A mailgate for Postfix to encrypt incoming and outgoing email with S/MIME and/or OpenPGP and decrypting OpenPGP encrypted emails https://lacre.io
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

136 lines
5.2 KiB

12 years ago
12 years ago
12 years ago
12 years ago
12 years ago
12 years ago
12 years ago
12 years ago
12 years ago
  1. [default]
  2. # Whether gpg-mailgate should add a header after it has processed an email
  3. # This may be useful for debugging purposes
  4. add_header = yes
  5. # Whether we should only encrypt emails if they are explicitly defined in
  6. # the key mappings below ([enc_keymap] section)
  7. # This means gpg-mailgate won't automatically detect PGP recipients for encrypting
  8. enc_keymap_only = no
  9. # Whether we should only decrypt emails if they are explicitly defined in
  10. # the key mappings below ([dec_keymap] section)
  11. # This means gpg-mailgate won't automatically detect PGP recipients for decrypting
  12. dec_keymap_only = no
  13. # If dec_keymap_only is set to yes and recipients have private keys present for decrypting
  14. # but are not on in the keymap, this can cause that mails for them will be
  15. # encrypted. Set this to no if you want this behaviour.
  16. failsave_dec = yes
  17. # Convert encrypted text/plain email to MIME-attached encrypt style.
  18. # (Default is to use older inline-style PGP encoding.)
  19. mime_conversion = yes
  20. # RFC 2821 defines that the user part (User@domain.tld) of a mail address should be treated case sensitive.
  21. # However, in the real world this is ignored very often. This option disables the RFC 2821
  22. # compatibility so both the user part and the domain part are treated case insensitive.
  23. # Disabling the compatibility is more convenient to users. So if you know that your
  24. # recipients all ignore the RFC you could this to yes.
  25. mail_case_insensitive = no
  26. # This setting disables PGP/INLINE decryption completely. However,
  27. # PGP/MIME encrypted mails will still be decrypted if possible. PGP/INLINE
  28. # decryption has to be seen as experimental and could have some negative
  29. # side effects. So if you want to take the risk set this to no.
  30. no_inline_dec = yes
  31. # Here you can define a regex for which the gateway should try to decrypt mails.
  32. # It could be used to define that decryption should be used for a wider range of
  33. # mail addresses e.g. a whole domain. No key is needed here. It is even active if
  34. # dec_keymap is set to yes. If this feature should be disabled, don't leave it blank.
  35. # Set it to None. For further regex information please have a look at
  36. # https://docs.python.org/2/library/re.html
  37. dec_regex = None
  38. [gpg]
  39. # the directory where gpg-mailgate public keys are stored
  40. # (see INSTALL for details)
  41. keyhome = /var/gpgmailgate/.gnupg
  42. [smime]
  43. # the directory for the S/MIME certificate files
  44. cert_path = /var/gpgmailgate/smime
  45. [mailregister]
  46. # settings for the register-handler
  47. register_email = register@yourdomain.tld
  48. mail_templates = /var/gpgmailgate/register_templates
  49. # URL to webpanel. The server should be able to reach it
  50. webpanel_url = http://yourdomain.tld
  51. [cron]
  52. # settings for the gpgmw cron job
  53. send_email = yes
  54. notification_email = gpg-mailgate@yourdomain.tld
  55. mail_templates = /var/gpgmailgate/cron_templates
  56. [logging]
  57. # For logging to syslog. 'file = syslog', otherwise use path to the file.
  58. file = syslog
  59. verbose = yes
  60. [relay]
  61. # the relay settings to use for Postfix
  62. # gpg-mailgate will submit email to this relay after it is done processing
  63. # unless you alter the default Postfix configuration, you won't have to modify this
  64. host = 127.0.0.1
  65. port = 10028
  66. # This is the default port of postfix. It is used to send some
  67. # mails through the GPG-Mailgate so they are encrypted
  68. enc_port = 25
  69. # Set this option to yes to use TLS for SMTP Servers which require TLS.
  70. starttls = no
  71. [database]
  72. # uncomment the settings below if you want
  73. # to read keys from a gpg-mailgate-web database
  74. enabled = yes
  75. name = gpgmw
  76. host = localhost
  77. username = gpgmw
  78. password = password
  79. [enc_keymap]
  80. # You can find these by running the following command:
  81. # gpg --list-keys --keyid-format long user@example.com
  82. # Which will return output similar to:
  83. # pub 1024D/AAAAAAAAAAAAAAAA 2007-10-22
  84. # uid Joe User <user@example.com>
  85. # sub 2048g/BBBBBBBBBBBBBBBB 2007-10-22
  86. # You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
  87. #you@domain.tld = 12345678
  88. [enc_domain_keymap]
  89. # This seems to be similar to the [enc_keymap] section. However, you
  90. # can define default keys for a domain here. Entries in the enc_keymap
  91. # and individual keys stored on the system have a higher priority than
  92. # the default keys specified here.
  93. #
  94. #
  95. # You can find these by running the following command:
  96. # gpg --list-keys --keyid-format long user@example.com
  97. # Which will return output similar to:
  98. # pub 1024D/AAAAAAAAAAAAAAAA 2007-10-22
  99. # uid Joe User <user@example.com>
  100. # sub 2048g/BBBBBBBBBBBBBBBB 2007-10-22
  101. # You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
  102. #domain.tld = 12345678
  103. [dec_keymap]
  104. # You can find these by running the following command:
  105. # gpg --list-secret-keys --keyid-format long user@example.com
  106. # Which will return output similar to:
  107. # sec 1024D/AAAAAAAAAAAAAAAA 2007-10-22
  108. # uid Joe User <user@example.com>
  109. # ssb 2048g/BBBBBBBBBBBBBBBB 2007-10-22
  110. # You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
  111. #you@domain.tld = 12345678
  112. [pgp_style]
  113. # Here a PGP style (inline or PGP/MIME) could be defined for recipients.
  114. # This overwrites the setting mime_conversion for the defined recipients.
  115. # Valid entries are inline and mime
  116. # If an entry is not valid, the setting mime_conversion is used as fallback.
  117. #you@domian.tld = mime