-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathconfig.example
181 lines (156 loc) · 4.48 KB
/
config.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#
# PMTA Config file for Signals on-prem demo
#
#
# E-mail address for mailer's administrator (please specify!)
#
postmaster [email protected]
#
# IP address(es) and port(s) on which to listen for incoming SMTP connections
#
# NOTE this listener will be fed by the wrapper service
smtp-listener 0.0.0.0:5587
smtp-listener 0.0.0.0:25
#
# Rewrite the MAIL FROM address to match the bounce domain
#
<rewrite-list mfrom>
mail-from *@pmta.signalsdemo.trymsys.net *@bounces.pmta.signalsdemo.trymsys.net
</rewrite-list>
#
# One source rule for all injection, internal or external. Enforce auth, except for bounces and FBLs
#
<source 0/0>
log-connections false
log-commands false # WARNING: verbose! just for dev
log-data false # WARNING: even more verbose!
smtp-service true # allow SMTP service
smtp-max-auth-failure-rate 1/min
allow-unencrypted-plain-auth false
allow-starttls true
rewrite-list mfrom
# verp-default true
</source>
<source {auth}>
always-allow-relaying yes # only if the auth succeeds
default-virtual-mta default
process-x-job true
</source>
#
# Secure the inbound service with username, password and TLS. SMT 2019-05-31
#
smtp-server-tls-certificate /etc/pmta/pmtasignalsdemo.pem
smtp-server-tls-allow-tlsv1.1 true
smtp-server-tls-allow-tlsv1.2 true
#
# SMTP users (authenticated via SMTP AUTH)
#
<smtp-user SMTP_Injection>
password ## YOUR PASSWORD HERE ##
authentication-method password
</smtp-user>
# Introduce ourselves properly
host-name pmta.signalsdemo.trymsys.net
#
# DKIM
#
domain-key mypmta, pmta.signalsdemo.trymsys.net, /etc/pmta/mypmta.pmta.signalsdemo.trymsys.net.pem
#
# Enable Bounce and FBL processing on specific domains
#
relay-domain pmta.signalsdemo.trymsys.net
relay-domain bounces.pmta.signalsdemo.trymsys.net
relay-domain fbl.pmta.signalsdemo.trymsys.net
<bounce-processor>
deliver-unmatched-email no
deliver-matched-email no
<address-list>
domain pmta.signalsdemo.trymsys.net
domain bounces.pmta.signalsdemo.trymsys.net
</address-list>
</bounce-processor>
<feedback-loop-processor>
deliver-unmatched-email no
deliver-matched-email no
<address-list>
domain fbl.pmta.signalsdemo.trymsys.net
</address-list>
</feedback-loop-processor>
#
# SparkPost Signals
#
# Here we set up ingest to include subaccount ID and message ID supplied by the injecting process via headers.
# We retain the subaccount ID so that it shows up in the "accounting pipe" for augmenting open/click events.
#
<signals>
api-key ## YOUR API KEY HERE ##
upload-url https://api.sparkpost.com/api/v1/ingest/events
log-verbose true
engagement-tracking true
min-free-space 1G
process-x-sp-subaccount-id true
retain-x-sp-subaccount-id true
privacy-policy retain
custom-message-id-header X-Sp-Message-Id
</signals>
enable-signals true
#
# Route all outgoing traffic through this virtual mta / pool.
# Declare the delivery IP address here, so that SparkPost signals ingest injection (aka "reception") events
# will carry the correct sending_IP attribute
#
<virtual-mta mta1>
smtp-source-host 172.31.25.101 pmta.signalsdemo.trymsys.net
</virtual-mta>
<virtual-mta-pool default>
virtual-mta mta1
<domain *>
max-smtp-out 20 # max. connections *per domain*
bounce-after 4d12h # 4 days, 12 hours
retry-after 10m # 10 minutes
dkim-sign yes
</domain>
</virtual-mta-pool>
#
# Port used for HTTP management interface
#
http-mgmt-port 8080
#
# IP addresses allowed to access the HTTP management interface, one
# per line
#
http-access 127.0.0.1 monitor
http-access ::1 monitor
#http-access 10.1.0.10 none
#http-access 10.1.0/24 admin
#
# Whether to run the PowerMTA deamon as root
#
run-as-root no
#
# Logging file name
#
log-file /var/log/pmta/pmta.log # logrotate is used for rotation
#
# Accounting file(s)
#
<acct-file /var/log/pmta/acct.csv>
# move-to /opt/myapp/pmta-acct # configure as fit for your application
records d,b,f,rb
move-interval 5m
max-size 50M
delete-after 8d
</acct-file>
# Pipe into our acct_etl process
<acct-file |/usr/local/bin/acct_etl --logfile acct_etl.log>
records d
# Record useful extra data here; SparkPost enrichment will supply much of the rest from matching injection/delivery events
record-fields d rcpt,header_x-sp-message-id,header_x-sp-subaccount-id
</acct-file>
#
# Spool directories
#
<spool /var/spool/pmta>
deliver-only no
</spool>
# EOF