gpg-lacre/gpg-mailgate.conf.sample

[default]
# Whether gpg-mailgate should add a header after it has processed an email
# This may be useful for debugging purposes
add_header = yes

# Whether we should only encrypt emails if they are explicitly defined in
# the key mappings below ([enc_keymap] section)
# This means gpg-mailgate won't automatically detect PGP recipients for encrypting
enc_keymap_only = no

# Whether we should only decrypt emails if they are explicitly defined in
# the key mappings below ([dec_keymap] section)
# This means gpg-mailgate won't automatically detect PGP recipients for decrypting
dec_keymap_only = no

# If dec_keymap_only is set to yes and recipients have private keys present for decrypting
# but are not on in the keymap, this can cause that mails for them will be
# encrypted. Set this to no if you want this behaviour.
failsave_dec = yes

# Convert encrypted text/plain email to MIME-attached encrypt style.
# (Default is to use older inline-style PGP encoding.)
mime_conversion = yes

# RFC 2821 defines that the user part (User@domain.tld) of a mail address should be treated case sensitive.
# However, in the real world this is ignored very often. This option disables the RFC 2821
# compatibility so both the user part and the domain part are treated case insensitive.
# Disabling the compatibility is more convenient to users. So if you know that your
# recipients all ignore the RFC you could this to yes.
mail_case_insensitive = no

# This setting disables PGP/INLINE decryption completely. However,
# PGP/MIME encrypted mails will still be decrypted if possible. PGP/INLINE
# decryption has to be seen as experimental and could have some negative
# side effects. So if you want to take the risk set this to no.
no_inline_dec = yes

# Here you can define a regex for which the gateway should try to decrypt mails.
# It could be used to define that decryption should be used for a wider range of
# mail addresses e.g. a whole domain. No key is needed here. It is even active if 
# dec_keymap is set to yes. If this feature should be disabled, don't leave it blank.
# Set it to None. For further regex information please have a look at
# https://docs.python.org/2/library/re.html
dec_regex = None

[gpg]
# the directory where gpg-mailgate public keys are stored
# (see INSTALL for details)
keyhome = /var/gpgmailgate/.gnupg

[smime]
# the directory for the S/MIME certificate files
cert_path = /var/gpgmailgate/smime

[mailregister]
# settings for the register-handler
register_email = register@yourdomain.tld
mail_templates = /var/gpgmailgate/register_templates
# URL to webpanel. The server should be able to reach it
webpanel_url = http://yourdomain.tld

[cron]
# settings for the gpgmw cron job
send_email = yes
notification_email = gpg-mailgate@yourdomain.tld
mail_templates = /var/gpgmailgate/cron_templates

[logging]
# For logging to syslog. 'file = syslog', otherwise use path to the file.
file = syslog
verbose = yes

[relay]
# the relay settings to use for Postfix
# gpg-mailgate will submit email to this relay after it is done processing
# unless you alter the default Postfix configuration, you won't have to modify this
host = 127.0.0.1
port = 10028
# This is the default port of postfix. It is used to send some
# mails through the GPG-Mailgate so they are encrypted
enc_port = 25

# Set this option to yes to use TLS for SMTP Servers which require TLS.
starttls = no

[smtp]
# Options when smtp auth is required to send out emails 
enabled = false
username = gpg-mailgate
password = changeme
host = yourdomain.tld 
port = 587
starttls = true

[database]
# uncomment the settings below if you want
#  to read keys from a gpg-mailgate-web database
# TODO: see if this section is required by PHP. If not, delete it.
enabled = yes
name = gpgmw
host = localhost
username = gpgmw
password = password
# For other RDBMS backends, see:
# https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls
url = sqlite:///test.db

[enc_keymap]
# You can find these by running the following command:
#	gpg --list-keys --keyid-format long user@example.com
# Which will return output similar to:
#	pub   1024D/AAAAAAAAAAAAAAAA 2007-10-22
#	uid                          Joe User <user@example.com>
#	sub   2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#you@domain.tld = 12345678

[enc_domain_keymap]
# This seems to be similar to the [enc_keymap] section. However, you
# can define default keys for a domain here. Entries in the enc_keymap
# and individual keys stored on the system have a higher priority than
# the default keys specified here.
#
#
# You can find these by running the following command:
#	gpg --list-keys --keyid-format long user@example.com
# Which will return output similar to:
#	pub   1024D/AAAAAAAAAAAAAAAA 2007-10-22
#	uid                          Joe User <user@example.com>
#	sub   2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#domain.tld = 12345678

[dec_keymap]
# You can find these by running the following command:
#	gpg --list-secret-keys --keyid-format long user@example.com
# Which will return output similar to:
#	sec   1024D/AAAAAAAAAAAAAAAA 2007-10-22
#	uid                          Joe User <user@example.com>
#	ssb   2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#you@domain.tld = 12345678

[pgp_style]
# Here a PGP style (inline or PGP/MIME) could be defined for recipients.
# This overwrites the setting mime_conversion for the defined recipients.
# Valid entries are inline and mime
# If an entry is not valid, the setting mime_conversion is used as fallback.
#you@domian.tld = mime
GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00			`[default]`
Support for decrypting PGP encrypted mails. However, it has some drawbacks and might cause some security issues. So before using it please read carefully through the installation instructions. 2015-05-25 20:24:37 +02:00			`# Whether gpg-mailgate should add a header after it has processed an email`
			`# This may be useful for debugging purposes`
GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00			`add_header = yes`

Support for decrypting PGP encrypted mails. However, it has some drawbacks and might cause some security issues. So before using it please read carefully through the installation instructions. 2015-05-25 20:24:37 +02:00			`# Whether we should only encrypt emails if they are explicitly defined in`
			`# the key mappings below ([enc_keymap] section)`
			`# This means gpg-mailgate won't automatically detect PGP recipients for encrypting`
			`enc_keymap_only = no`

			`# Whether we should only decrypt emails if they are explicitly defined in`
			`# the key mappings below ([dec_keymap] section)`
			`# This means gpg-mailgate won't automatically detect PGP recipients for decrypting`
			`dec_keymap_only = no`

			`# If dec_keymap_only is set to yes and recipients have private keys present for decrypting`
			`# but are not on in the keymap, this can cause that mails for them will be`
			`# encrypted. Set this to no if you want this behaviour.`
			`failsave_dec = yes`
Add keymap_only configuration, to ignore public_keys list. This means the keymap will be exclusively used to determine which email addresses to sign with which keys. 2013-09-24 05:28:35 +02:00
Merged change: https://github.com/uragit/gpg-mailgate/commit/62f60f0592a2d1d810a991fec23361ca6c700c45 ( Added option to convert text/plain source email into MIME/PGP attachment style during encryption. Useful if sending to recipient that can't handle the PGP-inline style. ) 2015-02-14 17:07:02 +01:00			`# Convert encrypted text/plain email to MIME-attached encrypt style.`
			`# (Default is to use older inline-style PGP encoding.)`
			`mime_conversion = yes`

Refactored code (and also optimizing code). Changes while refactoring: The gateway now handles mail addresses case sensitivity compitable to RFC 2821 as default. 2015-03-02 13:13:30 +01:00			`# RFC 2821 defines that the user part (User@domain.tld) of a mail address should be treated case sensitive.`
			`# However, in the real world this is ignored very often. This option disables the RFC 2821`
			`# compatibility so both the user part and the domain part are treated case insensitive.`
			`# Disabling the compatibility is more convenient to users. So if you know that your`
			`# recipients all ignore the RFC you could this to yes.`
Bugfix: Typo in config file 2015-03-16 13:55:11 +01:00			`mail_case_insensitive = no`
Making GPG-Mailgate compatible with RFC 2821 (Simple Mail Transfer Protocol). The previous reverted commits made the gateway incompatible with the RFC. However, compatibility has to be activated in the settings. Most mail servers ignore the case sensitivity of the mail addresses, so this should not be a big issue. A quick solution to make the S/MIME functionality compatible with the RFC was not found so this needs to be fixed later. 2015-02-14 19:34:26 +01:00
Disable PGP/INLINE decryption by default. It does work, however, it has some drawbacks (e.g. content type for files getting lost). 2015-05-25 22:49:42 +02:00			`# This setting disables PGP/INLINE decryption completely. However,`
			`# PGP/MIME encrypted mails will still be decrypted if possible. PGP/INLINE`
			`# decryption has to be seen as experimental and could have some negative`
			`# side effects. So if you want to take the risk set this to no.`
			`no_inline_dec = yes`

Added possibility to define a regex for finding recipients to decrypt for and also adding possibility to use default keys for domain ranges 2015-05-29 23:13:05 +02:00			`# Here you can define a regex for which the gateway should try to decrypt mails.`
			`# It could be used to define that decryption should be used for a wider range of`
			`# mail addresses e.g. a whole domain. No key is needed here. It is even active if`
			`# dec_keymap is set to yes. If this feature should be disabled, don't leave it blank.`
			`# Set it to None. For further regex information please have a look at`
			`# https://docs.python.org/2/library/re.html`
			`dec_regex = None`

GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00			`[gpg]`
Add description in configuration file of each setting. 2013-09-22 21:40:33 +02:00			`# the directory where gpg-mailgate public keys are stored`
			`# (see INSTALL for details)`
Support for decrypting PGP encrypted mails. However, it has some drawbacks and might cause some security issues. So before using it please read carefully through the installation instructions. 2015-05-25 20:24:37 +02:00			`keyhome = /var/gpgmailgate/.gnupg`
GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00
added S/MIME configs 2014-02-26 01:54:24 +01:00			`[smime]`
			`# the directory for the S/MIME certificate files`
Support for decrypting PGP encrypted mails. However, it has some drawbacks and might cause some security issues. So before using it please read carefully through the installation instructions. 2015-05-25 20:24:37 +02:00			`cert_path = /var/gpgmailgate/smime`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00
			`[mailregister]`
			`# settings for the register-handler`
added S/MIME configs 2014-02-26 01:54:24 +01:00			`register_email = register@yourdomain.tld`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00			`mail_templates = /var/gpgmailgate/register_templates`
			`# URL to webpanel. The server should be able to reach it`
			`webpanel_url = http://yourdomain.tld`

			`[cron]`
			`# settings for the gpgmw cron job`
			`send_email = yes`
			`notification_email = gpg-mailgate@yourdomain.tld`
			`mail_templates = /var/gpgmailgate/cron_templates`
added S/MIME configs 2014-02-26 01:54:24 +01:00
GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00			`[logging]`
Add description in configuration file of each setting. 2013-09-22 21:40:33 +02:00			`# For logging to syslog. 'file = syslog', otherwise use path to the file.`
added S/MIME configs 2014-02-26 01:54:24 +01:00			`file = syslog`
			`verbose = yes`
GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00
			`[relay]`
Add description in configuration file of each setting. 2013-09-22 21:40:33 +02:00			`# the relay settings to use for Postfix`
			`# gpg-mailgate will submit email to this relay after it is done processing`
			`# unless you alter the default Postfix configuration, you won't have to modify this`
GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00			`host = 127.0.0.1`
			`port = 10028`
All mails from cron script are now passed through the GPG-Mailgate so they are encrypted if possible. 2015-06-04 20:13:04 +02:00			`# This is the default port of postfix. It is used to send some`
			`# mails through the GPG-Mailgate so they are encrypted`
			`enc_port = 25`
GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00
Added starttls support for SMTP 2019-05-24 19:50:34 +02:00			`# Set this option to yes to use TLS for SMTP Servers which require TLS.`
			`starttls = no`

added smtp auth to cron.py 2022-04-20 13:01:58 +02:00			`[smtp]`
			`# Options when smtp auth is required to send out emails`
			`enabled = false`
			`username = gpg-mailgate`
			`password = changeme`
			`host = yourdomain.tld`
			`port = 587`
			`starttls = true`

Initial commit for gpg-mailgate-web addition. 2013-09-27 01:40:27 +02:00			`[database]`
			`# uncomment the settings below if you want`
			`# to read keys from a gpg-mailgate-web database`
Use SQLAlchemy to access database - Replace hardcoded MySQLdb package with sqlalchemy to support other RDBMS backends. - Provide a script that could eventually replace schema.sql (schema.py). - Update sample configuration. 2022-04-23 09:11:15 +02:00			`# TODO: see if this section is required by PHP. If not, delete it.`
added S/MIME configs 2014-02-26 01:54:24 +01:00			`enabled = yes`
			`name = gpgmw`
			`host = localhost`
			`username = gpgmw`
Update gpg-mailgate.conf.sample 2014-03-02 14:07:08 +01:00			`password = password`
Use SQLAlchemy to access database - Replace hardcoded MySQLdb package with sqlalchemy to support other RDBMS backends. - Provide a script that could eventually replace schema.sql (schema.py). - Update sample configuration. 2022-04-23 09:11:15 +02:00			`# For other RDBMS backends, see:`
			`# https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls`
			`url = sqlite:///test.db`
Initial commit for gpg-mailgate-web addition. 2013-09-27 01:40:27 +02:00
Support for decrypting PGP encrypted mails. However, it has some drawbacks and might cause some security issues. So before using it please read carefully through the installation instructions. 2015-05-25 20:24:37 +02:00			`[enc_keymap]`
GPG Mailgate 0.1 2010-01-20 21:53:25 +01:00			`# You can find these by running the following command:`
			`# gpg --list-keys --keyid-format long user@example.com`
			`# Which will return output similar to:`
			`# pub 1024D/AAAAAAAAAAAAAAAA 2007-10-22`
			`# uid Joe User <user@example.com>`
			`# sub 2048g/BBBBBBBBBBBBBBBB 2007-10-22`
			`# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.`
Update gpg-mailgate.conf.sample 2014-03-02 14:09:19 +01:00			`#you@domain.tld = 12345678`
Added option to overwrite default PGP style (inline or PGP/MIME) for defined recipients (useful if you have some recipients which can't handle one style). 2015-02-19 16:40:48 +01:00
Added possibility to define a regex for finding recipients to decrypt for and also adding possibility to use default keys for domain ranges 2015-05-29 23:13:05 +02:00			`[enc_domain_keymap]`
			`# This seems to be similar to the [enc_keymap] section. However, you`
			`# can define default keys for a domain here. Entries in the enc_keymap`
			`# and individual keys stored on the system have a higher priority than`
			`# the default keys specified here.`
			`#`
			`#`
			`# You can find these by running the following command:`
			`# gpg --list-keys --keyid-format long user@example.com`
			`# Which will return output similar to:`
			`# pub 1024D/AAAAAAAAAAAAAAAA 2007-10-22`
			`# uid Joe User <user@example.com>`
			`# sub 2048g/BBBBBBBBBBBBBBBB 2007-10-22`
			`# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.`
			`#domain.tld = 12345678`

Support for decrypting PGP encrypted mails. However, it has some drawbacks and might cause some security issues. So before using it please read carefully through the installation instructions. 2015-05-25 20:24:37 +02:00			`[dec_keymap]`
			`# You can find these by running the following command:`
			`# gpg --list-secret-keys --keyid-format long user@example.com`
			`# Which will return output similar to:`
			`# sec 1024D/AAAAAAAAAAAAAAAA 2007-10-22`
			`# uid Joe User <user@example.com>`
			`# ssb 2048g/BBBBBBBBBBBBBBBB 2007-10-22`
			`# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.`
			`#you@domain.tld = 12345678`

Added option to overwrite default PGP style (inline or PGP/MIME) for defined recipients (useful if you have some recipients which can't handle one style). 2015-02-19 16:40:48 +01:00			`[pgp_style]`
			`# Here a PGP style (inline or PGP/MIME) could be defined for recipients.`
			`# This overwrites the setting mime_conversion for the defined recipients.`
			`# Valid entries are inline and mime`
			`# If an entry is not valid, the setting mime_conversion is used as fallback.`
			`#you@domian.tld = mime`