mailtrain/config/default.toml

# This file is the default config file for Mailtrain. To use a environment specific
# configuration add new file {ENV}.{ext} (eg. "production.toml") to the same folder.
# {ENV} is defined by NODE_ENV environment variable.
#
# Do not modify this file directly, otherwise you might lose your modifications when upgrading
#
# You should only define the options you want to change in your additional config file.
# For example if the only thing you want to change is the port number for the www server
# then your additional config file should look like this:
#   # production.toml
#   [www]
#   port=80
# or if you want to use Javascript instead of TOML then the same file could look like this:
#   // production.js
#   module.exports = {
#       www: {
#           port: 80
#       }
#   };

# Process title visible in monitoring logs and process listing
title="mailtrain"

# Enabled HTML editors
editors=["ckeditor", "codeeditor", "mosaico"]

# Default language to use
language="en"

# Inject custom scripts in subscription/layout.mjml.hbs
# customSubscriptionScripts=["/custom/hello-world.js"]

# If you start out as a root user (eg. if you want to use ports lower than 1000)
# then you can downgrade the user once all services are up and running
#user="mailtrain"
#group="mailtrain"

# If Mailtrain is started as root, "Reports" feature drops the privileges of script generating the report to disallow
# any modifications of Mailtrain code and even prohibits reading the production configuration (which contains the MySQL
# password for read/write operations). The roUser/roGroup determines the user to be used
#roUser="nobody"
#roGroup="nogroup"

[log]
# silly|verbose|info|http|warn|error|silent
level="verbose"

[www]
# HTTP port to listen on
port=3000
# HTTP port to listen on for sandboxed requests
sandboxPort=8081
# HTTP interface to listen on
host="0.0.0.0"
# URL base for trusted urls. It must be absolute (starting with http:// or https://). If Mailtrain is served on
# a non-standard port (e.g. 3000), the URL must also specify the port.
trustedUrlBase="http://localhost:3000"
# URL base for sandbox urls. It must be absolute (starting with http:// or https://) and contain the sandbox port.
sandboxUrlBase="http://localhost:8081"

# Secret for signing the session ID cookie
secret="a cat"
# Session length in seconds when "remember me" is checked
remember=2592000 # 30 days
# logger interface for expressjs morgan
log="dev"
# Is the server behind a proxy? true/false
# Set this to true if you are serving Mailtrain as a virtual domain through Nginx or Apache
proxy=false
# maximum POST body size
postSize="2MB"

[mysql]
host="localhost"
user="mailtrain"
password="mailtrain"
database="mailtrain"
# Some installations, eg. MAMP can use a different port (8889)
# MAMP users should also turn on "Allow network access to MySQL" otherwise MySQL might not be accessible
port=3306
charset="utf8mb4"
# The timezone configured on the MySQL server. This can be 'local', 'Z', or an offset in the form +HH:MM or -HH:MM
timezone="local"

[redis]
# enable to use Redis session cache or disable if Redis is not installed
enabled=false
host="localhost"
port=6379
db=5
# Uncomment if your Redis installation requires a password
#password=""

[verp]
# Enable to start an MX server that detects bounced messages using VERP
# In most cases you do not want to use it
# Requires root privileges
enabled=false
port=2525
host="0.0.0.0"
# With DMARC, the Return-Path and From address must match the same domain.
# By default we get around this by using the VERP address in the Sender header,
# with the side effect that some email clients diplay an ugly "on behalf of" message.
# You can safely disable this Sender header if you're not using DMARC or your
# VERP hostname is in the same domain as the From address.
# disablesenderheader=true

[ldap]
# enable to use ldap user backend
enabled=false
# method is ldapjs or ldapauth - it chooses the library to be used. If not given, it chooses the one present.
# method="ldapjs"
host="localhost"
port=3002
baseDN="ou=users,dc=company"
filter="(|(username={{username}})(mail={{username}}))"
# Username field in LDAP (uid/cn/username)
uidTag="username"
# nameTag identifies the attribute to be used for user's full name
nameTag="username"
passwordresetlink=""
newUserRole="master"
# Global namespace id
newUserNamespaceId=1
# Use a different user to bind LDAP (final bind DN will be: {{uidTag}}={{bindUser}},{{baseDN}})
bindUser="name@company.net"
bindPassword="mySecretPassword"

[postfixbounce]
# Enable to allow writing Postfix bounce log to Mailtrain listener
# If enabled, tail mail.log to Mailtrain with the following command:
#     tail -f -n +0 /var/log/mail.log | nc localhost 5699 -
enabled=false
port=5699
# allow connections from localhost only
host="127.0.0.1"

# extra options for nodemailer
[nodemailer]
#textEncoding="base64"

[queue]
# How many parallel sender processes to spawn
# You can use more than 1 process only if you have Redis enabled
processes=1

[cors]
# Allow subscription widgets to be embedded
# origins=['https://www.example.com']

[mosaico]
# Installed templates
templates=[["versafix-1", "Versafix One"]]
# Inject custom scripts
# customscripts=["/mosaico/custom/my-mosaico-plugin.js"]

[grapejs]
# Installed templates
templates=[
  ["demo", "HTML Template"],
  ["aves", "MJML Template"]
]

[reports]
# The whole reporting functionality can be disabled below if the they are not needed and the DB cannot be
# properly protected.
# Reports rely on custom user defined Javascript snippets defined in the report template. The snippets are run on the
# server when generating a report. As these snippets are stored in the DB, they pose a security risk because they can
# help gaining access to the server if the DB cannot
# be properly protected (e.g. if it is shared with another application with security weaknesses).
# Mailtrain mitigates this problem by running the custom Javascript snippets in a chrooted environment and under a
# DB user that cannot modify the database (see userRO in [mysql] above). However the chrooted environment is available
# only if Mailtrain is started as root. The chrooted environment still does not prevent the custom JS script in
# performing network operations and in generating XSS attacks as part of the report.
# The bottom line is that if people who are creating report templates or have write access to the DB cannot be trusted,
# then it's safer to switch off the reporting functionality below.
enabled=false

[testserver]
# Starts a vanity server that redirects all mail to /dev/null
# Mostly needed for local development
enabled=false
port=5587
mailboxserverport=3001
host="0.0.0.0"
username="testuser"
password="testpass"
logger=false

[seleniumwebdriver]
browser="phantomjs"



[roles.global.master]
name="Master"
admin=true
description="All permissions"
permissions=["rebuildPermissions", "createJavascriptWithROAccess", "manageBlacklist", "manageSettings"]
rootNamespaceRole="master"

[roles.namespace.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share", "createNamespace", "createList", "createCustomForm", "createReport", "createReportTemplate", "createTemplate", "createMosaicoTemplate", "createSendConfiguration", "manageUsers"]

[roles.namespace.master.children]
sendConfiguration=["view", "edit", "delete", "share", "send", "overrideAllowed", "overrideAll"]
list=["view", "edit", "delete", "share", "manageFields", "viewSubscriptions", "manageSubscriptions", "manageSegments"]
customForm=["view", "edit", "delete", "share"]
campaign=["view", "edit", "delete", "share", "manageFiles"]
template=["view", "edit", "delete", "share", "manageFiles"]
report=["view", "edit", "delete", "share", "execute", "viewContent", "viewOutput"]
reportTemplate=["view", "edit", "delete", "share", "execute"]
mosaicoTemplate=["view", "edit", "delete", "share", "manageFiles"]
namespace=["view", "edit", "delete", "share", "createNamespace", "createList", "createCustomForm", "createReport", "createReportTemplate", "createTemplate", "createMosaicoTemplate", "createSendConfiguration", "manageUsers"]

[roles.sendConfiguration.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share", "send", "overrideAllowed", "overrideAll"]

[roles.list.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share", "manageFields", "viewSubscriptions", "manageSubscriptions", "manageSegments"]

[roles.customForm.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share"]

[roles.campaign.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share", "manageFiles"]

[roles.template.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share", "manageFiles"]

[roles.report.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share", "execute", "viewContent", "viewOutput"]

[roles.reportTemplate.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share", "execute"]

[roles.mosaicoTemplate.master]
name="Master"
description="All permissions"
permissions=["view", "edit", "delete", "share", "manageFiles"]


[roles.global.editor]
name="Editor"
description="XXX"
permissions=[]
ownNamespaceRole="editor"

[roles.namespace.editor]
name="Editor"
description="XXX"
permissions=["view", "edit", "delete"]

[roles.namespace.editor.children]
sendConfiguration=[]
list=[]
customForm=[]
campaign=[]
template=[]
report=[]
reportTemplate=[]
namespace=["view", "edit", "delete"]
mosaicoTemplate=[]

[roles.list.editor]
name="Editor"
description="XXX"
permissions=[]

[roles.customForm.editor]
name="Editor"
description="All permissions"
permissions=[]

[roles.campaign.editor]
name="Editor"
description="XXX"
permissions=[]

[roles.template.editor]
name="Editor"
description="XXX"
permissions=[]

[roles.report.editor]
name="Editor"
description="XXX"
permissions=[]

[roles.reportTemplate.editor]
name="Editor"
description="XXX"
permissions=[]

[roles.mosaicoTemplate.editor]
name="Editor"
description="XXX"
permissions=[]

[roles.sendConfiguration.editor]
name="Editor"
description="XXX"
permissions=[]