mailu/.env.sample

# See https://mailu.io/2.0/configuration.html for explanation of (most of) these
# settings. "Quoted text" in this file comes from that page.

###############################################################################
# BOILERPLATE SETTINGS (shouldn't need to change these)                       #
###############################################################################
TYPE=mailu
LETS_ENCRYPT_ENV=production
COMPOSE_FILE="compose.yml"

###############################################################################
# REQUIRED SETTINGS (always need to change these)                             #
###############################################################################

# Main web domain, NOT main mail domain (if they are different)
DOMAIN=mailu.example.com

# "This email domain is used for bounce emails, for generating the postmaster
# email and other technical addresses."
MAIL_DOMAIN=mailu.example.com

# Hostnames for this server, separated with commas
# "The first declared hostname is the main hostname and will be exposed over
# SMTP, IMAP, etc."
HOSTNAMES=$DOMAIN

# Run `DOCKER_CONTEXT=<yourserver> docker stack ls | grep traefik | cut -f 1 -d " "` to get that one
TRAEFIK_STACK_NAME=traefik_example_com

###############################################################################
# OPTIONAL SETTINGS                                                           #
###############################################################################

# Name of the instance, displayed in the web UI
SITENAME=mymail

# Linked Website URL
WEBSITE=https://$DOMAIN

# Postmaster local part (will append the main mail domain)
POSTMASTER=c

# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
AUTH_RATELIMIT_IP=60/hour

# Opt-in to statistics, change to "False" to opt in
DISABLE_STATISTICS=True

# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
LOG_LEVEL=WARNING

# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Etc/UTC

# Expose the admin interface (value: true, false)
ADMIN=true

# Choose which webmail to run if any (values: snappymail, roundcube, none)
WEBMAIL=snappymail

# API settings
# -------------

# Authentication token for API requests
API=false
#API_TOKEN=

# Mail settings
# -------------

# Message size limit in bytes
# Default: accept messages up to 50MB
# Max attachment size will be 33% smaller
MESSAGE_SIZE_LIMIT=50000000

# Message rate limit (per user)
MESSAGE_RATELIMIT=200/day

# Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS=

# Will relay all outgoing mails if configured
RELAYHOST=

# Enable fetchmail
FETCHMAIL_ENABLED=False
#COMPOSE_FILE="$COMPOSE_FILE:compose.fetchmail.yml"
#FETCHMAIL_ENABLED=True

# Fetchmail delay
FETCHMAIL_DELAY=600

# Recipient delimiter, character used to delimit localpart from custom address part
RECIPIENT_DELIMITER=+

# DMARC rua and ruf email
DMARC_RUA=admin
DMARC_RUF=admin

# Welcome email, enable and set a topic and body if you wish to send welcome
# emails to all users.
WELCOME=false
WELCOME_SUBJECT="Welcome to your new email account"
WELCOME_BODY="Welcome to your new email account, if you can read this, then it is configured properly!"

# Maildir Compression
# choose compression-method, default: none (value: gz, bz2, lz4, zstd)
COMPRESSION=
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL=

# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
#FULL_TEXT_SEARCH=off

# Co-op Cloud settings
# -------------

# Mailman settings
# NOTE(3wc): remember to also set RELAYNETS
#COMPOSE_FILE="$COMPOSE_FILE:compose.mailman.yml"
#MAILMAN_POSTFIX_OVERRIDES=1
#MAILMAN_CORE_VOLUME=lists_example_com_mailman-core
#MAILMAN_CORE_NETWORK=lists_example_com_internal

# NOTE(3wc): think this is no longer needed, see https://github.com/Mailu/Mailu/pull/1904
# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying
# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base
# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions
# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096
#COMPOSE_FILE="$COMPOSE_FILE:compose.senderlogins.yml"
#SENDER_LOGINS_POSTFIX_OVERRIDES=1

SECRET_SECRET_KEY_VERSION=v1

###############################################################################
# INFINITE NERD DEPTH SETTINGS (rarely needed)                                #
###############################################################################

# Traefik certificates filename, used by certdumper
ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json

TLS_CERT_FILENAME=$DOMAIN/certificate.crt
TLS_KEYPAIR_FILENAME=$DOMAIN/privatekey.key

# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
# NOTE(3wc): changing this to "letsencrypt" might (but probably won't) allow
# this recipe to be deployed standalone without Traefik. "notls" might (but
# might not) disable encryption for everything except the web interfaces.
TLS_FLAVOR=mail

# Optional features
# -------------

# Dav server implementation (value: radicale, none)
WEBDAV=none

# Antivirus solution (value: clamav, none)
ANTIVIRUS=none

# Scan Macros solution (value: true, false)
SCAN_MACROS=true

# Web settings
# -------------

# Path to redirect / to
WEBROOT_REDIRECT=/webmail

# Path to the admin interface if enabled
WEB_ADMIN=/admin

# Path to the webmail if enabled
WEB_WEBMAIL=/webmail

# Advanced settings
# -------------

# Log driver for front service. Possible values:
# json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
#LOG_DRIVER=json-file

# Number of rounds used by the password hashing scheme
CREDENTIAL_ROUNDS=12

# Header to take the real ip from
REAL_IP_HEADER=

# IPs for nginx set_real_ip_from (CIDR list separated by commas)
REAL_IP_FROM=

# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
REJECT_UNLISTED_RECIPIENT=

# NOTE(3wc): Other values are not supported, as compose.yml does not contain
# configuration for them. Pull requests welcome!
DB_FLAVOR=sqlite