SMTP2Graph/config.example.yml at main · oeiber/SMTP2Graph · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# This next line loads the schema for this config file to detect issues,
# provide additional information and add autocomplete when editing this file
# (you might need to install an extension in your IDE for this)
# yaml-language-server: $schema=https://raw.githubusercontent.com/SMTP2Graph/SMTP2Graph/main/config.schema.json

# Optional: operation mode (default = full)
# full = Run SMTP server and relay emails to the Graph API
# receive = Only run SMTP server and place received emails in queue (do not send them)
# send = Only send items from the queue folder, but do not run the SMTP server to accept emails
mode: full

# Required (in 'full' and 'send' mode): App. registration information
send:
  appReg:
    tenant: contoso # The name of the tenant (what comes before .onmicrosoft.com) OR your tenantID (GUID)
    id: 01234567-89ab-cdef-0123-456789abcdef
    certificate:
      thumbprint: 0123456789ABCDEF0123456789ABCDEF01234567
      privateKeyPath: client.key
    # Optional: If you don't want to use a client certificate you could use a secret instead
    # secret: VGhpcyBpcyB2ZXJ5IHNlY3JldCE=
  # Optional: Times to retry sending a message when it failed (set to 0 to disable retries)
  retryLimit: 10 # Default: 3
  # Optional: Minutes between tries
  retryInterval: 10 # Default: 5
  # Optional: Force SMTP2Graph to always send from this mailbox. This mailbox must have permission to send as or on behalf of the from address
  forceMailbox: smtp2graph@example.com

# Optional: SMTP server config
receive:
  # Optional: SMTP server port (default: 25)
  port: 587
  # Optional: Listen for connection on a specific IP (default: all addresses)
  listenAddress: 127.0.0.1
  # Optional: Require a secure (TLS) connection
  # When false, clients can still upgrade to a secure connection (default: false)
  secure: true
  # Optional: Path to your private key
  tlsKeyPath: private.key
  # Optional: Path to your certificate
  tlsCertPath: server.crt
  # Optional: Maximum message size
  # Accepts string ending with 'k' (Kilobytes) or 'm' (Megabytes). Default: 100m
  maxSize: 25m
  # Optional: SMTP welcome banner
  # When not defined the banner will show "SMTP2Graph <versionnumer>"
  banner: My SMTP server
  # Optional: IP whitelist
  # When defined, only IP addresses or subnets in this list will be able to connect
  ipWhitelist:
    - 127.0.0.1
    - 192.168.30.0/24
    - ::1
    - fe80::/10
  # Optional: Allowed FROM addresses
  allowedFrom:
    - noreply@example.com
    - something@example.com
  # Optional: Allows authentication even if connection is not secured first, when tlsKeyPath and tlsCertPath are set (default: false)
  allowInsecureAuth: true
  # Optional: Require login
  requireAuth: true
  # Optional (required when 'requireAuth' is true): Define SMTP users
  users:
    - username: users
      password: P@ssword!
      allowedFrom: # Optional
        - noreply@example.com
  # Optional: Rate limiter. Stop accepting connection after a certain amount of connection within a certain time period
  rateLimit:
    duration: 60 # Time period in seconds (default: 600 = 10 minutes)
    limit: 10 # Accepted number of connection in the time period (default: 10000)
  # Optional: Brute force protection. Block login attempts after a certain number of failed attempts in a certain time period
  authLimit:
    duration: 30 # Time period in seconds (default: 60 = 1 minute)
    limit: 5 # Maximum number of attempts in the time period (default: 10)

# Optional: HTTP proxy to use for outgoing communication
httpProxy:
  host: localhost # Hostname or IP for the proxy
  port: 3000 # Proxy port
  protocol: https # Optional: http or https (default: http)
  username: user # Optional: Username for proxy authentication
  password: pass # Optional: Password for proxy authentication