# Mailu main configuration file # # For a detailed list of configuration variables, see the documentation at # https://mailu.io ################################### # Common configuration variables ################################### # https://chat.openai.com/share/1497464d-dfb5-46eb-9d26-04be99991ace LD_PRELOAD=/usr/lib/libhardened_malloc.so # Set to a randomly generated 16 bytes string SECRET_KEY={{applications.mailu.credentials.secret_key}} # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) SUBNET={{networks.local.mailu.subnet}} # Main mail domain DOMAIN={{applications.mailu.domain}} # Hostnames for this server, separated with comas HOSTNAMES={{domains[application_id]}} # Postmaster local part (will append the main mail domain) POSTMASTER=admin # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) TLS_FLAVOR=mail # Authentication rate limit (per source IP address) AUTH_RATELIMIT=10/minute;1000/hour # Opt-out of statistics, replace with "True" to opt out DISABLE_STATISTICS=True ################################### # Optional features ################################### # Expose the admin interface (value: true, false) ADMIN=true # Choose which webmail to run if any (values: roundcube, rainloop, none) WEBMAIL=roundcube # Dav server implementation (value: radicale, none) WEBDAV=radicale # Antivirus solution (value: clamav, none) ANTIVIRUS=clamav ################################### # Mail settings ################################### # Message size limit in bytes # Default: accept messages up to 50MB # Max attachment size will be 33% smaller MESSAGE_SIZE_LIMIT=50000000 # Networks granted relay permissions # Use this with care, all hosts in this networks will be able to send mail without authentication! RELAYNETS= # Will relay all outgoing mails if configured RELAYHOST= # Fetchmail delay FETCHMAIL_DELAY=600 # Recipient delimiter, character used to delimiter localpart from custom address part RECIPIENT_DELIMITER=+ # DMARC rua and ruf email DMARC_RUA=admin DMARC_RUF=admin # Welcome email, enable and set a topic and body if you wish to send welcome # emails to all users. WELCOME=false WELCOME_SUBJECT=Welcome to your new email account WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly! # Maildir Compression # choose compression-method, default: none (value: bz2, gz) COMPRESSION= # change compression-level, default: 6 (value: 1-9) COMPRESSION_LEVEL= ################################### # Web settings ################################### # Path to redirect / to WEBROOT_REDIRECT=/webmail # Path to the admin interface if enabled WEB_ADMIN=/admin # Path to the webmail if enabled WEB_WEBMAIL=/webmail # Website name SITENAME=Mailservices # Linked Website URL WEBSITE=https://{{domains[application_id]}} ################################### # Advanced settings ################################### # Log driver for front service. Possible values: # json-file (default) # journald (On systemd platforms, useful for Fail2Ban integration) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) LOG_DRIVER=syslog # docker-compose project name, this will prepended to containers names. COMPOSE_PROJECT_NAME=mailu # Default password scheme used for newly created accounts and changed passwords # (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT) PASSWORD_SCHEME=BLF-CRYPT # Header to take the real ip from REAL_IP_HEADER= # IPs for nginx set_real_ip_from (CIDR list separated by commas) REAL_IP_FROM= # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no) REJECT_UNLISTED_RECIPIENT= # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) LOG_LEVEL=WARNING ################################### # Database settings ################################### SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci # Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API. API_TOKEN={{applications.mailu.credentials.api_token}} # Activated https://mailu.io/master/configuration.html#advanced-settings AUTH_REQUIRE_TOKENS=True {% if applications[application_id].oidc.enabled | bool %} ################################### # OpenID Connect settings ################################### # @see https://github.com/heviat/Mailu-OIDC/tree/master # Enable OpenID Connect. Possible values: True, False OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize }} # OpenID Connect provider configuration URL OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}} # OpenID Connect Client ID for Mailu OIDC_CLIENT_ID={{oidc.client.id}} # OpenID Connect Client secret for Mailu OIDC_CLIENT_SECRET={{oidc.client.secret}} # Label text for OpenID Connect login button. Default: OpenID Connect OIDC_BUTTON_NAME={{oidc.button_text}} # Disable TLS certificate verification for the OIDC client. Possible values: True, False OIDC_VERIFY_SSL=True # Enable redirect to OIDC provider for password change. Possible values: True, False OIDC_CHANGE_PASSWORD_REDIRECT_ENABLED=True # Redirect URL for password change. Defaults to provider issuer url appended by /.well-known/change-password OIDC_CHANGE_PASSWORD_REDIRECT_URL={{oidc.client.change_credentials}} {% if applications[application_id].oidc.enabled | bool %} # The OIDC claim used as the username. If the selected claim contains an email address, it will be used as is. If it is not an email (e.g., sub), the email address will be constructed as @. Defaults to email. OIDC_USERNAME_CLAIM={{oidc.attributes.username}} # The domain used when constructing an email from a non-email username (e.g., when OIDC_USERNAME_CLAIM=sub). Ignored if OIDC_USERNAME_CLAIM is already an email. Defaults to the value of DOMAIN. OIDC_USER_DOMAIN={{primary_domain}} {% endif %} # If enabled, users who authenticate successfully but do not yet have an account will have one created for them. If disabled, only existing users can log in, and authentication will fail for users without a pre-existing account. Defaults to True. OIDC_ENABLE_USER_CREATION={{ applications[application_id].oidc.enable_user_creation | string | capitalize }} {% endif %}