mailcow.conf

1. # ------------------------------
2. # mailcow web ui configuration
3. # ------------------------------
4. # example.org is _not_ a valid hostname, use a fqdn here.
5. # Default admin user is "admin"
6. # Default password is "moohoo"
7.  
8. MAILCOW_HOSTNAME=***
9.  
10. # Password hash algorithm
11. # Only certain password hash algorithm are supported. For a fully list of supported schemes,
12. # see https://mailcow.github.io/mailcow-dockerized-docs/models/model-passwd/
13. MAILCOW_PASS_SCHEME=BLF-CRYPT
14.  
15. # ------------------------------
16. # SQL database configuration
17. # ------------------------------
18.  
19. DBNAME=mailcow
20. DBUSER=mailcow
21.  
22. # Please use long, random alphanumeric strings (A-Za-z0-9)
23.  
24. DBPASS=***
25. DBROOT=***
26.  
27. # ------------------------------
28. # HTTP/S Bindings
29. # ------------------------------
30.  
31. # You should use HTTPS, but in case of SSL offloaded reverse proxies:
32. # Might be important: This will also change the binding within the container.
33. # If you use a proxy within Docker, point it to the ports you set below.
34. # Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
35. # IMPORTANT: Do not use port 8081, 9081 or 65510!
36. # Example: HTTP_BIND=1.2.3.4
37. # For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT=
38. # For IPv6 see https://mailcow.github.io/mailcow-dockerized-docs/post_installation/firststeps-ip_bindings/
39.  
40. HTTP_PORT=8180
41. HTTP_BIND=127.0.0.1
42.  
43. HTTPS_PORT=4443
44. HTTPS_BIND=127.0.0.1
45.  
46. # ------------------------------
47. # Other bindings
48. # ------------------------------
49. # You should leave that alone
50. # Format: 11.22.33.44:25 or 12.34.56.78:465 etc.
51.  
52. SMTP_PORT=25
53. SMTPS_PORT=465
54. SUBMISSION_PORT=587
55. IMAP_PORT=143
56. IMAPS_PORT=993
57. POP_PORT=110
58. POPS_PORT=995
59. SIEVE_PORT=4190
60. DOVEADM_PORT=127.0.0.1:19991
61. SQL_PORT=127.0.0.1:13306
62. SOLR_PORT=127.0.0.1:18983
63. REDIS_PORT=127.0.0.1:7654
64.  
65. # Your timezone
66. # See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
67. # Use the row named 'TZ database name' + pay attention for 'Notes' row
68.  
69. TZ=Europe/Berlin
70.  
71. # Fixed project name
72. # Please use lowercase letters only
73.  
74. COMPOSE_PROJECT_NAME=mailcowdockerized
75.  
76. # Used Docker Compose version
77. # Switch here between native (compose plugin) and standalone
78. # For more informations take a look at the mailcow docs regarding the configuration options.
79. # Normally this should be untouched but if you decided to use either of those you can switch it manually here.
80. # Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail.
81.  
82. DOCKER_COMPOSE_VERSION=native
83.  
84. # Set this to "allow" to enable the anyone pseudo user. Disabled by default.
85. # When enabled, ACL can be created, that apply to "All authenticated users"
86. # This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
87. # Otherwise a user might share data with too many other users.
88. ACL_ANYONE=disallow
89.  
90. # Garbage collector cleanup
91. # Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
92. # How long should objects remain in the garbage until they are being deleted? (value in minutes)
93. # Check interval is hourly
94.  
95. MAILDIR_GC_TIME=7200
96.  
97. # Additional SAN for the certificate
98. #
99. # You can use wildcard records to create specific names for every domain you add to mailcow.
100. # Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
101. #ADDITIONAL_SAN=imap.*,smtp.*
102. # This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "smtp.example.net"
103. # plus every domain you add in the future.
104. #
105. # You can also just add static names...
106. #ADDITIONAL_SAN=srv1.example.net
107. # ...or combine wildcard and static names:
108. #ADDITIONAL_SAN=imap.*,srv1.example.com
109. #
110.  
111. ADDITIONAL_SAN=imap.*,smtp.*,pop3.*
112.  
113. # Additional server names for mailcow UI
114. #
115. # Specify alternative addresses for the mailcow UI to respond to
116. # This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
117. # If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
118. # You can understand this as server_name directive in Nginx.
119. # Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f
120.  
121. ADDITIONAL_SERVER_NAMES=
122.  
123. # Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
124.  
125. SKIP_LETS_ENCRYPT=y
126.  
127. # Create seperate certificates for all domains - y/n
128. # this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
129. # see https://wiki.dovecot.org/SSL/SNIClientSupport
130. ENABLE_SSL_SNI=n
131.  
132. # Skip IPv4 check in ACME container - y/n
133.  
134. SKIP_IP_CHECK=n
135.  
136. # Skip HTTP verification in ACME container - y/n
137.  
138. SKIP_HTTP_VERIFICATION=n
139.  
140. # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
141.  
142. SKIP_CLAMD=y
143.  
144. # Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
145.  
146. SKIP_SOGO=n
147.  
148. # Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
149.  
150. SKIP_SOLR=n
151.  
152. # Solr heap size in MB, there is no recommendation, please see Solr docs.
153. # Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
154.  
155. SOLR_HEAP=1024
156.  
157. # Allow admins to log into SOGo as email user (without any password)
158.  
159. ALLOW_ADMIN_EMAIL_LOGIN=n
160.  
161. # Enable watchdog (watchdog-mailcow) to restart unhealthy containers
162.  
163. USE_WATCHDOG=y
164.  
165. # Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
166. # CAUTION:
167. # 1. You should use external recipients
168. # 2. Mails are sent unsigned (no DKIM)
169. # 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
170. # Multiple rcpts allowed, NO quotation marks, NO spaces
171.  
172. #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
173. #WATCHDOG_NOTIFY_EMAIL=
174.  
175. # Notify about banned IP (includes whois lookup)
176. WATCHDOG_NOTIFY_BAN=n
177.  
178. # Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
179. #WATCHDOG_SUBJECT=
180.  
181. # Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
182. # https://www.servercow.de/mailcow?lang=en
183. # https://www.servercow.de/mailcow?lang=de
184. # No data is collected. Opt-in and anonymous.
185. # Will only work with unmodified mailcow setups.
186. WATCHDOG_EXTERNAL_CHECKS=n
187.  
188. # Enable watchdog verbose logging
189. WATCHDOG_VERBOSE=n
190.  
191. # Max log lines per service to keep in Redis logs
192.  
193. LOG_LINES=9999
194.  
195. # Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
196. # Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
197.  
198. IPV4_NETWORK=172.27.0
199.  
200. # Internal IPv6 subnet in fc00::/7
201. # Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
202.  
203. IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
204.  
205. # Use this IPv4 for outgoing connections (SNAT)
206.  
207. #SNAT_TO_SOURCE=
208.  
209. # Use this IPv6 for outgoing connections (SNAT)
210.  
211. #SNAT6_TO_SOURCE=
212.  
213. # Create or override an API key for the web UI
214. # You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
215. # An API key defined as API_KEY has read-write access
216. # An API key defined as API_KEY_READ_ONLY has read-only access
217. # Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
218. # You can define API_KEY and/or API_KEY_READ_ONLY
219.  
220. #API_KEY=
221. #API_KEY_READ_ONLY=
222. #API_ALLOW_FROM=172.22.1.1,127.0.0.1
223.  
224. # mail_home is ~/Maildir
225. MAILDIR_SUB=Maildir
226.  
227. # SOGo session timeout in minutes
228. SOGO_EXPIRE_SESSION=480
229.  
230. # DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
231. # Empty by default to auto-generate master user and password on start.
232. # User expands to DOVECOT_MASTER_USER@mailcow.local
233. # LEAVE EMPTY IF UNSURE
234. DOVECOT_MASTER_USER=
235. # LEAVE EMPTY IF UNSURE
236. DOVECOT_MASTER_PASS=
237.  
238. # Let's Encrypt registration contact information
239. # Optional: Leave empty for none
240. # This value is only used on first order!
241. # Setting it at a later point will require the following steps:
242. # https://mailcow.github.io/mailcow-dockerized-docs/troubleshooting/debug-reset_tls/
243. ACME_CONTACT=
244.  
245. # WebAuthn device manufacturer verification
246. # After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
247. # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
248. WEBAUTHN_ONLY_TRUSTED_VENDORS=n
249.  
250.