[default]
# Whether gpg-mailgate should add a header after it has processed an email
# This may be useful for debugging purposes
add_header = {{ lacre_add_header }}

# Whether we should only encrypt emails if they are explicitly defined in
# the key mappings below ([enc_keymap] section)
# This means gpg-mailgate won't automatically detect PGP recipients for encrypting
enc_keymap_only = {{ lacre_enc_keymap_only }}

# Whether we should only decrypt emails if they are explicitly defined in
# the key mappings below ([dec_keymap] section)
# This means gpg-mailgate won't automatically detect PGP recipients for decrypting
dec_keymap_only = {{ lacre_dec_keymap_only }}

# If dec_keymap_only is set to yes and recipients have private keys present for decrypting
# but are not on in the keymap, this can cause that mails for them will be
# encrypted. Set this to no if you want this behaviour.
failsave_dec = {{ lacre_failsave_dec }}

# Convert encrypted text/plain email to MIME-attached encrypt style.
# (Default is to use older inline-style PGP encoding.)
mime_conversion = {{ lacre_mime_conversion }}

# RFC 2821 defines that the user part (User@domain.tld) of a mail address should be treated case sensitive.
# However, in the real world this is ignored very often. This option disables the RFC 2821
# compatibility so both the user part and the domain part are treated case insensitive.
# Disabling the compatibility is more convenient to users. So if you know that your
# recipients all ignore the RFC you could this to yes.
mail_case_insensitive = {{ lacre_mail_case_insensitive }}

# This setting disables PGP/INLINE decryption completely. However,
# PGP/MIME encrypted mails will still be decrypted if possible. PGP/INLINE
# decryption has to be seen as experimental and could have some negative
# side effects. So if you want to take the risk set this to no.
no_inline_dec = {{ lacre_no_inline_dec }}

# Here you can define a regex for which the gateway should try to decrypt mails.
# It could be used to define that decryption should be used for a wider range of
# mail addresses e.g. a whole domain. No key is needed here. It is even active if 
# dec_keymap is set to yes. If this feature should be disabled, don't leave it blank.
# Set it to None. For further regex information please have a look at
# https://docs.python.org/2/library/re.html
dec_regex = {{ lacre_dec_regex }}

[gpg]
# the directory where gpg-mailgate public keys are stored
# (see INSTALL for details)
keyhome = {{ lacre_keyhome }}

[smime]
# the directory for the S/MIME certificate files
cert_path = {{ lacre_cert_path }}

[mailregister]
# settings for the register-handler
register_email = {{ lacre_register_email }}
mail_templates = {{ lacre_mail_templates }}
# URL to webpanel. The server should be able to reach it
webpanel_url = {{ lacre_webpanel_url }}

[cron]
# settings for the gpgmw cron job
send_email = yes
notification_email = {{ lacre_notification_email }}
mail_templates = {{ lacre_mail_templates }}

[logging]
# path to the logging configuration; see documentation for details:
# https://docs.python.org/3/library/logging.config.html#logging-config-fileformat
config = {{ lacre_logfile }}

[relay]
# the relay settings to use for Postfix
# gpg-mailgate will submit email to this relay after it is done processing
# unless you alter the default Postfix configuration, you won't have to modify this
host = {{ lacre_relay }}
port = {{ lacre_port }}
# This is the default port of postfix. It is used to send some
# mails through the GPG-Mailgate so they are encrypted
enc_port = {{ lacre_enc_port }}

# Set this option to yes to use TLS for SMTP Servers which require TLS.
starttls = {{ lacre_starttls }}


[smtp]
# Options when smtp auth is required to send out emails 
enabled = {{ lacre_smtp_enabled }}
username = {{ lacre_smtp_username }}
password = {{ lacre_smtp_password }}
host = {{ lacre_smtp_host }}
port = {{ lacre_smtp_port }}
starttls = {{ lacre_smtp_starttls }}

[database]
enabled = {{ lacre_webgate_db_enabled }}
{% if lacre_webgate_db_backend == 'sqlite' %}
url = sqlite://{{ lacre_webgate_db_name }}
{% endif %}
{% if lacre_webgate_db_backend == 'mysql' %}
url = mysql://{{ lacre_webgate_db_username }}:{{ lacre_webgate_db_password }}@{{ lacre_webgate_db_host }}/{{ lacre_webgate_db_name }}
{% endif %}

[enc_keymap]
# You can find these by running the following command:
#	gpg --list-keys --keyid-format long user@example.com
# Which will return output similar to:
#	pub   1024D/AAAAAAAAAAAAAAAA 2007-10-22
#	uid                          Joe User <user@example.com>
#	sub   2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#you@domain.tld = 12345678

[enc_domain_keymap]
# This seems to be similar to the [enc_keymap] section. However, you
# can define default keys for a domain here. Entries in the enc_keymap
# and individual keys stored on the system have a higher priority than
# the default keys specified here.
#
#
# You can find these by running the following command:
#	gpg --list-keys --keyid-format long user@example.com
# Which will return output similar to:
#	pub   1024D/AAAAAAAAAAAAAAAA 2007-10-22
#	uid                          Joe User <user@example.com>
#	sub   2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#domain.tld = 12345678

[dec_keymap]
# You can find these by running the following command:
#	gpg --list-secret-keys --keyid-format long user@example.com
# Which will return output similar to:
#	sec   1024D/AAAAAAAAAAAAAAAA 2007-10-22
#	uid                          Joe User <user@example.com>
#	ssb   2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#you@domain.tld = 12345678

[pgp_style]
# Here a PGP style (inline or PGP/MIME) could be defined for recipients.
# This overwrites the setting mime_conversion for the defined recipients.
# Valid entries are inline and mime
# If an entry is not valid, the setting mime_conversion is used as fallback.
#you@domian.tld = mime