forked from LunaBytesBack/gpg-mailgate
-
Notifications
You must be signed in to change notification settings - Fork 4
/
gpg-mailgate.conf.sample
136 lines (117 loc) · 5.17 KB
/
gpg-mailgate.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
[default]
# Whether gpg-mailgate should add a header after it has processed an email
# This may be useful for debugging purposes
add_header = yes
# Whether we should only encrypt emails if they are explicitly defined in
# the key mappings below ([enc_keymap] section)
# This means gpg-mailgate won't automatically detect PGP recipients for encrypting
enc_keymap_only = no
# Whether we should only decrypt emails if they are explicitly defined in
# the key mappings below ([dec_keymap] section)
# This means gpg-mailgate won't automatically detect PGP recipients for decrypting
dec_keymap_only = no
# If dec_keymap_only is set to yes and recipients have private keys present for decrypting
# but are not on in the keymap, this can cause that mails for them will be
# encrypted. Set this to no if you want this behaviour.
failsave_dec = yes
# Convert encrypted text/plain email to MIME-attached encrypt style.
# (Default is to use older inline-style PGP encoding.)
mime_conversion = yes
# RFC 2821 defines that the user part ([email protected]) of a mail address should be treated case sensitive.
# However, in the real world this is ignored very often. This option disables the RFC 2821
# compatibility so both the user part and the domain part are treated case insensitive.
# Disabling the compatibility is more convenient to users. So if you know that your
# recipients all ignore the RFC you could this to yes.
mail_case_insensitive = no
# This setting disables PGP/INLINE decryption completely. However,
# PGP/MIME encrypted mails will still be decrypted if possible. PGP/INLINE
# decryption has to be seen as experimental and could have some negative
# side effects. So if you want to take the risk set this to no.
no_inline_dec = yes
# Here you can define a regex for which the gateway should try to decrypt mails.
# It could be used to define that decryption should be used for a wider range of
# mail addresses e.g. a whole domain. No key is needed here. It is even active if
# dec_keymap is set to yes. If this feature should be disabled, don't leave it blank.
# Set it to None. For further regex information please have a look at
# https://docs.python.org/2/library/re.html
dec_regex = None
[gpg]
# the directory where gpg-mailgate public keys are stored
# (see INSTALL for details)
keyhome = /var/gpgmailgate/.gnupg
[smime]
# the directory for the S/MIME certificate files
cert_path = /var/gpgmailgate/smime
[mailregister]
# settings for the register-handler
register_email = [email protected]
mail_templates = /var/gpgmailgate/register_templates
# URL to webpanel. The server should be able to reach it
webpanel_url = http://yourdomain.tld
[cron]
# settings for the gpgmw cron job
send_email = yes
notification_email = [email protected]
mail_templates = /var/gpgmailgate/cron_templates
[logging]
# For logging to syslog. 'file = syslog', otherwise use path to the file.
file = syslog
verbose = yes
[relay]
# the relay settings to use for Postfix
# gpg-mailgate will submit email to this relay after it is done processing
# unless you alter the default Postfix configuration, you won't have to modify this
host = 127.0.0.1
port = 10028
# This is the default port of postfix. It is used to send some
# mails through the GPG-Mailgate so they are encrypted
enc_port = 25
# Set this option to yes to use TLS for SMTP Servers which require TLS.
starttls = no
[database]
# uncomment the settings below if you want
# to read keys from a gpg-mailgate-web database
enabled = yes
name = gpgmw
host = localhost
username = gpgmw
password = password
[enc_keymap]
# You can find these by running the following command:
# gpg --list-keys --keyid-format long [email protected]
# Which will return output similar to:
# pub 1024D/AAAAAAAAAAAAAAAA 2007-10-22
# uid Joe User <[email protected]>
# sub 2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#[email protected] = 12345678
[enc_domain_keymap]
# This seems to be similar to the [enc_keymap] section. However, you
# can define default keys for a domain here. Entries in the enc_keymap
# and individual keys stored on the system have a higher priority than
# the default keys specified here.
#
#
# You can find these by running the following command:
# gpg --list-keys --keyid-format long [email protected]
# Which will return output similar to:
# pub 1024D/AAAAAAAAAAAAAAAA 2007-10-22
# uid Joe User <[email protected]>
# sub 2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#domain.tld = 12345678
[dec_keymap]
# You can find these by running the following command:
# gpg --list-secret-keys --keyid-format long [email protected]
# Which will return output similar to:
# sec 1024D/AAAAAAAAAAAAAAAA 2007-10-22
# uid Joe User <[email protected]>
# ssb 2048g/BBBBBBBBBBBBBBBB 2007-10-22
# You want the AAAAAAAAAAAAAAAA not BBBBBBBBBBBBBBBB.
#[email protected] = 12345678
[pgp_style]
# Here a PGP style (inline or PGP/MIME) could be defined for recipients.
# This overwrites the setting mime_conversion for the defined recipients.
# Valid entries are inline and mime
# If an entry is not valid, the setting mime_conversion is used as fallback.
#[email protected] = mime