[default] # Whether lacre should add a header after it has processed an email # This may be useful for debugging purposes add_header = yes # Whether we should only encrypt emails if they are explicitly defined in # the key mappings below ([enc_keymap] section) # This means lacre won't automatically detect PGP recipients for encrypting enc_keymap_only = no # Convert encrypted text/plain email to MIME-attached encrypt style. # (Default is to use older inline-style PGP encoding.) mime_conversion = yes # RFC 2821 defines that the user part (User@domain.tld) of a mail address should be treated case sensitive. # However, in the real world this is ignored very often. This option disables the RFC 2821 # compatibility so both the user part and the domain part are treated case insensitive. # Disabling the compatibility is more convenient to users. So if you know that your # recipients all ignore the RFC you could this to yes. mail_case_insensitive = no [gpg] # the directory where lacre public keys are stored # (see INSTALL for details) # # Note that this directory should be accessible only for the Lacre user, # i.e. have mode 700. keyhome = /var/lacre/.gnupg [smime] # the directory for the S/MIME certificate files cert_path = /var/lacre/smime [mailregister] # settings for the register-handler register_email = register@yourdomain.tld mail_templates = /var/lacre/register_templates # URL to webpanel. Upon receiving an email with a key, register-handler # uploads it to the web panel. webpanel_url = http://yourdomain.tld [cron] # settings for the cron job send_email = yes notification_email = lacre@yourdomain.tld mail_templates = /var/lacre/cron_templates [logging] # path to the logging configuration; see documentation for details: # https://docs.python.org/3/library/logging.config.html#logging-config-fileformat config = /etc/lacre-logging.conf [daemon] # Advanced Content Filter section. # # Advanced filters differ from Simple ones by providing a daemon that handles # requests, instead of starting a new process each time a message arrives. host = 127.0.0.1 port = 10025 # Maximum size (in bytes) of message body, i.e. data provided after DATA # message. Following value comes from aiosmtpd module's default for this # setting. max_data_bytes = 33554432 # Sometimes it may make sense to log additional information from mail headers. # This should never be PII, but information like encoding, content types, etc. log_headers = no # Sometimes we might fail to load keys and need to choose between delivering # in cleartext or not delivering. The default is to deliver cleartext, but # administrators can make this decision on their own. bounce_on_keys_missing = no [relay] # the relay settings to use for Postfix # lacre will submit email to this relay after it is done processing # unless you alter the default Postfix configuration, you won't have to modify this host = 127.0.0.1 port = 10028 # This is the default port of postfix. It is used to send some # mails through the Lacre so they are encrypted enc_port = 25 # Set this option to yes to use TLS for SMTP Servers which require TLS. starttls = no [smtp] # Options when smtp auth is required to send out emails enabled = false username = lacre password = changeme host = yourdomain.tld port = 587 starttls = true [database] # edit the settings below if you want to read keys from a # lacre-webgate database other than SQLite enabled = yes url = sqlite:///test.db # Pooling mode: pessimistic or optimistic (required parameter). # # - Pessimistic disconnect-handling: pre_ping. Connection pool will try using # connection before it executes a SQL query to find out if the connection is # still alive. If not, it'll just establish a new connection. # # - Optimistic distonnect-handling: just avoid using connections after some # time. # pooling_mode = optimistic # For a MySQL database "lacre", user "lacre" and password "password", # use the following URL: # #url = mysql://lacre:password@localhost/lacre # # For other RDBMS backends, see: # https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls # Number of seconds after which an idle connection is recycled. This is # useful with MySQL servers. This is only used with pooling_mode=optimistic. # For more information, see: # https://docs.sqlalchemy.org/en/14/core/engines.html#sqlalchemy.create_engine.params.pool_recycle #max_connection_age = 3600 # Number of connections stored in the pool. #pool_size = 5 # If the pool size is not enough for current traffic, some connections can be # made and closed after use, to avoid pool growth and connection rejections. #max_overflow = 10 [enc_keymap] # You can find these by running the following command: # gpg --list-keys --keyid-format long user@example.com # Which will return output similar to: # pub 1024D/AAAAAAAAAAAAAAAA 2007-10-22 # uid Joe User # sub 2048g/BBBBBBBBBBBBBBBB 2007-10-22 # You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB. #you@domain.tld = 12345678 [enc_domain_keymap] # This seems to be similar to the [enc_keymap] section. However, you # can define default keys for a domain here. Entries in the enc_keymap # and individual keys stored on the system have a higher priority than # the default keys specified here. # # # You can find these by running the following command: # gpg --list-keys --keyid-format long user@example.com # Which will return output similar to: # pub 1024D/AAAAAAAAAAAAAAAA 2007-10-22 # uid Joe User # sub 2048g/BBBBBBBBBBBBBBBB 2007-10-22 # You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB. #domain.tld = 12345678 [dec_keymap] # You can find these by running the following command: # gpg --list-secret-keys --keyid-format long user@example.com # Which will return output similar to: # sec 1024D/AAAAAAAAAAAAAAAA 2007-10-22 # uid Joe User # ssb 2048g/BBBBBBBBBBBBBBBB 2007-10-22 # You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB. #you@domain.tld = 12345678 [pgp_style] # Here a PGP style (inline or PGP/MIME) could be defined for recipients. # This overwrites the setting mime_conversion for the defined recipients. # Valid entries are inline and mime # If an entry is not valid, the setting mime_conversion is used as fallback. #you@domian.tld = mime