#
# emailrelay.conf
#
# This is a configuration file for E-MailRelay (http://emailrelay.sf.net).
#
# The E-MailRelay startup script constructs an emailrelay command-line
# starting with "--as-server --syslog --pid-file ..." followed by the path
# to this config file.
#
# Every configuration item in this file has an equivalent command-line
# option with a leading "--".
#
# To enable one of the configuration options below remove the '#' character
# on the last line in the block.
#

# Name: address-verifier
# Format: address-verifier <program>
# Description: Runs the specified external program to verify a message
# recipent's e-mail address. A network verifier can be specified as
# "net:<transport-address>".
#
#address-verifier /usr/local/sbin/emailrelay-verifier.sh

# Name: admin
# Format: admin <admin-port>
# Description: Enables an administration interface on the specified listening
# port number. Use telnet or something similar to connect. The administration
# interface can be used to trigger forwarding of spooled mail messages if the
# "--forward-to" option is used.
#
#admin 587

# Name: admin-terminate
# Format: admin-terminate
# Description: Enables the "terminate" command in the administration
# interface.
#
#admin-terminate

# Name: anonymous
# Format: anonymous
# Description: Disables the server's SMTP VRFY command, sends less verbose
# SMTP responses and SMTP greeting, and stops "Received" lines being added to
# mail message content files.
#
#anonymous

# Name: as-client
# Format: as-client <host:port>
# Description: This is equivalent to "--log", "--no-syslog", "--no-daemon",
# "--dont-serve", "--forward" and "--forward-to". It is a convenient way of
# running a forwarding agent that forwards spooled mail messages and then
# terminates.
#
#as-client smtp.example.com:25

# Name: as-proxy
# Format: as-proxy <host:port>
# Description: This is equivalent to "--log", "--close-stderr",
# "--forward-on-disconnect" and "--forward-to". It is a convenient way of
# running a store-and-forward daemon. Use "--log", "--forward-on-disconnect"
# and "--forward-to" instead of "--as-proxy" to keep the standard error
# stream open.
#
#as-proxy smtp.example.com:25

# Name: as-server
# Format: as-server
# Description: This is equivalent to "--log" and "--close-stderr". It is a
# convenient way of running a background storage daemon that accepts mail
# messages and spools them. Use "--log" instead of "--as-server" to keep
# standard error stream open.
#
#as-server

# Name: client-auth
# Format: client-auth <file>
# Description: Enables SMTP client authentication with the remote server,
# using the client account details taken from the specified secrets file. The
# secrets file should normally contain one line that starts with "client" and
# that line should have between four and five space-separated fields; the
# second field is the password encoding ("plain" or "md5"), the third is the
# user-id and the fourth is the password. The user-id is RFC-1891 xtext
# encoded, and the password is either xtext encoded or generated by
# "emailrelay-passwd". If the remote server does not support SMTP
# authentication then the SMTP connection will fail.
#
#client-auth /etc/emailrelay.auth

# Name: client-auth-config
# Format: client-auth-config <config>
# Description: Configures the SMTP client authentication module using a
# semicolon-separated list of configuration items. Each item is a
# single-character key, followed by a colon and then a comma-separated list.
# A 'm' character introduces an ordered list of authentication mechanisms,
# and an 'x' is used for blocklisted mechanisms.
#
#client-auth-config m:cram-sha1,cram-md5

# Name: client-filter
# Format: client-filter <program>
# Description: Runs the specified external filter program whenever a mail
# message is forwarded. The filter is passed the name of the message file in
# the spool directory so that it can edit it as required. A network filter
# can be specified as "net:<transport-address>" and prefixes of "spam:",
# "spam-edit:" and "exit:" are also allowed. The "spam:" and "spam-edit:"
# prefixes require a SpamAssassin daemon to be running. For store-and-forward
# applications the "--filter" option is normally more useful than
# "--client-filter".
#
#client-filter /usr/local/sbin/emailrelay-client-filter

# Name: client-interface
# Format: client-interface <ip-address>
# Description: Specifies the IP network address to be used to bind the local
# end of outgoing SMTP connections. By default the address will depend on the
# routing tables in the normal way. Use "0.0.0.0" to use only IPv4 addresses
# returned from DNS lookups of the "--forward-to" address, or "::" for IPv6.
#
#client-interface 10.0.0.2

# Name: client-tls
# Format: client-tls
# Description: Enables negotiated TLS for outgoing SMTP connections; the SMTP
# STARTTLS command will be issued if the remote server supports it.
#
#client-tls

# Name: client-tls-certificate
# Format: client-tls-certificate <pem-file>
# Description: Defines the TLS certificate file when acting as a SMTP client.
# This file must contain the client's private key and certificate chain using
# the PEM file format. Keep the file permissions tight to avoid accidental
# exposure of the private key.
#
#client-tls-certificate /etc/ssl/certs/emailrelay.pem

# Name: client-tls-connection
# Format: client-tls-connection
# Description: Enables the use of a TLS tunnel for outgoing SMTP connections.
# This is for SMTP over TLS (SMTPS), not TLS negotiated within SMTP using
# STARTTLS.
#
#client-tls-connection

# Name: client-tls-required
# Format: client-tls-required
# Description: Makes the use of TLS mandatory for outgoing SMTP connections.
# The SMTP STARTTLS command will be used before mail messages are sent out.
# If the remote server does not allow STARTTLS then the SMTP connection will
# fail.
#
#client-tls-required

# Name: client-tls-server-name
# Format: client-tls-server-name <hostname>
# Description: Defines the target server hostname in the TLS handshake. With
# "--client-tls-connection" this can be used for SNI, allowing the remote
# server to adopt an appropriate identity.
#
#client-tls-server-name smtp.example.com

# Name: client-tls-verify
# Format: client-tls-verify <ca-list>
# Description: Enables verification of the remote SMTP server's certificate
# against any of the trusted CA certificates in the specified file or
# directory. In many use cases this should be a file containing just your
# self-signed root certificate.
#
#client-tls-verify /etc/ssl/certs/ca-certificates.crt

# Name: client-tls-verify-name
# Format: client-tls-verify-name <cname>
# Description: Enables verification of the CNAME within the remote SMTP
# server's certificate.
#
#client-tls-verify-name smtp.example.com

# Name: close-stderr
# Format: close-stderr
# Description: Causes the standard error stream to be closed soon after
# start-up. This is useful when operating as a backgroud daemon and it is
# therefore implied by "--as-server" and "--as-proxy".
#
#close-stderr

# Name: connection-timeout
# Format: connection-timeout <time>
# Description: Specifies a timeout (in seconds) for establishing a TCP
# connection to remote SMTP servers. The default is 40 seconds.
#
#connection-timeout 10

# Name: debug
# Format: debug
# Description: Enables debug level logging, if built in. Debug messages are
# usually only useful when cross-referenced with the source code and they may
# expose plaintext passwords and mail message content.
#
#debug

# Name: dnsbl
# Format: dnsbl <config>
# Description: Specifies a list of DNSBL servers that are used to reject SMTP
# connections from blocked addresses. The configuration string is made up of
# comma-separated fields: the DNS server's transport address, a timeout in
# milliseconds, a rejection threshold, and then the list of DNSBL servers.
#
#dnsbl 1.1.1.1:53,1000,1,spam.dnsbl.example.com,block.dnsbl.example.com

# Name: domain
# Format: domain <fqdn>
# Description: Specifies the network name that is used in SMTP EHLO commands,
# "Received" lines, and for generating authentication challenges. The default
# is derived from a DNS lookup of the local hostname.
#
#domain smtp.example.com

# Name: dont-serve
# Format: dont-serve
# Description: Disables all network serving, including SMTP, POP and
# administration interfaces. The program will terminate as soon as any
# initial forwarding is complete.
#
#dont-serve

# Name: filter
# Format: filter <program>
# Description: Runs the specified external filter program whenever a mail
# message is stored. The filter is passed the name of the message file in the
# spool directory so that it can edit it as required. The mail message is
# rejected if the filter program terminates with an exit code between 1 and
# 99. Use "net:<transport-address>" to communicate with a filter daemon over
# the network, or "spam:<transport-address>" for a spamassassin spamd daemon
# to accept or reject mail messages, or "spam-edit:<transport-address>" to
# have spamassassin edit the message content without rejecting it, or
# "exit:<number>" to emulate a filter program that just exits.
#
#filter /usr/local/sbin/emailrelay-filter

# Name: filter-timeout
# Format: filter-timeout <time>
# Description: Specifies a timeout (in seconds) for running a "--filter"
# program. The default is 300 seconds.
#
#filter-timeout 10

# Name: forward
# Format: forward
# Description: Causes spooled mail messages to be forwarded when the program
# first starts.
#
#forward

# Name: forward-on-disconnect
# Format: forward-on-disconnect
# Description: Causes spooled mail messages to be forwarded whenever a SMTP
# client connection disconnects.
#
#forward-on-disconnect

# Name: forward-to
# Format: forward-to <host:port>
# Description: Specifies the transport address of the remote SMTP server that
# is use for mail message forwarding.
#
#forward-to smtp.example.com:25

# Name: forward-to-some
# Format: forward-to-some
# Description: Allow forwarding to continue even if some recipient addresses
# on an e-mail envelope are rejected by the remote server.
#
#forward-to-some

# Name: hidden
# Format: hidden
# Description: Windows only. Hides the application window and disables all
# message boxes, overriding any "--show" option. This is useful when
# running as a windows service.
#
#hidden

# Name: idle-timeout
# Format: idle-timeout <time>
# Description: Specifies a timeout (in seconds) for receiving network traffic
# from remote SMTP and POP clients. The default is 1800 seconds.
#
#idle-timeout 2

# Name: immediate
# Format: immediate
# Description: Causes mail messages to be forwarded as they are received,
# even before they have been accepted. This can be used to do proxying
# without store-and-forward, but in practice clients tend to to time out
# while waiting for their mail message to be accepted.
#
#immediate

# Name: interface
# Format: interface <ip-address-list>
# Description: Specifies the IP network addresses or interface names used to
# bind listening ports. By default listening ports for incoming SMTP, POP and
# administration connections will bind the 'any' address for IPv4 and for
# IPv6, ie. "0.0.0.0" and "::". Multiple addresses can be specified by using
# the option more than once or by using a comma-separated list. Use a prefix
# of "smtp=", "pop=" or "admin=" on addresses that should apply only to those
# types of listening port. Any link-local IPv6 addresses must include a zone
# name or scope id.  Interface names can be used instead of addresses, in
# which case all the addresses associated with that interface at startup will
# used for listening. When an interface name is decorated with a "-ipv4" or
# "-ipv6" suffix only their IPv4 or IPv6 addresses will be used (eg.
# "ppp0-ipv4").
#
#interface 127.0.0.1,smtp=eth0

# Name: localedir
# Format: localedir <dir>
# Description: Enables localisation and specifies the locale base directory
# where message catalogues can be found. An empty directory can be used for
# the built-in default.
#
#localedir /opt/share/locale

# Name: log
# Format: log
# Description: Enables logging to the standard error stream and to the
# syslog. The "--close-stderr" and "--no-syslog" options can be used to
# disable output to standard error stream and the syslog separately. Note
# that "--as-server", "--as-client" and "--as-proxy" imply "--log", and
# "--as-server" and "--as-proxy" also imply "--close-stderr".
#
#log

# Name: log-address
# Format: log-address
# Description: Adds the network address of remote clients to the logging
# output.
#
#log-address

# Name: log-file
# Format: log-file <file>
# Description: Redirects standard-error logging to the specified file.
# Logging to the log file is not affected by "--close-stderr". The filename
# can include "%d" to get daily log files; the "%d" is replaced by the
# current date in the local timezone using a "YYYYMMDD" format.
#
#log-file /var/log/emailrelay-%d

# Name: log-time
# Format: log-time
# Description: Adds a timestamp to the logging output using the local
# timezone.
#
#log-time

# Name: no-daemon
# Format: no-daemon
# Description: Disables the normal backgrounding at startup so that the
# program runs in the foreground, without forking or detaching from the
# terminal.  On Windows this disables the system tray icon so the program
# uses a normal window; when the window is closed the program terminates.
#
#no-daemon

# Name: no-smtp
# Format: no-smtp
# Description: Disables listening for incoming SMTP connections.
#
#no-smtp

# Name: no-syslog
# Format: no-syslog
# Description: Disables logging to the syslog. Note that "--as-client"
# implies "--no-syslog".
#
#no-syslog

# Name: pid-file
# Format: pid-file <pid-file>
# Description: Causes the process-id to be written into the specified file
# when the program starts up, typically after it has become a backgroud
# daemon.
#
#pid-file /run/emailrelay/emailrelay.pid

# Name: poll
# Format: poll <period>
# Description: Causes forwarding of spooled mail messages to happen at
# regular intervals (with the time given in seconds).
#
#poll 60

# Name: pop
# Format: pop
# Description: Enables the POP server listening, by default on port 110,
# providing access to spooled mail messages. Negotiated TLS using the POP
# "STLS" command will be enabled if the "--server-tls" option is also given.
#
#pop

# Name: pop-auth
# Format: pop-auth <file>
# Description: Specifies a file containing valid POP account details. The
# file format is the same as for the SMTP server secrets file, ie. lines
# starting with "server", with user-id and password in the third and fourth
# fields. A special value of "/pam" can be used for authentication using
# linux PAM.
#
#pop-auth /etc/private/emailrelay-pop.auth

# Name: pop-by-name
# Format: pop-by-name
# Description: Modifies the spool directory used by the POP server to be a
# sub-directory with the same name as the POP authentication user-id. This
# allows multiple POP clients to read the spooled messages without
# interfering with each other, particularly when also using
# "--pop-no-delete". Content files can stay in the main spool directory with
# only the envelope files copied into user-specific sub-directories. The
# "emailrelay-filter-copy" program is a convenient way of doing this when run
# via "--filter".
#
#pop-by-name

# Name: pop-no-delete
# Format: pop-no-delete
# Description: Disables the POP DELE command so that the command appears to
# succeed but mail messages are not deleted from the spool directory.
#
#pop-no-delete

# Name: pop-port
# Format: pop-port <port>
# Description: Sets the POP server's listening port number.
#
#pop-port 995

# Name: port
# Format: port <port>
# Description: Sets the port number used for listening for incoming SMTP
# connections.
#
#port 587

# Name: prompt-timeout
# Format: prompt-timeout <time>
# Description: Specifies a timeout (in seconds) for getting the initial
# prompt from a remote SMTP server. If no prompt is received after this time
# then the SMTP dialog goes ahead without it.
#
#prompt-timeout 3

# Name: remote-clients
# Format: remote-clients
# Description: Allows incoming connections from addresses that are not local.
# The default behaviour is to reject connections that are not local in order
# to prevent accidental exposure to the public internet, although a firewall
# should also be used. Local address ranges are defined in RFC-1918, RFC-6890
# etc.
#
#remote-clients

# Name: response-timeout
# Format: response-timeout <time>
# Description: Specifies a timeout (in seconds) for getting responses from
# remote SMTP servers. The default is 1800 seconds.
#
#response-timeout 2

# Name: server-auth
# Format: server-auth <file>
# Description: Enables SMTP server authentication of remote SMTP clients.
# Account names and passwords are taken from the specified secrets file. The
# secrets file should contain lines that have four space-separated fields,
# starting with "server" in the first field; the second field is the password
# encoding ("plain" or "md5"), the third is the client user-id and the fourth
# is the password. The user-id is RFC-1891 xtext encoded, and the password is
# either xtext encoded or generated by "emailrelay-passwd". A special value
# of "/pam" can be used for authentication using linux PAM.
#
#server-auth /etc/private/emailrelay.auth

# Name: server-auth-config
# Format: server-auth-config <config>
# Description: Configures the SMTP server authentication module using a
# semicolon-separated list of configuration items. Each item is a
# single-character key, followed by a colon and then a comma-separated list.
# A 'm' character introduces a preferred sub-set of the built-in
# authentication mechanisms, and an 'x' is used for blocklisted mechanisms.
#
#server-auth-config m:cram-sha256,cram-sha1

# Name: server-tls
# Format: server-tls
# Description: Enables TLS for incoming SMTP and POP connections. SMTP
# clients can then request TLS encryption by issuing the STARTTLS command.
# The "--server-tls-certificate" option must be used to define the server
# certificate.
#
#server-tls

# Name: server-tls-certificate
# Format: server-tls-certificate <pem-file>
# Description: Defines the TLS certificate file when acting as a SMTP or POP
# server. This file must contain the server's private key and certificate
# chain using the PEM file format. Keep the file permissions tight to avoid
# accidental exposure of the private key.
#
#server-tls-certificate /etc/ssl/certs/emailrelay.pem

# Name: server-tls-connection
# Format: server-tls-connection
# Description: Enables SMTP over TLS when acting as an SMTP server. This is
# for SMTP over TLS (SMTPS), not TLS negotiated within SMTP using STARTTLS.
#
#server-tls-connection

# Name: server-tls-required
# Format: server-tls-required
# Description: Makes the use of TLS mandatory for any incoming SMTP and POP
# connections. SMTP clients must use the STARTTLS command to establish a TLS
# session before they can issue SMTP AUTH or SMTP MAIL-TO commands.
#
#server-tls-required

# Name: server-tls-verify
# Format: server-tls-verify <ca-list>
# Description: Enables verification of remote SMTP and POP clients'
# certificates against any of the trusted CA certificates in the specified
# file or directory. In many use cases this should be a file containing just
# your self-signed root certificate.
#
#server-tls-verify /etc/ssl/certs/ca-certificates.crt

# Name: size
# Format: size <bytes>
# Description: Limits the size of mail messages that can be submitted over
# SMTP.
#
#size 10000000

# Name: spool-dir
# Format: spool-dir <dir>
# Description: Specifies the directory used for holding mail messages that
# have been received but not yet forwarded.
#
#spool-dir /var/spool/emailrelay

# Name: syslog
# Format: syslog[=<facility>]
# Description: When used with "--log" this option enables logging to the
# syslog even if the "--no-syslog" option is also used. This is typically
# used as a convenient override when using "--as-client".
#
#syslog

# Name: tls-config
# Format: tls-config <options>
# Description: Selects and configures the low-level TLS library, using a
# comma-separated list of keywords. If OpenSSL and mbedTLS are both built in
# then keywords of "openssl" and "mbedtls" will select one or the other.
# Keywords like "tlsv1.0" can be used to set a minimum TLS protocol version,
# or "-tlsv1.2" to set a maximum version.
#
#tls-config mbedtls,tlsv1.2

# Name: user
# Format: user <username>
# Description: When started as root the program switches to a non-privileged
# effective user-id when idle. This option can be used to define the idle
# user-id and also the group ownership of new files and sockets. Specify
# "root" to  disable all user-id switching. Ignored on Windows.
#
#user nobody

# Name: verbose
# Format: verbose
# Description: Enables more verbose logging when used with "--log", and more
# verbose help when used with "--help".
#
#verbose