or not (0)
; You may read about the feature at https://tools.ietf.org/html/rfc3030)
enable_chunking=0
; if piler detects this line in the mail header, then it will assume
; the message is a spam. You should include your own antispam solution's
; specific line.
;
; If you use SpamAssassin you may use
;
; spam_header_line=X-Spam-Status: Yes
;
; OR
;
; spam_header_line=X-Spam-Level: ********
;
; The default value is empty.
spam_header_line=
;
; memcached stuff
;
; memcached server to use. Currently piler supports only 1 memcached server
memcached_servers=127.0.0.1
; ttl (in secs) of a stored object
; 0 means records don't expire
memcached_ttl=86400
; whether to update counters to memcached (1) or to the database (0)
update_counters_to_memcached=0
; interval to sync memcached data (eg. counters) to database
; this setting is only effective if you have update_counters_to_memcached=1
;
; hint: if you are using a mysql replicated environment and you do _not_ want
; piler to write to the replicated database (because you do sync it some other
; way to the master database or you are not interested in keeping the counters
; persistantly at all), then specify a big number here, that fits to the
; "long int" size, eg. 2147483647
memcached_to_db_interval=900
;
; mysql stuff
;
// this can be either utf8 or utf8mb4. Make sure to match the value
// to the charset of the piler database! Also, make sure to set this
// value in sphinx.conf
mysqlcharset=utf8mb4
;mysqlhost=127.0.0.1
;mysqlport=3306
mysqlsocket=/var/run/mysqld/mysqld.sock
mysqluser=piler
mysqlpwd=verystrongpassword
mysqldb=piler
mysql_connect_timeout=2
;
; manticore stuff
;
sphxhost=127.0.0.1
sphxport=9306
sphxdb=piler1
; whether to enable (1) or not (0) the rt index. If so, then piler
; writes the index data directly to manticore's sql API
rtindex=1
; if you want to change the 'sent' time as you archive the message
; set this in seconds. This can be a postive or negative value.
; By default this feature is not enabled, use --tweak-sent-time
; configure option to enable it.
tweak_sent_time_offset=0
; whether to enable (1) or not (0) the extra mmap dedup test feature
; if you change it, be sure to stop, then start piler
mmap_dedup_test=0
; security header that must be present in the first mail header of
; the message. If the security_header value is not empty, then the
; parser checks for this header line. Unless it's found it will discard
; the given email. Note that this feature is supposed to be a security
; mechanism against unwanted email in the archive if limiting smtp
; clients via an IP-address list is not feasible.
security_header=
; By default the archive accepts any envelope recipient addresses.
; If your archive's port 25 is wide open to the Internet (which it
; shouldn't be, then spammers may find it, and fill it with spam.
;
; By setting this variable you may restrict the envelope address
; to a single email address, eg. some-random-address-12345@archive.example.com
; Then the archive will reject any other envelope recipients
archive_address=
; whether to enable (1) or not (0) an smtp access list similar to
; postfix's postscreen. Valid actions in the acl file are "permit"
; and "reject" (without quotes). See smtp.acl.example for more.
;
; Important! There's an implicit default deny at the end of the
; rules. In other words if you decide to use the acl file, then
; everyone is not explicitly permitted is denied.
smtp_access_list=0
; max message size in bytes
; piler-smtp will reject any message that's bigger than this number
max_message_size=50000000
; max memory in bytes piler-smtp uses for buffering messages
; when this limit is exceeded, no new emails will be accepted
; until the used memory decreases below this level
max_smtp_memory=500000000